tstatic/tests/server.test.ts

import { expect } from 'chai';
import { runServer } from './helpers';
import * as fs from 'fs';
import * as path from 'path';
import { IOptions } from '../src/types';

const PKG = require('../package.json');

describe('Server', function () {
    it('Should be usable', function (done) {
       runServer({
           allowed_ips: [],
           basicAuth: [],
           dirList: false,
           serveDir: 'site/',
           opbeat: false,
           open: false
       }, '/index.html', function (response : any) {
              expect(response.status).to.equal(200);
              expect(response.url).to.include('/index.html');
              done();
       });
    });

    describe('secure headers', function () {
      const SERVER_SETTINGS = {
        allowed_ips: [],
        basicAuth: [],
        dirList: false,
        serveDir: 'site/',
        opbeat: false,
        open: false,
        allowHttp: false
      } as IOptions;

      it('Should have no powered by header', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('x-powered-by')).to.be.null;
          done();
        });
      });

      it('Should have xss block header', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('x-xss-protection')).to.equal('1; mode=block');
          done();
        });
      });

      it('Should block iframes', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('x-frame-options')).to.equal('SAMEORIGIN');
          done();
        });
      });

      it('Should have expect-ct header', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('expect-ct')).to.equal('max-age=1000');
          done();
        });
      });

      it('Should block DNS prefetch', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('x-dns-prefetch-control')).to.equal('off');
          done();
        });
      });

      it('Should block open on IE', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('x-download-options')).to.equal('noopen');
          done();
        });
      });

      it('Should block cache', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('cache-control')).to.contain('no-store');
          expect(response.headers.get('cache-control')).to.contain('no-cache');
          expect(response.headers.get('pragma')).to.contain('no-cache');
          expect(response.headers.get('surrogate-control')).to.contain('no-store');
          expect(response.headers.get('expires')).to.contain(0);
          done();
        });
      });

      it('Should block referrer transfer', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('referrer-policy')).to.contain('same-origin');
          done();
        });
      });

      it('Should have HSTS header', function (done) {
        runServer(SERVER_SETTINGS, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('strict-transport-security')).to.contain('5184000');
          done();
        });
      });

      it('Should not have HSTS header if HTTP is allowed', function (done) {
        runServer({...SERVER_SETTINGS, allowHttp: true}, '/index.html', function (response : any) {
          expect(response.status).to.equal(200);
          expect(response.headers.get('strict-transport-security')).to.be.null;
          done();
        });
      });
    });
});
Start adding tests 2017-02-19 18:19:45 +00:00			`import { expect } from 'chai';`
			`import { runServer } from './helpers';`
Add some actual tests 2017-02-19 19:01:53 +00:00			`import * as fs from 'fs';`
Use path 2017-02-19 22:01:43 +00:00			`import * as path from 'path';`
Swap out linter 2018-03-15 21:40:35 +00:00			`import { IOptions } from '../src/types';`
Start adding tests 2017-02-19 18:19:45 +00:00
test hardening headers 2017-07-08 12:14:20 +01:00			`const PKG = require('../package.json');`
Start adding tests 2017-02-19 18:19:45 +00:00
			`describe('Server', function () {`
			`it('Should be usable', function (done) {`
			`runServer({`
			`allowed_ips: [],`
			`basicAuth: [],`
			`dirList: false,`
			`serveDir: 'site/',`
			`opbeat: false,`
			`open: false`
			`}, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.url).to.include('/index.html');`
			`done();`
			`});`
			`});`
Add some actual tests 2017-02-19 19:01:53 +00:00
test hardening headers 2017-07-08 12:14:20 +01:00			`describe('secure headers', function () {`
			`const SERVER_SETTINGS = {`
			`allowed_ips: [],`
			`basicAuth: [],`
			`dirList: false,`
			`serveDir: 'site/',`
			`opbeat: false,`
Test HSTS header 2018-01-17 20:59:16 +00:00			`open: false,`
			`allowHttp: false`
Swap out linter 2018-03-15 21:40:35 +00:00			`} as IOptions;`
test hardening headers 2017-07-08 12:14:20 +01:00
			`it('Should have no powered by header', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
Check powered by header isnt set 2018-01-17 20:40:09 +00:00			`expect(response.headers.get('x-powered-by')).to.be.null;`
test hardening headers 2017-07-08 12:14:20 +01:00			`done();`
			`});`
			`});`

			`it('Should have xss block header', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('x-xss-protection')).to.equal('1; mode=block');`
			`done();`
			`});`
			`});`

			`it('Should block iframes', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('x-frame-options')).to.equal('SAMEORIGIN');`
			`done();`
			`});`
			`});`

			`it('Should have expect-ct header', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('expect-ct')).to.equal('max-age=1000');`
			`done();`
			`});`
			`});`

			`it('Should block DNS prefetch', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('x-dns-prefetch-control')).to.equal('off');`
			`done();`
			`});`
			`});`

			`it('Should block open on IE', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('x-download-options')).to.equal('noopen');`
			`done();`
			`});`
			`});`

			`it('Should block cache', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('cache-control')).to.contain('no-store');`
			`expect(response.headers.get('cache-control')).to.contain('no-cache');`
			`expect(response.headers.get('pragma')).to.contain('no-cache');`
			`expect(response.headers.get('surrogate-control')).to.contain('no-store');`
			`expect(response.headers.get('expires')).to.contain(0);`
			`done();`
			`});`
			`});`

Fix test name 2017-07-08 14:39:13 +01:00			`it('Should block referrer transfer', function (done) {`
test hardening headers 2017-07-08 12:14:20 +01:00			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('referrer-policy')).to.contain('same-origin');`
			`done();`
			`});`
			`});`
Test HSTS header 2018-01-17 20:59:16 +00:00
			`it('Should have HSTS header', function (done) {`
			`runServer(SERVER_SETTINGS, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('strict-transport-security')).to.contain('5184000');`
			`done();`
			`});`
			`});`
Test missing HSTS header 2018-01-28 11:52:19 +00:00
			`it('Should not have HSTS header if HTTP is allowed', function (done) {`
			`runServer({...SERVER_SETTINGS, allowHttp: true}, '/index.html', function (response : any) {`
			`expect(response.status).to.equal(200);`
			`expect(response.headers.get('strict-transport-security')).to.be.null;`
			`done();`
			`});`
			`});`
test hardening headers 2017-07-08 12:14:20 +01:00			`});`
Start adding tests 2017-02-19 18:19:45 +00:00			`});`