juice-shop
297 строк · 10.8 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import { TokenSaleComponent } from './token-sale/token-sale.component'
7import { OAuthComponent } from './oauth/oauth.component'
8import { BasketComponent } from './basket/basket.component'
9import { TrackResultComponent } from './track-result/track-result.component'
10import { ContactComponent } from './contact/contact.component'
11import { AboutComponent } from './about/about.component'
12import { RegisterComponent } from './register/register.component'
13import { ForgotPasswordComponent } from './forgot-password/forgot-password.component'
14import { SearchResultComponent } from './search-result/search-result.component'
15import { LoginComponent } from './login/login.component'
16import { AdministrationComponent } from './administration/administration.component'
17import { ChangePasswordComponent } from './change-password/change-password.component'
18import { ComplaintComponent } from './complaint/complaint.component'
19import { ChatbotComponent } from './chatbot/chatbot.component'
20import { RecycleComponent } from './recycle/recycle.component'
21import { RouterModule, type Routes, type UrlMatchResult, type UrlSegment } from '@angular/router'
22import { TwoFactorAuthEnterComponent } from './two-factor-auth-enter/two-factor-auth-enter.component'
23import { ErrorPageComponent } from './error-page/error-page.component'
24import { PrivacySecurityComponent } from './privacy-security/privacy-security.component'
25import { TwoFactorAuthComponent } from './two-factor-auth/two-factor-auth.component'
26import { DataExportComponent } from './data-export/data-export.component'
27import { LastLoginIpComponent } from './last-login-ip/last-login-ip.component'
28import { PrivacyPolicyComponent } from './privacy-policy/privacy-policy.component'
29import { AddressCreateComponent } from './address-create/address-create.component'
30import { AddressSelectComponent } from './address-select/address-select.component'
31import { SavedAddressComponent } from './saved-address/saved-address.component'
32import { PaymentComponent } from './payment/payment.component'
33import { SavedPaymentMethodsComponent } from './saved-payment-methods/saved-payment-methods.component'
34import { AccountingComponent } from './accounting/accounting.component'
35import { OrderCompletionComponent } from './order-completion/order-completion.component'
36import { OrderSummaryComponent } from './order-summary/order-summary.component'
37import { WalletComponent } from './wallet/wallet.component'
38import { OrderHistoryComponent } from './order-history/order-history.component'
39import { DeliveryMethodComponent } from './delivery-method/delivery-method.component'
40import { PhotoWallComponent } from './photo-wall/photo-wall.component'
41import { DeluxeUserComponent } from './deluxe-user/deluxe-user.component'
42import { AccountingGuard, AdminGuard, LoginGuard } from './app.guard'
43import { NFTUnlockComponent } from './nft-unlock/nft-unlock.component'
44import { ScoreBoardComponent } from './score-board/score-board.component'
45
46const loadFaucetModule = async () => {
47const module = await import('./faucet/faucet.module')
48return module.FaucetModule
49}
50const loadWeb3WalletModule = async () => {
51const module = await import('./wallet-web3/wallet-web3.module')
52return module.WalletWeb3Module
53}
54
55const loadWeb3SandboxtModule = async () => {
56const module = await import('./web3-sandbox/web3-sandbox.module')
57return module.FaucetModule
58}
59// vuln-code-snippet start adminSectionChallenge scoreBoardChallenge web3SandboxChallenge
60const routes: Routes = [
61{ // vuln-code-snippet neutral-line adminSectionChallenge
62path: 'administration', // vuln-code-snippet vuln-line adminSectionChallenge
63component: AdministrationComponent, // vuln-code-snippet neutral-line adminSectionChallenge
64canActivate: [AdminGuard] // vuln-code-snippet neutral-line adminSectionChallenge
65}, // vuln-code-snippet neutral-line adminSectionChallenge
66{
67path: 'accounting',
68component: AccountingComponent,
69canActivate: [AccountingGuard]
70},
71{
72path: 'about',
73component: AboutComponent
74},
75{
76path: 'address/select',
77component: AddressSelectComponent,
78canActivate: [LoginGuard]
79},
80{
81path: 'address/saved',
82component: SavedAddressComponent,
83canActivate: [LoginGuard]
84},
85{
86path: 'address/create',
87component: AddressCreateComponent,
88canActivate: [LoginGuard]
89},
90{
91path: 'address/edit/:addressId',
92component: AddressCreateComponent,
93canActivate: [LoginGuard]
94},
95{
96path: 'delivery-method',
97component: DeliveryMethodComponent
98},
99{
100path: 'deluxe-membership',
101component: DeluxeUserComponent,
102canActivate: [LoginGuard]
103},
104{
105path: 'saved-payment-methods',
106component: SavedPaymentMethodsComponent
107},
108{
109path: 'basket',
110component: BasketComponent
111},
112{
113path: 'order-completion/:id',
114component: OrderCompletionComponent
115},
116{
117path: 'contact',
118component: ContactComponent
119},
120{
121path: 'photo-wall',
122component: PhotoWallComponent
123},
124{
125path: 'complain',
126component: ComplaintComponent
127},
128{
129path: 'chatbot',
130component: ChatbotComponent
131},
132{
133path: 'order-summary',
134component: OrderSummaryComponent
135},
136{
137path: 'order-history',
138component: OrderHistoryComponent
139},
140{
141path: 'payment/:entity',
142component: PaymentComponent
143},
144{
145path: 'wallet',
146component: WalletComponent
147},
148{
149path: 'login',
150component: LoginComponent
151},
152{
153path: 'forgot-password',
154component: ForgotPasswordComponent
155},
156{
157path: 'recycle',
158component: RecycleComponent
159},
160{
161path: 'register',
162component: RegisterComponent
163},
164{
165path: 'search',
166component: SearchResultComponent
167},
168{
169path: 'hacking-instructor',
170component: SearchResultComponent
171},
172{ // vuln-code-snippet neutral-line scoreBoardChallenge
173path: 'score-board', // vuln-code-snippet vuln-line scoreBoardChallenge
174component: ScoreBoardComponent // vuln-code-snippet neutral-line scoreBoardChallenge
175}, // vuln-code-snippet neutral-line scoreBoardChallenge
176{
177path: 'track-result',
178component: TrackResultComponent
179},
180{
181path: 'track-result/new',
182component: TrackResultComponent,
183data: {
184type: 'new'
185}
186},
187{
188path: '2fa/enter',
189component: TwoFactorAuthEnterComponent
190},
191{
192path: 'privacy-security',
193component: PrivacySecurityComponent,
194children: [
195{
196path: 'privacy-policy',
197component: PrivacyPolicyComponent
198},
199{
200path: 'change-password',
201component: ChangePasswordComponent
202},
203{
204path: 'two-factor-authentication',
205component: TwoFactorAuthComponent
206},
207{
208path: 'data-export',
209component: DataExportComponent
210},
211{
212path: 'last-login-ip',
213component: LastLoginIpComponent
214}
215]
216},
217{
218path: 'juicy-nft',
219component: NFTUnlockComponent
220},
221{
222path: 'wallet-web3',
223loadChildren: async () => await loadWeb3WalletModule()
224},
225{ // vuln-code-snippet neutral-line web3SandboxChallenge
226path: 'web3-sandbox', // vuln-code-snippet vuln-line web3SandboxChallenge
227loadChildren: async () => await loadWeb3SandboxtModule() // vuln-code-snippet neutral-line web3SandboxChallenge
228}, // vuln-code-snippet neutral-line web3SandboxChallenge
229{
230path: 'bee-haven',
231loadChildren: async () => await loadFaucetModule()
232},
233// vuln-code-snippet start tokenSaleChallenge
234{
235matcher: oauthMatcher,
236data: { params: (window.location.href).substr(window.location.href.indexOf('#')) },
237component: OAuthComponent
238},
239{ // vuln-code-snippet neutral-line tokenSaleChallenge
240matcher: tokenMatcher, // vuln-code-snippet vuln-line tokenSaleChallenge
241component: TokenSaleComponent // vuln-code-snippet neutral-line tokenSaleChallenge
242}, // vuln-code-snippet neutral-line tokenSaleChallenge
243{
244path: '403',
245component: ErrorPageComponent
246},
247{
248path: '**',
249component: SearchResultComponent
250}
251]
252// vuln-code-snippet end adminSectionChallenge scoreBoardChallenge web3SandboxChallenge
253
254export const Routing = RouterModule.forRoot(routes, { useHash: true })
255
256export function oauthMatcher (url: UrlSegment[]): UrlMatchResult {
257if (url.length === 0) {
258return null as unknown as UrlMatchResult
259}
260const path = window.location.href
261if (path.includes('#access_token=')) {
262return ({ consumed: url })
263}
264
265return null as unknown as UrlMatchResult
266}
267
268export function tokenMatcher (url: UrlSegment[]): UrlMatchResult { // vuln-code-snippet neutral-line tokenSaleChallenge
269if (url.length === 0) { // vuln-code-snippet neutral-line tokenSaleChallenge
270return null as unknown as UrlMatchResult // vuln-code-snippet neutral-line tokenSaleChallenge
271} // vuln-code-snippet neutral-line tokenSaleChallenge
272// vuln-code-snippet neutral-line tokenSaleChallenge
273const path = url[0].toString() // vuln-code-snippet neutral-line tokenSaleChallenge
274// eslint-disable-next-line @typescript-eslint/restrict-plus-operands
275if (path.match((token1(25, 184, 174, 179, 182, 186) + (36669).toString(36).toLowerCase() + token2(13, 144, 87, 152, 139, 144, 83, 138) + (10).toString(36).toLowerCase()))) { // vuln-code-snippet vuln-line tokenSaleChallenge
276return ({ consumed: url }) // vuln-code-snippet neutral-line tokenSaleChallenge
277} // vuln-code-snippet neutral-line tokenSaleChallenge
278// vuln-code-snippet neutral-line tokenSaleChallenge
279return null as unknown as UrlMatchResult // vuln-code-snippet neutral-line tokenSaleChallenge
280} // vuln-code-snippet neutral-line tokenSaleChallenge
281
282export function token1 (...args: number[]) { // vuln-code-snippet neutral-line tokenSaleChallenge
283const L = Array.prototype.slice.call(args) // vuln-code-snippet neutral-line tokenSaleChallenge
284const D = L.shift() // vuln-code-snippet neutral-line tokenSaleChallenge
285return L.reverse().map(function (C, A) { // vuln-code-snippet neutral-line tokenSaleChallenge
286return String.fromCharCode(C - D - 45 - A) // vuln-code-snippet neutral-line tokenSaleChallenge
287}).join('') // vuln-code-snippet neutral-line tokenSaleChallenge
288} // vuln-code-snippet neutral-line tokenSaleChallenge
289
290export function token2 (...args: number[]) { // vuln-code-snippet neutral-line tokenSaleChallenge
291const T = Array.prototype.slice.call(arguments) // vuln-code-snippet neutral-line tokenSaleChallenge
292const M = T.shift() // vuln-code-snippet neutral-line tokenSaleChallenge
293return T.reverse().map(function (m, H) { // vuln-code-snippet neutral-line tokenSaleChallenge
294return String.fromCharCode(m - M - 24 - H) // vuln-code-snippet neutral-line tokenSaleChallenge
295}).join('') // vuln-code-snippet neutral-line tokenSaleChallenge
296} // vuln-code-snippet neutral-line tokenSaleChallenge
297// vuln-code-snippet end tokenSaleChallenge
298