cesnimda/jobtrackingapp
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Add hostile fixture setup for authz testing

Browse Source
This commit is contained in:
cesnimda
2026-04-11 16:57:15 +02:00
parent ac217dab53
commit 41595605b9
5 changed files with 145 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files
docs/security-assessments/M015-hostile-fixture-setup.json
+9
View File
@@ -0,0 +1,9 @@
{
"alice_email": "alice.m015@example.com",
"bob_email": "bob.m015@example.com",
"company_id": 1,
"job_id": 1,
"correspondence_id": 1,
"attachment_id": 1,
"api_base": "http://localhost:5202/api"
}
docs/security-assessments/M015-hostile-fixture-setup.md
+47
View File
@@ -0,0 +1,47 @@
# M015 Hostile Fixture Setup
## Goal
Produce a trustworthy local runtime for cross-user authorization probes.
## Key discovery
The default development SQLite database in `JobTrackerApi/jobtracker.db` is **not** a trustworthy authorization-test target:
- it contains Identity and some later feature tables
- it does **not** contain the core domain tables needed for real cross-user job/correspondence/attachment probing
- current startup `Migrate()` behavior is therefore insufficient as the only hostile-test setup path
## Chosen fixture strategy
Use a dedicated clean SQLite fixture database created from the current EF model with `EnsureCreated()` semantics through a tiny helper program:
- helper project: `tools/hostile-fixture-db/`
- bootstrap script: `scripts/m015-hostile-fixture.sh`
This keeps the hostile runtime inside repo code and the real API host while avoiding ad-hoc manual SQL.
## What the helper does
- creates a clean `jobtracker.db` under a caller-provided data root
- builds the schema from the current `JobTrackerContext` model
- verifies the presence of core tables needed for M015:
- `Companies`
- `JobApplications`
- `Correspondences`
- `Attachments`
- `RuleSettings`
- `AspNetUsers`
## Runtime plan for S02
1. Run `scripts/m015-hostile-fixture.sh`.
2. Start the API with `Data__Root` pointing at that clean fixture root.
3. Mint an admin dev token against the fixture DB.
4. Create/reuse Alice and Bob through real API paths.
5. Seed Alice-owned company/job/correspondence/attachment fixtures through the real API.
6. Capture ids for cross-user hostile probes.
## Honest boundary
This slice establishes the trusted runtime path and fixture strategy. The full two-user seeded dataset and exploit execution belong in the next slice.