-
Notifications
You must be signed in to change notification settings - Fork 6
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #19 from AikidoSec/dev
Rewrite e2e logic
- Loading branch information
Showing
3 changed files
with
63 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -5,6 +5,6 @@ | |
| "tap": "^18.7.0" | ||
| }, | ||
| "scripts": { | ||
| "test": "tap tests/*.js" | ||
| "test": "tap tests/*.js --allow-empty-coverage" | ||
| } | ||
| } | ||
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,108 +1,102 @@ | ||
| const t = require("tap"); | ||
| const { spawn } = require("node:child_process"); | ||
| const { resolve } = require("node:path"); | ||
| const timeout = require("../timeout"); | ||
|
|
||
| const pathToApp = resolve( | ||
| __dirname, | ||
| "../../sample-apps/express-mongodb", | ||
| "app.js" | ||
| ); | ||
|
|
||
| async function timeout(ms) { | ||
| return new Promise((resolve) => setTimeout(resolve, ms)); | ||
| } | ||
| t.test("it blocks in blocking mode", (t) => { | ||
| const server = spawn(`node`, [pathToApp, "4000"]); | ||
|
|
||
| async function kill(server) { | ||
| return new Promise((resolve) => { | ||
| if (!server.connected || server.killed || !server.pid) { | ||
| resolve(); | ||
| } | ||
|
|
||
| server.on("close", resolve); | ||
| server.on("exit", resolve); | ||
| server.on("error", resolve); | ||
| server.on("disconnect", resolve); | ||
| server.kill(); | ||
| server.on("close", () => { | ||
| t.end(); | ||
| }); | ||
| } | ||
|
|
||
| t.test("it blocks in blocking mode", async () => { | ||
| const server = spawn(`node`, [pathToApp, "4000"], { shell: true }); | ||
| server.on("error", (err) => { | ||
| t.fail(err.message); | ||
| }); | ||
|
|
||
| let stdout = ""; | ||
| server.stdout.on("data", (data) => { | ||
| stdout += data.toString(); | ||
| console.log("stdout", data.toString()); | ||
| }); | ||
|
|
||
| let stderr = ""; | ||
| server.stderr.on("data", (data) => { | ||
| stderr += data.toString(); | ||
| console.log("stderr", data.toString()); | ||
| }); | ||
|
|
||
| // Wait for the server to start | ||
| await timeout(1000); | ||
|
|
||
| try { | ||
| const [noSQLInjection, normalSearch] = await Promise.all([ | ||
| fetch("http://localhost:4000/?search[$ne]=null", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| fetch("http://localhost:4000/?search=title", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| ]); | ||
|
|
||
| t.equal(noSQLInjection.status, 500); | ||
| t.equal(normalSearch.status, 200); | ||
| t.match(stdout, /Starting agent/); | ||
| t.match(stderr, /Aikido guard has blocked a NoSQL injection/); | ||
| } catch (error) { | ||
| t.fail(error.message); | ||
| } finally { | ||
| await kill(server); | ||
| } | ||
| timeout(2000) | ||
| .then(() => { | ||
| return Promise.all([ | ||
| fetch("http://localhost:4000/?search[$ne]=null", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| fetch("http://localhost:4000/?search=title", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| ]); | ||
| }) | ||
| .then(([noSQLInjection, normalSearch]) => { | ||
| t.equal(noSQLInjection.status, 500); | ||
| t.equal(normalSearch.status, 200); | ||
| t.match(stdout, /Starting agent/); | ||
| t.match(stderr, /Aikido guard has blocked a NoSQL injection/); | ||
| }) | ||
| .catch((error) => { | ||
| t.fail(error.message); | ||
| }) | ||
| .finally(() => { | ||
| server.kill(); | ||
| }); | ||
| }); | ||
|
|
||
| t.test("it does not block in dry mode", async () => { | ||
| t.test("it does not block in dry mode", (t) => { | ||
| const server = spawn(`node`, [pathToApp, "4001"], { | ||
| env: { ...process.env, AIKIDO_NO_BLOCKING: "true" }, | ||
| shell: true, | ||
| }); | ||
|
|
||
| server.on("close", () => { | ||
| t.end(); | ||
| }); | ||
|
|
||
| let stdout = ""; | ||
| server.stdout.on("data", (data) => { | ||
| stdout += data.toString(); | ||
| console.log("stdout", data.toString()); | ||
| }); | ||
|
|
||
| let stderr = ""; | ||
| server.stderr.on("data", (data) => { | ||
| stderr += data.toString(); | ||
| console.log("stderr", data.toString()); | ||
| }); | ||
|
|
||
| // Wait for the server to start | ||
| await timeout(1000); | ||
|
|
||
| try { | ||
| const [noSQLInjection, normalSearch] = await Promise.all([ | ||
| fetch("http://localhost:4001/?search[$ne]=null", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| fetch("http://localhost:4001/?search=title", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| ]); | ||
|
|
||
| t.equal(noSQLInjection.status, 200); | ||
| t.equal(normalSearch.status, 200); | ||
| t.match(stdout, /Starting agent/); | ||
| t.notMatch(stderr, /Aikido guard has blocked a NoSQL injection/); | ||
| } catch (error) { | ||
| t.fail(error.message); | ||
| } finally { | ||
| await kill(server); | ||
| } | ||
| timeout(2000) | ||
| .then(() => | ||
| Promise.all([ | ||
| fetch("http://localhost:4001/?search[$ne]=null", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| fetch("http://localhost:4001/?search=title", { | ||
| signal: AbortSignal.timeout(5000), | ||
| }), | ||
| ]) | ||
| ) | ||
| .then(([noSQLInjection, normalSearch]) => { | ||
| t.equal(noSQLInjection.status, 200); | ||
| t.equal(normalSearch.status, 200); | ||
| t.match(stdout, /Starting agent/); | ||
| t.notMatch(stderr, /Aikido guard has blocked a NoSQL injection/); | ||
| }) | ||
| .catch((error) => { | ||
| t.fail(error.message); | ||
| }) | ||
| .finally(() => { | ||
| server.kill(); | ||
| }); | ||
| }); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,3 @@ | ||
| module.exports = async function timeout(ms) { | ||
| return new Promise((resolve) => setTimeout(resolve, ms)); | ||
| }; |