Skip to content

Catalogue the API request values that could use some validation #625

New issue
New issue
Open
Open
Catalogue the API request values that could use some validation#625
Labels
backendRequires work on the backend
@pmarsh-scottlogic

Description

@pmarsh-scottlogic
pmarsh-scottlogic
opened on Dec 4, 2023

If we send a request to the backend, and the request includes nonsense data, it accepts it despite the types that we have in place. For example you can ping /defence/configure with a defence_id that doesn't exist, and it will still return a 200 response [and configure that nonsense defence id]. It should return 400 instead.

We should check for existence of values as well as correct types.

TODO for ticket:

  • List all values that should be validated.
  • make tickets to implement validation for each value in list [as guard clauses at the top of each controller]. We should also unit test the validation. Endpoints should return 400 codes for bad inputs

Question: is this worth our time? If we were building a public api it should be robust. - yes this is a nice to have

Metadata

Metadata

Assignees

No one assigned

    Labels

    backendRequires work on the backend

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions