flip/DefinitelyTyped
1
0
Fork 0
mirror of https://github.com/FlipsideCrypto/DefinitelyTyped.git synced 2026-02-06 10:56:53 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity
master
DefinitelyTyped/types/helmet/helmet-tests.ts

305 lines
8.9 KiB
TypeScript
Raw Permalink Blame History

import express = require("express")
import helmet = require("helmet");
var app = express();
/**
* @summary Test for {@see helmet}.
*/
function helmetTest() {
app.use(helmet());
app.use(helmet({}));
app.use(helmet({ frameguard: false }));
app.use(helmet({ frameguard: true }));
app.use(helmet({
frameguard: {
action: 'deny'
}
}));
app.use(helmet({
featurePolicy: {
features: {
fullscreen: ["'self'"],
vibrate: ["'none'"],
payment: ['example.com'],
syncXhr: ["'none'"]
}
}
}))
}
/**
* @summary Test for {@see helmet#contentSecurityPolicy} function.
*/
function contentSecurityPolicyTest() {
const emptyArray: string[] = [];
const camelCasedConfig: helmet.IHelmetContentSecurityPolicyConfiguration = {
directives: {
baseUri: ['base.example.com'],
blockAllMixedContent: true,
childSrc: ['child.example.com'],
connectSrc: ['connect.example.com'],
defaultSrc: ['*'],
fontSrc: ['font.example.com'],
formAction: ['formaction.example.com'],
frameAncestors: ["'none'"],
frameSrc: emptyArray,
imgSrc: ['images.example.com'],
mediaSrc: ['media.example.com'],
manifestSrc: ['manifest.example.com'],
objectSrc: ['objects.example.com'],
pluginTypes: emptyArray,
prefetchSrc: ['prefetch.example.com'],
reportUri: '/some-url',
reportTo: 'report.example.com',
requireSriFor: emptyArray,
sandbox: ['allow-presentation'],
scriptSrc: ['scripts.example.com', function (req: express.Request, res: express.Response) {
return "'nonce-abc123'";
}],
styleSrc: ['css.example.com'],
upgradeInsecureRequests: true,
workerSrc: ['worker.example.com']
},
reportOnly: false,
setAllHeaders: false,
disableAndroid: false
};
const kebabCasedConfig: helmet.IHelmetContentSecurityPolicyConfiguration = {
directives: {
"base-uri": camelCasedConfig.directives.baseUri,
"block-all-mixed-content": camelCasedConfig.directives.blockAllMixedContent,
"child-src": camelCasedConfig.directives.childSrc,
"connect-src": camelCasedConfig.directives.connectSrc,
"default-src": camelCasedConfig.directives.defaultSrc,
"font-src": camelCasedConfig.directives.fontSrc,
"form-action": camelCasedConfig.directives.formAction,
"frame-ancestors": camelCasedConfig.directives.frameAncestors,
"frame-src": camelCasedConfig.directives.frameSrc,
"img-src": camelCasedConfig.directives.imgSrc,
"media-src": camelCasedConfig.directives.mediaSrc,
"manifest-src": camelCasedConfig.directives.manifestSrc,
"object-src": camelCasedConfig.directives.objectSrc,
"plugin-types": camelCasedConfig.directives.pluginTypes,
"prefetch-src": camelCasedConfig.directives.prefetchSrc,
"report-uri": camelCasedConfig.directives.reportUri,
"report-to": camelCasedConfig.directives.reportTo,
"require-sri-for": camelCasedConfig.directives.requireSriFor,
sandbox: camelCasedConfig.directives.sandbox, // quoting sandbox results in an unnecessary quoting error
"script-src": camelCasedConfig.directives.scriptSrc,
"style-src": camelCasedConfig.directives.styleSrc,
"upgrade-insecure-requests": camelCasedConfig.directives.upgradeInsecureRequests,
"worker-src": camelCasedConfig.directives.workerSrc
},
reportOnly: camelCasedConfig.reportOnly,
setAllHeaders: camelCasedConfig.setAllHeaders,
disableAndroid: camelCasedConfig.disableAndroid
};
function reportUriCb(req: express.Request, res: express.Response) { return '/some-uri'; }
function reportOnlyCb(req: express.Request, res: express.Response) { return false; }
app.use(helmet.contentSecurityPolicy({})); // $ExpectError
app.use(helmet.contentSecurityPolicy({ directives: {
imgSrc: ['self']
} }));
app.use(helmet.contentSecurityPolicy(camelCasedConfig));
app.use(helmet.contentSecurityPolicy(kebabCasedConfig));
app.use(helmet.contentSecurityPolicy({
directives: {
defaultSrc: ["'self'"],
reportUri: reportUriCb,
'report-uri': reportUriCb,
reportTo: reportUriCb,
'report-to': reportUriCb
},
reportOnly: reportOnlyCb,
loose: false,
setAllHeaders: true
}));
}
/**
* @summary Test for {@see helmet#dnsPrefetchControl} function.
*/
function dnsPrefetchControlTest() {
app.use(helmet.dnsPrefetchControl());
app.use(helmet.dnsPrefetchControl({ allow: false }));
app.use(helmet.dnsPrefetchControl({ allow: true }));
}
/**
* @summary Test for {@see helmet#frameguard} function.
*/
function frameguardTest() {
app.use(helmet.frameguard());
app.use(helmet.frameguard({}));
app.use(helmet.frameguard({ action: 'deny' }));
app.use(helmet.frameguard({ action: 'sameorigin' }));
app.use(helmet.frameguard({
action: 'allow-from',
domain: 'http://example.com'
}));
}
/**
* @summary Test for {@see helmet#hidePoweredBy} function.
*/
function hidePoweredBy() {
app.use(helmet.hidePoweredBy());
app.use(helmet.hidePoweredBy({}));
app.use(helmet.hidePoweredBy({ setTo: 'PHP 4.2.0' }));
}
/**
* @summary Test for {@see helmet#hpkp} function.
*/
function hpkpTest() {
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
}));
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
includeSubDomains: false
}));
// Deprecated: Use includeSubDomains instead. (Uppercase "D")
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
includeSubdomains: false
}));
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
includeSubDomains: true
}));
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
reportUri: 'http://example.com'
}));
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
reportOnly: true
}));
app.use(helmet.hpkp({
maxAge: 7776000000,
sha256s: ['AbCdEf123=', 'ZyXwVu456='],
setIf: function (req, res) { return true; }
}));
}
/**
* @summary Test for {@see helmet#hsts} function.
*/
function hstsTest() {
app.use(helmet.hsts());
app.use(helmet.hsts({ maxAge: 7776000000 }));
app.use(helmet.hsts({
maxAge: 7776000000,
}));
app.use(helmet.hsts({
maxAge: 7776000000,
includeSubDomains: true
}));
// Deprecated: Use includeSubDomains instead. (Uppercase "D")
app.use(helmet.hsts({
maxAge: 7776000000,
includeSubdomains: true
}));
app.use(helmet.hsts({
maxAge: 7776000000,
preload: true
}));
app.use(helmet.hsts({
maxAge: 7776000000,
force: true
}));
app.use(helmet.hsts({
maxAge: 7776000000,
setIf: function (req, res) { return true; }
}));
}
/**
* @summary Test for {@see helmet#ieNoOpen} function.
*/
function ieNoOpenTest() {
app.use(helmet.ieNoOpen());
}
/**
* @summary Test for {@see helmet#noCache} function.
*/
function noCacheTest() {
app.use(helmet.noCache());
app.use(helmet.noCache({}));
app.use(helmet.noCache({ noEtag: true }));
}
/**
* @summary Test for {@see helmet#noSniff} function.
*/
function noSniffTest() {
app.use(helmet.noSniff());
}
/**
* @summary Test for {@see helmet#referrerPolicy} function.
*/
function referrerPolicyTest() {
app.use(helmet.referrerPolicy({ policy: 'same-origin' }));
app.use(helmet.referrerPolicy({ policy: ['no-referrer', 'origin', 'strict-origin', 'strict-origin-when-cross-origin'] }));
}
/**
* @summary Test for {@see helmet#xssFilter} function.
*/
function xssFilterTest() {
app.use(helmet.xssFilter());
app.use(helmet.xssFilter({}));
app.use(helmet.xssFilter({ setOnOldIE: false }));
app.use(helmet.xssFilter({ setOnOldIE: true }));
}
/**
* @summary Test for {@see helmet#permittedCrossDomainPolicies} function.
*/
function permittedCrossDomainPoliciesTest() {
app.use(helmet.permittedCrossDomainPolicies());
app.use(helmet.permittedCrossDomainPolicies({}));
app.use(helmet.permittedCrossDomainPolicies({ permittedPolicies: 'none' }));
}
/**
* @summary Test for {@see helmet#featurePolicy} function.
*/
function featurePolicyTest() {
app.use(helmet.featurePolicy({
features: {
fullscreen: ["'self'"],
vibrate: ["'none'"],
payment: ['example.com'],
syncXhr: ["'none'"]
}
}));
}
Reference in New Issue View Git Blame Copy Permalink