testing/data_exposure.ts

Composable data exposure test suite.

Verifies that sensitive database fields never leak through HTTP responses: - Schema-level: walks JSON Schema output/error schemas for blocklisted property names - Runtime: fires real requests and checks response bodies against field blocklists - Cross-privilege: verifies admin routes return 403 for non-admin users, and non-admin responses exclude admin-only fields

Declarations
#

5 declarations

view source

assert_non_admin_schemas_no_admin_fields
#

testing/data_exposure.ts view source

(surface: AppSurface, admin_only_fields?: readonly string[]): void

Assert that non-admin route output schemas don't contain admin-only fields.

surface

type AppSurface

admin_only_fields

type readonly string[]
default ADMIN_ONLY_FIELD_BLOCKLIST

returns

void

assert_output_schemas_no_sensitive_fields
#

testing/data_exposure.ts view source

(surface: AppSurface, sensitive_fields?: readonly string[]): void

Assert that no output schema in the surface contains sensitive field names.

surface

type AppSurface

sensitive_fields

type readonly string[]
default SENSITIVE_FIELD_BLOCKLIST

returns

void

collect_json_schema_property_names
#

testing/data_exposure.ts view source

(schema: unknown): Set<string>

Recursively collect all property names from a JSON Schema.

Walks properties, items, allOf/anyOf/oneOf, and additionalProperties to find every declared field name at any depth.

schema

type unknown

returns

Set<string>

DataExposureTestOptions
#

testing/data_exposure.ts view source

DataExposureTestOptions

build

Build the app surface spec (for schema-level checks).

type () => AppSurfaceSpec

session_options

Session config for runtime tests.

type SessionOptions<string>

create_route_specs

Route spec factory for runtime tests.

type (ctx: AppServerContext) => Array<RouteSpec>

sensitive_fields

Fields that must never appear in any response. Default: SENSITIVE_FIELD_BLOCKLIST.

type ReadonlyArray<string>

admin_only_fields

Fields that must not appear in non-admin responses. Default: ADMIN_ONLY_FIELD_BLOCKLIST.

type ReadonlyArray<string>

app_options

Optional overrides for AppServerOptions.

type Partial< Omit<AppServerOptions, 'backend' | 'session_options' | 'create_route_specs'> >

db_factories

Database factories to run tests against. Default: pglite only.

type Array<DbFactory>

skip_routes

Routes to skip, in 'METHOD /path' format.

type Array<string>

describe_data_exposure_tests
#

testing/data_exposure.ts view source

(options: DataExposureTestOptions): void

Composable data exposure test suite.

Three test groups: 1. Schema-level — walk JSON Schema output/error schemas for sensitive field names 2. Runtime — fire real requests and check response bodies against blocklists 3. Cross-privilege — admin routes return 403 for non-admin, error responses contain no sensitive fields

options

type DataExposureTestOptions

returns

void

Depends on
#