├── .github
└── workflows
│ └── semgrep.yml
├── .gitignore
├── .vscode
└── launch.json
├── Jenkinsfile
├── README.md
├── app
├── converter.js
└── server.js
├── azure-pipelines-1.yml
├── azure-pipelines.yml
├── build
└── jenkins
│ └── aws
│ └── Jenkinsfile
├── package-lock.json
├── package.json
├── start-agent-server.sh
├── stop-agent-server.sh
├── test.sh
└── test
├── converter.js
└── server.js
/.github/workflows/semgrep.yml:
--------------------------------------------------------------------------------
1 | on:
2 | pull_request: {}
3 | push:
4 | branches:
5 | - main
6 | - master
7 | paths:
8 | - .github/workflows/semgrep.yml
9 | schedule:
10 | - cron: '0 0 * * 0'
11 | name: Semgrep
12 | jobs:
13 | semgrep:
14 | name: Scan
15 | runs-on: ubuntu-20.04
16 | env:
17 | SEMGREP_APP_TOKEN: ${{ secrets.SEMGREP_APP_TOKEN }}
18 | container:
19 | image: returntocorp/semgrep
20 | steps:
21 | - uses: actions/checkout@v3
22 | - run: semgrep ci
23 |
--------------------------------------------------------------------------------
/.gitignore:
--------------------------------------------------------------------------------
1 | # Logs
2 | logs
3 | *.log
4 | npm-debug.log*
5 | yarn-debug.log*
6 | yarn-error.log*
7 | iast*.txt
8 | iast*.ndjson
9 |
10 | # Downloaded Veracode Interactive Analysis files
11 | .iast
12 |
13 | # Runtime data
14 | pids
15 | *.pid
16 | *.seed
17 | *.pid.lock
18 |
19 | # Directory for instrumented libs generated by jscoverage/JSCover
20 | lib-cov
21 |
22 | # Coverage directory used by tools like istanbul
23 | coverage
24 |
25 | # nyc test coverage
26 | .nyc_output
27 |
28 | # Grunt intermediate storage (http://gruntjs.com/creating-plugins#storing-task-files)
29 | .grunt
30 |
31 | # Bower dependency directory (https://bower.io/)
32 | bower_components
33 |
34 | # node-waf configuration
35 | .lock-wscript
36 |
37 | # Compiled binary addons (https://nodejs.org/api/addons.html)
38 | build/Release
39 |
40 | # Dependency directories
41 | node_modules/
42 | jspm_packages/
43 |
44 | # TypeScript v1 declaration files
45 | typings/
46 |
47 | # Optional npm cache directory
48 | .npm
49 |
50 | # Optional eslint cache
51 | .eslintcache
52 |
53 | # Optional REPL history
54 | .node_repl_history
55 |
56 | # Output of 'npm pack'
57 | *.tgz
58 |
59 | # Yarn Integrity file
60 | .yarn-integrity
61 |
62 | # dotenv environment variables file
63 | .env
64 |
65 | # next.js build output
66 | .next
--------------------------------------------------------------------------------
/.vscode/launch.json:
--------------------------------------------------------------------------------
1 | {
2 | // Use IntelliSense to learn about possible attributes.
3 | // Hover to view descriptions of existing attributes.
4 | // For more information, visit: https://go.microsoft.com/fwlink/?linkid=830387
5 | "version": "0.2.0",
6 | "configurations": [
7 | {
8 | "type": "node",
9 | "request": "launch",
10 | "name": "Launch Program",
11 | "program": "${workspaceFolder}/app/server.js"
12 | }
13 | ]
14 | }
--------------------------------------------------------------------------------
/Jenkinsfile:
--------------------------------------------------------------------------------
1 | pipeline {
2 | agent {
3 | docker {
4 | image 'node:8.16.0'
5 | }
6 | }
7 | stages {
8 | stage('Build') {
9 | steps {
10 | sh 'rm -rf node_modules && npm install'
11 | }
12 | }
13 | stage('Test') {
14 | steps {
15 | // 1. Enable Veracode Interactive for the steps that run the tests.
16 | wrap([$class: 'VeracodeInteractiveBuildWrapper', location: 'host.docker.internal', port: '10010']) {
17 | // 2. Download the IAST Agent into the project workspace.
18 | sh 'curl -sSL https://s3.us-east-2.amazonaws.com/app.veracode-iast.io/iast-ci.sh | sh'
19 | // 3. Run the tests with the Veracode Interactive Agent attached.
20 | sh 'LD_LIBRARY_PATH=$WORKSPACE npm run test-iast'
21 | }
22 | }
23 | }
24 | stage('Deploy') {
25 | steps {
26 | sh 'echo npm package would run here...'
27 | }
28 | }
29 | }
30 | }
31 |
--------------------------------------------------------------------------------
/README.md:
--------------------------------------------------------------------------------
1 | # node-api-goat
2 | A simple Express.JS REST API application exposes endpoints with code that contains vulnerabilities.
3 |
--------------------------------------------------------------------------------
/app/converter.js:
--------------------------------------------------------------------------------
1 | exports.rgbToHex = function(red, green, blue) {
2 |
3 | var redHex = red.toString(16);
4 | var greenHex = green.toString(16);
5 | var blueHex = blue.toString(16);
6 |
7 | return pad(redHex) + pad(greenHex) + pad(blueHex);
8 |
9 | };
10 |
11 | function pad(hex) {
12 | return (hex.length === 1 ? "0" + hex : hex);
13 | }
14 |
15 | exports.hexToRgb = function(hex) {
16 |
17 | var red = parseInt(hex.substring(0, 2), 16);
18 | var green = parseInt(hex.substring(2, 4), 16);
19 | var blue = parseInt(hex.substring(4, 6), 16);
20 |
21 | return [red, green, blue];
22 |
23 | };
--------------------------------------------------------------------------------
/app/server.js:
--------------------------------------------------------------------------------
1 | var express = require("express");
2 | var serialize = require('node-serialize');
3 | var cprocess = require('child_process');
4 | // Error installing libxmljs:
5 | // Error: Cannot find module '../'
6 | // var libxmljs = require('libxmljs');
7 | var fse = require("fs-extra");
8 | var app = express();
9 |
10 | var converter = require("./converter");
11 |
12 | // This function is called when you want the server to end gracefully
13 | // (i.e. wait for existing connections to close).
14 | var gracefulShutdown = function() {
15 | console.log("Received shutdown command, shutting down gracefully.");
16 | process.exit();
17 | }
18 |
19 | // listen for TERM signal (e.g. kill command issued by forever).
20 | process.on('SIGTERM', gracefulShutdown);
21 |
22 | // listen for INT signal (e.g. Ctrl+C).
23 | process.on('SIGINT', gracefulShutdown);
24 |
25 | // Id: CWE-95
26 | // Description: Eval Injection
27 | // Exploit URL: http://localhost:3001/cwe95/rgbToHex?red=255&green=255&blue=255
28 | // Status: PASS
29 | app.get("/cwe95/rgbToHex", function(req, res) {
30 | // To fix these security vulnerabilities,
31 | // Replace the three eval() statements with their parseInt() versions.
32 | var red = eval(req.query.red);
33 | var green = eval(req.query.green, 10);
34 | var blue = eval(req.query.blue, 10);
35 |
36 | // var red = parseInt(req.query.red, 10);
37 | // var green = parseInt(req.query.green, 10);
38 | // var blue = parseInt(req.query.blue, 10);
39 | var hex = converter.rgbToHex(red, green, blue);
40 | res.send(hex);
41 | });
42 |
43 | app.get("/hexToRgb", function(req, res) {
44 | var hex = req.query.hex;
45 | var rgb = converter.hexToRgb(hex);
46 | res.send(JSON.stringify(rgb));
47 | });
48 |
49 | // Id: CWE-73
50 | // Description: External Control of File Name or Path
51 | // Exploit URL: http://localhost:3001/cwe73/read?foo=package.json
52 | // Status: PASS
53 | app.get("/cwe73/read", function(req, res) {
54 | res.send(fse.readJsonSync(req.query.foo));
55 | });
56 |
57 | // Id: CWE-79
58 | // Description: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')
59 | // Exploit URL: http://localhost:3001/cwe79/echo?text=hello
60 | // Status: PASS
61 | app.get('/cwe79/echo', function (req, res) {
62 | res.send("You sent this: " + req.query.text + "
")
63 | });
64 |
65 | // Id: CWE-113
66 | // Description: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')
67 | // Exploit URL: http://localhost:3001/cwe113/split?key=myKey&value=myValueThatCouldHaveCRLFs
68 | // Status: PASS
69 | app.get('/cwe113/split', function (req, res) {
70 | res.append(req.query.key, req.query.value);
71 | res.status(200).send('Check your headers!');
72 | });
73 |
74 |
75 | // Id: CWE-201
76 | // Description: Information Exposure Through Sent Data
77 | // Exploit URL: http://localhost:3001/cwe201/exposure?text=sensitive
78 | // Status: PASS
79 | app.get('/cwe201/exposure', function (req, res) {
80 | res.send(req.query.text);
81 | });
82 |
83 |
84 | // Id: CWE-601
85 | // Description: URL Redirection to Untrusted Site ('Open Redirect')
86 | // Exploit URL: http://localhost:3001/cwe601/redirect?text=www.maliciouswebsite.com
87 | // Status: PASS
88 | app.get('/cwe601/redirect', function (req, res) {
89 | res.redirect("http://localhost:3001/echo?text=" + req.query.text + " (Redirected)");
90 | });
91 |
92 | // Id: CWE-502
93 | // Description: Deserialization of Untrusted Data
94 | // Exploit URL: http://localhost:3001/cwe502/serialize?foo={"rce":"_$$ND_FUNC$$_function (){console.log('exploited')}()"}
95 | // Status: PASS
96 | app.get("/cwe502/serialize", function(req, res) {
97 | serialize.unserialize(req.query.foo);
98 | res.send("node-serialize");
99 | });
100 |
101 | // Id: CWE-78
102 | // Description: OS Command Injection
103 | // Exploit URL: http://localhost:3001/cwe78/childprocess?foo=pwd
104 | // Status: PASS
105 | app.get("/cwe78/childprocess", function(req, res) {
106 | cprocess.exec(req.query.foo, (error,stdout,stderr) => {
107 | if (error) {
108 | console.log(`Error executing endpoint /cwe78/childprocess: ${error}`);
109 | }});
110 | res.send("child_process");
111 | });
112 |
113 | // Id: CWE-611
114 | // Description: Improper Restriction of XML External Entity Reference
115 | // Exploit URL: http://localhost:3001/cwe611/xmlref/?xml=xml
116 | // Status: PASS
117 | //app.get('/cwe611/xmlref', function (req, res) {
118 | // var xmlout = libxmljs.parseXmlString(req.query.xml, {noent:true});
119 | // res.send(xmlout.childNodes()[0].toString());
120 | //});
121 |
122 | var server = app.listen(3001, function () {
123 | var port = server.address().port;
124 | //console.log('node-api-goat app listening at port %s', port);
125 | });
126 | module.exports = server;
--------------------------------------------------------------------------------
/azure-pipelines-1.yml:
--------------------------------------------------------------------------------
1 | # Node.js
2 | # Build a general Node.js project with npm.
3 | # Add steps that analyze code, save build artifacts, deploy, and more:
4 | # https://docs.microsoft.com/azure/devops/pipelines/languages/javascript
5 |
6 | trigger:
7 | - master
8 |
9 | name: $(TeamProject)_$(Build.DefinitionName)_$(SourceBranchName)_$(Date:yyyyMMdd)$(Rev:.r)
10 |
11 | pool:
12 | vmImage: 'ubuntu-latest'
13 |
14 | resources:
15 | containers:
16 | - container: 'iast_agent_server'
17 | image: 'veracode/iast-agent-server:latest'
18 | ports:
19 | - 10010:10010
20 | env:
21 | VERACODE_API_KEY_ID: $(veracode_api_key_id)
22 | VERACODE_API_KEY_SECRET: $(veracode_api_key_secret)
23 |
24 | services:
25 | iast_agent_server: iast_agent_server
26 |
27 | steps:
28 | - task: Bash@3
29 | displayName: 'Initialize IAST'
30 | inputs:
31 | targetType: 'inline'
32 | script: |
33 |
34 | # Wait for Agent Server to start up.
35 | status_code=000
36 | while [ $status_code -eq 000 ]
37 | do
38 | status_code=`curl --write-out "%{http_code}" --silent --output /dev/null --insecure $(AGENT_SERVER_URL)`
39 | done
40 | echo Agent Server status: $status_code
41 |
42 | # Set the BUILD_TAG.
43 | export BUILD_TAG='$(Build.BuildNumber)'
44 | echo Using BUILD_TAG: $BUILD_TAG
45 |
46 | # Allocate a session_id
47 | SESSION_ID=`curl -H "Content-Type:application/json" -H "x-iast-event:session_start" --silent --insecure -X POST -d "{\"BUILD_TAG\":\"${BUILD_TAG}\"}" ${AGENT_SERVER_URL}/events | jq -r '.session_id'`
48 | echo Using session_id: $SESSION_ID
49 |
50 | # Download the IAST Agent files.
51 | # curl --silent --output /dev/null --insecure ${AGENT_SERVER_URL}/downloads | sh
52 | curl --silent --insecure ${AGENT_SERVER_URL}/downloads | sh
53 | ls -la
54 |
55 | - task: NodeTool@0
56 | displayName: 'Install Node.js'
57 | inputs:
58 | versionSpec: '8.x'
59 |
60 | - task: Npm@1
61 | displayName: 'Build'
62 | inputs:
63 | command: 'install'
64 |
65 | - task: Npm@1
66 | displayName: 'Test'
67 | inputs:
68 | command: 'custom'
69 | customCommand: 'run test-iast'
70 |
71 | - task: Bash@3
72 | displayName: 'Get IAST Results'
73 | inputs:
74 | targetType: 'inline'
75 | script: |
76 | curl -H "Accept:text/plain" --silent --insecure -X GET $(AGENT_SERVER_URL)/results?session_id=${SESSION_ID}
--------------------------------------------------------------------------------
/azure-pipelines.yml:
--------------------------------------------------------------------------------
1 | # Node.js
2 | # Build a general Node.js project with npm.
3 | # Add steps that analyze code, save build artifacts, deploy, and more:
4 | # https://docs.microsoft.com/azure/devops/pipelines/languages/javascript
5 |
6 | trigger:
7 | - master
8 |
9 | pool:
10 | vmImage: 'ubuntu-latest'
11 |
12 | steps:
13 | - task: NodeTool@0
14 | inputs:
15 | versionSpec: '8.x'
16 | displayName: 'Install Node.js'
17 |
18 | - script: |
19 | npm install
20 | displayName: 'Build'
21 |
22 | - script: |
23 | npm test
24 | displayName: 'Test'
25 |
--------------------------------------------------------------------------------
/build/jenkins/aws/Jenkinsfile:
--------------------------------------------------------------------------------
1 | pipeline {
2 | agent {
3 | docker {
4 | image 'node:8.16.0'
5 | }
6 | }
7 | stages {
8 | stage('Build') {
9 | steps {
10 | sh 'rm -rf node_modules && npm install'
11 | }
12 | }
13 | stage('Test') {
14 | steps {
15 | wrap([$class: 'VeracodeInteractiveBuildWrapper', location: 'agent-server.veracode-iast.io', port: '10010']) {
16 | sh 'curl -sSL https://s3.us-east-2.amazonaws.com/app.veracode-iast.io/iast-ci.sh | sh'
17 | sh 'LD_LIBRARY_PATH=$WORKSPACE npm run test-iast'
18 | }
19 | }
20 | }
21 | stage('Deploy') {
22 | steps {
23 | sh 'echo npm package would run here...'
24 | }
25 | }
26 | }
27 | }
--------------------------------------------------------------------------------
/package-lock.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "api-node-goat",
3 | "version": "0.0.1",
4 | "lockfileVersion": 2,
5 | "requires": true,
6 | "packages": {
7 | "": {
8 | "name": "api-node-goat",
9 | "version": "0.0.1",
10 | "license": "ISC",
11 | "dependencies": {
12 | "child_process": "^1.0.2",
13 | "express": "^4.16.4",
14 | "fs-extra": "^8.1.0",
15 | "node-serialize": "0.0.4",
16 | "should": "^13.2.3"
17 | },
18 | "devDependencies": {
19 | "chai": "^4.2.0",
20 | "mocha": "^5.2.0",
21 | "supertest": "^4.0.2"
22 | }
23 | },
24 | "node_modules/accepts": {
25 | "version": "1.3.7",
26 | "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
27 | "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==",
28 | "dependencies": {
29 | "mime-types": "~2.1.24",
30 | "negotiator": "0.6.2"
31 | }
32 | },
33 | "node_modules/array-flatten": {
34 | "version": "1.1.1",
35 | "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
36 | "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
37 | },
38 | "node_modules/assertion-error": {
39 | "version": "1.1.0",
40 | "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
41 | "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
42 | "dev": true
43 | },
44 | "node_modules/asynckit": {
45 | "version": "0.4.0",
46 | "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
47 | "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=",
48 | "dev": true
49 | },
50 | "node_modules/balanced-match": {
51 | "version": "1.0.0",
52 | "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
53 | "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
54 | "dev": true
55 | },
56 | "node_modules/body-parser": {
57 | "version": "1.19.0",
58 | "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz",
59 | "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==",
60 | "dependencies": {
61 | "bytes": "3.1.0",
62 | "content-type": "~1.0.4",
63 | "debug": "2.6.9",
64 | "depd": "~1.1.2",
65 | "http-errors": "1.7.2",
66 | "iconv-lite": "0.4.24",
67 | "on-finished": "~2.3.0",
68 | "qs": "6.7.0",
69 | "raw-body": "2.4.0",
70 | "type-is": "~1.6.17"
71 | }
72 | },
73 | "node_modules/brace-expansion": {
74 | "version": "1.1.11",
75 | "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
76 | "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
77 | "dev": true,
78 | "dependencies": {
79 | "balanced-match": "^1.0.0",
80 | "concat-map": "0.0.1"
81 | }
82 | },
83 | "node_modules/browser-stdout": {
84 | "version": "1.3.1",
85 | "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz",
86 | "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==",
87 | "dev": true
88 | },
89 | "node_modules/bytes": {
90 | "version": "3.1.0",
91 | "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
92 | "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
93 | },
94 | "node_modules/chai": {
95 | "version": "4.2.0",
96 | "resolved": "https://registry.npmjs.org/chai/-/chai-4.2.0.tgz",
97 | "integrity": "sha512-XQU3bhBukrOsQCuwZndwGcCVQHyZi53fQ6Ys1Fym7E4olpIqqZZhhoFJoaKVvV17lWQoXYwgWN2nF5crA8J2jw==",
98 | "dev": true,
99 | "dependencies": {
100 | "assertion-error": "^1.1.0",
101 | "check-error": "^1.0.2",
102 | "deep-eql": "^3.0.1",
103 | "get-func-name": "^2.0.0",
104 | "pathval": "^1.1.0",
105 | "type-detect": "^4.0.5"
106 | }
107 | },
108 | "node_modules/check-error": {
109 | "version": "1.0.2",
110 | "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
111 | "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=",
112 | "dev": true
113 | },
114 | "node_modules/child_process": {
115 | "version": "1.0.2",
116 | "resolved": "https://registry.npmjs.org/child_process/-/child_process-1.0.2.tgz",
117 | "integrity": "sha1-sffn/HPSXn/R1FWtyU4UODAYK1o="
118 | },
119 | "node_modules/combined-stream": {
120 | "version": "1.0.8",
121 | "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
122 | "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
123 | "dev": true,
124 | "dependencies": {
125 | "delayed-stream": "~1.0.0"
126 | }
127 | },
128 | "node_modules/commander": {
129 | "version": "2.15.1",
130 | "resolved": "https://registry.npmjs.org/commander/-/commander-2.15.1.tgz",
131 | "integrity": "sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag==",
132 | "dev": true
133 | },
134 | "node_modules/component-emitter": {
135 | "version": "1.3.0",
136 | "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz",
137 | "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==",
138 | "dev": true
139 | },
140 | "node_modules/concat-map": {
141 | "version": "0.0.1",
142 | "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
143 | "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
144 | "dev": true
145 | },
146 | "node_modules/content-disposition": {
147 | "version": "0.5.3",
148 | "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
149 | "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==",
150 | "dependencies": {
151 | "safe-buffer": "5.1.2"
152 | }
153 | },
154 | "node_modules/content-type": {
155 | "version": "1.0.4",
156 | "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
157 | "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
158 | },
159 | "node_modules/cookie": {
160 | "version": "0.4.0",
161 | "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
162 | "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
163 | },
164 | "node_modules/cookie-signature": {
165 | "version": "1.0.6",
166 | "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
167 | "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
168 | },
169 | "node_modules/cookiejar": {
170 | "version": "2.1.2",
171 | "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.2.tgz",
172 | "integrity": "sha512-Mw+adcfzPxcPeI+0WlvRrr/3lGVO0bD75SxX6811cxSh1Wbxx7xZBGK1eVtDf6si8rg2lhnUjsVLMFMfbRIuwA==",
173 | "dev": true
174 | },
175 | "node_modules/core-util-is": {
176 | "version": "1.0.2",
177 | "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
178 | "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
179 | "dev": true
180 | },
181 | "node_modules/debug": {
182 | "version": "2.6.9",
183 | "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
184 | "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
185 | "dependencies": {
186 | "ms": "2.0.0"
187 | }
188 | },
189 | "node_modules/deep-eql": {
190 | "version": "3.0.1",
191 | "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz",
192 | "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==",
193 | "dev": true,
194 | "dependencies": {
195 | "type-detect": "^4.0.0"
196 | }
197 | },
198 | "node_modules/delayed-stream": {
199 | "version": "1.0.0",
200 | "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
201 | "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
202 | "dev": true
203 | },
204 | "node_modules/depd": {
205 | "version": "1.1.2",
206 | "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
207 | "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
208 | },
209 | "node_modules/destroy": {
210 | "version": "1.0.4",
211 | "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
212 | "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
213 | },
214 | "node_modules/diff": {
215 | "version": "3.5.0",
216 | "resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
217 | "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
218 | "dev": true
219 | },
220 | "node_modules/ee-first": {
221 | "version": "1.1.1",
222 | "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
223 | "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
224 | },
225 | "node_modules/encodeurl": {
226 | "version": "1.0.2",
227 | "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
228 | "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
229 | },
230 | "node_modules/escape-html": {
231 | "version": "1.0.3",
232 | "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
233 | "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
234 | },
235 | "node_modules/escape-string-regexp": {
236 | "version": "1.0.5",
237 | "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
238 | "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
239 | "dev": true
240 | },
241 | "node_modules/etag": {
242 | "version": "1.8.1",
243 | "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
244 | "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
245 | },
246 | "node_modules/express": {
247 | "version": "4.17.1",
248 | "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
249 | "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==",
250 | "dependencies": {
251 | "accepts": "~1.3.7",
252 | "array-flatten": "1.1.1",
253 | "body-parser": "1.19.0",
254 | "content-disposition": "0.5.3",
255 | "content-type": "~1.0.4",
256 | "cookie": "0.4.0",
257 | "cookie-signature": "1.0.6",
258 | "debug": "2.6.9",
259 | "depd": "~1.1.2",
260 | "encodeurl": "~1.0.2",
261 | "escape-html": "~1.0.3",
262 | "etag": "~1.8.1",
263 | "finalhandler": "~1.1.2",
264 | "fresh": "0.5.2",
265 | "merge-descriptors": "1.0.1",
266 | "methods": "~1.1.2",
267 | "on-finished": "~2.3.0",
268 | "parseurl": "~1.3.3",
269 | "path-to-regexp": "0.1.7",
270 | "proxy-addr": "~2.0.5",
271 | "qs": "6.7.0",
272 | "range-parser": "~1.2.1",
273 | "safe-buffer": "5.1.2",
274 | "send": "0.17.1",
275 | "serve-static": "1.14.1",
276 | "setprototypeof": "1.1.1",
277 | "statuses": "~1.5.0",
278 | "type-is": "~1.6.18",
279 | "utils-merge": "1.0.1",
280 | "vary": "~1.1.2"
281 | }
282 | },
283 | "node_modules/extend": {
284 | "version": "3.0.2",
285 | "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
286 | "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
287 | "dev": true
288 | },
289 | "node_modules/finalhandler": {
290 | "version": "1.1.2",
291 | "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
292 | "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
293 | "dependencies": {
294 | "debug": "2.6.9",
295 | "encodeurl": "~1.0.2",
296 | "escape-html": "~1.0.3",
297 | "on-finished": "~2.3.0",
298 | "parseurl": "~1.3.3",
299 | "statuses": "~1.5.0",
300 | "unpipe": "~1.0.0"
301 | }
302 | },
303 | "node_modules/form-data": {
304 | "version": "2.5.1",
305 | "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.1.tgz",
306 | "integrity": "sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==",
307 | "dev": true,
308 | "dependencies": {
309 | "asynckit": "^0.4.0",
310 | "combined-stream": "^1.0.6",
311 | "mime-types": "^2.1.12"
312 | }
313 | },
314 | "node_modules/formidable": {
315 | "version": "1.2.1",
316 | "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz",
317 | "integrity": "sha512-Fs9VRguL0gqGHkXS5GQiMCr1VhZBxz0JnJs4JmMp/2jL18Fmbzvv7vOFRU+U8TBkHEE/CX1qDXzJplVULgsLeg==",
318 | "dev": true
319 | },
320 | "node_modules/forwarded": {
321 | "version": "0.1.2",
322 | "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
323 | "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
324 | },
325 | "node_modules/fresh": {
326 | "version": "0.5.2",
327 | "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
328 | "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
329 | },
330 | "node_modules/fs-extra": {
331 | "version": "8.1.0",
332 | "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
333 | "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
334 | "dependencies": {
335 | "graceful-fs": "^4.2.0",
336 | "jsonfile": "^4.0.0",
337 | "universalify": "^0.1.0"
338 | }
339 | },
340 | "node_modules/fs.realpath": {
341 | "version": "1.0.0",
342 | "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
343 | "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
344 | "dev": true
345 | },
346 | "node_modules/get-func-name": {
347 | "version": "2.0.0",
348 | "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz",
349 | "integrity": "sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=",
350 | "dev": true
351 | },
352 | "node_modules/glob": {
353 | "version": "7.1.2",
354 | "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
355 | "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
356 | "dev": true,
357 | "dependencies": {
358 | "fs.realpath": "^1.0.0",
359 | "inflight": "^1.0.4",
360 | "inherits": "2",
361 | "minimatch": "^3.0.4",
362 | "once": "^1.3.0",
363 | "path-is-absolute": "^1.0.0"
364 | }
365 | },
366 | "node_modules/graceful-fs": {
367 | "version": "4.2.3",
368 | "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.3.tgz",
369 | "integrity": "sha512-a30VEBm4PEdx1dRB7MFK7BejejvCvBronbLjht+sHuGYj8PHs7M/5Z+rt5lw551vZ7yfTCj4Vuyy3mSJytDWRQ=="
370 | },
371 | "node_modules/growl": {
372 | "version": "1.10.5",
373 | "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz",
374 | "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==",
375 | "dev": true
376 | },
377 | "node_modules/has-flag": {
378 | "version": "3.0.0",
379 | "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
380 | "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
381 | "dev": true
382 | },
383 | "node_modules/he": {
384 | "version": "1.1.1",
385 | "resolved": "https://registry.npmjs.org/he/-/he-1.1.1.tgz",
386 | "integrity": "sha1-k0EP0hsAlzUVH4howvJx80J+I/0=",
387 | "dev": true
388 | },
389 | "node_modules/http-errors": {
390 | "version": "1.7.2",
391 | "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz",
392 | "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==",
393 | "dependencies": {
394 | "depd": "~1.1.2",
395 | "inherits": "2.0.3",
396 | "setprototypeof": "1.1.1",
397 | "statuses": ">= 1.5.0 < 2",
398 | "toidentifier": "1.0.0"
399 | }
400 | },
401 | "node_modules/iconv-lite": {
402 | "version": "0.4.24",
403 | "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
404 | "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
405 | "dependencies": {
406 | "safer-buffer": ">= 2.1.2 < 3"
407 | }
408 | },
409 | "node_modules/inflight": {
410 | "version": "1.0.6",
411 | "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
412 | "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
413 | "dev": true,
414 | "dependencies": {
415 | "once": "^1.3.0",
416 | "wrappy": "1"
417 | }
418 | },
419 | "node_modules/inherits": {
420 | "version": "2.0.3",
421 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
422 | "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
423 | },
424 | "node_modules/ipaddr.js": {
425 | "version": "1.9.0",
426 | "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.0.tgz",
427 | "integrity": "sha512-M4Sjn6N/+O6/IXSJseKqHoFc+5FdGJ22sXqnjTpdZweHK64MzEPAyQZyEU3R/KRv2GLoa7nNtg/C2Ev6m7z+eA=="
428 | },
429 | "node_modules/isarray": {
430 | "version": "1.0.0",
431 | "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
432 | "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=",
433 | "dev": true
434 | },
435 | "node_modules/jsonfile": {
436 | "version": "4.0.0",
437 | "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
438 | "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=",
439 | "dependencies": {
440 | "graceful-fs": "^4.1.6"
441 | }
442 | },
443 | "node_modules/media-typer": {
444 | "version": "0.3.0",
445 | "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
446 | "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
447 | },
448 | "node_modules/merge-descriptors": {
449 | "version": "1.0.1",
450 | "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
451 | "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
452 | },
453 | "node_modules/methods": {
454 | "version": "1.1.2",
455 | "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
456 | "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
457 | },
458 | "node_modules/mime": {
459 | "version": "1.6.0",
460 | "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
461 | "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
462 | },
463 | "node_modules/mime-db": {
464 | "version": "1.40.0",
465 | "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz",
466 | "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA=="
467 | },
468 | "node_modules/mime-types": {
469 | "version": "2.1.24",
470 | "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz",
471 | "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==",
472 | "dependencies": {
473 | "mime-db": "1.40.0"
474 | }
475 | },
476 | "node_modules/minimatch": {
477 | "version": "3.0.4",
478 | "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
479 | "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
480 | "dev": true,
481 | "dependencies": {
482 | "brace-expansion": "^1.1.7"
483 | }
484 | },
485 | "node_modules/minimist": {
486 | "version": "0.0.8",
487 | "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
488 | "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
489 | "dev": true
490 | },
491 | "node_modules/mkdirp": {
492 | "version": "0.5.1",
493 | "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
494 | "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
495 | "dev": true,
496 | "dependencies": {
497 | "minimist": "0.0.8"
498 | }
499 | },
500 | "node_modules/mocha": {
501 | "version": "5.2.0",
502 | "resolved": "https://registry.npmjs.org/mocha/-/mocha-5.2.0.tgz",
503 | "integrity": "sha512-2IUgKDhc3J7Uug+FxMXuqIyYzH7gJjXECKe/w43IGgQHTSj3InJi+yAA7T24L9bQMRKiUEHxEX37G5JpVUGLcQ==",
504 | "dev": true,
505 | "dependencies": {
506 | "browser-stdout": "1.3.1",
507 | "commander": "2.15.1",
508 | "debug": "3.1.0",
509 | "diff": "3.5.0",
510 | "escape-string-regexp": "1.0.5",
511 | "glob": "7.1.2",
512 | "growl": "1.10.5",
513 | "he": "1.1.1",
514 | "minimatch": "3.0.4",
515 | "mkdirp": "0.5.1",
516 | "supports-color": "5.4.0"
517 | }
518 | },
519 | "node_modules/mocha/node_modules/debug": {
520 | "version": "3.1.0",
521 | "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
522 | "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
523 | "dev": true,
524 | "dependencies": {
525 | "ms": "2.0.0"
526 | }
527 | },
528 | "node_modules/ms": {
529 | "version": "2.0.0",
530 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
531 | "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
532 | },
533 | "node_modules/negotiator": {
534 | "version": "0.6.2",
535 | "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz",
536 | "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
537 | },
538 | "node_modules/node-serialize": {
539 | "version": "0.0.4",
540 | "resolved": "https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz",
541 | "integrity": "sha1-tzpJ4TUzBmVxA6Xkn38FJ5upf38="
542 | },
543 | "node_modules/on-finished": {
544 | "version": "2.3.0",
545 | "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
546 | "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
547 | "dependencies": {
548 | "ee-first": "1.1.1"
549 | }
550 | },
551 | "node_modules/once": {
552 | "version": "1.4.0",
553 | "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
554 | "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
555 | "dev": true,
556 | "dependencies": {
557 | "wrappy": "1"
558 | }
559 | },
560 | "node_modules/parseurl": {
561 | "version": "1.3.3",
562 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
563 | "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
564 | },
565 | "node_modules/path-is-absolute": {
566 | "version": "1.0.1",
567 | "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
568 | "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
569 | "dev": true
570 | },
571 | "node_modules/path-to-regexp": {
572 | "version": "0.1.7",
573 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
574 | "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
575 | },
576 | "node_modules/pathval": {
577 | "version": "1.1.0",
578 | "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.0.tgz",
579 | "integrity": "sha1-uULm1L3mUwBe9rcTYd74cn0GReA=",
580 | "dev": true
581 | },
582 | "node_modules/process-nextick-args": {
583 | "version": "2.0.1",
584 | "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
585 | "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
586 | "dev": true
587 | },
588 | "node_modules/proxy-addr": {
589 | "version": "2.0.5",
590 | "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.5.tgz",
591 | "integrity": "sha512-t/7RxHXPH6cJtP0pRG6smSr9QJidhB+3kXu0KgXnbGYMgzEnUxRQ4/LDdfOwZEMyIh3/xHb8PX3t+lfL9z+YVQ==",
592 | "dependencies": {
593 | "forwarded": "~0.1.2",
594 | "ipaddr.js": "1.9.0"
595 | }
596 | },
597 | "node_modules/qs": {
598 | "version": "6.7.0",
599 | "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
600 | "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
601 | },
602 | "node_modules/range-parser": {
603 | "version": "1.2.1",
604 | "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
605 | "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
606 | },
607 | "node_modules/raw-body": {
608 | "version": "2.4.0",
609 | "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz",
610 | "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==",
611 | "dependencies": {
612 | "bytes": "3.1.0",
613 | "http-errors": "1.7.2",
614 | "iconv-lite": "0.4.24",
615 | "unpipe": "1.0.0"
616 | }
617 | },
618 | "node_modules/readable-stream": {
619 | "version": "2.3.6",
620 | "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
621 | "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
622 | "dev": true,
623 | "dependencies": {
624 | "core-util-is": "~1.0.0",
625 | "inherits": "~2.0.3",
626 | "isarray": "~1.0.0",
627 | "process-nextick-args": "~2.0.0",
628 | "safe-buffer": "~5.1.1",
629 | "string_decoder": "~1.1.1",
630 | "util-deprecate": "~1.0.1"
631 | }
632 | },
633 | "node_modules/safe-buffer": {
634 | "version": "5.1.2",
635 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
636 | "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
637 | },
638 | "node_modules/safer-buffer": {
639 | "version": "2.1.2",
640 | "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
641 | "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
642 | },
643 | "node_modules/send": {
644 | "version": "0.17.1",
645 | "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz",
646 | "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==",
647 | "dependencies": {
648 | "debug": "2.6.9",
649 | "depd": "~1.1.2",
650 | "destroy": "~1.0.4",
651 | "encodeurl": "~1.0.2",
652 | "escape-html": "~1.0.3",
653 | "etag": "~1.8.1",
654 | "fresh": "0.5.2",
655 | "http-errors": "~1.7.2",
656 | "mime": "1.6.0",
657 | "ms": "2.1.1",
658 | "on-finished": "~2.3.0",
659 | "range-parser": "~1.2.1",
660 | "statuses": "~1.5.0"
661 | }
662 | },
663 | "node_modules/send/node_modules/ms": {
664 | "version": "2.1.1",
665 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
666 | "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
667 | },
668 | "node_modules/serve-static": {
669 | "version": "1.14.1",
670 | "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz",
671 | "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==",
672 | "dependencies": {
673 | "encodeurl": "~1.0.2",
674 | "escape-html": "~1.0.3",
675 | "parseurl": "~1.3.3",
676 | "send": "0.17.1"
677 | }
678 | },
679 | "node_modules/setprototypeof": {
680 | "version": "1.1.1",
681 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",
682 | "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw=="
683 | },
684 | "node_modules/should": {
685 | "version": "13.2.3",
686 | "resolved": "https://registry.npmjs.org/should/-/should-13.2.3.tgz",
687 | "integrity": "sha512-ggLesLtu2xp+ZxI+ysJTmNjh2U0TsC+rQ/pfED9bUZZ4DKefP27D+7YJVVTvKsmjLpIi9jAa7itwDGkDDmt1GQ==",
688 | "dependencies": {
689 | "should-equal": "^2.0.0",
690 | "should-format": "^3.0.3",
691 | "should-type": "^1.4.0",
692 | "should-type-adaptors": "^1.0.1",
693 | "should-util": "^1.0.0"
694 | }
695 | },
696 | "node_modules/should-equal": {
697 | "version": "2.0.0",
698 | "resolved": "https://registry.npmjs.org/should-equal/-/should-equal-2.0.0.tgz",
699 | "integrity": "sha512-ZP36TMrK9euEuWQYBig9W55WPC7uo37qzAEmbjHz4gfyuXrEUgF8cUvQVO+w+d3OMfPvSRQJ22lSm8MQJ43LTA==",
700 | "dependencies": {
701 | "should-type": "^1.4.0"
702 | }
703 | },
704 | "node_modules/should-format": {
705 | "version": "3.0.3",
706 | "resolved": "https://registry.npmjs.org/should-format/-/should-format-3.0.3.tgz",
707 | "integrity": "sha1-m/yPdPo5IFxT04w01xcwPidxJPE=",
708 | "dependencies": {
709 | "should-type": "^1.3.0",
710 | "should-type-adaptors": "^1.0.1"
711 | }
712 | },
713 | "node_modules/should-type": {
714 | "version": "1.4.0",
715 | "resolved": "https://registry.npmjs.org/should-type/-/should-type-1.4.0.tgz",
716 | "integrity": "sha1-B1bYzoRt/QmEOmlHcZ36DUz/XPM="
717 | },
718 | "node_modules/should-type-adaptors": {
719 | "version": "1.1.0",
720 | "resolved": "https://registry.npmjs.org/should-type-adaptors/-/should-type-adaptors-1.1.0.tgz",
721 | "integrity": "sha512-JA4hdoLnN+kebEp2Vs8eBe9g7uy0zbRo+RMcU0EsNy+R+k049Ki+N5tT5Jagst2g7EAja+euFuoXFCa8vIklfA==",
722 | "dependencies": {
723 | "should-type": "^1.3.0",
724 | "should-util": "^1.0.0"
725 | }
726 | },
727 | "node_modules/should-util": {
728 | "version": "1.0.1",
729 | "resolved": "https://registry.npmjs.org/should-util/-/should-util-1.0.1.tgz",
730 | "integrity": "sha512-oXF8tfxx5cDk8r2kYqlkUJzZpDBqVY/II2WhvU0n9Y3XYvAYRmeaf1PvvIvTgPnv4KJ+ES5M0PyDq5Jp+Ygy2g=="
731 | },
732 | "node_modules/statuses": {
733 | "version": "1.5.0",
734 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
735 | "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
736 | },
737 | "node_modules/string_decoder": {
738 | "version": "1.1.1",
739 | "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
740 | "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
741 | "dev": true,
742 | "dependencies": {
743 | "safe-buffer": "~5.1.0"
744 | }
745 | },
746 | "node_modules/superagent": {
747 | "version": "3.8.3",
748 | "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.3.tgz",
749 | "integrity": "sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==",
750 | "dev": true,
751 | "dependencies": {
752 | "component-emitter": "^1.2.0",
753 | "cookiejar": "^2.1.0",
754 | "debug": "^3.1.0",
755 | "extend": "^3.0.0",
756 | "form-data": "^2.3.1",
757 | "formidable": "^1.2.0",
758 | "methods": "^1.1.1",
759 | "mime": "^1.4.1",
760 | "qs": "^6.5.1",
761 | "readable-stream": "^2.3.5"
762 | }
763 | },
764 | "node_modules/superagent/node_modules/debug": {
765 | "version": "3.2.6",
766 | "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
767 | "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
768 | "dev": true,
769 | "dependencies": {
770 | "ms": "^2.1.1"
771 | }
772 | },
773 | "node_modules/superagent/node_modules/ms": {
774 | "version": "2.1.2",
775 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
776 | "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
777 | "dev": true
778 | },
779 | "node_modules/supertest": {
780 | "version": "4.0.2",
781 | "resolved": "https://registry.npmjs.org/supertest/-/supertest-4.0.2.tgz",
782 | "integrity": "sha512-1BAbvrOZsGA3YTCWqbmh14L0YEq0EGICX/nBnfkfVJn7SrxQV1I3pMYjSzG9y/7ZU2V9dWqyqk2POwxlb09duQ==",
783 | "dev": true,
784 | "dependencies": {
785 | "methods": "^1.1.2",
786 | "superagent": "^3.8.3"
787 | }
788 | },
789 | "node_modules/supports-color": {
790 | "version": "5.4.0",
791 | "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.4.0.tgz",
792 | "integrity": "sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w==",
793 | "dev": true,
794 | "dependencies": {
795 | "has-flag": "^3.0.0"
796 | }
797 | },
798 | "node_modules/toidentifier": {
799 | "version": "1.0.0",
800 | "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
801 | "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw=="
802 | },
803 | "node_modules/type-detect": {
804 | "version": "4.0.8",
805 | "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
806 | "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
807 | "dev": true
808 | },
809 | "node_modules/type-is": {
810 | "version": "1.6.18",
811 | "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
812 | "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
813 | "dependencies": {
814 | "media-typer": "0.3.0",
815 | "mime-types": "~2.1.24"
816 | }
817 | },
818 | "node_modules/universalify": {
819 | "version": "0.1.2",
820 | "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
821 | "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="
822 | },
823 | "node_modules/unpipe": {
824 | "version": "1.0.0",
825 | "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
826 | "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
827 | },
828 | "node_modules/util-deprecate": {
829 | "version": "1.0.2",
830 | "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
831 | "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=",
832 | "dev": true
833 | },
834 | "node_modules/utils-merge": {
835 | "version": "1.0.1",
836 | "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
837 | "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
838 | },
839 | "node_modules/vary": {
840 | "version": "1.1.2",
841 | "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
842 | "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
843 | },
844 | "node_modules/wrappy": {
845 | "version": "1.0.2",
846 | "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
847 | "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
848 | "dev": true
849 | }
850 | },
851 | "dependencies": {
852 | "accepts": {
853 | "version": "1.3.7",
854 | "resolved": "https://registry.npmjs.org/accepts/-/accepts-1.3.7.tgz",
855 | "integrity": "sha512-Il80Qs2WjYlJIBNzNkK6KYqlVMTbZLXgHx2oT0pU/fjRHyEp+PEfEPY0R3WCwAGVOtauxh1hOxNgIf5bv7dQpA==",
856 | "requires": {
857 | "mime-types": "~2.1.24",
858 | "negotiator": "0.6.2"
859 | }
860 | },
861 | "array-flatten": {
862 | "version": "1.1.1",
863 | "resolved": "https://registry.npmjs.org/array-flatten/-/array-flatten-1.1.1.tgz",
864 | "integrity": "sha1-ml9pkFGx5wczKPKgCJaLZOopVdI="
865 | },
866 | "assertion-error": {
867 | "version": "1.1.0",
868 | "resolved": "https://registry.npmjs.org/assertion-error/-/assertion-error-1.1.0.tgz",
869 | "integrity": "sha512-jgsaNduz+ndvGyFt3uSuWqvy4lCnIJiovtouQN5JZHOKCS2QuhEdbcQHFhVksz2N2U9hXJo8odG7ETyWlEeuDw==",
870 | "dev": true
871 | },
872 | "asynckit": {
873 | "version": "0.4.0",
874 | "resolved": "https://registry.npmjs.org/asynckit/-/asynckit-0.4.0.tgz",
875 | "integrity": "sha1-x57Zf380y48robyXkLzDZkdLS3k=",
876 | "dev": true
877 | },
878 | "balanced-match": {
879 | "version": "1.0.0",
880 | "resolved": "https://registry.npmjs.org/balanced-match/-/balanced-match-1.0.0.tgz",
881 | "integrity": "sha1-ibTRmasr7kneFk6gK4nORi1xt2c=",
882 | "dev": true
883 | },
884 | "body-parser": {
885 | "version": "1.19.0",
886 | "resolved": "https://registry.npmjs.org/body-parser/-/body-parser-1.19.0.tgz",
887 | "integrity": "sha512-dhEPs72UPbDnAQJ9ZKMNTP6ptJaionhP5cBb541nXPlW60Jepo9RV/a4fX4XWW9CuFNK22krhrj1+rgzifNCsw==",
888 | "requires": {
889 | "bytes": "3.1.0",
890 | "content-type": "~1.0.4",
891 | "debug": "2.6.9",
892 | "depd": "~1.1.2",
893 | "http-errors": "1.7.2",
894 | "iconv-lite": "0.4.24",
895 | "on-finished": "~2.3.0",
896 | "qs": "6.7.0",
897 | "raw-body": "2.4.0",
898 | "type-is": "~1.6.17"
899 | }
900 | },
901 | "brace-expansion": {
902 | "version": "1.1.11",
903 | "resolved": "https://registry.npmjs.org/brace-expansion/-/brace-expansion-1.1.11.tgz",
904 | "integrity": "sha512-iCuPHDFgrHX7H2vEI/5xpz07zSHB00TpugqhmYtVmMO6518mCuRMoOYFldEBl0g187ufozdaHgWKcYFb61qGiA==",
905 | "dev": true,
906 | "requires": {
907 | "balanced-match": "^1.0.0",
908 | "concat-map": "0.0.1"
909 | }
910 | },
911 | "browser-stdout": {
912 | "version": "1.3.1",
913 | "resolved": "https://registry.npmjs.org/browser-stdout/-/browser-stdout-1.3.1.tgz",
914 | "integrity": "sha512-qhAVI1+Av2X7qelOfAIYwXONood6XlZE/fXaBSmW/T5SzLAmCgzi+eiWE7fUvbHaeNBQH13UftjpXxsfLkMpgw==",
915 | "dev": true
916 | },
917 | "bytes": {
918 | "version": "3.1.0",
919 | "resolved": "https://registry.npmjs.org/bytes/-/bytes-3.1.0.tgz",
920 | "integrity": "sha512-zauLjrfCG+xvoyaqLoV8bLVXXNGC4JqlxFCutSDWA6fJrTo2ZuvLYTqZ7aHBLZSMOopbzwv8f+wZcVzfVTI2Dg=="
921 | },
922 | "chai": {
923 | "version": "4.2.0",
924 | "resolved": "https://registry.npmjs.org/chai/-/chai-4.2.0.tgz",
925 | "integrity": "sha512-XQU3bhBukrOsQCuwZndwGcCVQHyZi53fQ6Ys1Fym7E4olpIqqZZhhoFJoaKVvV17lWQoXYwgWN2nF5crA8J2jw==",
926 | "dev": true,
927 | "requires": {
928 | "assertion-error": "^1.1.0",
929 | "check-error": "^1.0.2",
930 | "deep-eql": "^3.0.1",
931 | "get-func-name": "^2.0.0",
932 | "pathval": "^1.1.0",
933 | "type-detect": "^4.0.5"
934 | }
935 | },
936 | "check-error": {
937 | "version": "1.0.2",
938 | "resolved": "https://registry.npmjs.org/check-error/-/check-error-1.0.2.tgz",
939 | "integrity": "sha1-V00xLt2Iu13YkS6Sht1sCu1KrII=",
940 | "dev": true
941 | },
942 | "child_process": {
943 | "version": "1.0.2",
944 | "resolved": "https://registry.npmjs.org/child_process/-/child_process-1.0.2.tgz",
945 | "integrity": "sha1-sffn/HPSXn/R1FWtyU4UODAYK1o="
946 | },
947 | "combined-stream": {
948 | "version": "1.0.8",
949 | "resolved": "https://registry.npmjs.org/combined-stream/-/combined-stream-1.0.8.tgz",
950 | "integrity": "sha512-FQN4MRfuJeHf7cBbBMJFXhKSDq+2kAArBlmRBvcvFE5BB1HZKXtSFASDhdlz9zOYwxh8lDdnvmMOe/+5cdoEdg==",
951 | "dev": true,
952 | "requires": {
953 | "delayed-stream": "~1.0.0"
954 | }
955 | },
956 | "commander": {
957 | "version": "2.15.1",
958 | "resolved": "https://registry.npmjs.org/commander/-/commander-2.15.1.tgz",
959 | "integrity": "sha512-VlfT9F3V0v+jr4yxPc5gg9s62/fIVWsd2Bk2iD435um1NlGMYdVCq+MjcXnhYq2icNOizHr1kK+5TI6H0Hy0ag==",
960 | "dev": true
961 | },
962 | "component-emitter": {
963 | "version": "1.3.0",
964 | "resolved": "https://registry.npmjs.org/component-emitter/-/component-emitter-1.3.0.tgz",
965 | "integrity": "sha512-Rd3se6QB+sO1TwqZjscQrurpEPIfO0/yYnSin6Q/rD3mOutHvUrCAhJub3r90uNb+SESBuE0QYoB90YdfatsRg==",
966 | "dev": true
967 | },
968 | "concat-map": {
969 | "version": "0.0.1",
970 | "resolved": "https://registry.npmjs.org/concat-map/-/concat-map-0.0.1.tgz",
971 | "integrity": "sha1-2Klr13/Wjfd5OnMDajug1UBdR3s=",
972 | "dev": true
973 | },
974 | "content-disposition": {
975 | "version": "0.5.3",
976 | "resolved": "https://registry.npmjs.org/content-disposition/-/content-disposition-0.5.3.tgz",
977 | "integrity": "sha512-ExO0774ikEObIAEV9kDo50o+79VCUdEB6n6lzKgGwupcVeRlhrj3qGAfwq8G6uBJjkqLrhT0qEYFcWng8z1z0g==",
978 | "requires": {
979 | "safe-buffer": "5.1.2"
980 | }
981 | },
982 | "content-type": {
983 | "version": "1.0.4",
984 | "resolved": "https://registry.npmjs.org/content-type/-/content-type-1.0.4.tgz",
985 | "integrity": "sha512-hIP3EEPs8tB9AT1L+NUqtwOAps4mk2Zob89MWXMHjHWg9milF/j4osnnQLXBCBFBk/tvIG/tUc9mOUJiPBhPXA=="
986 | },
987 | "cookie": {
988 | "version": "0.4.0",
989 | "resolved": "https://registry.npmjs.org/cookie/-/cookie-0.4.0.tgz",
990 | "integrity": "sha512-+Hp8fLp57wnUSt0tY0tHEXh4voZRDnoIrZPqlo3DPiI4y9lwg/jqx+1Om94/W6ZaPDOUbnjOt/99w66zk+l1Xg=="
991 | },
992 | "cookie-signature": {
993 | "version": "1.0.6",
994 | "resolved": "https://registry.npmjs.org/cookie-signature/-/cookie-signature-1.0.6.tgz",
995 | "integrity": "sha1-4wOogrNCzD7oylE6eZmXNNqzriw="
996 | },
997 | "cookiejar": {
998 | "version": "2.1.2",
999 | "resolved": "https://registry.npmjs.org/cookiejar/-/cookiejar-2.1.2.tgz",
1000 | "integrity": "sha512-Mw+adcfzPxcPeI+0WlvRrr/3lGVO0bD75SxX6811cxSh1Wbxx7xZBGK1eVtDf6si8rg2lhnUjsVLMFMfbRIuwA==",
1001 | "dev": true
1002 | },
1003 | "core-util-is": {
1004 | "version": "1.0.2",
1005 | "resolved": "https://registry.npmjs.org/core-util-is/-/core-util-is-1.0.2.tgz",
1006 | "integrity": "sha1-tf1UIgqivFq1eqtxQMlAdUUDwac=",
1007 | "dev": true
1008 | },
1009 | "debug": {
1010 | "version": "2.6.9",
1011 | "resolved": "https://registry.npmjs.org/debug/-/debug-2.6.9.tgz",
1012 | "integrity": "sha512-bC7ElrdJaJnPbAP+1EotYvqZsb3ecl5wi6Bfi6BJTUcNowp6cvspg0jXznRTKDjm/E7AdgFBVeAPVMNcKGsHMA==",
1013 | "requires": {
1014 | "ms": "2.0.0"
1015 | }
1016 | },
1017 | "deep-eql": {
1018 | "version": "3.0.1",
1019 | "resolved": "https://registry.npmjs.org/deep-eql/-/deep-eql-3.0.1.tgz",
1020 | "integrity": "sha512-+QeIQyN5ZuO+3Uk5DYh6/1eKO0m0YmJFGNmFHGACpf1ClL1nmlV/p4gNgbl2pJGxgXb4faqo6UE+M5ACEMyVcw==",
1021 | "dev": true,
1022 | "requires": {
1023 | "type-detect": "^4.0.0"
1024 | }
1025 | },
1026 | "delayed-stream": {
1027 | "version": "1.0.0",
1028 | "resolved": "https://registry.npmjs.org/delayed-stream/-/delayed-stream-1.0.0.tgz",
1029 | "integrity": "sha1-3zrhmayt+31ECqrgsp4icrJOxhk=",
1030 | "dev": true
1031 | },
1032 | "depd": {
1033 | "version": "1.1.2",
1034 | "resolved": "https://registry.npmjs.org/depd/-/depd-1.1.2.tgz",
1035 | "integrity": "sha1-m81S4UwJd2PnSbJ0xDRu0uVgtak="
1036 | },
1037 | "destroy": {
1038 | "version": "1.0.4",
1039 | "resolved": "https://registry.npmjs.org/destroy/-/destroy-1.0.4.tgz",
1040 | "integrity": "sha1-l4hXRCxEdJ5CBmE+N5RiBYJqvYA="
1041 | },
1042 | "diff": {
1043 | "version": "3.5.0",
1044 | "resolved": "https://registry.npmjs.org/diff/-/diff-3.5.0.tgz",
1045 | "integrity": "sha512-A46qtFgd+g7pDZinpnwiRJtxbC1hpgf0uzP3iG89scHk0AUC7A1TGxf5OiiOUv/JMZR8GOt8hL900hV0bOy5xA==",
1046 | "dev": true
1047 | },
1048 | "ee-first": {
1049 | "version": "1.1.1",
1050 | "resolved": "https://registry.npmjs.org/ee-first/-/ee-first-1.1.1.tgz",
1051 | "integrity": "sha1-WQxhFWsK4vTwJVcyoViyZrxWsh0="
1052 | },
1053 | "encodeurl": {
1054 | "version": "1.0.2",
1055 | "resolved": "https://registry.npmjs.org/encodeurl/-/encodeurl-1.0.2.tgz",
1056 | "integrity": "sha1-rT/0yG7C0CkyL1oCw6mmBslbP1k="
1057 | },
1058 | "escape-html": {
1059 | "version": "1.0.3",
1060 | "resolved": "https://registry.npmjs.org/escape-html/-/escape-html-1.0.3.tgz",
1061 | "integrity": "sha1-Aljq5NPQwJdN4cFpGI7wBR0dGYg="
1062 | },
1063 | "escape-string-regexp": {
1064 | "version": "1.0.5",
1065 | "resolved": "https://registry.npmjs.org/escape-string-regexp/-/escape-string-regexp-1.0.5.tgz",
1066 | "integrity": "sha1-G2HAViGQqN/2rjuyzwIAyhMLhtQ=",
1067 | "dev": true
1068 | },
1069 | "etag": {
1070 | "version": "1.8.1",
1071 | "resolved": "https://registry.npmjs.org/etag/-/etag-1.8.1.tgz",
1072 | "integrity": "sha1-Qa4u62XvpiJorr/qg6x9eSmbCIc="
1073 | },
1074 | "express": {
1075 | "version": "4.17.1",
1076 | "resolved": "https://registry.npmjs.org/express/-/express-4.17.1.tgz",
1077 | "integrity": "sha512-mHJ9O79RqluphRrcw2X/GTh3k9tVv8YcoyY4Kkh4WDMUYKRZUq0h1o0w2rrrxBqM7VoeUVqgb27xlEMXTnYt4g==",
1078 | "requires": {
1079 | "accepts": "~1.3.7",
1080 | "array-flatten": "1.1.1",
1081 | "body-parser": "1.19.0",
1082 | "content-disposition": "0.5.3",
1083 | "content-type": "~1.0.4",
1084 | "cookie": "0.4.0",
1085 | "cookie-signature": "1.0.6",
1086 | "debug": "2.6.9",
1087 | "depd": "~1.1.2",
1088 | "encodeurl": "~1.0.2",
1089 | "escape-html": "~1.0.3",
1090 | "etag": "~1.8.1",
1091 | "finalhandler": "~1.1.2",
1092 | "fresh": "0.5.2",
1093 | "merge-descriptors": "1.0.1",
1094 | "methods": "~1.1.2",
1095 | "on-finished": "~2.3.0",
1096 | "parseurl": "~1.3.3",
1097 | "path-to-regexp": "0.1.7",
1098 | "proxy-addr": "~2.0.5",
1099 | "qs": "6.7.0",
1100 | "range-parser": "~1.2.1",
1101 | "safe-buffer": "5.1.2",
1102 | "send": "0.17.1",
1103 | "serve-static": "1.14.1",
1104 | "setprototypeof": "1.1.1",
1105 | "statuses": "~1.5.0",
1106 | "type-is": "~1.6.18",
1107 | "utils-merge": "1.0.1",
1108 | "vary": "~1.1.2"
1109 | }
1110 | },
1111 | "extend": {
1112 | "version": "3.0.2",
1113 | "resolved": "https://registry.npmjs.org/extend/-/extend-3.0.2.tgz",
1114 | "integrity": "sha512-fjquC59cD7CyW6urNXK0FBufkZcoiGG80wTuPujX590cB5Ttln20E2UB4S/WARVqhXffZl2LNgS+gQdPIIim/g==",
1115 | "dev": true
1116 | },
1117 | "finalhandler": {
1118 | "version": "1.1.2",
1119 | "resolved": "https://registry.npmjs.org/finalhandler/-/finalhandler-1.1.2.tgz",
1120 | "integrity": "sha512-aAWcW57uxVNrQZqFXjITpW3sIUQmHGG3qSb9mUah9MgMC4NeWhNOlNjXEYq3HjRAvL6arUviZGGJsBg6z0zsWA==",
1121 | "requires": {
1122 | "debug": "2.6.9",
1123 | "encodeurl": "~1.0.2",
1124 | "escape-html": "~1.0.3",
1125 | "on-finished": "~2.3.0",
1126 | "parseurl": "~1.3.3",
1127 | "statuses": "~1.5.0",
1128 | "unpipe": "~1.0.0"
1129 | }
1130 | },
1131 | "form-data": {
1132 | "version": "2.5.1",
1133 | "resolved": "https://registry.npmjs.org/form-data/-/form-data-2.5.1.tgz",
1134 | "integrity": "sha512-m21N3WOmEEURgk6B9GLOE4RuWOFf28Lhh9qGYeNlGq4VDXUlJy2th2slBNU8Gp8EzloYZOibZJ7t5ecIrFSjVA==",
1135 | "dev": true,
1136 | "requires": {
1137 | "asynckit": "^0.4.0",
1138 | "combined-stream": "^1.0.6",
1139 | "mime-types": "^2.1.12"
1140 | }
1141 | },
1142 | "formidable": {
1143 | "version": "1.2.1",
1144 | "resolved": "https://registry.npmjs.org/formidable/-/formidable-1.2.1.tgz",
1145 | "integrity": "sha512-Fs9VRguL0gqGHkXS5GQiMCr1VhZBxz0JnJs4JmMp/2jL18Fmbzvv7vOFRU+U8TBkHEE/CX1qDXzJplVULgsLeg==",
1146 | "dev": true
1147 | },
1148 | "forwarded": {
1149 | "version": "0.1.2",
1150 | "resolved": "https://registry.npmjs.org/forwarded/-/forwarded-0.1.2.tgz",
1151 | "integrity": "sha1-mMI9qxF1ZXuMBXPozszZGw/xjIQ="
1152 | },
1153 | "fresh": {
1154 | "version": "0.5.2",
1155 | "resolved": "https://registry.npmjs.org/fresh/-/fresh-0.5.2.tgz",
1156 | "integrity": "sha1-PYyt2Q2XZWn6g1qx+OSyOhBWBac="
1157 | },
1158 | "fs-extra": {
1159 | "version": "8.1.0",
1160 | "resolved": "https://registry.npmjs.org/fs-extra/-/fs-extra-8.1.0.tgz",
1161 | "integrity": "sha512-yhlQgA6mnOJUKOsRUFsgJdQCvkKhcz8tlZG5HBQfReYZy46OwLcY+Zia0mtdHsOo9y/hP+CxMN0TU9QxoOtG4g==",
1162 | "requires": {
1163 | "graceful-fs": "^4.2.0",
1164 | "jsonfile": "^4.0.0",
1165 | "universalify": "^0.1.0"
1166 | }
1167 | },
1168 | "fs.realpath": {
1169 | "version": "1.0.0",
1170 | "resolved": "https://registry.npmjs.org/fs.realpath/-/fs.realpath-1.0.0.tgz",
1171 | "integrity": "sha1-FQStJSMVjKpA20onh8sBQRmU6k8=",
1172 | "dev": true
1173 | },
1174 | "get-func-name": {
1175 | "version": "2.0.0",
1176 | "resolved": "https://registry.npmjs.org/get-func-name/-/get-func-name-2.0.0.tgz",
1177 | "integrity": "sha1-6td0q+5y4gQJQzoGY2YCPdaIekE=",
1178 | "dev": true
1179 | },
1180 | "glob": {
1181 | "version": "7.1.2",
1182 | "resolved": "https://registry.npmjs.org/glob/-/glob-7.1.2.tgz",
1183 | "integrity": "sha512-MJTUg1kjuLeQCJ+ccE4Vpa6kKVXkPYJ2mOCQyUuKLcLQsdrMCpBPUi8qVE6+YuaJkozeA9NusTAw3hLr8Xe5EQ==",
1184 | "dev": true,
1185 | "requires": {
1186 | "fs.realpath": "^1.0.0",
1187 | "inflight": "^1.0.4",
1188 | "inherits": "2",
1189 | "minimatch": "^3.0.4",
1190 | "once": "^1.3.0",
1191 | "path-is-absolute": "^1.0.0"
1192 | }
1193 | },
1194 | "graceful-fs": {
1195 | "version": "4.2.3",
1196 | "resolved": "https://registry.npmjs.org/graceful-fs/-/graceful-fs-4.2.3.tgz",
1197 | "integrity": "sha512-a30VEBm4PEdx1dRB7MFK7BejejvCvBronbLjht+sHuGYj8PHs7M/5Z+rt5lw551vZ7yfTCj4Vuyy3mSJytDWRQ=="
1198 | },
1199 | "growl": {
1200 | "version": "1.10.5",
1201 | "resolved": "https://registry.npmjs.org/growl/-/growl-1.10.5.tgz",
1202 | "integrity": "sha512-qBr4OuELkhPenW6goKVXiv47US3clb3/IbuWF9KNKEijAy9oeHxU9IgzjvJhHkUzhaj7rOUD7+YGWqUjLp5oSA==",
1203 | "dev": true
1204 | },
1205 | "has-flag": {
1206 | "version": "3.0.0",
1207 | "resolved": "https://registry.npmjs.org/has-flag/-/has-flag-3.0.0.tgz",
1208 | "integrity": "sha1-tdRU3CGZriJWmfNGfloH87lVuv0=",
1209 | "dev": true
1210 | },
1211 | "he": {
1212 | "version": "1.1.1",
1213 | "resolved": "https://registry.npmjs.org/he/-/he-1.1.1.tgz",
1214 | "integrity": "sha1-k0EP0hsAlzUVH4howvJx80J+I/0=",
1215 | "dev": true
1216 | },
1217 | "http-errors": {
1218 | "version": "1.7.2",
1219 | "resolved": "https://registry.npmjs.org/http-errors/-/http-errors-1.7.2.tgz",
1220 | "integrity": "sha512-uUQBt3H/cSIVfch6i1EuPNy/YsRSOUBXTVfZ+yR7Zjez3qjBz6i9+i4zjNaoqcoFVI4lQJ5plg63TvGfRSDCRg==",
1221 | "requires": {
1222 | "depd": "~1.1.2",
1223 | "inherits": "2.0.3",
1224 | "setprototypeof": "1.1.1",
1225 | "statuses": ">= 1.5.0 < 2",
1226 | "toidentifier": "1.0.0"
1227 | }
1228 | },
1229 | "iconv-lite": {
1230 | "version": "0.4.24",
1231 | "resolved": "https://registry.npmjs.org/iconv-lite/-/iconv-lite-0.4.24.tgz",
1232 | "integrity": "sha512-v3MXnZAcvnywkTUEZomIActle7RXXeedOR31wwl7VlyoXO4Qi9arvSenNQWne1TcRwhCL1HwLI21bEqdpj8/rA==",
1233 | "requires": {
1234 | "safer-buffer": ">= 2.1.2 < 3"
1235 | }
1236 | },
1237 | "inflight": {
1238 | "version": "1.0.6",
1239 | "resolved": "https://registry.npmjs.org/inflight/-/inflight-1.0.6.tgz",
1240 | "integrity": "sha1-Sb1jMdfQLQwJvJEKEHW6gWW1bfk=",
1241 | "dev": true,
1242 | "requires": {
1243 | "once": "^1.3.0",
1244 | "wrappy": "1"
1245 | }
1246 | },
1247 | "inherits": {
1248 | "version": "2.0.3",
1249 | "resolved": "https://registry.npmjs.org/inherits/-/inherits-2.0.3.tgz",
1250 | "integrity": "sha1-Yzwsg+PaQqUC9SRmAiSA9CCCYd4="
1251 | },
1252 | "ipaddr.js": {
1253 | "version": "1.9.0",
1254 | "resolved": "https://registry.npmjs.org/ipaddr.js/-/ipaddr.js-1.9.0.tgz",
1255 | "integrity": "sha512-M4Sjn6N/+O6/IXSJseKqHoFc+5FdGJ22sXqnjTpdZweHK64MzEPAyQZyEU3R/KRv2GLoa7nNtg/C2Ev6m7z+eA=="
1256 | },
1257 | "isarray": {
1258 | "version": "1.0.0",
1259 | "resolved": "https://registry.npmjs.org/isarray/-/isarray-1.0.0.tgz",
1260 | "integrity": "sha1-u5NdSFgsuhaMBoNJV6VKPgcSTxE=",
1261 | "dev": true
1262 | },
1263 | "jsonfile": {
1264 | "version": "4.0.0",
1265 | "resolved": "https://registry.npmjs.org/jsonfile/-/jsonfile-4.0.0.tgz",
1266 | "integrity": "sha1-h3Gq4HmbZAdrdmQPygWPnBDjPss=",
1267 | "requires": {
1268 | "graceful-fs": "^4.1.6"
1269 | }
1270 | },
1271 | "media-typer": {
1272 | "version": "0.3.0",
1273 | "resolved": "https://registry.npmjs.org/media-typer/-/media-typer-0.3.0.tgz",
1274 | "integrity": "sha1-hxDXrwqmJvj/+hzgAWhUUmMlV0g="
1275 | },
1276 | "merge-descriptors": {
1277 | "version": "1.0.1",
1278 | "resolved": "https://registry.npmjs.org/merge-descriptors/-/merge-descriptors-1.0.1.tgz",
1279 | "integrity": "sha1-sAqqVW3YtEVoFQ7J0blT8/kMu2E="
1280 | },
1281 | "methods": {
1282 | "version": "1.1.2",
1283 | "resolved": "https://registry.npmjs.org/methods/-/methods-1.1.2.tgz",
1284 | "integrity": "sha1-VSmk1nZUE07cxSZmVoNbD4Ua/O4="
1285 | },
1286 | "mime": {
1287 | "version": "1.6.0",
1288 | "resolved": "https://registry.npmjs.org/mime/-/mime-1.6.0.tgz",
1289 | "integrity": "sha512-x0Vn8spI+wuJ1O6S7gnbaQg8Pxh4NNHb7KSINmEWKiPE4RKOplvijn+NkmYmmRgP68mc70j2EbeTFRsrswaQeg=="
1290 | },
1291 | "mime-db": {
1292 | "version": "1.40.0",
1293 | "resolved": "https://registry.npmjs.org/mime-db/-/mime-db-1.40.0.tgz",
1294 | "integrity": "sha512-jYdeOMPy9vnxEqFRRo6ZvTZ8d9oPb+k18PKoYNYUe2stVEBPPwsln/qWzdbmaIvnhZ9v2P+CuecK+fpUfsV2mA=="
1295 | },
1296 | "mime-types": {
1297 | "version": "2.1.24",
1298 | "resolved": "https://registry.npmjs.org/mime-types/-/mime-types-2.1.24.tgz",
1299 | "integrity": "sha512-WaFHS3MCl5fapm3oLxU4eYDw77IQM2ACcxQ9RIxfaC3ooc6PFuBMGZZsYpvoXS5D5QTWPieo1jjLdAm3TBP3cQ==",
1300 | "requires": {
1301 | "mime-db": "1.40.0"
1302 | }
1303 | },
1304 | "minimatch": {
1305 | "version": "3.0.4",
1306 | "resolved": "https://registry.npmjs.org/minimatch/-/minimatch-3.0.4.tgz",
1307 | "integrity": "sha512-yJHVQEhyqPLUTgt9B83PXu6W3rx4MvvHvSUvToogpwoGDOUQ+yDrR0HRot+yOCdCO7u4hX3pWft6kWBBcqh0UA==",
1308 | "dev": true,
1309 | "requires": {
1310 | "brace-expansion": "^1.1.7"
1311 | }
1312 | },
1313 | "minimist": {
1314 | "version": "0.0.8",
1315 | "resolved": "https://registry.npmjs.org/minimist/-/minimist-0.0.8.tgz",
1316 | "integrity": "sha1-hX/Kv8M5fSYluCKCYuhqp6ARsF0=",
1317 | "dev": true
1318 | },
1319 | "mkdirp": {
1320 | "version": "0.5.1",
1321 | "resolved": "https://registry.npmjs.org/mkdirp/-/mkdirp-0.5.1.tgz",
1322 | "integrity": "sha1-MAV0OOrGz3+MR2fzhkjWaX11yQM=",
1323 | "dev": true,
1324 | "requires": {
1325 | "minimist": "0.0.8"
1326 | }
1327 | },
1328 | "mocha": {
1329 | "version": "5.2.0",
1330 | "resolved": "https://registry.npmjs.org/mocha/-/mocha-5.2.0.tgz",
1331 | "integrity": "sha512-2IUgKDhc3J7Uug+FxMXuqIyYzH7gJjXECKe/w43IGgQHTSj3InJi+yAA7T24L9bQMRKiUEHxEX37G5JpVUGLcQ==",
1332 | "dev": true,
1333 | "requires": {
1334 | "browser-stdout": "1.3.1",
1335 | "commander": "2.15.1",
1336 | "debug": "3.1.0",
1337 | "diff": "3.5.0",
1338 | "escape-string-regexp": "1.0.5",
1339 | "glob": "7.1.2",
1340 | "growl": "1.10.5",
1341 | "he": "1.1.1",
1342 | "minimatch": "3.0.4",
1343 | "mkdirp": "0.5.1",
1344 | "supports-color": "5.4.0"
1345 | },
1346 | "dependencies": {
1347 | "debug": {
1348 | "version": "3.1.0",
1349 | "resolved": "https://registry.npmjs.org/debug/-/debug-3.1.0.tgz",
1350 | "integrity": "sha512-OX8XqP7/1a9cqkxYw2yXss15f26NKWBpDXQd0/uK/KPqdQhxbPa994hnzjcE2VqQpDslf55723cKPUOGSmMY3g==",
1351 | "dev": true,
1352 | "requires": {
1353 | "ms": "2.0.0"
1354 | }
1355 | }
1356 | }
1357 | },
1358 | "ms": {
1359 | "version": "2.0.0",
1360 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.0.0.tgz",
1361 | "integrity": "sha1-VgiurfwAvmwpAd9fmGF4jeDVl8g="
1362 | },
1363 | "negotiator": {
1364 | "version": "0.6.2",
1365 | "resolved": "https://registry.npmjs.org/negotiator/-/negotiator-0.6.2.tgz",
1366 | "integrity": "sha512-hZXc7K2e+PgeI1eDBe/10Ard4ekbfrrqG8Ep+8Jmf4JID2bNg7NvCPOZN+kfF574pFQI7mum2AUqDidoKqcTOw=="
1367 | },
1368 | "node-serialize": {
1369 | "version": "0.0.4",
1370 | "resolved": "https://registry.npmjs.org/node-serialize/-/node-serialize-0.0.4.tgz",
1371 | "integrity": "sha1-tzpJ4TUzBmVxA6Xkn38FJ5upf38="
1372 | },
1373 | "on-finished": {
1374 | "version": "2.3.0",
1375 | "resolved": "https://registry.npmjs.org/on-finished/-/on-finished-2.3.0.tgz",
1376 | "integrity": "sha1-IPEzZIGwg811M3mSoWlxqi2QaUc=",
1377 | "requires": {
1378 | "ee-first": "1.1.1"
1379 | }
1380 | },
1381 | "once": {
1382 | "version": "1.4.0",
1383 | "resolved": "https://registry.npmjs.org/once/-/once-1.4.0.tgz",
1384 | "integrity": "sha1-WDsap3WWHUsROsF9nFC6753Xa9E=",
1385 | "dev": true,
1386 | "requires": {
1387 | "wrappy": "1"
1388 | }
1389 | },
1390 | "parseurl": {
1391 | "version": "1.3.3",
1392 | "resolved": "https://registry.npmjs.org/parseurl/-/parseurl-1.3.3.tgz",
1393 | "integrity": "sha512-CiyeOxFT/JZyN5m0z9PfXw4SCBJ6Sygz1Dpl0wqjlhDEGGBP1GnsUVEL0p63hoG1fcj3fHynXi9NYO4nWOL+qQ=="
1394 | },
1395 | "path-is-absolute": {
1396 | "version": "1.0.1",
1397 | "resolved": "https://registry.npmjs.org/path-is-absolute/-/path-is-absolute-1.0.1.tgz",
1398 | "integrity": "sha1-F0uSaHNVNP+8es5r9TpanhtcX18=",
1399 | "dev": true
1400 | },
1401 | "path-to-regexp": {
1402 | "version": "0.1.7",
1403 | "resolved": "https://registry.npmjs.org/path-to-regexp/-/path-to-regexp-0.1.7.tgz",
1404 | "integrity": "sha1-32BBeABfUi8V60SQ5yR6G/qmf4w="
1405 | },
1406 | "pathval": {
1407 | "version": "1.1.0",
1408 | "resolved": "https://registry.npmjs.org/pathval/-/pathval-1.1.0.tgz",
1409 | "integrity": "sha1-uULm1L3mUwBe9rcTYd74cn0GReA=",
1410 | "dev": true
1411 | },
1412 | "process-nextick-args": {
1413 | "version": "2.0.1",
1414 | "resolved": "https://registry.npmjs.org/process-nextick-args/-/process-nextick-args-2.0.1.tgz",
1415 | "integrity": "sha512-3ouUOpQhtgrbOa17J7+uxOTpITYWaGP7/AhoR3+A+/1e9skrzelGi/dXzEYyvbxubEF6Wn2ypscTKiKJFFn1ag==",
1416 | "dev": true
1417 | },
1418 | "proxy-addr": {
1419 | "version": "2.0.5",
1420 | "resolved": "https://registry.npmjs.org/proxy-addr/-/proxy-addr-2.0.5.tgz",
1421 | "integrity": "sha512-t/7RxHXPH6cJtP0pRG6smSr9QJidhB+3kXu0KgXnbGYMgzEnUxRQ4/LDdfOwZEMyIh3/xHb8PX3t+lfL9z+YVQ==",
1422 | "requires": {
1423 | "forwarded": "~0.1.2",
1424 | "ipaddr.js": "1.9.0"
1425 | }
1426 | },
1427 | "qs": {
1428 | "version": "6.7.0",
1429 | "resolved": "https://registry.npmjs.org/qs/-/qs-6.7.0.tgz",
1430 | "integrity": "sha512-VCdBRNFTX1fyE7Nb6FYoURo/SPe62QCaAyzJvUjwRaIsc+NePBEniHlvxFmmX56+HZphIGtV0XeCirBtpDrTyQ=="
1431 | },
1432 | "range-parser": {
1433 | "version": "1.2.1",
1434 | "resolved": "https://registry.npmjs.org/range-parser/-/range-parser-1.2.1.tgz",
1435 | "integrity": "sha512-Hrgsx+orqoygnmhFbKaHE6c296J+HTAQXoxEF6gNupROmmGJRoyzfG3ccAveqCBrwr/2yxQ5BVd/GTl5agOwSg=="
1436 | },
1437 | "raw-body": {
1438 | "version": "2.4.0",
1439 | "resolved": "https://registry.npmjs.org/raw-body/-/raw-body-2.4.0.tgz",
1440 | "integrity": "sha512-4Oz8DUIwdvoa5qMJelxipzi/iJIi40O5cGV1wNYp5hvZP8ZN0T+jiNkL0QepXs+EsQ9XJ8ipEDoiH70ySUJP3Q==",
1441 | "requires": {
1442 | "bytes": "3.1.0",
1443 | "http-errors": "1.7.2",
1444 | "iconv-lite": "0.4.24",
1445 | "unpipe": "1.0.0"
1446 | }
1447 | },
1448 | "readable-stream": {
1449 | "version": "2.3.6",
1450 | "resolved": "https://registry.npmjs.org/readable-stream/-/readable-stream-2.3.6.tgz",
1451 | "integrity": "sha512-tQtKA9WIAhBF3+VLAseyMqZeBjW0AHJoxOtYqSUZNJxauErmLbVm2FW1y+J/YA9dUrAC39ITejlZWhVIwawkKw==",
1452 | "dev": true,
1453 | "requires": {
1454 | "core-util-is": "~1.0.0",
1455 | "inherits": "~2.0.3",
1456 | "isarray": "~1.0.0",
1457 | "process-nextick-args": "~2.0.0",
1458 | "safe-buffer": "~5.1.1",
1459 | "string_decoder": "~1.1.1",
1460 | "util-deprecate": "~1.0.1"
1461 | }
1462 | },
1463 | "safe-buffer": {
1464 | "version": "5.1.2",
1465 | "resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.1.2.tgz",
1466 | "integrity": "sha512-Gd2UZBJDkXlY7GbJxfsE8/nvKkUEU1G38c1siN6QP6a9PT9MmHB8GnpscSmMJSoF8LOIrt8ud/wPtojys4G6+g=="
1467 | },
1468 | "safer-buffer": {
1469 | "version": "2.1.2",
1470 | "resolved": "https://registry.npmjs.org/safer-buffer/-/safer-buffer-2.1.2.tgz",
1471 | "integrity": "sha512-YZo3K82SD7Riyi0E1EQPojLz7kpepnSQI9IyPbHHg1XXXevb5dJI7tpyN2ADxGcQbHG7vcyRHk0cbwqcQriUtg=="
1472 | },
1473 | "send": {
1474 | "version": "0.17.1",
1475 | "resolved": "https://registry.npmjs.org/send/-/send-0.17.1.tgz",
1476 | "integrity": "sha512-BsVKsiGcQMFwT8UxypobUKyv7irCNRHk1T0G680vk88yf6LBByGcZJOTJCrTP2xVN6yI+XjPJcNuE3V4fT9sAg==",
1477 | "requires": {
1478 | "debug": "2.6.9",
1479 | "depd": "~1.1.2",
1480 | "destroy": "~1.0.4",
1481 | "encodeurl": "~1.0.2",
1482 | "escape-html": "~1.0.3",
1483 | "etag": "~1.8.1",
1484 | "fresh": "0.5.2",
1485 | "http-errors": "~1.7.2",
1486 | "mime": "1.6.0",
1487 | "ms": "2.1.1",
1488 | "on-finished": "~2.3.0",
1489 | "range-parser": "~1.2.1",
1490 | "statuses": "~1.5.0"
1491 | },
1492 | "dependencies": {
1493 | "ms": {
1494 | "version": "2.1.1",
1495 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.1.tgz",
1496 | "integrity": "sha512-tgp+dl5cGk28utYktBsrFqA7HKgrhgPsg6Z/EfhWI4gl1Hwq8B/GmY/0oXZ6nF8hDVesS/FpnYaD/kOWhYQvyg=="
1497 | }
1498 | }
1499 | },
1500 | "serve-static": {
1501 | "version": "1.14.1",
1502 | "resolved": "https://registry.npmjs.org/serve-static/-/serve-static-1.14.1.tgz",
1503 | "integrity": "sha512-JMrvUwE54emCYWlTI+hGrGv5I8dEwmco/00EvkzIIsR7MqrHonbD9pO2MOfFnpFntl7ecpZs+3mW+XbQZu9QCg==",
1504 | "requires": {
1505 | "encodeurl": "~1.0.2",
1506 | "escape-html": "~1.0.3",
1507 | "parseurl": "~1.3.3",
1508 | "send": "0.17.1"
1509 | }
1510 | },
1511 | "setprototypeof": {
1512 | "version": "1.1.1",
1513 | "resolved": "https://registry.npmjs.org/setprototypeof/-/setprototypeof-1.1.1.tgz",
1514 | "integrity": "sha512-JvdAWfbXeIGaZ9cILp38HntZSFSo3mWg6xGcJJsd+d4aRMOqauag1C63dJfDw7OaMYwEbHMOxEZ1lqVRYP2OAw=="
1515 | },
1516 | "should": {
1517 | "version": "13.2.3",
1518 | "resolved": "https://registry.npmjs.org/should/-/should-13.2.3.tgz",
1519 | "integrity": "sha512-ggLesLtu2xp+ZxI+ysJTmNjh2U0TsC+rQ/pfED9bUZZ4DKefP27D+7YJVVTvKsmjLpIi9jAa7itwDGkDDmt1GQ==",
1520 | "requires": {
1521 | "should-equal": "^2.0.0",
1522 | "should-format": "^3.0.3",
1523 | "should-type": "^1.4.0",
1524 | "should-type-adaptors": "^1.0.1",
1525 | "should-util": "^1.0.0"
1526 | }
1527 | },
1528 | "should-equal": {
1529 | "version": "2.0.0",
1530 | "resolved": "https://registry.npmjs.org/should-equal/-/should-equal-2.0.0.tgz",
1531 | "integrity": "sha512-ZP36TMrK9euEuWQYBig9W55WPC7uo37qzAEmbjHz4gfyuXrEUgF8cUvQVO+w+d3OMfPvSRQJ22lSm8MQJ43LTA==",
1532 | "requires": {
1533 | "should-type": "^1.4.0"
1534 | }
1535 | },
1536 | "should-format": {
1537 | "version": "3.0.3",
1538 | "resolved": "https://registry.npmjs.org/should-format/-/should-format-3.0.3.tgz",
1539 | "integrity": "sha1-m/yPdPo5IFxT04w01xcwPidxJPE=",
1540 | "requires": {
1541 | "should-type": "^1.3.0",
1542 | "should-type-adaptors": "^1.0.1"
1543 | }
1544 | },
1545 | "should-type": {
1546 | "version": "1.4.0",
1547 | "resolved": "https://registry.npmjs.org/should-type/-/should-type-1.4.0.tgz",
1548 | "integrity": "sha1-B1bYzoRt/QmEOmlHcZ36DUz/XPM="
1549 | },
1550 | "should-type-adaptors": {
1551 | "version": "1.1.0",
1552 | "resolved": "https://registry.npmjs.org/should-type-adaptors/-/should-type-adaptors-1.1.0.tgz",
1553 | "integrity": "sha512-JA4hdoLnN+kebEp2Vs8eBe9g7uy0zbRo+RMcU0EsNy+R+k049Ki+N5tT5Jagst2g7EAja+euFuoXFCa8vIklfA==",
1554 | "requires": {
1555 | "should-type": "^1.3.0",
1556 | "should-util": "^1.0.0"
1557 | }
1558 | },
1559 | "should-util": {
1560 | "version": "1.0.1",
1561 | "resolved": "https://registry.npmjs.org/should-util/-/should-util-1.0.1.tgz",
1562 | "integrity": "sha512-oXF8tfxx5cDk8r2kYqlkUJzZpDBqVY/II2WhvU0n9Y3XYvAYRmeaf1PvvIvTgPnv4KJ+ES5M0PyDq5Jp+Ygy2g=="
1563 | },
1564 | "statuses": {
1565 | "version": "1.5.0",
1566 | "resolved": "https://registry.npmjs.org/statuses/-/statuses-1.5.0.tgz",
1567 | "integrity": "sha1-Fhx9rBd2Wf2YEfQ3cfqZOBR4Yow="
1568 | },
1569 | "string_decoder": {
1570 | "version": "1.1.1",
1571 | "resolved": "https://registry.npmjs.org/string_decoder/-/string_decoder-1.1.1.tgz",
1572 | "integrity": "sha512-n/ShnvDi6FHbbVfviro+WojiFzv+s8MPMHBczVePfUpDJLwoLT0ht1l4YwBCbi8pJAveEEdnkHyPyTP/mzRfwg==",
1573 | "dev": true,
1574 | "requires": {
1575 | "safe-buffer": "~5.1.0"
1576 | }
1577 | },
1578 | "superagent": {
1579 | "version": "3.8.3",
1580 | "resolved": "https://registry.npmjs.org/superagent/-/superagent-3.8.3.tgz",
1581 | "integrity": "sha512-GLQtLMCoEIK4eDv6OGtkOoSMt3D+oq0y3dsxMuYuDvaNUvuT8eFBuLmfR0iYYzHC1e8hpzC6ZsxbuP6DIalMFA==",
1582 | "dev": true,
1583 | "requires": {
1584 | "component-emitter": "^1.2.0",
1585 | "cookiejar": "^2.1.0",
1586 | "debug": "^3.1.0",
1587 | "extend": "^3.0.0",
1588 | "form-data": "^2.3.1",
1589 | "formidable": "^1.2.0",
1590 | "methods": "^1.1.1",
1591 | "mime": "^1.4.1",
1592 | "qs": "^6.5.1",
1593 | "readable-stream": "^2.3.5"
1594 | },
1595 | "dependencies": {
1596 | "debug": {
1597 | "version": "3.2.6",
1598 | "resolved": "https://registry.npmjs.org/debug/-/debug-3.2.6.tgz",
1599 | "integrity": "sha512-mel+jf7nrtEl5Pn1Qx46zARXKDpBbvzezse7p7LqINmdoIk8PYP5SySaxEmYv6TZ0JyEKA1hsCId6DIhgITtWQ==",
1600 | "dev": true,
1601 | "requires": {
1602 | "ms": "^2.1.1"
1603 | }
1604 | },
1605 | "ms": {
1606 | "version": "2.1.2",
1607 | "resolved": "https://registry.npmjs.org/ms/-/ms-2.1.2.tgz",
1608 | "integrity": "sha512-sGkPx+VjMtmA6MX27oA4FBFELFCZZ4S4XqeGOXCv68tT+jb3vk/RyaKWP0PTKyWtmLSM0b+adUTEvbs1PEaH2w==",
1609 | "dev": true
1610 | }
1611 | }
1612 | },
1613 | "supertest": {
1614 | "version": "4.0.2",
1615 | "resolved": "https://registry.npmjs.org/supertest/-/supertest-4.0.2.tgz",
1616 | "integrity": "sha512-1BAbvrOZsGA3YTCWqbmh14L0YEq0EGICX/nBnfkfVJn7SrxQV1I3pMYjSzG9y/7ZU2V9dWqyqk2POwxlb09duQ==",
1617 | "dev": true,
1618 | "requires": {
1619 | "methods": "^1.1.2",
1620 | "superagent": "^3.8.3"
1621 | }
1622 | },
1623 | "supports-color": {
1624 | "version": "5.4.0",
1625 | "resolved": "https://registry.npmjs.org/supports-color/-/supports-color-5.4.0.tgz",
1626 | "integrity": "sha512-zjaXglF5nnWpsq470jSv6P9DwPvgLkuapYmfDm3JWOm0vkNTVF2tI4UrN2r6jH1qM/uc/WtxYY1hYoA2dOKj5w==",
1627 | "dev": true,
1628 | "requires": {
1629 | "has-flag": "^3.0.0"
1630 | }
1631 | },
1632 | "toidentifier": {
1633 | "version": "1.0.0",
1634 | "resolved": "https://registry.npmjs.org/toidentifier/-/toidentifier-1.0.0.tgz",
1635 | "integrity": "sha512-yaOH/Pk/VEhBWWTlhI+qXxDFXlejDGcQipMlyxda9nthulaxLZUNcUqFxokp0vcYnvteJln5FNQDRrxj3YcbVw=="
1636 | },
1637 | "type-detect": {
1638 | "version": "4.0.8",
1639 | "resolved": "https://registry.npmjs.org/type-detect/-/type-detect-4.0.8.tgz",
1640 | "integrity": "sha512-0fr/mIH1dlO+x7TlcMy+bIDqKPsw/70tVyeHW787goQjhmqaZe10uwLujubK9q9Lg6Fiho1KUKDYz0Z7k7g5/g==",
1641 | "dev": true
1642 | },
1643 | "type-is": {
1644 | "version": "1.6.18",
1645 | "resolved": "https://registry.npmjs.org/type-is/-/type-is-1.6.18.tgz",
1646 | "integrity": "sha512-TkRKr9sUTxEH8MdfuCSP7VizJyzRNMjj2J2do2Jr3Kym598JVdEksuzPQCnlFPW4ky9Q+iA+ma9BGm06XQBy8g==",
1647 | "requires": {
1648 | "media-typer": "0.3.0",
1649 | "mime-types": "~2.1.24"
1650 | }
1651 | },
1652 | "universalify": {
1653 | "version": "0.1.2",
1654 | "resolved": "https://registry.npmjs.org/universalify/-/universalify-0.1.2.tgz",
1655 | "integrity": "sha512-rBJeI5CXAlmy1pV+617WB9J63U6XcazHHF2f2dbJix4XzpUF0RS3Zbj0FGIOCAva5P/d/GBOYaACQ1w+0azUkg=="
1656 | },
1657 | "unpipe": {
1658 | "version": "1.0.0",
1659 | "resolved": "https://registry.npmjs.org/unpipe/-/unpipe-1.0.0.tgz",
1660 | "integrity": "sha1-sr9O6FFKrmFltIF4KdIbLvSZBOw="
1661 | },
1662 | "util-deprecate": {
1663 | "version": "1.0.2",
1664 | "resolved": "https://registry.npmjs.org/util-deprecate/-/util-deprecate-1.0.2.tgz",
1665 | "integrity": "sha1-RQ1Nyfpw3nMnYvvS1KKJgUGaDM8=",
1666 | "dev": true
1667 | },
1668 | "utils-merge": {
1669 | "version": "1.0.1",
1670 | "resolved": "https://registry.npmjs.org/utils-merge/-/utils-merge-1.0.1.tgz",
1671 | "integrity": "sha1-n5VxD1CiZ5R7LMwSR0HBAoQn5xM="
1672 | },
1673 | "vary": {
1674 | "version": "1.1.2",
1675 | "resolved": "https://registry.npmjs.org/vary/-/vary-1.1.2.tgz",
1676 | "integrity": "sha1-IpnwLG3tMNSllhsLn3RSShj2NPw="
1677 | },
1678 | "wrappy": {
1679 | "version": "1.0.2",
1680 | "resolved": "https://registry.npmjs.org/wrappy/-/wrappy-1.0.2.tgz",
1681 | "integrity": "sha1-tSQ9jz7BqjXxNkYFvA0QNuMKtp8=",
1682 | "dev": true
1683 | }
1684 | }
1685 | }
1686 |
--------------------------------------------------------------------------------
/package.json:
--------------------------------------------------------------------------------
1 | {
2 | "name": "api-node-goat",
3 | "version": "0.0.1",
4 | "description": "A simple Express.JS REST API application that shows a number of common OWASP Top 10 CWEs.",
5 | "main": "index.js",
6 | "scripts": {
7 | "start": "node app/server.js",
8 | "test": "mocha test/*.js",
9 | "test-iast": "mocha --require ./.iast/agent_linux64.node test/*.js"
10 | },
11 | "author": "Rob Layzell",
12 | "license": "ISC",
13 | "dependencies": {
14 | "child_process": "^1.0.2",
15 | "express": "^4.16.4",
16 | "fs-extra": "^8.1.0",
17 | "node-serialize": "0.0.4",
18 | "should": "^13.2.3"
19 | },
20 | "devDependencies": {
21 | "chai": "^4.2.0",
22 | "mocha": "^5.2.0",
23 | "supertest": "^4.0.2"
24 | }
25 | }
26 |
--------------------------------------------------------------------------------
/start-agent-server.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | export VERACODE_API_KEY_ID=879c25fadae45252ebbd1ee06358ca42
4 | export VERACODE_API_KEY_SECRET=8ef83ed92a7366ed58c360c63d21e5396d8ddc903b9c4fadf72f4d9348d12dc24f5238c4dfd8741ada17cde39ec9f23918c58c3848f9c2feb1e51a42511cf6e4
5 | docker run --rm -p 10010:10010 -e VERACODE_API_KEY_ID -e VERACODE_API_KEY_SECRET --name iast-agent-server veracode/iast-agent-server:latest
--------------------------------------------------------------------------------
/stop-agent-server.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 |
3 | docker stop iast-agent-server
4 |
--------------------------------------------------------------------------------
/test.sh:
--------------------------------------------------------------------------------
1 | #!/bin/bash
2 | ROOTDIR=`git rev-parse --show-toplevel`
3 |
4 | case "$OSTYPE" in
5 | darwin*)
6 | PLATFORM=darwin64
7 | EXT=.dylib
8 | ;;
9 | linux*)
10 | PLATFORM=linux64
11 | EXT=.so
12 | ;;
13 | *)
14 | echo "Unknown operating system. Building on this system is not supported."
15 | exit 1;
16 | ;;
17 | esac
18 |
19 | # Set the location of the Agent Server.
20 | export AGENT_SERVER_URL="https://localhost:10010/iast/as/v1"
21 |
22 | # Set a unique identifier for this run (based on the folder name and timestamp).
23 | export BUILD_TAG=$(basename "$PWD")-$(date +%Y-%m-%d_%H-%M-%S)
24 | echo "Using BUILD_TAG: ${BUILD_TAG}"
25 |
26 | # Ping Veracode Interactive Agent Server to make sure it's alive.
27 | status_code=$(curl --write-out %{http_code} --silent --output /dev/null --insecure ${AGENT_SERVER_URL})
28 | if [[ "$status_code" -ne 200 ]]; then
29 | echo "ERROR: Veracode Interactive Agent Server not available at ${AGENT_SERVER_URL} (Status code: ${status_code})."
30 | exit 1
31 | fi;
32 |
33 | # Send session_start event to Agent Server and save off the session_id returned in an environment variable.
34 | SESSION_ID=$(curl -H "Content-Type:application/json" -H "x-iast-event:session_start" --silent --insecure -X POST -d "{\"BUILD_TAG\":\"${BUILD_TAG}\"}" ${AGENT_SERVER_URL}/events | jq -r '.session_id')
35 | echo "Using session_id: ${SESSION_ID}"
36 |
37 | # Download the latest version of the IAST Agent from the Agent Server.
38 | [ -d .iast ] || mkdir .iast
39 | pushd .iast > /dev/null
40 | curl --insecure -sSL ${AGENT_SERVER_URL}/downloads | sh
41 | popd
42 |
43 | # Run the tests.
44 | LD_LIBRARY_PATH=$PWD/.iast npm run test-iast
45 |
46 | # (Optional) Send session_stop event to Agent Server.
47 | curl -H "Content-Type:application/json" -H "x-iast-event:session_stop" -H "x-iast-session-id:${SESSION_ID}" --silent --output /dev/null --insecure -X POST ${AGENT_SERVER_URL}/events
48 |
49 | # Print the Veracode Interactive Summary Report to the console.
50 | curl -H "Accept:text/plain" --insecure -X GET ${AGENT_SERVER_URL}/results?session_id=${SESSION_ID}
51 |
52 | # Give the report URL for this run (denoted by the BUILD_TAG).
53 | echo
54 | echo "View the Veracode Interactive Summary Report at this URL: ${AGENT_SERVER_URL}/results?session_tag=${BUILD_TAG}"
55 |
--------------------------------------------------------------------------------
/test/converter.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | var expect = require("chai").expect;
4 | var converter = require("../app/converter");
5 |
6 | describe("Color Code Converter", function() {
7 | describe("RGB to Hex conversion", function() {
8 | it("converts the basic colors", function() {
9 | var redHex = converter.rgbToHex(255, 0, 0);
10 | var greenHex = converter.rgbToHex(0, 255, 0);
11 | var blueHex = converter.rgbToHex(0, 0, 255);
12 |
13 | expect(redHex).to.equal("ff0000");
14 | expect(greenHex).to.equal("00ff00");
15 | expect(blueHex).to.equal("0000ff");
16 | });
17 | });
18 |
19 | describe("Hex to RGB conversion", function() {
20 | it("converts the basic colors", function() {
21 | var red = converter.hexToRgb("ff0000");
22 | var green = converter.hexToRgb("00ff00");
23 | var blue = converter.hexToRgb("0000ff");
24 |
25 | expect(red).to.deep.equal([255, 0, 0]);
26 | expect(green).to.deep.equal([0, 255, 0]);
27 | expect(blue).to.deep.equal([0, 0, 255]);
28 | });
29 | });
30 | });
--------------------------------------------------------------------------------
/test/server.js:
--------------------------------------------------------------------------------
1 | 'use strict';
2 |
3 | var chai = require('chai');
4 | const should = chai.should();
5 | var request = require('supertest');
6 |
7 | describe("node-api-goat API test", function () {
8 | this.timeout(25000);
9 |
10 | var server;
11 | before(function () {
12 | server = require('../app/server');
13 | });
14 | after(function () {
15 | server.close();
16 | });
17 |
18 | describe("CWE-73: External Control of File Name or Path", function() {
19 | it('downloads a sensitive file from the server', function (done) {
20 | request(server)
21 | .get('/cwe73/read?foo=package.json')
22 | .expect('Content-Type', /json/)
23 | .expect(200)
24 | .end((err, res) => {
25 | if(err){
26 | return done(err);
27 | } else{
28 | return done();
29 | }
30 | });
31 | });
32 | });
33 |
34 | describe("CWE-79: Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting')", function () {
35 | it('echoes back what you send in the text query string parameter', function (done) {
36 | request(server)
37 | .get('/cwe79/echo?text=hello')
38 | .expect('Content-Type', /text/)
39 | .expect(200)
40 | .end((err, res) => {
41 | if(err){
42 | return done(err);
43 | } else{
44 | res.text.should.be.include('You sent this: hello
');
45 | return done();
46 | }
47 | });
48 | });
49 | });
50 |
51 | describe("CWE-113: Improper Neutralization of CRLF Sequences in HTTP Headers ('HTTP Response Splitting')", function () {
52 | it('appends a file name to the HTTP response', function (done) {
53 | request(server)
54 | .get('/cwe113/split?key=myKey&value=myValueThatCouldHaveCRLFs')
55 | .expect(200)
56 | .end((err, res) => {
57 | if(err){
58 | return done(err);
59 | } else{
60 | res.text.should.be.include('Check your headers!');
61 | return done();
62 | }
63 | });
64 | });
65 | });
66 |
67 | describe("CWE-201: Information Exposure Through Sent Data", function () {
68 | it('echoes back what you send in the text query string parameter via a redirect', function (done) {
69 | request(server)
70 | .get('/cwe201/exposure?text=sensitive')
71 | .expect(200)
72 | .end((err, res) => {
73 | if(err){
74 | return done(err);
75 | } else{
76 | res.text.should.be.include('sensitive');
77 | return done();
78 | }
79 | });
80 | });
81 | });
82 |
83 | describe("CWE-601: URL Redirection to Untrusted Site ('Open Redirect')", function () {
84 | it('echoes back what you send in the text query string parameter via a redirect', function (done) {
85 | request(server)
86 | .get('/cwe601/redirect?text=hello')
87 | .expect(302) // HTTP response code for Redirect is 302
88 | .end((err, res) => {
89 | if(err){
90 | return done(err);
91 | } else{
92 | return done();
93 | }
94 | });
95 | });
96 | });
97 |
98 | describe("CWE-95: Eval Injection", function () {
99 | it('RGB to Hex conversion', function (done) {
100 | request(server)
101 | .get('/cwe95/rgbToHex?red=255&green=255&blue=255')
102 | .expect(200)
103 | .end((err, res) => {
104 | if(err){
105 | return done(err);
106 | } else{
107 | res.text.should.be.include('ffffff');
108 | return done();
109 | }
110 | });
111 | });
112 | });
113 |
114 | describe("Hex to RGB conversion", function () {
115 | it('returns the color in RGB', function (done) {
116 | request(server)
117 | .get('/hexToRgb?hex=00ff00')
118 | .expect(200)
119 | .end((err, res) => {
120 | if(err){
121 | return done(err);
122 | } else{
123 | res.text.should.be.include('[0,255,0]');
124 | return done();
125 | }
126 | });
127 | });
128 | });
129 |
130 | describe("CWE-502: Deserialization of Untrusted Data", function () {
131 | it('Deserializes untrusted data without verification of result data', function (done) {
132 | request(server)
133 | .get('/cwe502/serialize?foo={"rce":"_$$ND_FUNC$$_function (){console.log(\'exploited\')}()"}')
134 | .expect(200)
135 | .end((err, res) => {
136 | if(err){
137 | return done(err);
138 | } else{
139 | res.text.should.be.include('node-serialize');
140 | return done();
141 | }
142 | });
143 | });
144 | });
145 |
146 | describe("CWE-78: OS Command Injection", function () {
147 | it('Command injection exploit', function (done) {
148 | request(server)
149 | .get('/cwe78/childprocess?foo=echo+this+was+sent+from+the+client')
150 | .expect(200)
151 | .end((err, res) => {
152 | if(err){
153 | return done(err);
154 | } else{
155 | res.text.should.be.include('child_process');
156 | return done();
157 | }
158 | });
159 | });
160 | });
161 |
162 | /*
163 | describe("CWE-611: Improper Restriction of XML External Entity Reference", function () {
164 | it('XML evaluation', function (done) {
165 | request(server)
166 | .get('/cwe611/xmlref/?xml=xml')
167 | .expect(200)
168 | .end((err, res) => {
169 | if(err){
170 | return done(err);
171 | } else{
172 | res.text.should.be.include('xml');
173 | return done();
174 | }
175 | });
176 | });
177 | });
178 | */
179 |
180 | });
181 |
--------------------------------------------------------------------------------