By knowing what kinds of data are being passed to the server and what kinds of data can be returned, you can build a more secure app by checking the data type and evaluating the potential risks of outputting the data.
Prototyping in mock functions can also be done without a full-fledged server. For example, mocking a third-party API or a publicly available API endpoint could be done by using a dummy endpoint with dummy data.
What kinds of data should be tested?
You should be testing data that is vulnerable to being leaked and the outputting of which could cause a breach. For example, you should test input that is sent to the server and what kind of output can be get back. If you want your app to do something at a specific time on a system, then it's important to know if this function can be triggered from outside your app. You should also be testing under what conditions, such as when network connectivity fails, does your app still work?
Timeline
Published on: 10/12/2022 12:15:00 UTC
Last modified on: 10/14/2022 14:41:00 UTC
References
- https://github.com/mfncooper/mockery/blob/822f0566fd6d72af8c943ae5ca2aa92e516aa2cf/mockery.js#L119
- https://github.com/mfncooper/mockery/blob/822f0566fd6d72af8c943ae5ca2aa92e516aa2cf/mockery.js#L62
- https://github.com/mfncooper/mockery/issues/77
- https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2022-37614