Currently, the stack_license endpoint does not contain any check if the payload sent to this endpoint is correct. It means that the service fail later with HTTP code 500, and not with HTTP code 400.
Possible fix:
1) check payload right after it is received
2) respond accordingly
Currently, the
stack_licenseendpoint does not contain any check if the payload sent to this endpoint is correct. It means that the service fail later with HTTP code 500, and not with HTTP code 400.Possible fix: 1) check payload right after it is received 2) respond accordingly
Report made by BAF can be seen here: https://fabric8-analytics.github.io/fuzz-tests/recommender_stack_license_issue_168.htm