forked from juice-shop/juice-shop
-
Notifications
You must be signed in to change notification settings - Fork 0
/
product.ts
71 lines (67 loc) · 1.9 KB
/
product.ts
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
/*
* Copyright (c) 2014-2023 Bjoern Kimminich & the OWASP Juice Shop contributors.
* SPDX-License-Identifier: MIT
*/
/* jslint node: true */
import utils = require('../lib/utils')
import challengeUtils = require('../lib/challengeUtils')
import {
Model,
type InferAttributes,
type InferCreationAttributes,
DataTypes,
type CreationOptional,
type Sequelize
} from 'sequelize'
import { type BasketItemModel } from './basketitem'
const security = require('../lib/insecurity')
const challenges = require('../data/datacache').challenges
class Product extends Model<
InferAttributes<Product>,
InferCreationAttributes<Product>
> {
declare id: CreationOptional<number>
declare name: string
declare description: string
declare price: number
declare deluxePrice: number
declare image: string
declare BasketItem?: CreationOptional<BasketItemModel> // Note this is optional since it's only populated when explicitly requested in code
}
const ProductModelInit = (sequelize: Sequelize) => {
Product.init(
{
id: {
type: DataTypes.INTEGER,
primaryKey: true,
autoIncrement: true
},
name: DataTypes.STRING,
description: {
type: DataTypes.STRING,
set (description: string) {
if (!utils.disableOnContainerEnv()) {
challengeUtils.solveIf(challenges.restfulXssChallenge, () => {
return utils.contains(
description,
'<iframe src="javascript:alert(`xss`)">'
)
})
} else {
description = security.sanitizeSecure(description)
}
this.setDataValue('description', description)
}
},
price: DataTypes.DECIMAL,
deluxePrice: DataTypes.DECIMAL,
image: DataTypes.STRING
},
{
tableName: 'Products',
sequelize,
paranoid: true
}
)
}
export { Product as ProductModel, ProductModelInit }