zioinfo-mail/projects/testcase-py-api/tests/test_employees.py

"""직원 API 테스트"""
import pytest
from fastapi.testclient import TestClient
from app.main import app
from app.database import get_db, engine
from app.models.base import Base

Base.metadata.create_all(bind=engine)
client = TestClient(app)


def test_health_check():
    resp = client.get("/health")
    assert resp.status_code == 200
    assert resp.json()["status"] == "ok"


def test_list_employees_empty():
    resp = client.get("/api/employees/")
    assert resp.status_code == 200
    assert isinstance(resp.json(), list)


def test_create_employee():
    payload = {
        "emp_no": "EMP-001",
        "name": "홍길동",
        "department": "개발팀",
        "position": "선임",
        "email": "hong@test.com",
        "salary": "5000000",
    }
    resp = client.post("/api/employees/", json=payload)
    assert resp.status_code == 201
    assert resp.json()["name"] == "홍길동"


def test_sql_injection_vulnerability():
    """SQL 인젝션 취약점 검증 테스트 (현재 취약함)"""
    # 이 테스트는 취약점을 문서화하기 위한 것
    resp = client.get("/api/employees/search/name?name='; DROP TABLE tb_employee; --")
    # 취약한 경우 500 에러 또는 예상치 못한 결과
    # 개선 후에는 안전하게 처리되어야 함
    assert resp.status_code in [200, 400, 500]