/
a1exx.y
/
juice-shop
GigaCode
beta
ОбзорЦентр заботыВойти

juice-shop

Форк
0
Ветки: 13Коммиты: 20082Теги: 213
juice-shop
/test
/api
/
web3Spec.ts 
152 строки · 4.8 Кб
1
/*
2
 * Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
3
 * SPDX-License-Identifier: MIT
4
 */
5


6
import frisby = require('frisby')
7
import { Joi } from 'frisby'
8


9
const REST_URL = 'http://localhost:3000/rest/web3'
10


11
describe('/submitKey', () => {
12
  it('POST missing key in request body gets rejected as non-Ethereum key', () => {
13
    return frisby.post(REST_URL + '/submitKey')
14
      .expect('status', 401)
15
      .expect('header', 'content-type', /application\/json/)
16
      .expect('json', {
17
        success: false,
18
        message: 'Looks like you entered a non-Ethereum private key to access me.'
19
      })
20
  })
21


22
  it('POST arbitrary string in request body gets rejected as non-Ethereum key', () => {
23
    return frisby.post(REST_URL + '/submitKey', {
24
      privateKey: 'lalalala'
25
    })
26
      .expect('status', 401)
27
      .expect('header', 'content-type', /application\/json/)
28
      .expect('json', {
29
        success: false,
30
        message: 'Looks like you entered a non-Ethereum private key to access me.'
31
      })
32
  })
33


34
  it('POST public wallet key in request body gets rejected as such', () => {
35
    return frisby.post(REST_URL + '/submitKey', {
36
      privateKey: '0x02c7a2a93289c9fbda5990bac6596993e9bb0a8d3f178175a80b7cfd983983f506'
37
    })
38
      .expect('status', 401)
39
      .expect('header', 'content-type', /application\/json/)
40
      .expect('json', {
41
        success: false,
42
        message: 'Looks like you entered the public key of my ethereum wallet!'
43
      })
44
  })
45


46
  it('POST wallet address in request body gets rejected as such', () => {
47
    return frisby.post(REST_URL + '/submitKey', {
48
      privateKey: '0x8343d2eb2B13A2495De435a1b15e85b98115Ce05'
49
    })
50
      .expect('status', 401)
51
      .expect('header', 'content-type', /application\/json/)
52
      .expect('json', {
53
        success: false,
54
        message: 'Looks like you entered the public address of my ethereum wallet!'
55
      })
56
  })
57


58
  it('POST private key in request body gets accepted', () => {
59
    return frisby.post(REST_URL + '/submitKey', {
60
      privateKey: '0x5bcc3e9d38baa06e7bfaab80ae5957bbe8ef059e640311d7d6d465e6bc948e3e'
61
    })
62
      .expect('status', 200)
63
      .expect('header', 'content-type', /application\/json/)
64
      .expect('json', {
65
        success: true,
66
        message: 'Challenge successfully solved'
67
      })
68
  })
69
})
70


71
describe('/nftUnlocked', () => {
72
  it('GET solution status of "Unlock NFT" challenge', () => {
73
    return frisby.get(REST_URL + '/nftUnlocked')
74
      .expect('status', 200)
75
      .expect('header', 'content-type', /application\/json/)
76
      .expect('jsonTypes', {
77
        status: Joi.boolean()
78
      })
79
  })
80
})
81


82
describe('/nftMintListen', () => {
83
  it('GET call confirms registration of event listener', () => {
84
    return frisby.get(REST_URL + '/nftMintListen')
85
      .expect('status', 200)
86
      .expect('header', 'content-type', /application\/json/)
87
      .expect('json', {
88
        success: true,
89
        message: 'Event Listener Created'
90
      })
91
  })
92
})
93


94
describe('/walletNFTVerify', () => {
95
  it('POST missing wallet address fails to solve minting challenge', () => {
96
    return frisby.post(REST_URL + '/walletNFTVerify')
97
      .expect('status', 200)
98
      .expect('header', 'content-type', /application\/json/)
99
      .expect('json', {
100
        success: false,
101
        message: 'Wallet did not mint the NFT'
102
      })
103
  })
104


105
  it('POST invalid wallet address fails to solve minting challenge', () => {
106
    return frisby.post(REST_URL + '/walletNFTVerify', {
107
      walletAddress: 'lalalalala'
108
    })
109
      .expect('status', 200)
110
      .expect('header', 'content-type', /application\/json/)
111
      .expect('json', {
112
        success: false,
113
        message: 'Wallet did not mint the NFT'
114
      })
115
  })
116
})
117


118
describe('/walletExploitAddress', () => {
119
  it('POST missing wallet address in request body still leads to success notification', () => {
120
    return frisby.post(REST_URL + '/walletExploitAddress')
121
      .expect('status', 200)
122
      .expect('header', 'content-type', /application\/json/)
123
      .expect('json', {
124
        success: true,
125
        message: 'Event Listener Created'
126
      })
127
  })
128


129
  it('POST invalid wallet address in request body still leads to success notification', () => {
130
    return frisby.post(REST_URL + '/walletExploitAddress', {
131
      walletAddress: 'lalalalala'
132
    })
133
      .expect('status', 200)
134
      .expect('header', 'content-type', /application\/json/)
135
      .expect('json', {
136
        success: true,
137
        message: 'Event Listener Created'
138
      })
139
  })
140


141
  it('POST self-referential address in request body leads to success notification', () => {
142
    return frisby.post(REST_URL + '/walletExploitAddress', {
143
      walletAddress: '0x413744D59d31AFDC2889aeE602636177805Bd7b0'
144
    })
145
      .expect('status', 200)
146
      .expect('header', 'content-type', /application\/json/)
147
      .expect('json', {
148
        success: true,
149
        message: 'Event Listener Created'
150
      })
151
  })
152
})
153

Использование cookies

Мы используем файлы cookie в соответствии с Политикой конфиденциальности и Политикой использования cookies.

Нажимая кнопку «Принимаю», Вы даете АО «СберТех» согласие на обработку Ваших персональных данных в целях совершенствования нашего веб-сайта и Сервиса GitVerse, а также повышения удобства их использования.

Запретить использование cookies Вы можете самостоятельно в настройках Вашего браузера.