Should postman tests test real or mocked data?

I want to write API tests using postman and then run them on Jenkins. My question is should those tests target real application data or should I set up some kind of mocked data just for those tests?

Where should I get my Covid test (for travel to the UK) in India?

I am travelling from India to the UK on the 21st of January. The UK government has made it mandatory to get a negative Covid test before coming to the UK. Can I get the test done from anywhere or are there designated laboratories?

mobile data – My Galaxy J7 phone is not connecting to the Internet without WiFi anymore, anything I can test / verify to make it work?

What would be the reasons for which my Android would not connect to the Internet using the Mobile Data mode? (that open is ON)

I don’t go out much these days since there is Covid, but I’d like to have Internet once in a while and somehow the Mobile Data doesn’t seem to connect, yet I can do phone calls just fine. It’s it using the same connection for data?

I do have a data plan in good standing and it definitely worked before (last time I can say I tried was some time last summer, so about 6 months ago).

Any idea what I could try next?

c++ – Unit Test template function with terminal input

I wrote some template function, which helps me with reading input from terminal, doing error handling, validating input.

The full code with template specialisation for strings looks like this:

template <typename T>
T getInput(const std::string& prompt, std::istream& istream, std::ostream& ostream,
           std::function<bool(T)> isValid = nullptr) {
    T input;

    while(true) {
        ostream << prompt << "n>> ";

        if((istream >> input) && (!isValid || isValid(input)))
            break;

        if(istream)
            continue;

        istream.clear();
        istream.ignore(std::numeric_limits<std::streamsize>::max(), 'n');
        ostream << "Reading input failed, please try again!n";
    }
    istream.ignore(std::numeric_limits<std::streamsize>::max(), 'n');

    return input;
}

template <>
inline std::string getInput<std::string>(const std::string& prompt, std::istream& istream, std::ostream& ostream,
                                         std::function<bool(std::string)> isValid) {
    std::string textInput;

    while(true) {
        ostream << prompt << "n>> ";

        if(std::getline(istream, textInput) && (!isValid || isValid(textInput)))
            break;

        if(istream)
            continue;

        ostream << "You probably entered EOF or exceeded the maximum text input size, please try again!n";
        istream.clear();
    }

    return textInput;
}

Some usage might look like this:

getInput<double>("Enter positve number?", istream, ostream, ()(const double input) {
        bool correctInput = (input >= 0);
        if(!correctInput)
            ostream << "Number can only be greater than 0.n";
        return correctInput;
});

So the function works like this in a nutshell:

  • Print Question
  • Read Input from command line
  • If not sucessfull (cin fails), print some generic error message and repeat
  • If sucessfull, call lambda validation function (if existent)
  • If input is valid return it, otherwise the lambda will print some specific error message and repeat

So what I thought I need to test:

  • Reading numbers without lambda function works and fails when expected (cin fails or not)
  • Reading numbers with lambda function works and fails when exspected (input valid or not)
  • The same just with strings (specialisation)

So in sum 8 TestCases which I structured into two Scenarios: Read numeric input, read non-numeric input.

The whole Code looks like this (uses Catch2 as Unit Test Framework):

using Catch::Matchers::Contains;
using Catch::Matchers::Matches;

SCENARIO("Read numeric input from command line") {
    GIVEN("Some input and output stream") {
        std::istringstream iss {};
        std::ostringstream oss {};

        WHEN("calling getInput<int> without valid function entering some non-numeric value") {
            iss.str("42");

            int input = getInput<int>("Some Question", iss, oss);

            THEN("message is printed once and input returned") {
                REQUIRE_THAT(oss.str(), Contains("Some Question"));
                REQUIRE(input == 42);
            }
        }

        WHEN("calling getInput<int> without valid function entering some non-numeric value") {
            iss.str("Stringn42");

            int input = getInput<int>("Some Question", iss, oss);

            THEN("error message is printed and question is repeated") {
                REQUIRE_THAT(
                    oss.str(),
                    Matches("(\s\S)*Some Question(\s\S)*please try again(\s\S)*Some Question(\s\S)*"));
            }
        }

        WHEN("calling getInput<int> with valid function entering some valid numeric input") {
            iss.str("42");

            int input = getInput<int>("Some Question", iss, oss, ()(int value) { return value > 0; });

            THEN("message is printed once and input returned") {
                REQUIRE_THAT(oss.str(), Contains("Some Question"));
                REQUIRE(input == 42);
            }
        }

        WHEN("calling getInput<int> with valid function entering some invalid numeric input") {
            iss.str("-20n20");

            int input = getInput<int>("Some Question", iss, oss, ()(int value) { return value > 0; });

            THEN("the question is repeated") {
                REQUIRE_THAT(oss.str(), Matches("(\s\S)*Some Question(\s\S)*Some Question(\s\S)*"));
            }
        }
    }
}

SCENARIO("Read text input from command line") {
    GIVEN("Some input and output stream") {
        std::istringstream iss {};
        std::ostringstream oss {};

        WHEN("calling getInput<std::string> without valid function entering some text") {
            iss.str("Some input");

            std::string input = getInput<std::string>("Some Question", iss, oss);

            THEN("message is printed once and input returned") {
                REQUIRE_THAT(oss.str(), Contains("Some Question"));
                REQUIRE(input == "Some input");
            }
        }

        WHEN("calling getInput<int> without valid function entering some non-numeric value") {
            iss.str("StringnString");
            iss.setstate(std::ios::failbit);

            std::string input = getInput<std::string>("Some Question", iss, oss);

            THEN("error message is printed and question is repeated") {
                REQUIRE_THAT(
                    oss.str(),
                    Matches("(\s\S)*Some Question(\s\S)*please try again(\s\S)*Some Question(\s\S)*"));
            }
        }

        WHEN("calling getInput<int> with valid function entering some valid text input") {
            iss.str("Some input");

            std::string input = getInput<std::string>("Some Question", iss, oss,
                                                      ()(std::string value) { return value.length() >= 3; });

            THEN("message is printed once and input returned") {
                REQUIRE_THAT(oss.str(), Contains("Some Question"));
                REQUIRE(input == "Some input");
            }
        }

        WHEN("calling getInput<int> with valid function entering some invalid text input") {
            iss.str("anabc");

            std::string input = getInput<std::string>("Some Question", iss, oss,
                                                      ()(std::string value) { return value.length() >= 3; });

            THEN("the question is repeated") {
                REQUIRE_THAT(oss.str(), Matches("(\s\S)*Some Question(\s\S)*Some Question(\s\S)*"));
            }
        }
    }
}

My ideas how to test it:

  • Mock input and output by using stringstreams
  • In success cases check that input is correctly (obviously) and that question was in fact asked (Not to sure if one would do that … but I thought this is something I expect from the method, so why not test it)
  • In failure cases, check if question was asked twice (to test whether the user is asked again for input) and possibly check if some error message is printed if it’s expected (-> cin fails)

In general I’m happy for any suggestion. But just to list some things / questions in particular, where I would love to get feedback:

  • Are my Scenarios / test cases good chosen, i.e. is the structure good
  • Can my wording be improved. I don’t mean specific language errors here, but rather if the content is good. So for example that I need fake streams here doesn’t seems so relevant. Mainly because I just need them to make the function testable. Without tests, I wouldn’t need them. But in this case, there would be nothing else that I need in the given part (usually for classes you would need at least the object with some properties set)
  • Is the code in the right place, for example I wondered whether the iss.str() part shouldn’t be in the “GIVEN” rather as I usually configure mocks there. But the concrete values for mocks depend here on my THEN, which makes it clearer to me to put them inside the THEN.
  • Are my Asserts any good? I had particular problems to test my failure cases as in these case, the function enters the while loop. So I always had to mock the stream, so it would fail first and then pass, which seemed a little bit weird to me. Furthermore it wasn’t to easy to assert that behaviour then.

As said, if you see other improvements please show me them as well 🙂

Thanks for your valuable feedback!

My Hawaii “Safe Travels” COVID test is still stuck in “Verification in Process”. Is this a problem?

No, its not a problem. I’ve arrived in Hawaii with a “Verification in Process” test and was allowed to exit the airport without issues. From speaking to other people who have recently traveled to Hawaii, this is normal – they probably verify the test, but fail to update the portal with the right status.

penetration test – Why is the first step for an attacker to get Reverse Shell after getting RCE?

If someone is having a Remote Code Execution, that means, one can run the commands on the server, then why does he need to get the Reverse Shell?

Even though I can run system commands, then why do I go for Reverse Shell?

I am finding the primary reason behind it.

penetration test – How to start pentesting/reverse engineering/cracking a software on Linux? (Docker based)

TL:DR; What are good learning resources for security testing a software which runs with Docker on Ubuntu.

I am in junior position at this company, and they figured it would be good if I just test their software from security perspective. I already learned a bit about hacking, but it was mainly webservers, CTFs, Tryhackme, HTB, so nothing connected to RE or cracking. I don’t know how to start, I mean, I found a lot of knowledge about RE on Windows, or CIS Docker Benchmark, but I didn’t find any articles, specifically about reverse engineering/cracking on Docker on Linux.

The product is running on Ubuntu 18.04 server, on Docker, installed from a .deb package (Don’t know if this helps 🙂 )
What I looking for is some guidance on how to learn about cracking a software which is installed with Docker on Linux. Or what is the most easier or usually more valuable attack vector to look at, I mean, maybe try to crack the licensing, or try to use buffer overflow, how the “average attacker” thinks… Please tell me if I am missing some basics, and it is never mind that I crack/pentest on windows or docker or linux, then I will just start some book or complete course.
I understand that it is a broader topic than just following a step by step tutorial, but I have plenty of time for it to learn, so videos, books, articles everything which teaches purposefully Docker/Linux software test would be awesome.

Also, what do you think, which of the following could help to aim in the right direction?

Found some books:
https://kalitut.com/Best-reverse-engineering-books/

This can be related, and it was already helpful:
Is it possible to escalate privileges and escaping from a Docker container?

Also I found Liveoverflow videos, some related to docker, should I start the whole series?
https://www.youtube.com/watch?v=cPGZMt4cJ0I&list=PLhixgUqwRTjxglIswKp9mpkfPNfHkzyeN&index=55&ab_channel=LiveOverflow

Thank you very much in advance.

penetration test – What is the best way to use nmap anonymously in kali?

so I use proxychains for a lot of scanning and enumeration tools. However, nmap does not function well with proxychains. I always get this error:
nmap: netutil.cc:1319: int collect_dnet_interfaces(const intf_entry*, void*): Assertion rc == 0' failed.

I have found a solution online, which is to comment out proxy_dns in the proxychains.conf file. I don’t want to do that because that would leave a trace of my DNS, if I were to attack. I prefer to stay anonymous, but don’t know how for this case. Any help?

Note: I am a beginner and still learning

penetration test – how to do a pentest to /assets/js/login.js

Hey guys this is my first question in this kind of platform. I made a pentest a vulnerable machine this is like a web page video content there are not much target vectors. In my attack a detect only two possible attack vectors an admin panel (http://vulnerabletarge.com/login) and GET parameter(this seems sanitized) in the search bar. I want a path clarification must be try to bypass login, brute force (there are not maxium number of attempts) or expand my content discovery list.

The js file have more than 1000 lines of code and in pure javascript dont have HTML body or head tags.

The login pages only have this

<body>
    <div id="app"></div>
    <script src="https://vulnerabletarget.com/assets/js/login.js"></script>
</body>

And show a login. I need a some help

probability or statistics – Computation of 1- and 2-sided p-values for Fisher’s Exact test for 2×2 table based on Monte Carlo

I am looking for code to compute the 1- and 2-sided p-value for Fisher’s Exact test for 2×2 tables based on Monte Carlo (bootstrap simulations).

For larger 2×2 crosstabulation tables, the exact p-value can often not be computed due to the large amount of computations.

Asymptotically p-values are often quite inaccurate.

Therefore, I would like to compute the p-values based on Monte Carlo.