fix: remove dead DeleteEnvVarsByAppID and add empty-key 400 test
All checks were successful
Check / check (pull_request) Successful in 3m11s
All checks were successful
Check / check (pull_request) Successful in 3m11s
- Remove DeleteEnvVarsByAppID() which became dead code after ReplaceEnvVarsByAppID() was introduced (handles deletion internally within its transaction). - Add TestHandleEnvVarSaveEmptyKeyRejected to verify that POSTing a JSON array with an empty key returns 400 Bad Request. Addresses review advisories on PR #158.
This commit is contained in:
user
@@ -638,6 +638,32 @@ func TestHandleEnvVarSaveAppNotFound(t *testing.T) {
|
||||
assert.Equal(t, http.StatusNotFound, recorder.Code)
|
||||
}
|
||||
|
||||
// TestHandleEnvVarSaveEmptyKeyRejected verifies that submitting a JSON
|
||||
// array containing an entry with an empty key returns 400.
|
||||
func TestHandleEnvVarSaveEmptyKeyRejected(t *testing.T) {
|
||||
t.Parallel()
|
||||
|
||||
testCtx := setupTestHandlers(t)
|
||||
createdApp := createTestApp(t, testCtx, "envvar-emptykey-app")
|
||||
|
||||
body := `[{"key":"VALID_KEY","value":"ok"},{"key":"","value":"bad"}]`
|
||||
|
||||
r := chi.NewRouter()
|
||||
r.Post("/apps/{id}/env", testCtx.handlers.HandleEnvVarSave())
|
||||
|
||||
request := httptest.NewRequest(
|
||||
http.MethodPost,
|
||||
"/apps/"+createdApp.ID+"/env",
|
||||
strings.NewReader(body),
|
||||
)
|
||||
request.Header.Set("Content-Type", "application/json")
|
||||
|
||||
recorder := httptest.NewRecorder()
|
||||
r.ServeHTTP(recorder, request)
|
||||
|
||||
assert.Equal(t, http.StatusBadRequest, recorder.Code)
|
||||
}
|
||||
|
||||
// TestDeleteLabelOwnershipVerification tests that deleting a label
|
||||
// via another app's URL path returns 404 (IDOR prevention).
|
||||
func TestDeleteLabelOwnershipVerification(t *testing.T) {
|
||||
|
||||
Reference in New Issue
Block a user