Add API test for upload of password-protected ZIP file

(to reproduce juice-shop#750)
qauni · Nov 22, 2018 · 8a2606b · 8a2606b
1 parent c1e69c8
commit 8a2606b
Show file tree

Hide file tree

Showing 2 changed files with 10 additions and 1 deletion.
diff --git a/test/api/fileUploadSpec.js b/test/api/fileUploadSpec.js
@@ -122,7 +122,16 @@ describe('/file-upload', () => {
       .expect('status', 500)
   })
 
-  xit('POST zip file with directory traversal payload', () => {
+  it('POST zip file with password protection', () => {
+    const file = path.resolve(__dirname, '../files/passwordProtected.zip')
+    const form = frisby.formData()
+    form.append('file', fs.createReadStream(file))
+
+    return frisby.post(URL + '/file-upload', { headers: { 'Content-Type': form.getHeaders()['content-type'] }, body: form })
+      .expect('status', 204)
+  })
+
+  it('POST zip file with directory traversal payload', () => {
     const file = path.resolve(__dirname, '../files/arbitraryFileWrite.zip')
     const form = frisby.formData()
     form.append('file', fs.createReadStream(file))

diff --git a/test/files/passwordProtected.zip b/test/files/passwordProtected.zip