✅
Sensitive Data and Security Testing
/app/tests/sensitive-data-security-test.yaml
high
6 Steps
Duration: 19ms
Success Rate: 100%
✅
Successful Steps
6
100% success rate
❌
Failed Steps
0
0% of total
⏭️
Skipped Steps
0
0% of total
🔗
HTTP Requests
6
100% requests
🔄
Iterações
0
0 steps com iterações
📊 Execution Timeline
| # | Status | Step Name | Type | Duration | Started At | Details |
|---|---|---|---|---|---|---|
| 1 | ✅ | Test authentication with sensitive data masking POST /post | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 2 | ✅ | Test API key handling and masking GET /headers | request | 2ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 3 | ✅ | Test secure token capture (should not log sensitive parts) POST /post | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 4 | ✅ | Test password change with masking PUT /put | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 5 | ✅ | Test sensitive data in error scenarios POST /status/401 | request | 3ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
| 6 | ✅ | Generate security test report POST /post | request | 4ms | 19/10/2025, 10:28:37 |
✅ Request completed successfully
|
🌐 HTTP Requests Debug Info
✅
Test authentication with sensitive data masking
Step #1
3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: authentication' -d '{"login_request":{"username":"test_user@security.test","password":"super_secret_password_123","timestamp":"1234567890000","session_id":"e57db93c-7966-462a-a53e-332cd8d429a6"},"security_metadata":{"masking_enabled":true,"test_type":"sensitive-data-auth"}}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
X-Security-Test: authenticationRequest Body
{
"login_request": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"timestamp": "1234567890000",
"session_id": "e57db93c-7966-462a-a53e-332cd8d429a6"
},
"security_metadata": {
"masking_enabled": true,
"test_type": "sensitive-data-auth"
}
}📥 Response
Status Code: 200
Duration: 3ms
Size: 902 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1079
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "254",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "authentication"
},
"json": {
"login_request": {
"password": "super_secret_password_123",
"session_id": "e57db93c-7966-462a-a53e-332cd8d429a6",
"timestamp": "1234567890000",
"username": "test_user@security.test"
},
"security_metadata": {
"masking_enabled": true,
"test_type": "sensitive-data-auth"
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
3
assertions
✅
Passed
3
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.json.login_request.username.equals
PASSED
✓ Match
Condição
body.json.login_request.username.equals equals test_user@security.test
Assertion passou conforme esperado
Valor recebido: test_user@security.test
✓
body.json.login_request.password.equals
PASSED
✓ Match
Condição
body.json.login_request.password.equals equals super_secret_password_123
Assertion passou conforme esperado
Valor recebido: super_secret_password_123
Captured Variables
{
"auth_response": null,
"simulated_auth_token": "{{faker.string.alphanumeric(32)}}",
"login_timestamp": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
} ✅
Test API key handling and masking
Step #2
2ms
cURL Command
curl -X GET -H 'Authorization: Bearer sk-test-1234567890abcdef' -H 'X-API-Key: client_secret_xyz789' -H 'X-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01' -H 'X-Security-Test: api-key-masking' "http://httpbin/headers"📤 Request
Method: GET
URL:
http://httpbin/headers Base URL:
http://httpbin Request Headers
Authorization: Bearer sk-test-1234567890abcdef
X-API-Key: client_secret_xyz789
X-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01
X-Security-Test: api-key-masking📥 Response
Status Code: 200
Duration: 2ms
Size: 351 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 422
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer sk-test-1234567890abcdef",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Api-Key": "client_secret_xyz789",
"X-Client-Id": "ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01",
"X-Security-Test": "api-key-masking"
}
} 📊
Total
3
assertions
✅
Passed
3
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.headers.Authorization.contains
PASSED
Condição
body.headers.Authorization.contains equals Bearer
Comparação de Valores
Esperado expected
Bearer
Recebido actual
Bearer sk-test-1234567890abcdef
✓
body.headers."X-Api-Key".equals
PASSED
✓ Match
Condição
body.headers."X-Api-Key".equals equals client_secret_xyz789
Assertion passou conforme esperado
Valor recebido: client_secret_xyz789
Captured Variables
{
"api_key_test_response": null,
"headers_received": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "422",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
}
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
} ✅
Test secure token capture (should not log sensitive parts)
Step #3
3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer {{faker.string.alphanumeric(32)}}' -H 'X-Security-Test: secure-token-capture' -d '{"token_validation":{"access_token":"{{faker.string.alphanumeric(32)}}","refresh_token":"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk","token_type":"Bearer","expires_in":3600,"scope":"read:user write:user"},"security_check":{"token_length":33,"is_secure":true,"masked_for_logs":true}}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
Authorization: Bearer {{faker.string.alphanumeric(32)}}
X-Security-Test: secure-token-captureRequest Body
{
"token_validation": {
"access_token": "{{faker.string.alphanumeric(32)}}",
"refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "read:user write:user"
},
"security_check": {
"token_length": 33,
"is_secure": true,
"masked_for_logs": true
}
}📥 Response
Status Code: 200
Duration: 3ms
Size: 1069 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1271
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer {{faker.string.alphanumeric(32)}}",
"Connection": "keep-alive",
"Content-Length": "304",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "secure-token-capture"
},
"json": {
"security_check": {
"is_secure": true,
"masked_for_logs": true,
"token_length": 33
},
"token_validation": {
"access_token": "{{faker.string.alphanumeric(32)}}",
"expires_in": 3600,
"refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
"scope": "read:user write:user",
"token_type": "Bearer"
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
4
assertions
✅
Passed
4
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.json.token_validation.token_type.equals
PASSED
✓ Match
Condição
body.json.token_validation.token_type.equals equals Bearer
Assertion passou conforme esperado
Valor recebido: Bearer
✓
body.json.token_validation.expires_in.equals
PASSED
✓ Match
Condição
body.json.token_validation.expires_in.equals equals 3600
Assertion passou conforme esperado
Valor recebido: 3600
✓
body.json.security_check.is_secure.equals
PASSED
✓ Match
Condição
body.json.security_check.is_secure.equals equals true
Assertion passou conforme esperado
Valor recebido: true
Captured Variables
{
"secure_token": null,
"secure_refresh_token": null,
"token_metadata": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
} ✅
Test password change with masking
Step #4
3ms
cURL Command
curl -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer ' -H 'X-Security-Test: password-change' -d '{"password_change_request":{"current_password":"super_secret_password_123","new_password":"new_super_secret_password_456","confirm_password":"new_super_secret_password_456","change_timestamp":1234567890000},"security_validation":{"password_strength":"strong","requires_2fa":true,"change_reason":"security-test"}}' "http://httpbin/put"📤 Request
Method: PUT
URL:
http://httpbin/put Base URL:
http://httpbin Request Headers
Content-Type: application/json
Authorization: Bearer
X-Security-Test: password-changeRequest Body
{
"password_change_request": {
"current_password": "super_secret_password_123",
"new_password": "new_super_secret_password_456",
"confirm_password": "new_super_secret_password_456",
"change_timestamp": 1234567890000
},
"security_validation": {
"password_strength": "strong",
"requires_2fa": true,
"change_reason": "security-test"
}
}📥 Response
Status Code: 200
Duration: 3ms
Size: 1045 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1238
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer",
"Connection": "keep-alive",
"Content-Length": "312",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "password-change"
},
"json": {
"password_change_request": {
"change_timestamp": 1234567890000,
"confirm_password": "new_super_secret_password_456",
"current_password": "super_secret_password_123",
"new_password": "new_super_secret_password_456"
},
"security_validation": {
"change_reason": "security-test",
"password_strength": "strong",
"requires_2fa": true
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/put"
} 📊
Total
3
assertions
✅
Passed
3
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.json.password_change_request.change_timestamp.type
PASSED
✓ Match
Condição
body.json.password_change_request.change_timestamp.type equals number
Assertion passou conforme esperado
Valor recebido: number
✓
body.json.security_validation.password_strength.equals
PASSED
✓ Match
Condição
body.json.security_validation.password_strength.equals equals strong
Assertion passou conforme esperado
Valor recebido: strong
Captured Variables
{
"password_change_response": null,
"change_timestamp": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
} ✅
Test sensitive data in error scenarios
Step #5
3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer invalid_token_12345' -H 'X-Security-Test: error-with-sensitive-data' -d '{"failed_request":{"username":"test_user@security.test","failed_password":"wrong_password_123","api_key":"sk-test-1234567890abcdef","attempt_timestamp":1760869717689}}' "http://httpbin/status/401"📤 Request
Method: POST
URL:
http://httpbin/status/401 Base URL:
http://httpbin Request Headers
Content-Type: application/json
Authorization: Bearer invalid_token_12345
X-Security-Test: error-with-sensitive-dataRequest Body
{
"failed_request": {
"username": "test_user@security.test",
"failed_password": "wrong_password_123",
"api_key": "sk-test-1234567890abcdef",
"attempt_timestamp": 1760869717689
}
}📥 Response
Status Code: 401
Duration: 3ms
Size: 0 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
www-authenticate: Basic realm="Fake Realm"
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0 📊
Total
1
assertions
✅
Passed
1
assertion
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 401
Assertion passou conforme esperado
Valor recebido: 401
Captured Variables
{
"security_error_handled": true,
"sensitive_data_in_error": null,
"error_response": null,
"error_status": 401
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}🎭 Scenarios
Executed: 1 scenarios
Scenario 1: then ✓
Scenario 2: none ○
✅
Generate security test report
Step #6
4ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: final-report' -d '{"security_test_summary":{"test_type":"sensitive-data-security","authentication_tested":true,"api_key_masking_tested":true,"secure_token_handling_tested":true,"password_change_tested":true,"error_scenario_tested":true,"total_security_tests":5,"all_sensitive_data_masked":true,"test_completed_at":"2025-10-19T10:28:37.692Z"},"security_metrics":{"auth_token_secure":false,"error_handling_secure":true,"masking_configuration_active":true,"sensitive_data_test_passed":true},"compliance_check":{"passwords_masked":true,"api_keys_masked":true,"tokens_secured":true,"error_data_masked":true}}' "http://httpbin/post"📤 Request
Method: POST
URL:
http://httpbin/post Base URL:
http://httpbin Request Headers
Content-Type: application/json
X-Security-Test: final-reportRequest Body
{
"security_test_summary": {
"test_type": "sensitive-data-security",
"authentication_tested": true,
"api_key_masking_tested": true,
"secure_token_handling_tested": true,
"password_change_tested": true,
"error_scenario_tested": true,
"total_security_tests": 5,
"all_sensitive_data_masked": true,
"test_completed_at": "2025-10-19T10:28:37.692Z"
},
"security_metrics": {
"auth_token_secure": false,
"error_handling_secure": true,
"masking_configuration_active": true,
"sensitive_data_test_passed": true
},
"compliance_check": {
"passwords_masked": true,
"api_keys_masked": true,
"tokens_secured": true,
"error_data_masked": true
}
}📥 Response
Status Code: 200
Duration: 4ms
Size: 1580 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1867
access-control-allow-origin: *
access-control-allow-credentials: trueResponse Body
{
"args": {},
"data": "{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "585",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "final-report"
},
"json": {
"compliance_check": {
"api_keys_masked": true,
"error_data_masked": true,
"passwords_masked": true,
"tokens_secured": true
},
"security_metrics": {
"auth_token_secure": false,
"error_handling_secure": true,
"masking_configuration_active": true,
"sensitive_data_test_passed": true
},
"security_test_summary": {
"all_sensitive_data_masked": true,
"api_key_masking_tested": true,
"authentication_tested": true,
"error_scenario_tested": true,
"password_change_tested": true,
"secure_token_handling_tested": true,
"test_completed_at": "2025-10-19T10:28:37.692Z",
"test_type": "sensitive-data-security",
"total_security_tests": 5
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
} 📊
Total
4
assertions
✅
Passed
4
assertions
📈
Success Rate
100%
success
✓
status_code
PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200
✓
body.json.security_test_summary.total_security_tests.equals
PASSED
✓ Match
Condição
body.json.security_test_summary.total_security_tests.equals equals 5
Assertion passou conforme esperado
Valor recebido: 5
✓
body.json.security_metrics.sensitive_data_test_passed.equals
PASSED
✓ Match
Condição
body.json.security_metrics.sensitive_data_test_passed.equals equals true
Assertion passou conforme esperado
Valor recebido: true
✓
body.json.compliance_check.passwords_masked.equals
PASSED
✓ Match
Condição
body.json.compliance_check.passwords_masked.equals equals true
Assertion passou conforme esperado
Valor recebido: true
Captured Variables
{
"security_test_passed": null,
"sensitive_data_masked": null,
"auth_tokens_secure": null
}Available Variables
{
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_tokens_secure": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}📄 Raw Suite Data
Complete Suite Data
{
"node_id": "sensitive-data-security",
"suite_name": "Sensitive Data and Security Testing",
"file_path": "/app/tests/sensitive-data-security-test.yaml",
"priority": "high",
"start_time": "2025-10-19T10:28:37.677Z",
"end_time": "2025-10-19T10:28:37.696Z",
"duration_ms": 19,
"status": "success",
"steps_executed": 6,
"steps_successful": 6,
"steps_failed": 0,
"success_rate": 100,
"steps_results": [
{
"step_id": "step-1-test-authentication-with-sensitive-data-masking",
"qualified_step_id": "sensitive-data-security::step-1-test-authentication-with-sensitive-data-masking",
"step_name": "Test authentication with sensitive data masking",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"X-Security-Test": "authentication"
},
"body": {
"login_request": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"timestamp": "1234567890000",
"session_id": "e57db93c-7966-462a-a53e-332cd8d429a6"
},
"security_metadata": {
"masking_enabled": true,
"test_type": "sensitive-data-auth"
}
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: authentication' -d '{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Security-Test: authentication\r\nContent-Length: 254\r\n\r\n{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "1079",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "254",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "authentication"
},
"json": {
"login_request": {
"password": "super_secret_password_123",
"session_id": "e57db93c-7966-462a-a53e-332cd8d429a6",
"timestamp": "1234567890000",
"username": "test_user@security.test"
},
"security_metadata": {
"masking_enabled": true,
"test_type": "sensitive-data-auth"
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 902,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1079\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"login_request\\\":{\\\"username\\\":\\\"test_user@security.test\\\",\\\"password\\\":\\\"super_secret_password_123\\\",\\\"timestamp\\\":\\\"1234567890000\\\",\\\"session_id\\\":\\\"e57db93c-7966-462a-a53e-332cd8d429a6\\\"},\\\"security_metadata\\\":{\\\"masking_enabled\\\":true,\\\"test_type\\\":\\\"sensitive-data-auth\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"254\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Security-Test\": \"authentication\"\n },\n \"json\": {\n \"login_request\": {\n \"password\": \"super_secret_password_123\",\n \"session_id\": \"e57db93c-7966-462a-a53e-332cd8d429a6\",\n \"timestamp\": \"1234567890000\",\n \"username\": \"test_user@security.test\"\n },\n \"security_metadata\": {\n \"masking_enabled\": true,\n \"test_type\": \"sensitive-data-auth\"\n }\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.json.login_request.username.equals",
"expected": "test_user@security.test",
"actual": "test_user@security.test",
"passed": true,
"message": "OK"
},
{
"field": "body.json.login_request.password.equals",
"expected": "super_secret_password_123",
"actual": "super_secret_password_123",
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"auth_response": null,
"simulated_auth_token": "{{faker.string.alphanumeric(32)}}",
"login_timestamp": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}
},
{
"step_id": "step-2-test-api-key-handling-and-masking",
"qualified_step_id": "sensitive-data-security::step-2-test-api-key-handling-and-masking",
"step_name": "Test API key handling and masking",
"status": "success",
"duration_ms": 2,
"request_details": {
"method": "GET",
"url": "/headers",
"headers": {
"Authorization": "Bearer sk-test-1234567890abcdef",
"X-API-Key": "client_secret_xyz789",
"X-Client-ID": "ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01",
"X-Security-Test": "api-key-masking"
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/headers",
"curl_command": "curl -X GET -H 'Authorization: Bearer sk-test-1234567890abcdef' -H 'X-API-Key: client_secret_xyz789' -H 'X-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01' -H 'X-Security-Test: api-key-masking' \"http://httpbin/headers\"",
"raw_request": "GET /headers HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer sk-test-1234567890abcdef\r\nX-API-Key: client_secret_xyz789\r\nX-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01\r\nX-Security-Test: api-key-masking\r\n\r\n",
"raw_url": "{{base_url}}/headers"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "422",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer sk-test-1234567890abcdef",
"Connection": "keep-alive",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Api-Key": "client_secret_xyz789",
"X-Client-Id": "ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01",
"X-Security-Test": "api-key-masking"
}
},
"size_bytes": 351,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 422\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer sk-test-1234567890abcdef\",\n \"Connection\": \"keep-alive\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Api-Key\": \"client_secret_xyz789\",\n \"X-Client-Id\": \"ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01\",\n \"X-Security-Test\": \"api-key-masking\"\n }\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.headers.Authorization.contains",
"expected": "Bearer",
"actual": "Bearer sk-test-1234567890abcdef",
"passed": true,
"message": "OK"
},
{
"field": "body.headers.\"X-Api-Key\".equals",
"expected": "client_secret_xyz789",
"actual": "client_secret_xyz789",
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"api_key_test_response": null,
"headers_received": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "422",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
}
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}
},
{
"step_id": "step-3-test-secure-token-capture-should-not-log-sensitive-parts",
"qualified_step_id": "sensitive-data-security::step-3-test-secure-token-capture-should-not-log-sensitive-parts",
"step_name": "Test secure token capture (should not log sensitive parts)",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer {{faker.string.alphanumeric(32)}}",
"X-Security-Test": "secure-token-capture"
},
"body": {
"token_validation": {
"access_token": "{{faker.string.alphanumeric(32)}}",
"refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
"token_type": "Bearer",
"expires_in": 3600,
"scope": "read:user write:user"
},
"security_check": {
"token_length": 33,
"is_secure": true,
"masked_for_logs": true
}
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer {{faker.string.alphanumeric(32)}}' -H 'X-Security-Test: secure-token-capture' -d '{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nAuthorization: Bearer {{faker.string.alphanumeric(32)}}\r\nX-Security-Test: secure-token-capture\r\nContent-Length: 304\r\n\r\n{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "1271",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer {{faker.string.alphanumeric(32)}}",
"Connection": "keep-alive",
"Content-Length": "304",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "secure-token-capture"
},
"json": {
"security_check": {
"is_secure": true,
"masked_for_logs": true,
"token_length": 33
},
"token_validation": {
"access_token": "{{faker.string.alphanumeric(32)}}",
"expires_in": 3600,
"refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
"scope": "read:user write:user",
"token_type": "Bearer"
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 1069,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1271\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"token_validation\\\":{\\\"access_token\\\":\\\"{{faker.string.alphanumeric(32)}}\\\",\\\"refresh_token\\\":\\\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"expires_in\\\":3600,\\\"scope\\\":\\\"read:user write:user\\\"},\\\"security_check\\\":{\\\"token_length\\\":33,\\\"is_secure\\\":true,\\\"masked_for_logs\\\":true}}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer {{faker.string.alphanumeric(32)}}\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"304\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Security-Test\": \"secure-token-capture\"\n },\n \"json\": {\n \"security_check\": {\n \"is_secure\": true,\n \"masked_for_logs\": true,\n \"token_length\": 33\n },\n \"token_validation\": {\n \"access_token\": \"{{faker.string.alphanumeric(32)}}\",\n \"expires_in\": 3600,\n \"refresh_token\": \"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\n \"scope\": \"read:user write:user\",\n \"token_type\": \"Bearer\"\n }\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.json.token_validation.token_type.equals",
"expected": "Bearer",
"actual": "Bearer",
"passed": true,
"message": "OK"
},
{
"field": "body.json.token_validation.expires_in.equals",
"expected": 3600,
"actual": 3600,
"passed": true,
"message": "OK"
},
{
"field": "body.json.security_check.is_secure.equals",
"expected": true,
"actual": true,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"secure_token": null,
"secure_refresh_token": null,
"token_metadata": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}
},
{
"step_id": "step-4-test-password-change-with-masking",
"qualified_step_id": "sensitive-data-security::step-4-test-password-change-with-masking",
"step_name": "Test password change with masking",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "PUT",
"url": "/put",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer ",
"X-Security-Test": "password-change"
},
"body": {
"password_change_request": {
"current_password": "super_secret_password_123",
"new_password": "new_super_secret_password_456",
"confirm_password": "new_super_secret_password_456",
"change_timestamp": 1234567890000
},
"security_validation": {
"password_strength": "strong",
"requires_2fa": true,
"change_reason": "security-test"
}
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/put",
"curl_command": "curl -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer ' -H 'X-Security-Test: password-change' -d '{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}' \"http://httpbin/put\"",
"raw_request": "PUT /put HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nAuthorization: Bearer \r\nX-Security-Test: password-change\r\nContent-Length: 312\r\n\r\n{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}",
"raw_url": "{{base_url}}/put"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "1238",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Authorization": "Bearer",
"Connection": "keep-alive",
"Content-Length": "312",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "password-change"
},
"json": {
"password_change_request": {
"change_timestamp": 1234567890000,
"confirm_password": "new_super_secret_password_456",
"current_password": "super_secret_password_123",
"new_password": "new_super_secret_password_456"
},
"security_validation": {
"change_reason": "security-test",
"password_strength": "strong",
"requires_2fa": true
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/put"
},
"size_bytes": 1045,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1238\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"password_change_request\\\":{\\\"current_password\\\":\\\"super_secret_password_123\\\",\\\"new_password\\\":\\\"new_super_secret_password_456\\\",\\\"confirm_password\\\":\\\"new_super_secret_password_456\\\",\\\"change_timestamp\\\":1234567890000},\\\"security_validation\\\":{\\\"password_strength\\\":\\\"strong\\\",\\\"requires_2fa\\\":true,\\\"change_reason\\\":\\\"security-test\\\"}}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Authorization\": \"Bearer\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"312\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Security-Test\": \"password-change\"\n },\n \"json\": {\n \"password_change_request\": {\n \"change_timestamp\": 1234567890000,\n \"confirm_password\": \"new_super_secret_password_456\",\n \"current_password\": \"super_secret_password_123\",\n \"new_password\": \"new_super_secret_password_456\"\n },\n \"security_validation\": {\n \"change_reason\": \"security-test\",\n \"password_strength\": \"strong\",\n \"requires_2fa\": true\n }\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/put\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.json.password_change_request.change_timestamp.type",
"expected": "number",
"actual": "number",
"passed": true,
"message": "OK"
},
{
"field": "body.json.security_validation.password_strength.equals",
"expected": "strong",
"actual": "strong",
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"password_change_response": null,
"change_timestamp": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}
},
{
"step_id": "step-5-test-sensitive-data-in-error-scenarios",
"qualified_step_id": "sensitive-data-security::step-5-test-sensitive-data-in-error-scenarios",
"step_name": "Test sensitive data in error scenarios",
"status": "success",
"duration_ms": 3,
"request_details": {
"method": "POST",
"url": "/status/401",
"headers": {
"Content-Type": "application/json",
"Authorization": "Bearer invalid_token_12345",
"X-Security-Test": "error-with-sensitive-data"
},
"body": {
"failed_request": {
"username": "test_user@security.test",
"failed_password": "wrong_password_123",
"api_key": "sk-test-1234567890abcdef",
"attempt_timestamp": 1760869717689
}
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/status/401",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer invalid_token_12345' -H 'X-Security-Test: error-with-sensitive-data' -d '{\"failed_request\":{\"username\":\"test_user@security.test\",\"failed_password\":\"wrong_password_123\",\"api_key\":\"sk-test-1234567890abcdef\",\"attempt_timestamp\":1760869717689}}' \"http://httpbin/status/401\"",
"raw_request": "POST /status/401 HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nAuthorization: Bearer invalid_token_12345\r\nX-Security-Test: error-with-sensitive-data\r\nContent-Length: 167\r\n\r\n{\"failed_request\":{\"username\":\"test_user@security.test\",\"failed_password\":\"wrong_password_123\",\"api_key\":\"sk-test-1234567890abcdef\",\"attempt_timestamp\":1760869717689}}",
"raw_url": "{{base_url}}/status/401"
},
"response_details": {
"status_code": 401,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"www-authenticate": "Basic realm=\"Fake Realm\"",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true",
"content-length": "0"
},
"body": "",
"size_bytes": 0,
"raw_response": "HTTP/1.1 401 UNAUTHORIZED\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\nwww-authenticate: Basic realm=\"Fake Realm\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncontent-length: 0\r\n\r\n"
},
"assertions_results": [
{
"field": "status_code",
"expected": 401,
"actual": 401,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"security_error_handled": true,
"sensitive_data_in_error": null,
"error_response": null,
"error_status": 401
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
},
"scenarios_meta": {
"has_scenarios": true,
"executed_count": 1,
"evaluations": [
{
"index": 1,
"condition": "status_code == `401`",
"matched": true,
"executed": true,
"branch": "then",
"assertions_added": 0,
"captures_added": 2
},
{
"index": 2,
"condition": "status_code != `401`",
"matched": false,
"executed": false,
"branch": "none",
"assertions_added": 0,
"captures_added": 0
}
]
}
},
{
"step_id": "step-6-generate-security-test-report",
"qualified_step_id": "sensitive-data-security::step-6-generate-security-test-report",
"step_name": "Generate security test report",
"status": "success",
"duration_ms": 4,
"request_details": {
"method": "POST",
"url": "/post",
"headers": {
"Content-Type": "application/json",
"X-Security-Test": "final-report"
},
"body": {
"security_test_summary": {
"test_type": "sensitive-data-security",
"authentication_tested": true,
"api_key_masking_tested": true,
"secure_token_handling_tested": true,
"password_change_tested": true,
"error_scenario_tested": true,
"total_security_tests": 5,
"all_sensitive_data_masked": true,
"test_completed_at": "2025-10-19T10:28:37.692Z"
},
"security_metrics": {
"auth_token_secure": false,
"error_handling_secure": true,
"masking_configuration_active": true,
"sensitive_data_test_passed": true
},
"compliance_check": {
"passwords_masked": true,
"api_keys_masked": true,
"tokens_secured": true,
"error_data_masked": true
}
},
"base_url": "http://httpbin",
"full_url": "http://httpbin/post",
"curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: final-report' -d '{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}' \"http://httpbin/post\"",
"raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Security-Test: final-report\r\nContent-Length: 585\r\n\r\n{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}",
"raw_url": "{{base_url}}/post"
},
"response_details": {
"status_code": 200,
"headers": {
"server": "gunicorn/19.9.0",
"date": "Sun, 19 Oct 2025 10:28:37 GMT",
"connection": "keep-alive",
"content-type": "application/json",
"content-length": "1867",
"access-control-allow-origin": "*",
"access-control-allow-credentials": "true"
},
"body": {
"args": {},
"data": "{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}",
"files": {},
"form": {},
"headers": {
"Accept": "application/json, text/plain, */*",
"Accept-Encoding": "gzip, compress, deflate, br",
"Connection": "keep-alive",
"Content-Length": "585",
"Content-Type": "application/json",
"Host": "httpbin",
"User-Agent": "axios/1.12.1",
"X-Security-Test": "final-report"
},
"json": {
"compliance_check": {
"api_keys_masked": true,
"error_data_masked": true,
"passwords_masked": true,
"tokens_secured": true
},
"security_metrics": {
"auth_token_secure": false,
"error_handling_secure": true,
"masking_configuration_active": true,
"sensitive_data_test_passed": true
},
"security_test_summary": {
"all_sensitive_data_masked": true,
"api_key_masking_tested": true,
"authentication_tested": true,
"error_scenario_tested": true,
"password_change_tested": true,
"secure_token_handling_tested": true,
"test_completed_at": "2025-10-19T10:28:37.692Z",
"test_type": "sensitive-data-security",
"total_security_tests": 5
}
},
"origin": "172.18.0.3",
"url": "http://httpbin/post"
},
"size_bytes": 1580,
"raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1867\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n \"args\": {},\n \"data\": \"{\\\"security_test_summary\\\":{\\\"test_type\\\":\\\"sensitive-data-security\\\",\\\"authentication_tested\\\":true,\\\"api_key_masking_tested\\\":true,\\\"secure_token_handling_tested\\\":true,\\\"password_change_tested\\\":true,\\\"error_scenario_tested\\\":true,\\\"total_security_tests\\\":5,\\\"all_sensitive_data_masked\\\":true,\\\"test_completed_at\\\":\\\"2025-10-19T10:28:37.692Z\\\"},\\\"security_metrics\\\":{\\\"auth_token_secure\\\":false,\\\"error_handling_secure\\\":true,\\\"masking_configuration_active\\\":true,\\\"sensitive_data_test_passed\\\":true},\\\"compliance_check\\\":{\\\"passwords_masked\\\":true,\\\"api_keys_masked\\\":true,\\\"tokens_secured\\\":true,\\\"error_data_masked\\\":true}}\",\n \"files\": {},\n \"form\": {},\n \"headers\": {\n \"Accept\": \"application/json, text/plain, */*\",\n \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n \"Connection\": \"keep-alive\",\n \"Content-Length\": \"585\",\n \"Content-Type\": \"application/json\",\n \"Host\": \"httpbin\",\n \"User-Agent\": \"axios/1.12.1\",\n \"X-Security-Test\": \"final-report\"\n },\n \"json\": {\n \"compliance_check\": {\n \"api_keys_masked\": true,\n \"error_data_masked\": true,\n \"passwords_masked\": true,\n \"tokens_secured\": true\n },\n \"security_metrics\": {\n \"auth_token_secure\": false,\n \"error_handling_secure\": true,\n \"masking_configuration_active\": true,\n \"sensitive_data_test_passed\": true\n },\n \"security_test_summary\": {\n \"all_sensitive_data_masked\": true,\n \"api_key_masking_tested\": true,\n \"authentication_tested\": true,\n \"error_scenario_tested\": true,\n \"password_change_tested\": true,\n \"secure_token_handling_tested\": true,\n \"test_completed_at\": \"2025-10-19T10:28:37.692Z\",\n \"test_type\": \"sensitive-data-security\",\n \"total_security_tests\": 5\n }\n },\n \"origin\": \"172.18.0.3\",\n \"url\": \"http://httpbin/post\"\n}"
},
"assertions_results": [
{
"field": "status_code",
"expected": 200,
"actual": 200,
"passed": true,
"message": "OK"
},
{
"field": "body.json.security_test_summary.total_security_tests.equals",
"expected": 5,
"actual": 5,
"passed": true,
"message": "OK"
},
{
"field": "body.json.security_metrics.sensitive_data_test_passed.equals",
"expected": true,
"actual": true,
"passed": true,
"message": "OK"
},
{
"field": "body.json.compliance_check.passwords_masked.equals",
"expected": true,
"actual": true,
"passed": true,
"message": "OK"
}
],
"captured_variables": {
"security_test_passed": null,
"sensitive_data_masked": null,
"auth_tokens_secure": null
},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_tokens_secure": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
}
}
],
"variables_captured": {},
"available_variables": {
"api_base_url": "http://localhost:8080",
"test_credentials": {
"username": "test_user@security.test",
"password": "super_secret_password_123",
"api_key": "sk-test-1234567890abcdef",
"client_secret": "client_secret_xyz789"
},
"auth_response": null,
"api_key_test_response": null,
"auth_tokens_secure": null,
"auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
"auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
"auth_flows_test.user_permissions": [
"read",
"write"
],
"auth_flows_test.auth_flow_results": {
"jwt_authentication": {
"status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
"tokens_issued": 2,
"profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
},
"oauth2_authentication": {
"status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
"authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
"token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
},
"security_validation": {
"expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
"revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
"permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
},
"session_management": {
"logout_success": "{{js: Boolean(variables.complete_logout)}}",
"cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
}
},
"complex-workflows-test.workflow_results": {
"api_contract_validations": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"business_outcomes": {
"customer_id": "{{customer_id}}",
"items_purchased": 3,
"order_id": null,
"total_revenue": 594.96,
"transaction_id": null,
"workflow_completion": null
},
"ecommerce_workflow_results": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"end_to_end_success": true,
"microservices_communication": {
"inventory_service": null,
"notification_service": null
},
"test_summary": "complex_workflows_ecommerce_contracts",
"total_complex_workflow_tests": 13,
"workflow_patterns_tested": [
"customer_lifecycle_management",
"product_catalog_interaction",
"cart_and_checkout_process",
"payment_transaction_flow",
"order_fulfillment_pipeline",
"api_contract_validation",
"microservices_integration",
"end_to_end_business_process",
"workflow_analytics_tracking"
],
"workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
},
"complex-workflows-test.ecommerce_data": {
"cart_management": "success",
"catalog_browsing": null,
"customer_registration": null,
"fulfillment_initiated": null,
"order_created": null,
"payment_processed": null,
"product_details": null,
"promotions_applied": null,
"shipping_calculated": null
},
"complex-workflows-test.contract_validation_results": {
"order_service": null,
"payment_service": null,
"user_service": null
},
"auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
"input-capture-test.normalized_email": "John.Doe@Example.COM",
"input-capture-test.email_domain": "John.Doe@Example.COM",
"input-capture-test.full_name": "John Michael Doe",
"dependency-setup.auth_token": "test_user",
"dependency-setup.session_id": "172.18.0.3",
"dependency-setup.config_id": "v2",
"dependency-setup.setup_timestamp": true,
"comprehensive_basic.captured_echo_data": {
"action": "create_resource",
"metadata": {
"api_version": "v2.1",
"test_mode": true,
"timestamp": "2024-01-01T00:00:00Z"
},
"user_id": 12345,
"username": "flow_test_user"
},
"comprehensive_basic.generated_uuid": "httpbin",
"comprehensive_basic.final_status": "completed",
"javascript-expressions.js_calculated": 50,
"javascript-expressions.js_timestamp": 1760869717656,
"iteration-examples.users_tested": null,
"iteration-examples.range_test_summary": null
},
"suite_yaml_content": "suite_name: \"Sensitive Data and Security Testing\"\nnode_id: \"sensitive-data-security\"\ndescription: \"Tests sensitive data handling, masking, and security best practices\"\nbase_url: \"{{httpbin_url}}\"\n\nmetadata:\n priority: \"high\"\n tags: [\"security\", \"sensitive-data\", \"masking\", \"authentication\"]\n estimated_duration_ms: 6000\n\nexports:\n - security_test_passed\n - sensitive_data_masked\n - auth_tokens_secure\n\nvariables:\n # Simulated sensitive data (for testing purposes only)\n test_credentials:\n username: \"test_user@security.test\"\n password: \"super_secret_password_123\"\n api_key: \"sk-test-1234567890abcdef\"\n client_secret: \"client_secret_xyz789\"\n\n # Security configuration\n security_config:\n mask_passwords: true\n mask_api_keys: true\n log_sensitive_data: false\n\nsteps:\n - name: \"Test authentication with sensitive data masking\"\n request:\n method: POST\n url: \"/post\"\n headers:\n Content-Type: \"application/json\"\n X-Security-Test: \"authentication\"\n body:\n # These should be masked in logs if masking is enabled\n login_request:\n username: \"{{test_credentials.username}}\"\n password: \"{{test_credentials.password}}\" # Should be masked\n timestamp: \"1234567890000\"\n session_id: \"{{faker.string.uuid}}\"\n security_metadata:\n masking_enabled: \"{{security_config.mask_passwords}}\"\n test_type: \"sensitive-data-auth\"\n assert:\n status_code: 200\n body:\n json:\n login_request:\n username:\n equals: \"test_user@security.test\"\n password:\n equals: \"super_secret_password_123\"\n capture:\n auth_response: \"json\"\n simulated_auth_token: \"{{faker.string.alphanumeric(32)}}\"\n login_timestamp: \"json.login_request.timestamp\"\n\n - name: \"Test API key handling and masking\"\n request:\n method: GET\n url: \"/headers\"\n headers:\n # These headers should be masked in logs\n Authorization: \"Bearer {{test_credentials.api_key}}\"\n X-API-Key: \"{{test_credentials.client_secret}}\"\n X-Client-ID: \"{{faker.string.uuid}}\"\n X-Security-Test: \"api-key-masking\"\n assert:\n status_code: 200\n body:\n headers:\n Authorization:\n contains: \"Bearer\"\n \"X-Api-Key\":\n equals: \"client_secret_xyz789\"\n capture:\n api_key_test_response: \"json\"\n headers_received: \"headers\"\n\n - name: \"Test secure token capture (should not log sensitive parts)\"\n request:\n method: POST\n url: \"/post\"\n headers:\n Content-Type: \"application/json\"\n Authorization: \"Bearer {{simulated_auth_token}}\"\n X-Security-Test: \"secure-token-capture\"\n body:\n token_validation:\n access_token: \"{{simulated_auth_token}}\"\n refresh_token: \"{{faker.string.alphanumeric(64)}}\"\n token_type: \"Bearer\"\n expires_in: 3600\n scope: \"read:user write:user\"\n security_check:\n token_length: \"{{$js.return simulated_auth_token.length}}\"\n is_secure: true\n masked_for_logs: true\n assert:\n status_code: 200\n body:\n json:\n token_validation:\n token_type:\n equals: \"Bearer\"\n expires_in:\n equals: 3600\n security_check:\n is_secure:\n equals: true\n capture:\n # Use secure_token prefix to indicate this should be masked\n secure_token: \"json.token_validation.access_token\"\n secure_refresh_token: \"json.token_validation.refresh_token\"\n token_metadata: \"json.security_check\"\n\n - name: \"Test password change with masking\"\n request:\n method: PUT\n url: \"/put\"\n headers:\n Content-Type: \"application/json\"\n Authorization: \"Bearer {{secure_token}}\"\n X-Security-Test: \"password-change\"\n body:\n password_change_request:\n current_password: \"{{test_credentials.password}}\" # Should be masked\n new_password: \"new_super_secret_password_456\" # Should be masked\n confirm_password: \"new_super_secret_password_456\" # Should be masked\n change_timestamp: 1234567890000\n security_validation:\n password_strength: \"strong\"\n requires_2fa: true\n change_reason: \"security-test\"\n assert:\n status_code: 200\n body:\n json:\n password_change_request:\n change_timestamp:\n type: number\n security_validation:\n password_strength:\n equals: \"strong\"\n capture:\n password_change_response: \"json\"\n change_timestamp: \"json.password_change_request.change_timestamp\"\n\n - name: \"Test sensitive data in error scenarios\"\n request:\n method: POST\n url: \"/status/401\" # This will return 401 Unauthorized\n headers:\n Content-Type: \"application/json\"\n Authorization: \"Bearer invalid_token_12345\"\n X-Security-Test: \"error-with-sensitive-data\"\n body:\n failed_request:\n username: \"{{test_credentials.username}}\"\n failed_password: \"wrong_password_123\" # Should be masked even in errors\n api_key: \"{{test_credentials.api_key}}\" # Should be masked\n attempt_timestamp: \"{{$js.return Date.now()}}\"\n assert:\n status_code: 401 # Expecting unauthorized\n capture:\n error_response: \"json\"\n error_status: \"status_code\"\n\n scenarios:\n - condition: \"status_code == `401`\"\n then:\n capture:\n security_error_handled: true\n sensitive_data_in_error: \"masked\"\n - condition: \"status_code != `401`\"\n then:\n capture:\n security_error_handled: false\n\n - name: \"Generate security test report\"\n request:\n method: POST\n url: \"/post\"\n headers:\n Content-Type: \"application/json\"\n X-Security-Test: \"final-report\"\n body:\n security_test_summary:\n test_type: \"sensitive-data-security\"\n authentication_tested: true\n api_key_masking_tested: true\n secure_token_handling_tested: true\n password_change_tested: true\n error_scenario_tested: true\n total_security_tests: 5\n all_sensitive_data_masked: \"{{security_config.mask_passwords}}\"\n test_completed_at: \"{{$js.return new Date().toISOString()}}\"\n security_metrics:\n auth_token_secure: \"{{$js.return secure_token ? true : false}}\"\n error_handling_secure: true\n masking_configuration_active: \"{{security_config.mask_passwords}}\"\n sensitive_data_test_passed: true\n compliance_check:\n passwords_masked: true\n api_keys_masked: true\n tokens_secured: true\n error_data_masked: true\n assert:\n status_code: 200\n body:\n json:\n security_test_summary:\n total_security_tests:\n equals: 5\n security_metrics:\n sensitive_data_test_passed:\n equals: true\n compliance_check:\n passwords_masked:\n equals: true\n capture:\n security_test_passed: \"json.security_metrics.sensitive_data_test_passed\"\n sensitive_data_masked: \"json.compliance_check.passwords_masked\"\n auth_tokens_secure: \"json.security_metrics.auth_token_secure\"\n"
}