How to: Generate Unit and Security Tests to Debug Faster
# How to: Generate Unit and Security Tests to Debug Faster import VideoEmbed from '@components/VideoEmbed.astro'; import { Steps } from '@astrojs/starlight/components'; Learn how to prompt Warp’s AI to generate useful unit and security tests — helping you debug faster and deploy with confidence. <VideoEmbed url="https://youtu.be/YzZmrusN8Cw?si=64ZsLu6e76rv-nI6" /> --- <Steps> 1. #### The Problem Building REST APIs involves a lot of overhead: validation, testing, and security.\ Most “auto-generated tests” from AI end up generic and incomplete — leaving gaps in reliability. To solve this, Warp lets you run **precise, context-aware test generation** using better-structured prompts. 2. #### The Prompt Paste this into Warp’s AI input: ```text title="prompt.txt" After implementing this API code, generate comprehensive unit tests and security tests to verify everything works correctly and securely: 1. Unit tests for each function / method Core functionality - Happy path with valid inputs -> expected output - Each edge case (empty inputs, nulls, boundary values) - Error handling for invalid inputs - Return value types and structure - Edge cases: empty strings, null/undefined, max values, special characters 2. SECURITY TESTS FOR EACH ENDPOINT For every API endpoint, create security tests that check: Input validation Test with these malicious payloads in every user input field: SQL Injection: " ' OR '1' = '1', "1; DROP TABLE users--", "admin'--" NoSQL Injection: {"$gt": ""}, {"$ne": null} Command Injection: "; ls -la", "| whoami", "$(cat /etc/passwd)" Path Traversal: "../../../etc/passwd", "..\..\..\windows\system32" XSS: "<script>alert('XSS')</script>", "javascript:alert(1)" XXE (for XML): "<!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]>" Authentication Tests: - No token/credentials → Must return 401 - Invalid token → Must return 401 - Expired token → Must return 401 - Valid token for wrong user → Must return 403 - Token with insufficient permissions → Must return 403 Authorization Tests: - User A trying to access User B's data → 403 - Regular user accessing admin endpoints → 403 - Deleted/disabled user token → 401 - Verify all role-based access controls work Additional Security Checks: - Rate limiting works (spam 100 requests → 429 response) - Large payloads are rejected (>1MB unless specified) - Sensitive data not exposed in errors - Headers don't leak server info - CORS properly configured 3. After running all tests, ensure: ✓ All unit tests pass ✓ 100% of functions have tests ✓ All security tests pass ✓ No SQL/NoSQL injection vulnerabilities ✓ Authentication is properly enforced ✓ Authorization rules are working ✓ Input validation catches malicious data ✓ Error messages don't expose sensitive info 4. Output Format Generate 2 test files: 1. Unit_tests.[ext] - all functional tests 2. security_tests.[ext] - all security tests Use simple assertions that clearly show: - What is being tested - What the expected behavior is - Why this test matters Keep these tests simple and focused - each test should verify ONE thing ``` 3. #### Add to Rules File Once you’ve validated the prompt, add it to your Warp Rules file so Warp can automatically reuse it. ``` Name: Run tests after writing Rule: run pytest mapp/tests to validate if the code you inserted works ``` Warp will then run these tests as a source of truth — deciding whether new AI-generated code is safe to merge or deploy. 4. #### Recap :::tip You’ve learned how to: * Prompt for **specific test coverage** * Automate your **unit and security tests** * Use Warp’s **Rules** feature for validation Small change in prompt structure — big jump in reliability. ::: </Steps>Prompt Warp to generate comprehensive unit and security tests for REST APIs, including SQL injection, XSS, and auth validation checks.
Learn how to prompt Warp’s AI to generate useful unit and security tests — helping you debug faster and deploy with confidence.
-
The Problem
Section titled “The Problem”Building REST APIs involves a lot of overhead: validation, testing, and security.
Most “auto-generated tests” from AI end up generic and incomplete — leaving gaps in reliability.To solve this, Warp lets you run precise, context-aware test generation using better-structured prompts.
-
The Prompt
Section titled “The Prompt”Paste this into Warp’s AI input:
prompt.txt After implementing this API code, generate comprehensive unit tests and security tests to verify everything works correctly and securely:1. Unit tests for each function / methodCore functionality- Happy path with valid inputs -> expected output- Each edge case (empty inputs, nulls, boundary values)- Error handling for invalid inputs- Return value types and structure- Edge cases: empty strings, null/undefined, max values, special characters2. SECURITY TESTS FOR EACH ENDPOINTFor every API endpoint, create security tests that check:Input validationTest with these malicious payloads in every user input field:SQL Injection: " ' OR '1' = '1', "1; DROP TABLE users--", "admin'--"NoSQL Injection: {"$gt": ""}, {"$ne": null}Command Injection: "; ls -la", "| whoami", "$(cat /etc/passwd)"Path Traversal: "../../../etc/passwd", "..\..\..\windows\system32"XSS: "<script>alert('XSS')</script>", "javascript:alert(1)"XXE (for XML): "<!DOCTYPE foo [<!ENTITY xxe SYSTEM 'file:///etc/passwd'>]>"Authentication Tests:- No token/credentials → Must return 401- Invalid token → Must return 401- Expired token → Must return 401- Valid token for wrong user → Must return 403- Token with insufficient permissions → Must return 403Authorization Tests:- User A trying to access User B's data → 403- Regular user accessing admin endpoints → 403- Deleted/disabled user token → 401- Verify all role-based access controls workAdditional Security Checks:- Rate limiting works (spam 100 requests → 429 response)- Large payloads are rejected (>1MB unless specified)- Sensitive data not exposed in errors- Headers don't leak server info- CORS properly configured3. After running all tests, ensure:✓ All unit tests pass✓ 100% of functions have tests✓ All security tests pass✓ No SQL/NoSQL injection vulnerabilities✓ Authentication is properly enforced✓ Authorization rules are working✓ Input validation catches malicious data✓ Error messages don't expose sensitive info4. Output FormatGenerate 2 test files:1. Unit_tests.[ext] - all functional tests2. security_tests.[ext] - all security testsUse simple assertions that clearly show:- What is being tested- What the expected behavior is- Why this test mattersKeep these tests simple and focused - each test should verify ONE thing -
Add to Rules File
Section titled “Add to Rules File”Once you’ve validated the prompt, add it to your Warp Rules file so Warp can automatically reuse it.
Name: Run tests after writingRule: run pytest mapp/tests to validate if the code you inserted worksWarp will then run these tests as a source of truth — deciding whether new AI-generated code is safe to merge or deploy.