business-logic-testing

📁 ed1s0nz/cyberstrikeai 📅 7 days ago

总安装量

周安装量

#30118

全站排名

安装命令

npx skills add https://github.com/ed1s0nz/cyberstrikeai --skill business-logic-testing

Agent 安装分布

codex 2

amp 1

opencode 1

kimi-cli 1

github-copilot 1

codebuddy 1

Skill 文档

ä¸å¡é»è¾æ¼æ´æµè¯

æ¦è¿°

æ¼æ´ç±»å

1. å·¥ä½æµç»è¿

è·³è¿éªè¯æ¥éª¤ï¼

ç´æ¥è®¿é®æç»æ¥éª¤
ä¿®æ¹æ¥éª¤é¡ºåº
éå¤æ§è¡æ¥éª¤

2. ä»·æ ¼æä½

è´æ°ä»·æ ¼ï¼

è¾å¥è´æ°éé¢
å¯¼è´è´¦æ·ä½é¢å¢å

ä»·æ ¼ç¯¡æ¹ï¼

ä¿®æ¹åç«¯ä»·æ ¼
ä¿®æ¹APIè¯·æ±ä¸çä»·æ ¼

3. æ°ééå¶ç»è¿

è´æ°æ°éï¼

è¾å¥è´æ°
å¯è½å¯¼è´åºåå¢å

è¶åºéå¶ï¼

ä¿®æ¹æ°ééå¶
æ¹éæä½ç»è¿

4. æ¶é´ç«äº

å¹¶åè¯·æ±ï¼

åæ¶åéå¤ä¸ªè¯·æ±
ç»è¿åæ¬¡éå¶

5. ç¶ææä½

ç¶æåéï¼

å°å·²å®æè®¢åæ¹ä¸ºå¾æ¯ä»
ä¿®æ¹è®¢åç¶æ

æµè¯æ¹æ³

1. å·¥ä½æµåæ

è¯å«ä¸å¡æµç¨ï¼

æ³¨åæµç¨
è´ä¹°æµç¨
æç°æµç¨
å®¡æ ¸æµç¨

æµè¯æ¥éª¤è·³è¿ï¼

æ£å¸¸æµç¨: æ¥éª¤1 â æ¥éª¤2 â æ¥éª¤3
æµè¯: ç´æ¥è®¿é®æ¥éª¤3
æµè¯: æ¥éª¤1 â æ¥éª¤3ï¼è·³è¿æ¥éª¤2ï¼

2. åæ°ç¯¡æ¹

ä¿®æ¹å³é®åæ°ï¼

POST /api/purchase
{
  "product_id": 123,
  "quantity": 1,
  "price": 100.00  # ä¿®æ¹ä¸º 0.01
}

è´æ°æµè¯ï¼

{
  "quantity": -1,
  "price": -100.00
}

3. å¹¶åæµè¯

åæ¶åéè¯·æ±ï¼

import threading
import requests

def purchase():
    requests.post('https://target.com/api/purchase', 
                  json={'product_id': 123, 'quantity': 1})

# åæ¶åé10ä¸ªè¯·æ±
for i in range(10):
    threading.Thread(target=purchase).start()

4. ç¶æä¿®æ¹

ä¿®æ¹è®¢åç¶æï¼

PATCH /api/order/123
{
  "status": "completed"  # ä¿®æ¹ä¸ºå·²å®æ
}

åéç¶æï¼

PATCH /api/order/123
{
  "status": "pending"  # ä»å·²å®æåéå°å¾æ¯ä»
}

å©ç¨ææ¯

ä»·æ ¼æä½

è´æ°ä»·æ ¼ï¼

{
  "product_id": 123,
  "price": -100.00,
  "quantity": 1
}

ä¿®æ¹åç«¯ä»·æ ¼ï¼

// åç«¯ä»£ç 
const price = 100.00;

// ä¿®æ¹ä¸º
const price = 0.01;

APIä»·æ ¼ä¿®æ¹ï¼

POST /api/checkout
{
  "items": [
    {
      "product_id": 123,
      "price": 0.01,  # åä»·100.00
      "quantity": 1
    }
  ]
}

æ°ééå¶ç»è¿

è´æ°æ°éï¼

{
  "product_id": 123,
  "quantity": -10  # å¯è½å¯¼è´åºåå¢å 
}

è¶åºéå¶ï¼

{
  "product_id": 123,
  "quantity": 999999  # è¶åºåæ¬¡è´ä¹°éå¶
}

ä¼æ å¸æ»¥ç¨

éå¤ä½¿ç¨ï¼

POST /api/checkout
{
  "coupon": "DISCOUNT50",
  "items": [...]
}

# éå¤ä½¿ç¨åä¸ä¼æ å¸

æªæ¿æ´»ä¼æ å¸ï¼

POST /api/checkout
{
  "coupon": "EXPIRED_COUPON",  # ä½¿ç¨è¿æä¼æ å¸
  "items": [...]
}

æç°æ¼æ´

è´æ°æç°ï¼

{
  "amount": -1000.00  # å¯è½å¯¼è´è´¦æ·ä½é¢å¢å 
}

è¶åºä½é¢ï¼

{
  "amount": 999999.00  # è¶åºè´¦æ·ä½é¢
}

æ¶é´ç«äº

å¹¶åè´ä¹°ï¼

import threading
import requests

def buy():
    requests.post('https://target.com/api/purchase',
                  json={'product_id': 123, 'quantity': 1})

# éæ¶æ¢è´ï¼å¹¶åè¯·æ±
for i in range(100):
    threading.Thread(target=buy).start()

ç»è¿ææ¯

åç«¯éªè¯ç»è¿

ç´æ¥è°ç¨APIï¼

ç»è¿åç«¯JavaScriptéªè¯
ç´æ¥åéAPIè¯·æ±

ä¿®æ¹è¯·æ±ï¼

ä½¿ç¨Burp Suiteæ¦æª
ä¿®æ¹åæ°ååé

ç¶æç åæ

è§å¯ååºï¼

200 OK – å¯è½æå
400 Bad Request – åæ°éè¯¯
403 Forbidden – æéä¸è¶³
500 Internal Server Error – æå¡å¨éè¯¯

éè¯¯ä¿¡æ¯å©ç¨

ä»éè¯¯ä¿¡æ¯è·åä¿¡æ¯ï¼

éè¯¯: "ä½é¢ä¸è¶³ï¼å½åä½é¢: 100.00"
â å¯ä»¥è·åè´¦æ·ä½é¢ä¿¡æ¯

å·¥å·ä½¿ç¨

Burp Suite

ä½¿ç¨Repeaterï¼

æ¦æªä¸å¡è¯·æ±
ä¿®æ¹å³é®åæ°
è§å¯ååº

ä½¿ç¨Intruderï¼

æ è®°åæ°
ä½¿ç¨Payloadåè¡¨
æ¹éæµè¯

èªå®ä¹èæ¬

import requests
import json

def test_price_manipulation():
    # æµè¯ä»·æ ¼ä¿®æ¹
    for price in [0.01, -100, 0, 999999]:
        data = {
            "product_id": 123,
            "price": price,
            "quantity": 1
        }
        response = requests.post('https://target.com/api/purchase',
                                json=data)
        print(f"Price {price}: {response.status_code}")

test_price_manipulation()

éªè¯åæ¥å

éªè¯æ¥éª¤

ç¡®è®¤å¯ä»¥ç»è¿ä¸å¡é»è¾éå¶
éªè¯å¯ä»¥æ§è¡æªæææä½
è¯ä¼°å½±åï¼èµéæå¤±ãæ°æ®ç¯¡æ¹çï¼
è®°å½å®æ´çPOC

æ¥åè¦ç¹

æ¼æ´ä½ç½®åä¸å¡æµç¨
å¯æ§è¡çæªæææä½
ä¿®å¤å»ºè®®ï¼æå¡ç«¯éªè¯ãä¸å¡è§åæ£æ¥çï¼

é²æ¤æªæ½

æ¨èæ¹æ¡

æå¡ç«¯éªè¯

def process_purchase(product_id, quantity, price):
    # ä»æ°æ®åºè·åçå®ä»·æ ¼
    real_price = db.get_product_price(product_id)
    
    # éªè¯ä»·æ ¼
    if price != real_price:
        raise ValueError("Price mismatch")
    
    # éªè¯æ°é
    if quantity <= 0:
        raise ValueError("Invalid quantity")
    
    # å¤çè´ä¹°
    process_order(product_id, quantity, real_price)

ç¶ææºéªè¯

class OrderState:
    PENDING = "pending"
    PAID = "paid"
    SHIPPED = "shipped"
    COMPLETED = "completed"
    
    TRANSITIONS = {
        PENDING: [PAID],
        PAID: [SHIPPED],
        SHIPPED: [COMPLETED]
    }
    
    def can_transition(self, from_state, to_state):
        return to_state in self.TRANSITIONS.get(from_state, [])

å¹¶åæ§å¶

import threading

lock = threading.Lock()

def process_order(order_id):
    with lock:
        # æ£æ¥è®¢åç¶æ
        order = db.get_order(order_id)
        if order.status != 'pending':
            raise ValueError("Order already processed")
        
        # å¤çè®¢å
        process(order)

ä¸å¡è§åéªè¯

def validate_business_rules(order):
    # éªè¯æ°ééå¶
    if order.quantity > MAX_QUANTITY:
        raise ValueError("Quantity exceeds limit")
    
    # éªè¯ä»·æ ¼èå´
    if order.price <= 0:
        raise ValueError("Invalid price")
    
    # éªè¯åºå
    if order.quantity > get_stock(order.product_id):
        raise ValueError("Insufficient stock")

å®¡è®¡æ¥å¿

def log_business_action(user_id, action, details):
    log_entry = {
        "user_id": user_id,
        "action": action,
        "details": details,
        "timestamp": datetime.now()
    }
    db.log_action(log_entry)

æ³¨æäºé¡¹

ä»å¨æææµè¯ç¯å¢ä¸è¿è¡
é¿åå¯¹ä¸å¡é æå®éå½±å
æ³¨æä¸åä¸å¡æµç¨çå·®å¼
æµè¯æ¶æ³¨ææ°æ®ä¸è´æ§

GitHub 仓库 ↗ ← 返回陌讯 Skills 聚合平台

business-logic-testing

Agent 安装分布

Skill 文档

ä¸å¡é»è¾æ¼æ´æµè¯

æ¦è¿°

æ¼æ´ç±»å

1. å·¥ä½æµç»è¿

2. ä»·æ ¼æä½

3. æ°ééå¶ç»è¿

4. æ¶é´ç«äº

5. ç¶ææä½

æµè¯æ¹æ³

1. å·¥ä½æµåæ

2. åæ°ç¯¡æ¹

3. å¹¶åæµè¯

4. ç¶æä¿®æ¹

å©ç¨ææ¯

ä»·æ ¼æä½

æ°ééå¶ç»è¿

ä¼æ å¸æ»¥ç¨

æç°æ¼æ´

æ¶é´ç«äº

ç»è¿ææ¯

åç«¯éªè¯ç»è¿

ç¶æç åæ

éè¯¯ä¿¡æ¯å©ç¨

å·¥å ·ä½¿ç¨