Mixeway-Academy · KarolZebala · Nov 29, 2025 · Nov 29, 2025 · Nov 30, 2025
diff --git a/JWT/jwt-signature-apis-challenges/app.js b/JWT/jwt-signature-apis-challenges/app.js
@@ -31,7 +31,7 @@ app.post('/jwt/none', (req, res) => { //None endpoint
     } else if (jwt_b64_dec.header.alg == 'none') {
       secret_key = '';
     }
-    JWT.verify(jwt_token, secret_key, { algorithms: ['none', 'HS256'], complete: true, audience: 'https://127.0.0.1/jwt/none' }, (err, decoded_token) => {
+    JWT.verify(jwt_token, secret_key, { algorithms: ['HS256'], complete: true, audience: 'https://127.0.0.1/jwt/none' }, (err, decoded_token) => {
       if (err) {
         res.status(400).json(err);
       } else {

diff --git a/JWT/jwt-signature-apis-challenges/pull-requst-desctiption.md b/JWT/jwt-signature-apis-challenges/pull-requst-desctiption.md
@@ -0,0 +1,66 @@
+# Zad 1
+Testy dodano z wykorzystaniem biblioteki `pytest`.
+
+Przykładowy test sprawdzający obsługe za długiego pesela:
+``` python
+def test_customer_invalid_pesel_too_long():
+    with pytest.raises(ValueError, match="Invalid pesel"):
+        Customer(
+            name="Marek Test",
+            city="Poznań",
+            age=25,
+            pesel="123456789012345",
+  [          street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+```
+
+Do pliku `requriments.txt` dodano
+```python
+pytest==8.2.2
+```
+
+A w dockerfile dodano:
+
+``` 
+
+ENV PYTHONPATH="/app"
+# Instalujemy zależności
+RUN pip install --no-cache-dir -r requirements.txt
+
+#uruchomienie testow
+RUN pytest -vv --disable-warnings --maxfail=1
+```
+
+Otrzymany output:
+
+![zdjećie builda](https://github.com/KarolZebala/kz-tbo-task3/blob/main/zad1-b%C5%82edy.png?raw=true)
+
+# Zad 2
+## Opis ataku
+Zalogowanie się z wykorzystaniem tokenu JWT Boba:
+![token boba](https://github.com/KarolZebala/kz-tbo-task3/blob/main/bob-token.png?raw=true)
+Token Boba:
+
+``` 
+eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJhY2NvdW50IjoiQm9iIiwicm9sZSI6IlVzZXIiLCJpYXQiOjE3NjQ0MDYxMDMsImF1ZCI6Imh0dHBzOi8vMTI3LjAuMC4xL2p3dC9ub25lIn0.xanMFAYuWRhqKRZ2KRRMoioSyEGoCTkYpvzgilEapTQ
+```
+
+Zmodyfikowany token
+
+```
+eyJhbGciOiJub25lIiwidHlwIjoiSldUIn0.eyJhY2NvdW50IjoiQm9iIiwicm9sZSI6ImFkbWluIiwiaWF0IjoxNzY0NDA2MTAzLCJhdWQiOiJodHRwczovLzEyNy4wLjAuMS9qd3Qvbm9uZSJ9.
+```
+
+Odpowiedź z endpointu:
+![token-atak](https://github.com/KarolZebala/kz-tbo-task3/blob/main/bob-atak-token.png?raw=true)
+
+W ataku zmieniono Header tokana tak, ze ustawiono pole `"alg"` na `"none"`.
+Następnie zmieniono w Payload role Boba na `admin`.
+W kolejnym kroku trzeba usunąć sygnaturę pozostawiając kropkę na końcu
+
+## Poprawa podatności
+W ramach naprawy podatności trzeba zmodyfikować funkcję `JWT.verify` tak, zeby nie akceptowała algorytmu `none`. 
+
+![zdj po poprawie](https://github.com/KarolZebala/kz-tbo-task3/blob/main/po-poprawi.png?raw=true)
+
diff --git a/Python/Flask_Book_Library/Dockerfile b/Python/Flask_Book_Library/Dockerfile
@@ -8,9 +8,14 @@ WORKDIR /app
 COPY . .
 ENV FLASK_ENV=development
 ENV PASSWORD=1qaz@WSX
+
+ENV PYTHONPATH="/app"
 # Instalujemy zależności
 RUN pip install --no-cache-dir -r requirements.txt
 
+#uruchomienie testow
+RUN pytest -vv --disable-warnings --maxfail=1
+
 # Ustawiamy zmienną środowiskową, aby Flask wiedział, jak uruchomić aplikację
 ENV FLASK_APP=app.py
 ENV FLASK_RUN_HOST=0.0.0.0

diff --git a/Python/Flask_Book_Library/requirements.txt b/Python/Flask_Book_Library/requirements.txt
@@ -15,3 +15,4 @@ SQLAlchemy==2.0.21
 typing_extensions==4.8.0
 Werkzeug==2.3.7
 WTForms==3.0.1
+pytest==8.2.2
diff --git a/Python/Flask_Book_Library/tests/customers/test_models.py b/Python/Flask_Book_Library/tests/customers/test_models.py
@@ -0,0 +1,251 @@
+import pytest
+from project.customers.models import Customer
+
+#testy poprawnych danych
+def test_customer_valid_input():
+    customer = Customer(
+        name="Jan Kowalski",
+        city="Warszawa",
+        age=30,
+        pesel="12345678901",
+        street="ul. Prosta 1",
+        appNo="A123"
+    )
+
+    assert customer.name == "Jan Kowalski"
+    assert customer.city == "Warszawa"
+    assert customer.age == 30
+    assert customer.pesel == "12345678901"
+    assert customer.street == "ul. Prosta 1"
+    assert customer.appNo == "A123"
+
+def test_customer_minimum_age():
+    customer = Customer(
+        name="Młody Użytkownik",
+        city="Gdańsk",
+        age=1,
+        pesel="12345678901",
+        street="ul. Krótka 1",
+        appNo="1"
+    )
+
+    assert customer.age == 1
+
+def test_customer_senior_age():
+    customer = Customer(
+        name="Jan Senior",
+        city="Poznań",
+        age=99,
+        pesel="23456789012",
+        street="ul. Długa 100",
+        appNo="99"
+    )
+
+    assert customer.age == 99
+
+#testy niepoprawnych danych
+
+def test_customer_missing_required_field():
+    with pytest.raises(TypeError):
+        Customer(
+            city="Kraków",
+            age=40,
+            pesel="12345678901",
+            street="ul. Długa 5",
+            appNo="B222"
+        )
+
+
+def test_customer_invalid_age_type():
+    with pytest.raises(ValueError):
+        Customer(
+            name="Anna Nowak",
+            city="Gdańsk",
+            age="dwadzieścia",
+            pesel="98765432109",
+            street="ul. Krótka 3",
+            appNo="C333"
+        )
+
+def test_customer_invalid_age_negative():
+    with pytest.raises(ValueError, match="Age must not be negative"):
+        Customer(
+            name="Test User",
+            city="Wrocław",
+            age=-10,
+            pesel="12345678901",
+            street="ul. Testowa 1",
+            appNo="T1"
+        )
+
+def test_customer_invalid_pesel_length():
+    print('xd')
+    with pytest.raises(ValueError):
+        Customer(
+            name="Marek Test",
+            city="Poznań",
+            age=25,
+            pesel="123",
+            street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+
+def test_customer_invalid_pesel_too_long():
+    with pytest.raises(ValueError, match="Invalid pesel"):
+        Customer(
+            name="Marek Test",
+            city="Poznań",
+            age=25,
+            pesel="123456789012345",
+            street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+
+
+#SQL injection
+def test_customer_sql_injection_in_name():
+    with pytest.raises(ValueError, match="Name contains invalid characters"):
+        Customer(
+            name="'; DROP TABLE customers; --",
+            city="Poznań",
+            age=25,
+            pesel="12345678901",
+            street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+
+
+def test_customer_sql_injection_in_city():
+    with pytest.raises(ValueError, match="City contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="'; DROP TABLE customers; --",
+            age=25,
+            pesel="12345678901",
+            street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+
+def test_customer_sql_injection_in_street():
+    with pytest.raises(ValueError, match="Street contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="Warszawa",
+            age=25,
+            pesel="12345678901",
+            street="'; DROP TABLE customers; --",
+            appNo="D444"
+        )
+
+def test_customer_sql_injection_in_pesel():
+    with pytest.raises(ValueError, match="Pesel contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="Warszawa",
+            age=25,
+            pesel="'; DROP TABLE customers; --",
+            street="testowa ulica",
+            appNo="D444"
+        )
+
+def test_customer_sql_injection_in_appno():
+    with pytest.raises(ValueError, match="Pesel contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="Warszawa",
+            age=25,
+            pesel="12345678901",
+            street="testowa ulica",
+            appNo="'; DROP TABLE customers; --"
+        )
+#JavaScript Injection
+
+def test_customer_javascript_injection_in_name():
+    with pytest.raises(ValueError, match="Name contains invalid characters"):
+        Customer(
+            name="<script>alert('Atak')</script>",
+            city="Poznań",
+            age=25,
+            pesel="12345678901",
+            street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+
+
+def test_customer_javascript_injection_in_city():
+    with pytest.raises(ValueError, match="City contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="<script>alert('Atak')</script>",
+            age=25,
+            pesel="12345678901",
+            street="ul. Łąkowa 4",
+            appNo="D444"
+        )
+
+def test_customer_javascript_injection_in_street():
+    with pytest.raises(ValueError, match="Street contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="Warszawa",
+            age=25,
+            pesel="12345678901",
+            street="<script>alert('Atak')</script>",
+            appNo="D444"
+        )
+
+def test_customer_javascript_injection_in_pesel():
+    with pytest.raises(ValueError, match="Pesel contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="Warszawa",
+            age=25,
+            pesel="<script>alert('Atak')</script>",
+            street="testowa ulica",
+            appNo="D444"
+        )
+
+def test_customer_javascript_injection_in_appno():
+    with pytest.raises(ValueError, match="Pesel contains invalid characters"):
+        Customer(
+            name="Jan kowalskki",
+            city="Warszawa",
+            age=25,
+            pesel="12345678901",
+            street="testowa ulica",
+            appNo="<script>alert('Atak')</script>"
+        )
+
+#testy ekstremalne
+def test_customer_very_long_name():
+    with pytest.raises(ValueError, match="Name is too long"):
+        Customer(
+            name="A" * 1000,
+            city="Warszawa",
+            age=30,
+            pesel="77777777777",
+            street="ul. Długa 1",
+            appNo="L1"
+        )
+
+def test_customer_very_long_name():
+    with pytest.raises(ValueError, match="Name is too long"):
+        Customer(
+            name='Jan kowalskki',
+            city="A" * 1000,
+            age=30,
+            pesel="77777777777",
+            street="ul. Długa 1",
+            appNo="L1"
+        )
+
+def test_customer_whitespace_only_name():
+    with pytest.raises(ValueError, match="Name cannot be empty"):
+        Customer(
+            name="   ",
+            city="Warszawa",
+            age=25,
+            pesel="77777777777",
+            street="ul. Długa 1",
+            appNo="A2"
+        )
diff --git a/bob-atak-token.png b/bob-atak-token.png
diff --git a/bob-token.png b/bob-token.png
diff --git a/po-poprawi.png b/po-poprawi.png
diff --git a/zad1-błedy.png b/zad1-błedy.png