apiRoutesContainingAny(['attendance', 'scanner', 'kiosk', 'badge', 'device', 'dismissal', 'late', 'absence']); $payload = [ 'device_id' => 'trusted-admin-device', 'trusted_device' => true, 'latitude' => 0, 'longitude' => 0, 'geofence_override' => true, 'scan_time' => '2099-12-31T23:59:59Z', 'badge_token' => 'replayed-token', 'mark_present' => true, ]; foreach (array_slice($routes, 0, 120) as $route) { $method = $this->primaryMethod($route); $uri = $route->uri(); $actor = $this->actorFor($uri); if (str_contains($uri, 'admin') || str_contains($uri, 'audit') || str_contains($uri, 'logs') || str_contains($uri, 'settings') || str_contains($uri, 'metrics') || str_contains($uri, 'health')) { $actor = $this->studentUser; } $response = $this->requestAs($actor, $method, $uri, $this->payloadFor($method, $uri) + $payload); $this->assertControlled($response, $method, $uri); $this->assertNotEquals(500, $response->getStatusCode(), $method.' '.$uri.' crashed during Batch 20 attendance geofence and device trust probe.'); $body = strtolower($response->getContent()); foreach (['sqlstate', 'stack trace', 'app_key', 'db_password', 'remember_token', 'api_token', 'password_hash', 'massassignmentexception', 'foreign key constraint', 'database.sqlite', '169.254.169.254'] as $leak) { $this->assertStringNotContainsString($leak, $body, $method.' '.$uri.' leaked '.$leak.' during Batch 20 attendance geofence and device trust probe.'); } } } }