Natakarica.py failing test

james · 14 September 2022 05:37

The test “test_http400_when_amount_unusual” isn’t included in the original code and there’s no indication of what it’s testing, how are we supposed to complete this task?

Pedram · 14 September 2022 06:19

Hey James, I can see you have already solved the challenge so I will not give away specific hints.

Two things for other reading this:

If you want to effectively fix this challenge read about Patriot bug.
If you are stuck, there is a hint in the level/challenge page.

james · 14 September 2022 23:09

Yeah, I was more raising the fact that it’s impossible to solve the challenge locally, which isn’t explained in any of the prompts. Could it be made clearer that participants will have to discover the tests through inference? It’s incredibly confusing.

Pedram · 15 September 2022 03:13

In the Start Here challenge we can read challenges have different level of complexity. Some don’t come with full set of tests for a reason.

Challenges with restriction on the number of attempts,
Challenges with local copy of security tests (trivial mode),
Challenges with no local copy of security tests but tests outputs can been seen when commits are tested, and
Challenges with no local copy of security tests and tests outputs (hacker mode).

Also there is an explicit failing test:

def test_complete_security_tests(self):`
        self.assertEqual(0, 1)`

Also there is a hint in the challenge description about
Got stuck? Push a commit and run the tests on the server. Look at the test outputs. They will put you on the right track.

Please let me know if you think there is any better way to make it clearer.

james · 15 September 2022 05:05

Pedram:

Also there is an explicit failing test:
def test_complete_security_tests(self):`
        self.assertEqual(0, 1)`
Also there is a hint in the challenge description about
Got stuck? Push a commit and run the tests on the server. Look at the test outputs. They will put you on the right track.

Please let me know if you think there is any better way to make it clearer.

I guess I missed that part in the first exercise and it felt strange being an “easy” task with intentionally obscured tests on a learning platform. Thanks for the clarification.

hamza · 15 September 2022 07:11

Glad to see this cleared up
Keep crushing champ!

rivenfornotification · 10 October 2023 13:14

Well, this task is not clear at all

Even when you fix the “vulnerability” tests are failing:

- FAIL: test_http400_when_amount_unusual (program.test_security.ProgramSecurityTestCase)

- ----------------------------------------------------------------------

- Traceback (most recent call last):

- File "/drone/src/code/src/program/test_security.py", line 24, in test_http400_when_amount_unusual

- self.assertEqual(res.status_code, 400)

- AssertionError: 200 != 400

Simple fix: Using decimal instead of default float and some magic in the view.

And, of course, local test is bugged:

    def test_complete_security_tests(self):
        self.assertEqual(0, 1)

This one will always fail…

Matt · 10 October 2023 22:53

The local test intentionally includes the test that will fail, this indicates that there will be additional tests run against your patched code when the repository is pushed.
If you want the security test to pass locally simply comment out the lines or replace the 0 with 1.

I have just confirmed that the auto-tests when the code is pushed are working as expected.

By what you have said about how you fixed your code is certainly on the right track. A hint: Have a read of Learn - SecDim