Automated test for presence of EXIF data for blueprint challenge [🚀]

[bkimminich]

Problem

A valid config file must defined the fileForRetrieveBlueprintChallenge property for exactly one product. For default.yml this is:

  -
    name: 'OWASP Juice Shop Logo (3D-printed)'
    description: 'This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.'
    price: 99.99
    image: 3d_keychain.jpg # Exif metadata contains "OpenSCAD" as subtle hint...
    fileForRetrieveBlueprintChallenge: JuiceShop.stl # ...to blueprint file type

The presence of the property is checked on startup. It is never checked however, if the image of that product actually contains some EXIF data that would help find that blueprint file. As the challenge seeminly not played often, #1597 could sneakily exist since 2019 without being noticed.

Solution

1. Introduce a property exifForBlueprintChallenge that needs to be specified on the product used for the blueprint challenge
2. Implement a test in test/server that uses the exif module to read the EXIF data from the image of that product
3. Check if the EXIF data contains the string/property from exifForBlueprintChallenge to pass the test

Additional requirements

• This check must work for the default.yml and also all custom configs
• The presence of the new exifForBlueprintChallenge property must be checked in the validateConfig.ts script
• The new property must be added to the config.schema.yml

[prince-7]

I would like to take this up

[vibhuti019]

I would like to contribute to this issue.

[bkimminich]

@prince-7 @vibhuti019, feel free to tackle this one together or one of you does it alone, up to you!

[vibhuti019]

@bkimminich sir is the issue open ?

[bkimminich]

#1614 and #1615 both tackle it already.

[bkimminich]

The config schema check is working fine, only the actual EXIF data check doesn't trigger, no matter what I do. It never goes into the callback function under https://github.com/bkimminich/juice-shop/blob/develop/test/server/blueprintSpec.ts#L32 ... Any ideas?

[vibhuti019]

Sir, can you describe the workflow of the function.

[the-pro]

The config schema check is working fine, only the actual EXIF data check doesn't trigger, no matter what I do. It never goes into the callback function under https://github.com/bkimminich/juice-shop/blob/develop/test/server/blueprintSpec.ts#L32 ... Any ideas?

It is working fine for me with both files and URLs. Can you give any tests so I can check

[bkimminich]

Yeah, never mind. It works when I run npm run test:server. If I run the test standalone from IntelliJ it will always pass, but that is not a problem of the test itself, as it seems.

@chinggg @the-pro Good work guys! I probably have both your addresses already, in case I don't, please email them to me so I can send you some stickers with the next batch for this contribution! 👍

[github-actions]

This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs.