!C99Shell v. 2.5 [PHP 8 Update] [24.05.2025]!

Software: Apache/2.4.41 (Ubuntu). PHP/8.0.30 

uname -a: Linux apirnd 5.4.0-204-generic #224-Ubuntu SMP Thu Dec 5 13:38:28 UTC 2024 x86_64 

uid=33(www-data) gid=33(www-data) groups=33(www-data) 

Safe-mode: OFF (not secure)

/usr/local/lib/node_modules/homebridge-config-ui-x/node_modules/fastify-swagger/test/   drwxr-xr-x
Free 13.22 GB of 57.97 GB (22.8%)
Home    Back    Forward    UPDIR    Refresh    Search    Buffer    Encoder    Tools    Proc.    FTP brute    Sec.    SQL    PHP-code    Update    Self remove    Logout    


Viewing file:     csp.js (6.89 KB)      -rwxr-xr-x
Select action/file-type:
(+) | (+) | (+) | Code (+) | Session (+) | (+) | SDB (+) | (+) | (+) | (+) | (+) | (+) |
'use strict'

const t = require('tap')
const test = t.test
const Fastify = require('fastify')
const fastifyHelmet = require('fastify-helmet')
const fastifySwagger = require('../index')
const {
  schemaQuerystring,
  schemaBody,
  schemaParams,
  schemaSecurity
} = require('../examples/options')
let {
  swaggerOption
} = require('../examples/options')
const csp = require('../static/csp.json')

swaggerOption = {
  ...swaggerOption,
  exposeRoute: true
}

test('staticCSP = undefined', t => {
  t.plan(4)

  const fastify = Fastify()
  fastify.register(fastifySwagger, swaggerOption)

  fastify.get('/', () => {})
  fastify.post('/', () => {})
  fastify.get('/example', schemaQuerystring, () => {})
  fastify.post('/example', schemaBody, () => {})
  fastify.get('/parameters/:id', schemaParams, () => {})
  fastify.get('/example1', schemaSecurity, () => {})

  fastify.inject({
    method: 'GET',
    url: '/documentation/static/index.html'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(typeof res.headers['content-security-policy'], 'undefined')
    t.equal(typeof res.payload, 'string')
  })
})

test('staticCSP = true', t => {
  t.plan(7)

  const fastify = Fastify()
  fastify.register(fastifySwagger, {
    ...swaggerOption,
    staticCSP: true
  })

  fastify.get('/', () => { return '' })
  fastify.post('/', () => {})
  fastify.get('/example', schemaQuerystring, () => {})
  fastify.post('/example', schemaBody, () => {})
  fastify.get('/parameters/:id', schemaParams, () => {})
  fastify.get('/example1', schemaSecurity, () => {})

  fastify.inject({
    method: 'GET',
    url: '/documentation/static/index.html'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(res.headers['content-security-policy'], `default-src 'self'; base-uri 'self'; block-all-mixed-content; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data: validator.swagger.io; object-src 'none'; script-src 'self' ${csp.script.join(' ')}; script-src-attr 'none'; style-src 'self' https: ${csp.style.join(' ')}; upgrade-insecure-requests;`)
    t.equal(typeof res.payload, 'string')
  })

  fastify.inject({
    method: 'GET',
    url: '/'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(typeof res.headers['content-security-policy'], 'undefined')
  })
})

test('staticCSP = "default-src \'self\';"', t => {
  t.plan(7)

  const fastify = Fastify()
  fastify.register(fastifySwagger, {
    ...swaggerOption,
    staticCSP: "default-src 'self';"
  })

  fastify.get('/', () => { return '' })
  fastify.post('/', () => {})
  fastify.get('/example', schemaQuerystring, () => {})
  fastify.post('/example', schemaBody, () => {})
  fastify.get('/parameters/:id', schemaParams, () => {})
  fastify.get('/example1', schemaSecurity, () => {})

  fastify.inject({
    method: 'GET',
    url: '/documentation/static/index.html'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(res.headers['content-security-policy'], "default-src 'self';")
    t.equal(typeof res.payload, 'string')
  })

  fastify.inject({
    method: 'GET',
    url: '/'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(typeof res.headers['content-security-policy'], 'undefined')
  })
})

test('staticCSP = object', t => {
  t.plan(7)

  const fastify = Fastify()
  fastify.register(fastifySwagger, {
    ...swaggerOption,
    staticCSP: {
      'default-src': ["'self'"],
      'script-src': "'self'"
    }
  })

  fastify.get('/', () => { return '' })
  fastify.post('/', () => {})
  fastify.get('/example', schemaQuerystring, () => {})
  fastify.post('/example', schemaBody, () => {})
  fastify.get('/parameters/:id', schemaParams, () => {})
  fastify.get('/example1', schemaSecurity, () => {})

  fastify.inject({
    method: 'GET',
    url: '/documentation/static/index.html'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
    t.equal(typeof res.payload, 'string')
  })

  fastify.inject({
    method: 'GET',
    url: '/'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(typeof res.headers['content-security-policy'], 'undefined')
  })
})

test('transformStaticCSP = function', t => {
  t.plan(8)

  const fastify = Fastify()
  fastify.register(fastifySwagger, {
    ...swaggerOption,
    staticCSP: "default-src 'self';",
    transformStaticCSP: function (header) {
      t.equal(header, "default-src 'self';")
      return "default-src 'self'; script-src 'self';"
    }
  })

  fastify.get('/', () => { return '' })
  fastify.post('/', () => {})
  fastify.get('/example', schemaQuerystring, () => {})
  fastify.post('/example', schemaBody, () => {})
  fastify.get('/parameters/:id', schemaParams, () => {})
  fastify.get('/example1', schemaSecurity, () => {})

  fastify.inject({
    method: 'GET',
    url: '/documentation/static/index.html'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
    t.equal(typeof res.payload, 'string')
  })

  fastify.inject({
    method: 'GET',
    url: '/'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(typeof res.headers['content-security-policy'], 'undefined')
  })
})

test('transformStaticCSP = function, with fastify-helmet', t => {
  t.plan(8)

  const fastify = Fastify()
  fastify.register(fastifyHelmet)
  fastify.register(fastifySwagger, {
    ...swaggerOption,
    transformStaticCSP: function (header) {
      t.equal(header, "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests")
      return "default-src 'self'; script-src 'self';"
    }
  })

  fastify.get('/', () => { return '' })
  fastify.post('/', () => {})
  fastify.get('/example', schemaQuerystring, () => {})
  fastify.post('/example', schemaBody, () => {})
  fastify.get('/parameters/:id', schemaParams, () => {})
  fastify.get('/example1', schemaSecurity, () => {})

  fastify.inject({
    method: 'GET',
    url: '/documentation/static/index.html'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
    t.equal(typeof res.payload, 'string')
  })

  fastify.inject({
    method: 'GET',
    url: '/'
  }, (err, res) => {
    t.error(err)
    t.equal(res.statusCode, 200)
    t.equal(res.headers['content-security-policy'], "default-src 'self';base-uri 'self';block-all-mixed-content;font-src 'self' https: data:;frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests")
  })
})

:: Command execute ::

Enter:
 
Select:
 

:: Search ::
  - regexp 
:: Upload ::
 
[ Read-Only ]

:: Make Dir ::
 
[ Read-Only ]
:: Make File ::
 
[ Read-Only ]

:: Go Dir ::
 
:: Go File ::
 

--[ c99shell v. 2.5 [PHP 8 Update] [24.05.2025] | Generation time: 0.0052 ]--