@contrast/protect 1.54.0 → 1.54.1

package/lib/input-analysis/install/universal-cookie4.test.js

@@ -1,70 +0,0 @@
-'use strict';
-
-const sinon = require('sinon');
-const { expect } = require('chai');
-const scopes = require('@contrast/scopes');
-const patcher = require('@contrast/patcher');
-const mocks = require('@contrast/test/mocks');
-const universalCookieInstr = require('./universal-cookie4');
-
-describe('protect input-analysis universal-cookie v4.x', function () {
-  let core, inputAnalysis, universalCookieMock, patchedUniversalCookie, cookie;
-
-
-  beforeEach(function () {
-    core = mocks.core();
-    core.logger = mocks.logger();
-    core.scopes = scopes(core);
-    core.protect = mocks.protect();
-    require('../../get-source-context')(core);
-    core.depHooks = mocks.depHooks();
-    core.patcher = patcher(core);
-
-    inputAnalysis = core.protect.inputAnalysis;
-    cookie = { parameter: 'parsed' };
-    universalCookieMock = {
-      parseCookies: (cookie) => cookie || {}
-    };
-    sinon.spy(core.patcher, 'patch');
-
-    universalCookieInstr(core).install();
-    patchedUniversalCookie = core.depHooks.resolve.yield(universalCookieMock)[0];
-    core.patcher.patch.resetHistory();
-  });
-
-  it('calls patcher on the `.parseCookies` method', function () {
-    core.depHooks.resolve.yield(universalCookieMock);
-
-    expect(core.patcher.patch).to.have.been.calledOnce;
-    expect(core.patcher.patch).to.have.been.calledWithMatch(universalCookieMock, 'parseCookies', {
-      name: 'universal-cookie.utils',
-      patchType: 'protect-input-analysis',
-      post: sinon.match.func
-    });
-  });
-
-  it('calls `.handleCookies` when parsing is successful, in right context and with reqData.queries present', function () {
-    core.scopes.sources.run({ protect: {} }, () => {
-      patchedUniversalCookie.parseCookies(cookie);
-    });
-
-    expect(inputAnalysis.handleCookies).to.have.been.calledOnce;
-    expect(inputAnalysis.handleCookies).to.have.been.calledWithMatch({ parsedCookies: cookie }, cookie);
-  });
-
-  it('does not call `.handleCookies` when not in context', function () {
-    core.scopes.sources.run({}, () => {
-      patchedUniversalCookie.parseCookies(cookie);
-    });
-
-    expect(inputAnalysis.handleCookies).not.to.have.been.called;
-  });
-
-  it('does not call `.handleCookies` when `universal-cookie` does not return a result', function () {
-    core.scopes.sources.run({ protect: {} }, () => {
-      patchedUniversalCookie.parseCookies(null);
-    });
-
-    expect(inputAnalysis.handleCookies).not.to.have.been.called;
-  });
-});

package/lib/input-analysis/ip-analysis.test.js

@@ -1,71 +0,0 @@
-'use strict';
-
-const { expect } = require('chai');
-const sinon = require('sinon');
-const mocks = require('@contrast/test/mocks');
-const { Event } = require('@contrast/common');
-const address = require('ipaddr.js');
-
-describe('protect input-analysis ip-analysis', function () {
-  let core, serverUpdate, clock;
-
-  beforeEach(function () {
-    core = mocks.core();
-    core.protect = mocks.protect();
-
-    clock = sinon.useFakeTimers();
-
-    serverUpdate = {
-      protect: {
-        rules: {
-          ip_allowlist: [{ ip: '127.0.0.1', expires: 0 }, { ip: '1.2.3.4', expires: 50000 }],
-          ip_denylist: [{ ip: '192.168.1.0/12', expires: 0 }]
-        }
-      }
-    };
-  });
-
-  this.afterEach(function () {
-    clock.restore();
-  });
-
-  it('stores the IP allow/deny lists', function () {
-    require('./ip-analysis')(core);
-    const { ipAllowlist, ipDenylist } = core.protect.inputAnalysis;
-
-    expect(ipAllowlist.length).to.equal(0);
-    expect(ipDenylist.length).to.equal(0);
-
-
-    core.messages.emit(Event.SERVER_SETTINGS_UPDATE, serverUpdate);
-
-    expect(ipAllowlist).to.deep.equal([
-      {
-        ip: '127.0.0.1',
-        expires: 0,
-        doesExpire: false,
-        expiresAt: undefined,
-        normalizedValue: '127.0.0.1',
-        cidr: undefined
-      },
-      {
-        ip: '1.2.3.4',
-        expires: 50000,
-        doesExpire: true,
-        expiresAt: 50000,
-        normalizedValue: '1.2.3.4',
-        cidr: undefined
-      }
-    ]);
-    expect(ipDenylist).to.deep.equal([
-      {
-        ip: '192.168.1.0/12',
-        expires: 0,
-        doesExpire: false,
-        expiresAt: undefined,
-        normalizedValue: '192.168.1.0',
-        cidr: { range: address.parseCIDR('192.168.1.0/12'), kind: 'ipv4' }
-      }
-    ]);
-  });
-});

package/lib/input-analysis/virtual-patches.test.js

@@ -1,106 +0,0 @@
-'use strict';
-
-const { expect } = require('chai');
-const mocks = require('@contrast/test/mocks');
-const { Event } = require('@contrast/common');
-
-describe('protect input-analysis virtual-patches', function () {
-  let core, virtualPatches, positiveTestData, negativeTestData;
-
-  beforeEach(function () {
-    core = mocks.core();
-    core.protect = mocks.protect();
-
-    virtualPatches = [
-      {
-        headers: [{
-          evaluation: 'MATCHES',
-          name: 'Content-Type',
-          value: 'json'
-        }],
-        parameters: [{
-          evaluation: 'DOESNT_EQUALS',
-          name: 'sink',
-          value: 'safe'
-        }],
-        urls: [{
-          evaluation: 'CONTAINS',
-          value: 'database'
-        }],
-      },
-      {
-        headers: [{
-          evaluation: 'EQUALS',
-          name: 'malicious-header',
-          value: 'attack'
-        }],
-        parameters: [{
-          evaluation: 'DOESNT_CONTAIN',
-          name: 'sink',
-          value: 'safe'
-        }],
-        urls: [{
-          evaluation: 'DOESNT_MATCH',
-          value: 'public'
-        }],
-      },
-      {
-        urls: [{
-          evaluation: 'INVALID_EVALUATION',
-          value: 'invalid'
-        }]
-      }
-    ];
-    positiveTestData = {
-      headers: [['content-type', 'application/json'], { 'malicious-header': 'attack' }],
-      parameters: [{ sink: 'unsafe' }, { sink: 'vulnerable' }],
-      urls: ['/api/v1/database', '/api/v1/private']
-    };
-    negativeTestData = {
-      headers: [['test-header', 'test'], ['safe-header', 'not-an-attack']],
-      parameters: [{ sink: 'safe' }, { sink: 'safe' }],
-      urls: ['/api/v1/about', '/api/v1/public']
-    };
-  });
-
-  it('builds the evaluators', function () {
-    require('./virtual-patches')(core);
-    const { virtualPatchesEvaluators } = core.protect.inputAnalysis;
-
-    expect(virtualPatchesEvaluators.length).to.equal(0);
-
-    core.messages.emit(Event.SERVER_SETTINGS_UPDATE, { protect: { 'virtual-patches': virtualPatches } });
-
-    expect(virtualPatchesEvaluators.length).to.equal(3);
-    expect(virtualPatchesEvaluators[0].size).to.equal(4);
-    expect(virtualPatchesEvaluators[1].size).to.equal(4);
-    expect(virtualPatchesEvaluators[2].size).to.equal(2);
-  });
-
-  it('evaluates the patch conditions correctly', function () {
-    require('./virtual-patches')(core);
-    const { virtualPatchesEvaluators } = core.protect.inputAnalysis;
-
-    core.messages.emit(Event.SERVER_SETTINGS_UPDATE, { protect: { 'virtual-patches': virtualPatches } });
-
-    expect(virtualPatchesEvaluators.length).to.equal(3);
-    virtualPatchesEvaluators.forEach((evaluators, index) => {
-      const headersEvaluator = evaluators.get('HEADERS');
-      const parametersEvaluator = evaluators.get('PARAMETERS');
-      const urlsEvaluators = evaluators.get('URLS');
-
-      if (index !== 2) {
-        expect(headersEvaluator(positiveTestData.headers[index])).to.be.true;
-        expect(headersEvaluator(negativeTestData.headers[index])).to.be.false;
-        expect(parametersEvaluator(positiveTestData.parameters[index])).to.be.true;
-        expect(parametersEvaluator(negativeTestData.parameters[index])).to.be.false;
-        expect(urlsEvaluators(positiveTestData.urls[index])).to.be.true;
-        expect(urlsEvaluators(negativeTestData.urls[index])).to.be.false;
-      } else {
-        expect(headersEvaluator).to.be.undefined;
-        expect(parametersEvaluator).to.be.undefined;
-        expect(urlsEvaluators(positiveTestData.urls[0])).to.be.false;
-      }
-    });
-  });
-});