Skip to content

test : added edge-case unit tests for crawler _normalize_form#1712

Open
tmdeveloper007 wants to merge 1 commit into
utksh1:mainfrom
tmdeveloper007:#1707
Open

test : added edge-case unit tests for crawler _normalize_form#1712
tmdeveloper007 wants to merge 1 commit into
utksh1:mainfrom
tmdeveloper007:#1707

Conversation

@tmdeveloper007

Copy link
Copy Markdown
Contributor

Closes #1707.

Summary of What Has Been Done:
Added testing/backend/unit/test_crawler_normalize_form_edge_cases.py with 25 unit tests covering edge cases for _normalize_form in backend/secuscan/crawler.py.

The existing tests in test_crawler_surface_parsing.py cover DELETE method and non-dict input items. This file adds:

Changes Made:
CSRF token detection (5 tests):

  • All 5 known CSRF token names (csrf, _csrf, csrfmiddlewaretoken, authenticity_token, __requestverificationtoken) correctly set has_csrf_token=True
  • Normal input names do not trigger CSRF detection
  • Names containing CSRF substring but not exact matches return False
  • Empty inputs list returns False

State-changing via input types (5 tests):

  • Password input type triggers state_changing=True on GET form
  • File input type triggers state_changing=True on GET form
  • Hidden input type triggers state_changing=True on GET form
  • POST method without special inputs is state_changing=True
  • GET form with text-only inputs is state_changing=False

Password field counting (3 tests):

  • Correct count when multiple password inputs present
  • Zero count when no password inputs
  • Non-dict input items ignored in count

Input count (3 tests):

  • Correct total for mixed input types
  • Zero for empty inputs list
  • Zero and no crash when inputs is not a list

Action URL normalization (4 tests):

  • Relative action URL resolved via urljoin
  • Absolute URL returned unchanged
  • Empty action defaults to page URL
  • None/missing action defaults to page URL

Output shape (2 tests):

  • Original form fields preserved in output
  • page_url always set to passed-in value

Impact it Made:

  • Comprehensive edge-case coverage for form normalization security analysis
  • Prevents silent incorrect state_changing or CSRF token detection
  • Documents urljoin behavior for relative vs absolute action URLs

Note: This task is being handled by tmdeveloper007 — please assign to that account when picking it up.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

test : add edge-case unit tests for crawler _normalize_form

1 participant