Skip to content
This repository was archived by the owner on Aug 2, 2021. It is now read-only.
This repository was archived by the owner on Aug 2, 2021. It is now read-only.

Add script to run Juice Shop's own API/E2E tests through ZAP #6

Description

@bkimminich

As Juice Shop already has a complete set of API integration and end-to-end vulnerability exploit tests, it would be cool to be able to run them through your pipeline as well.

API integration tests

npm run frisby runs all the API tests. It starts a server of its own so you might want to run them instead directly with jasmine-node test/api

End-to-end tests

npm run protractor runs the e2e tests. These cover the entire application using Protractor (which is based on Webdriver) to exploit all the vulns in the app to get a 100% score board. They also start their own server so you might want to run protractor protractor.conf.js instead given that all your Webdriver/Selenium stuff is set up properly.

The fact that the e2e tests are not functional tests but rather exploitability tests makes it a bit different from usual setups of webapps with their e2e suites. But as you rely on the passive mode of ZAP only, it should not make so much of a difference, as it doesn't heavily check for attack signatures really - I guess - because it does not expect to be used like this.

(cc: @zaproxy, @psiinon, @thc202)

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions