ugochukwu95/test_output_sanitizer.py

## test_output_sanitizer.py
"""Test cases for output sanitization - validates protection against injection attacks."""
import pytest
from app.security.output_sanitizer import OutputSanitizer

class TestOutputSanitizer:
    """Test suite for insecure output handling prevention."""

    def test_xss_detection(self):
        """Test XSS attack detection."""
        malicious = "<script>alert('XSS')</script>"
        result = OutputSanitizer.detect_injection(malicious)
        assert result["is_safe"] is False
        assert result["risk_level"] == "high"

    def test_sql_injection_detection(self):
        """Test SQL injection detection."""
        malicious = "'; DROP TABLE users; --"
        result = OutputSanitizer.detect_injection(malicious)
        assert result["is_safe"] is False

    def test_web_sanitization(self):
        """Test web output sanitization."""
        malicious = "<script>alert('XSS')</script>"
        sanitized = OutputSanitizer.sanitize_for_web(malicious)
        assert "<script>" not in sanitized
        assert "&lt;script&gt;" in sanitized

    def test_sql_sanitization(self):
        """Test SQL output sanitization."""
        malicious = "admin'; DROP TABLE users; --"
        sanitized = OutputSanitizer.sanitize_for_sql(malicious)
        assert "DROP" not in sanitized.upper() or "DROP" not in sanitized
        assert "''" in sanitized

    def test_safe_content(self):
        """Test that safe content passes through."""
        safe = "Hello, how can I help you today?"
        result = OutputSanitizer.detect_injection(safe)
        assert result["is_safe"] is True
        assert result["risk_level"] == "low"

    def test_javascript_protocol(self):
        """Test javascript: protocol detection."""
        malicious = "Click here: javascript:alert('XSS')"
        result = OutputSanitizer.detect_injection(malicious)
        assert result["is_safe"] is False

    def test_event_handler_injection(self):
        """Test event handler injection detection."""
        malicious = '<img src=x onerror="alert(1)">'
        result = OutputSanitizer.detect_injection(malicious)
        assert result["is_safe"] is False
	"""Test cases for output sanitization - validates protection against injection attacks."""
	import pytest
	from app.security.output_sanitizer import OutputSanitizer

	class TestOutputSanitizer:
	"""Test suite for insecure output handling prevention."""

	def test_xss_detection(self):
	"""Test XSS attack detection."""
	malicious = "<script>alert('XSS')</script>"
	result = OutputSanitizer.detect_injection(malicious)
	assert result["is_safe"] is False
	assert result["risk_level"] == "high"

	def test_sql_injection_detection(self):
	"""Test SQL injection detection."""
	malicious = "'; DROP TABLE users; --"
	result = OutputSanitizer.detect_injection(malicious)
	assert result["is_safe"] is False

	def test_web_sanitization(self):
	"""Test web output sanitization."""
	malicious = "<script>alert('XSS')</script>"
	sanitized = OutputSanitizer.sanitize_for_web(malicious)
	assert "<script>" not in sanitized
	assert "<script>" in sanitized

	def test_sql_sanitization(self):
	"""Test SQL output sanitization."""
	malicious = "admin'; DROP TABLE users; --"
	sanitized = OutputSanitizer.sanitize_for_sql(malicious)
	assert "DROP" not in sanitized.upper() or "DROP" not in sanitized
	assert "''" in sanitized

	def test_safe_content(self):
	"""Test that safe content passes through."""
	safe = "Hello, how can I help you today?"
	result = OutputSanitizer.detect_injection(safe)
	assert result["is_safe"] is True
	assert result["risk_level"] == "low"

	def test_javascript_protocol(self):
	"""Test javascript: protocol detection."""
	malicious = "Click here: javascript:alert('XSS')"
	result = OutputSanitizer.detect_injection(malicious)
	assert result["is_safe"] is False

	def test_event_handler_injection(self):
	"""Test event handler injection detection."""
	malicious = '<img src=x onerror="alert(1)">'
	result = OutputSanitizer.detect_injection(malicious)
	assert result["is_safe"] is False
No results found