forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
product.js
37 lines (33 loc) · 1 KB
/
product.js
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
/* jslint node: true */
'use strict'
var utils = require('../lib/utils')
var challenges = require('../data/datacache').challenges
module.exports = function (sequelize, DataTypes) {
var Product = sequelize.define('Product', {
name: DataTypes.STRING,
description: DataTypes.STRING,
price: DataTypes.DECIMAL,
image: DataTypes.STRING
}, {
paranoid: true,
classMethods: {
associate: function (models) {
Product.hasMany(models.Basket, {through: models.BasketItem})
}},
hooks: {
beforeCreate: function (product, fn) {
xssChallengeProductHook(product)
fn(null, product)
},
beforeUpdate: function (product, fn) {
xssChallengeProductHook(product)
fn(null, product)
}
}})
return Product
}
function xssChallengeProductHook (product) {
if (utils.notSolved(challenges.restfulXssChallenge) && utils.contains(product.description, '<script>alert("XSS4")</script>')) {
utils.solve(challenges.restfulXssChallenge)
}
}