fix mongodb core tests

DataDog · Nov 25, 2024 · ef71918 · ef71918
1 parent 0fdf3c2
commit ef71918
Show file tree

Hide file tree

Showing 4 changed files with 45 additions and 48 deletions.
diff --git a/...sec/iast/analyzers/nosql-injection-mongodb-analyzer.express-mongo-sanitize.plugin.spec.js b/...sec/iast/analyzers/nosql-injection-mongodb-analyzer.express-mongo-sanitize.plugin.spec.js
@@ -9,6 +9,7 @@ const { prepareTestServerForIastInExpress } = require('../utils')
 const agent = require('../../../plugins/agent')
 
 describe('nosql injection detection in mongodb - whole feature', () => {
+  // https://github.com/fiznool/express-mongo-sanitize/issues/200
   withVersions('mongodb', 'express', '>4.18.0 <5.0.0', expressVersion => {
     withVersions('mongodb', 'mongodb', mongodbVersion => {
       const mongodb = require(`../../../../../../versions/mongodb@${mongodbVersion}`)
@@ -155,30 +156,27 @@ describe('nosql injection detection in mongodb - whole feature', () => {
           redactionEnabled: false
         })
 
-      // https://github.com/fiznool/express-mongo-sanitize/issues/200
-      if (semver.intersects(expressVersion, '<5.0.0')) {
-        withVersions('express-mongo-sanitize', 'express-mongo-sanitize', expressMongoSanitizeVersion => {
-          prepareTestServerForIastInExpress('Test with sanitization middleware', expressVersion, (expressApp) => {
-            const mongoSanitize =
-              require(`../../../../../../versions/express-mongo-sanitize@${expressMongoSanitizeVersion}`).get()
-            expressApp.use(mongoSanitize())
-          }, (testThatRequestHasVulnerability, testThatRequestHasNoVulnerability) => {
-            testThatRequestHasNoVulnerability({
-              fn: async (req, res) => {
-                await collection.find({
-                  key: req.query.key
-                })
-
-                res.end()
-              },
-              vulnerability: 'NOSQL_MONGODB_INJECTION',
-              makeRequest: (done, config) => {
-                axios.get(`http://localhost:${config.port}/?key=value`).catch(done)
-              }
-            })
+      withVersions('express-mongo-sanitize', 'express-mongo-sanitize', expressMongoSanitizeVersion => {
+        prepareTestServerForIastInExpress('Test with sanitization middleware', expressVersion, (expressApp) => {
+          const mongoSanitize =
+            require(`../../../../../../versions/express-mongo-sanitize@${expressMongoSanitizeVersion}`).get()
+          expressApp.use(mongoSanitize())
+        }, (testThatRequestHasVulnerability, testThatRequestHasNoVulnerability) => {
+          testThatRequestHasNoVulnerability({
+            fn: async (req, res) => {
+              await collection.find({
+                key: req.query.key
+              })
+
+              res.end()
+            },
+            vulnerability: 'NOSQL_MONGODB_INJECTION',
+            makeRequest: (done, config) => {
+              axios.get(`http://localhost:${config.port}/?key=value`).catch(done)
+            }
           })
         })
-      }
+      })
     })
   })
 })
diff --git a/...trace/test/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.mongoose.plugin.spec.js b/...trace/test/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.mongoose.plugin.spec.js
@@ -10,6 +10,7 @@ const fs = require('fs')
 const { NODE_MAJOR } = require('../../../../../../version')
 
 describe('nosql injection detection in mongodb - whole feature', () => {
+  // https://github.com/fiznool/express-mongo-sanitize/issues/200
   withVersions('mongoose', 'express', '>4.18.0 <5.0.0', expressVersion => {
     withVersions('mongoose', 'mongoose', '>4.0.0', mongooseVersion => {
       const specificMongooseVersion = require(`../../../../../../versions/mongoose@${mongooseVersion}`).version()

diff --git a/...d-trace/test/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.mquery.plugin.spec.js b/...d-trace/test/appsec/iast/analyzers/nosql-injection-mongodb-analyzer.mquery.plugin.spec.js
@@ -9,6 +9,7 @@ const semver = require('semver')
 const fs = require('fs')
 
 describe('nosql injection detection with mquery', () => {
+  // https://github.com/fiznool/express-mongo-sanitize/issues/200
   withVersions('mongodb', 'express', '>4.18.0 <5.0.0', expressVersion => {
     withVersions('mongodb', 'mongodb', mongodbVersion => {
       const mongodb = require(`../../../../../../versions/mongodb@${mongodbVersion}`)
@@ -313,34 +314,31 @@ describe('nosql injection detection with mquery', () => {
             }, 'NOSQL_MONGODB_INJECTION')
           })
 
-        // https://github.com/fiznool/express-mongo-sanitize/issues/200
-        if (semver.intersects(expressVersion, '<5.0.0')) {
-          withVersions('express-mongo-sanitize', 'express-mongo-sanitize', expressMongoSanitizeVersion => {
-            prepareTestServerForIastInExpress('Test with sanitization middleware', expressVersion, (expressApp) => {
-              const mongoSanitize =
-                require(`../../../../../../versions/express-mongo-sanitize@${expressMongoSanitizeVersion}`).get()
-              expressApp.use(mongoSanitize())
-            }, (testThatRequestHasVulnerability, testThatRequestHasNoVulnerability) => {
-              testThatRequestHasNoVulnerability({
-                fn: async (req, res) => {
-                  const filter = {
-                    name: req.query.key
-                  }
-                  try {
-                    await require(tmpFilePath).vulnerableFindOne(collection, filter)
-                  } catch (e) {
-                    // do nothing
-                  }
-                  res.end()
-                },
-                vulnerability: 'NOSQL_MONGODB_INJECTION',
-                makeRequest: (done, config) => {
-                  axios.get(`http://localhost:${config.port}/?key=value`).catch(done)
+        withVersions('express-mongo-sanitize', 'express-mongo-sanitize', expressMongoSanitizeVersion => {
+          prepareTestServerForIastInExpress('Test with sanitization middleware', expressVersion, (expressApp) => {
+            const mongoSanitize =
+              require(`../../../../../../versions/express-mongo-sanitize@${expressMongoSanitizeVersion}`).get()
+            expressApp.use(mongoSanitize())
+          }, (testThatRequestHasVulnerability, testThatRequestHasNoVulnerability) => {
+            testThatRequestHasNoVulnerability({
+              fn: async (req, res) => {
+                const filter = {
+                  name: req.query.key
+                }
+                try {
+                  await require(tmpFilePath).vulnerableFindOne(collection, filter)
+                } catch (e) {
+                  // do nothing
                 }
-              })
+                res.end()
+              },
+              vulnerability: 'NOSQL_MONGODB_INJECTION',
+              makeRequest: (done, config) => {
+                axios.get(`http://localhost:${config.port}/?key=value`).catch(done)
+              }
             })
           })
-        }
+        })
       })
     })
   })

diff --git a/packages/dd-trace/test/plugins/externals.json b/packages/dd-trace/test/plugins/externals.json
@@ -98,7 +98,7 @@
     },
     {
       "name": "express",
-      "versions": [">=4", ">=4.0.0 <4.3.0", ">=4.0.0 <5.0.0", ">=4.3.0 <5.0.0"]
+      "versions": [">=4", ">=4.0.0 <4.3.0", ">=4.0.0 <5.0.0", ">=4.3.0 <5.0.0", ">=5.0.0"]
     },
     {
       "name": "body-parser",