UNPKG

ergo-core/test/not_json.js

Version:

1.33 kBJavaScriptView Raw

1
2
3
4var parse = require('../lib/not_json').parse;
5
6
7describe('Checks not_json parser for security', function() {
8
var checks = [
 { str: "{ evil1: \"eval (harry)\" }", isOK:false }
, { str: "{ evil2: \"eval(harry)\" }", isOK:false }
, { str: "{ not_evil2: \"_eval('asd','not')\" }", isOK:true }
, { str: "{ not_evil3: \"eval_(monkey)\" }", isOK:true }
, { str: "{ not_evil4: \"eval$(asd)\"  }", isOK:true }
, { str: "{ js_evil1: \"javascript:alert('I got here!')\" }", isOK:false }
, { str: "{ fn_not_evil1:'func()' }", isOK:true }
, { str: "{ function: new Date() + \" I am not evil\" }", isOK:true } // yes, there's nothing wrong with this, really
, { str: "{ fn_evil1: (function() { alert('I am evil'); })() }", isOK:false }
, { str: "{ fn_evil2: \"function named123 () {}\" }", isOK:false }
, { str: "{ fn_evil3: \"function _nam123() { alert('oi'); }\" }", isOK:false }
, { str: "{ fn_not_evil3: \"function _nam123.dotted () {}\" }", isOK:true }
, { str: "{ fn_not_evil4: \"function_nam123 () {}\" }", isOK:true }
]
checks.forEach(function(obj, idx){
it("Check #"+(idx+1)+": '" + obj.str + "' is ok: " + obj.isOK, function() {
	try {
		parse(obj.str)
	}
	catch(e) {
		//console.log(e.message);
		assert.isFalse(obj.isOK)
		return;
	}
	assert.isTrue(obj.isOK); // should parse OK
})
36
});
38});

1
2
3
4	`var parse = require('../lib/not_json').parse;`
5
6
7	`describe('Checks not_json parser for security', function() {`
8
9	`var checks = [`
10	`{ str: "{ evil1: \"eval (harry)\" }", isOK:false }`
11	`, { str: "{ evil2: \"eval(harry)\" }", isOK:false }`
12	`, { str: "{ not_evil2: \"_eval('asd','not')\" }", isOK:true }`
13	`, { str: "{ not_evil3: \"eval_(monkey)\" }", isOK:true }`
14	`, { str: "{ not_evil4: \"eval$(asd)\" }", isOK:true }`
15	`, { str: "{ js_evil1: \"javascript:alert('I got here!')\" }", isOK:false }`
16	`, { str: "{ fn_not_evil1:'func()' }", isOK:true }`
17	`, { str: "{ function: new Date() + \" I am not evil\" }", isOK:true } // yes, there's nothing wrong with this, really`
18	`, { str: "{ fn_evil1: (function() { alert('I am evil'); })() }", isOK:false }`
19	`, { str: "{ fn_evil2: \"function named123 () {}\" }", isOK:false }`
20	`, { str: "{ fn_evil3: \"function _nam123() { alert('oi'); }\" }", isOK:false }`
21	`, { str: "{ fn_not_evil3: \"function _nam123.dotted () {}\" }", isOK:true }`
22	`, { str: "{ fn_not_evil4: \"function_nam123 () {}\" }", isOK:true }`
23	`]`
24	`checks.forEach(function(obj, idx){`
25	`it("Check #"+(idx+1)+": '" + obj.str + "' is ok: " + obj.isOK, function() {`
26	`try {`
27	`parse(obj.str)`
28	`}`
29	`catch(e) {`
30	`//console.log(e.message);`
31	`assert.isFalse(obj.isOK)`
32	`return;`
33	`}`
34	`assert.isTrue(obj.isOK); // should parse OK`
35	`})`
36
37	`});`
38	`});`