Skip to content

Commit

Permalink
test(e2e): restore e2e sectester tests functionality
Browse files Browse the repository at this point in the history
  • Loading branch information
pmstss committed Aug 27, 2024
1 parent e24f294 commit b04f259
Show file tree
Hide file tree
Showing 11 changed files with 3,957 additions and 3,193 deletions.
7,053 changes: 3,899 additions & 3,154 deletions package-lock.json

Large diffs are not rendered by default.

19 changes: 9 additions & 10 deletions package.json
Original file line number Diff line number Diff line change
Expand Up @@ -38,12 +38,11 @@
"@nestjs/mercurius": "^11.0.3",
"@nestjs/platform-fastify": "^9.3.9",
"@nestjs/swagger": "^6.2.1",
"@sectester/bus": "^0.16.5",
"@sectester/core": "^0.16.5",
"@sectester/repeater": "^0.16.5",
"@sectester/reporter": "^0.16.5",
"@sectester/runner": "^0.16.5",
"@sectester/scan": "^0.16.5",
"@sectester/core": "^0.29.1",
"@sectester/repeater": "^0.29.1",
"@sectester/reporter": "^0.29.1",
"@sectester/runner": "^0.29.1",
"@sectester/scan": "^0.29.1",
"axios": "^0.21.4",
"bcrypt": "^5.1.0",
"class-transformer": "^0.5.1",
Expand Down Expand Up @@ -72,9 +71,9 @@
},
"devDependencies": {
"@mikro-orm/cli": "^4.5.10",
"@nestjs/cli": "^7.5.3",
"@nestjs/cli": "^9.5.0",
"@nestjs/schematics": "^7.1.3",
"@nestjs/testing": "^7.6.18",
"@nestjs/testing": "^9.4.3",
"@types/axios": "^0.14.0",
"@types/dot": "^1.1.5",
"@types/estree": "^1.0.0",
Expand All @@ -92,11 +91,11 @@
"eslint": "^7.32.0",
"eslint-config-prettier": "^6.15.0",
"eslint-plugin-prettier": "^3.4.1",
"jest": "^26.6.3",
"jest": "^29.7.0",
"nodemon": "^2.0.21",
"prettier": "^2.8.4",
"supertest": "^6.3.3",
"ts-jest": "^26.5.6",
"ts-jest": "^29.2.5",
"ts-loader": "^8.4.0",
"ts-node": "^9.1.0",
"tsconfig-paths": "^3.14.2",
Expand Down
18 changes: 10 additions & 8 deletions test/auth.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,4 +1,4 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';
import axios from 'axios';

Expand All @@ -15,8 +15,10 @@ const generateToken = async (jwtType) => {
};

describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -31,7 +33,7 @@ describe('/api', () => {
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
Expand All @@ -44,7 +46,7 @@ describe('/api', () => {
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
Expand All @@ -57,7 +59,7 @@ describe('/api', () => {
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
Expand All @@ -70,7 +72,7 @@ describe('/api', () => {
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
Expand All @@ -83,7 +85,7 @@ describe('/api', () => {
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
Expand All @@ -96,7 +98,7 @@ describe('/api', () => {
const token = await generateToken(jwtType);
await runner
.createScan({ tests: [TestType.JWT], name: `JWT ${jwtType}` })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: { authorization: token },
Expand Down
12 changes: 7 additions & 5 deletions test/config.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';

describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -19,7 +21,7 @@ describe('/api', () => {
tests: [TestType.COOKIE_SECURITY],
name: 'COOKIE_SECURITY',
})
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}/api/config`,
Expand All @@ -32,7 +34,7 @@ describe('/api', () => {
tests: [TestType.HEADER_SECURITY],
name: 'HEADER_SECURITY',
})
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}/api/config?query=no-sec-headers`,
Expand All @@ -45,7 +47,7 @@ describe('/api', () => {
tests: [TestType.FULL_PATH_DISCLOSURE],
name: 'FULL_PATH_DISCLOSURE',
})
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
headers: {
Expand Down
5 changes: 5 additions & 0 deletions test/global-setup.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,5 @@
import { config } from 'dotenv';

export default function globalSetup() {
config();
}
3 changes: 2 additions & 1 deletion test/jest-e2e.json
Original file line number Diff line number Diff line change
Expand Up @@ -5,5 +5,6 @@
"testRegex": ".e2e-spec.ts$",
"transform": {
"^.+\\.(t|j)s$": "ts-jest"
}
},
"globalSetup": "<rootDir>/global-setup.ts"
}
8 changes: 5 additions & 3 deletions test/metadata.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';

describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -16,7 +18,7 @@ describe('/api', () => {
it('should not contains forms liable vulnerable cross-site filling and submitting', async () => {
await runner
.createScan({ tests: [TestType.CSRF], name: 'CSRF' })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'POST',
url: `${process.env.SEC_TESTER_TARGET}/api/metadata`,
Expand Down
8 changes: 5 additions & 3 deletions test/render.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';

describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -16,7 +18,7 @@ describe('/api', () => {
it('should not contain possibility to server-side code execution', async () => {
await runner
.createScan({ tests: [TestType.SSTI], name: 'SSTI' })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'POST',
headers: {
Expand Down
8 changes: 5 additions & 3 deletions test/root.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';

describe('/', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -29,7 +31,7 @@ describe('/', () => {
tests: [TestType.INSECURE_TLS_CONFIGURATION],
name: 'INSECURE_TLS_CONFIGURATION',
})
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}`,
Expand Down
8 changes: 5 additions & 3 deletions test/spawn.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';

describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -16,7 +18,7 @@ describe('/api', () => {
it('should not be able to execute shell commands on the host operating system', async () => {
await runner
.createScan({ tests: [TestType.OSI], name: 'OS Command Injection' })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}/api/spawn?command=pwd`,
Expand Down
8 changes: 5 additions & 3 deletions test/testimonials.e2e-spec.ts
Original file line number Diff line number Diff line change
@@ -1,9 +1,11 @@
import { SecRunner, SecScan } from '@sectester/runner';
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';

describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);

let runner: SecRunner;
let scan: SecScan;

beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
Expand All @@ -16,7 +18,7 @@ describe('/api', () => {
it('should not execute commands for SQL database', async () => {
await runner
.createScan({ tests: [TestType.SQLI], name: 'SQLI' })
.timeout(3000000)
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}/api/testimonials/count?query=lorem`,
Expand Down

0 comments on commit b04f259

Please sign in to comment.