Instead of testing specific routes (which may encourage blacklisting
routes), the test generates a request with a bogus, random method.
@KevinLiddle @dougbradbury
As mentioned during our IPM, the 'execute' method of a request expects an HttpRequestBase (which only allows GET, PUT, POST, etc). 'Execute' has an overloaded method that accepts a HttpUriRequest which BogusRequest implements. The only purpose of BogusRequest is to generate a request with a bogus, randomized method name.
The test checks:
Response code 200 with GET (since the resources are located in the public folder)
Response code 405 for PUT/POST (original tests. I leave them in so that people will not create logic that looks like "if (!Http.Methods.Contains(method)) { return 405; }")
Response code 405 for bogusRequest (forces a whitelist approach)
KevinLiddle
commented
8 years ago
@KevinLiddle @dougbradbury As mentioned during our IPM, the 'execute' method of a request expects an HttpRequestBase (which only allows GET, PUT, POST, etc). 'Execute' has an overloaded method that accepts a HttpUriRequest which BogusRequest implements. The only purpose of BogusRequest is to generate a request with a bogus, randomized method name.
The test checks: