![]() If we open the Runtime Analysis tab in the AppMap plugin, we can see that it identified a INSERT into the analytics database, complete with IP addresses and other relevant information. Armed with this valuable insight, we are able to initiate fixes effectively. Instead of manually digging through the codebase, I used AppMap to scour the application for flaws and present me with comprehensive information about the exact locations of the issues within the codebase. I noticed an unexpected database insertion alongside the expected SELECT statement. In this example, I find and fix a similar issue in a Ruby on Rails application. However, they can sometimes miss things, especially with library-generated database interactions like those found in frameworks like ActiveRecord or Hibernate. After all, nobody would trust an ATM if the act of checking their bank balance caused it to drop in value each time!Ĭode reviewers are doing their job well when they check read-only APIs to be safe. Clients of the API need to be 100% sure that their read-only calls truly are read-only. If a supposedly safe API breaks the idempotency rule, it can cause a lot of issues for a system. For some APIs (like one that can GET the current time, or look up a stock’s latest market price) it might return different data each time, but still be idempotent as long as it isn’t the API that causes those changes in the server’s data values. For most API endpoints, this means that calling them once will return the same values as calling them multiple times. ![]() ![]() GET and HEAD requests should be idempotent, which means they shouldn’t cause any side effects on the resources on the server. “Request methods are considered safe if their defined semantics are essentially read-only i.e., the client does not request, and does not expect, any state change on the origin server as a result of applying a safe method to a target resource.” ( The RFC Documentation) Specifically, we address a critical issue that arises when incorrect database actions are coupled with inappropriate HTTP request verbs creating an “unsafe API method.” This article explores how to ensure your APIs are safe. ![]() Cover image credit: Photo by Nick Fewings on Unsplash
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |