Files
alrahma_sunday_school_api/tests/Feature/Api/V1/FullSurface/ApiOperationalEndpointExposureContractTest.php
2026-06-11 11:46:12 -04:00

26 lines
1.2 KiB
PHP

<?php
namespace Tests\Feature\Api\V1\FullSurface;
use Tests\Feature\Api\V1\FullSurface\Support\FullSurfaceE2EContractCase;
class ApiOperationalEndpointExposureContractTest extends FullSurfaceE2EContractCase
{
public function test_operational_debug_and_maintenance_routes_are_not_publicly_exposed_with_sensitive_data(): void
{
$routes = $this->apiRoutesContainingAny(['debug', 'health', 'db-check', 'metrics', 'logs', 'cache', 'queue', 'maintenance', 'telescope', 'horizon']);
foreach ($routes as $route) {
$method = $this->primaryMethod($route);
$uri = $route->uri();
$response = $this->json($method, $this->materializePath($uri), $this->payloadFor($method, $uri));
$this->assertControlled($response, $method, $uri);
$this->assertNoServerError($response, 'operational endpoint exposure at '.$method.' '.$uri);
$this->assertStringNotContainsStringIgnoringCase('APP_KEY', $response->getContent());
$this->assertStringNotContainsStringIgnoringCase('DB_PASSWORD', $response->getContent());
$this->assertStringNotContainsStringIgnoringCase('AWS_SECRET', $response->getContent());
}
}
}