bulltrackers-module 1.0.1003 → 1.0.1004

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.
Files changed (2) hide show
  1. package/functions/api-v3/testing/routes.integration.test.js +59 -51
  2. package/package.json +1 -1
package/functions/api-v3/testing/routes.integration.test.js CHANGED
@@ -946,57 +946,65 @@ describe('Cross-Cutting', () => {
946
946
  'Content-Type': 'application/json',
947
947
  });
948
948
 
949
- it('returns 422 and does not write to GCS when code fails verification (process.env)', async () => {
950
- const res = await request(app)
951
- .post('/computations/upload')
952
- .set(auth())
953
- .send({
954
- code: `module.exports = { config: { name: 'Evil', skills: [], requires: {} }, process(ctx) { return process.env; } };`,
955
- name: 'Evil',
956
- });
957
- expect(res.status).toBe(422);
958
- expect(res.body.error).toBe('Verification failed');
959
- expect(res.body.stages).toBeDefined();
960
- expect(storage._saveCalls.length).toBe(0);
961
- });
962
-
963
- it('returns 422 and does not write to GCS when code fails verification (require)', async () => {
964
- const res = await request(app)
965
- .post('/computations/upload')
966
- .set(auth())
967
- .send({
968
- code: `module.exports = { config: { name: 'Evil', skills: [], requires: {} }, process(ctx) { require('fs'); return ctx; } };`,
969
- name: 'Evil',
970
- });
971
- expect(res.status).toBe(422);
972
- expect(res.body.error).toBe('Verification failed');
973
- expect(storage._saveCalls.length).toBe(0);
974
- });
975
-
976
- it('returns 422 and does not write to GCS when code fails verification (eval)', async () => {
977
- const res = await request(app)
978
- .post('/computations/upload')
979
- .set(auth())
980
- .send({
981
- code: `module.exports = { config: { name: 'Evil', skills: [], requires: {} }, process(ctx) { return eval('1+1'); } };`,
982
- name: 'Evil',
983
- });
984
- expect(res.status).toBe(422);
985
- expect(res.body.error).toBe('Verification failed');
986
- expect(storage._saveCalls.length).toBe(0);
987
- });
988
-
989
- it('returns 200 and writes to GCS when code passes verification', async () => {
990
- // Use process: (ctx) => ... so extracted process source re-parses when wrapped in parens (method shorthand process(ctx){ } is invalid as a standalone expression).
991
- const validCode = `module.exports = {
992
- config: { name: 'SafeComp', typeOverride: 'global' },
993
- process: (ctx) => ({ ok: true, date: ctx.date })
994
- };`;
995
- const res = await request(app)
996
- .post('/computations/upload')
997
- .set(auth())
998
- .send({ code: validCode, name: 'SafeComp' });
999
- expect(res.status).toBe(200);
949
+ it('returns 422 and does not write to GCS when code fails verification (process.env)', async () => {
950
+ const res = await request(app)
951
+ .post('/computations/upload')
952
+ .set(auth())
953
+ .send({
954
+ code: `module.exports = { config: { name: 'Evil', skills: [], requires: {} }, process(ctx) { return process.env; } };`,
955
+ name: 'Evil',
956
+ });
957
+ expect(res.status).toBe(422);
958
+ expect(res.body.error).toBe('Verification required');
959
+ expect(storage._saveCalls.length).toBe(0);
960
+ });
961
+
962
+ it('returns 422 and does not write to GCS when code fails verification (require)', async () => {
963
+ const res = await request(app)
964
+ .post('/computations/upload')
965
+ .set(auth())
966
+ .send({
967
+ code: `module.exports = { config: { name: 'Evil', skills: [], requires: {} }, process(ctx) { require('fs'); return ctx; } };`,
968
+ name: 'Evil',
969
+ });
970
+ expect(res.status).toBe(422);
971
+ expect(res.body.error).toBe('Verification required');
972
+ expect(storage._saveCalls.length).toBe(0);
973
+ });
974
+
975
+ it('returns 422 and does not write to GCS when code fails verification (eval)', async () => {
976
+ const res = await request(app)
977
+ .post('/computations/upload')
978
+ .set(auth())
979
+ .send({
980
+ code: `module.exports = { config: { name: 'Evil', skills: [], requires: {} }, process(ctx) { return eval('1+1'); } };`,
981
+ name: 'Evil',
982
+ });
983
+ expect(res.status).toBe(422);
984
+ expect(res.body.error).toBe('Verification required');
985
+ expect(storage._saveCalls.length).toBe(0);
986
+ });
987
+
988
+ it('returns 200 and writes to GCS when code passes verification', async () => {
989
+ // Use process: (ctx) => ... so extracted process source re-parses when wrapped in parens (method shorthand process(ctx){ } is invalid as a standalone expression).
990
+ const validCode = `module.exports = {
991
+ config: { name: 'SafeComp', typeOverride: 'global' },
992
+ process: (ctx) => ({ ok: true, date: ctx.date })
993
+ };`;
994
+ const crypto = require('crypto');
995
+ const codeHash = crypto.createHash('sha256').update(validCode).digest('hex');
996
+ db.seed('users/user-123/verification_status/safecomp', {
997
+ lastHash: codeHash,
998
+ lastVerificationId: 'verify-1',
999
+ lastVerifiedAt: new Date().toISOString(),
1000
+ status: 'passed',
1001
+ name: 'SafeComp',
1002
+ });
1003
+ const res = await request(app)
1004
+ .post('/computations/upload')
1005
+ .set(auth())
1006
+ .send({ code: validCode, name: 'SafeComp' });
1007
+ expect(res.status).toBe(200);
1000
1008
  expect(res.body.success).toBe(true);
1001
1009
  expect(res.body.hash).toBeDefined();
1002
1010
  expect(storage._saveCalls.length).toBe(1);
package/package.json CHANGED
@@ -1,6 +1,6 @@
1
1
  {
2
2
  "name": "bulltrackers-module",
3
- "version": "1.0.1003",
3
+ "version": "1.0.1004",
4
4
  "description": "Helper Functions for Bulltrackers.",
5
5
  "main": "index.js",
6
6
  "files": [