Test missing in confusablepy security_test

hardlycodeman · 21 October 2022 09:32

The challenge lists 3 tests in securitytest yet the cloned git only has 2, so I feel something is astray with the tests in the repo.

Challenge test output

- [i] Running security tests
- Using existing test database for alias 'default'...
- Found 3 test(s).
- System check identified no issues (0 silenced).
- F
- ======================================================================
- FAIL: test_http400_case_folded_existing_domain (program.test_security.ProgramSecurityTestCase)

Local: make securitytest

[i] Running security tests

Using existing test database for alias 'default'...
Found 2 test(s).
System check identified no issues (0 silenced).
..
----------------------------------------------------------------------
Ran 2 tests in 0.004s

OK

Local: security_test.py

from django.test import TestCase, Client
from django.urls import reverse

class ProgramSecurityTestCase(TestCase):
    def test_http400_existing_lookalike_domain(self):
        res = self.client.get("/register/", {"domain":"paypai.com"})
        self.assertEqual(res.status_code, 400)
        res = self.client.get("/register/", {"domain":"secdirn.com"})
        self.assertEqual(res.status_code, 400)

    def test_complete_security_tests(self):
        self.assertEqual(0, 1)

Pedram · 21 October 2022 10:19

As level complexity increases some security tests are not given in your local fork. This is intentional.

We can read in the “Start Here” level that there are different types of challenges:

There are different types of challenges:

Challenges with restriction on the number of attempts,
Challenges with local copy of security tests (trivial mode),
Challenges with no local copy of security tests but tests outputs can be seen when commits are tested, and
Challenges with no local copy of security tests and tests outputs (hacker mode).

Also as you noticed there is a tip in your current level: Got stuck? Push a commit and run the tests on the server. Look at the test outputs. They will put you on the right track.

We are working to make this clearer as it has been raised by a number of users. Thanks for feedback.

Pedram · 25 February 2023 22:44

We have a Hint system now. You can look at hint to learn more about the vulnerability, how to fix it and sample solutions.