Skip to content

Commit

Permalink
Implement open redirect fuzz testing
Browse files Browse the repository at this point in the history
  • Loading branch information
@nas-tabchiche
nas-tabchiche committed Oct 6, 2024
1 parent 7c6efda commit a33d502
Showing 1 changed file with 26 additions and 5 deletions.
31 changes: 26 additions & 5 deletions frontend/tests/fuzz/open-redirect/open-redirect.test.ts
View file
Original file line number Diff line number Diff line change
@@ -1,13 +1,34 @@
import { expect, setHttpResponsesListener, test } from '../../utils/test-utils.js';
import { expect, test } from '../../utils/test-utils.js';

import { readFileSync } from 'fs';

test('open redirect fuzz tests', async () => {
test.slow();

test('open redirect fuzz tests', async ({ logedPage }) => {
await test.step('fuzz open redirect', async () => {
await logedPage.page.getByRole('button', { name: 'Organization' }).click();
await logedPage.page.getByTestId('accordion-item-folders').click();
await logedPage.page.getByTestId('add-button').click();
await logedPage.page
.getByTestId('form-input-name')
.fill('Irure commodo consequat fugiat elit mollit in aute et incididunt et tempor.');
await logedPage.page.getByTestId('save-button').click();

const payloadsFile = './tests/fuzz/open-redirect/payloads.txt';
const payloads = readFileSync(payloadsFile, 'utf8').split('\n');
console.log(payloads);

const href = await logedPage.page
.getByTestId('tablerow-edit-button')
.getAttribute('href')

Check failure on line 20 in frontend/tests/fuzz/open-redirect/open-redirect.test.ts

View workflow job for this annotation

GitHub Actions / functional-tests (3.11, chromium)

[chromium] › fuzz/open-redirect/open-redirect.test.ts:5:1 › open redirect fuzz tests 

  1) [chromium] › fuzz/open-redirect/open-redirect.test.ts:5:1 › open redirect fuzz tests › fuzz open redirect 
    Error: locator.getAttribute: Error: strict mode violation: getByTestId('tablerow-edit-button') resolved to 2 elements:
        1) <a data-testid="tablerow-edit-button" class="unstyled cursor-pointer hover:text-primary-500" href="/folders/e2c1d61a-5a4a-4027-829f-d2e6cbf6ee0c/edit?next=/folders">…</a> aka getByRole('row', { name: '0-Test domain-da0e Test' }).getByTestId('tablerow-edit-button')
        2) <a data-testid="tablerow-edit-button" class="unstyled cursor-pointer hover:text-primary-500" href="/folders/6fed0a88-f02e-4baf-a999-a1cd121a23a5/edit?next=/folders">…</a> aka getByRole('row', { name: '0-Test domain-059a edited' }).getByTestId('tablerow-edit-button')

    Call log:
      - waiting for getByTestId('tablerow-edit-button')


      18 | 		const href = await logedPage.page
      19 | 			.getByTestId('tablerow-edit-button')
    > 20 | 			.getAttribute('href')
         | 			 ^
      21 | 			.then((href) => href!.split('?')[0]);
      22 |
      23 | 		const currentURL = logedPage.page.url();

        at /home/runner/work/ciso-assistant-community/ciso-assistant-community/frontend/tests/fuzz/open-redirect/open-redirect.test.ts:20:5
        at /home/runner/work/ciso-assistant-community/ciso-assistant-community/frontend/tests/fuzz/open-redirect/open-redirect.test.ts:6:2

Check failure on line 20 in frontend/tests/fuzz/open-redirect/open-redirect.test.ts

View workflow job for this annotation

GitHub Actions / functional-tests (3.11, chromium)

[chromium] › fuzz/open-redirect/open-redirect.test.ts:5:1 › open redirect fuzz tests 

  1) [chromium] › fuzz/open-redirect/open-redirect.test.ts:5:1 › open redirect fuzz tests › fuzz open redirect 

    Retry #1 ───────────────────────────────────────────────────────────────────────────────────────
    Error: locator.getAttribute: Error: strict mode violation: getByTestId('tablerow-edit-button') resolved to 3 elements:
        1) <a data-testid="tablerow-edit-button" class="unstyled cursor-pointer hover:text-primary-500" href="/folders/e2c1d61a-5a4a-4027-829f-d2e6cbf6ee0c/edit?next=/folders">…</a> aka getByRole('row', { name: '0-Test domain-da0e Test' }).getByTestId('tablerow-edit-button')
        2) <a data-testid="tablerow-edit-button" class="unstyled cursor-pointer hover:text-primary-500" href="/folders/6fed0a88-f02e-4baf-a999-a1cd121a23a5/edit?next=/folders">…</a> aka getByRole('row', { name: '0-Test domain-059a edited' }).getByTestId('tablerow-edit-button')
        3) <a data-testid="tablerow-edit-button" class="unstyled cursor-pointer hover:text-primary-500" href="/folders/a28d1379-38c6-4d52-883d-4f5e6636098a/edit?next=/folders">…</a> aka getByRole('row', { name: 'Irure commodo consequat' }).getByTestId('tablerow-edit-button')

    Call log:
      - waiting for getByTestId('tablerow-edit-button')


      18 | 		const href = await logedPage.page
      19 | 			.getByTestId('tablerow-edit-button')
    > 20 | 			.getAttribute('href')
         | 			 ^
      21 | 			.then((href) => href!.split('?')[0]);
      22 |
      23 | 		const currentURL = logedPage.page.url();

        at /home/runner/work/ciso-assistant-community/ciso-assistant-community/frontend/tests/fuzz/open-redirect/open-redirect.test.ts:20:5
        at /home/runner/work/ciso-assistant-community/ciso-assistant-community/frontend/tests/fuzz/open-redirect/open-redirect.test.ts:6:2
.then((href) => href!.split('?')[0]);

const currentURL = logedPage.page.url();
const parsedURL = new URL(currentURL);
const hostname = parsedURL.hostname;

for (const payload of payloads) {
await logedPage.page.goto(`${href}?next=${payload}`);
await logedPage.page.getByTestId('cancel-button').click();
// Redirecting to next MUST not redirect to another domain
await expect(logedPage.page).toHaveURL(new RegExp(`^.*${hostname}.*$`));
}
});
});

0 comments on commit a33d502

Please sign in to comment.