From the course: Secure Coding in Python

Unlock this course with a free trial

Join today to access over 25,500 courses taught by industry experts.

Solution: Serializer fields

Solution: Serializer fields - Python Tutorial

From the course: Secure Coding in Python

Start my 1-month free trial Buy for my team

Solution: Serializer fields

The goal of this challenge was to run our tests to see what sort of regression showed up. And I'm going to go ahead and run this one more time. So pipenv run pytest. And as you can see, there's a failure here. I'll do this again more verbosely. So pipenv run pytest -v. And here I can see that the ID field is exposed. Now, if this API were consumed by a front end or an app, this could be an issue that would go unnoticed. Somebody can start making guesses about our database structure, how many members perhaps we have If these IDs are sequential, and this can be prevented as long as we have tests to let us know about it. So let's navigate to our post serializers. And as you can see, somebody carelessly added ID to the fields that are exposed. I'll go ahead and delete it. And now if I go ahead and run the command pipenv run pytest -v. I'll see that all three tests have passed. Now, once again, writing test does take a bit of discipline. A lot of times it's the initial setup that really…

Contents