Sensitive Data and Security Testing

/app/tests/sensitive-data-security-test.yaml

high
6 Steps
Duration: 19ms
Success Rate: 100%
Successful Steps
6
100% success rate
Failed Steps
0
0% of total
⏭️
Skipped Steps
0
0% of total
🔗
HTTP Requests
6
100% requests
🔄
Iterações
0
0 steps com iterações

📊 Execution Timeline

# Status Step Name Type Duration Started At Details
1
Test authentication with sensitive data masking
POST /post
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
2
Test API key handling and masking
GET /headers
request
2ms 19/10/2025, 10:28:37
✅ Request completed successfully
3
Test secure token capture (should not log sensitive parts)
POST /post
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
4
Test password change with masking
PUT /put
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
5
Test sensitive data in error scenarios
POST /status/401
request
3ms 19/10/2025, 10:28:37
✅ Request completed successfully
6
Generate security test report
POST /post
request
4ms 19/10/2025, 10:28:37
✅ Request completed successfully

🌐 HTTP Requests Debug Info

Test authentication with sensitive data masking

Step #1

3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: authentication' -d '{"login_request":{"username":"test_user@security.test","password":"super_secret_password_123","timestamp":"1234567890000","session_id":"e57db93c-7966-462a-a53e-332cd8d429a6"},"security_metadata":{"masking_enabled":true,"test_type":"sensitive-data-auth"}}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
X-Security-Test: authentication
Request Body
{
  "login_request": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "timestamp": "1234567890000",
    "session_id": "e57db93c-7966-462a-a53e-332cd8d429a6"
  },
  "security_metadata": {
    "masking_enabled": true,
    "test_type": "sensitive-data-auth"
  }
}

📥 Response

Status Code: 200
Duration: 3ms
Size: 902 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1079
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "254",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Security-Test": "authentication"
  },
  "json": {
    "login_request": {
      "password": "super_secret_password_123",
      "session_id": "e57db93c-7966-462a-a53e-332cd8d429a6",
      "timestamp": "1234567890000",
      "username": "test_user@security.test"
    },
    "security_metadata": {
      "masking_enabled": true,
      "test_type": "sensitive-data-auth"
    }
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
3
assertions
Passed
3
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.json.login_request.username.equals

PASSED
✓ Match
Condição
body.json.login_request.username.equals equals test_user@security.test
Assertion passou conforme esperado
Valor recebido: test_user@security.test

body.json.login_request.password.equals

PASSED
✓ Match
Condição
body.json.login_request.password.equals equals super_secret_password_123
Assertion passou conforme esperado
Valor recebido: super_secret_password_123
Captured Variables
{
  "auth_response": null,
  "simulated_auth_token": "{{faker.string.alphanumeric(32)}}",
  "login_timestamp": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "client_secret": "client_secret_xyz789"
  },
  "auth_response": null,
  "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
  "auth_flows_test.user_permissions": [
    "read",
    "write"
  ],
  "auth_flows_test.auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "complex-workflows-test.workflow_results": {
    "api_contract_validations": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "business_outcomes": {
      "customer_id": "{{customer_id}}",
      "items_purchased": 3,
      "order_id": null,
      "total_revenue": 594.96,
      "transaction_id": null,
      "workflow_completion": null
    },
    "ecommerce_workflow_results": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "end_to_end_success": true,
    "microservices_communication": {
      "inventory_service": null,
      "notification_service": null
    },
    "test_summary": "complex_workflows_ecommerce_contracts",
    "total_complex_workflow_tests": 13,
    "workflow_patterns_tested": [
      "customer_lifecycle_management",
      "product_catalog_interaction",
      "cart_and_checkout_process",
      "payment_transaction_flow",
      "order_fulfillment_pipeline",
      "api_contract_validation",
      "microservices_integration",
      "end_to_end_business_process",
      "workflow_analytics_tracking"
    ],
    "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
  },
  "complex-workflows-test.ecommerce_data": {
    "cart_management": "success",
    "catalog_browsing": null,
    "customer_registration": null,
    "fulfillment_initiated": null,
    "order_created": null,
    "payment_processed": null,
    "product_details": null,
    "promotions_applied": null,
    "shipping_calculated": null
  },
  "complex-workflows-test.contract_validation_results": {
    "order_service": null,
    "payment_service": null,
    "user_service": null
  },
  "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "input-capture-test.normalized_email": "John.Doe@Example.COM",
  "input-capture-test.email_domain": "John.Doe@Example.COM",
  "input-capture-test.full_name": "John Michael Doe",
  "dependency-setup.auth_token": "test_user",
  "dependency-setup.session_id": "172.18.0.3",
  "dependency-setup.config_id": "v2",
  "dependency-setup.setup_timestamp": true,
  "comprehensive_basic.captured_echo_data": {
    "action": "create_resource",
    "metadata": {
      "api_version": "v2.1",
      "test_mode": true,
      "timestamp": "2024-01-01T00:00:00Z"
    },
    "user_id": 12345,
    "username": "flow_test_user"
  },
  "comprehensive_basic.generated_uuid": "httpbin",
  "comprehensive_basic.final_status": "completed",
  "javascript-expressions.js_calculated": 50,
  "javascript-expressions.js_timestamp": 1760869717656,
  "iteration-examples.users_tested": null,
  "iteration-examples.range_test_summary": null
}

Test API key handling and masking

Step #2

2ms
cURL Command
curl -X GET -H 'Authorization: Bearer sk-test-1234567890abcdef' -H 'X-API-Key: client_secret_xyz789' -H 'X-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01' -H 'X-Security-Test: api-key-masking' "http://httpbin/headers"

📤 Request

Method: GET
URL: http://httpbin/headers
Base URL: http://httpbin
Request Headers
Authorization: Bearer sk-test-1234567890abcdef
X-API-Key: client_secret_xyz789
X-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01
X-Security-Test: api-key-masking

📥 Response

Status Code: 200
Duration: 2ms
Size: 351 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 422
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer sk-test-1234567890abcdef",
    "Connection": "keep-alive",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Api-Key": "client_secret_xyz789",
    "X-Client-Id": "ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01",
    "X-Security-Test": "api-key-masking"
  }
}
📊
Total
3
assertions
Passed
3
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.headers.Authorization.contains

PASSED
Condição
body.headers.Authorization.contains equals Bearer
Comparação de Valores
Esperado expected
Bearer
Recebido actual
Bearer sk-test-1234567890abcdef

body.headers."X-Api-Key".equals

PASSED
✓ Match
Condição
body.headers."X-Api-Key".equals equals client_secret_xyz789
Assertion passou conforme esperado
Valor recebido: client_secret_xyz789
Captured Variables
{
  "api_key_test_response": null,
  "headers_received": {
    "server": "gunicorn/19.9.0",
    "date": "Sun, 19 Oct 2025 10:28:37 GMT",
    "connection": "keep-alive",
    "content-type": "application/json",
    "content-length": "422",
    "access-control-allow-origin": "*",
    "access-control-allow-credentials": "true"
  }
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "client_secret": "client_secret_xyz789"
  },
  "auth_response": null,
  "api_key_test_response": null,
  "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
  "auth_flows_test.user_permissions": [
    "read",
    "write"
  ],
  "auth_flows_test.auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "complex-workflows-test.workflow_results": {
    "api_contract_validations": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "business_outcomes": {
      "customer_id": "{{customer_id}}",
      "items_purchased": 3,
      "order_id": null,
      "total_revenue": 594.96,
      "transaction_id": null,
      "workflow_completion": null
    },
    "ecommerce_workflow_results": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "end_to_end_success": true,
    "microservices_communication": {
      "inventory_service": null,
      "notification_service": null
    },
    "test_summary": "complex_workflows_ecommerce_contracts",
    "total_complex_workflow_tests": 13,
    "workflow_patterns_tested": [
      "customer_lifecycle_management",
      "product_catalog_interaction",
      "cart_and_checkout_process",
      "payment_transaction_flow",
      "order_fulfillment_pipeline",
      "api_contract_validation",
      "microservices_integration",
      "end_to_end_business_process",
      "workflow_analytics_tracking"
    ],
    "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
  },
  "complex-workflows-test.ecommerce_data": {
    "cart_management": "success",
    "catalog_browsing": null,
    "customer_registration": null,
    "fulfillment_initiated": null,
    "order_created": null,
    "payment_processed": null,
    "product_details": null,
    "promotions_applied": null,
    "shipping_calculated": null
  },
  "complex-workflows-test.contract_validation_results": {
    "order_service": null,
    "payment_service": null,
    "user_service": null
  },
  "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "input-capture-test.normalized_email": "John.Doe@Example.COM",
  "input-capture-test.email_domain": "John.Doe@Example.COM",
  "input-capture-test.full_name": "John Michael Doe",
  "dependency-setup.auth_token": "test_user",
  "dependency-setup.session_id": "172.18.0.3",
  "dependency-setup.config_id": "v2",
  "dependency-setup.setup_timestamp": true,
  "comprehensive_basic.captured_echo_data": {
    "action": "create_resource",
    "metadata": {
      "api_version": "v2.1",
      "test_mode": true,
      "timestamp": "2024-01-01T00:00:00Z"
    },
    "user_id": 12345,
    "username": "flow_test_user"
  },
  "comprehensive_basic.generated_uuid": "httpbin",
  "comprehensive_basic.final_status": "completed",
  "javascript-expressions.js_calculated": 50,
  "javascript-expressions.js_timestamp": 1760869717656,
  "iteration-examples.users_tested": null,
  "iteration-examples.range_test_summary": null
}

Test secure token capture (should not log sensitive parts)

Step #3

3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer {{faker.string.alphanumeric(32)}}' -H 'X-Security-Test: secure-token-capture' -d '{"token_validation":{"access_token":"{{faker.string.alphanumeric(32)}}","refresh_token":"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk","token_type":"Bearer","expires_in":3600,"scope":"read:user write:user"},"security_check":{"token_length":33,"is_secure":true,"masked_for_logs":true}}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
Authorization: Bearer {{faker.string.alphanumeric(32)}}
X-Security-Test: secure-token-capture
Request Body
{
  "token_validation": {
    "access_token": "{{faker.string.alphanumeric(32)}}",
    "refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
    "token_type": "Bearer",
    "expires_in": 3600,
    "scope": "read:user write:user"
  },
  "security_check": {
    "token_length": 33,
    "is_secure": true,
    "masked_for_logs": true
  }
}

📥 Response

Status Code: 200
Duration: 3ms
Size: 1069 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1271
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer {{faker.string.alphanumeric(32)}}",
    "Connection": "keep-alive",
    "Content-Length": "304",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Security-Test": "secure-token-capture"
  },
  "json": {
    "security_check": {
      "is_secure": true,
      "masked_for_logs": true,
      "token_length": 33
    },
    "token_validation": {
      "access_token": "{{faker.string.alphanumeric(32)}}",
      "expires_in": 3600,
      "refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
      "scope": "read:user write:user",
      "token_type": "Bearer"
    }
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
4
assertions
Passed
4
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.json.token_validation.token_type.equals

PASSED
✓ Match
Condição
body.json.token_validation.token_type.equals equals Bearer
Assertion passou conforme esperado
Valor recebido: Bearer

body.json.token_validation.expires_in.equals

PASSED
✓ Match
Condição
body.json.token_validation.expires_in.equals equals 3600
Assertion passou conforme esperado
Valor recebido: 3600

body.json.security_check.is_secure.equals

PASSED
✓ Match
Condição
body.json.security_check.is_secure.equals equals true
Assertion passou conforme esperado
Valor recebido: true
Captured Variables
{
  "secure_token": null,
  "secure_refresh_token": null,
  "token_metadata": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "client_secret": "client_secret_xyz789"
  },
  "auth_response": null,
  "api_key_test_response": null,
  "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
  "auth_flows_test.user_permissions": [
    "read",
    "write"
  ],
  "auth_flows_test.auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "complex-workflows-test.workflow_results": {
    "api_contract_validations": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "business_outcomes": {
      "customer_id": "{{customer_id}}",
      "items_purchased": 3,
      "order_id": null,
      "total_revenue": 594.96,
      "transaction_id": null,
      "workflow_completion": null
    },
    "ecommerce_workflow_results": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "end_to_end_success": true,
    "microservices_communication": {
      "inventory_service": null,
      "notification_service": null
    },
    "test_summary": "complex_workflows_ecommerce_contracts",
    "total_complex_workflow_tests": 13,
    "workflow_patterns_tested": [
      "customer_lifecycle_management",
      "product_catalog_interaction",
      "cart_and_checkout_process",
      "payment_transaction_flow",
      "order_fulfillment_pipeline",
      "api_contract_validation",
      "microservices_integration",
      "end_to_end_business_process",
      "workflow_analytics_tracking"
    ],
    "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
  },
  "complex-workflows-test.ecommerce_data": {
    "cart_management": "success",
    "catalog_browsing": null,
    "customer_registration": null,
    "fulfillment_initiated": null,
    "order_created": null,
    "payment_processed": null,
    "product_details": null,
    "promotions_applied": null,
    "shipping_calculated": null
  },
  "complex-workflows-test.contract_validation_results": {
    "order_service": null,
    "payment_service": null,
    "user_service": null
  },
  "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "input-capture-test.normalized_email": "John.Doe@Example.COM",
  "input-capture-test.email_domain": "John.Doe@Example.COM",
  "input-capture-test.full_name": "John Michael Doe",
  "dependency-setup.auth_token": "test_user",
  "dependency-setup.session_id": "172.18.0.3",
  "dependency-setup.config_id": "v2",
  "dependency-setup.setup_timestamp": true,
  "comprehensive_basic.captured_echo_data": {
    "action": "create_resource",
    "metadata": {
      "api_version": "v2.1",
      "test_mode": true,
      "timestamp": "2024-01-01T00:00:00Z"
    },
    "user_id": 12345,
    "username": "flow_test_user"
  },
  "comprehensive_basic.generated_uuid": "httpbin",
  "comprehensive_basic.final_status": "completed",
  "javascript-expressions.js_calculated": 50,
  "javascript-expressions.js_timestamp": 1760869717656,
  "iteration-examples.users_tested": null,
  "iteration-examples.range_test_summary": null
}

Test password change with masking

Step #4

3ms
cURL Command
curl -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer ' -H 'X-Security-Test: password-change' -d '{"password_change_request":{"current_password":"super_secret_password_123","new_password":"new_super_secret_password_456","confirm_password":"new_super_secret_password_456","change_timestamp":1234567890000},"security_validation":{"password_strength":"strong","requires_2fa":true,"change_reason":"security-test"}}' "http://httpbin/put"

📤 Request

Method: PUT
URL: http://httpbin/put
Base URL: http://httpbin
Request Headers
Content-Type: application/json
Authorization: Bearer 
X-Security-Test: password-change
Request Body
{
  "password_change_request": {
    "current_password": "super_secret_password_123",
    "new_password": "new_super_secret_password_456",
    "confirm_password": "new_super_secret_password_456",
    "change_timestamp": 1234567890000
  },
  "security_validation": {
    "password_strength": "strong",
    "requires_2fa": true,
    "change_reason": "security-test"
  }
}

📥 Response

Status Code: 200
Duration: 3ms
Size: 1045 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1238
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Authorization": "Bearer",
    "Connection": "keep-alive",
    "Content-Length": "312",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Security-Test": "password-change"
  },
  "json": {
    "password_change_request": {
      "change_timestamp": 1234567890000,
      "confirm_password": "new_super_secret_password_456",
      "current_password": "super_secret_password_123",
      "new_password": "new_super_secret_password_456"
    },
    "security_validation": {
      "change_reason": "security-test",
      "password_strength": "strong",
      "requires_2fa": true
    }
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/put"
}
📊
Total
3
assertions
Passed
3
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.json.password_change_request.change_timestamp.type

PASSED
✓ Match
Condição
body.json.password_change_request.change_timestamp.type equals number
Assertion passou conforme esperado
Valor recebido: number

body.json.security_validation.password_strength.equals

PASSED
✓ Match
Condição
body.json.security_validation.password_strength.equals equals strong
Assertion passou conforme esperado
Valor recebido: strong
Captured Variables
{
  "password_change_response": null,
  "change_timestamp": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "client_secret": "client_secret_xyz789"
  },
  "auth_response": null,
  "api_key_test_response": null,
  "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
  "auth_flows_test.user_permissions": [
    "read",
    "write"
  ],
  "auth_flows_test.auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "complex-workflows-test.workflow_results": {
    "api_contract_validations": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "business_outcomes": {
      "customer_id": "{{customer_id}}",
      "items_purchased": 3,
      "order_id": null,
      "total_revenue": 594.96,
      "transaction_id": null,
      "workflow_completion": null
    },
    "ecommerce_workflow_results": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "end_to_end_success": true,
    "microservices_communication": {
      "inventory_service": null,
      "notification_service": null
    },
    "test_summary": "complex_workflows_ecommerce_contracts",
    "total_complex_workflow_tests": 13,
    "workflow_patterns_tested": [
      "customer_lifecycle_management",
      "product_catalog_interaction",
      "cart_and_checkout_process",
      "payment_transaction_flow",
      "order_fulfillment_pipeline",
      "api_contract_validation",
      "microservices_integration",
      "end_to_end_business_process",
      "workflow_analytics_tracking"
    ],
    "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
  },
  "complex-workflows-test.ecommerce_data": {
    "cart_management": "success",
    "catalog_browsing": null,
    "customer_registration": null,
    "fulfillment_initiated": null,
    "order_created": null,
    "payment_processed": null,
    "product_details": null,
    "promotions_applied": null,
    "shipping_calculated": null
  },
  "complex-workflows-test.contract_validation_results": {
    "order_service": null,
    "payment_service": null,
    "user_service": null
  },
  "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "input-capture-test.normalized_email": "John.Doe@Example.COM",
  "input-capture-test.email_domain": "John.Doe@Example.COM",
  "input-capture-test.full_name": "John Michael Doe",
  "dependency-setup.auth_token": "test_user",
  "dependency-setup.session_id": "172.18.0.3",
  "dependency-setup.config_id": "v2",
  "dependency-setup.setup_timestamp": true,
  "comprehensive_basic.captured_echo_data": {
    "action": "create_resource",
    "metadata": {
      "api_version": "v2.1",
      "test_mode": true,
      "timestamp": "2024-01-01T00:00:00Z"
    },
    "user_id": 12345,
    "username": "flow_test_user"
  },
  "comprehensive_basic.generated_uuid": "httpbin",
  "comprehensive_basic.final_status": "completed",
  "javascript-expressions.js_calculated": 50,
  "javascript-expressions.js_timestamp": 1760869717656,
  "iteration-examples.users_tested": null,
  "iteration-examples.range_test_summary": null
}

Test sensitive data in error scenarios

Step #5

3ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer invalid_token_12345' -H 'X-Security-Test: error-with-sensitive-data' -d '{"failed_request":{"username":"test_user@security.test","failed_password":"wrong_password_123","api_key":"sk-test-1234567890abcdef","attempt_timestamp":1760869717689}}' "http://httpbin/status/401"

📤 Request

Method: POST
URL: http://httpbin/status/401
Base URL: http://httpbin
Request Headers
Content-Type: application/json
Authorization: Bearer invalid_token_12345
X-Security-Test: error-with-sensitive-data
Request Body
{
  "failed_request": {
    "username": "test_user@security.test",
    "failed_password": "wrong_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "attempt_timestamp": 1760869717689
  }
}

📥 Response

Status Code: 401
Duration: 3ms
Size: 0 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
www-authenticate: Basic realm="Fake Realm"
access-control-allow-origin: *
access-control-allow-credentials: true
content-length: 0
📊
Total
1
assertions
Passed
1
assertion
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 401
Assertion passou conforme esperado
Valor recebido: 401
Captured Variables
{
  "security_error_handled": true,
  "sensitive_data_in_error": null,
  "error_response": null,
  "error_status": 401
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "client_secret": "client_secret_xyz789"
  },
  "auth_response": null,
  "api_key_test_response": null,
  "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
  "auth_flows_test.user_permissions": [
    "read",
    "write"
  ],
  "auth_flows_test.auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "complex-workflows-test.workflow_results": {
    "api_contract_validations": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "business_outcomes": {
      "customer_id": "{{customer_id}}",
      "items_purchased": 3,
      "order_id": null,
      "total_revenue": 594.96,
      "transaction_id": null,
      "workflow_completion": null
    },
    "ecommerce_workflow_results": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "end_to_end_success": true,
    "microservices_communication": {
      "inventory_service": null,
      "notification_service": null
    },
    "test_summary": "complex_workflows_ecommerce_contracts",
    "total_complex_workflow_tests": 13,
    "workflow_patterns_tested": [
      "customer_lifecycle_management",
      "product_catalog_interaction",
      "cart_and_checkout_process",
      "payment_transaction_flow",
      "order_fulfillment_pipeline",
      "api_contract_validation",
      "microservices_integration",
      "end_to_end_business_process",
      "workflow_analytics_tracking"
    ],
    "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
  },
  "complex-workflows-test.ecommerce_data": {
    "cart_management": "success",
    "catalog_browsing": null,
    "customer_registration": null,
    "fulfillment_initiated": null,
    "order_created": null,
    "payment_processed": null,
    "product_details": null,
    "promotions_applied": null,
    "shipping_calculated": null
  },
  "complex-workflows-test.contract_validation_results": {
    "order_service": null,
    "payment_service": null,
    "user_service": null
  },
  "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "input-capture-test.normalized_email": "John.Doe@Example.COM",
  "input-capture-test.email_domain": "John.Doe@Example.COM",
  "input-capture-test.full_name": "John Michael Doe",
  "dependency-setup.auth_token": "test_user",
  "dependency-setup.session_id": "172.18.0.3",
  "dependency-setup.config_id": "v2",
  "dependency-setup.setup_timestamp": true,
  "comprehensive_basic.captured_echo_data": {
    "action": "create_resource",
    "metadata": {
      "api_version": "v2.1",
      "test_mode": true,
      "timestamp": "2024-01-01T00:00:00Z"
    },
    "user_id": 12345,
    "username": "flow_test_user"
  },
  "comprehensive_basic.generated_uuid": "httpbin",
  "comprehensive_basic.final_status": "completed",
  "javascript-expressions.js_calculated": 50,
  "javascript-expressions.js_timestamp": 1760869717656,
  "iteration-examples.users_tested": null,
  "iteration-examples.range_test_summary": null
}

🎭 Scenarios

Executed: 1 scenarios
Scenario 1: then ✓
Scenario 2: none ○

Generate security test report

Step #6

4ms
cURL Command
curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: final-report' -d '{"security_test_summary":{"test_type":"sensitive-data-security","authentication_tested":true,"api_key_masking_tested":true,"secure_token_handling_tested":true,"password_change_tested":true,"error_scenario_tested":true,"total_security_tests":5,"all_sensitive_data_masked":true,"test_completed_at":"2025-10-19T10:28:37.692Z"},"security_metrics":{"auth_token_secure":false,"error_handling_secure":true,"masking_configuration_active":true,"sensitive_data_test_passed":true},"compliance_check":{"passwords_masked":true,"api_keys_masked":true,"tokens_secured":true,"error_data_masked":true}}' "http://httpbin/post"

📤 Request

Method: POST
URL: http://httpbin/post
Base URL: http://httpbin
Request Headers
Content-Type: application/json
X-Security-Test: final-report
Request Body
{
  "security_test_summary": {
    "test_type": "sensitive-data-security",
    "authentication_tested": true,
    "api_key_masking_tested": true,
    "secure_token_handling_tested": true,
    "password_change_tested": true,
    "error_scenario_tested": true,
    "total_security_tests": 5,
    "all_sensitive_data_masked": true,
    "test_completed_at": "2025-10-19T10:28:37.692Z"
  },
  "security_metrics": {
    "auth_token_secure": false,
    "error_handling_secure": true,
    "masking_configuration_active": true,
    "sensitive_data_test_passed": true
  },
  "compliance_check": {
    "passwords_masked": true,
    "api_keys_masked": true,
    "tokens_secured": true,
    "error_data_masked": true
  }
}

📥 Response

Status Code: 200
Duration: 4ms
Size: 1580 bytes
Response Headers
server: gunicorn/19.9.0
date: Sun, 19 Oct 2025 10:28:37 GMT
connection: keep-alive
content-type: application/json
content-length: 1867
access-control-allow-origin: *
access-control-allow-credentials: true
Response Body
{
  "args": {},
  "data": "{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}",
  "files": {},
  "form": {},
  "headers": {
    "Accept": "application/json, text/plain, */*",
    "Accept-Encoding": "gzip, compress, deflate, br",
    "Connection": "keep-alive",
    "Content-Length": "585",
    "Content-Type": "application/json",
    "Host": "httpbin",
    "User-Agent": "axios/1.12.1",
    "X-Security-Test": "final-report"
  },
  "json": {
    "compliance_check": {
      "api_keys_masked": true,
      "error_data_masked": true,
      "passwords_masked": true,
      "tokens_secured": true
    },
    "security_metrics": {
      "auth_token_secure": false,
      "error_handling_secure": true,
      "masking_configuration_active": true,
      "sensitive_data_test_passed": true
    },
    "security_test_summary": {
      "all_sensitive_data_masked": true,
      "api_key_masking_tested": true,
      "authentication_tested": true,
      "error_scenario_tested": true,
      "password_change_tested": true,
      "secure_token_handling_tested": true,
      "test_completed_at": "2025-10-19T10:28:37.692Z",
      "test_type": "sensitive-data-security",
      "total_security_tests": 5
    }
  },
  "origin": "172.18.0.3",
  "url": "http://httpbin/post"
}
📊
Total
4
assertions
Passed
4
assertions
📈
Success Rate
100%
success

status_code

PASSED
✓ Match
Condição
status_code equals 200
Assertion passou conforme esperado
Valor recebido: 200

body.json.security_test_summary.total_security_tests.equals

PASSED
✓ Match
Condição
body.json.security_test_summary.total_security_tests.equals equals 5
Assertion passou conforme esperado
Valor recebido: 5

body.json.security_metrics.sensitive_data_test_passed.equals

PASSED
✓ Match
Condição
body.json.security_metrics.sensitive_data_test_passed.equals equals true
Assertion passou conforme esperado
Valor recebido: true

body.json.compliance_check.passwords_masked.equals

PASSED
✓ Match
Condição
body.json.compliance_check.passwords_masked.equals equals true
Assertion passou conforme esperado
Valor recebido: true
Captured Variables
{
  "security_test_passed": null,
  "sensitive_data_masked": null,
  "auth_tokens_secure": null
}
Available Variables
{
  "api_base_url": "http://localhost:8080",
  "test_credentials": {
    "username": "test_user@security.test",
    "password": "super_secret_password_123",
    "api_key": "sk-test-1234567890abcdef",
    "client_secret": "client_secret_xyz789"
  },
  "auth_response": null,
  "api_key_test_response": null,
  "auth_tokens_secure": null,
  "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
  "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
  "auth_flows_test.user_permissions": [
    "read",
    "write"
  ],
  "auth_flows_test.auth_flow_results": {
    "jwt_authentication": {
      "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
      "tokens_issued": 2,
      "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
    },
    "oauth2_authentication": {
      "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
      "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
      "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
    },
    "security_validation": {
      "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
      "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
      "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
    },
    "session_management": {
      "logout_success": "{{js: Boolean(variables.complete_logout)}}",
      "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
    }
  },
  "complex-workflows-test.workflow_results": {
    "api_contract_validations": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "business_outcomes": {
      "customer_id": "{{customer_id}}",
      "items_purchased": 3,
      "order_id": null,
      "total_revenue": 594.96,
      "transaction_id": null,
      "workflow_completion": null
    },
    "ecommerce_workflow_results": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "end_to_end_success": true,
    "microservices_communication": {
      "inventory_service": null,
      "notification_service": null
    },
    "test_summary": "complex_workflows_ecommerce_contracts",
    "total_complex_workflow_tests": 13,
    "workflow_patterns_tested": [
      "customer_lifecycle_management",
      "product_catalog_interaction",
      "cart_and_checkout_process",
      "payment_transaction_flow",
      "order_fulfillment_pipeline",
      "api_contract_validation",
      "microservices_integration",
      "end_to_end_business_process",
      "workflow_analytics_tracking"
    ],
    "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
  },
  "complex-workflows-test.ecommerce_data": {
    "cart_management": "success",
    "catalog_browsing": null,
    "customer_registration": null,
    "fulfillment_initiated": null,
    "order_created": null,
    "payment_processed": null,
    "product_details": null,
    "promotions_applied": null,
    "shipping_calculated": null
  },
  "complex-workflows-test.contract_validation_results": {
    "order_service": null,
    "payment_service": null,
    "user_service": null
  },
  "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
  "input-capture-test.normalized_email": "John.Doe@Example.COM",
  "input-capture-test.email_domain": "John.Doe@Example.COM",
  "input-capture-test.full_name": "John Michael Doe",
  "dependency-setup.auth_token": "test_user",
  "dependency-setup.session_id": "172.18.0.3",
  "dependency-setup.config_id": "v2",
  "dependency-setup.setup_timestamp": true,
  "comprehensive_basic.captured_echo_data": {
    "action": "create_resource",
    "metadata": {
      "api_version": "v2.1",
      "test_mode": true,
      "timestamp": "2024-01-01T00:00:00Z"
    },
    "user_id": 12345,
    "username": "flow_test_user"
  },
  "comprehensive_basic.generated_uuid": "httpbin",
  "comprehensive_basic.final_status": "completed",
  "javascript-expressions.js_calculated": 50,
  "javascript-expressions.js_timestamp": 1760869717656,
  "iteration-examples.users_tested": null,
  "iteration-examples.range_test_summary": null
}

📄 Raw Suite Data

Complete Suite Data
{
  "node_id": "sensitive-data-security",
  "suite_name": "Sensitive Data and Security Testing",
  "file_path": "/app/tests/sensitive-data-security-test.yaml",
  "priority": "high",
  "start_time": "2025-10-19T10:28:37.677Z",
  "end_time": "2025-10-19T10:28:37.696Z",
  "duration_ms": 19,
  "status": "success",
  "steps_executed": 6,
  "steps_successful": 6,
  "steps_failed": 0,
  "success_rate": 100,
  "steps_results": [
    {
      "step_id": "step-1-test-authentication-with-sensitive-data-masking",
      "qualified_step_id": "sensitive-data-security::step-1-test-authentication-with-sensitive-data-masking",
      "step_name": "Test authentication with sensitive data masking",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "X-Security-Test": "authentication"
        },
        "body": {
          "login_request": {
            "username": "test_user@security.test",
            "password": "super_secret_password_123",
            "timestamp": "1234567890000",
            "session_id": "e57db93c-7966-462a-a53e-332cd8d429a6"
          },
          "security_metadata": {
            "masking_enabled": true,
            "test_type": "sensitive-data-auth"
          }
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: authentication' -d '{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Security-Test: authentication\r\nContent-Length: 254\r\n\r\n{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "1079",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"login_request\":{\"username\":\"test_user@security.test\",\"password\":\"super_secret_password_123\",\"timestamp\":\"1234567890000\",\"session_id\":\"e57db93c-7966-462a-a53e-332cd8d429a6\"},\"security_metadata\":{\"masking_enabled\":true,\"test_type\":\"sensitive-data-auth\"}}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "254",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Security-Test": "authentication"
          },
          "json": {
            "login_request": {
              "password": "super_secret_password_123",
              "session_id": "e57db93c-7966-462a-a53e-332cd8d429a6",
              "timestamp": "1234567890000",
              "username": "test_user@security.test"
            },
            "security_metadata": {
              "masking_enabled": true,
              "test_type": "sensitive-data-auth"
            }
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 902,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1079\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"login_request\\\":{\\\"username\\\":\\\"test_user@security.test\\\",\\\"password\\\":\\\"super_secret_password_123\\\",\\\"timestamp\\\":\\\"1234567890000\\\",\\\"session_id\\\":\\\"e57db93c-7966-462a-a53e-332cd8d429a6\\\"},\\\"security_metadata\\\":{\\\"masking_enabled\\\":true,\\\"test_type\\\":\\\"sensitive-data-auth\\\"}}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"254\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Security-Test\": \"authentication\"\n  },\n  \"json\": {\n    \"login_request\": {\n      \"password\": \"super_secret_password_123\",\n      \"session_id\": \"e57db93c-7966-462a-a53e-332cd8d429a6\",\n      \"timestamp\": \"1234567890000\",\n      \"username\": \"test_user@security.test\"\n    },\n    \"security_metadata\": {\n      \"masking_enabled\": true,\n      \"test_type\": \"sensitive-data-auth\"\n    }\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.login_request.username.equals",
          "expected": "test_user@security.test",
          "actual": "test_user@security.test",
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.login_request.password.equals",
          "expected": "super_secret_password_123",
          "actual": "super_secret_password_123",
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "auth_response": null,
        "simulated_auth_token": "{{faker.string.alphanumeric(32)}}",
        "login_timestamp": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@security.test",
          "password": "super_secret_password_123",
          "api_key": "sk-test-1234567890abcdef",
          "client_secret": "client_secret_xyz789"
        },
        "auth_response": null,
        "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
        "auth_flows_test.user_permissions": [
          "read",
          "write"
        ],
        "auth_flows_test.auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "complex-workflows-test.workflow_results": {
          "api_contract_validations": {
            "order_service": null,
            "payment_service": null,
            "user_service": null
          },
          "business_outcomes": {
            "customer_id": "{{customer_id}}",
            "items_purchased": 3,
            "order_id": null,
            "total_revenue": 594.96,
            "transaction_id": null,
            "workflow_completion": null
          },
          "ecommerce_workflow_results": {
            "cart_management": "success",
            "catalog_browsing": null,
            "customer_registration": null,
            "fulfillment_initiated": null,
            "order_created": null,
            "payment_processed": null,
            "product_details": null,
            "promotions_applied": null,
            "shipping_calculated": null
          },
          "end_to_end_success": true,
          "microservices_communication": {
            "inventory_service": null,
            "notification_service": null
          },
          "test_summary": "complex_workflows_ecommerce_contracts",
          "total_complex_workflow_tests": 13,
          "workflow_patterns_tested": [
            "customer_lifecycle_management",
            "product_catalog_interaction",
            "cart_and_checkout_process",
            "payment_transaction_flow",
            "order_fulfillment_pipeline",
            "api_contract_validation",
            "microservices_integration",
            "end_to_end_business_process",
            "workflow_analytics_tracking"
          ],
          "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
        },
        "complex-workflows-test.ecommerce_data": {
          "cart_management": "success",
          "catalog_browsing": null,
          "customer_registration": null,
          "fulfillment_initiated": null,
          "order_created": null,
          "payment_processed": null,
          "product_details": null,
          "promotions_applied": null,
          "shipping_calculated": null
        },
        "complex-workflows-test.contract_validation_results": {
          "order_service": null,
          "payment_service": null,
          "user_service": null
        },
        "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
        "input-capture-test.normalized_email": "John.Doe@Example.COM",
        "input-capture-test.email_domain": "John.Doe@Example.COM",
        "input-capture-test.full_name": "John Michael Doe",
        "dependency-setup.auth_token": "test_user",
        "dependency-setup.session_id": "172.18.0.3",
        "dependency-setup.config_id": "v2",
        "dependency-setup.setup_timestamp": true,
        "comprehensive_basic.captured_echo_data": {
          "action": "create_resource",
          "metadata": {
            "api_version": "v2.1",
            "test_mode": true,
            "timestamp": "2024-01-01T00:00:00Z"
          },
          "user_id": 12345,
          "username": "flow_test_user"
        },
        "comprehensive_basic.generated_uuid": "httpbin",
        "comprehensive_basic.final_status": "completed",
        "javascript-expressions.js_calculated": 50,
        "javascript-expressions.js_timestamp": 1760869717656,
        "iteration-examples.users_tested": null,
        "iteration-examples.range_test_summary": null
      }
    },
    {
      "step_id": "step-2-test-api-key-handling-and-masking",
      "qualified_step_id": "sensitive-data-security::step-2-test-api-key-handling-and-masking",
      "step_name": "Test API key handling and masking",
      "status": "success",
      "duration_ms": 2,
      "request_details": {
        "method": "GET",
        "url": "/headers",
        "headers": {
          "Authorization": "Bearer sk-test-1234567890abcdef",
          "X-API-Key": "client_secret_xyz789",
          "X-Client-ID": "ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01",
          "X-Security-Test": "api-key-masking"
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/headers",
        "curl_command": "curl -X GET -H 'Authorization: Bearer sk-test-1234567890abcdef' -H 'X-API-Key: client_secret_xyz789' -H 'X-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01' -H 'X-Security-Test: api-key-masking' \"http://httpbin/headers\"",
        "raw_request": "GET /headers HTTP/1.1\r\nHost: httpbin\r\nAuthorization: Bearer sk-test-1234567890abcdef\r\nX-API-Key: client_secret_xyz789\r\nX-Client-ID: ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01\r\nX-Security-Test: api-key-masking\r\n\r\n",
        "raw_url": "{{base_url}}/headers"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "422",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer sk-test-1234567890abcdef",
            "Connection": "keep-alive",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Api-Key": "client_secret_xyz789",
            "X-Client-Id": "ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01",
            "X-Security-Test": "api-key-masking"
          }
        },
        "size_bytes": 351,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 422\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer sk-test-1234567890abcdef\",\n    \"Connection\": \"keep-alive\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Api-Key\": \"client_secret_xyz789\",\n    \"X-Client-Id\": \"ae6aecd5-c5c7-427c-9b26-86f1b4c9ab01\",\n    \"X-Security-Test\": \"api-key-masking\"\n  }\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.headers.Authorization.contains",
          "expected": "Bearer",
          "actual": "Bearer sk-test-1234567890abcdef",
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.headers.\"X-Api-Key\".equals",
          "expected": "client_secret_xyz789",
          "actual": "client_secret_xyz789",
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "api_key_test_response": null,
        "headers_received": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "422",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        }
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@security.test",
          "password": "super_secret_password_123",
          "api_key": "sk-test-1234567890abcdef",
          "client_secret": "client_secret_xyz789"
        },
        "auth_response": null,
        "api_key_test_response": null,
        "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
        "auth_flows_test.user_permissions": [
          "read",
          "write"
        ],
        "auth_flows_test.auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "complex-workflows-test.workflow_results": {
          "api_contract_validations": {
            "order_service": null,
            "payment_service": null,
            "user_service": null
          },
          "business_outcomes": {
            "customer_id": "{{customer_id}}",
            "items_purchased": 3,
            "order_id": null,
            "total_revenue": 594.96,
            "transaction_id": null,
            "workflow_completion": null
          },
          "ecommerce_workflow_results": {
            "cart_management": "success",
            "catalog_browsing": null,
            "customer_registration": null,
            "fulfillment_initiated": null,
            "order_created": null,
            "payment_processed": null,
            "product_details": null,
            "promotions_applied": null,
            "shipping_calculated": null
          },
          "end_to_end_success": true,
          "microservices_communication": {
            "inventory_service": null,
            "notification_service": null
          },
          "test_summary": "complex_workflows_ecommerce_contracts",
          "total_complex_workflow_tests": 13,
          "workflow_patterns_tested": [
            "customer_lifecycle_management",
            "product_catalog_interaction",
            "cart_and_checkout_process",
            "payment_transaction_flow",
            "order_fulfillment_pipeline",
            "api_contract_validation",
            "microservices_integration",
            "end_to_end_business_process",
            "workflow_analytics_tracking"
          ],
          "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
        },
        "complex-workflows-test.ecommerce_data": {
          "cart_management": "success",
          "catalog_browsing": null,
          "customer_registration": null,
          "fulfillment_initiated": null,
          "order_created": null,
          "payment_processed": null,
          "product_details": null,
          "promotions_applied": null,
          "shipping_calculated": null
        },
        "complex-workflows-test.contract_validation_results": {
          "order_service": null,
          "payment_service": null,
          "user_service": null
        },
        "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
        "input-capture-test.normalized_email": "John.Doe@Example.COM",
        "input-capture-test.email_domain": "John.Doe@Example.COM",
        "input-capture-test.full_name": "John Michael Doe",
        "dependency-setup.auth_token": "test_user",
        "dependency-setup.session_id": "172.18.0.3",
        "dependency-setup.config_id": "v2",
        "dependency-setup.setup_timestamp": true,
        "comprehensive_basic.captured_echo_data": {
          "action": "create_resource",
          "metadata": {
            "api_version": "v2.1",
            "test_mode": true,
            "timestamp": "2024-01-01T00:00:00Z"
          },
          "user_id": 12345,
          "username": "flow_test_user"
        },
        "comprehensive_basic.generated_uuid": "httpbin",
        "comprehensive_basic.final_status": "completed",
        "javascript-expressions.js_calculated": 50,
        "javascript-expressions.js_timestamp": 1760869717656,
        "iteration-examples.users_tested": null,
        "iteration-examples.range_test_summary": null
      }
    },
    {
      "step_id": "step-3-test-secure-token-capture-should-not-log-sensitive-parts",
      "qualified_step_id": "sensitive-data-security::step-3-test-secure-token-capture-should-not-log-sensitive-parts",
      "step_name": "Test secure token capture (should not log sensitive parts)",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "Authorization": "Bearer {{faker.string.alphanumeric(32)}}",
          "X-Security-Test": "secure-token-capture"
        },
        "body": {
          "token_validation": {
            "access_token": "{{faker.string.alphanumeric(32)}}",
            "refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
            "token_type": "Bearer",
            "expires_in": 3600,
            "scope": "read:user write:user"
          },
          "security_check": {
            "token_length": 33,
            "is_secure": true,
            "masked_for_logs": true
          }
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer {{faker.string.alphanumeric(32)}}' -H 'X-Security-Test: secure-token-capture' -d '{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nAuthorization: Bearer {{faker.string.alphanumeric(32)}}\r\nX-Security-Test: secure-token-capture\r\nContent-Length: 304\r\n\r\n{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "1271",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"token_validation\":{\"access_token\":\"{{faker.string.alphanumeric(32)}}\",\"refresh_token\":\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\"token_type\":\"Bearer\",\"expires_in\":3600,\"scope\":\"read:user write:user\"},\"security_check\":{\"token_length\":33,\"is_secure\":true,\"masked_for_logs\":true}}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer {{faker.string.alphanumeric(32)}}",
            "Connection": "keep-alive",
            "Content-Length": "304",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Security-Test": "secure-token-capture"
          },
          "json": {
            "security_check": {
              "is_secure": true,
              "masked_for_logs": true,
              "token_length": 33
            },
            "token_validation": {
              "access_token": "{{faker.string.alphanumeric(32)}}",
              "expires_in": 3600,
              "refresh_token": "0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk",
              "scope": "read:user write:user",
              "token_type": "Bearer"
            }
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 1069,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1271\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"token_validation\\\":{\\\"access_token\\\":\\\"{{faker.string.alphanumeric(32)}}\\\",\\\"refresh_token\\\":\\\"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\\\",\\\"token_type\\\":\\\"Bearer\\\",\\\"expires_in\\\":3600,\\\"scope\\\":\\\"read:user write:user\\\"},\\\"security_check\\\":{\\\"token_length\\\":33,\\\"is_secure\\\":true,\\\"masked_for_logs\\\":true}}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer {{faker.string.alphanumeric(32)}}\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"304\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Security-Test\": \"secure-token-capture\"\n  },\n  \"json\": {\n    \"security_check\": {\n      \"is_secure\": true,\n      \"masked_for_logs\": true,\n      \"token_length\": 33\n    },\n    \"token_validation\": {\n      \"access_token\": \"{{faker.string.alphanumeric(32)}}\",\n      \"expires_in\": 3600,\n      \"refresh_token\": \"0tARofhLPEihIRYhU4fmJGoVjJ38Q1bJcktR9lnReQHIZaxw6V9FDRcsVCgxvWMk\",\n      \"scope\": \"read:user write:user\",\n      \"token_type\": \"Bearer\"\n    }\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.token_validation.token_type.equals",
          "expected": "Bearer",
          "actual": "Bearer",
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.token_validation.expires_in.equals",
          "expected": 3600,
          "actual": 3600,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.security_check.is_secure.equals",
          "expected": true,
          "actual": true,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "secure_token": null,
        "secure_refresh_token": null,
        "token_metadata": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@security.test",
          "password": "super_secret_password_123",
          "api_key": "sk-test-1234567890abcdef",
          "client_secret": "client_secret_xyz789"
        },
        "auth_response": null,
        "api_key_test_response": null,
        "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
        "auth_flows_test.user_permissions": [
          "read",
          "write"
        ],
        "auth_flows_test.auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "complex-workflows-test.workflow_results": {
          "api_contract_validations": {
            "order_service": null,
            "payment_service": null,
            "user_service": null
          },
          "business_outcomes": {
            "customer_id": "{{customer_id}}",
            "items_purchased": 3,
            "order_id": null,
            "total_revenue": 594.96,
            "transaction_id": null,
            "workflow_completion": null
          },
          "ecommerce_workflow_results": {
            "cart_management": "success",
            "catalog_browsing": null,
            "customer_registration": null,
            "fulfillment_initiated": null,
            "order_created": null,
            "payment_processed": null,
            "product_details": null,
            "promotions_applied": null,
            "shipping_calculated": null
          },
          "end_to_end_success": true,
          "microservices_communication": {
            "inventory_service": null,
            "notification_service": null
          },
          "test_summary": "complex_workflows_ecommerce_contracts",
          "total_complex_workflow_tests": 13,
          "workflow_patterns_tested": [
            "customer_lifecycle_management",
            "product_catalog_interaction",
            "cart_and_checkout_process",
            "payment_transaction_flow",
            "order_fulfillment_pipeline",
            "api_contract_validation",
            "microservices_integration",
            "end_to_end_business_process",
            "workflow_analytics_tracking"
          ],
          "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
        },
        "complex-workflows-test.ecommerce_data": {
          "cart_management": "success",
          "catalog_browsing": null,
          "customer_registration": null,
          "fulfillment_initiated": null,
          "order_created": null,
          "payment_processed": null,
          "product_details": null,
          "promotions_applied": null,
          "shipping_calculated": null
        },
        "complex-workflows-test.contract_validation_results": {
          "order_service": null,
          "payment_service": null,
          "user_service": null
        },
        "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
        "input-capture-test.normalized_email": "John.Doe@Example.COM",
        "input-capture-test.email_domain": "John.Doe@Example.COM",
        "input-capture-test.full_name": "John Michael Doe",
        "dependency-setup.auth_token": "test_user",
        "dependency-setup.session_id": "172.18.0.3",
        "dependency-setup.config_id": "v2",
        "dependency-setup.setup_timestamp": true,
        "comprehensive_basic.captured_echo_data": {
          "action": "create_resource",
          "metadata": {
            "api_version": "v2.1",
            "test_mode": true,
            "timestamp": "2024-01-01T00:00:00Z"
          },
          "user_id": 12345,
          "username": "flow_test_user"
        },
        "comprehensive_basic.generated_uuid": "httpbin",
        "comprehensive_basic.final_status": "completed",
        "javascript-expressions.js_calculated": 50,
        "javascript-expressions.js_timestamp": 1760869717656,
        "iteration-examples.users_tested": null,
        "iteration-examples.range_test_summary": null
      }
    },
    {
      "step_id": "step-4-test-password-change-with-masking",
      "qualified_step_id": "sensitive-data-security::step-4-test-password-change-with-masking",
      "step_name": "Test password change with masking",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "PUT",
        "url": "/put",
        "headers": {
          "Content-Type": "application/json",
          "Authorization": "Bearer ",
          "X-Security-Test": "password-change"
        },
        "body": {
          "password_change_request": {
            "current_password": "super_secret_password_123",
            "new_password": "new_super_secret_password_456",
            "confirm_password": "new_super_secret_password_456",
            "change_timestamp": 1234567890000
          },
          "security_validation": {
            "password_strength": "strong",
            "requires_2fa": true,
            "change_reason": "security-test"
          }
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/put",
        "curl_command": "curl -X PUT -H 'Content-Type: application/json' -H 'Authorization: Bearer ' -H 'X-Security-Test: password-change' -d '{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}' \"http://httpbin/put\"",
        "raw_request": "PUT /put HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nAuthorization: Bearer \r\nX-Security-Test: password-change\r\nContent-Length: 312\r\n\r\n{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}",
        "raw_url": "{{base_url}}/put"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "1238",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"password_change_request\":{\"current_password\":\"super_secret_password_123\",\"new_password\":\"new_super_secret_password_456\",\"confirm_password\":\"new_super_secret_password_456\",\"change_timestamp\":1234567890000},\"security_validation\":{\"password_strength\":\"strong\",\"requires_2fa\":true,\"change_reason\":\"security-test\"}}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Authorization": "Bearer",
            "Connection": "keep-alive",
            "Content-Length": "312",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Security-Test": "password-change"
          },
          "json": {
            "password_change_request": {
              "change_timestamp": 1234567890000,
              "confirm_password": "new_super_secret_password_456",
              "current_password": "super_secret_password_123",
              "new_password": "new_super_secret_password_456"
            },
            "security_validation": {
              "change_reason": "security-test",
              "password_strength": "strong",
              "requires_2fa": true
            }
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/put"
        },
        "size_bytes": 1045,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1238\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"password_change_request\\\":{\\\"current_password\\\":\\\"super_secret_password_123\\\",\\\"new_password\\\":\\\"new_super_secret_password_456\\\",\\\"confirm_password\\\":\\\"new_super_secret_password_456\\\",\\\"change_timestamp\\\":1234567890000},\\\"security_validation\\\":{\\\"password_strength\\\":\\\"strong\\\",\\\"requires_2fa\\\":true,\\\"change_reason\\\":\\\"security-test\\\"}}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Authorization\": \"Bearer\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"312\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Security-Test\": \"password-change\"\n  },\n  \"json\": {\n    \"password_change_request\": {\n      \"change_timestamp\": 1234567890000,\n      \"confirm_password\": \"new_super_secret_password_456\",\n      \"current_password\": \"super_secret_password_123\",\n      \"new_password\": \"new_super_secret_password_456\"\n    },\n    \"security_validation\": {\n      \"change_reason\": \"security-test\",\n      \"password_strength\": \"strong\",\n      \"requires_2fa\": true\n    }\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/put\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.password_change_request.change_timestamp.type",
          "expected": "number",
          "actual": "number",
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.security_validation.password_strength.equals",
          "expected": "strong",
          "actual": "strong",
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "password_change_response": null,
        "change_timestamp": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@security.test",
          "password": "super_secret_password_123",
          "api_key": "sk-test-1234567890abcdef",
          "client_secret": "client_secret_xyz789"
        },
        "auth_response": null,
        "api_key_test_response": null,
        "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
        "auth_flows_test.user_permissions": [
          "read",
          "write"
        ],
        "auth_flows_test.auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "complex-workflows-test.workflow_results": {
          "api_contract_validations": {
            "order_service": null,
            "payment_service": null,
            "user_service": null
          },
          "business_outcomes": {
            "customer_id": "{{customer_id}}",
            "items_purchased": 3,
            "order_id": null,
            "total_revenue": 594.96,
            "transaction_id": null,
            "workflow_completion": null
          },
          "ecommerce_workflow_results": {
            "cart_management": "success",
            "catalog_browsing": null,
            "customer_registration": null,
            "fulfillment_initiated": null,
            "order_created": null,
            "payment_processed": null,
            "product_details": null,
            "promotions_applied": null,
            "shipping_calculated": null
          },
          "end_to_end_success": true,
          "microservices_communication": {
            "inventory_service": null,
            "notification_service": null
          },
          "test_summary": "complex_workflows_ecommerce_contracts",
          "total_complex_workflow_tests": 13,
          "workflow_patterns_tested": [
            "customer_lifecycle_management",
            "product_catalog_interaction",
            "cart_and_checkout_process",
            "payment_transaction_flow",
            "order_fulfillment_pipeline",
            "api_contract_validation",
            "microservices_integration",
            "end_to_end_business_process",
            "workflow_analytics_tracking"
          ],
          "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
        },
        "complex-workflows-test.ecommerce_data": {
          "cart_management": "success",
          "catalog_browsing": null,
          "customer_registration": null,
          "fulfillment_initiated": null,
          "order_created": null,
          "payment_processed": null,
          "product_details": null,
          "promotions_applied": null,
          "shipping_calculated": null
        },
        "complex-workflows-test.contract_validation_results": {
          "order_service": null,
          "payment_service": null,
          "user_service": null
        },
        "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
        "input-capture-test.normalized_email": "John.Doe@Example.COM",
        "input-capture-test.email_domain": "John.Doe@Example.COM",
        "input-capture-test.full_name": "John Michael Doe",
        "dependency-setup.auth_token": "test_user",
        "dependency-setup.session_id": "172.18.0.3",
        "dependency-setup.config_id": "v2",
        "dependency-setup.setup_timestamp": true,
        "comprehensive_basic.captured_echo_data": {
          "action": "create_resource",
          "metadata": {
            "api_version": "v2.1",
            "test_mode": true,
            "timestamp": "2024-01-01T00:00:00Z"
          },
          "user_id": 12345,
          "username": "flow_test_user"
        },
        "comprehensive_basic.generated_uuid": "httpbin",
        "comprehensive_basic.final_status": "completed",
        "javascript-expressions.js_calculated": 50,
        "javascript-expressions.js_timestamp": 1760869717656,
        "iteration-examples.users_tested": null,
        "iteration-examples.range_test_summary": null
      }
    },
    {
      "step_id": "step-5-test-sensitive-data-in-error-scenarios",
      "qualified_step_id": "sensitive-data-security::step-5-test-sensitive-data-in-error-scenarios",
      "step_name": "Test sensitive data in error scenarios",
      "status": "success",
      "duration_ms": 3,
      "request_details": {
        "method": "POST",
        "url": "/status/401",
        "headers": {
          "Content-Type": "application/json",
          "Authorization": "Bearer invalid_token_12345",
          "X-Security-Test": "error-with-sensitive-data"
        },
        "body": {
          "failed_request": {
            "username": "test_user@security.test",
            "failed_password": "wrong_password_123",
            "api_key": "sk-test-1234567890abcdef",
            "attempt_timestamp": 1760869717689
          }
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/status/401",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'Authorization: Bearer invalid_token_12345' -H 'X-Security-Test: error-with-sensitive-data' -d '{\"failed_request\":{\"username\":\"test_user@security.test\",\"failed_password\":\"wrong_password_123\",\"api_key\":\"sk-test-1234567890abcdef\",\"attempt_timestamp\":1760869717689}}' \"http://httpbin/status/401\"",
        "raw_request": "POST /status/401 HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nAuthorization: Bearer invalid_token_12345\r\nX-Security-Test: error-with-sensitive-data\r\nContent-Length: 167\r\n\r\n{\"failed_request\":{\"username\":\"test_user@security.test\",\"failed_password\":\"wrong_password_123\",\"api_key\":\"sk-test-1234567890abcdef\",\"attempt_timestamp\":1760869717689}}",
        "raw_url": "{{base_url}}/status/401"
      },
      "response_details": {
        "status_code": 401,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "www-authenticate": "Basic realm=\"Fake Realm\"",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true",
          "content-length": "0"
        },
        "body": "",
        "size_bytes": 0,
        "raw_response": "HTTP/1.1 401 UNAUTHORIZED\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\nwww-authenticate: Basic realm=\"Fake Realm\"\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\ncontent-length: 0\r\n\r\n"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 401,
          "actual": 401,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "security_error_handled": true,
        "sensitive_data_in_error": null,
        "error_response": null,
        "error_status": 401
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@security.test",
          "password": "super_secret_password_123",
          "api_key": "sk-test-1234567890abcdef",
          "client_secret": "client_secret_xyz789"
        },
        "auth_response": null,
        "api_key_test_response": null,
        "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
        "auth_flows_test.user_permissions": [
          "read",
          "write"
        ],
        "auth_flows_test.auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "complex-workflows-test.workflow_results": {
          "api_contract_validations": {
            "order_service": null,
            "payment_service": null,
            "user_service": null
          },
          "business_outcomes": {
            "customer_id": "{{customer_id}}",
            "items_purchased": 3,
            "order_id": null,
            "total_revenue": 594.96,
            "transaction_id": null,
            "workflow_completion": null
          },
          "ecommerce_workflow_results": {
            "cart_management": "success",
            "catalog_browsing": null,
            "customer_registration": null,
            "fulfillment_initiated": null,
            "order_created": null,
            "payment_processed": null,
            "product_details": null,
            "promotions_applied": null,
            "shipping_calculated": null
          },
          "end_to_end_success": true,
          "microservices_communication": {
            "inventory_service": null,
            "notification_service": null
          },
          "test_summary": "complex_workflows_ecommerce_contracts",
          "total_complex_workflow_tests": 13,
          "workflow_patterns_tested": [
            "customer_lifecycle_management",
            "product_catalog_interaction",
            "cart_and_checkout_process",
            "payment_transaction_flow",
            "order_fulfillment_pipeline",
            "api_contract_validation",
            "microservices_integration",
            "end_to_end_business_process",
            "workflow_analytics_tracking"
          ],
          "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
        },
        "complex-workflows-test.ecommerce_data": {
          "cart_management": "success",
          "catalog_browsing": null,
          "customer_registration": null,
          "fulfillment_initiated": null,
          "order_created": null,
          "payment_processed": null,
          "product_details": null,
          "promotions_applied": null,
          "shipping_calculated": null
        },
        "complex-workflows-test.contract_validation_results": {
          "order_service": null,
          "payment_service": null,
          "user_service": null
        },
        "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
        "input-capture-test.normalized_email": "John.Doe@Example.COM",
        "input-capture-test.email_domain": "John.Doe@Example.COM",
        "input-capture-test.full_name": "John Michael Doe",
        "dependency-setup.auth_token": "test_user",
        "dependency-setup.session_id": "172.18.0.3",
        "dependency-setup.config_id": "v2",
        "dependency-setup.setup_timestamp": true,
        "comprehensive_basic.captured_echo_data": {
          "action": "create_resource",
          "metadata": {
            "api_version": "v2.1",
            "test_mode": true,
            "timestamp": "2024-01-01T00:00:00Z"
          },
          "user_id": 12345,
          "username": "flow_test_user"
        },
        "comprehensive_basic.generated_uuid": "httpbin",
        "comprehensive_basic.final_status": "completed",
        "javascript-expressions.js_calculated": 50,
        "javascript-expressions.js_timestamp": 1760869717656,
        "iteration-examples.users_tested": null,
        "iteration-examples.range_test_summary": null
      },
      "scenarios_meta": {
        "has_scenarios": true,
        "executed_count": 1,
        "evaluations": [
          {
            "index": 1,
            "condition": "status_code == `401`",
            "matched": true,
            "executed": true,
            "branch": "then",
            "assertions_added": 0,
            "captures_added": 2
          },
          {
            "index": 2,
            "condition": "status_code != `401`",
            "matched": false,
            "executed": false,
            "branch": "none",
            "assertions_added": 0,
            "captures_added": 0
          }
        ]
      }
    },
    {
      "step_id": "step-6-generate-security-test-report",
      "qualified_step_id": "sensitive-data-security::step-6-generate-security-test-report",
      "step_name": "Generate security test report",
      "status": "success",
      "duration_ms": 4,
      "request_details": {
        "method": "POST",
        "url": "/post",
        "headers": {
          "Content-Type": "application/json",
          "X-Security-Test": "final-report"
        },
        "body": {
          "security_test_summary": {
            "test_type": "sensitive-data-security",
            "authentication_tested": true,
            "api_key_masking_tested": true,
            "secure_token_handling_tested": true,
            "password_change_tested": true,
            "error_scenario_tested": true,
            "total_security_tests": 5,
            "all_sensitive_data_masked": true,
            "test_completed_at": "2025-10-19T10:28:37.692Z"
          },
          "security_metrics": {
            "auth_token_secure": false,
            "error_handling_secure": true,
            "masking_configuration_active": true,
            "sensitive_data_test_passed": true
          },
          "compliance_check": {
            "passwords_masked": true,
            "api_keys_masked": true,
            "tokens_secured": true,
            "error_data_masked": true
          }
        },
        "base_url": "http://httpbin",
        "full_url": "http://httpbin/post",
        "curl_command": "curl -X POST -H 'Content-Type: application/json' -H 'X-Security-Test: final-report' -d '{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}' \"http://httpbin/post\"",
        "raw_request": "POST /post HTTP/1.1\r\nHost: httpbin\r\nContent-Type: application/json\r\nX-Security-Test: final-report\r\nContent-Length: 585\r\n\r\n{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}",
        "raw_url": "{{base_url}}/post"
      },
      "response_details": {
        "status_code": 200,
        "headers": {
          "server": "gunicorn/19.9.0",
          "date": "Sun, 19 Oct 2025 10:28:37 GMT",
          "connection": "keep-alive",
          "content-type": "application/json",
          "content-length": "1867",
          "access-control-allow-origin": "*",
          "access-control-allow-credentials": "true"
        },
        "body": {
          "args": {},
          "data": "{\"security_test_summary\":{\"test_type\":\"sensitive-data-security\",\"authentication_tested\":true,\"api_key_masking_tested\":true,\"secure_token_handling_tested\":true,\"password_change_tested\":true,\"error_scenario_tested\":true,\"total_security_tests\":5,\"all_sensitive_data_masked\":true,\"test_completed_at\":\"2025-10-19T10:28:37.692Z\"},\"security_metrics\":{\"auth_token_secure\":false,\"error_handling_secure\":true,\"masking_configuration_active\":true,\"sensitive_data_test_passed\":true},\"compliance_check\":{\"passwords_masked\":true,\"api_keys_masked\":true,\"tokens_secured\":true,\"error_data_masked\":true}}",
          "files": {},
          "form": {},
          "headers": {
            "Accept": "application/json, text/plain, */*",
            "Accept-Encoding": "gzip, compress, deflate, br",
            "Connection": "keep-alive",
            "Content-Length": "585",
            "Content-Type": "application/json",
            "Host": "httpbin",
            "User-Agent": "axios/1.12.1",
            "X-Security-Test": "final-report"
          },
          "json": {
            "compliance_check": {
              "api_keys_masked": true,
              "error_data_masked": true,
              "passwords_masked": true,
              "tokens_secured": true
            },
            "security_metrics": {
              "auth_token_secure": false,
              "error_handling_secure": true,
              "masking_configuration_active": true,
              "sensitive_data_test_passed": true
            },
            "security_test_summary": {
              "all_sensitive_data_masked": true,
              "api_key_masking_tested": true,
              "authentication_tested": true,
              "error_scenario_tested": true,
              "password_change_tested": true,
              "secure_token_handling_tested": true,
              "test_completed_at": "2025-10-19T10:28:37.692Z",
              "test_type": "sensitive-data-security",
              "total_security_tests": 5
            }
          },
          "origin": "172.18.0.3",
          "url": "http://httpbin/post"
        },
        "size_bytes": 1580,
        "raw_response": "HTTP/1.1 200 OK\r\nserver: gunicorn/19.9.0\r\ndate: Sun, 19 Oct 2025 10:28:37 GMT\r\nconnection: keep-alive\r\ncontent-type: application/json\r\ncontent-length: 1867\r\naccess-control-allow-origin: *\r\naccess-control-allow-credentials: true\r\n\r\n{\n  \"args\": {},\n  \"data\": \"{\\\"security_test_summary\\\":{\\\"test_type\\\":\\\"sensitive-data-security\\\",\\\"authentication_tested\\\":true,\\\"api_key_masking_tested\\\":true,\\\"secure_token_handling_tested\\\":true,\\\"password_change_tested\\\":true,\\\"error_scenario_tested\\\":true,\\\"total_security_tests\\\":5,\\\"all_sensitive_data_masked\\\":true,\\\"test_completed_at\\\":\\\"2025-10-19T10:28:37.692Z\\\"},\\\"security_metrics\\\":{\\\"auth_token_secure\\\":false,\\\"error_handling_secure\\\":true,\\\"masking_configuration_active\\\":true,\\\"sensitive_data_test_passed\\\":true},\\\"compliance_check\\\":{\\\"passwords_masked\\\":true,\\\"api_keys_masked\\\":true,\\\"tokens_secured\\\":true,\\\"error_data_masked\\\":true}}\",\n  \"files\": {},\n  \"form\": {},\n  \"headers\": {\n    \"Accept\": \"application/json, text/plain, */*\",\n    \"Accept-Encoding\": \"gzip, compress, deflate, br\",\n    \"Connection\": \"keep-alive\",\n    \"Content-Length\": \"585\",\n    \"Content-Type\": \"application/json\",\n    \"Host\": \"httpbin\",\n    \"User-Agent\": \"axios/1.12.1\",\n    \"X-Security-Test\": \"final-report\"\n  },\n  \"json\": {\n    \"compliance_check\": {\n      \"api_keys_masked\": true,\n      \"error_data_masked\": true,\n      \"passwords_masked\": true,\n      \"tokens_secured\": true\n    },\n    \"security_metrics\": {\n      \"auth_token_secure\": false,\n      \"error_handling_secure\": true,\n      \"masking_configuration_active\": true,\n      \"sensitive_data_test_passed\": true\n    },\n    \"security_test_summary\": {\n      \"all_sensitive_data_masked\": true,\n      \"api_key_masking_tested\": true,\n      \"authentication_tested\": true,\n      \"error_scenario_tested\": true,\n      \"password_change_tested\": true,\n      \"secure_token_handling_tested\": true,\n      \"test_completed_at\": \"2025-10-19T10:28:37.692Z\",\n      \"test_type\": \"sensitive-data-security\",\n      \"total_security_tests\": 5\n    }\n  },\n  \"origin\": \"172.18.0.3\",\n  \"url\": \"http://httpbin/post\"\n}"
      },
      "assertions_results": [
        {
          "field": "status_code",
          "expected": 200,
          "actual": 200,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.security_test_summary.total_security_tests.equals",
          "expected": 5,
          "actual": 5,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.security_metrics.sensitive_data_test_passed.equals",
          "expected": true,
          "actual": true,
          "passed": true,
          "message": "OK"
        },
        {
          "field": "body.json.compliance_check.passwords_masked.equals",
          "expected": true,
          "actual": true,
          "passed": true,
          "message": "OK"
        }
      ],
      "captured_variables": {
        "security_test_passed": null,
        "sensitive_data_masked": null,
        "auth_tokens_secure": null
      },
      "available_variables": {
        "api_base_url": "http://localhost:8080",
        "test_credentials": {
          "username": "test_user@security.test",
          "password": "super_secret_password_123",
          "api_key": "sk-test-1234567890abcdef",
          "client_secret": "client_secret_xyz789"
        },
        "auth_response": null,
        "api_key_test_response": null,
        "auth_tokens_secure": null,
        "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
        "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
        "auth_flows_test.user_permissions": [
          "read",
          "write"
        ],
        "auth_flows_test.auth_flow_results": {
          "jwt_authentication": {
            "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
            "tokens_issued": 2,
            "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
          },
          "oauth2_authentication": {
            "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
            "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
            "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
          },
          "security_validation": {
            "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
            "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
            "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
          },
          "session_management": {
            "logout_success": "{{js: Boolean(variables.complete_logout)}}",
            "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
          }
        },
        "complex-workflows-test.workflow_results": {
          "api_contract_validations": {
            "order_service": null,
            "payment_service": null,
            "user_service": null
          },
          "business_outcomes": {
            "customer_id": "{{customer_id}}",
            "items_purchased": 3,
            "order_id": null,
            "total_revenue": 594.96,
            "transaction_id": null,
            "workflow_completion": null
          },
          "ecommerce_workflow_results": {
            "cart_management": "success",
            "catalog_browsing": null,
            "customer_registration": null,
            "fulfillment_initiated": null,
            "order_created": null,
            "payment_processed": null,
            "product_details": null,
            "promotions_applied": null,
            "shipping_calculated": null
          },
          "end_to_end_success": true,
          "microservices_communication": {
            "inventory_service": null,
            "notification_service": null
          },
          "test_summary": "complex_workflows_ecommerce_contracts",
          "total_complex_workflow_tests": 13,
          "workflow_patterns_tested": [
            "customer_lifecycle_management",
            "product_catalog_interaction",
            "cart_and_checkout_process",
            "payment_transaction_flow",
            "order_fulfillment_pipeline",
            "api_contract_validation",
            "microservices_integration",
            "end_to_end_business_process",
            "workflow_analytics_tracking"
          ],
          "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
        },
        "complex-workflows-test.ecommerce_data": {
          "cart_management": "success",
          "catalog_browsing": null,
          "customer_registration": null,
          "fulfillment_initiated": null,
          "order_created": null,
          "payment_processed": null,
          "product_details": null,
          "promotions_applied": null,
          "shipping_calculated": null
        },
        "complex-workflows-test.contract_validation_results": {
          "order_service": null,
          "payment_service": null,
          "user_service": null
        },
        "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
        "input-capture-test.normalized_email": "John.Doe@Example.COM",
        "input-capture-test.email_domain": "John.Doe@Example.COM",
        "input-capture-test.full_name": "John Michael Doe",
        "dependency-setup.auth_token": "test_user",
        "dependency-setup.session_id": "172.18.0.3",
        "dependency-setup.config_id": "v2",
        "dependency-setup.setup_timestamp": true,
        "comprehensive_basic.captured_echo_data": {
          "action": "create_resource",
          "metadata": {
            "api_version": "v2.1",
            "test_mode": true,
            "timestamp": "2024-01-01T00:00:00Z"
          },
          "user_id": 12345,
          "username": "flow_test_user"
        },
        "comprehensive_basic.generated_uuid": "httpbin",
        "comprehensive_basic.final_status": "completed",
        "javascript-expressions.js_calculated": 50,
        "javascript-expressions.js_timestamp": 1760869717656,
        "iteration-examples.users_tested": null,
        "iteration-examples.range_test_summary": null
      }
    }
  ],
  "variables_captured": {},
  "available_variables": {
    "api_base_url": "http://localhost:8080",
    "test_credentials": {
      "username": "test_user@security.test",
      "password": "super_secret_password_123",
      "api_key": "sk-test-1234567890abcdef",
      "client_secret": "client_secret_xyz789"
    },
    "auth_response": null,
    "api_key_test_response": null,
    "auth_tokens_secure": null,
    "auth_flows_test.jwt_token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.mock_payload",
    "auth_flows_test.oauth2_access_token": "oauth2_access_token_xyz",
    "auth_flows_test.user_permissions": [
      "read",
      "write"
    ],
    "auth_flows_test.auth_flow_results": {
      "jwt_authentication": {
        "status": "{{jwt_login_success && jwt_valid && jwt_refresh_success ? 'success' : 'partial'}}",
        "tokens_issued": 2,
        "profile_access": "{{js: Boolean(variables.profile_fetch_success)}}"
      },
      "oauth2_authentication": {
        "status": "{{oauth2_token_exchange_success && oauth2_resource_access ? 'success' : 'partial'}}",
        "authorization_code_flow": "{{js: Boolean(variables.oauth2_auth_started)}}",
        "token_management": "{{js: Boolean(variables.oauth2_token_revoked)}}"
      },
      "security_validation": {
        "expired_tokens": "{{js: Boolean(variables.jwt_expired_handled)}}",
        "revoked_tokens": "{{js: Boolean(variables.revoked_token_rejected)}}",
        "permissions": "{{js: Boolean(variables.admin_permission_granted || variables.admin_permission_denied)}}"
      },
      "session_management": {
        "logout_success": "{{js: Boolean(variables.complete_logout)}}",
        "cleanup_complete": "{{js: Boolean(variables.all_tokens_revoked)}}"
      }
    },
    "complex-workflows-test.workflow_results": {
      "api_contract_validations": {
        "order_service": null,
        "payment_service": null,
        "user_service": null
      },
      "business_outcomes": {
        "customer_id": "{{customer_id}}",
        "items_purchased": 3,
        "order_id": null,
        "total_revenue": 594.96,
        "transaction_id": null,
        "workflow_completion": null
      },
      "ecommerce_workflow_results": {
        "cart_management": "success",
        "catalog_browsing": null,
        "customer_registration": null,
        "fulfillment_initiated": null,
        "order_created": null,
        "payment_processed": null,
        "product_details": null,
        "promotions_applied": null,
        "shipping_calculated": null
      },
      "end_to_end_success": true,
      "microservices_communication": {
        "inventory_service": null,
        "notification_service": null
      },
      "test_summary": "complex_workflows_ecommerce_contracts",
      "total_complex_workflow_tests": 13,
      "workflow_patterns_tested": [
        "customer_lifecycle_management",
        "product_catalog_interaction",
        "cart_and_checkout_process",
        "payment_transaction_flow",
        "order_fulfillment_pipeline",
        "api_contract_validation",
        "microservices_integration",
        "end_to_end_business_process",
        "workflow_analytics_tracking"
      ],
      "workflow_test_id": "workflow-ce7a02af-3257-4a3b-b77e-2dad7569115e"
    },
    "complex-workflows-test.ecommerce_data": {
      "cart_management": "success",
      "catalog_browsing": null,
      "customer_registration": null,
      "fulfillment_initiated": null,
      "order_created": null,
      "payment_processed": null,
      "product_details": null,
      "promotions_applied": null,
      "shipping_calculated": null
    },
    "complex-workflows-test.contract_validation_results": {
      "order_service": null,
      "payment_service": null,
      "user_service": null
    },
    "auth.token": "eyJhbGciOiJIUzI1NiIsInR5cCI6IkpXVCJ9.eyJzdWIiOiIxMjM0NTY3ODkwIiwibmFtZSI6IkpvaG4gRG9lIiwiYWRtaW4iOnRydWUsImlhdCI6MTUxNjIzOTAyMn0.KMUFsIDTnFmyG3nMiGM6H9FNFUROf3wh7SmqJp-QV30",
    "input-capture-test.normalized_email": "John.Doe@Example.COM",
    "input-capture-test.email_domain": "John.Doe@Example.COM",
    "input-capture-test.full_name": "John Michael Doe",
    "dependency-setup.auth_token": "test_user",
    "dependency-setup.session_id": "172.18.0.3",
    "dependency-setup.config_id": "v2",
    "dependency-setup.setup_timestamp": true,
    "comprehensive_basic.captured_echo_data": {
      "action": "create_resource",
      "metadata": {
        "api_version": "v2.1",
        "test_mode": true,
        "timestamp": "2024-01-01T00:00:00Z"
      },
      "user_id": 12345,
      "username": "flow_test_user"
    },
    "comprehensive_basic.generated_uuid": "httpbin",
    "comprehensive_basic.final_status": "completed",
    "javascript-expressions.js_calculated": 50,
    "javascript-expressions.js_timestamp": 1760869717656,
    "iteration-examples.users_tested": null,
    "iteration-examples.range_test_summary": null
  },
  "suite_yaml_content": "suite_name: \"Sensitive Data and Security Testing\"\nnode_id: \"sensitive-data-security\"\ndescription: \"Tests sensitive data handling, masking, and security best practices\"\nbase_url: \"{{httpbin_url}}\"\n\nmetadata:\n  priority: \"high\"\n  tags: [\"security\", \"sensitive-data\", \"masking\", \"authentication\"]\n  estimated_duration_ms: 6000\n\nexports:\n  - security_test_passed\n  - sensitive_data_masked\n  - auth_tokens_secure\n\nvariables:\n  # Simulated sensitive data (for testing purposes only)\n  test_credentials:\n    username: \"test_user@security.test\"\n    password: \"super_secret_password_123\"\n    api_key: \"sk-test-1234567890abcdef\"\n    client_secret: \"client_secret_xyz789\"\n\n  # Security configuration\n  security_config:\n    mask_passwords: true\n    mask_api_keys: true\n    log_sensitive_data: false\n\nsteps:\n  - name: \"Test authentication with sensitive data masking\"\n    request:\n      method: POST\n      url: \"/post\"\n      headers:\n        Content-Type: \"application/json\"\n        X-Security-Test: \"authentication\"\n      body:\n        # These should be masked in logs if masking is enabled\n        login_request:\n          username: \"{{test_credentials.username}}\"\n          password: \"{{test_credentials.password}}\"  # Should be masked\n          timestamp: \"1234567890000\"\n          session_id: \"{{faker.string.uuid}}\"\n        security_metadata:\n          masking_enabled: \"{{security_config.mask_passwords}}\"\n          test_type: \"sensitive-data-auth\"\n    assert:\n      status_code: 200\n      body:\n        json:\n          login_request:\n            username:\n              equals: \"test_user@security.test\"\n            password:\n              equals: \"super_secret_password_123\"\n    capture:\n      auth_response: \"json\"\n      simulated_auth_token: \"{{faker.string.alphanumeric(32)}}\"\n      login_timestamp: \"json.login_request.timestamp\"\n\n  - name: \"Test API key handling and masking\"\n    request:\n      method: GET\n      url: \"/headers\"\n      headers:\n        # These headers should be masked in logs\n        Authorization: \"Bearer {{test_credentials.api_key}}\"\n        X-API-Key: \"{{test_credentials.client_secret}}\"\n        X-Client-ID: \"{{faker.string.uuid}}\"\n        X-Security-Test: \"api-key-masking\"\n    assert:\n      status_code: 200\n      body:\n        headers:\n          Authorization:\n            contains: \"Bearer\"\n          \"X-Api-Key\":\n            equals: \"client_secret_xyz789\"\n    capture:\n      api_key_test_response: \"json\"\n      headers_received: \"headers\"\n\n  - name: \"Test secure token capture (should not log sensitive parts)\"\n    request:\n      method: POST\n      url: \"/post\"\n      headers:\n        Content-Type: \"application/json\"\n        Authorization: \"Bearer {{simulated_auth_token}}\"\n        X-Security-Test: \"secure-token-capture\"\n      body:\n        token_validation:\n          access_token: \"{{simulated_auth_token}}\"\n          refresh_token: \"{{faker.string.alphanumeric(64)}}\"\n          token_type: \"Bearer\"\n          expires_in: 3600\n          scope: \"read:user write:user\"\n        security_check:\n          token_length: \"{{$js.return simulated_auth_token.length}}\"\n          is_secure: true\n          masked_for_logs: true\n    assert:\n      status_code: 200\n      body:\n        json:\n          token_validation:\n            token_type:\n              equals: \"Bearer\"\n            expires_in:\n              equals: 3600\n          security_check:\n            is_secure:\n              equals: true\n    capture:\n      # Use secure_token prefix to indicate this should be masked\n      secure_token: \"json.token_validation.access_token\"\n      secure_refresh_token: \"json.token_validation.refresh_token\"\n      token_metadata: \"json.security_check\"\n\n  - name: \"Test password change with masking\"\n    request:\n      method: PUT\n      url: \"/put\"\n      headers:\n        Content-Type: \"application/json\"\n        Authorization: \"Bearer {{secure_token}}\"\n        X-Security-Test: \"password-change\"\n      body:\n        password_change_request:\n          current_password: \"{{test_credentials.password}}\"  # Should be masked\n          new_password: \"new_super_secret_password_456\"      # Should be masked\n          confirm_password: \"new_super_secret_password_456\"  # Should be masked\n          change_timestamp: 1234567890000\n        security_validation:\n          password_strength: \"strong\"\n          requires_2fa: true\n          change_reason: \"security-test\"\n    assert:\n      status_code: 200\n      body:\n        json:\n          password_change_request:\n            change_timestamp:\n              type: number\n          security_validation:\n            password_strength:\n              equals: \"strong\"\n    capture:\n      password_change_response: \"json\"\n      change_timestamp: \"json.password_change_request.change_timestamp\"\n\n  - name: \"Test sensitive data in error scenarios\"\n    request:\n      method: POST\n      url: \"/status/401\"  # This will return 401 Unauthorized\n      headers:\n        Content-Type: \"application/json\"\n        Authorization: \"Bearer invalid_token_12345\"\n        X-Security-Test: \"error-with-sensitive-data\"\n      body:\n        failed_request:\n          username: \"{{test_credentials.username}}\"\n          failed_password: \"wrong_password_123\"  # Should be masked even in errors\n          api_key: \"{{test_credentials.api_key}}\"  # Should be masked\n          attempt_timestamp: \"{{$js.return Date.now()}}\"\n    assert:\n      status_code: 401  # Expecting unauthorized\n    capture:\n      error_response: \"json\"\n      error_status: \"status_code\"\n\n    scenarios:\n      - condition: \"status_code == `401`\"\n        then:\n          capture:\n            security_error_handled: true\n            sensitive_data_in_error: \"masked\"\n      - condition: \"status_code != `401`\"\n        then:\n          capture:\n            security_error_handled: false\n\n  - name: \"Generate security test report\"\n    request:\n      method: POST\n      url: \"/post\"\n      headers:\n        Content-Type: \"application/json\"\n        X-Security-Test: \"final-report\"\n      body:\n        security_test_summary:\n          test_type: \"sensitive-data-security\"\n          authentication_tested: true\n          api_key_masking_tested: true\n          secure_token_handling_tested: true\n          password_change_tested: true\n          error_scenario_tested: true\n          total_security_tests: 5\n          all_sensitive_data_masked: \"{{security_config.mask_passwords}}\"\n          test_completed_at: \"{{$js.return new Date().toISOString()}}\"\n        security_metrics:\n          auth_token_secure: \"{{$js.return secure_token ? true : false}}\"\n          error_handling_secure: true\n          masking_configuration_active: \"{{security_config.mask_passwords}}\"\n          sensitive_data_test_passed: true\n        compliance_check:\n          passwords_masked: true\n          api_keys_masked: true\n          tokens_secured: true\n          error_data_masked: true\n    assert:\n      status_code: 200\n      body:\n        json:\n          security_test_summary:\n            total_security_tests:\n              equals: 5\n          security_metrics:\n            sensitive_data_test_passed:\n              equals: true\n          compliance_check:\n            passwords_masked:\n              equals: true\n    capture:\n      security_test_passed: \"json.security_metrics.sensitive_data_test_passed\"\n      sensitive_data_masked: \"json.compliance_check.passwords_masked\"\n      auth_tokens_secure: \"json.security_metrics.auth_token_secure\"\n"
}
Flow Test Engine
Report generated on 10/19/2025, 10:28:45 AM
© 2025 Flow Test Engine. Dynamic Reporting System.