`duck.tests.test_routes`¶

Test cases for Duck routes and middleware behavior.

This module ensures that default server routes and middleware responses conform to expected HTTP status codes and security standards.

Module Contents¶

Classes¶

`TestBaseRoutes`	Test class for verifying default routes on the Duck server before any user-defined routes are registered.
`TestMiddlewareResponses`	Test class for validating server-side middleware behavior, including error handling, CSRF protection, and input sanitization.

API¶

class duck.tests.test_routes.TestBaseRoutes(methodName='runTest')¶

Bases: duck.tests.test_server.TestBaseServer

Test class for verifying default routes on the Duck server before any user-defined routes are registered.

Initialization

Create an instance of the class that will use the named test method when executed. Raises a ValueError if the instance does not have a method with the specified name.

test_about_url()¶

Test that the “/about” route returns a 200 OK response.

Verifies static informational routes are accessible by default.

test_contact_url()¶

Test that the “/contact” route returns a 200 OK response.

Ensures all default informational routes are properly served.

test_root_url()¶

Test that the root URL (“/”) returns a 200 OK status.

This ensures the base route is properly registered and reachable.

class duck.tests.test_routes.TestMiddlewareResponses(methodName='runTest')¶

Bases: duck.tests.test_routes.TestBaseRoutes

Test class for validating server-side middleware behavior, including error handling, CSRF protection, and input sanitization.

Initialization

Create an instance of the class that will use the named test method when executed. Raises a ValueError if the instance does not have a method with the specified name.

test_csrf_protection()¶

Test that unsafe methods (POST, PUT, DELETE) are blocked without CSRF token.

This validates that CSRFMiddleware is enforcing protection on modifying requests that lack proper authorization headers or tokens.

test_not_found()¶

Test that the server returns a 404 status for unknown paths.

This ensures that HttpNotFoundMiddleware is correctly handling routes that are not explicitly defined.

test_url_attacks()¶

Test server’s protection against common URL-based attacks.

Includes:

SQL injection-style malformed paths
Command injection attempts
XSS injection via query parameters

Ensures input validation middleware (e.g., BadRequestMiddleware) correctly blocks suspicious or malformed requests.

duck.tests.test_routes¶

Module Contents¶

Classes¶

API¶

`duck.tests.test_routes`¶