misskey/packages/backend/test/e2e/fetch-validate-ap-deny.ts
まっちゃとーにゅ d5f229e72b
hotfix(backend): GHSA-qqrm-9grj-6v32 (MisskeyIO#460)
* hotfix(backend): GHSA-qqrm-9grj-6v32

Cherry-picked from 9a70ce8f5e

Co-authored-by: tamaina <tamaina@hotmail.co.jp>

* security fix: regexp

Co-authored-by: Ry0taK <49341894+Ry0taK@users.noreply.github.com>

---------

Co-authored-by: tamaina <tamaina@hotmail.co.jp>
Co-authored-by: Ry0taK <49341894+Ry0taK@users.noreply.github.com>
2024-02-17 15:23:56 +09:00

41 lines
1.2 KiB
TypeScript

/*
* SPDX-FileCopyrightText: syuilo and misskey-project
* SPDX-License-Identifier: AGPL-3.0-only
*/
process.env.NODE_ENV = 'test';
import { validateContentTypeSetAsActivityPub, validateContentTypeSetAsJsonLD } from '@/core/activitypub/misc/validator.js';
import { signup, uploadFile, relativeFetch } from '../utils.js';
import type * as misskey from 'misskey-js';
describe('validateContentTypeSetAsActivityPub/JsonLD (deny case)', () => {
let alice: misskey.entities.SignupResponse;
let aliceUploadedFile: any;
beforeAll(async () => {
alice = await signup({ username: 'alice' });
aliceUploadedFile = await uploadFile(alice);
}, 1000 * 60 * 2);
test('ActivityStreams: ファイルはエラーになる', async () => {
const res = await relativeFetch(aliceUploadedFile.webpublicUrl);
function doValidate() {
validateContentTypeSetAsActivityPub(res);
}
expect(doValidate).toThrow('Content type is not');
});
test('JSON-LD: ファイルはエラーになる', async () => {
const res = await relativeFetch(aliceUploadedFile.webpublicUrl);
function doValidate() {
validateContentTypeSetAsJsonLD(res);
}
expect(doValidate).toThrow('Content type is not');
});
});