From 081fe3f31d5962c10777f4017e2c7a5dbe26e12e Mon Sep 17 00:00:00 2001 From: jadrake75 Date: Sat, 15 Jan 2022 15:35:50 -0500 Subject: [PATCH] Deal with security alerts in regex * Updated README Fixes #183 --- README.md | 6 +--- src/util/location-helper.js | 22 ++++++-------- test/unit/util/location-helper.spec.js | 40 +++++++++++++++++++++++--- 3 files changed, 46 insertions(+), 22 deletions(-) diff --git a/README.md b/README.md index c61d455..0ae05ce 100644 --- a/README.md +++ b/README.md @@ -15,10 +15,6 @@ stamp-web-aurelia is the web front-end for managing collections of stamps and le ![Screen shot showing Editing in Stamp-Web](https://i.imgur.com/1f8SF9h.png) -## Build Status - -![Build Status](https://drake-server.ddns.net:9443/build/stamp-web-aurelia.svg) - ## Demo Server @@ -89,7 +85,7 @@ To run the unit tests, first ensure that you have followed the steps above in or ## Running the Integration Tests -npm fddWebdriver for NodeJS is used for the integration tests. This project has been moved to [stamp-web-selenium](https://github.com/stamp-web/stamp-web-selenium) +Webdriver for NodeJS is used for the integration tests. This project has been moved to [stamp-web-selenium](https://github.com/stamp-web/stamp-web-selenium) ## Test Statistics diff --git a/src/util/location-helper.js b/src/util/location-helper.js index 40e1f83..0d62de0 100644 --- a/src/util/location-helper.js +++ b/src/util/location-helper.js @@ -1,5 +1,5 @@ /** - Copyright 2017 Jason Drake + Copyright 2022 Jason Drake Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -22,12 +22,12 @@ function LocationHelperFn() { loadResource: (filename, filetype = 'js') => { return new Promise((resolve,reject) => { let fileRef; - if (filetype == 'js') { + if (filetype === 'js') { fileRef = document.createElement('script'); fileRef.setAttribute('type', 'text/javascript'); fileRef.setAttribute('src', filename); } - else if (filetype == 'css') { + else if (filetype === 'css') { fileRef = document.createElement('link'); fileRef.setAttribute('rel', 'stylesheet'); fileRef.setAttribute('type', 'text/css'); @@ -42,20 +42,16 @@ function LocationHelperFn() { }; _.defer(() => { document.getElementsByTagName("head")[0].appendChild(fileRef); - }) - + }); } }); }, - getQueryParameter: (key, default_) => { - if (default_ == null) { - default_ = null; - } - key = key.replace(/[\[]/, "\\\[").replace(/[\]]/, "\\\]"); - key = key.replace("$", "\\$"); - var regex = new RegExp("[\\?&]" + key + "=([^&#]*)"); - var qs = regex.exec(window.location.href); + getQueryParameter: (key, default_ = null) => { + key = key.replace(/[\[]/g, "\\\[").replace(/[\]]/g, "\\\]"); + key = key.replace(/\$/g, "\\$"); + let regex = new RegExp("[\\?&]" + key + "=([^&#]*)"); + let qs = regex.exec(window.location.href); if (qs == null) { return default_; } else { diff --git a/test/unit/util/location-helper.spec.js b/test/unit/util/location-helper.spec.js index fdd02aa..27bbceb 100644 --- a/test/unit/util/location-helper.spec.js +++ b/test/unit/util/location-helper.spec.js @@ -1,5 +1,5 @@ /** - Copyright 2019 Jason Drake + Copyright 2022 Jason Drake Licensed under the Apache License, Version 2.0 (the "License"); you may not use this file except in compliance with the License. @@ -13,13 +13,11 @@ See the License for the specific language governing permissions and limitations under the License. */ -import {EnumeratedTypeHelper, ConditionHelper, StampHelper, Condition, Defects} from 'util/common-models'; -import _ from 'lodash'; import {LocationHelper} from "../../../src/util/location-helper"; describe('LocationHelper test suite', () => { - describe('resolvePath tests', () => { + describe('resolvePath', () => { it('use default for empty', () => { let v = LocationHelper.resolvePath(undefined, 'default'); @@ -39,6 +37,40 @@ describe('LocationHelper test suite', () => { let v = LocationHelper.resolvePath({value: 'https://site.com/some/path'}, 'default'); expect(v).toBe('https://site.com/some/path/'); }); + }); + + describe('getQueryParameter', () => { + + afterEach(() => { + jest.resetAllMocks(); + }); + + let mockLocation = loc => { + const location = new URL(loc); + location.assign = jest.fn(); + location.replace = jest.fn(); + location.reload = jest.fn(); + + delete window.location; + window.location = location; + }; + it('verify extraction of $filter parameter with $filter in parameter value', () => { + mockLocation('http://localhost:9000/#/?$filter=(countryName%20eq%20%27$filter%27)&$orderby=number%20asc&$top=1000'); + let q = LocationHelper.getQueryParameter('$filter'); + expect(q).toBe('(countryName eq \'$filter\')'); + }); + + it('no parameter in location', () => { + mockLocation('http://localhost:9000/#/?$orderby=number%20asc&$top=1000'); + let q = LocationHelper.getQueryParameter('$filter'); + expect(q).toBeNull(); + }); + + it('no parameter in location with a default', () => { + mockLocation('http://localhost:9000/#/?$orderby=number%20asc&$top=1000'); + let q = LocationHelper.getQueryParameter('$filter', 'someDefault'); + expect(q).toBe('someDefault'); + }); }); });