feat(processors): add js validation on POST /processors

Zooz · Oct 20, 2019 · e62f7d2 · e62f7d2
1 parent f7a41e6
commit e62f7d2
Show file tree

Hide file tree

Showing 5 changed files with 74 additions and 9 deletions.
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -44,6 +44,7 @@
     "copy-dir": "^0.3.0",
     "cron": "^1.7.1",
     "dockerode": "^2.5.8",
+    "esprima": "^4.0.1",
     "express": "^4.17.1",
     "express-ajv-swagger-validation": "^0.9.0",
     "express-easy-zip": "^1.1.4",

diff --git a/src/processors/models/processorsManager.js b/src/processors/models/processorsManager.js
@@ -11,9 +11,9 @@ module.exports.createProcessor = async function (processor) {
     let processorId = uuid.v4();
     try {
         if (processor.type === common.PROCESSOR_TYPE_FILE_DOWNLOAD) {
-            const file = await fileManager.downloadFile(processor.file_url);
-            processor.javascript = file;
+            processor.javascript = await fileManager.downloadFile(processor.file_url);
         }
+        fileManager.validateJavascriptContent(processor.javascript);
         await databaseConnector.insertProcessor(processorId, processor);
         logger.info('Processor saved successfully to database');
         return processor;

diff --git a/src/tests/models/fileManager.js b/src/tests/models/fileManager.js
@@ -1,13 +1,16 @@
 'use strict';
-const database = require('./database'),
-    uuid = require('uuid'),
+const uuid = require('uuid'),
     request = require('request-promise-native'),
+    esprima = require('esprima');
+
+const database = require('./database'),
     { ERROR_MESSAGES } = require('../../common/consts');
 
 module.exports = {
     createFileFromUrl,
     downloadFile,
-    getFile
+    getFile,
+    validateJavascriptContent
 };
 async function createFileFromUrl(testRawData) {
     if (testRawData['processor_file_url']) {
@@ -16,6 +19,7 @@ async function createFileFromUrl(testRawData) {
     }
     return undefined;
 }
+
 async function downloadFile(fileUrl) {
     const options = {
         url: fileUrl
@@ -24,7 +28,7 @@ async function downloadFile(fileUrl) {
         const response = await request.get(options);
         return response;
     } catch (err) {
-        const errMsg = 'Error to read file, throw exception: ' + err;
+        const errMsg = 'Error to download file: ' + err;
         const error = new Error(errMsg);
         error.statusCode = 422;
         throw error;
@@ -49,3 +53,30 @@ async function saveFile(fileUrl) {
     await database.saveFile(id, fileBase64Value);
     return id;
 }
+
+function validateJavascriptContent (javascriptFileContent) {
+    let error, errorMessage;
+    try {
+        const syntax = esprima.parseScript(javascriptFileContent, { tolerant: true });
+        const errors = syntax.errors;
+        if (errors.length > 0) {
+            let errorsString = '';
+            for (let i = 0; i < errors.length; i++) {
+                errorsString += errors[i].description + ', ';
+            }
+            errorsString = errorsString.substring(0, errorsString.length - 2);
+
+            errorMessage = 'js syntax validation failed with error: ' + errorsString;
+            error = new Error(errorMessage);
+            error.statusCode = 422;
+        }
+    } catch (err) {
+        errorMessage = err.description;
+        error = new Error(errorMessage);
+        error.statusCode = 422;
+    }
+
+    if (error) {
+        throw error;
+    }
+}
diff --git a/tests/integration-tests/processors/processors-test.js b/tests/integration-tests/processors/processors-test.js
@@ -104,5 +104,31 @@ describe('Processors api', function() {
             let createProcessorResponse = await requestSender.createProcessor(requestBody, validHeaders);
             createProcessorResponse.statusCode.should.eql(422);
         });
+
+        it('Create processor with type file_download and invalid js syntax', async () => {
+            nock('https://authentication.predator.dev').get('/?dl=1').reply(200,
+                `{ 
+                     const uuid = require('uuid/v4');
+                     module.exports = {
+                       createAuthToken
+                     };
+                     
+                     function createAuthToken(userContext, events, done) {
+                       userContext.vars.token = uuid();
+                       return done();
+                     }
+                     
+                     this is not valid javascript
+                 }`
+            );
+            const requestBody = {
+                name: 'authentication',
+                description: 'Creates authorization token and saves it in the context',
+                type: 'file_download',
+                file_url: 'https://authentication.predator.dev/?dl=1'
+            };
+            let createProcessorResponse = await requestSender.createProcessor(requestBody, validHeaders);
+            createProcessorResponse.statusCode.should.eql(422);
+        });
     });
 });