From a33d5023afa7df5f83228b10d939c873532dd99a Mon Sep 17 00:00:00 2001
From: Nassim Tabchiche <n.tabchiche2@gmail.com>
Date: Mon, 7 Oct 2024 00:10:08 +0200
Subject: [PATCH] Implement open redirect fuzz testing

---
 .../fuzz/open-redirect/open-redirect.test.ts  | 31 ++++++++++++++++---
 1 file changed, 26 insertions(+), 5 deletions(-)

diff --git a/frontend/tests/fuzz/open-redirect/open-redirect.test.ts b/frontend/tests/fuzz/open-redirect/open-redirect.test.ts
index edabf1ef3..be5d387aa 100644
--- a/frontend/tests/fuzz/open-redirect/open-redirect.test.ts
+++ b/frontend/tests/fuzz/open-redirect/open-redirect.test.ts
@@ -1,13 +1,34 @@
-import { expect, setHttpResponsesListener, test } from '../../utils/test-utils.js';
+import { expect, test } from '../../utils/test-utils.js';
 
 import { readFileSync } from 'fs';
 
-test('open redirect fuzz tests', async () => {
-	test.slow();
-
+test('open redirect fuzz tests', async ({ logedPage }) => {
 	await test.step('fuzz open redirect', async () => {
+		await logedPage.page.getByRole('button', { name: 'Organization' }).click();
+		await logedPage.page.getByTestId('accordion-item-folders').click();
+		await logedPage.page.getByTestId('add-button').click();
+		await logedPage.page
+			.getByTestId('form-input-name')
+			.fill('Irure commodo consequat fugiat elit mollit in aute et incididunt et tempor.');
+		await logedPage.page.getByTestId('save-button').click();
+
 		const payloadsFile = './tests/fuzz/open-redirect/payloads.txt';
 		const payloads = readFileSync(payloadsFile, 'utf8').split('\n');
-		console.log(payloads);
+
+		const href = await logedPage.page
+			.getByTestId('tablerow-edit-button')
+			.getAttribute('href')
+			.then((href) => href!.split('?')[0]);
+
+		const currentURL = logedPage.page.url();
+		const parsedURL = new URL(currentURL);
+		const hostname = parsedURL.hostname;
+
+		for (const payload of payloads) {
+			await logedPage.page.goto(`${href}?next=${payload}`);
+			await logedPage.page.getByTestId('cancel-button').click();
+			// Redirecting to next MUST not redirect to another domain
+			await expect(logedPage.page).toHaveURL(new RegExp(`^.*${hostname}.*$`));
+		}
 	});
 });