Aktueller Stand

2026-01-22 19:05:45 +01:00
parent 85dee61a4d
commit e280e4eadb
1967 changed files with 397327 additions and 74093 deletions
--- a/backend/node_modules/@fastify/swagger-ui/test/csp.test.js
+++ b/backend/node_modules/@fastify/swagger-ui/test/csp.test.js
@@ -1,6 +1,6 @@
 'use strict'

-const { test } = require('tap')
+const { test } = require('node:test')
 const Fastify = require('fastify')
 const fastifyHelmet = require('@fastify/helmet')
 const fastifySwagger = require('@fastify/swagger')
@@ -33,9 +33,9 @@ test('staticCSP = undefined', async (t) => {
    method: 'GET',
    url: '/documentation'
  })
-  t.equal(res.statusCode, 200)
-  t.equal(typeof res.headers['content-security-policy'], 'undefined')
-  t.equal(typeof res.payload, 'string')
+  t.assert.deepStrictEqual(res.statusCode, 200)
+  t.assert.deepStrictEqual(typeof res.headers['content-security-policy'], 'undefined')
+  t.assert.deepStrictEqual(typeof res.payload, 'string')
 })

 test('staticCSP = true', async (t) => {
@@ -59,9 +59,9 @@ test('staticCSP = true', async (t) => {
      method: 'GET',
      url: '/documentation'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(res.headers['content-security-policy'], `default-src 'self'; base-uri 'self'; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data: validator.swagger.io; object-src 'none'; script-src 'self' ${csp.script.join(' ')}; script-src-attr 'none'; style-src 'self' https: ${csp.style.join(' ')}; upgrade-insecure-requests;`)
-    t.equal(typeof res.payload, 'string')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(res.headers['content-security-policy'], `default-src 'self'; base-uri 'self'; font-src 'self' https: data:; frame-ancestors 'self'; img-src 'self' data: validator.swagger.io; object-src 'none'; script-src 'self' ${csp.script.join(' ')}; script-src-attr 'none'; style-src 'self' https: ${csp.style.join(' ')}; upgrade-insecure-requests;`)
+    t.assert.deepStrictEqual(typeof res.payload, 'string')
  }

  {
@@ -69,8 +69,8 @@ test('staticCSP = true', async (t) => {
      method: 'GET',
      url: '/'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(typeof res.headers['content-security-policy'], 'undefined')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(typeof res.headers['content-security-policy'], 'undefined')
  }
 })

@@ -95,9 +95,9 @@ test('staticCSP = "default-src \'self\';"', async (t) => {
      method: 'GET',
      url: '/documentation'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(res.headers['content-security-policy'], "default-src 'self';")
-    t.equal(typeof res.payload, 'string')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(res.headers['content-security-policy'], "default-src 'self';")
+    t.assert.deepStrictEqual(typeof res.payload, 'string')
  }

  {
@@ -105,8 +105,8 @@ test('staticCSP = "default-src \'self\';"', async (t) => {
      method: 'GET',
      url: '/'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(typeof res.headers['content-security-policy'], 'undefined')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(typeof res.headers['content-security-policy'], 'undefined')
  }
 })

@@ -134,9 +134,9 @@ test('staticCSP = object', async (t) => {
      method: 'GET',
      url: '/documentation'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
-    t.equal(typeof res.payload, 'string')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
+    t.assert.deepStrictEqual(typeof res.payload, 'string')
  }

  {
@@ -144,8 +144,8 @@ test('staticCSP = object', async (t) => {
      method: 'GET',
      url: '/'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(typeof res.headers['content-security-policy'], 'undefined')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(typeof res.headers['content-security-policy'], 'undefined')
  }
 })

@@ -157,7 +157,7 @@ test('transformStaticCSP = function', async (t) => {
  await fastify.register(fastifySwaggerUi, {
    staticCSP: "default-src 'self';",
    transformStaticCSP: function (header) {
-      t.equal(header, "default-src 'self';")
+      t.assert.deepStrictEqual(header, "default-src 'self';")
      return "default-src 'self'; script-src 'self';"
    }
  })
@@ -174,9 +174,9 @@ test('transformStaticCSP = function', async (t) => {
      method: 'GET',
      url: '/documentation'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
-    t.equal(typeof res.payload, 'string')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
+    t.assert.deepStrictEqual(typeof res.payload, 'string')
  }

  {
@@ -184,8 +184,8 @@ test('transformStaticCSP = function', async (t) => {
      method: 'GET',
      url: '/'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(typeof res.headers['content-security-policy'], 'undefined')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(typeof res.headers['content-security-policy'], 'undefined')
  }
 })

@@ -197,7 +197,7 @@ test('transformStaticCSP = function, with @fastify/helmet', async (t) => {
  await fastify.register(fastifySwagger, swaggerOption)
  await fastify.register(fastifySwaggerUi, {
    transformStaticCSP: function (header) {
-      t.equal(header, "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests")
+      t.assert.deepStrictEqual(header, "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests")
      return "default-src 'self'; script-src 'self';"
    }
  })
@@ -214,9 +214,9 @@ test('transformStaticCSP = function, with @fastify/helmet', async (t) => {
      method: 'GET',
      url: '/documentation'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
-    t.equal(typeof res.payload, 'string')
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(res.headers['content-security-policy'], "default-src 'self'; script-src 'self';")
+    t.assert.deepStrictEqual(typeof res.payload, 'string')
  }

  {
@@ -224,7 +224,7 @@ test('transformStaticCSP = function, with @fastify/helmet', async (t) => {
      method: 'GET',
      url: '/'
    })
-    t.equal(res.statusCode, 200)
-    t.equal(res.headers['content-security-policy'], "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests")
+    t.assert.deepStrictEqual(res.statusCode, 200)
+    t.assert.deepStrictEqual(res.headers['content-security-policy'], "default-src 'self';base-uri 'self';font-src 'self' https: data:;form-action 'self';frame-ancestors 'self';img-src 'self' data:;object-src 'none';script-src 'self';script-src-attr 'none';style-src 'self' https: 'unsafe-inline';upgrade-insecure-requests")
  }
 })