162 lines
4.6 KiB
JavaScript
162 lines
4.6 KiB
JavaScript
'use strict';
|
|
|
|
// testing prerequisites
|
|
global.assert = require('assert');
|
|
global.jsc = require('jsverify');
|
|
global.jsdom = require('jsdom-global');
|
|
global.cleanup = global.jsdom();
|
|
global.fs = require('fs');
|
|
global.WebCrypto = require('node-webcrypto-ossl');
|
|
|
|
// application libraries to test
|
|
global.$ = global.jQuery = require('./jquery-3.3.1');
|
|
global.RawDeflate = require('./rawinflate-0.3').RawDeflate;
|
|
require('./zlib-1.2.11');
|
|
require('./prettify');
|
|
global.prettyPrint = window.PR.prettyPrint;
|
|
global.prettyPrintOne = window.PR.prettyPrintOne;
|
|
global.showdown = require('./showdown-1.8.6');
|
|
global.DOMPurify = require('./purify-1.0.7');
|
|
require('./bootstrap-3.3.7');
|
|
require('./privatebin');
|
|
|
|
// internal variables
|
|
var a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m',
|
|
'n','o','p','q','r','s','t','u','v','w','x','y','z'],
|
|
digitString = ['0','1','2','3','4','5','6','7','8','9'],
|
|
alnumString = a2zString.concat(digitString),
|
|
hexString = digitString.concat(['a','b','c','d','e','f']),
|
|
queryString = alnumString.concat(['+','%','&','.','*','-','_']),
|
|
hashString = queryString.concat(['!']),
|
|
base64String = alnumString.concat(['+','/','=']).concat(
|
|
a2zString.map(function(c) {
|
|
return c.toUpperCase();
|
|
})
|
|
),
|
|
schemas = ['ftp','gopher','http','https','ws','wss'],
|
|
supportedLanguages = ['de', 'es', 'fr', 'it', 'no', 'pl', 'pt', 'oc', 'ru', 'sl', 'zh'],
|
|
mimeTypes = ['image/png', 'application/octet-stream'],
|
|
formats = ['plaintext', 'markdown', 'syntaxhighlighting'],
|
|
/**
|
|
* character to HTML entity lookup table
|
|
*
|
|
* @see {@link https://github.com/janl/mustache.js/blob/master/mustache.js#L60}
|
|
*/
|
|
entityMap = {
|
|
'&': '&',
|
|
'<': '<',
|
|
'>': '>',
|
|
'"': '"',
|
|
"'": ''',
|
|
'/': '/',
|
|
'`': '`',
|
|
'=': '='
|
|
},
|
|
mimeFile = fs.createReadStream('/etc/mime.types'),
|
|
mimeLine = '';
|
|
|
|
// populate mime types from environment
|
|
mimeFile.on('data', function(data) {
|
|
mimeLine += data;
|
|
var index = mimeLine.indexOf('\n');
|
|
while (index > -1) {
|
|
var line = mimeLine.substring(0, index);
|
|
mimeLine = mimeLine.substring(index + 1);
|
|
parseMime(line);
|
|
index = mimeLine.indexOf('\n');
|
|
}
|
|
});
|
|
|
|
mimeFile.on('end', function() {
|
|
if (mimeLine.length > 0) {
|
|
parseMime(mimeLine);
|
|
}
|
|
});
|
|
|
|
function parseMime(line) {
|
|
// ignore comments
|
|
var index = line.indexOf('#');
|
|
if (index > -1) {
|
|
line = line.substring(0, index);
|
|
}
|
|
|
|
// ignore bits after tabs
|
|
index = line.indexOf('\t');
|
|
if (index > -1) {
|
|
line = line.substring(0, index);
|
|
}
|
|
if (line.length > 0) {
|
|
mimeTypes.push(line);
|
|
}
|
|
}
|
|
|
|
// common testing helper functions
|
|
exports.atob = atob;
|
|
exports.btoa = btoa;
|
|
|
|
/**
|
|
* convert all applicable characters to HTML entities
|
|
*
|
|
* @see {@link https://www.owasp.org/index.php/XSS_(Cross_Site_Scripting)_Prevention_Cheat_Sheet#RULE_.231_-_HTML_Escape_Before_Inserting_Untrusted_Data_into_HTML_Element_Content}
|
|
* @name htmlEntities
|
|
* @function
|
|
* @param {string} str
|
|
* @return {string} escaped HTML
|
|
*/
|
|
exports.htmlEntities = function(str) {
|
|
return String(str).replace(
|
|
/[&<>"'`=\/]/g, function(s) {
|
|
return entityMap[s];
|
|
});
|
|
};
|
|
|
|
// provides random lowercase characters from a to z
|
|
exports.jscA2zString = function() {
|
|
return jsc.elements(a2zString);
|
|
};
|
|
|
|
// provides random lowercase alpha numeric characters (a to z and 0 to 9)
|
|
exports.jscAlnumString = function() {
|
|
return jsc.elements(alnumString);
|
|
};
|
|
|
|
//provides random characters allowed in hexadecimal notation
|
|
exports.jscHexString = function() {
|
|
return jsc.elements(hexString);
|
|
};
|
|
|
|
// provides random characters allowed in GET queries
|
|
exports.jscQueryString = function() {
|
|
return jsc.elements(queryString);
|
|
};
|
|
|
|
// provides random characters allowed in hash queries
|
|
exports.jscHashString = function() {
|
|
return jsc.elements(hashString);
|
|
};
|
|
|
|
// provides random characters allowed in base64 encoded strings
|
|
exports.jscBase64String = function() {
|
|
return jsc.elements(base64String);
|
|
};
|
|
|
|
// provides a random URL schema supported by the whatwg-url library
|
|
exports.jscSchemas = function() {
|
|
return jsc.elements(schemas);
|
|
};
|
|
|
|
// provides a random supported language string
|
|
exports.jscSupportedLanguages = function() {
|
|
return jsc.elements(supportedLanguages);
|
|
};
|
|
|
|
// provides a random mime type
|
|
exports.jscMimeTypes = function() {
|
|
return jsc.elements(mimeTypes);
|
|
};
|
|
|
|
// provides a random PrivateBin paste formatter
|
|
exports.jscFormats = function() {
|
|
return jsc.elements(formats);
|
|
};
|
|
|