forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
feedback.ts
76 lines (73 loc) · 1.99 KB
/
feedback.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
/*
* Copyright (c) 2014-2024 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/
/* jslint node: true */
import * as utils from '../lib/utils'
import * as challengeUtils from '../lib/challengeUtils'
import {
Model,
type InferAttributes,
type InferCreationAttributes,
DataTypes,
type CreationOptional,
type Sequelize
} from 'sequelize'
import { challenges } from '../data/datacache'
import * as security from '../lib/insecurity'
class Feedback extends Model<
InferAttributes<Feedback>,
InferCreationAttributes<Feedback>
> {
declare UserId: number | null
declare id: CreationOptional<number>
declare comment: string
declare rating: number
}
const FeedbackModelInit = (sequelize: Sequelize) => {
Feedback.init(
{
UserId: {
type: DataTypes.INTEGER
},
id: {
type: DataTypes.INTEGER,
primaryKey: true,
autoIncrement: true
},
comment: {
type: DataTypes.STRING,
set (comment: string) {
let sanitizedComment: string
if (utils.isChallengeEnabled(challenges.persistedXssFeedbackChallenge)) {
sanitizedComment = security.sanitizeHtml(comment)
challengeUtils.solveIf(challenges.persistedXssFeedbackChallenge, () => {
return utils.contains(
sanitizedComment,
'<iframe src="javascript:alert(`xss`)">'
)
})
} else {
sanitizedComment = security.sanitizeSecure(comment)
}
this.setDataValue('comment', sanitizedComment)
}
},
rating: {
type: DataTypes.INTEGER,
allowNull: false,
set (rating: number) {
this.setDataValue('rating', rating)
challengeUtils.solveIf(challenges.zeroStarsChallenge, () => {
return rating === 0
})
}
}
},
{
tableName: 'Feedbacks',
sequelize
}
)
}
export { Feedback as FeedbackModel, FeedbackModelInit }