forked from freeCodeCamp/freeCodeCamp
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathschema.test.ts
57 lines (48 loc) · 1.85 KB
/
schema.test.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
import Ajv from 'ajv';
import secureSchema from 'ajv/lib/refs/json-schema-secure.json';
import * as schemas from './schemas';
// it's not strict, but that's okay - we're not using it to validate data
const ajv = new Ajv({ strictTypes: false });
const isSchemaSecure = ajv.compile(secureSchema);
// These schemas will fail the tests, so can only be checked by hand.
const ignoredSchemas = ['getSessionUser', 'getPublicProfile'];
describe('Schemas do not use obviously dangerous validation', () => {
Object.entries(schemas)
.filter(([schema]) => !ignoredSchemas.includes(schema))
.forEach(([name, schema]) => {
describe(`schema ${name}`, () => {
if ('body' in schema) {
test('body is secure', () => {
expect(isSchemaSecure(schema.body)).toBeTruthy();
});
}
if ('querystring' in schema) {
test('querystring is secure', () => {
expect(isSchemaSecure(schema.querystring)).toBeTruthy();
});
}
test('should use querystring instead of query', () => {
// if query is used then req.query is unknown, but if querystring is
// used then req.query has the expected type
expect('query' in schema).toBeFalsy();
});
if ('params' in schema) {
test('params is secure', () => {
expect(isSchemaSecure(schema.params)).toBeTruthy();
});
}
if ('headers' in schema) {
test('headers is secure', () => {
expect(isSchemaSecure(schema.headers)).toBeTruthy();
});
}
if ('response' in schema) {
Object.entries(schema.response).forEach(([code, codeSchema]) => {
test(`response ${code} is secure`, () => {
expect(isSchemaSecure(codeSchema)).toBeTruthy();
});
});
}
});
});
});