Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Draft --- E2E - Add csp tests #2261

Closed
wants to merge 7 commits into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension

Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
15 changes: 14 additions & 1 deletion cypress/e2e/selectors/selectors.cy.ts
Original file line number Diff line number Diff line change
@@ -1,7 +1,7 @@
export const TokenCatalogLocators = {
dropdownTokenIn: '[data-testid=swap-currency-input] [data-testid=token-symbol-container]',
dropdownTokenOut: '[data-testid=swap-currency-output] [data-testid=token-symbol-container]',
txtToken: '[data-testid=token-search-input]',
txtSearch: '[data-testid=search-input]',
lblFavoriteToken: '[data-testid=favorite-token]',
lblRowInWhiteList: '[data-testid=token-item]',
lblNotFound: '[data-testid=no-token-result]',
Expand Down Expand Up @@ -43,4 +43,17 @@ export const HeaderLocators = {
export const FarmLocators = {
lblApr: '[data-testid=apr-value]',
lblTvl: '[data-testid=tvl-value]',
txtSearch: '[data-testid=input-search]'
}

export const PoolLocators = {
txtSearch: '[data-testid=search-input]'
}

export const MyPoolLocators = {
txtSearch: '[data-testid=search-input]'
}

export const MyEarningLocators = {
txtSearch: '[data-testid=search-input]'
}
128 changes: 128 additions & 0 deletions cypress/e2e/specs/csp.e2e.cy.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,128 @@
import { SwapPage, TokenCatalog } from "../pages/swap-page.po.cy"
import { DEFAULT_URL, TAG } from "../selectors/constants.cy"
import { FarmLocators, MyPoolLocators, PoolLocators } from "../selectors/selectors.cy"

const tokenCatalog = new TokenCatalog()

describe('CSP', { tags: TAG.regression }, () => {
beforeEach(() => {
cy.on('window:load', (win) => cy.stub(win.console, 'log').as('log'))
SwapPage.open(DEFAULT_URL)
})

describe('Search token in Token Catalog', () => {
beforeEach(() => {
SwapPage.selectTokenIn()
})

it('injecting <script> tag does not work', () => {
tokenCatalog.searchToken('KNC<script>console.log(`failed`)</script>')
cy.get('@log').should('not.have.been.called')
})

it('injects XSS via img onerror attribute', () => {
tokenCatalog.searchToken('KNC<img src="" onerror="console.log(`failed`)" />')
cy.get('@log').should('not.have.been.called')
})

it('serves Content-Security-Policy header', () => {
cy.request('/')
.its('headers')
.should('have.property', 'content-security-policy')
// confirm parts of the CSP directive
.should('include', "frame-ancestors 'self'")
})
})

describe('Search token in Pools Page', () => {
beforeEach(() => {
SwapPage.goToPoolPage()
})
it('injecting <script> tag does not work', () => {
cy.get(PoolLocators.txtSearch, { timeout: 10000 })
.should('be.visible')
.click()
.type('KNC<script>console.log(`failed`)</script>')
cy.get('@log').should('not.have.been.called')
})

it('injects XSS via img onerror attribute', () => {
cy.get(PoolLocators.txtSearch, { timeout: 10000 })
.should('be.visible')
.click()
.type('KNC<img src="" onerror="console.log(`failed`)" />')
cy.get('@log').should('not.have.been.called')
})

it('serves Content-Security-Policy header', () => {
cy.request('/')
.its('headers')
.should('have.property', 'content-security-policy')
// confirm parts of the CSP directive
.should('include', "frame-ancestors 'self'")
})
})

describe('Search token in My Pools Page', () => {
beforeEach(() => {
SwapPage.goToMyPoolsPage()
})

it('injecting <script> tag does not work', () => {
cy.get(MyPoolLocators.txtSearch, { timeout: 10000 })
.should('be.visible')
.click()
.type('KNC<script>console.log(`failed`)</script>')
cy.get('@log').should('not.have.been.called')
})

it('injects XSS via img onerror attribute', () => {
cy.get(MyPoolLocators.txtSearch, { timeout: 10000 })
.should('be.visible')
.click()
.type('KNC<img src="" onerror="console.log(`failed`)" />')
cy.get('@log').should('not.have.been.called')
})

it('serves Content-Security-Policy header', () => {
cy.request('/')
.its('headers')
.should('have.property', 'content-security-policy')
// confirm parts of the CSP directive
.should('include', "frame-ancestors 'self'")
})

})

describe('Search token in Farms Page', () => {
beforeEach(() => {
SwapPage.goToFarmPage()
})

it('injecting <script> tag does not work', () => {
cy.get(FarmLocators.txtSearch, { timeout: 10000 })
.should('be.visible')
.click()
.type('KNC<script>console.log(`failed`)</script>')
cy.get('@log').should('not.have.been.called')
})

it('injects XSS via img onerror attribute', () => {
cy.get(FarmLocators.txtSearch, { timeout: 10000 })
.should('be.visible')
.click()
.type('KNC<img src="" onerror="console.log(`failed`)" />')
cy.get('@log').should('not.have.been.called')
})

it('serves Content-Security-Policy header', () => {
cy.request('/')
.its('headers')
.should('have.property', 'content-security-policy')
// confirm parts of the CSP directive
.should('include', "frame-ancestors 'self'")
})

})

})
4 changes: 0 additions & 4 deletions cypress/e2e/specs/intercept.e2e.cy.ts
Original file line number Diff line number Diff line change
Expand Up @@ -21,11 +21,9 @@ describe('Intercept', { tags: TAG.regression }, () => {
it('Should get pool, farm list successfully', () => {
cy.intercept('GET', '**/farm-pools?**').as('get-farm-list')
cy.intercept('GET', '**/pools?**').as('get-pool-list')
cy.intercept('GET', '**/block?**').as('get-block')
SwapPage.goToPoolPage()
cy.wait('@get-farm-list', { timeout: 5000 }).its('response.statusCode').should('equal', 200)
cy.wait('@get-pool-list', { timeout: 5000 }).its('response.statusCode').should('equal', 200)
cy.wait('@get-block', { timeout: 60000 }).its('response.statusCode').should('equal', 200)
})

it('Should be displayed APR and TVL values', () => {
Expand Down Expand Up @@ -56,7 +54,6 @@ describe('Intercept', { tags: TAG.regression }, () => {
it('Should get pool, farm list successfully', () => {
cy.intercept('GET', '**/farm-pools?**').as('get-farm-list')
cy.intercept('GET', '**/pools?**').as('get-pool-list')
cy.intercept('GET', '**/block?**').as('get-block')
SwapPage.goToFarmPage()
cy.get('[data-testid=farm-block]')
.should(_ => {})
Expand All @@ -65,7 +62,6 @@ describe('Intercept', { tags: TAG.regression }, () => {
cy.wait('@get-pool-list', { timeout: 5000 }).its('response.statusCode').should('equal', 200)
}
cy.wait('@get-farm-list', { timeout: 5000 }).its('response.statusCode').should('equal', 200)
cy.wait('@get-block', { timeout: 60000 }).its('response.statusCode').should('equal', 200)
})
})
})
Expand Down
4 changes: 2 additions & 2 deletions cypress/support/selectTokenCommands.ts
Original file line number Diff line number Diff line change
Expand Up @@ -39,7 +39,7 @@ Cypress.Commands.add('selectTokenOut', () => {
})

Cypress.Commands.add('searchToken', (value) => {
cy.get(TokenCatalogLocators.txtToken).should('be.visible').type(value)
cy.get(TokenCatalogLocators.txtSearch).should('be.visible').type(value)
})

Cypress.Commands.add('selectTokenBySymbol', (value) => {
Expand Down Expand Up @@ -74,7 +74,7 @@ Cypress.Commands.add('deleteImportedToken', (value: string) => {
cy.searchToken(value)
cy.wait(1000)
cy.get(TokenCatalogLocators.lblRowInWhiteList).children().find(TokenCatalogLocators.iconRemoveImportedToken).click()
cy.get(TokenCatalogLocators.txtToken).clear()
cy.get(TokenCatalogLocators.txtSearch).clear()

})

Expand Down
1 change: 1 addition & 0 deletions src/components/Search/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -73,6 +73,7 @@ const Search = ({ searchValue, onSearch, placeholder, minWidth, style }: SearchP
onChange={e => {
onSearch(e.target.value)
}}
data-testid="input-search"
/>
{searchValue && (
<ButtonEmpty onClick={() => onSearch('')} style={{ padding: '2px 4px', width: 'max-content' }}>
Expand Down
2 changes: 1 addition & 1 deletion src/components/SearchModal/CurrencySearch.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -438,7 +438,7 @@ export function CurrencySearch({
<SearchInput
type="text"
id="token-search-input"
data-testid="token-search-input"
data-testid="search-input"
placeholder={t`Search by token name, token symbol or address`}
value={searchQuery}
ref={inputRef}
Expand Down
1 change: 1 addition & 0 deletions src/pages/Farm/index.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -439,6 +439,7 @@ const Farm = () => {
maxLength={255}
value={search}
onChange={e => handleSearch(e.target.value)}
data-testid="input-search"
/>
<Search color={theme.subText} size={16} />
</SearchContainer>
Expand Down
Loading