BE-719 Fix parameter tampering

* added tests, removed console.debug statements Signed-off-by: nfrunza <nfrunza@gmail.com>
hyperledger-labs · Dec 10, 2019 · 37e3c99 · 37e3c99
1 parent 17a9460
commit 37e3c99
Show file tree

Hide file tree

Showing 5 changed files with 54 additions and 2 deletions.
diff --git a/app/rest/requestutils.js b/app/rest/requestutils.js
@@ -90,6 +90,7 @@ function reqPayload(req) {
 }
 
 const orgsArrayToString = function(reqQuery) {
+	console.log('reqQuery: ', reqQuery);
 	let temp = '';
 	if (reqQuery) {
 		// eslint-disable-next-line spellcheck/spell-checker
@@ -100,7 +101,6 @@ const orgsArrayToString = function(reqQuery) {
 			const parsedReq = queryString.parse(orgsStr);
 			if (parsedReq && parsedReq.orgs) {
 				const orgsArray = parsedReq.orgs.toString().split(',');
-				console.log('requestutils.orgsArrayToString.orgsArray ', orgsArray);
 				// format DB value for IN clause, ex: in ('a', 'b', 'c')
 				if (orgsArray) {
 					orgsArray.forEach((element, i) => {
@@ -113,7 +113,7 @@ const orgsArrayToString = function(reqQuery) {
 			}
 		}
 	}
-	console.log('comma separated organizations: ', temp);
+
 	return temp;
 };
 

diff --git a/app/test/fixtures/reqMultiOrgs.json b/app/test/fixtures/reqMultiOrgs.json
@@ -0,0 +1,5 @@
+{
+	"from": "Sun Dec 08 2019 22:22:00 GMT-0500 (Eastern Standard Time)",
+	"to": "Mon Dec 09 2019 22:22:00 GMT-0500 (Eastern Standard Time)",
+	"orgs": ["OrdererMSP", "Org2MSP"]
+}
diff --git a/app/test/fixtures/reqNoOrgs.json b/app/test/fixtures/reqNoOrgs.json
@@ -0,0 +1,4 @@
+{
+	"from": "Sun Dec 08 2019 22:22:00 GMT-0500 (Eastern Standard Time)",
+	"to": "Mon Dec 09 2019 22:22:00 GMT-0500 (Eastern Standard Time)"
+}
diff --git a/app/test/fixtures/reqOneOrg.json b/app/test/fixtures/reqOneOrg.json
@@ -0,0 +1,5 @@
+{
+	"from": "Sun Dec 08 2019 22:22:00 GMT-0500 (Eastern Standard Time)",
+	"to": "Mon Dec 09 2019 22:22:00 GMT-0500 (Eastern Standard Time)",
+	"orgs": "OrgOne"
+}
diff --git a/app/test/requestutils.js b/app/test/requestutils.js
@@ -0,0 +1,38 @@
+/*
+    SPDX-License-Identifier: Apache-2.0
+*/
+
+const expect = require('chai').expect;
+const assert = require('assert');
+const chai = require('chai');
+const chaiHttp = require('chai-http');
+const helper = require('../common/helper');
+const reqMultiOrgs = require('./fixtures/reqMultiOrgs.json');
+const reqOneOrg = require('./fixtures/reqOneOrg.json');
+const reqNoOrgs = require('./fixtures/reqNoOrgs.json');
+
+const should = chai.should();
+chai.use(chaiHttp);
+const requestutils = require('../rest/requestutils.js');
+
+describe('requestutils().orgsArrayToString should return empty string', () => {
+	const emptyString = requestutils.orgsArrayToString(reqNoOrgs);
+	it('requestutils().orgsArrayToString should return empty string', () => {
+		assert.equal('', emptyString);
+	});
+});
+
+describe('requestutils().orgsArrayToString should return single quotes value', () => {
+	const oneOrgString = requestutils.orgsArrayToString(reqOneOrg);
+	it('requestutils().orgsArrayToString should return single quotes value', () => {
+		assert.equal("'OrgOne'", oneOrgString);
+	});
+});
+
+describe('requestutils().orgsArrayToString should return comma separated single quotes values ', () => {
+	const multiOrgsString = requestutils.orgsArrayToString(reqMultiOrgs);
+	const multiOrgs = "'OrdererMSP','Org2MSP'";
+	it('requestutils().orgsArrayToString should return comma separated single quotes values ', () => {
+		assert.equal(multiOrgs, multiOrgsString);
+	});
+});