From e52c9e4ab92140ee9c113cf9fa3f5af3f2470050 Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 16:34:49 -0400 Subject: [PATCH 1/7] moved details tests out to separate file --- test/unit/run.js | 1 + test/unit/sanitiser/_details.js | 55 +++++++++++++++++++++++++++++++++ test/unit/sanitiser/search.js | 41 +----------------------- 3 files changed, 57 insertions(+), 40 deletions(-) create mode 100644 test/unit/sanitiser/_details.js diff --git a/test/unit/run.js b/test/unit/run.js index 2ca9be3e..6b8611d0 100644 --- a/test/unit/run.js +++ b/test/unit/run.js @@ -8,6 +8,7 @@ var tests = [ require('./controller/search'), require('./service/mget'), require('./service/search'), + require('./sanitiser/_details'), require('./sanitiser/_source'), require('./sanitiser/search'), require('./sanitiser/reverse'), diff --git a/test/unit/sanitiser/_details.js b/test/unit/sanitiser/_details.js new file mode 100644 index 00000000..a3379918 --- /dev/null +++ b/test/unit/sanitiser/_details.js @@ -0,0 +1,55 @@ +var search = require('../../../sanitiser/search'), + _sanitize = search.sanitize, + sanitize = function(query, cb) { _sanitize({'query':query}, cb); }; + +module.exports.tests = {}; + +module.exports.tests.sanitize_details = function(test, common) { + var invalid_values = [null, -1, 123, NaN, 'abc']; + invalid_values.forEach(function(details) { + test('invalid details param ' + details, function(t) { + sanitize({ text: 'test', lat: 0, lon: 0, details: details }, function( err, clean ){ + t.equal(clean.details, false, 'default details set (to false)'); + t.end(); + }); + }); + }); + + var valid_values = ['true', true, 1, '1', 'yes', 'y']; + valid_values.forEach(function(details) { + test('valid details param ' + details, function(t) { + sanitize({ text: 'test', details: details }, function( err, clean ){ + t.equal(clean.details, true, 'details set to true'); + t.end(); + }); + }); + }); + + var valid_false_values = ['false', false, 0, '0', 'no', 'n']; + valid_false_values.forEach(function(details) { + test('test setting false explicitly ' + details, function(t) { + sanitize({ text: 'test', details: details }, function( err, clean ){ + t.equal(clean.details, false, 'details set to false'); + t.end(); + }); + }); + }); + + test('test default behavior', function(t) { + sanitize({ text: 'test' }, function( err, clean ){ + t.equal(clean.details, true, 'details set to true'); + t.end(); + }); + }); +}; + +module.exports.all = function (tape, common) { + + function test(name, testFunction) { + return tape('SANTIZE _details ' + name, testFunction); + } + + for( var testCase in module.exports.tests ){ + module.exports.tests[testCase](test, common); + } +}; diff --git a/test/unit/sanitiser/search.js b/test/unit/sanitiser/search.js index 8969fab6..9cba990c 100644 --- a/test/unit/sanitiser/search.js +++ b/test/unit/sanitiser/search.js @@ -70,7 +70,7 @@ module.exports.tests.sanitise_valid_text = function(test, common) { module.exports.tests.sanitize_text_with_delim = function(test, common) { var texts = [ 'a,bcd', '123 main st, admin1', ',,,', ' ' ]; - test('valid texts with a comma', function(t) { + test('valid texts with a comma', function(t) { texts.forEach( function( text ){ sanitize({ text: text }, function( err, clean ){ var expected = JSON.parse(JSON.stringify( defaultClean )); @@ -234,45 +234,6 @@ module.exports.tests.sanitize_size = function(test, common) { }); }; -module.exports.tests.sanitize_details = function(test, common) { - var invalid_values = [null, -1, 123, NaN, 'abc']; - invalid_values.forEach(function(details) { - test('invalid details param ' + details, function(t) { - sanitize({ text: 'test', lat: 0, lon: 0, details: details }, function( err, clean ){ - t.equal(clean.details, false, 'default details set (to false)'); - t.end(); - }); - }); - }); - - var valid_values = ['true', true, 1, '1', 'yes', 'y']; - valid_values.forEach(function(details) { - test('valid details param ' + details, function(t) { - sanitize({ text: 'test', details: details }, function( err, clean ){ - t.equal(clean.details, true, 'details set to true'); - t.end(); - }); - }); - }); - - var valid_false_values = ['false', false, 0, '0', 'no', 'n']; - valid_false_values.forEach(function(details) { - test('test setting false explicitly ' + details, function(t) { - sanitize({ text: 'test', details: details }, function( err, clean ){ - t.equal(clean.details, false, 'details set to false'); - t.end(); - }); - }); - }); - - test('test default behavior', function(t) { - sanitize({ text: 'test' }, function( err, clean ){ - t.equal(clean.details, true, 'details set to true'); - t.end(); - }); - }); -}; - module.exports.tests.sanitize_layers = function(test, common) { test('unspecified', function(t) { sanitize({ layers: undefined, text: 'test' }, function( err, clean ){ From d2dc26f69f2bb5b82d57b397537685d3d6d9ff9b Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 17:02:48 -0400 Subject: [PATCH 2/7] whitespace --- sanitiser/_details.js | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/sanitiser/_details.js b/sanitiser/_details.js index 6dc2b119..3a1e734a 100644 --- a/sanitiser/_details.js +++ b/sanitiser/_details.js @@ -2,14 +2,14 @@ var isObject = require('is-object'); // validate inputs, convert types and apply defaults function sanitize( req, default_value ){ - + var clean = req.clean || {}; var params= req.query; if (default_value === undefined) { default_value = true; } - + default_value = !!default_value; // ensure the input params are a valid object @@ -24,7 +24,7 @@ function sanitize( req, default_value ){ } req.clean = clean; - + return {'error':false}; } From 2f5a5b197206048de62db7278729faf3d600192e Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 17:03:24 -0400 Subject: [PATCH 3/7] refactored _details tests to only _details sanitizer --- test/unit/sanitiser/_details.js | 48 ++++++++++++++++----------------- 1 file changed, 23 insertions(+), 25 deletions(-) diff --git a/test/unit/sanitiser/_details.js b/test/unit/sanitiser/_details.js index a3379918..26dc444d 100644 --- a/test/unit/sanitiser/_details.js +++ b/test/unit/sanitiser/_details.js @@ -1,45 +1,43 @@ -var search = require('../../../sanitiser/search'), - _sanitize = search.sanitize, - sanitize = function(query, cb) { _sanitize({'query':query}, cb); }; +var sanitize = require('../../../sanitiser/_details'); module.exports.tests = {}; module.exports.tests.sanitize_details = function(test, common) { var invalid_values = [null, -1, 123, NaN, 'abc']; - invalid_values.forEach(function(details) { - test('invalid details param ' + details, function(t) { - sanitize({ text: 'test', lat: 0, lon: 0, details: details }, function( err, clean ){ - t.equal(clean.details, false, 'default details set (to false)'); - t.end(); - }); + invalid_values.forEach(function(detailsValue) { + test('invalid details param ' + detailsValue, function(t) { + var req = {query: { details: detailsValue }}; + sanitize(req); + t.equal(req.clean.details, false, 'default details set (to false)'); + t.end(); }); }); var valid_values = ['true', true, 1, '1', 'yes', 'y']; - valid_values.forEach(function(details) { - test('valid details param ' + details, function(t) { - sanitize({ text: 'test', details: details }, function( err, clean ){ - t.equal(clean.details, true, 'details set to true'); - t.end(); - }); + valid_values.forEach(function(detailsValue) { + test('valid details param ' + detailsValue, function(t) { + var req = {query: { details: detailsValue }}; + sanitize(req); + t.equal(req.clean.details, true, 'details set to true'); + t.end(); }); }); var valid_false_values = ['false', false, 0, '0', 'no', 'n']; - valid_false_values.forEach(function(details) { - test('test setting false explicitly ' + details, function(t) { - sanitize({ text: 'test', details: details }, function( err, clean ){ - t.equal(clean.details, false, 'details set to false'); - t.end(); - }); + valid_false_values.forEach(function(detailsValue) { + test('test setting false explicitly ' + detailsValue, function(t) { + var req = {query: { details: detailsValue }}; + sanitize(req); + t.equal(req.clean.details, false, 'details set to false'); + t.end(); }); }); test('test default behavior', function(t) { - sanitize({ text: 'test' }, function( err, clean ){ - t.equal(clean.details, true, 'details set to true'); - t.end(); - }); + var req = {query: {}}; + sanitize(req); + t.equal(req.clean.details, true, 'details set to true'); + t.end(); }); }; From 728fa8ac46ccd01c9702d22c7cb686e6f4601cfc Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 17:06:20 -0400 Subject: [PATCH 4/7] refactored _details sanitizer removed redundant variable swapped conditionals for readability --- sanitiser/_details.js | 10 ++++------ 1 file changed, 4 insertions(+), 6 deletions(-) diff --git a/sanitiser/_details.js b/sanitiser/_details.js index 3a1e734a..8bd56ecb 100644 --- a/sanitiser/_details.js +++ b/sanitiser/_details.js @@ -3,7 +3,7 @@ var isObject = require('is-object'); // validate inputs, convert types and apply defaults function sanitize( req, default_value ){ - var clean = req.clean || {}; + req.clean = req.clean || {}; var params= req.query; if (default_value === undefined) { @@ -17,14 +17,12 @@ function sanitize( req, default_value ){ params = {}; } - if (params.details !== undefined) { - clean.details = isTruthy(params.details); + if (params.details === undefined) { + req.clean.details = default_value; } else { - clean.details = default_value; + req.clean.details = isTruthy(params.details); } - req.clean = clean; - return {'error':false}; } From 55e31af23812be4ae1b3eb513e15b88cdfa148cb Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 17:21:10 -0400 Subject: [PATCH 5/7] extract truthy sanitizer to own file --- sanitiser/_details.js | 10 +--------- sanitiser/_truthy.js | 9 +++++++++ test/unit/run.js | 1 + test/unit/sanitiser/_truthy.js | 31 +++++++++++++++++++++++++++++++ 4 files changed, 42 insertions(+), 9 deletions(-) create mode 100644 sanitiser/_truthy.js create mode 100644 test/unit/sanitiser/_truthy.js diff --git a/sanitiser/_details.js b/sanitiser/_details.js index 8bd56ecb..b1ef9471 100644 --- a/sanitiser/_details.js +++ b/sanitiser/_details.js @@ -1,4 +1,5 @@ var isObject = require('is-object'); +var isTruthy = require('./_truthy'); // validate inputs, convert types and apply defaults function sanitize( req, default_value ){ @@ -27,13 +28,4 @@ function sanitize( req, default_value ){ } -function isTruthy(val) { - if (typeof val === 'string') { - return ['true', '1', 'yes', 'y'].indexOf(val) !== -1; - } - - return val === 1 || val === true; -} - -// export function module.exports = sanitize; diff --git a/sanitiser/_truthy.js b/sanitiser/_truthy.js new file mode 100644 index 00000000..c5d08f05 --- /dev/null +++ b/sanitiser/_truthy.js @@ -0,0 +1,9 @@ +function isTruthy(val) { + if (typeof val === 'string') { + return ['true', '1', 'yes', 'y'].indexOf(val) !== -1; + } + + return val === 1 || val === true; +} + +module.exports = isTruthy; diff --git a/test/unit/run.js b/test/unit/run.js index 6b8611d0..03960674 100644 --- a/test/unit/run.js +++ b/test/unit/run.js @@ -10,6 +10,7 @@ var tests = [ require('./service/search'), require('./sanitiser/_details'), require('./sanitiser/_source'), + require('./sanitiser/_truthy'), require('./sanitiser/search'), require('./sanitiser/reverse'), require('./sanitiser/place'), diff --git a/test/unit/sanitiser/_truthy.js b/test/unit/sanitiser/_truthy.js new file mode 100644 index 00000000..ea43dda1 --- /dev/null +++ b/test/unit/sanitiser/_truthy.js @@ -0,0 +1,31 @@ +var isTruthy = require('../../../sanitiser/_truthy'); + +module.exports.tests = {}; + +module.exports.tests.sanitize_truthy = function(test, common) { + var valid_values = ['true', true, 1, '1', 'yes', 'y']; + valid_values.forEach(function(value) { + test('truthy value ' + value, function(t) { + t.equal(isTruthy(value), true, 'returns true'); + t.end(); + }); + }); + + var valid_false_values = ['false', false, 0, '0', 'no', 'n', null, -1, 123, NaN, 'abc']; + valid_false_values.forEach(function(value) { + test('falsey value ' + value, function(t) { + t.equal(isTruthy(value), false, 'returns false'); + t.end(); + }); + }); +}; + +module.exports.all = function (tape, common) { + function test(name, testFunction) { + return tape('SANTIZE _truthy ' + name, testFunction); + } + + for( var testCase in module.exports.tests ){ + module.exports.tests[testCase](test, common); + } +}; From c19d56697ea6e09a1e819ae052527519424dbf91 Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 17:28:20 -0400 Subject: [PATCH 6/7] add _private sanitizer --- sanitiser/_private.js | 31 +++++++++++++++++++ test/unit/run.js | 1 + test/unit/sanitiser/_private.js | 53 +++++++++++++++++++++++++++++++++ 3 files changed, 85 insertions(+) create mode 100644 sanitiser/_private.js create mode 100644 test/unit/sanitiser/_private.js diff --git a/sanitiser/_private.js b/sanitiser/_private.js new file mode 100644 index 00000000..f419abdd --- /dev/null +++ b/sanitiser/_private.js @@ -0,0 +1,31 @@ +var isObject = require('is-object'); +var isTruthy = require('./_truthy'); + +// validate inputs, convert types and apply defaults +function sanitize( req, default_value ){ + + req.clean = req.clean || {}; + var params= req.query; + + if (default_value === undefined) { + default_value = true; + } + + default_value = !!default_value; + + // ensure the input params are a valid object + if( !isObject( params ) ){ + params = {}; + } + + if (params.private === undefined) { + req.clean.private = default_value; + } else { + req.clean.private = isTruthy(params.private); + } + + return {'error':false}; + +} + +module.exports = sanitize; diff --git a/test/unit/run.js b/test/unit/run.js index 03960674..7b512faf 100644 --- a/test/unit/run.js +++ b/test/unit/run.js @@ -9,6 +9,7 @@ var tests = [ require('./service/mget'), require('./service/search'), require('./sanitiser/_details'), + require('./sanitiser/_private'), require('./sanitiser/_source'), require('./sanitiser/_truthy'), require('./sanitiser/search'), diff --git a/test/unit/sanitiser/_private.js b/test/unit/sanitiser/_private.js new file mode 100644 index 00000000..8cebf566 --- /dev/null +++ b/test/unit/sanitiser/_private.js @@ -0,0 +1,53 @@ +var sanitize = require('../../../sanitiser/_private'); + +module.exports.tests = {}; + +module.exports.tests.sanitize_private = function(test, common) { + var invalid_values = [null, -1, 123, NaN, 'abc']; + invalid_values.forEach(function(privateValue) { + test('invalid private param ' + privateValue, function(t) { + var req = {query: { private: privateValue }}; + sanitize(req); + t.equal(req.clean.private, false, 'default private set (to false)'); + t.end(); + }); + }); + + var valid_values = ['true', true, 1, '1', 'yes', 'y']; + valid_values.forEach(function(privateValue) { + test('valid private param ' + privateValue, function(t) { + var req = {query: { private: privateValue }}; + sanitize(req); + t.equal(req.clean.private, true, 'private set to true'); + t.end(); + }); + }); + + var valid_false_values = ['false', false, 0, '0', 'no', 'n']; + valid_false_values.forEach(function(privateValue) { + test('test setting false explicitly ' + privateValue, function(t) { + var req = {query: { private: privateValue }}; + sanitize(req); + t.equal(req.clean.private, false, 'private set to false'); + t.end(); + }); + }); + + test('test default behavior', function(t) { + var req = {query: {}}; + sanitize(req); + t.equal(req.clean.private, true, 'private set to true'); + t.end(); + }); +}; + +module.exports.all = function (tape, common) { + + function test(name, testFunction) { + return tape('SANTIZE _private ' + name, testFunction); + } + + for( var testCase in module.exports.tests ){ + module.exports.tests[testCase](test, common); + } +}; From a2b1579b3e8662e300e54e4bee8581b5bbb687c0 Mon Sep 17 00:00:00 2001 From: Stephen Hess Date: Thu, 10 Sep 2015 17:32:57 -0400 Subject: [PATCH 7/7] incorporated _private sanitizer into search endpoint --- sanitiser/search.js | 1 + test/unit/sanitiser/search.js | 27 +++++++++++++++++++++++++++ 2 files changed, 28 insertions(+) diff --git a/sanitiser/search.js b/sanitiser/search.js index 19263732..ccf82865 100644 --- a/sanitiser/search.js +++ b/sanitiser/search.js @@ -6,6 +6,7 @@ var _sanitize = require('../sanitiser/_sanitize'), layers: require('../sanitiser/_layers'), source: require('../sanitiser/_source'), details: require('../sanitiser/_details'), + private: require('../sanitiser/_private'), latlonzoom: require('../sanitiser/_geo_search') }; diff --git a/test/unit/sanitiser/search.js b/test/unit/sanitiser/search.js index 9cba990c..9867e359 100644 --- a/test/unit/sanitiser/search.js +++ b/test/unit/sanitiser/search.js @@ -86,6 +86,33 @@ module.exports.tests.sanitize_text_with_delim = function(test, common) { }); }; +module.exports.tests.sanitize_private_no_value = function(test, common) { + test('default private should be set to true', function(t) { + sanitize({ text: 'test' }, function( err, clean ){ + t.equal(clean.private, true, 'private set to true'); + }); + t.end(); + }); +}; + +module.exports.tests.sanitize_private_explicit_true_value = function(test, common) { + test('explicit private should be set to true', function(t) { + sanitize({ text: 'test', private: true }, function( err, clean ){ + t.equal(clean.private, true, 'private set to true'); + }); + t.end(); + }); +}; + +module.exports.tests.sanitize_private_explicit_false_value = function(test, common) { + test('explicit private should be set to false', function(t) { + sanitize({ text: 'test', private: false }, function( err, clean ){ + t.equal(clean.private, false, 'private set to false'); + }); + t.end(); + }); +}; + module.exports.tests.sanitize_lat = function(test, common) { var lats = { invalid: [],