-
Notifications
You must be signed in to change notification settings - Fork 4
/
Flow.spec.ts
74 lines (60 loc) · 2.34 KB
/
Flow.spec.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
import {should} from "chai";
import "mocha";
import {Flow} from "../../src";
import {run} from "../sandbox";
should();
describe("Flow", () => {
context("ordinary string", () => {
it("should not be recognized as tainted", () => {
run(() => Flow.of("").isTainted).should.be.false;
});
it("should be released as it is", () => {
run(() => Flow.of("test").release()).should.equal("test");
});
it("should be watched as it is", () => {
run(() => Flow.of("test").watch()).should.equal("test");
});
});
context("tainted string", () => {
it("should be recognized as tainted", () => {
run(() => Flow.of(Flow.tainted("")).isTainted).should.be.true;
});
it("should have string type", () => {
run(() => typeof Flow.tainted("")).should.equal("string");
});
it("should proxify `toString` method call", () => {
run(() => Flow.tainted("test").toString()).should.equal("test");
});
it("should propagate after concatenation", () => {
// tslint:disable-next-line: prefer-template
run(() => Flow.of(Flow.tainted("") + "").isTainted).should.be.true;
});
it("should propagate when getting property", () => {
run(() => {
return Flow.of(Flow.tainted("").length).isTainted;
}).should.be.true;
});
it("should propagate after the method call", () => {
run(() => {
return Flow.of(Flow.tainted("a#b").split("#")).isTainted;
}).should.be.true;
});
it("should propagate to called function as an argument", () => {
run(() => {
const isFlowedInto = <T>(x: T) => Flow.of(x).isTainted;
return isFlowedInto(Flow.tainted(""));
}).should.be.true;
});
});
context("tainted value interacting with native API", () => {
it("should pass to native function as an argument", () => {
run(() => parseInt(Flow.tainted("1"), 10)).should.equal(1);
});
});
it("should propagate when getting property by tainted name", () => {
run(() => {
const method = {}[Flow.tainted("toString")];
return Flow.of(method).isTainted;
}).should.be.true;
});
});