n8n/packages/cli/test/integration/audit/nodes.risk.test.ts

import { v4 as uuid } from 'uuid';
import * as Db from '@/Db';
import { audit } from '@/audit';
import * as packageModel from '@/CommunityNodes/packageModel';
import { OFFICIAL_RISKY_NODE_TYPES, NODES_REPORT } from '@/audit/constants';
import { getRiskSection, MOCK_PACKAGE, saveManualTriggerWorkflow } from './utils';
import * as testDb from '../shared/testDb';
import { toReportTitle } from '@/audit/utils';

let testDbName = '';

beforeAll(async () => {
	const initResult = await testDb.init();
	testDbName = initResult.testDbName;
});

beforeEach(async () => {
	await testDb.truncate(['Workflow'], testDbName);
});

afterAll(async () => {
	await testDb.terminate(testDbName);
});

test('should report risky official nodes', async () => {
	const map = [...OFFICIAL_RISKY_NODE_TYPES].reduce<{ [nodeType: string]: string }>((acc, cur) => {
		return (acc[cur] = uuid()), acc;
	}, {});

	const promises = Object.entries(map).map(async ([nodeType, nodeId]) => {
		const details = {
			name: 'My Test Workflow',
			active: false,
			connections: {},
			nodeTypes: {},
			nodes: [
				{
					id: nodeId,
					name: 'My Node',
					type: nodeType,
					typeVersion: 1,
					position: [0, 0] as [number, number],
				},
			],
		};

		return Db.collections.Workflow.save(details);
	});

	await Promise.all(promises);

	const testAudit = await audit(['nodes']);

	const section = getRiskSection(
		testAudit,
		NODES_REPORT.RISK,
		NODES_REPORT.SECTIONS.OFFICIAL_RISKY_NODES,
	);

	expect(section.location).toHaveLength(OFFICIAL_RISKY_NODE_TYPES.size);

	for (const loc of section.location) {
		if (loc.kind === 'node') {
			expect(loc.nodeId).toBe(map[loc.nodeType]);
		}
	}
});

test('should not report non-risky official nodes', async () => {
	await saveManualTriggerWorkflow();

	const testAudit = await audit(['nodes']);

	const report = testAudit?.[toReportTitle('nodes')];

	if (!report) return;

	for (const section of report.sections) {
		expect(section.title).not.toBe(NODES_REPORT.SECTIONS.OFFICIAL_RISKY_NODES);
	}
});

test('should report community nodes', async () => {
	jest.spyOn(packageModel, 'getAllInstalledPackages').mockResolvedValueOnce(MOCK_PACKAGE);

	const testAudit = await audit(['nodes']);

	const section = getRiskSection(
		testAudit,
		NODES_REPORT.RISK,
		NODES_REPORT.SECTIONS.COMMUNITY_NODES,
	);

	expect(section.location).toHaveLength(1);

	if (section.location[0].kind === 'community') {
		expect(section.location[0].nodeType).toBe(MOCK_PACKAGE[0].installedNodes[0].type);
	}
});
feat(core): Security audit (#5034) * :sparkles: Implement security audit * :zap: Use logger * :test_tube: Fix test * :zap: Switch logger with stdout * :art: Set new logo * :zap: Fill out Public API schema * :pencil2: Fix typo * :zap: Break dependency cycle * :zap: Add security settings values * :test_tube: Test security settings * :zap: Add publicly accessible instance warning * :zap: Add metric to CLI command * :pencil2: Fix typo * :fire: Remove unneeded path alias * :blue_book: Add type import * :fire: Remove inferrable output type * :zap: Set description at correct level * :zap: Rename constant for consistency * :zap: Sort URLs * :zap: Rename local var * :zap: Shorten name * :pencil2: Improve phrasing * :zap: Improve naming * :zap: Fix casing * :pencil2: Add docline * :pencil2: Relocate comment * :zap: Add singular/plurals * :fire: Remove unneeded await * :pencil2: Improve test description * :zap: Optimize with sets * :zap: Adjust post master merge * :pencil2: Improve naming * :zap: Adjust in spy * :test_tube: Fix outdated instance test * :test_tube: Make diagnostics check consistent * :zap: Refactor `getAllExistingCreds` * :zap: Create helper `getNodeTypes` * :bug: Fix `InternalHooksManager` call * :truck: Rename `execution` to `nodes` risk * :zap: Add options to CLI command * :zap: Make days configurable * :revert: Undo changes to `BaseCommand` * :zap: Improve CLI command UX * :zap: Change no-report return value Empty array to trigger empty state on FE. * :zap: Add empty check to `reportInstanceRisk` * :test_tube: Extend Jest `expect` * :blue_book: Augment `jest.Matchers` * :test_tube: Set extend as setup file * :wrench: Override lint rule for `.d.ts` * :zap: Use new matcher * :zap: Update check * :blue_book: Improve typings * :zap: Adjust instance risk check * :pencil2: Rename `execution` → `nodes` in Public API schema * :pencil2: Add clarifying comment * :pencil2: Fix typo * :zap: Validate categories in CLI command * :pencil2: Improve naming * :pencil2: Make audit reference consistent * :blue_book: Fix typing * :zap: Use `finally` in CLI command 2023-01-05 04:28:40 -08:00			`import { v4 as uuid } from 'uuid';`
			`import * as Db from '@/Db';`
			`import { audit } from '@/audit';`
			`import * as packageModel from '@/CommunityNodes/packageModel';`
			`import { OFFICIAL_RISKY_NODE_TYPES, NODES_REPORT } from '@/audit/constants';`
			`import { getRiskSection, MOCK_PACKAGE, saveManualTriggerWorkflow } from './utils';`
			`import * as testDb from '../shared/testDb';`
			`import { toReportTitle } from '@/audit/utils';`

			`let testDbName = '';`

			`beforeAll(async () => {`
			`const initResult = await testDb.init();`
			`testDbName = initResult.testDbName;`
			`});`

			`beforeEach(async () => {`
			`await testDb.truncate(['Workflow'], testDbName);`
			`});`

			`afterAll(async () => {`
			`await testDb.terminate(testDbName);`
			`});`

			`test('should report risky official nodes', async () => {`
			`const map = [...OFFICIAL_RISKY_NODE_TYPES].reduce<{ [nodeType: string]: string }>((acc, cur) => {`
			`return (acc[cur] = uuid()), acc;`
			`}, {});`

			`const promises = Object.entries(map).map(async ([nodeType, nodeId]) => {`
			`const details = {`
			`name: 'My Test Workflow',`
			`active: false,`
			`connections: {},`
			`nodeTypes: {},`
			`nodes: [`
			`{`
			`id: nodeId,`
			`name: 'My Node',`
			`type: nodeType,`
			`typeVersion: 1,`
			`position: [0, 0] as [number, number],`
			`},`
			`],`
			`};`

			`return Db.collections.Workflow.save(details);`
			`});`

			`await Promise.all(promises);`

			`const testAudit = await audit(['nodes']);`

			`const section = getRiskSection(`
			`testAudit,`
			`NODES_REPORT.RISK,`
			`NODES_REPORT.SECTIONS.OFFICIAL_RISKY_NODES,`
			`);`

			`expect(section.location).toHaveLength(OFFICIAL_RISKY_NODE_TYPES.size);`

			`for (const loc of section.location) {`
			`if (loc.kind === 'node') {`
			`expect(loc.nodeId).toBe(map[loc.nodeType]);`
			`}`
			`}`
			`});`

			`test('should not report non-risky official nodes', async () => {`
			`await saveManualTriggerWorkflow();`

			`const testAudit = await audit(['nodes']);`

			`const report = testAudit?.[toReportTitle('nodes')];`

			`if (!report) return;`

			`for (const section of report.sections) {`
			`expect(section.title).not.toBe(NODES_REPORT.SECTIONS.OFFICIAL_RISKY_NODES);`
			`}`
			`});`

			`test('should report community nodes', async () => {`
			`jest.spyOn(packageModel, 'getAllInstalledPackages').mockResolvedValueOnce(MOCK_PACKAGE);`

			`const testAudit = await audit(['nodes']);`

			`const section = getRiskSection(`
			`testAudit,`
			`NODES_REPORT.RISK,`
			`NODES_REPORT.SECTIONS.COMMUNITY_NODES,`
			`);`

			`expect(section.location).toHaveLength(1);`

			`if (section.location[0].kind === 'community') {`
			`expect(section.location[0].nodeType).toBe(MOCK_PACKAGE[0].installedNodes[0].type);`
			`}`
			`});`