2014-01-31 17:53:27 -05:00
|
|
|
/*globals describe, beforeEach, afterEach, before, it*/
|
|
|
|
var fs = require('fs'),
|
|
|
|
path = require('path'),
|
|
|
|
should = require('should'),
|
|
|
|
sinon = require('sinon'),
|
|
|
|
_ = require("underscore"),
|
|
|
|
helpers = require('../../server/helpers'),
|
|
|
|
filters = require('../../server/filters'),
|
|
|
|
|
|
|
|
// Stuff we are testing
|
|
|
|
appProxy = require('../../server/apps/proxy'),
|
|
|
|
AppSandbox = require('../../server/apps/sandbox');
|
|
|
|
|
|
|
|
describe('Apps', function () {
|
|
|
|
|
|
|
|
var sandbox,
|
|
|
|
fakeApi;
|
|
|
|
|
|
|
|
beforeEach(function () {
|
|
|
|
sandbox = sinon.sandbox.create();
|
|
|
|
|
|
|
|
fakeApi = {
|
|
|
|
posts: {
|
|
|
|
browse: sandbox.stub(),
|
|
|
|
read: sandbox.stub(),
|
|
|
|
edit: sandbox.stub(),
|
|
|
|
add: sandbox.stub(),
|
|
|
|
destroy: sandbox.stub()
|
|
|
|
},
|
|
|
|
users: {
|
|
|
|
browse: sandbox.stub(),
|
|
|
|
read: sandbox.stub(),
|
|
|
|
edit: sandbox.stub()
|
|
|
|
},
|
|
|
|
tags: {
|
|
|
|
all: sandbox.stub()
|
|
|
|
},
|
|
|
|
notifications: {
|
|
|
|
destroy: sandbox.stub(),
|
|
|
|
add: sandbox.stub()
|
|
|
|
},
|
|
|
|
settings: {
|
|
|
|
browse: sandbox.stub(),
|
|
|
|
read: sandbox.stub(),
|
|
|
|
add: sandbox.stub()
|
|
|
|
}
|
|
|
|
};
|
|
|
|
});
|
|
|
|
|
|
|
|
afterEach(function () {
|
|
|
|
sandbox.restore();
|
|
|
|
});
|
|
|
|
|
|
|
|
describe('Proxy', function () {
|
|
|
|
it('creates a ghost proxy', function () {
|
|
|
|
should.exist(appProxy.filters);
|
|
|
|
appProxy.filters.register.should.equal(filters.registerFilter);
|
|
|
|
appProxy.filters.unregister.should.equal(filters.unregisterFilter);
|
|
|
|
|
|
|
|
should.exist(appProxy.helpers);
|
|
|
|
appProxy.helpers.register.should.equal(helpers.registerThemeHelper);
|
|
|
|
appProxy.helpers.registerAsync.should.equal(helpers.registerAsyncThemeHelper);
|
|
|
|
|
|
|
|
should.exist(appProxy.api);
|
|
|
|
|
|
|
|
should.exist(appProxy.api.posts);
|
|
|
|
should.not.exist(appProxy.api.posts.edit);
|
|
|
|
should.not.exist(appProxy.api.posts.add);
|
|
|
|
should.not.exist(appProxy.api.posts.destroy);
|
|
|
|
|
|
|
|
should.not.exist(appProxy.api.users);
|
|
|
|
|
|
|
|
should.exist(appProxy.api.tags);
|
|
|
|
|
|
|
|
should.exist(appProxy.api.notifications);
|
|
|
|
should.not.exist(appProxy.api.notifications.destroy);
|
|
|
|
|
|
|
|
should.exist(appProxy.api.settings);
|
|
|
|
should.not.exist(appProxy.api.settings.browse);
|
|
|
|
should.not.exist(appProxy.api.settings.add);
|
|
|
|
});
|
|
|
|
});
|
2014-02-06 06:58:58 -05:00
|
|
|
|
2014-01-31 17:53:27 -05:00
|
|
|
describe('Sandbox', function () {
|
|
|
|
it('loads apps in a sandbox', function () {
|
|
|
|
var appBox = new AppSandbox(),
|
|
|
|
appPath = path.resolve(__dirname, '..', 'utils', 'fixtures', 'app', 'good.js'),
|
|
|
|
GoodApp,
|
|
|
|
app;
|
|
|
|
|
|
|
|
GoodApp = appBox.loadApp(appPath);
|
|
|
|
|
|
|
|
should.exist(GoodApp);
|
|
|
|
|
|
|
|
app = new GoodApp(appProxy);
|
|
|
|
|
|
|
|
app.install(appProxy);
|
|
|
|
|
|
|
|
app.app.something.should.equal(42);
|
|
|
|
app.app.util.util().should.equal(42);
|
|
|
|
app.app.nested.other.should.equal(42);
|
|
|
|
app.app.path.should.equal(appPath);
|
|
|
|
});
|
|
|
|
|
|
|
|
it('does not allow apps to require blacklisted modules at top level', function () {
|
|
|
|
var appBox = new AppSandbox(),
|
|
|
|
badAppPath = path.join(__dirname, '..', 'utils', 'fixtures', 'app', 'badtop.js'),
|
|
|
|
BadApp,
|
|
|
|
app,
|
|
|
|
loadApp = function () {
|
|
|
|
appBox.loadApp(badAppPath);
|
|
|
|
};
|
|
|
|
|
|
|
|
loadApp.should.throw('Unsafe App require: knex');
|
|
|
|
});
|
|
|
|
|
|
|
|
it('does not allow apps to require blacklisted modules at install', function () {
|
|
|
|
var appBox = new AppSandbox(),
|
|
|
|
badAppPath = path.join(__dirname, '..', 'utils', 'fixtures', 'app', 'badinstall.js'),
|
|
|
|
BadApp,
|
|
|
|
app,
|
|
|
|
installApp = function () {
|
|
|
|
app.install(appProxy);
|
|
|
|
};
|
|
|
|
|
|
|
|
BadApp = appBox.loadApp(badAppPath);
|
|
|
|
|
|
|
|
app = new BadApp(appProxy);
|
|
|
|
|
|
|
|
installApp.should.throw('Unsafe App require: knex');
|
|
|
|
});
|
|
|
|
|
|
|
|
it('does not allow apps to require blacklisted modules from other requires', function () {
|
|
|
|
var appBox = new AppSandbox(),
|
|
|
|
badAppPath = path.join(__dirname, '..', 'utils', 'fixtures', 'app', 'badrequire.js'),
|
|
|
|
BadApp,
|
|
|
|
app,
|
|
|
|
loadApp = function () {
|
|
|
|
BadApp = appBox.loadApp(badAppPath);
|
|
|
|
};
|
|
|
|
|
|
|
|
loadApp.should.throw('Unsafe App require: knex');
|
|
|
|
});
|
|
|
|
|
|
|
|
it('does not allow apps to require modules relatively outside their directory', function () {
|
|
|
|
var appBox = new AppSandbox(),
|
|
|
|
badAppPath = path.join(__dirname, '..', 'utils', 'fixtures', 'app', 'badoutside.js'),
|
|
|
|
BadApp,
|
|
|
|
app,
|
|
|
|
loadApp = function () {
|
|
|
|
BadApp = appBox.loadApp(badAppPath);
|
|
|
|
};
|
|
|
|
|
2014-02-06 06:58:58 -05:00
|
|
|
loadApp.should.throw(/^Unsafe App require[\w\W]*example$/);
|
2014-01-31 17:53:27 -05:00
|
|
|
});
|
|
|
|
});
|
|
|
|
});
|