To support future changes in rest api that that allows query the database using /query endpoint and uses json as data format for I/O starting to write down test cases.
My configs are:-
1. Grails 2.3.8
2. spock testing framework
I'm concerned if we have some good support from spock for writing test cases for SQL injections verification and upto what level generic it can be made.
When we say generic, it means that it should be hitting a different endpoint each time it is run. For example,
1st run : /api/users/query
2nd run : /api/group/query
3rd run : /api/users/query
.
.
nth time : /api/specs/query
So, the domain chosen must be different each time. We can have some random number generated which can be used to identify Domain endpoint from a map or list of query endpoint urls for all domains.
But next thought comes to my mind is whether there could another test case in place that can call these test cases(that check for sql injections for different endpoints on each run) a specified number of times to test it further and more accurately.
Aucun commentaire:
Enregistrer un commentaire