Skip to content

Commit

Permalink
build: resolve set-value vulnerability (#166)
Browse files Browse the repository at this point in the history
  • Loading branch information
barrett-schonefeld authored Oct 2, 2021
1 parent 3aed5ec commit 361086d
Show file tree
Hide file tree
Showing 9 changed files with 3,981 additions and 3,839 deletions.
7,743 changes: 3,955 additions & 3,788 deletions package-lock.json

Large diffs are not rendered by default.

2 changes: 1 addition & 1 deletion package.json
Original file line number Diff line number Diff line change
Expand Up @@ -50,7 +50,7 @@
"eslint-plugin-jsdoc": "^34.6.3",
"eslint-plugin-node": "^9.0.0",
"eslint-plugin-prettier": "^3.0.1",
"jest": "^26.6.3",
"jest": "^27.2.4",
"nock": "^13.1.2",
"object.assign": "~4.1.0",
"prettier": "^2.3.0",
Expand Down
9 changes: 3 additions & 6 deletions test/unit/base-service.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -297,7 +297,7 @@ describe('Base Service', () => {
expect(args[0]).toEqual(parameters.defaultOptions);
});

it('should call sendRequest on authenticate() success', async (done) => {
it('should call sendRequest on authenticate() success', async () => {
const testService = new TestService({
authenticator: AUTHENTICATOR,
});
Expand All @@ -324,10 +324,9 @@ describe('Base Service', () => {
const args = sendRequestMock.mock.calls[0];
expect(args[0]).toEqual(parameters);
expect(testService.requestWrapperInstance.sendRequest).toBe(sendRequestMock); // verify it is calling the instance
done();
});

it('createRequest should reject with an error if `serviceUrl` is not set', async (done) => {
it('createRequest should reject with an error if `serviceUrl` is not set', async () => {
const testService = new TestService({
authenticator: AUTHENTICATOR,
});
Expand Down Expand Up @@ -357,10 +356,9 @@ describe('Base Service', () => {
// assert results
expect(err).toBeInstanceOf(Error);
expect(res).toBeUndefined();
done();
});

it('should send error back to user on authenticate() failure', async (done) => {
it('should send error back to user on authenticate() failure', async () => {
const testService = new TestService({
authenticator: AUTHENTICATOR,
});
Expand All @@ -385,7 +383,6 @@ describe('Base Service', () => {

expect(err).toBe(fakeError);
expect(authenticateMock).toHaveBeenCalled();
done();
});

it('readOptionsFromExternalConfig should return an empty object if no properties are found', () => {
Expand Down
3 changes: 1 addition & 2 deletions test/unit/basic-authenticator.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -55,13 +55,12 @@ describe('Basic Authenticator', () => {
}).toThrow(/Revise these credentials/);
});

it('should update the options and resolve the Promise with `null`', async (done) => {
it('should update the options and resolve the Promise with `null`', async () => {
const authenticator = new BasicAuthenticator(CONFIG);
const options = {};
const result = await authenticator.authenticate(options);

expect(result).toBeUndefined();
expect(options.headers.Authorization).toBe('Basic ZGF2ZTpncm9obA==');
done();
});
});
3 changes: 1 addition & 2 deletions test/unit/bearer-token-authenticator.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -33,14 +33,13 @@ describe('Bearer Token Authenticator', () => {
}).toThrow();
});

it('should update the options and resolve with `null`', async (done) => {
it('should update the options and resolve with `null`', async () => {
const authenticator = new BearerTokenAuthenticator(config);
const options = {};
const result = await authenticator.authenticate(options);

expect(result).toBeUndefined();
expect(options.headers.Authorization).toBe(`Bearer ${config.bearerToken}`);
done();
});

it('should re-set the bearer token using the setter', () => {
Expand Down
3 changes: 1 addition & 2 deletions test/unit/cp4d-authenticator.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -125,7 +125,7 @@ describe('CP4D Authenticator', () => {
}).toThrow(/Revise these credentials/);
});

it('should update the options and resolve with `null`', async (done) => {
it('should update the options and resolve with `null`', async () => {
const authenticator = new CloudPakForDataAuthenticator(CONFIG);

// override the created token manager with the mocked one
Expand All @@ -140,7 +140,6 @@ describe('CP4D Authenticator', () => {

// verify that the original options are kept intact
expect(options.headers['X-Some-Header']).toBe('user-supplied header');
done();
});

it('should re-set disableSslVerification using the setter', () => {
Expand Down
24 changes: 8 additions & 16 deletions test/unit/jwt-token-manager.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -43,7 +43,7 @@ describe('JWT Token Manager', () => {
});

describe('getToken', () => {
it('should request a token if no token is stored', async (done) => {
it('should request a token if no token is stored', async () => {
const instance = new JwtTokenManager();
const saveTokenInfoSpy = jest.spyOn(instance, 'saveTokenInfo');

Expand All @@ -64,10 +64,9 @@ describe('JWT Token Manager', () => {
saveTokenInfoSpy.mockRestore();
decodeSpy.mockRestore();
requestTokenSpy.mockRestore();
done();
});

it('should pace token requests', async (done) => {
it('should pace token requests', async () => {
const instance = new JwtTokenManager();

const decodeSpy = jest
Expand All @@ -94,10 +93,9 @@ describe('JWT Token Manager', () => {

decodeSpy.mockRestore();
requestTokenSpy.mockRestore();
done();
});

it('should reject all paced token requests on error from token service', async (done) => {
it('should reject all paced token requests on error from token service', async () => {
const instance = new JwtTokenManager();

const requestTokenSpy = jest.spyOn(instance, 'requestToken').mockImplementation(
Expand Down Expand Up @@ -126,10 +124,9 @@ describe('JWT Token Manager', () => {
expect(requestTokenSpy.mock.calls).toHaveLength(1);

requestTokenSpy.mockRestore();
done();
});

it('should request a token if token is stored but needs refresh', async (done) => {
it('should request a token if token is stored but needs refresh', async () => {
const instance = new JwtTokenManager();
instance.tokenInfo.access_token = CURRENT_ACCESS_TOKEN;

Expand All @@ -151,10 +148,9 @@ describe('JWT Token Manager', () => {
saveTokenInfoSpy.mockRestore();
decodeSpy.mockRestore();
requestTokenSpy.mockRestore();
done();
});

it('should not save token info if token request returned an error', async (done) => {
it('should not save token info if token request returned an error', async () => {
const instance = new JwtTokenManager();

const saveTokenInfoSpy = jest.spyOn(instance, 'saveTokenInfo');
Expand All @@ -176,10 +172,9 @@ describe('JWT Token Manager', () => {

saveTokenInfoSpy.mockRestore();
requestTokenSpy.mockRestore();
done();
});

it('should catch and reject lower level errors', async (done) => {
it('should catch and reject lower level errors', async () => {
const instance = new JwtTokenManager();
const saveTokenInfoSpy = jest.spyOn(instance, 'saveTokenInfo');

Expand All @@ -203,22 +198,20 @@ describe('JWT Token Manager', () => {

saveTokenInfoSpy.mockRestore();
requestTokenSpy.mockRestore();
done();
});

it('should use an sdk-managed token if present and not expired', async (done) => {
it('should use an sdk-managed token if present and not expired', async () => {
const instance = new JwtTokenManager();
instance.tokenInfo.access_token = ACCESS_TOKEN;
instance.accessToken = ACCESS_TOKEN;
instance.expireTime = getCurrentTime() + 1000;
instance.refreshTime = getCurrentTime() + 800;
const token = await instance.getToken();
expect(token).toBe(ACCESS_TOKEN);
done();
});
});

it('should reject with error if requestToken is not overriden', async (done) => {
it('should reject with error if requestToken is not overriden', async () => {
const instance = new JwtTokenManager();

let err;
Expand All @@ -231,7 +224,6 @@ describe('JWT Token Manager', () => {

expect(err).toBeInstanceOf(Error);
expect(token).toBeUndefined();
done();
});

describe('isTokenExpired', () => {
Expand Down
3 changes: 1 addition & 2 deletions test/unit/no-auth-authenticator.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -17,11 +17,10 @@
const { NoAuthAuthenticator } = require('../../dist/auth');

describe('NoAuth Authenticator', () => {
it('should resolve Promise on authenticate', async (done) => {
it('should resolve Promise on authenticate', async () => {
const authenticator = new NoAuthAuthenticator();
const result = await authenticator.authenticate({});

expect(result).toBeUndefined();
done();
});
});
30 changes: 10 additions & 20 deletions test/unit/request-wrapper.test.js
Original file line number Diff line number Diff line change
Expand Up @@ -173,7 +173,7 @@ describe('sendRequest', () => {
mockAxiosInstance.mockReset();
});

it('should send a request with default parameters', async (done) => {
it('should send a request with default parameters', async () => {
const parameters = {
defaultOptions: {
body: 'post=body',
Expand Down Expand Up @@ -206,10 +206,9 @@ describe('sendRequest', () => {
);
expect(res).toEqual(expectedResult);
expect(mockAxiosInstance.mock.calls).toHaveLength(1);
done();
});

it('sendRequest should strip trailing slashes', async (done) => {
it('sendRequest should strip trailing slashes', async () => {
const parameters = {
defaultOptions: {
body: 'post=body',
Expand All @@ -233,10 +232,9 @@ describe('sendRequest', () => {
'https://example.ibm.com/trailing/slash'
);
expect(res).toEqual(expectedResult);
done();
});

it('should call formatError if request failed', async (done) => {
it('should call formatError if request failed', async () => {
const parameters = {
defaultOptions: {
body: 'post=body',
Expand Down Expand Up @@ -264,10 +262,9 @@ describe('sendRequest', () => {
// assert results
expect(err).toBeInstanceOf(Error);
expect(res).toBeUndefined();
done();
});

it('should send a request where option parameters overrides defaults', async (done) => {
it('should send a request where option parameters overrides defaults', async () => {
const parameters = {
defaultOptions: {
formData: '',
Expand Down Expand Up @@ -324,10 +321,9 @@ describe('sendRequest', () => {
expect(mockAxiosInstance.mock.calls[0][0].responseType).toEqual('json');
expect(res).toEqual(expectedResult);
expect(mockAxiosInstance.mock.calls).toHaveLength(1);
done();
});

it('should send a request with Host header set in default options', async (done) => {
it('should send a request with Host header set in default options', async () => {
const parameters = {
defaultOptions: {
body: 'post=body',
Expand All @@ -354,10 +350,9 @@ describe('sendRequest', () => {
'Accept-Encoding': 'gzip',
Host: 'alternatehost.ibm.com:443',
});
done();
});

it('should send a request with Host header set in overridden options', async (done) => {
it('should send a request with Host header set in overridden options', async () => {
const parameters = {
defaultOptions: {
body: 'post=body',
Expand Down Expand Up @@ -389,10 +384,9 @@ describe('sendRequest', () => {
'Accept-Encoding': 'gzip',
Host: 'correcthost.ibm.com:443',
});
done();
});

it('should handle merging of different options objects', async (done) => {
it('should handle merging of different options objects', async () => {
const parameters = {
defaultOptions: {
qs: {
Expand Down Expand Up @@ -441,10 +435,9 @@ describe('sendRequest', () => {
expect(mockAxiosInstance.mock.calls[0][0].responseType).toEqual('json');
expect(res).toEqual(expectedResult);
expect(mockAxiosInstance.mock.calls).toHaveLength(1);
done();
});

it('should send a request with multiform data', async (done) => {
it('should send a request with multiform data', async () => {
const parameters = {
defaultOptions: {
formData: '',
Expand Down Expand Up @@ -529,10 +522,9 @@ describe('sendRequest', () => {

expect(res).toEqual(expectedResult);
expect(mockAxiosInstance.mock.calls).toHaveLength(1);
done();
});

it('should send a request with form data', async (done) => {
it('should send a request with form data', async () => {
const parameters = {
defaultOptions: {
form: { a: 'a', b: 'b' },
Expand Down Expand Up @@ -585,7 +577,6 @@ describe('sendRequest', () => {
expect(mockAxiosInstance.mock.calls[0][0].responseType).toEqual('json');
expect(res).toEqual(expectedResult);
expect(mockAxiosInstance.mock.calls).toHaveLength(1);
done();
});

it('should call `gzipRequestBody` if configured to do so', async () => {
Expand Down Expand Up @@ -617,7 +608,7 @@ describe('sendRequest', () => {

// Need to rewrite this to test instantiation with userOptions

// it('should keep parameters in options that are not explicitly set in requestwrapper', async done => {
// it('should keep parameters in options that are not explicitly set in requestwrapper', async => {
// const parameters = {
// defaultOptions: {
// body: 'post=body',
Expand All @@ -644,7 +635,6 @@ describe('sendRequest', () => {
// expect(mockAxiosInstance.mock.calls[0][0].otherParam).toEqual(500);
// expect(res).toEqual(expectedResult);
// expect(mockAxiosInstance.mock.calls.length).toBe(1);
// done();
// });
// });
});
Expand Down

0 comments on commit 361086d

Please sign in to comment.