From 08dc9061bcb603577dfb39fa4d3a768be2786c39 Mon Sep 17 00:00:00 2001
From: Kegan Maher <kegan@compiler.la>
Date: Fri, 14 Apr 2023 10:45:57 -0700
Subject: [PATCH] test(nginx): assert 404 on known scraping targets

---
 tests/cypress/specs/scrapers.cy.js | 31 ++++++++++++++++++++++++++++++
 1 file changed, 31 insertions(+)
 create mode 100644 tests/cypress/specs/scrapers.cy.js

diff --git a/tests/cypress/specs/scrapers.cy.js b/tests/cypress/specs/scrapers.cy.js
new file mode 100644
index 0000000000..eb7e120bdc
--- /dev/null
+++ b/tests/cypress/specs/scrapers.cy.js
@@ -0,0 +1,31 @@
+const endpoints = ["auth", "cgi", "eligibility/app", "login", "sample/api"];
+const files = [".env", "wp-admin/login.php", "data.json", "secrets/prod.yaml"];
+
+const visit = (partial_path) => {
+  return cy.request({
+    method: "GET",
+    url: `/${partial_path}`,
+    // allow cypress to continue on 404
+    failOnStatusCode: false,
+  });
+};
+
+const NOT_FOUND = 404;
+
+describe("Scraper filtering spec", () => {
+  endpoints.forEach((endpoint) => {
+    it(`404s known scraper endpoint pattern: /${endpoint}`, () => {
+      visit(endpoint).then((res) => {
+        expect(res.status).to.eq(NOT_FOUND);
+      });
+    });
+  });
+
+  files.forEach((file) => {
+    it(`404s known scraper file pattern: /${file}`, () => {
+      visit(file).then((res) => {
+        expect(res.status).to.eq(NOT_FOUND);
+      });
+    });
+  });
+});