Improve type safety and promise handling

oguzhalit · Jan 10, 2022 · ad770a9 · ad770a9
1 parent 83b8282
commit ad770a9
Show file tree

Hide file tree

Showing 23 changed files with 61 additions and 60 deletions.
diff --git a/.eslintrc.js b/.eslintrc.js
@@ -38,7 +38,8 @@ module.exports = {
  '@typescript-eslint/restrict-plus-operands': 'off', // 292
  '@typescript-eslint/strict-boolean-expressions': 'off', // 388
  '@typescript-eslint/restrict-template-expressions': 'off', // 466
- '@typescript-eslint/no-var-requires': 'off' // 502
+ '@typescript-eslint/no-var-requires': 'off', // 502
+ '@typescript-eslint/no-misused-promises': 'off' // 95
  }
  }
  ]

diff --git a/test/api/2faSpec.ts b/test/api/2faSpec.ts
@@ -16,7 +16,7 @@ const API_URL = 'http:https://localhost:3000/api'
 
 const jsonHeader = { 'content-type': 'application/json' }
 
-async function login ({ email, password, totpSecret }) {
+async function login ({ email, password, totpSecret }: { email: string, password: string, totpSecret?: string }) {
  const loginRes = await frisby
  .post(REST_URL + '/user/login', {
  email,
@@ -41,7 +41,7 @@ async function login ({ email, password, totpSecret }) {
  return loginRes.json.authentication
 }
 
-async function register ({ email, password, totpSecret }) {
+async function register ({ email, password, totpSecret }: { email: string, password: string, totpSecret?: string }) {
  const res = await frisby
  .post(API_URL + '/Users/', {
  email,
@@ -79,7 +79,7 @@ async function register ({ email, password, totpSecret }) {
  return res
 }
 
-function getStatus (token) {
+function getStatus (token: string) {
  return frisby.get(
  REST_URL + '/2fa/status',
  {

diff --git a/test/api/addressApiSpec.ts b/test/api/addressApiSpec.ts
@@ -9,8 +9,8 @@ const API_URL = 'http:https://localhost:3000/api'
 const REST_URL = 'http:https://localhost:3000/rest'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
-let addressId
+let authHeader: { Authorization: string, 'content-type': string }
+let addressId: string
 
 beforeAll(() => {
  return frisby.post(REST_URL + '/user/login', {

diff --git a/test/api/basketApiSpec.ts b/test/api/basketApiSpec.ts
@@ -10,7 +10,7 @@ const API_URL = 'http:https://localhost:3000/api'
 const REST_URL = 'http:https://localhost:3000/rest'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
+let authHeader: { Authorization: string, 'content-type': string }
 
 const validCoupon = security.generateCoupon(15)
 const outdatedCoupon = security.generateCoupon(20, new Date(2001, 0, 1))

diff --git a/test/api/basketItemApiSpec.ts b/test/api/basketItemApiSpec.ts
@@ -10,7 +10,7 @@ const API_URL = 'http:https://localhost:3000/api'
 const REST_URL = 'http:https://localhost:3000/rest'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
+let authHeader: { Authorization: string, 'content-type': string }
 
 beforeAll(() => {
  return frisby.post(REST_URL + '/user/login', {

diff --git a/test/api/chatBotSpec.ts b/test/api/chatBotSpec.ts
@@ -11,9 +11,9 @@ const utils = require('../../lib/utils')
 
 const REST_URL = 'http:https://localhost:3000/rest/'
 const API_URL = 'http:https://localhost:3000/api/'
-let trainingData
+let trainingData: { data: any[] }
 
-async function login ({ email, password, totpSecret }) {
+async function login ({ email, password }) {
  const loginRes = await frisby
  .post(REST_URL + '/user/login', {
  email,

diff --git a/test/api/deliveryApiSpec.ts b/test/api/deliveryApiSpec.ts
@@ -10,7 +10,7 @@ const API_URL = 'http:https://localhost:3000/api'
 const REST_URL = 'http:https://localhost:3000/rest'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
+let authHeader: { Authorization: string, 'content-type': string }
 
 describe('/api/Deliverys', () => {
  describe('for regular customer', () => {

diff --git a/test/api/deluxeApiSpec.ts b/test/api/deluxeApiSpec.ts
@@ -10,7 +10,7 @@ const jsonHeader = { 'content-type': 'application/json' }
 const REST_URL = 'http:https://localhost:3000/rest'
 const API_URL = 'http:https://localhost:3000/api'
 
-async function login ({ email, password, totpSecret }) {
+async function login ({ email, password }) {
  const loginRes = await frisby
  .post(`${REST_URL}/user/login`, {
  email,

diff --git a/test/api/fileServingSpec.ts b/test/api/fileServingSpec.ts
@@ -9,7 +9,7 @@ const utils = require('../../lib/utils')
 
 const URL = 'http:https://localhost:3000'
 
-let blueprint
+let blueprint: string
 
 for (const product of config.get('products')) {
  if (product.fileForRetrieveBlueprintChallenge) {

diff --git a/test/api/paymentApiSpec.ts b/test/api/paymentApiSpec.ts
@@ -9,8 +9,8 @@ const API_URL = 'http:https://localhost:3000/api'
 const REST_URL = 'http:https://localhost:3000/rest'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
-let cardId
+let authHeader: { Authorization: string, 'content-type': string }
+let cardId: number
 
 beforeAll(() => {
  return frisby.post(REST_URL + '/user/login', {

diff --git a/test/api/userProfileSpec.ts b/test/api/userProfileSpec.ts
@@ -9,7 +9,7 @@ const config = require('config')
 const URL = 'http:https://localhost:3000'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
+let authHeader: { Cookie: any }
 
 beforeAll(() => {
  return frisby.post(`${URL}/rest/user/login`, {

diff --git a/test/api/walletApiSpec.ts b/test/api/walletApiSpec.ts
@@ -8,7 +8,7 @@ import frisby = require('frisby')
 const REST_URL = 'http:https://localhost:3000/rest'
 
 const jsonHeader = { 'content-type': 'application/json' }
-let authHeader
+let authHeader: { Authorization: string, 'content-type': string }
 
 beforeAll(() => {
  return frisby.post(`${REST_URL}/user/login`, {

diff --git a/test/apiTestsSetup.ts b/test/apiTestsSetup.ts
@@ -6,7 +6,7 @@
 import server = require('./../server')
 
 // eslint-disable-next-line no-async-promise-executor,@typescript-eslint/no-misused-promises
-export = async () => await new Promise(async (resolve, reject) =>
+export = async () => await new Promise<void>(async (resolve, reject) =>
  await server.start(err => {
  if (err) {
  reject(err)

diff --git a/test/apiTestsTeardown.ts b/test/apiTestsTeardown.ts
@@ -6,5 +6,5 @@
 import server = require('./../server')
 
 module.exports = async () => {
- server.close()
+ server.close(undefined)
 }
diff --git a/test/e2e/changePasswordSpec.ts b/test/e2e/changePasswordSpec.ts
@@ -4,11 +4,11 @@
  */
 
 import config = require('config')
-import { $, browser, by, element } from 'protractor'
+import { $, browser, by, element, ElementFinder } from 'protractor'
 import { basePath, beforeEachLogin, expectChallengeSolved } from './e2eHelpers'
 
 describe('/#/privacy-security/change-password', () => {
- let currentPassword, newPassword, newPasswordRepeat, changeButton
+ let currentPassword: ElementFinder, newPassword: ElementFinder, newPasswordRepeat: ElementFinder, changeButton: ElementFinder
 
  describe('as Morty', () => {
  beforeEachLogin({ email: `morty@${config.get('application.domain')}`, password: 'focusOnScienceMorty!focusOnScience' })
@@ -22,10 +22,10 @@ describe('/#/privacy-security/change-password', () => {
  })
 
  it('should be able to change password', () => {
- currentPassword.sendKeys('focusOnScienceMorty!focusOnScience')
- newPassword.sendKeys('GonorrheaCantSeeUs!')
- newPasswordRepeat.sendKeys('GonorrheaCantSeeUs!')
- changeButton.click()
+ void currentPassword.sendKeys('focusOnScienceMorty!focusOnScience')
+ void newPassword.sendKeys('GonorrheaCantSeeUs!')
+ void newPasswordRepeat.sendKeys('GonorrheaCantSeeUs!')
+ void changeButton.click()
 
  expect($('.confirmation').getAttribute('hidden')).not.toBeTruthy()
  })

diff --git a/test/e2e/chatbotSpec.ts b/test/e2e/chatbotSpec.ts
@@ -39,7 +39,7 @@ describe('/chatbot', () => {
  describe('challenge "bullyChatbot"', () => {
  it('should be possible to make the chatbot hand out a coupon code', () => {
  const trainingData = require(`../../data/chatbot/${utils.extractFilename(config.get('application.chatBot.trainingData'))}`)
- const couponIntent = trainingData.data.filter(data => data.intent === 'queries.couponCode')[0]
+ const couponIntent = trainingData.data.filter((data: { intent: string }) => data.intent === 'queries.couponCode')[0]
 
  void browser.waitForAngularEnabled(false)
  void browser.get(`${basePath}/profile`)

diff --git a/test/e2e/complainSpec.ts b/test/e2e/complainSpec.ts
@@ -4,14 +4,14 @@
  */
 
 import path = require('path')
-import { browser, by, element, protractor } from 'protractor'
+import { browser, by, element, ElementFinder, protractor } from 'protractor'
 import { basePath, beforeEachLogin, expectChallengeSolved } from './e2eHelpers'
 
 const config = require('config')
 const utils = require('../../lib/utils')
 
 describe('/#/complain', () => {
- let file, complaintMessage, submitButton
+ let file: ElementFinder, complaintMessage: ElementFinder, submitButton: ElementFinder
 
  beforeEachLogin({ email: `admin@${config.get('application.domain')}`, password: 'admin123' })
 
@@ -25,7 +25,7 @@ describe('/#/complain', () => {
  describe('challenge "uploadSize"', () => {
  it('should be possible to upload files greater 100 KB directly through backend', () => {
  void browser.waitForAngularEnabled(false)
- void browser.executeScript(baseUrl => {
+ void browser.executeScript((baseUrl: string) => {
  const over100KB = Array.apply(null, new Array(11000)).map(String.prototype.valueOf, '1234567890')
  const blob = new Blob(over100KB, { type: 'application/pdf' })
 
@@ -45,7 +45,7 @@ describe('/#/complain', () => {
  describe('challenge "uploadType"', () => {
  it('should be possible to upload files with other extension than .pdf directly through backend', () => {
  void browser.waitForAngularEnabled(false)
- void browser.executeScript(baseUrl => {
+ void browser.executeScript((baseUrl: string) => {
  const data = new FormData()
  const blob = new Blob(['test'], { type: 'application/x-msdownload' })
  data.append('file', blob, 'invalidTypeForClient.exe')
@@ -62,25 +62,25 @@ describe('/#/complain', () => {
 
  describe('challenge "deprecatedInterface"', () => {
  it('should be possible to upload XML files', () => {
- complaintMessage.sendKeys('XML all the way!')
- file.sendKeys(path.resolve('test/files/deprecatedTypeForServer.xml'))
- submitButton.click()
+ void complaintMessage.sendKeys('XML all the way!')
+ void file.sendKeys(path.resolve('test/files/deprecatedTypeForServer.xml'))
+ void submitButton.click()
  })
  expectChallengeSolved({ challenge: 'Deprecated Interface' })
  })
 
  if (!utils.disableOnContainerEnv()) {
  describe('challenge "xxeFileDisclosure"', () => {
  it('should be possible to retrieve file from Windows server via .xml upload with XXE attack', () => {
- complaintMessage.sendKeys('XXE File Exfiltration Windows!')
- file.sendKeys(path.resolve('test/files/xxeForWindows.xml'))
- submitButton.click()
+ void complaintMessage.sendKeys('XXE File Exfiltration Windows!')
+ void file.sendKeys(path.resolve('test/files/xxeForWindows.xml'))
+ void submitButton.click()
  })
 
  it('should be possible to retrieve file from Linux server via .xml upload with XXE attack', () => {
- complaintMessage.sendKeys('XXE File Exfiltration Linux!')
- file.sendKeys(path.resolve('test/files/xxeForLinux.xml'))
- submitButton.click()
+ void complaintMessage.sendKeys('XXE File Exfiltration Linux!')
+ void file.sendKeys(path.resolve('test/files/xxeForLinux.xml'))
+ void submitButton.click()
  })
 
  afterAll(() => {
@@ -90,15 +90,15 @@ describe('/#/complain', () => {
 
  describe('challenge "xxeDos"', () => {
  it('should be possible to trigger request timeout via .xml upload with Quadratic Blowup attack', () => {
- complaintMessage.sendKeys('XXE Quadratic Blowup!')
- file.sendKeys(path.resolve('test/files/xxeQuadraticBlowup.xml'))
- submitButton.click()
+ void complaintMessage.sendKeys('XXE Quadratic Blowup!')
+ void file.sendKeys(path.resolve('test/files/xxeQuadraticBlowup.xml'))
+ void submitButton.click()
  })
 
  it('should be possible to trigger request timeout via .xml upload with dev/random attack', () => {
- complaintMessage.sendKeys('XXE Quadratic Blowup!')
- file.sendKeys(path.resolve('test/files/xxeDevRandom.xml'))
- submitButton.click()
+ void complaintMessage.sendKeys('XXE Quadratic Blowup!')
+ void file.sendKeys(path.resolve('test/files/xxeDevRandom.xml'))
+ void submitButton.click()
  })
 
  afterAll(() => {
@@ -108,19 +108,19 @@ describe('/#/complain', () => {
 
  describe('challenge "arbitraryFileWrite"', () => {
  it('should be possible to upload zip file with filenames having path traversal', () => {
- complaintMessage.sendKeys('Zip Slip!')
- file.sendKeys(path.resolve('test/files/arbitraryFileWrite.zip'))
- submitButton.click()
+ void complaintMessage.sendKeys('Zip Slip!')
+ void file.sendKeys(path.resolve('test/files/arbitraryFileWrite.zip'))
+ void submitButton.click()
  })
  expectChallengeSolved({ challenge: 'Arbitrary File Write' })
  })
 
  describe('challenge "videoXssChallenge"', () => {
  it('should be possible to inject js in subtitles by uploading zip file with filenames having path traversal', () => {
  const EC = protractor.ExpectedConditions
- complaintMessage.sendKeys('Here we go!')
- file.sendKeys(path.resolve('test/files/videoExploit.zip'))
- submitButton.click()
+ void complaintMessage.sendKeys('Here we go!')
+ void file.sendKeys(path.resolve('test/files/videoExploit.zip'))
+ void submitButton.click()
  void browser.waitForAngularEnabled(false)
  void browser.get(`${basePath}/promotion`)
  void browser.wait(EC.alertIsPresent(), 5000, "'xss' alert is not present on /promotion")

diff --git a/test/e2e/dataErasureSpec.ts b/test/e2e/dataErasureSpec.ts
@@ -14,7 +14,7 @@ describe('/dataerasure', () => {
  describe('challenge "lfr"', () => {
  it('should be possible to perform local file read attack using the browser', () => {
  void browser.waitForAngularEnabled(false)
- void browser.executeScript(baseUrl => {
+ void browser.executeScript((baseUrl: string) => {
  const xhttp = new XMLHttpRequest()
  xhttp.onreadystatechange = function () {
  if (this.status === 200) {

diff --git a/test/e2e/noSqlSpec.ts b/test/e2e/noSqlSpec.ts
@@ -86,7 +86,7 @@ describe('/rest/products/reviews', () => {
  xhttp.setRequestHeader('Content-type', 'text/plain')
  xhttp.send()
 
- function editReview (reviewId) {
+ function editReview (reviewId: string) {
  const xhttp = new XMLHttpRequest()
  xhttp.onreadystatechange = function () {
  if (this.status === 200) {

diff --git a/test/e2e/profileSpec.ts b/test/e2e/profileSpec.ts
@@ -96,7 +96,7 @@ describe('/profile', () => {
 
  xit('should be possible to fake a CSRF attack against the user profile page', () => {
  void browser.waitForAngularEnabled(false)
- void browser.executeScript(baseUrl => {
+ void browser.executeScript((baseUrl: string) => {
  const xhttp = new XMLHttpRequest()
  xhttp.onreadystatechange = function () {
  if (this.status === 200) {

diff --git a/test/e2e/registerSpec.ts b/test/e2e/registerSpec.ts
@@ -48,7 +48,7 @@ describe('/#/register', () => {
  expect(alert.getText()).toEqual(Promise.resolve('xss'))
  void alert.accept()
  // Disarm XSS payload so subsequent tests do not run into unexpected alert boxes
- models.User.findOne({ where: { email: '<iframe src="javascript:alert(`xss`)">' } }).then(user => {
+ models.User.findOne({ where: { email: '<iframe src="javascript:alert(`xss`)">' } }).then((user: any) => {
  user.update({ email: '&lt;iframe src="javascript:alert(`xss`)"&gt;' }).catch(error => {
  console.log(error)
  fail()

diff --git a/test/e2e/restApiSpec.ts b/test/e2e/restApiSpec.ts
@@ -43,7 +43,7 @@ describe('/api', () => {
  expect(alert.getText()).toEqual(Promise.resolve('xss'))
  void alert.accept()
  // Disarm XSS payload so subsequent tests do not run into unexpected alert boxes
- models.Product.findOne({ where: { name: 'RestXSS' } }).then(product => {
+ models.Product.findOne({ where: { name: 'RestXSS' } }).then((product: any) => {
  product.update({ description: '&lt;iframe src="javascript:alert(`xss`)"&gt;' }).catch(error => {
  console.log(error)
  fail()
@@ -74,7 +74,7 @@ describe('/api', () => {
  it('should be possible to change product via PUT request without being logged in', () => {
  void browser.waitForAngularEnabled(false)
 
- void browser.executeScript((baseUrl, tamperingProductId, overwriteUrl) => {
+ void browser.executeScript((baseUrl: string, tamperingProductId: number, overwriteUrl: string) => {
  const xhttp = new XMLHttpRequest()
  xhttp.onreadystatechange = function () {
  if (this.status === 200) {
@@ -104,7 +104,7 @@ describe('/rest/saveLoginIp', () => {
 
  it('should be possible to save log-in IP when logged in', () => {
  void browser.waitForAngularEnabled(false)
- void browser.executeScript(baseUrl => {
+ void browser.executeScript((baseUrl: string) => {
  const xhttp = new XMLHttpRequest()
  xhttp.onreadystatechange = function () {
  if (this.status === 200) {

diff --git a/test/e2e/searchSpec.ts b/test/e2e/searchSpec.ts
@@ -87,8 +87,8 @@ describe('/rest/products/search', () => {
 
  it('should be able to place Christmas product into shopping card by id', () => {
  void browser.waitForAngularEnabled(false)
- models.sequelize.query('SELECT * FROM PRODUCTS').then(([products]) => {
- const christmasProductId = products.filter(product => product.name === christmasProduct.name)[0].id
+ models.sequelize.query('SELECT * FROM PRODUCTS').then(([products]: [any]) => {
+ const christmasProductId = products.filter((product: any) => product.name === christmasProduct.name)[0].id
  browser.executeScript(`var xhttp = new XMLHttpRequest(); xhttp.onreadystatechange = function () { if (this.status === 201) { console.log("Success") } } ; xhttp.open("POST", "${browser.baseUrl}/api/BasketItems/", true); xhttp.setRequestHeader("Content-type", "application/json"); xhttp.setRequestHeader("Authorization", \`Bearer $\{localStorage.getItem("token")}\`); xhttp.send(JSON.stringify({"BasketId": \`$\{sessionStorage.getItem("bid")}\`, "ProductId":${christmasProductId}, "quantity": 1}))`) // eslint-disable-line
  })
  void browser.driver.sleep(1000)