Skip to content

Commit

Permalink
Refactor async test expectations
Browse files Browse the repository at this point in the history
  • Loading branch information
@bkimminich
bkimminich committed Jan 6, 2022
1 parent 34153dc commit 75e0a24
Show file tree
Hide file tree
Showing 10 changed files with 53 additions and 53 deletions.
2 changes: 1 addition & 1 deletion test/e2e/basketSpec.ts
View file
Expand Up @@ -49,7 +49,7 @@ describe('/#/basket', () => {
describe('challenge "basketManipulateChallenge"', () => {
it('should manipulate basket of other user instead of the one associated to logged-in user', () => {
void browser.waitForAngularEnabled(false)
void browser.executeScript(baseUrl => {
void browser.executeScript((baseUrl: string) => {
const xhttp = new XMLHttpRequest()
xhttp.onreadystatechange = function () {
if (this.status === 200) {
Expand Down
12 changes: 6 additions & 6 deletions test/e2e/changePasswordSpec.ts
View file
Expand Up @@ -4,11 +4,11 @@
*/

import config = require('config')
import { $, browser, by, element } from 'protractor'
import { $, browser, by, element, ElementFinder } from 'protractor'
import { basePath, beforeEachLogin, expectChallengeSolved } from './e2eHelpers'

describe('/#/privacy-security/change-password', () => {
let currentPassword, newPassword, newPasswordRepeat, changeButton
let currentPassword: ElementFinder, newPassword: ElementFinder, newPasswordRepeat: ElementFinder, changeButton: ElementFinder

describe('as Morty', () => {
beforeEachLogin({ email: `morty@${config.get('application.domain')}`, password: 'focusOnScienceMorty!focusOnScience' })
Expand All @@ -22,10 +22,10 @@ describe('/#/privacy-security/change-password', () => {
})

it('should be able to change password', () => {
currentPassword.sendKeys('focusOnScienceMorty!focusOnScience')
newPassword.sendKeys('GonorrheaCantSeeUs!')
newPasswordRepeat.sendKeys('GonorrheaCantSeeUs!')
changeButton.click()
void currentPassword.sendKeys('focusOnScienceMorty!focusOnScience')
void newPassword.sendKeys('GonorrheaCantSeeUs!')
void newPasswordRepeat.sendKeys('GonorrheaCantSeeUs!')
void changeButton.click()

expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
})
Expand Down
2 changes: 1 addition & 1 deletion test/e2e/chatbotSpec.ts
View file
Expand Up @@ -39,7 +39,7 @@ describe('/chatbot', () => {
describe('challenge "bullyChatbot"', () => {
it('should be possible to make the chatbot hand out a coupon code', () => {
const trainingData = require(`../../data/chatbot/${utils.extractFilename(config.get('application.chatBot.trainingData'))}`)
const couponIntent = trainingData.data.filter(data => data.intent === 'queries.couponCode')[0]
const couponIntent = trainingData.data.filter((data: { intent: string }) => data.intent === 'queries.couponCode')[0]

void browser.waitForAngularEnabled(false)
void browser.get(`${basePath}/profile`)
Expand Down
54 changes: 27 additions & 27 deletions test/e2e/complainSpec.ts
View file
Expand Up @@ -4,14 +4,14 @@
*/

import path = require('path')
import { browser, by, element, protractor } from 'protractor'
import { browser, by, element, ElementFinder, protractor } from 'protractor'
import { basePath, beforeEachLogin, expectChallengeSolved } from './e2eHelpers'

const config = require('config')
const utils = require('../../lib/utils')

describe('/#/complain', () => {
let file, complaintMessage, submitButton
let file: ElementFinder, complaintMessage: ElementFinder, submitButton: ElementFinder

beforeEachLogin({ email: `admin@${config.get('application.domain')}`, password: 'admin123' })

Expand All @@ -25,7 +25,7 @@ describe('/#/complain', () => {
describe('challenge "uploadSize"', () => {
it('should be possible to upload files greater 100 KB directly through backend', () => {
void browser.waitForAngularEnabled(false)
void browser.executeScript(baseUrl => {
void browser.executeScript((baseUrl: string) => {
const over100KB = Array.apply(null, new Array(11000)).map(String.prototype.valueOf, '1234567890')
const blob = new Blob(over100KB, { type: 'application/pdf' })

Expand All @@ -45,7 +45,7 @@ describe('/#/complain', () => {
describe('challenge "uploadType"', () => {
it('should be possible to upload files with other extension than .pdf directly through backend', () => {
void browser.waitForAngularEnabled(false)
void browser.executeScript(baseUrl => {
void browser.executeScript((baseUrl: string) => {
const data = new FormData()
const blob = new Blob(['test'], { type: 'application/x-msdownload' })
data.append('file', blob, 'invalidTypeForClient.exe')
Expand All @@ -62,25 +62,25 @@ describe('/#/complain', () => {

describe('challenge "deprecatedInterface"', () => {
it('should be possible to upload XML files', () => {
complaintMessage.sendKeys('XML all the way!')
file.sendKeys(path.resolve('test/files/deprecatedTypeForServer.xml'))
submitButton.click()
void complaintMessage.sendKeys('XML all the way!')
void file.sendKeys(path.resolve('test/files/deprecatedTypeForServer.xml'))
void submitButton.click()
})
expectChallengeSolved({ challenge: 'Deprecated Interface' })
})

if (!utils.disableOnContainerEnv()) {
describe('challenge "xxeFileDisclosure"', () => {
it('should be possible to retrieve file from Windows server via .xml upload with XXE attack', () => {
complaintMessage.sendKeys('XXE File Exfiltration Windows!')
file.sendKeys(path.resolve('test/files/xxeForWindows.xml'))
submitButton.click()
void complaintMessage.sendKeys('XXE File Exfiltration Windows!')
void file.sendKeys(path.resolve('test/files/xxeForWindows.xml'))
void submitButton.click()
})

it('should be possible to retrieve file from Linux server via .xml upload with XXE attack', () => {
complaintMessage.sendKeys('XXE File Exfiltration Linux!')
file.sendKeys(path.resolve('test/files/xxeForLinux.xml'))
submitButton.click()
void complaintMessage.sendKeys('XXE File Exfiltration Linux!')
void file.sendKeys(path.resolve('test/files/xxeForLinux.xml'))
void submitButton.click()
})

afterAll(() => {
Expand All @@ -90,15 +90,15 @@ describe('/#/complain', () => {

describe('challenge "xxeDos"', () => {
it('should be possible to trigger request timeout via .xml upload with Quadratic Blowup attack', () => {
complaintMessage.sendKeys('XXE Quadratic Blowup!')
file.sendKeys(path.resolve('test/files/xxeQuadraticBlowup.xml'))
submitButton.click()
void complaintMessage.sendKeys('XXE Quadratic Blowup!')
void file.sendKeys(path.resolve('test/files/xxeQuadraticBlowup.xml'))
void submitButton.click()
})

it('should be possible to trigger request timeout via .xml upload with dev/random attack', () => {
complaintMessage.sendKeys('XXE Quadratic Blowup!')
file.sendKeys(path.resolve('test/files/xxeDevRandom.xml'))
submitButton.click()
void complaintMessage.sendKeys('XXE Quadratic Blowup!')
void file.sendKeys(path.resolve('test/files/xxeDevRandom.xml'))
void submitButton.click()
})

afterAll(() => {
Expand All @@ -108,24 +108,24 @@ describe('/#/complain', () => {

describe('challenge "arbitraryFileWrite"', () => {
it('should be possible to upload zip file with filenames having path traversal', () => {
complaintMessage.sendKeys('Zip Slip!')
file.sendKeys(path.resolve('test/files/arbitraryFileWrite.zip'))
submitButton.click()
void complaintMessage.sendKeys('Zip Slip!')
void file.sendKeys(path.resolve('test/files/arbitraryFileWrite.zip'))
void submitButton.click()
})
expectChallengeSolved({ challenge: 'Arbitrary File Write' })
})

describe('challenge "videoXssChallenge"', () => {
it('should be possible to inject js in subtitles by uploading zip file with filenames having path traversal', () => {
const EC = protractor.ExpectedConditions
complaintMessage.sendKeys('Here we go!')
file.sendKeys(path.resolve('test/files/videoExploit.zip'))
submitButton.click()
void complaintMessage.sendKeys('Here we go!')
void file.sendKeys(path.resolve('test/files/videoExploit.zip'))
void submitButton.click()
void browser.waitForAngularEnabled(false)
void browser.get(`${basePath}/promotion`)
void browser.wait(EC.alertIsPresent(), 5000, "'xss' alert is not present on /promotion")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
})
void browser.get(`${basePath}/`)
Expand Down
10 changes: 5 additions & 5 deletions test/e2e/contactSpec.ts
View file
Expand Up @@ -65,15 +65,15 @@ describe('/#/contact', () => {
void browser.get(`${basePath}/#/about`)

void browser.wait(EC.alertIsPresent(), 15000, "'xss' alert is not present on /#/about")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
})

void browser.get(`${basePath}/#/administration`)
void browser.wait(EC.alertIsPresent(), 15000, "'xss' alert is not present on /#/administration")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
void $$('.mat-cell.mat-column-remove > button').last().click()
void browser.wait(EC.stalenessOf(element(by.tagName('iframe'))), 5000)
Expand Down Expand Up @@ -158,7 +158,7 @@ describe('/#/contact', () => {
xhttp.setRequestHeader('Content-type', 'text/plain')
xhttp.send()

function sendPostRequest (_captcha) {
function sendPostRequest (_captcha: any) {
const xhttp = new XMLHttpRequest()
xhttp.onreadystatechange = function () {
if (this.status === 201) {
Expand Down
6 changes: 3 additions & 3 deletions test/e2e/profileSpec.ts
View file
Expand Up @@ -46,8 +46,8 @@ describe('/profile', () => {
void username.sendKeys('<<a|ascript>alert(`xss`)</script>')
void submitButton.click()
void browser.wait(EC.alertIsPresent(), 10000, "'xss' alert is not present on /profile")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
})
void username.clear()
Expand Down Expand Up @@ -96,7 +96,7 @@ describe('/profile', () => {

xit('should be possible to fake a CSRF attack against the user profile page', () => {
void browser.waitForAngularEnabled(false)
void browser.executeScript(baseUrl => {
void browser.executeScript((baseUrl: string) => {
const xhttp = new XMLHttpRequest()
xhttp.onreadystatechange = function () {
if (this.status === 200) {
Expand Down
4 changes: 2 additions & 2 deletions test/e2e/registerSpec.ts
View file
Expand Up @@ -44,8 +44,8 @@ describe('/#/register', () => {
const EC = protractor.ExpectedConditions
void browser.get(`${basePath}/#/administration`)
void browser.wait(EC.alertIsPresent(), 10000, "'xss' alert is not present on /#/administration")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
// Disarm XSS payload so subsequent tests do not run into unexpected alert boxes
models.User.findOne({ where: { email: '<iframe src="javascript:alert(`xss`)">' } }).then(user => {
Expand Down
8 changes: 4 additions & 4 deletions test/e2e/restApiSpec.ts
View file
Expand Up @@ -39,8 +39,8 @@ describe('/api', () => {

void browser.wait(EC.alertIsPresent(), 5000, "'xss' alert is not present on /#/search")
void browser.switchTo().alert().then(
alert => {
expect(alert.getText()).toEqual('xss')
async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
// Disarm XSS payload so subsequent tests do not run into unexpected alert boxes
models.Product.findOne({ where: { name: 'RestXSS' } }).then(product => {
Expand Down Expand Up @@ -74,7 +74,7 @@ describe('/api', () => {
it('should be possible to change product via PUT request without being logged in', () => {
void browser.waitForAngularEnabled(false)

void browser.executeScript((baseUrl, tamperingProductId, overwriteUrl) => {
void browser.executeScript((baseUrl: string, tamperingProductId: number, overwriteUrl: string) => {
const xhttp = new XMLHttpRequest()
xhttp.onreadystatechange = function () {
if (this.status === 200) {
Expand Down Expand Up @@ -104,7 +104,7 @@ describe('/rest/saveLoginIp', () => {

it('should be possible to save log-in IP when logged in', () => {
void browser.waitForAngularEnabled(false)
void browser.executeScript(baseUrl => {
void browser.executeScript((baseUrl: string) => {
const xhttp = new XMLHttpRequest()
xhttp.onreadystatechange = function () {
if (this.status === 200) {
Expand Down
4 changes: 2 additions & 2 deletions test/e2e/searchSpec.ts
View file
Expand Up @@ -28,8 +28,8 @@ describe('/#/search', () => {
void inputField.sendKeys('<iframe src="javascript:alert(`xss`)">')
void browser.actions().sendKeys(protractor.Key.ENTER).perform()
void browser.wait(EC.alertIsPresent(), 5000, "'xss' alert is not present on /#/search")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
})
})
Expand Down
4 changes: 2 additions & 2 deletions test/e2e/trackOrderSpec.ts
View file
Expand Up @@ -19,8 +19,8 @@ describe('/#/track-order', () => {
void browser.refresh()

void browser.wait(EC.alertIsPresent(), 5000, "'xss' alert is not present on /#/track-result ")
void browser.switchTo().alert().then(alert => {
expect(alert.getText()).toEqual('xss')
void browser.switchTo().alert().then(async alert => {
await expectAsync(alert.getText()).toBeResolvedTo('xss')
void alert.accept()
})
void browser.waitForAngularEnabled(true)
Expand Down

0 comments on commit 75e0a24

Please sign in to comment.