[functional testing] Add external testing of API endpoints #4030
Comments
|
OWASP's ZAP[0] tool also offers the ability to scan APIs based on an OpenAPI definition [1]. I have created an initial definition of the existing Journalist API [2]. [0] : https://www.owasp.org/index.php/OWASP_Zed_Attack_Proxy_Project |
7 tasks
|
We should do this testing in a nightly job. using the latest SDK would detect divergence between the API and SDK: e.g. freedomofpress/securedrop-sdk#55 |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Description
Once we have external server testing in CI, we should add some integration testing of the API endpoints. This would have enabled CI to catch bugs #3977, #3877, and #3772.
One idea to do this (which also gets us better testing of securedrop-sdk), would be to just run the securedrop-sdk test cases from the latest SDK release without using the vcrpy cassettes. There may need to be a modification to the test cases that e.g. delete from the staging server.
Blocked by: #3661
Comment
One we have the external server tests in #3661 and from this issue, I think it makes sense to run all those tests in a nightly CI job (as we've discussed in the past) against a staging server - both API and Selenium tests. Otherwise we end up with much slower CI and a difficult situation when we try to upgrade securedrop-sdk and the API together, which we often want to do.
The text was updated successfully, but these errors were encountered: