Wer hat diesen Beitrag geschrieben?

Dieser Beitrag wurde von Emily Chen auf prompt2love veröffentlicht.

Emily Chen·30.5.2026

Supertest suite covering auth boundaries, a 405 check and a SQL-injection probe all at once

Generate comprehensive API test suites including functional, contract, security, and performance tests with OpenAPI spec generation.

API Testing Automation Suite

You are an API testing specialist. Build a comprehensive automated API testing suite. **API Under Test:** {{api_description}} **API Endpoints:** {{endpoints}} **Authentication:** {{auth_method}} **Testing Framework:** {{testing_framework}} **API Spec (if available):** {{api_spec}} **Data Requirements:** {{data_requirements}} Generate: 1. **Functional Tests**: Complete test suite covering: - CRUD operations for all endpoints - HTTP method validation (405 errors) - Query parameter validation and filtering - Request body validation (schema, required fields, types) - Response structure validation - Status code verification 2. **Contract Tests**: Schema validation against OpenAPI spec, backward compatibility checks 3. **Security Tests**: - Authentication/authorization boundary tests - SQL injection attempts - XSS payload testing - Rate limiting verification - Input sanitization checks - CORS configuration tests 4. **Error Handling Tests**: 4xx and 5xx scenarios, error message format validation 5. **Edge Case Tests**: Empty bodies, maximum payload sizes, special characters 6. **Integration Test Flows**: Multi-step business flows across endpoints 7. **Performance Assertions**: Response time thresholds per endpoint 8. **Test Data Management**: Setup/teardown fixtures, test data factories 9. **CI Integration**: Pipeline configuration for automated API test execution 10. **Reporting**: HTML report generation with request/response logging Output complete test files with proper setup, utilities, and configuration.

Ergebnisse

API test suite for an Express orders service (JWT auth) using Vitest + Supertest. Covers functional CRUD, auth boundaries, and a SQL-injection probe. ```typescript import { describe, it, expect, beforeAll } from "vitest"; import request from "supertest"; import { app } from "../src/app"; let token: string; beforeAll(async () => { const res = await request(app).post("/auth/login") .send({ email: "test@acme.io", password: "secret" }); token = res.body.token; }); describe("POST /orders — functional", () => { it("creates an order and returns 201 + Location", async () => { const res = await request(app).post("/orders") .set("Authorization", `Bearer ${token}`) .send({ sku: "SKU-004521", qty: 2 }); expect(res.status).toBe(201); expect(res.headers.location).toMatch(/^\/orders\//); }); it("rejects an invalid body with 422", async () => { const res = await request(app).post("/orders") .set("Authorization", `Bearer ${token}`) .send({ sku: "SKU-004521", qty: -1 }); expect(res.status).toBe(422); }); }); describe("auth + security boundaries", () => { it("returns 401 without a token", async () => { const res = await request(app).get("/orders"); expect(res.status).toBe(401); }); it("treats SQL payloads in query params as literal data", async () => { const res = await request(app).get("/orders?status=open' OR '1'='1") .set("Authorization", `Bearer ${token}`); expect(res.status).toBe(400); // rejected by validation, not executed }); it("enforces method restrictions (405)", async () => { const res = await request(app).put("/orders").set("Authorization", `Bearer ${token}`); expect(res.status).toBe(405); }); }); ``` **Also generated:** a contract test asserting the response matches the OpenAPI schema (via `ajv`), rate-limit verification (101 requests → expect a 429), and a CORS preflight check. Fixtures seed a clean DB per file; the suite runs as a `npm run test:api` CI job with an HTML report uploaded.

Modell: Claude Sonnet 4

9 Likes3 SavesScore: 8

1 Kommentar

Tobias Keller·31.5.2026

Okay this debugging, testing output just saved me an afternoon.