testing/adversarial_headers.ts

Adversarial header attack test suite.

Provides standard header injection test cases and a convenience wrapper for exercising middleware stacks with adversarial headers.

Declarations
#

3 declarations

view source

AdversarialHeaderCase
#

testing/adversarial_headers.ts view source

AdversarialHeaderCase

A header-level attack case for middleware stack testing.

name

type string

headers

type Record<string, string>

expected_status

type number

expected_error

type string

expected_error_schema

Zod schema to validate error response body against. Defaults to ApiError when expected_error is set.

type z.ZodType

validate_expectation

Whether the request should reach token validation or be short-circuited by earlier middleware.

type 'called' | 'not_called'

create_standard_adversarial_cases
#

testing/adversarial_headers.ts view source

(allowed_origin: string): AdversarialHeaderCase[]

7 standard adversarial header cases applicable to any middleware stack.

allowed_origin

an origin that passes the origin check

type string

returns

AdversarialHeaderCase[]

the standard adversarial header cases

describe_standard_adversarial_headers
#

testing/adversarial_headers.ts view source

(suite_name: string, options: TestMiddlewareStackOptions, allowed_origin: string, extra_cases?: AdversarialHeaderCase[] | undefined): void

Create a middleware stack app with standard adversarial header tests.

Convenience wrapper combining create_test_middleware_stack_app and create_standard_adversarial_cases. Asserts body content for both error and success cases, and checks mock_validate call status via per-case declarative flags.

suite_name

the describe block name

type string

options

middleware stack configuration

type TestMiddlewareStackOptions

allowed_origin

an origin that passes the origin check (used for standard cases)

type string

extra_cases?

additional cases appended after the 7 standard ones

type AdversarialHeaderCase[] | undefined
optional

returns

void

Depends on
#