-
Notifications
You must be signed in to change notification settings - Fork 199
/
config.e2e-spec.ts
60 lines (53 loc) · 1.57 KB
/
config.e2e-spec.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
import { SecRunner } from '@sectester/runner';
import { TestType } from '@sectester/scan';
describe('/api', () => {
const timeout = 600000;
jest.setTimeout(timeout);
let runner: SecRunner;
beforeEach(async () => {
runner = new SecRunner({ hostname: process.env.BRIGHT_CLUSTER });
await runner.init();
});
afterEach(() => runner.clear());
describe('GET /config', () => {
it('should use and implement cookies with secure attributes', async () => {
await runner
.createScan({
tests: [TestType.COOKIE_SECURITY],
name: 'COOKIE_SECURITY'
})
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}/api/config`
});
});
it('should contain proper Security Headers configuration', async () => {
await runner
.createScan({
tests: [TestType.HEADER_SECURITY],
name: 'HEADER_SECURITY'
})
.timeout(timeout)
.run({
method: 'GET',
url: `${process.env.SEC_TESTER_TARGET}/api/config?query=no-sec-headers`
});
});
it('should not contain errors that include full webroot path', async () => {
await runner
.createScan({
tests: [TestType.FULL_PATH_DISCLOSURE],
name: 'FULL_PATH_DISCLOSURE'
})
.timeout(timeout)
.run({
method: 'GET',
headers: {
cookie: `bc-calls-counter=${Date.now().toString()}`
},
url: `${process.env.SEC_TESTER_TARGET}/api/config`
});
});
});
});