Secure your code as it's written. Use Snyk Code to scan source code in minutes - no build needed - and fix issues immediately.
it("should retrieve all packets in default order", function (doneFn) {
frisby.get(packets_url)
.expect('status', 200)
.then(function (res) {
// Could not get the Frisby test for JSON to work, so use this:
expect(JSON.parse(res.body)).toEqual(packets);
})
.done(doneFn);
});
host: {
dev: "http://localhost:4014",
prod: "http://localhost:4015"
}
}
}
});
const reqs = [
frisby
.get("http://localhost:1337/")
.expect("status", 200)
.expect("header", "x-spandx-env", "dev")
.expect("header", "x-spandx-origin", "localhost")
.expect("bodyContains", /DEV/),
frisby
.get("http://127.0.0.1:1337/")
.expect("status", 200)
.expect("header", "x-spandx-env", "prod")
.expect("header", "x-spandx-origin", "127.0.0.1")
.expect("bodyContains", /PROD/)
];
// wait for all request promises to resolve, then close up shop
await Promise.all(reqs.map(r => r._fetch));
let runningServers = reqs.length;
devServer.close(() => --runningServers == 0 && done());
prodServer.close(() => --runningServers == 0 && done());
});
it('GET main-es2015.js contains password hint for support team', () => {
return frisby.get(URL + '/main-es2015.js')
.expect('status', 200)
.expect('bodyContains', '@echipa de suport: Secretul nostru comun este \\xeenc\\u0103 Caoimhe cu parola de master gol!')
})
})
it('GET a restricted file directly from file system path on server via URL-encoded Directory Traversal attack loads index.html instead', () => {
return frisby.get(URL + '/public/images/%2e%2e%2f%2e%2e%2fftp/eastere.gg')
.expect('status', 200)
.expect('bodyContains', '')
})
it('for All Day DevOps configuration (https://pastebin.com/RXrihEMS)', () => {
return frisby.get('https://pastebin.com/RXrihEMS')
.expect('status', 200)
.expect('bodyContains', 'The infamous 301 and 303 lasers.')
.expect('bodyContains', 'Cheap Chinese crap with no quality control')
.expect('bodyContains', 'permanent damage before you can blink your eye')
})
})
it('GET product search SQL Injection fails from one missing closing parenthesis', () => {
return frisby.get(REST_URL + '/products/search?q=\') union select null,id,email,password,null,null,null from users--')
.expect('status', 500)
.expect('header', 'content-type', /text\/html/)
.expect('bodyContains', '<h1>' + config.get('application.name') + ' (Express')
.expect('bodyContains', 'SQLITE_ERROR: near "union": syntax error')
})
</h1>
.then(({ json: jsonLogin }) => {
return frisby.get(REST_URL + '/deluxe-status', {
headers: { Authorization: 'Bearer ' + jsonLogin.authentication.token, 'content-type': 'application/json' }
})
.expect('status', 200)
.expect('json', 'data', { membershipCost: 49 })
})
})
.then(({ json: jsonLogin }) => {
return frisby.get(REST_URL + '/user/erasure-request', {
headers: { 'Authorization': 'Bearer ' + jsonLogin.authentication.token }
})
.expect('status', 202)
.then(() => {
return frisby.post(REST_URL + '/user/login', {
headers: jsonHeader,
body: {
email: 'bjoern.kimminich@googlemail.com',
password: 'bW9jLmxpYW1lbGdvb2dAaGNpbmltbWlrLm5yZW9qYg=='
}
})
.expect('status', 200)
})
})
})
it("should resolve root dir without trailing slash", async done => {
const { server, port } = await serve(
"spec/helpers/configs/root-and-subdir/",
4014
);
await spandx.init(
"../spec/helpers/configs/root-and-subdir/spandx.remote.js"
);
frisby
.get("http://localhost:1337")
.expect("status", 200)
.expect("bodyContains", /INDEX IN ROOT DIR/)
.done(() => {
server.close(done);
});
});
it("should resolve root dir with trailing slash", async done => {
.then(function () {
frisby.get(measurement_url)
.expect('status', 404);
})
.done(doneFn);