1 | 1 | | package integration_test |
2 | 2 | | |
3 | | - | import "testing" |
4 | | - | |
5 | | - | const javascriptRulesPath string = "../../pkg/commands/process/settings/rules/javascript/" |
6 | | - | |
7 | | - | func TestJavascriptLangLogger(t *testing.T) { |
8 | | - | t.Parallel() |
9 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/logger") |
10 | | - | } |
11 | | - | |
12 | | - | func TestJavascriptOpenRedirect(t *testing.T) { |
13 | | - | t.Parallel() |
14 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/open_redirect") |
15 | | - | } |
16 | | - | |
17 | | - | func TestJavascriptLangSession(t *testing.T) { |
18 | | - | t.Parallel() |
19 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/session") |
20 | | - | } |
21 | | - | |
22 | | - | func TestJavascriptWeakEncryption(t *testing.T) { |
23 | | - | t.Parallel() |
24 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/weak_encryption") |
25 | | - | } |
26 | | - | |
27 | | - | func TestJavascriptWeakPasswordEncryption(t *testing.T) { |
28 | | - | t.Parallel() |
29 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/weak_password_encryption") |
30 | | - | } |
31 | | - | |
32 | | - | func TestJavascriptJWT(t *testing.T) { |
33 | | - | t.Parallel() |
34 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/jwt") |
35 | | - | } |
36 | | - | |
37 | | - | func TestJavascriptJWTWeakEncryption(t *testing.T) { |
38 | | - | t.Parallel() |
39 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/jwt_weak_encryption") |
40 | | - | } |
41 | | - | |
42 | | - | func TestJavascriptJWTHardcodedSecret(t *testing.T) { |
43 | | - | t.Parallel() |
44 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/jwt_hardcoded_secret") |
45 | | - | } |
46 | | - | |
47 | | - | func TestJavascriptHTTPInsecure(t *testing.T) { |
48 | | - | t.Parallel() |
49 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/http_insecure") |
50 | | - | } |
51 | | - | |
52 | | - | func TestJavascriptLangException(t *testing.T) { |
53 | | - | t.Parallel() |
54 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/exception") |
55 | | - | } |
56 | | - | |
57 | | - | func TestJavascriptLangFileGeneration(t *testing.T) { |
58 | | - | t.Parallel() |
59 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/file_generation") |
60 | | - | } |
61 | | - | |
62 | | - | func TestJavascriptHardcodedSecret(t *testing.T) { |
63 | | - | t.Parallel() |
64 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/hardcoded_secret") |
65 | | - | } |
66 | | - | |
67 | | - | func TestJavascriptDangeoursInsertHTML(t *testing.T) { |
68 | | - | t.Parallel() |
69 | | - | getRunner(t).runTest(t, javascriptRulesPath+"lang/dangerous_insert_html") |
70 | | - | } |
71 | | - | |
72 | | - | func TestJavascriptAwsLambdaCodeInjection(t *testing.T) { |
73 | | - | t.Parallel() |
74 | | - | getRunner(t).runTest(t, javascriptRulesPath+"aws_lambda/code_injection") |
75 | | - | } |
76 | | - | |
77 | | - | func TestJavascriptAwsLambdaQueryInjection(t *testing.T) { |
78 | | - | t.Parallel() |
79 | | - | getRunner(t).runTest(t, javascriptRulesPath+"aws_lambda/query_injection") |
80 | | - | } |
81 | | - | |
82 | | - | func TestJavascriptAwsLambdaSqlInjection(t *testing.T) { |
83 | | - | t.Parallel() |
84 | | - | getRunner(t).runTest(t, javascriptRulesPath+"aws_lambda/sql_injection") |
85 | | - | } |
86 | | - | |
87 | | - | func TestJavascriptAwsLambdaOsCommandInjection(t *testing.T) { |
88 | | - | t.Parallel() |
89 | | - | getRunner(t).runTest(t, javascriptRulesPath+"aws_lambda/os_command_injection") |
90 | | - | } |
91 | | - | |
92 | | - | func TestJavascriptExpressHardCodedSecret(t *testing.T) { |
93 | | - | t.Parallel() |
94 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/hardcoded_secret") |
95 | | - | } |
96 | | - | |
97 | | - | func TestJavascriptExpressOpenRedirect(t *testing.T) { |
98 | | - | t.Parallel() |
99 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/open_redirect") |
100 | | - | } |
101 | | - | |
102 | | - | func TestJavascriptExpressUnsafeDeserialization(t *testing.T) { |
103 | | - | t.Parallel() |
104 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/unsafe_deserialization") |
105 | | - | } |
106 | | - | |
107 | | - | func TestJavascriptExpressExternalResource(t *testing.T) { |
108 | | - | t.Parallel() |
109 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/external_resource") |
110 | | - | } |
111 | | - | |
112 | | - | func TestJavascriptExpressInsecureAllowOrigin(t *testing.T) { |
113 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/insecure_allow_origin") |
114 | | - | } |
115 | | - | |
116 | | - | func TestJavascriptExpressExternalFileUpload(t *testing.T) { |
117 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/external_file_upload") |
118 | | - | } |
119 | | - | |
120 | | - | func TestJavascriptExpressJwtNotRevoked(t *testing.T) { |
121 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/jwt_not_revoked") |
122 | | - | } |
123 | | - | |
124 | | - | func TestJavascriptExpressExposedDirListing(t *testing.T) { |
125 | | - | t.Parallel() |
126 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/exposed_dir_listing") |
127 | | - | } |
128 | | - | |
129 | | - | func TestJavascriptExpressCrossSiteScripting(t *testing.T) { |
130 | | - | t.Parallel() |
131 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/cross_site_scripting") |
132 | | - | } |
133 | | - | |
134 | | - | func TestJavascriptExpressPathTraversal(t *testing.T) { |
135 | | - | t.Parallel() |
136 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/path_traversal") |
137 | | - | } |
138 | | - | |
139 | | - | func TestJavascriptExpressHttpsProtocolMissing(t *testing.T) { |
140 | | - | t.Parallel() |
141 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/https_protocol_missing") |
142 | | - | } |
143 | | - | |
144 | | - | func TestJavascriptExpressServerSideRequestForgery(t *testing.T) { |
145 | | - | t.Parallel() |
146 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/server_side_request_forgery") |
147 | | - | } |
148 | | - | |
149 | | - | func TestJavascriptExpressInsecureTemplateRendering(t *testing.T) { |
150 | | - | t.Parallel() |
151 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/insecure_template_rendering") |
152 | | - | } |
153 | | - | |
154 | | - | func TestJavascriptExpressStaticAssetWithSession(t *testing.T) { |
155 | | - | t.Parallel() |
156 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/static_asset_with_session") |
157 | | - | } |
158 | | - | |
159 | | - | func TestJavascriptExpressUiRedress(t *testing.T) { |
160 | | - | t.Parallel() |
161 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/ui_redress") |
162 | | - | } |
163 | | - | |
164 | | - | func TestJavascriptExpressSqlInjection(t *testing.T) { |
165 | | - | t.Parallel() |
166 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/sql_injection") |
167 | | - | } |
168 | | - | |
169 | | - | func TestJavascriptExpressSecureCookie(t *testing.T) { |
170 | | - | t.Parallel() |
171 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/insecure_cookie") |
172 | | - | } |
173 | | - | |
174 | | - | func TestJavascriptExpressDefaultCookieConfig(t *testing.T) { |
175 | | - | t.Parallel() |
176 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/default_cookie_config") |
177 | | - | } |
178 | | - | |
179 | | - | func TestJavascriptExpressDefaultSessionConfig(t *testing.T) { |
180 | | - | t.Parallel() |
181 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/default_session_config") |
182 | | - | } |
183 | | - | |
184 | | - | func TestJavascriptExpressXXEVulnerability(t *testing.T) { |
185 | | - | t.Parallel() |
186 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/xml_external_entity_vulnerability") |
187 | | - | } |
188 | | - | |
189 | | - | func TestJavascriptExpressEvalUserInput(t *testing.T) { |
190 | | - | t.Parallel() |
191 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/eval_user_input") |
192 | | - | } |
193 | | - | |
194 | | - | func TestJavascriptReactGoogleAnalytics(t *testing.T) { |
195 | | - | t.Parallel() |
196 | | - | getRunner(t).runTest(t, javascriptRulesPath+"react/google_analytics") |
197 | | - | } |
198 | | - | |
199 | | - | func TestJavascriptReactDangerouslySetInnerHTML(t *testing.T) { |
200 | | - | t.Parallel() |
201 | | - | getRunner(t).runTest(t, javascriptRulesPath+"react/dangerously_set_inner_html") |
202 | | - | } |
203 | | - | |
204 | | - | func TestJavascriptThirdPartySentry(t *testing.T) { |
205 | | - | t.Parallel() |
206 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/sentry") |
207 | | - | } |
208 | | - | |
209 | | - | func TestJavascriptGTM(t *testing.T) { |
210 | | - | t.Parallel() |
211 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/google_tag_manager") |
212 | | - | } |
213 | | - | |
214 | | - | func TestJavascriptGoogleAnalytics(t *testing.T) { |
215 | | - | t.Parallel() |
216 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/google_analytics") |
217 | | - | } |
218 | | - | |
219 | | - | func TestJavascriptAlgolia(t *testing.T) { |
220 | | - | t.Parallel() |
221 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/algolia") |
222 | | - | } |
223 | | - | |
224 | | - | func TestJavascriptDataDog(t *testing.T) { |
225 | | - | t.Parallel() |
226 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/datadog") |
227 | | - | } |
228 | | - | |
229 | | - | func TestJavascriptDataDogBrowser(t *testing.T) { |
230 | | - | t.Parallel() |
231 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/datadog_browser") |
232 | | - | } |
233 | | - | |
234 | | - | func TestJavascriptElasticSearch(t *testing.T) { |
235 | | - | t.Parallel() |
236 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/elasticsearch") |
237 | | - | } |
238 | | - | |
239 | | - | func TestJavascriptSegmentDataflow(t *testing.T) { |
240 | | - | t.Parallel() |
241 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/segment") |
242 | | - | } |
| 3 | + | import ( |
| 4 | + | "os" |
| 5 | + | "testing" |
| 6 | + | ) |
243 | 7 | | |
244 | | - | func TestJavascriptNewRelic(t *testing.T) { |
245 | | - | t.Parallel() |
246 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/new_relic") |
247 | | - | } |
| 8 | + | func TestJavascript(t *testing.T) { |
| 9 | + | rulesPath, _ := os.LookupEnv("RULES_PATH") // defaults to "" if not present |
| 10 | + | var javascriptRulesPath string = rulesPath + "/javascript/" |
248 | 11 | | |
249 | | - | func TestJavascriptRollbar(t *testing.T) { |
250 | | - | t.Parallel() |
251 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/rollbar") |
252 | | - | } |
| 12 | + | tests := []RuleTestCase{} |
| 13 | + | entries, err := os.ReadDir(javascriptRulesPath) |
| 14 | + | if err != nil { |
| 15 | + | t.Fatalf("failed to read /javascript folder: %s", err) |
| 16 | + | } |
| 17 | + | for _, entry := range entries { |
| 18 | + | if !entry.IsDir() { |
| 19 | + | continue |
| 20 | + | } |
253 | 21 | | |
254 | | - | func TestJavascriptHoneybadger(t *testing.T) { |
255 | | - | t.Parallel() |
256 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/honeybadger") |
257 | | - | } |
| 22 | + | ruleDirs, err := os.ReadDir(javascriptRulesPath + entry.Name()) |
| 23 | + | if err != nil { |
| 24 | + | t.Fatalf("failed to read /javascript/%s folder: %s", javascriptRulesPath+entry.Name(), err) |
| 25 | + | } |
| 26 | + | for _, ruleDir := range ruleDirs { |
| 27 | + | if !ruleDir.IsDir() { |
| 28 | + | continue |
| 29 | + | } |
258 | 30 | | |
259 | | - | func TestJavascriptAirbrake(t *testing.T) { |
260 | | - | t.Parallel() |
261 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/airbrake") |
262 | | - | } |
263 | | - | |
264 | | - | func TestJavascriptOpenTelemetry(t *testing.T) { |
265 | | - | t.Parallel() |
266 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/open_telemetry") |
267 | | - | } |
| 31 | + | tests = append(tests, RuleTestCase{ |
| 32 | + | ProjectPath: javascriptRulesPath + entry.Name() + "/" + ruleDir.Name(), |
| 33 | + | }) |
| 34 | + | } |
| 35 | + | } |
268 | 36 | | |
269 | | - | func TestJavascriptBugsnag(t *testing.T) { |
270 | 37 | | t.Parallel() |
271 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/bugsnag") |
272 | | - | } |
273 | | - | |
274 | | - | func TestJavascripPassportHardcodedSecret(t *testing.T) { |
275 | | - | t.Parallel() |
276 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/passport_hardcoded_secret") |
277 | | - | } |
278 | | - | |
279 | | - | func TestJavascriptDomPurify(t *testing.T) { |
280 | | - | t.Parallel() |
281 | | - | getRunner(t).runTest(t, javascriptRulesPath+"third_parties/dom_purify") |
282 | | - | } |
283 | | - | |
284 | | - | func TestJavascriptHelmetMissing(t *testing.T) { |
285 | | - | t.Parallel() |
286 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/helmet_missing") |
287 | | - | } |
288 | | - | |
289 | | - | func TestJavascriptReduceFingerprint(t *testing.T) { |
290 | | - | t.Parallel() |
291 | | - | getRunner(t).runTest(t, javascriptRulesPath+"express/reduce_fingerprint") |
| 38 | + | runner := getRunner(t) |
| 39 | + | for _, testCase := range tests { |
| 40 | + | runner.runTest(t, testCase.ProjectPath) |
| 41 | + | } |
292 | 42 | | } |
293 | 43 | | |