Stuck on an issue?

Lightrun Answers was designed to reduce the constant googling that comes with debugging 3rd party libraries. It collects links to all the places you might be looking at while hunting down a tough bug.

And, if you’re still stuck at the end, we’re happy to hop on a call to see how we can help out.

Automated test for presence of EXIF data for blueprint challenge [🚀]

See original GitHub issue

Problem

A valid config file must defined the fileForRetrieveBlueprintChallenge property for exactly one product. For default.yml this is:

  -
    name: 'OWASP Juice Shop Logo (3D-printed)'
    description: 'This rare item was designed and handcrafted in Sweden. This is why it is so incredibly expensive despite its complete lack of purpose.'
    price: 99.99
    image: 3d_keychain.jpg # Exif metadata contains "OpenSCAD" as subtle hint...
    fileForRetrieveBlueprintChallenge: JuiceShop.stl # ...to blueprint file type

The presence of the property is checked on startup. It is never checked however, if the image of that product actually contains some EXIF data that would help find that blueprint file. As the challenge seeminly not played often, #1597 could sneakily exist since 2019 without being noticed.

Solution

Introduce a property exifForBlueprintChallenge that needs to be specified on the product used for the blueprint challenge
Implement a test in test/server that uses the exif module to read the EXIF data from the image of that product
Check if the EXIF data contains the string/property from exifForBlueprintChallenge to pass the test

Additional requirements

This check must work for the default.yml and also all custom configs
The presence of the new exifForBlueprintChallenge property must be checked in the validateConfig.ts script
The new property must be added to the config.schema.yml

Issue Analytics

State:
Created 2 years ago
Comments:10 (6 by maintainers)

Top GitHub Comments

1reaction

the-procommented, Apr 8, 2021

The config schema check is working fine, only the actual EXIF data check doesn’t trigger, no matter what I do. It never goes into the callback function under https://github.com/bkimminich/juice-shop/blob/develop/test/server/blueprintSpec.ts#L32 … Any ideas?

It is working fine for me with both files and URLs. Can you give any tests so I can check

0reactions

github-actions[bot]commented, Apr 9, 2022

This thread has been automatically locked because it has not had recent activity after it was closed. 🔒 Please open a new issue for regressions or related bugs.

Top Results From Across the Web

Automated test for presence of EXIF data for blueprint challenge [🚀]

Problem. A valid config file must defined the fileForRetrieveBlueprintChallenge property for exactly one product. For default.yml this is:

Developing a blueprint for a science of cybersecurity

40 Proof-carrying data: Secure computation on untrusted platforms. A C , E T. 47 Blueprint for a science of cybersecurity. F...

blueprint-pro-guide.pdf - Bluehost.com

THE BLUEPRINT — A WEB PRO'S GUIDE TO WORDPRESS. Building a digital presence goes far beyond building a website with text, images, and...

Digitalization and its impact on regional economy transformation ...

This study aimed to identify which digital transformation areas are prioritized in regions with different levels of innovative development.

Text - H.R.4521 - 117th Congress (2021-2022): United States ...

Study on emerging science and technology challenges faced by the United States and recommendations to address them. ... Rocket engine test infrastructure.