Working on test

rooseveltframework · Nov 6, 2023 · de594bc · de594bc
1 parent f5ce7f2
commit de594bc
Show file tree

Hide file tree

Showing 3 changed files with 83 additions and 1 deletion.
diff --git a/test/csrfAttack/csrfExpress.js b/test/csrfAttack/csrfExpress.js
@@ -0,0 +1,31 @@
+const express = require('express')
+const path = require('path')
+const app = express()
+const https = require('https')
+const http = require('http')
+const fs = require('fs')
+
+try {
+  const httpsOptions = {
+    key: fs.readFileSync('./certs/key.pem'),
+    cert: fs.readFileSync('./certs/cert.pem')
+  }
+
+  app.set('port', 3001)
+  app.enable('trust proxy')
+
+  https.createServer(httpsOptions, app).listen(app.get('port'), function () {
+    console.log('Express HTTPS server listening on port ' + app.get('port'))
+    app.get('/', (req, res) => {
+      res.sendFile(path.join(__dirname, '/'))
+    })
+  })
+  app.get('/form', (req, res) => {
+    res.sendFile(path.join(__dirname, '/form'))
+  })
+  app.post('/', function (req, res) {
+    res.sendFile(path.join(__dirname, '/'))
+  })
+} catch (e) {
+  console.log(e)
+}
diff --git a/test/csrfAttack/index.html b/test/csrfAttack/index.html
@@ -0,0 +1,18 @@
+<!DOCTYPE html>
+  <html lang="en">
+  <head>
+    <meta charset="UTF-8">
+    <meta http-equiv="X-UA-Compatible" content="IE=edge">
+    <meta name="viewport" content="width=device-width, initial-scale=1.0">
+    <title>Some HTML that will not validate</title>
+  </head>
+    <body>
+    <form method="POST" action="https://localhost:34711/form">
+      <h1>Congratulations. You just won a bonus of 1 million dollars!!!</h1>
+        <input type="hidden" name="uname" value="IamHere" />
+        <input type="hidden" name="psw" value="123456" />
+        <input type="submit" name="submitAttack" id="submitAttack" value="Click here to claim your bonus"/>
+      </form>  
+
+  </body>
+  </html>
diff --git a/test/csrfToken.js b/test/csrfToken.js
@@ -7,6 +7,7 @@ const fs = require('fs-extra')
 const generateTestApp = require('./util/generateTestApp')
 const path = require('path')
 const request = require('supertest')
+const getcsrfAttack = require('./../test/util/csrfAttack')
 
 describe('form pages', function () {
   const appDir = path.join(__dirname, 'app/errorPages')
@@ -30,7 +31,7 @@ describe('form pages', function () {
     })
   })
 
-  it.only('should render the form test page', function (done) {
+  it('should render the form test page', function (done) {
     // generate the test app
     generateTestApp({
       appDir,
@@ -72,4 +73,36 @@ describe('form pages', function () {
       })
     })
   })
+
+  it.only('should render', function (done) {
+    // generate the test app
+    // generateTestApp({
+    //   appDir,
+    //   makeBuildArtifacts: true,
+    //   viewEngine: [
+    //     'html: teddy'
+    //   ],
+    //   onServerStart: '(app) => {process.send(app.get("params"))}'
+    // }, options)
+
+    // fork and run app.js as a child process
+    getcsrfAttack.csrfAttack()
+    const attackApp = fork('./csrfAttack/csrfExpress.js', { stdio: ['pipe', 'pipe', 'pipe', 'ipc'] })
+    console.log(attackApp)
+    attackApp.on('message', () => {
+      request('http://localhost:3001')
+        .post('form')
+        .expect(200, (err, res) => {
+          if (err) {
+            assert.fail(err)
+            // attackApp.send('stop')
+            done()
+          }
+          const test1 = res.text.includes('Congratulations. You just won a bonus of 1 million dollars!!')
+          assert.strictEqual(test1, true)
+          // attackApp.send('stop')
+        })
+    })
+    done()
+  })
 })