chatRedux/backend/node_modules/express-fileupload/test/utilities.spec.js

'use strict';

const assert = require('assert');
const path = require('path');
const fs = require('fs');
const md5 = require('md5');
const server = require('./server');
const fileDir = server.fileDir;
const uploadDir = server.uploadDir;
const {
  debugLog,
  isFunc,
  errorFunc,
  getTempFilename,
  buildOptions,
  buildFields,
  checkAndMakeDir,
  deleteFile,
  copyFile,
  saveBufferToFile,
  parseFileName,
  uriDecodeFileName,
  isSafeFromPollution
} = require('../lib/utilities');

const mockFile = 'basketball.png';
const mockBuffer = fs.readFileSync(path.join(fileDir, mockFile));
const mockHash = md5(mockBuffer);


describe('Test of the utilities functions', function() {
  beforeEach(function() {
    server.clearUploadsDir();
  });
  //debugLog tests
  describe('Test debugLog function', () => {

    let testMessage = 'Test message';

    it('debugLog returns false if no options passed', () => {
      assert.equal(debugLog(null, testMessage), false);
    });

    it('debugLog returns false if option debug is false', () => {
      assert.equal(debugLog({debug: false}, testMessage), false);
    });

    it('debugLog returns true if option debug is true', () => {
      assert.equal(debugLog({debug: true}, testMessage), true);
    });

  });
  //isFunc tests
  describe('Test isFunc function', () => {

    it('isFunc returns true if function passed', () => assert.equal(isFunc(()=>{}), true));

    it('isFunc returns false if null passed', function() {
      assert.equal(isFunc(null), false);
    });

    it('isFunc returns false if undefined passed', function() {
      assert.equal(isFunc(undefined), false);
    });

    it('isFunc returns false if object passed', function() {
      assert.equal(isFunc({}), false);
    });

    it('isFunc returns false if array passed', function() {
      assert.equal(isFunc([]), false);
    });
  });
  //errorFunc tests
  describe('Test errorFunc function', () => {

    const resolve = () => 'success';
    const reject = () => 'error';

    it('errorFunc returns resolve if reject function has not been passed', () => {
      let result = errorFunc(resolve);
      assert.equal(result(), 'success');
    });

    it('errorFunc returns reject if reject function has been passed', () => {
      let result = errorFunc(resolve, reject);
      assert.equal(result(), 'error');
    });

  });
  //getTempFilename tests
  describe('Test getTempFilename function', () => {

    const nameRegexp = /tmp-\d{1,5}-\d{1,}/;

    it('getTempFilename result matches regexp /tmp-d{1,5}-d{1,}/', () => {

      let errCounter = 0;
      let tempName = '';
      for (var i = 0; i < 65537; i++) {
        tempName = getTempFilename();
        if (!nameRegexp.test(tempName)) errCounter ++;
      }

      assert.equal(errCounter, 0);
    });

    it('getTempFilename current and previous results are not equal', () => {

      let errCounter = 0;
      let tempName = '';
      let previousName = '';
      for (var i = 0; i < 65537; i++) {
        previousName = tempName;
        tempName = getTempFilename();
        if (previousName === tempName) errCounter ++;
      }

      assert.equal(errCounter, 0);
    });

  });
  //parseFileName
  describe('Test parseFileName function', () => {

    it('Does nothing to your filename when disabled.', () => {
      const opts = {safeFileNames: false};
      const name = 'my$Invalid#fileName.png123';
      const expected = 'my$Invalid#fileName.png123';
      let result = parseFileName(opts, name);
      assert.equal(result, expected);
    });

    it('Cuts of file name length if it more then 255 chars.', () => {
      const name = 'a'.repeat(300);
      const result = parseFileName({}, name);
      assert.equal(result.length, 255);
    });

    it(
      'Strips away all non-alphanumeric characters (excluding hyphens/underscores) when enabled.',
      () => {
        const opts = {safeFileNames: true};
        const name = 'my$Invalid#fileName.png123';
        const expected = 'myInvalidfileNamepng123';
        let result = parseFileName(opts, name);
        assert.equal(result, expected);
      });

    it(
      'Strips away all non-alphanumeric chars when preserveExtension: true for a name without dots',
      () => {
        const opts = {safeFileNames: true, preserveExtension: true};
        const name = 'my$Invalid#fileName';
        const expected = 'myInvalidfileName';
        let result = parseFileName(opts, name);
        assert.equal(result, expected);
      });

    it('Accepts a regex for stripping (decidedly) "invalid" characters from filename.', () => {
      const opts = {safeFileNames: /[$#]/g};
      const name = 'my$Invalid#fileName.png123';
      const expected = 'myInvalidfileName.png123';
      let result = parseFileName(opts, name);
      assert.equal(result, expected);
    });

    it(
      'Returns correct filename if name contains dots characters and preserveExtension: true.',
      () => {
        const opts = {safeFileNames: true, preserveExtension: true};
        const name = 'basket.ball.png';
        const expected = 'basketball.png';
        let result = parseFileName(opts, name);
        assert.equal(result, expected);
      });

    it('Returns a temporary file name if name argument is empty.', () => {
      const opts = {safeFileNames: false};
      const result = parseFileName(opts);
      assert.equal(typeof result, 'string');
    });

  });
  //buildOptions tests
  describe('Test buildOptions function', () => {

    const source = { option1: '1', option2: '2' };
    const sourceAddon = { option3: '3'};
    const expected = { option1: '1', option2: '2' };
    const expectedAddon = { option1: '1', option2: '2', option3: '3'};

    it('buildOptions returns and equal object to the object which was paased', () => {
      let result = buildOptions(source);
      assert.deepStrictEqual(result, source);
    });

    it('buildOptions doesnt add non object or null arguments to the result', () => {
      let result = buildOptions(source, 2, '3', null);
      assert.deepStrictEqual(result, expected);
    });

    it('buildOptions adds value to the result from the several source argumets', () => {
      let result = buildOptions(source, sourceAddon);
      assert.deepStrictEqual(result, expectedAddon);
    });

  });
  //buildFields tests
  describe('Test buildOptions function', () => {

    it('buildFields does nothing if null value has been passed', () => {
      let fields = null;
      fields = buildFields(fields, 'test', null);
      assert.equal(fields, null);
    });

  });
  //checkAndMakeDir tests
  describe('Test checkAndMakeDir function', () => {
    //
    it('checkAndMakeDir returns false if upload options object was not set', () => {
      assert.equal(checkAndMakeDir(), false);
    });
    //
    it('checkAndMakeDir returns false if upload option createParentPath was not set', () => {
      assert.equal(checkAndMakeDir({}), false);
    });
    //
    it('checkAndMakeDir returns false if filePath was not set', () => {
      assert.equal(checkAndMakeDir({createParentPath: true}), false);
    });
    //
    it('checkAndMakeDir return true if path to the file already exists', ()=>{
      let dir = path.join(uploadDir, 'testfile');
      assert.equal(checkAndMakeDir({createParentPath: true}, dir), true);
    });
    //
    it('checkAndMakeDir creates a dir if path to the file not exists', ()=>{
      let dir = path.join(uploadDir, 'testfolder', 'testfile');
      assert.equal(checkAndMakeDir({createParentPath: true}, dir), true);
    });
    //
    it('checkAndMakeDir creates a dir recursively if path to the file not exists', ()=>{
      let dir = path.join(uploadDir, 'testfolder', 'testsubfolder', 'testfile');
      assert.equal(checkAndMakeDir({createParentPath: true}, dir), true);
    });
  });
  //saveBufferToFile tests
  describe('Test saveBufferToFile function', function(){
    beforeEach(function() {
      server.clearUploadsDir();
    });

    it('Save buffer to a file', function(done) {
      let filePath = path.join(uploadDir, mockFile);
      saveBufferToFile(mockBuffer, filePath, function(err){
        if (err) {
          return done(err);
        }
        fs.stat(filePath, done);
      });
    });

    it('Failed if not a buffer passed', function(done) {
      let filePath = path.join(uploadDir, mockFile);
      saveBufferToFile(undefined, filePath, function(err){
        if (err) {
          return done();
        }
      });
    });

    it('Failed if wrong path passed', function(done) {
      let filePath = '';
      saveBufferToFile(mockFile, filePath, function(err){
        if (err) {
          return done();
        }
      });
    });
  });

  describe('Test deleteFile function', function(){
    beforeEach(function() {
      server.clearUploadsDir();
    });

    it('Failed if nonexistent file passed', function(done){
      let filePath = path.join(uploadDir, getTempFilename());

      deleteFile(filePath, function(err){
        if (err) {
          return done();
        }
      });
    });

    it('Delete a file', function(done){
      let srcPath = path.join(fileDir, mockFile);
      let dstPath = path.join(uploadDir, getTempFilename());

      //copy a file
      copyFile(srcPath, dstPath, function(err){
        if (err) {
          return done(err);
        }
        fs.stat(dstPath, (err)=>{
          if (err){
            return done(err);
          }
          // delete a file
          deleteFile(dstPath, function(err){
            if (err) {
              return done(err);
            }

            fs.stat(dstPath, (err)=>{
              if (err){
                return done();
              }

              //error if a file still exist
              done(err);
            });
          });
        });
      });
    });

  });

  describe('Test copyFile function', function(){
    beforeEach(function() {
      server.clearUploadsDir();
    });

    it('Copy a file and check a hash', function(done) {
      let srcPath = path.join(fileDir, mockFile);
      let dstPath = path.join(uploadDir, mockFile);

      copyFile(srcPath, dstPath, function(err){
        if (err) {
          return done(err);
        }
        fs.stat(dstPath, (err)=>{
          if (err){
            return done(err);
          }
          //Match source and destination files hash.
          let fileBuffer = fs.readFileSync(dstPath);
          let fileHash = md5(fileBuffer);
          return (fileHash === mockHash) ? done() : done(err);
        });
      });
    });

    it('Failed if wrong source file path passed', function(done){
      let srcPath = path.join(fileDir, 'unknown');
      let dstPath = path.join(uploadDir, mockFile);

      copyFile(srcPath, dstPath, function(err){
        if (err) {
          return done();
        }
      });
    });

    it('Failed if wrong destination file path passed', function(done){
      let srcPath = path.join(fileDir, 'unknown');
      let dstPath = path.join('unknown', 'unknown');

      copyFile(srcPath, dstPath, function(err){
        if (err) {
          return done();
        }
      });
    });
  });

  describe('Test uriDecodeFileName function', function() {
    const testData = [
      { enc: 'test%22filename', dec: 'test"filename' },
      { enc: 'test%60filename', dec: 'test`filename' },
      { enc: '%3Fx%3Dtest%22filename', dec: '?x=test"filename'}
    ];

    // Test decoding if uriDecodeFileNames: true.
    testData.forEach((testName) => {
      const opts = { uriDecodeFileNames: true };
      it(`Return ${testName.dec} for input ${testName.enc} if uriDecodeFileNames: true`, () => {
        assert.equal(uriDecodeFileName(opts, testName.enc), testName.dec);
      });
    });

    // Test decoding if uriDecodeFileNames: false.
    testData.forEach((testName) => {
      const opts = { uriDecodeFileNames: false };
      it(`Return ${testName.enc} for input ${testName.enc} if uriDecodeFileNames: false`, () => {
        assert.equal(uriDecodeFileName(opts, testName.enc), testName.enc);
      });
    });
  });

  describe('Test for no prototype pollution in buildFields', function() {
    const prototypeFields = [
      { name: '__proto__', data: {} },
      { name: 'constructor', data: {} },
      { name: 'toString', data: {} }
    ];

    const nonPrototypeFields = [
      { name: 'a', data: {} },
      { name: 'b', data: {} }
    ];

    let fieldObject = undefined;
    [...prototypeFields, ...nonPrototypeFields].forEach((field) => {
      fieldObject = buildFields(fieldObject, field.name, field.data);
    });

    it(`Has ${nonPrototypeFields.length} keys`, () => {
      assert.equal(Object.keys(fieldObject).length, nonPrototypeFields.length);
    });

    it(`Has null as its prototype`, () => {
      assert.equal(Object.getPrototypeOf(fieldObject), null);
    });

    prototypeFields.forEach((field) => {
      it(`${field.name} property is not an array`, () => {
        // Note, Array.isArray is an insufficient test due to it returning false
        // for Objects with an array prototype.
        assert.equal(fieldObject[field.name] instanceof Array, false);
      });
    });
  });

  describe('Test for correct detection of prototype pollution', function() {
    const validInsertions = [
      { base: {}, key: 'a' },
      { base: { a: 1 }, key: 'a' },
      { base: { __proto__: { a: 1 } }, key: 'a' },
      { base: [1], key: 0 },
      { base: { __proto__: [1] }, key: 0 }
    ];

    const invalidInsertions = [
      { base: {}, key: '__proto__' },
      { base: {}, key: 'constructor' },
      { base: [1], key: '__proto__' },
      { base: [1], key: 'length' },
      { base: { __proto__: [1] }, key: 'length' }
    ];

    validInsertions.forEach((insertion) => {
      it(`Key ${insertion.key} should be valid for ${JSON.stringify(insertion.base)}`, () => {
        assert.equal(isSafeFromPollution(insertion.base, insertion.key), true);
      });
    });

    invalidInsertions.forEach((insertion) => {
      it(`Key ${insertion.key} should not be valid for ${JSON.stringify(insertion.base)}`, () => {
        assert.equal(isSafeFromPollution(insertion.base, insertion.key), false);
      });
    });
  });
});