juice-shop
152 строки · 4.8 Кб
1/*
2* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3* SPDX-License-Identifier: MIT
4*/
5
6import frisby = require('frisby')7import { Joi } from 'frisby'8
9const REST_URL = 'http://localhost:3000/rest/web3'10
11describe('/submitKey', () => {12it('POST missing key in request body gets rejected as non-Ethereum key', () => {13return frisby.post(REST_URL + '/submitKey')14.expect('status', 401)15.expect('header', 'content-type', /application\/json/)16.expect('json', {17success: false,18message: 'Looks like you entered a non-Ethereum private key to access me.'19})20})21
22it('POST arbitrary string in request body gets rejected as non-Ethereum key', () => {23return frisby.post(REST_URL + '/submitKey', {24privateKey: 'lalalala'25})26.expect('status', 401)27.expect('header', 'content-type', /application\/json/)28.expect('json', {29success: false,30message: 'Looks like you entered a non-Ethereum private key to access me.'31})32})33
34it('POST public wallet key in request body gets rejected as such', () => {35return frisby.post(REST_URL + '/submitKey', {36privateKey: '0x02c7a2a93289c9fbda5990bac6596993e9bb0a8d3f178175a80b7cfd983983f506'37})38.expect('status', 401)39.expect('header', 'content-type', /application\/json/)40.expect('json', {41success: false,42message: 'Looks like you entered the public key of my ethereum wallet!'43})44})45
46it('POST wallet address in request body gets rejected as such', () => {47return frisby.post(REST_URL + '/submitKey', {48privateKey: '0x8343d2eb2B13A2495De435a1b15e85b98115Ce05'49})50.expect('status', 401)51.expect('header', 'content-type', /application\/json/)52.expect('json', {53success: false,54message: 'Looks like you entered the public address of my ethereum wallet!'55})56})57
58it('POST private key in request body gets accepted', () => {59return frisby.post(REST_URL + '/submitKey', {60privateKey: '0x5bcc3e9d38baa06e7bfaab80ae5957bbe8ef059e640311d7d6d465e6bc948e3e'61})62.expect('status', 200)63.expect('header', 'content-type', /application\/json/)64.expect('json', {65success: true,66message: 'Challenge successfully solved'67})68})69})70
71describe('/nftUnlocked', () => {72it('GET solution status of "Unlock NFT" challenge', () => {73return frisby.get(REST_URL + '/nftUnlocked')74.expect('status', 200)75.expect('header', 'content-type', /application\/json/)76.expect('jsonTypes', {77status: Joi.boolean()78})79})80})81
82describe('/nftMintListen', () => {83it('GET call confirms registration of event listener', () => {84return frisby.get(REST_URL + '/nftMintListen')85.expect('status', 200)86.expect('header', 'content-type', /application\/json/)87.expect('json', {88success: true,89message: 'Event Listener Created'90})91})92})93
94describe('/walletNFTVerify', () => {95it('POST missing wallet address fails to solve minting challenge', () => {96return frisby.post(REST_URL + '/walletNFTVerify')97.expect('status', 200)98.expect('header', 'content-type', /application\/json/)99.expect('json', {100success: false,101message: 'Wallet did not mint the NFT'102})103})104
105it('POST invalid wallet address fails to solve minting challenge', () => {106return frisby.post(REST_URL + '/walletNFTVerify', {107walletAddress: 'lalalalala'108})109.expect('status', 200)110.expect('header', 'content-type', /application\/json/)111.expect('json', {112success: false,113message: 'Wallet did not mint the NFT'114})115})116})117
118describe('/walletExploitAddress', () => {119it('POST missing wallet address in request body still leads to success notification', () => {120return frisby.post(REST_URL + '/walletExploitAddress')121.expect('status', 200)122.expect('header', 'content-type', /application\/json/)123.expect('json', {124success: true,125message: 'Event Listener Created'126})127})128
129it('POST invalid wallet address in request body still leads to success notification', () => {130return frisby.post(REST_URL + '/walletExploitAddress', {131walletAddress: 'lalalalala'132})133.expect('status', 200)134.expect('header', 'content-type', /application\/json/)135.expect('json', {136success: true,137message: 'Event Listener Created'138})139})140
141it('POST self-referential address in request body leads to success notification', () => {142return frisby.post(REST_URL + '/walletExploitAddress', {143walletAddress: '0x413744D59d31AFDC2889aeE602636177805Bd7b0'144})145.expect('status', 200)146.expect('header', 'content-type', /application\/json/)147.expect('json', {148success: true,149message: 'Event Listener Created'150})151})152})153