-
Notifications
You must be signed in to change notification settings - Fork 8.3k
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Browse files
Browse the repository at this point in the history
- Loading branch information
Showing
2 changed files
with
33 additions
and
26 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
|
@@ -19,36 +19,39 @@ | |
|
||
import { shortUrlAssertValid } from './short_url_assert_valid'; | ||
|
||
const PROTOCOL_ERROR = /^Short url targets cannot have a protocol/; | ||
const HOSTNAME_ERROR = /^Short url targets cannot have a hostname/; | ||
const PATH_ERROR = /^Short url target path must be in the format/; | ||
|
||
describe('shortUrlAssertValid()', () => { | ||
const invalid = [ | ||
['protocol', 'http://localhost:5601/app/kibana'], | ||
['protocol', 'https://localhost:5601/app/kibana'], | ||
['protocol', 'mailto:[email protected]'], | ||
['protocol', 'javascript:alert("hi")'], // eslint-disable-line no-script-url | ||
['hostname', 'localhost/app/kibana'], | ||
['hostname and port', 'local.host:5601/app/kibana'], | ||
['hostname and auth', 'user:[email protected]/app/kibana'], | ||
['path traversal', '/app/../../not-kibana'], | ||
['deep path', '/app/kibana/foo'], | ||
['deep path', '/app/kibana/foo/bar'], | ||
['base path', '/base/app/kibana'], | ||
['protocol', 'http://localhost:5601/app/kibana', PROTOCOL_ERROR], | ||
['protocol', 'https://localhost:5601/app/kibana', PROTOCOL_ERROR], | ||
['protocol', 'mailto:[email protected]', PROTOCOL_ERROR], | ||
['protocol', 'javascript:alert("hi")', PROTOCOL_ERROR], // eslint-disable-line no-script-url | ||
['hostname', 'localhost/app/kibana', PATH_ERROR], // according to spec, this is not a valid URL -- you cannot specify a hostname without a protocol | ||
['hostname and port', 'local.host:5601/app/kibana', PROTOCOL_ERROR], // parser detects 'local.host' as the protocol | ||
['hostname and auth', 'user:[email protected]/app/kibana', PROTOCOL_ERROR], // parser detects 'user' as the protocol | ||
['path traversal', '/app/../../not-kibana', PATH_ERROR], // fails because there are >2 path parts | ||
['path traversal', '/../not-kibana', PATH_ERROR], // fails because first path part is not 'app' | ||
['deep path', '/app/kibana/foo', PATH_ERROR], // fails because there are >2 path parts | ||
['deeper path', '/app/kibana/foo/bar', PATH_ERROR], // fails because there are >2 path parts | ||
['base path', '/base/app/kibana', PATH_ERROR], // fails because there are >2 path parts | ||
['path with an extra leading slash', '//foo/app/kibana', HOSTNAME_ERROR], // parser detects 'foo' as the hostname | ||
['path with an extra leading slash', '///app/kibana', HOSTNAME_ERROR], // parser detects '' as the hostname | ||
['path without app', '/foo/kibana', PATH_ERROR], // fails because first path part is not 'app' | ||
['path without appId', '/app/', PATH_ERROR], // fails because there is only one path part (leading and trailing slashes are trimmed) | ||
]; | ||
|
||
invalid.forEach(([desc, url]) => { | ||
it(`fails when url has ${desc}`, () => { | ||
try { | ||
shortUrlAssertValid(url); | ||
throw new Error(`expected assertion to throw`); | ||
} catch (err) { | ||
if (!err || !err.isBoom) { | ||
throw err; | ||
} | ||
} | ||
invalid.forEach(([desc, url, error]) => { | ||
it(`fails when url has ${desc as string}`, () => { | ||
expect(() => shortUrlAssertValid(url as string)).toThrowError(error); | ||
}); | ||
}); | ||
|
||
const valid = [ | ||
'/app/kibana', | ||
'/app/kibana/', // leading and trailing slashes are trimmed | ||
'/app/monitoring#angular/route', | ||
'/app/text#document-id', | ||
'/app/some?with=query', | ||
|
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters