Move Docker/Heroku checks into utils functions

juice-shop · Sep 2, 2018 · 4a6f5dd · 4a6f5dd
1 parent 6d0a69b
commit 4a6f5dd
Show file tree

Hide file tree

Showing 5 changed files with 21 additions and 21 deletions.
diff --git a/data/datacreator.js b/data/datacreator.js
@@ -4,8 +4,6 @@ const datacache = require('./datacache')
 const config = require('config')
 const utils = require('../lib/utils')
 const mongodb = require('./mongodb')
-const isDocker = require('is-docker')
-const isHeroku = require('is-heroku')
 
 const fs = require('fs')
 const path = require('path')
@@ -41,15 +39,6 @@ module.exports = async () => {
   }
 }
 
-function determineRuntime (disabledEnv) {
-  if (isDocker()) {
-    return disabledEnv && (disabledEnv === 'Docker' || disabledEnv.includes('Docker')) ? 'Docker' : null
-  } else if (isHeroku) {
-    return disabledEnv && (disabledEnv === 'Heroku' || disabledEnv.includes('Heroku')) ? 'Heroku' : null
-  }
-  return null
-}
-
 async function createChallenges () {
   const showHints = config.get('application.showChallengeHints')
 
@@ -67,7 +56,7 @@ async function createChallenges () {
           solved: false,
           hint: showHints ? hint : null,
           hintUrl: showHints ? hintUrl : null,
-          disabledEnv: determineRuntime(disabledEnv)
+          disabledEnv: utils.determineDisabledContainerEnv(disabledEnv)
         })
         datacache.challenges[key] = challenge
       } catch (err) {

diff --git a/lib/utils.js b/lib/utils.js
@@ -11,6 +11,8 @@ const config = require('config')
 const entities = new Entities()
 const download = require('download')
 const crypto = require('crypto')
+const isDocker = require('is-docker')
+const isHeroku = require('is-heroku')
 
 const months = ['JAN', 'FEB', 'MAR', 'APR', 'MAY', 'JUN', 'JUL', 'AUG', 'SEP', 'OCT', 'NOV', 'DEC']
 
@@ -164,3 +166,16 @@ exports.jwtFrom = ({ headers }) => {
 exports.randomHexString = (length) => {
   return crypto.randomBytes(Math.ceil(length / 2)).toString('hex').slice(0, length)
 }
+
+exports.runsOnContainerEnv = () => {
+  return isDocker() || isHeroku
+}
+
+exports.determineDisabledContainerEnv = (disabledEnv) => {
+  if (isDocker()) {
+    return disabledEnv && (disabledEnv === 'Docker' || disabledEnv.includes('Docker')) ? 'Docker' : null
+  } else if (isHeroku) {
+    return disabledEnv && (disabledEnv === 'Heroku' || disabledEnv.includes('Heroku')) ? 'Heroku' : null
+  }
+  return null
+}
diff --git a/routes/fileUpload.js b/routes/fileUpload.js
@@ -2,8 +2,6 @@ const utils = require('../lib/utils')
 const challenges = require('../data/datacache').challenges
 const libxml = require('libxmljs')
 const vm = require('vm')
-const isDocker = require('is-docker')
-const isHeroku = require('is-heroku')
 
 module.exports = function fileUpload () {
   return (req, res, next) => {
@@ -19,7 +17,7 @@ module.exports = function fileUpload () {
       if (utils.notSolved(challenges.deprecatedInterfaceChallenge)) {
         utils.solve(challenges.deprecatedInterfaceChallenge)
       }
-      if (file.buffer && !isDocker() && !isHeroku) { // XXE attacks in Docker/Heroku containers regularly cause "segfault" crashes
+      if (file.buffer && !utils.runsOnContainerEnv()) { // XXE attacks in Docker/Heroku containers regularly cause "segfault" crashes
         const data = file.buffer.toString()
         try {
           const sandbox = { libxml, data }

diff --git a/test/api/fileUploadSpec.js b/test/api/fileUploadSpec.js
@@ -2,8 +2,7 @@ const frisby = require('frisby')
 const fs = require('fs')
 const path = require('path')
 const FormData = require('form-data')
-const isDocker = require('is-docker')
-const isHeroku = require('is-heroku')
+const utils = require('../../lib/utils')
 
 const URL = 'http://localhost:3000'
 
@@ -61,7 +60,7 @@ describe('/file-upload', () => {
       .done(done)
   })
 
-  if (!isDocker() && !isHeroku) { // XXE attacks in Docker/Heroku containers regularly cause "segfault" crashes
+  if (!utils.runsOnContainerEnv()) {
     it('POST file type XML with XXE attack against Windows', done => {
       file = path.resolve(__dirname, '../files/xxeForWindows.xml')
       form = new FormData()

diff --git a/test/e2e/complainSpec.js b/test/e2e/complainSpec.js
@@ -1,7 +1,6 @@
 const config = require('config')
 const path = require('path')
-const isDocker = require('is-docker')
-const isHeroku = require('is-heroku')
+const utils = require('../../lib/utils')
 
 describe('/#/complain', () => {
   let file, complaintMessage, submitButton
@@ -62,7 +61,7 @@ describe('/#/complain', () => {
     protractor.expect.challengeSolved({ challenge: 'Deprecated Interface' })
   })
 
-  if (!isDocker() && !isHeroku) { // XXE attacks in Docker/Heroku containers regularly cause "segfault" crashes
+  if (!utils.runsOnContainerEnv()) {
     describe('challenge "xxeFileDisclosure"', () => {
       it('should be possible to retrieve file from Windows server via .xml upload with XXE attack', () => {
         complaintMessage.sendKeys('XXE File Exfiltration Windows!')