Writing automated tests can help you find vulnerabilities in your code.

Writing automated tests can help you find vulnerabilities in your code.

For example, I had a controller that was checking if the user was authorized to make a request. The controller used the Gate facade in laravel to detect if the user was authorized to update and create a model. This worked as expected when testing on the front end, but when I added automated tests, I noticed that first, the unauthorized user was getting validation errors for the request before being served a 403.

This was because I was using a FormRequest class to validate user input but had set the validate method to only return true. The automated test was properly failing because I had attempted a route without the required attributes but was expecting to receive a 403.

This is a vulnerability to me because it sends information about the application to an unauthorized user when it should only be returning a 403.

The test saved a potential exploit, and I was able to use the Gate::allows method within the validate function of the FormRequest to properly determine if the user was authorized before attempting to validate the users input.

Testing rocks!