mirror of
https://github.com/freeCodeCamp/freeCodeCamp.git
synced 2026-01-24 06:03:28 -05:00
39857b5aa4
* test: confirm all schemas pass basic validation * refactor: use tested schemas in routes * chore: move ajv to dev deps
45 lines
1.3 KiB
TypeScript
45 lines
1.3 KiB
TypeScript
import Ajv from 'ajv';
|
|
import secureSchema from 'ajv/lib/refs/json-schema-secure.json';
|
|
|
|
import { schemas } from './schemas';
|
|
|
|
// it's not strict, but that's okay - we're not using it to validate data
|
|
const ajv = new Ajv({ strictTypes: false });
|
|
const isSchemaSecure = ajv.compile(secureSchema);
|
|
|
|
describe('Schemas do not use obviously dangerous validation', () => {
|
|
Object.entries(schemas).forEach(([name, schema]) => {
|
|
describe(`schema ${name} is okay`, () => {
|
|
if ('body' in schema) {
|
|
test('body is secure', () => {
|
|
expect(isSchemaSecure(schema.body)).toBeTruthy();
|
|
});
|
|
}
|
|
|
|
if ('querystring' in schema) {
|
|
test('querystring is secure', () => {
|
|
expect(isSchemaSecure(schema.querystring)).toBeTruthy();
|
|
});
|
|
}
|
|
|
|
if ('params' in schema) {
|
|
test('params is secure', () => {
|
|
expect(isSchemaSecure(schema.params)).toBeTruthy();
|
|
});
|
|
}
|
|
|
|
if ('headers' in schema) {
|
|
test('headers is secure', () => {
|
|
expect(isSchemaSecure(schema.headers)).toBeTruthy();
|
|
});
|
|
}
|
|
|
|
Object.entries(schema.response).forEach(([code, codeSchema]) => {
|
|
test(`response ${code} is secure`, () => {
|
|
expect(isSchemaSecure(codeSchema)).toBeTruthy();
|
|
});
|
|
});
|
|
});
|
|
});
|
|
});
|