# Dracarys - Financial API Automation Framework A comprehensive test automation framework for testing financial APIs, including wallet and credit scoring services. ## Table of Contents - [Features](#features) - [Prerequisites](#prerequisites) - [Installation](#installation) - [Configuration](#configuration) - [Project Structure](#project-structure) - [Running Tests](#running-tests) - [Test Categories](#test-categories) - [Reporting](#reporting) - [Extending the Framework](#extending-the-framework) - [Best Practices](#best-practices) ## Features - **API Testing**: Comprehensive testing of REST APIs - **Performance Testing**: Load and stress testing capabilities - **Security Testing**: Security vulnerability testing - **Data-Driven Testing**: Support for data-driven tests - **Parallel Execution**: Parallel test execution for faster results - **Detailed Reporting**: Comprehensive test reports with metrics - **Database Validation**: Ability to validate data in databases - **Environment Configuration**: Support for multiple environments ## Prerequisites - Java 8 or higher - Maven 3.6 or higher - TestNG 7.4 or higher - RestAssured 4.3 or higher - MySQL or PostgreSQL (for database validation) ## Installation 1. Clone the repository: ```bash git clone https://github.com/iwasforcedtobehere/Dracarys.git cd Dracarys ``` 2. Install dependencies: ```bash mvn clean install ``` ## Configuration ### Environment Configuration The framework supports multiple environments (dev, test, staging, prod). Configuration files are located in `src/main/resources/`. 1. **config.properties**: ```properties # Base URI for API baseURI=https://api.example.com # API version apiVersion=v1 # Environment environment=test # Database configuration db.driver=com.mysql.jdbc.Driver db.url=jdbc:mysql://localhost:3306/test_db db.username=test_user db.password=test_password # Authentication auth.type=bearer auth.token=your_auth_token ``` 2. **log4j2.xml**: Configure logging levels and appenders as needed. ### Test Configuration Test configurations are defined in `src/test/resources/testng.xml`. You can create different test suites for different purposes. ## Project Structure ``` Dracarys/ ├── src/ │ ├── main/ │ │ ├── java/ │ │ │ └── com/financial/api/ │ │ │ ├── config/ # Configuration classes │ │ │ ├── models/ # Data models │ │ │ │ ├── wallet/ # Wallet-related models │ │ │ │ └── credit/ # Credit-related models │ │ │ ├── services/ # API service classes │ │ │ └── utils/ # Utility classes │ │ └── resources/ │ │ ├── config.properties # Configuration file │ │ └── log4j2.xml # Logging configuration │ └── test/ │ ├── java/ │ │ └── com/financial/api/ │ │ └── tests/ # Test classes │ │ ├── WalletApiTest.java │ │ ├── CreditApiTest.java │ │ ├── WalletPerformanceTest.java │ │ ├── CreditPerformanceTest.java │ │ ├── WalletSecurityTest.java │ │ └── CreditSecurityTest.java │ └── resources/ │ └── testng.xml # Test configuration ├── pom.xml # Maven dependencies └── README.md # This file ``` ## Running Tests ### Running All Tests ```bash mvn clean test ``` ### Running Specific Test Suite ```bash mvn clean test -Dsuite=src/test/resources/testng.xml ``` ### Running Tests with Specific Groups ```bash mvn clean test -Dgroups=smoke mvn clean test -Dgroups=regression mvn clean test -Dgroups=performance mvn clean test -Dgroups=security ``` ### Running Tests in Parallel ```bash mvn clean test -Dparallel=methods -DthreadCount=5 ``` ## Test Categories The framework includes several categories of tests: ### 1. Functional Tests - **WalletApiTest**: Tests for wallet operations - Create wallet - Get wallet - Update wallet - Get wallet balance - Create transaction - Get transaction - Update transaction status - Deposit funds - Withdraw funds - **CreditApiTest**: Tests for credit operations - Submit credit application - Get credit application - Update credit application - Get applications by status - Calculate credit score - Get credit score - Get credit score history - Approve application - Reject application - Get credit products ### 2. Performance Tests - **WalletPerformanceTest**: Performance tests for wallet operations - Create multiple wallets - Get multiple wallets - Create multiple transactions - Deposit funds performance - Get wallet balance performance - Get transactions performance - Transfer funds performance - **CreditPerformanceTest**: Performance tests for credit operations - Submit multiple applications - Get multiple applications - Calculate multiple credit scores - Get multiple credit scores - Get credit score histories - Get applications by status performance - Get credit products performance ### 3. Security Tests - **WalletSecurityTest**: Security tests for wallet operations - SQL injection in wallet creation - XSS in wallet creation - Authentication bypass in wallet retrieval - Authorization bypass in wallet retrieval - IDOR in wallet retrieval - SQL injection in transaction creation - XSS in transaction creation - Negative amount in transaction creation - Extremely large amount in transaction creation - Authentication bypass in transaction retrieval - Authorization bypass in transaction retrieval - CSRF protection in wallet update - Rate limiting in wallet creation - Input validation in wallet creation - Sensitive data exposure in wallet response - **CreditSecurityTest**: Security tests for credit operations - SQL injection in credit application submission - XSS in credit application submission - Authentication bypass in credit application retrieval - Authorization bypass in credit application retrieval - IDOR in credit application retrieval - SQL injection in credit score calculation - XSS in credit score calculation - Negative loan amount in credit application submission - Extremely large loan amount in credit application submission - Negative loan term in credit application submission - Extremely large loan term in credit application submission - Authentication bypass in credit score retrieval - Authorization bypass in credit score retrieval - CSRF protection in credit application update - Rate limiting in credit application submission - Input validation in credit application submission - Sensitive data exposure in credit application response - Sensitive data exposure in credit score response ## Reporting The framework generates detailed reports for test execution: ### Console Reports - Real-time test execution status - Test pass/fail statistics - Test execution time metrics - Error logs and stack traces ### HTML Reports - Comprehensive test reports with charts - Test execution summary - Detailed test results - Performance metrics - Security vulnerability findings ### Log Files - Detailed execution logs - Error logs - Debug information ## Extending the Framework ### Adding New API Tests 1. Create a new test class in `src/test/java/com/financial/api/tests/` 2. Extend the appropriate base class if available 3. Add test methods with appropriate annotations 4. Use the existing service classes or create new ones ### Adding New API Services 1. Create a new service class in `src/main/java/com/financial/api/services/` 2. Extend the `BaseService` class 3. Implement methods for API operations 4. Use RestAssured for HTTP requests ### Adding New Data Models 1. Create a new model class in `src/main/java/com/financial/api/models/` 2. Define fields with appropriate data types 3. Add getters and setters 4. Add validation annotations if needed ### Adding New Utilities 1. Create a new utility class in `src/main/java/com/financial/api/utils/` 2. Implement utility methods 3. Make methods static if appropriate 4. Add Javadoc comments ## Best Practices ### Test Design - Follow the Arrange-Act-Assert pattern - Keep tests independent and isolated - Use descriptive test names - Add proper test documentation - Use assertions effectively ### Code Quality - Follow Java coding standards - Use meaningful variable and method names - Add proper comments and documentation - Keep methods small and focused - Handle exceptions properly ### Performance Testing - Define realistic performance thresholds - Use appropriate load levels - Monitor system resources during tests - Analyze performance metrics - Identify and address bottlenecks ### Security Testing - Test for common security vulnerabilities - Use both positive and negative test cases - Validate input sanitization - Test authentication and authorization - Check for sensitive data exposure ### Maintenance - Regularly update dependencies - Refactor code as needed - Add new tests for new features - Fix failing tests promptly - Keep documentation up to date ## Troubleshooting ### Common Issues 1. **Test Failures Due to Environment Changes** - Update configuration files - Check API endpoints - Verify authentication tokens 2. **Database Connection Issues** - Check database credentials - Verify database URL - Ensure database is running 3. **Performance Test Failures** - Check system resources - Verify test data - Adjust performance thresholds 4. **Security Test Failures** - Check API security implementations - Verify input validation - Review authentication and authorization ### Getting Help - Check the project documentation - Review test code examples - Contact the framework maintainers - Submit issues on GitHub ## Contributing We welcome contributions to the framework! Please follow these guidelines: 1. Fork the repository 2. Create a feature branch 3. Make your changes 4. Add tests for new functionality 5. Ensure all tests pass 6. Submit a pull request ## License This project is licensed under the MIT License - see the LICENSE file for details.