juice-shop
255 строк · 10.1 Кб
1/*2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.3* SPDX-License-Identifier: MIT4*/5import { ProductDetailsComponent } from '../product-details/product-details.component'7import { ActivatedRoute, Router } from '@angular/router'8import { ProductService } from '../Services/product.service'9import { BasketService } from '../Services/basket.service'10import { type AfterViewInit, Component, NgZone, type OnDestroy, ViewChild, ChangeDetectorRef } from '@angular/core'11import { MatPaginator } from '@angular/material/paginator'12import { forkJoin, type Subscription } from 'rxjs'13import { MatTableDataSource } from '@angular/material/table'14import { MatDialog } from '@angular/material/dialog'15import { DomSanitizer, type SafeHtml } from '@angular/platform-browser'16import { TranslateService } from '@ngx-translate/core'17import { SocketIoService } from '../Services/socket-io.service'18import { SnackBarHelperService } from '../Services/snack-bar-helper.service'19import { library } from '@fortawesome/fontawesome-svg-core'21import { faCartPlus, faEye } from '@fortawesome/free-solid-svg-icons'22import { type Product } from '../Models/product.model'23import { QuantityService } from '../Services/quantity.service'24import { DeluxeGuard } from '../app.guard'25library.add(faEye, faCartPlus)27interface TableEntry {29name: string30price: number31deluxePrice: number32id: number33image: string34description: string35quantity?: number36}37@Component({39selector: 'app-search-result',40templateUrl: './search-result.component.html',41styleUrls: ['./search-result.component.scss']42})43export class SearchResultComponent implements OnDestroy, AfterViewInit {44public displayedColumns = ['Image', 'Product', 'Description', 'Price', 'Select']45public tableData!: any[]46public pageSizeOptions: number[] = []47public dataSource!: MatTableDataSource<TableEntry>48public gridDataSource!: any49public searchValue?: SafeHtml50public resultsLength = 051@ViewChild(MatPaginator, { static: true }) paginator: MatPaginator | null = null52private readonly productSubscription?: Subscription53private routerSubscription?: Subscription54public breakpoint: number = 655public emptyState = false56constructor (private readonly deluxeGuard: DeluxeGuard, private readonly dialog: MatDialog, private readonly productService: ProductService,58private readonly quantityService: QuantityService, private readonly basketService: BasketService, private readonly translateService: TranslateService,59private readonly router: Router, private readonly route: ActivatedRoute, private readonly sanitizer: DomSanitizer, private readonly ngZone: NgZone, private readonly io: SocketIoService,60private readonly snackBarHelperService: SnackBarHelperService, private readonly cdRef: ChangeDetectorRef) { }61// vuln-code-snippet start restfulXssChallenge63ngAfterViewInit () {64const products = this.productService.search('')65const quantities = this.quantityService.getAll()66forkJoin([quantities, products]).subscribe(([quantities, products]) => {67const dataTable: TableEntry[] = []68this.tableData = products69this.trustProductDescription(products) // vuln-code-snippet neutral-line restfulXssChallenge70for (const product of products) {71dataTable.push({72name: product.name,73price: product.price,74deluxePrice: product.deluxePrice,75id: product.id,76image: product.image,77description: product.description78})79}80for (const quantity of quantities) {81const entry = dataTable.find((dataTableEntry) => {82return dataTableEntry.id === quantity.ProductId83})84if (entry === undefined) {85continue86}87entry.quantity = quantity.quantity88}89this.dataSource = new MatTableDataSource<TableEntry>(dataTable)90for (let i = 1; i <= Math.ceil(this.dataSource.data.length / 12); i++) {91this.pageSizeOptions.push(i * 12)92}93this.paginator.pageSizeOptions = this.pageSizeOptions94this.dataSource.paginator = this.paginator95this.gridDataSource = this.dataSource.connect()96this.resultsLength = this.dataSource.data.length97this.filterTable()98this.routerSubscription = this.router.events.subscribe(() => {99this.filterTable()100})101const challenge: string = this.route.snapshot.queryParams.challenge // vuln-code-snippet hide-start102if (challenge && this.route.snapshot.url.join('').match(/hacking-instructor/)) {103this.startHackingInstructor(decodeURIComponent(challenge))104} // vuln-code-snippet hide-end105if (window.innerWidth < 2600) {106this.breakpoint = 4107if (window.innerWidth < 1740) {108this.breakpoint = 3109if (window.innerWidth < 1280) {110this.breakpoint = 2111if (window.innerWidth < 850) {112this.breakpoint = 1113}114}115}116} else {117this.breakpoint = 6118}119this.cdRef.detectChanges()120}, (err) => { console.log(err) })121}122trustProductDescription (tableData: any[]) { // vuln-code-snippet neutral-line restfulXssChallenge124for (let i = 0; i < tableData.length; i++) { // vuln-code-snippet neutral-line restfulXssChallenge125tableData[i].description = this.sanitizer.bypassSecurityTrustHtml(tableData[i].description) // vuln-code-snippet vuln-line restfulXssChallenge126} // vuln-code-snippet neutral-line restfulXssChallenge127} // vuln-code-snippet neutral-line restfulXssChallenge128// vuln-code-snippet end restfulXssChallenge129ngOnDestroy () {131if (this.routerSubscription) {132this.routerSubscription.unsubscribe()133}134if (this.productSubscription) {135this.productSubscription.unsubscribe()136}137if (this.dataSource) {138this.dataSource.disconnect()139}140}141// vuln-code-snippet start localXssChallenge xssBonusChallenge143filterTable () {144let queryParam: string = this.route.snapshot.queryParams.q145if (queryParam) {146queryParam = queryParam.trim()147this.ngZone.runOutsideAngular(() => { // vuln-code-snippet hide-start148this.io.socket().emit('verifyLocalXssChallenge', queryParam)149}) // vuln-code-snippet hide-end150this.dataSource.filter = queryParam.toLowerCase()151this.searchValue = this.sanitizer.bypassSecurityTrustHtml(queryParam) // vuln-code-snippet vuln-line localXssChallenge xssBonusChallenge152this.gridDataSource.subscribe((result: any) => {153if (result.length === 0) {154this.emptyState = true155} else {156this.emptyState = false157}158})159} else {160this.dataSource.filter = ''161this.searchValue = undefined162this.emptyState = false163}164}165// vuln-code-snippet end localXssChallenge xssBonusChallenge166startHackingInstructor (challengeName: string) {168console.log(`Starting instructions for challenge "${challengeName}"`)169import(/* webpackChunkName: "tutorial" */ '../../hacking-instructor').then(module => {170module.startHackingInstructorFor(challengeName)171})172}173showDetail (element: Product) {175this.dialog.open(ProductDetailsComponent, {176width: '500px',177height: 'max-content',178data: {179productData: element180}181})182}183addToBasket (id?: number) {185this.basketService.find(Number(sessionStorage.getItem('bid'))).subscribe((basket) => {186const productsInBasket: any = basket.Products187let found = false188for (let i = 0; i < productsInBasket.length; i++) {189if (productsInBasket[i].id === id) {190found = true191this.basketService.get(productsInBasket[i].BasketItem.id).subscribe((existingBasketItem) => {192// eslint-disable-next-line @typescript-eslint/restrict-plus-operands193const newQuantity = existingBasketItem.quantity + 1194this.basketService.put(existingBasketItem.id, { quantity: newQuantity }).subscribe((updatedBasketItem) => {195this.productService.get(updatedBasketItem.ProductId).subscribe((product) => {196this.translateService.get('BASKET_ADD_SAME_PRODUCT', { product: product.name }).subscribe((basketAddSameProduct) => {197this.snackBarHelperService.open(basketAddSameProduct, 'confirmBar')198this.basketService.updateNumberOfCartItems()199}, (translationId) => {200this.snackBarHelperService.open(translationId, 'confirmBar')201this.basketService.updateNumberOfCartItems()202})203}, (err) => { console.log(err) })204}, (err) => {205this.snackBarHelperService.open(err.error?.error, 'errorBar')206console.log(err)207})208}, (err) => { console.log(err) })209break210}211}212if (!found) {213this.basketService.save({ ProductId: id, BasketId: sessionStorage.getItem('bid'), quantity: 1 }).subscribe((newBasketItem) => {214this.productService.get(newBasketItem.ProductId).subscribe((product) => {215this.translateService.get('BASKET_ADD_PRODUCT', { product: product.name }).subscribe((basketAddProduct) => {216this.snackBarHelperService.open(basketAddProduct, 'confirmBar')217this.basketService.updateNumberOfCartItems()218}, (translationId) => {219this.snackBarHelperService.open(translationId, 'confirmBar')220this.basketService.updateNumberOfCartItems()221})222}, (err) => { console.log(err) })223}, (err) => {224this.snackBarHelperService.open(err.error?.error, 'errorBar')225console.log(err)226})227}228}, (err) => { console.log(err) })229}230isLoggedIn () {232return localStorage.getItem('token')233}234onResize (event: any) {236if (event.target.innerWidth < 2600) {237this.breakpoint = 4238if (event.target.innerWidth < 1740) {239this.breakpoint = 3240if (event.target.innerWidth < 1280) {241this.breakpoint = 2242if (event.target.innerWidth < 850) {243this.breakpoint = 1244}245}246}247} else {248this.breakpoint = 6249}250}251isDeluxe () {253return this.deluxeGuard.isDeluxe()254}255}256