Javascript application for fuzzing by turalsalamov · Pull Request #2 · CodeIntelligenceTesting/ci-fuzz-cli-tutorials

turalsalamov · 2023-07-28T16:27:40Z

It is a nodejs javascript demo application with vulnerability for fuzzing. Details of application are described in README.md file.

0xricksanchez · 2023-07-31T13:09:53Z

+## TODO application
+
+### Usage of application


Suggested change

## TODO application

### Usage of application

## Functionality

0xricksanchez · 2023-07-31T13:10:08Z

@@ -0,0 +1,28 @@
+# Nodejs JS demo application


Suggested change

# Nodejs JS demo application

# NodeJS demo application

0xricksanchez · 2023-07-31T13:10:50Z

+
+### Usage of application
+
+It is simple nodejs express TODO application which has several functionalities, such as, adding, 


Suggested change

It is simple nodejs express TODO application which has several functionalities, such as, adding,

It is simple nodeJS express TODO application, which has several functionalities, such as, adding,

0xricksanchez · 2023-07-31T13:13:24Z

+### Usage of application
+
+It is simple nodejs express TODO application which has several functionalities, such as, adding, 
+deleting, listing TODOs, deleting whole json file and command execution in the server. The application creates 


Suggested change

deleting, listing TODOs, deleting whole json file and command execution in the server. The application creates

deleting single TODOs, and listing TODOs. Additional functionality includes, deleting the whole TODO list json file and command execution on the server. The application creates

0xricksanchez · 2023-07-31T13:14:23Z

+
+It is simple nodejs express TODO application which has several functionalities, such as, adding, 
+deleting, listing TODOs, deleting whole json file and command execution in the server. The application creates 
+todo.json file in the root folder of the application.


Suggested change

todo.json file in the root folder of the application.

a `todo.json` file in the root folder of the application as a database to save all added TODOs.

0xricksanchez · 2023-07-31T13:16:03Z

+Endpoints: 
+
+`/api/add?todo=<todo>&deadline=<deadline>`
+
+`/api/delete?id=<id>`
+
+`/api/list`
+
+`/api/deleteList`
+
+`/api/server?command=<command>`


Suggested change

Endpoints:

`/api/add?todo=<todo>&deadline=<deadline>`

`/api/delete?id=<id>`

`/api/list`

`/api/deleteList`

`/api/server?command=<command>`

Available endpoints:

/api/add?todo=&deadline=
/api/delete?id=
/api/list
/api/deleteList
/api/server?command=

0xricksanchez · 2023-07-31T13:17:08Z

+{
+  "name": "nodejs",
+  "version": "1.0.0",
+  "description": "Nodejs Javascript tutorial example",


Suggested change

"description": "Nodejs Javascript tutorial example",

"description": "NodeJS tutorial example",

0xricksanchez · 2023-07-31T13:17:24Z

@@ -0,0 +1,16 @@
+{
+  "name": "nodejs",


Suggested change

"name": "nodejs",

"name": "TODO list server",

0xricksanchez · 2023-07-31T13:25:22Z

+const fs = require('fs')
+const child_process = require('child_process')
+
+class TODO {
+    id
+    todo
+    deadline
+
+    constructor(id, todo, deadline) {
+        this.id = id;
+        this.todo = todo
+        this.deadline = deadline
+    }
+}
+
+function fileIsPresent() {
+    return fs.existsSync('./todo.json');
+}
+
+
+function writeToFile(data) {
+    try{
+        fs.writeFileSync("./todo.json", JSON.stringify(data));
+    }catch (e) {
+        throw new Error()
+    }
+
+}
+
+function readFromFile() {
+    try {
+        return fs.readFileSync('./todo.json');
+    } catch (e) {
+        throw new Error()
+    }
+}
+
+function createAndWrite(dataToWrite){
+    let initial_arr = []
+    dataToWrite.id = 1
+    initial_arr.push(dataToWrite)
+    writeToFile(initial_arr);
+}
+
+function deleteEntry(id) {
+    try {
+        if (fileIsPresent()) {
+            const temp = readFromFile();
+            let content = JSON.parse(temp.toString());
+            let _index = -1;
+            content.forEach((element, index) => {
+                if (String(element.id) === id) {
+                    _index = index;
+                }
+            });
+            if (_index >= 0) {
+                content.splice(_index, 1);
+                writeToFile(content);
+            } else {
+                throw new Error();
+            }
+        } else {
+            throw new Error();
+        }
+
+    }catch (e) {
+        return false;
+    }
+    return true;
+}
+
+
+function addEntry(dataToWrite) {
+    try{
+        if (fileIsPresent()) {
+            const data = readFromFile();
+            let content = JSON.parse(data.toString());
+            if (content.length > 0) {
+                let last_id = content[content.length - 1].id
+                dataToWrite.id = last_id + 1
+                content.push(dataToWrite);
+                writeToFile(content);
+            } else {
+                createAndWrite(dataToWrite)
+            }
+        } else {
+            createAndWrite(dataToWrite)
+        }
+    }catch (e) {
+        return false
+    }
+    return true
+}
+
+function deleteFile() {
+    try {
+        if (fileIsPresent()) {
+            fs.unlink('./todo.json', (err) => {
+                if (err) throw new Error()
+            })
+            return true;
+        }
+        return false;
+    }catch (e) {
+        return false;
+    }
+}
+function listFile() {
+    if (fileIsPresent()) {
+        // read the file
+        const data = readFromFile();
+        const content = JSON.parse(data.toString());
+        let respond = "";
+        content.forEach((element) => respond = respond + "Id: " + element.id + "\tTODO: " + element.todo + "\tDeadline: " + element.deadline + "\n");
+        return[true, respond]
+    }
+    return [false, null]
+}
+
+function commandExecution(command, fn) {
+    child_process.exec(command, (err, stdout, stderr) => {
+        fn(stdout)
+    });
+}
+
+module.exports = {TODO, commandExecution, addEntry, deleteEntry, deleteFile, listFile}


Suggested change

const fs = require('fs')

const child_process = require('child_process')

class TODO {

id

todo

deadline

constructor(id, todo, deadline) {

this.id = id;

this.todo = todo

this.deadline = deadline

}

}

function fileIsPresent() {

return fs.existsSync('./todo.json');

}

function writeToFile(data) {

try{

fs.writeFileSync("./todo.json", JSON.stringify(data));

}catch (e) {

throw new Error()

}

}

function readFromFile() {

try {

return fs.readFileSync('./todo.json');

} catch (e) {

throw new Error()

}

}

function createAndWrite(dataToWrite){

let initial_arr = []

dataToWrite.id = 1

initial_arr.push(dataToWrite)

writeToFile(initial_arr);

}

function deleteEntry(id) {

try {

if (fileIsPresent()) {

const temp = readFromFile();

let content = JSON.parse(temp.toString());

let _index = -1;

content.forEach((element, index) => {

if (String(element.id) === id) {

_index = index;

}

});

if (_index >= 0) {

content.splice(_index, 1);

writeToFile(content);

} else {

throw new Error();

}

} else {

throw new Error();

}

}catch (e) {

return false;

}

return true;

}

function addEntry(dataToWrite) {

try{

if (fileIsPresent()) {

const data = readFromFile();

let content = JSON.parse(data.toString());

if (content.length > 0) {

let last_id = content[content.length - 1].id

dataToWrite.id = last_id + 1

content.push(dataToWrite);

writeToFile(content);

} else {

createAndWrite(dataToWrite)

}

} else {

createAndWrite(dataToWrite)

}

}catch (e) {

return false

}

return true

}

function deleteFile() {

try {

if (fileIsPresent()) {

fs.unlink('./todo.json', (err) => {

if (err) throw new Error()

})

return true;

}

return false;

}catch (e) {

return false;

}

}

function listFile() {

if (fileIsPresent()) {

// read the file

const data = readFromFile();

const content = JSON.parse(data.toString());

let respond = "";

content.forEach((element) => respond = respond + "Id: " + element.id + "\tTODO: " + element.todo + "\tDeadline: " + element.deadline + "\n");

return[true, respond]

}

return [false, null]

}

function commandExecution(command, fn) {

child_process.exec(command, (err, stdout, stderr) => {

fn(stdout)

});

}

module.exports = {TODO, commandExecution, addEntry, deleteEntry, deleteFile, listFile}

const fs = require('fs');

const child_process = require('child_process')

class TODO {

constructor(id, todo, deadline) {

this.id = id;

this.todo = todo;

this.deadline = deadline;

}

}

const filePath = './todo.json';

function fileIsPresent() {

return fs.existsSync(filePath);

}

function writeToFile(data) {

try {

fs.writeFileSync(filePath, JSON.stringify(data));

} catch (e) {

console.error('Error while writing to file:', e);

}

}

function readFromFile() {

try {

return JSON.parse(fs.readFileSync(filePath).toString());

} catch (e) {

console.error('Error while reading from file:', e);

}

return null;

}

function createAndWrite(dataToWrite) {

dataToWrite.id = 1;

writeToFile([dataToWrite]);

}

function deleteEntry(id) {

if (fileIsPresent()) {

let content = readFromFile();

if (content) {

let index = content.findIndex(element => element.id === id);

if (index >= 0) {

content.splice(index, 1);

writeToFile(content);

return true;

}

}

}

return false;

}

function addEntry(dataToWrite) {

if (fileIsPresent()) {

let content = readFromFile();

if (content) {

let lastId = content[content.length - 1].id;

dataToWrite.id = lastId + 1;

content.push(dataToWrite);

writeToFile(content);

return true;

}

} else {

createAndWrite(dataToWrite);

return true;

}

return false;

}

function deleteFile() {

try {

if (fileIsPresent()) {

fs.unlinkSync(filePath);

return true;

}

} catch (e) {

console.error('Error while deleting file:', e);

}

return false;

}

function listFile() {

if (fileIsPresent()) {

const content = readFromFile();

if (content) {

return content.map(element => `Id: ${element.id}\tTODO: ${element.todo}\tDeadline: ${element.deadline}`).join('\n');

}

}

return null;

}

function commandExecution(command, fn) {

child_process.exec(command, (err, stdout, stderr) => {

fn(stdout)

});

}

module.exports = { TODO, addEntry, deleteEntry, deleteFile, listFile, commandExecution }

That should be more aligned with modern JavaScript.

0xricksanchez · 2023-07-31T13:27:25Z

@@ -0,0 +1,2 @@
+package-lock.json


JS comments also apply to the TS side. I'll leave adding these to the TS side to you @turalsalamov

0roman · 2023-08-07T13:46:10Z

Add an entry in the README for the new tutorials.

turalsalamov added 2 commits July 28, 2023 18:19

javascript application is ready for fuzzing

8278b8d

Completed typescript demo application for tutorial section

87a2647

turalsalamov force-pushed the js-ts branch from 81a8626 to 87a2647 Compare July 31, 2023 09:56

0roman requested a review from 0xricksanchez July 31, 2023 10:20

0xricksanchez suggested changes Jul 31, 2023

View reviewed changes

Refactored code

8be3acf

turalsalamov force-pushed the js-ts branch from 96e5252 to 8be3acf Compare August 7, 2023 11:32

Refactored the code

158270c

0roman self-requested a review August 7, 2023 13:44

0roman removed their request for review August 7, 2023 13:46

Tutorial links are added

b870fb4

turalsalamov force-pushed the js-ts branch from 73824f4 to b870fb4 Compare August 23, 2023 11:32

0roman merged commit bbe8ef8 into CodeIntelligenceTesting:main Aug 23, 2023

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Javascript application for fuzzing#2

Javascript application for fuzzing#2
0roman merged 5 commits intoCodeIntelligenceTesting:mainfrom
turalsalamov:js-ts

turalsalamov commented Jul 28, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0xricksanchez Jul 31, 2023

Uh oh!

0roman commented Aug 7, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants


		### Usage of application

		It is simple nodejs express TODO application which has several functionalities, such as, adding,

	deleting, listing TODOs, deleting whole json file and command execution in the server. The application creates
	deleting single TODOs, and listing TODOs. Additional functionality includes, deleting the whole TODO list json file and command execution on the server. The application creates

	todo.json file in the root folder of the application.
	a `todo.json` file in the root folder of the application as a database to save all added TODOs.

	"description": "Nodejs Javascript tutorial example",
	"description": "NodeJS tutorial example",

Conversation

turalsalamov commented Jul 28, 2023

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

Choose a reason for hiding this comment

Uh oh!

0roman commented Aug 7, 2023

Uh oh!

Reviewers

Assignees

Labels

Projects

Milestone

Development

Uh oh!

3 participants