Elgato_dark/fleet
1
0
Fork 0
mirror of https://github.com/fleetdm/fleet synced 2026-05-20 15:38:39 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 116
fleet/frontend/utilities/scripts_encoding.tests.ts

82 lines
3 KiB
TypeScript
Raw Normal View History

Fix FMAs on Render (#37557) Fixes #33732 Base64-encodes the `install_script` and `uninstall_script` payloads for add and edit software to prevent being blocked by WAF rules and allow FMAs for Windows to be added/edited in Fleet instances running on Render. ![fix-33732-fma-on-render](https://github.com/user-attachments/assets/8293fa30-0739-4769-bd21-09733a23dadc)
2025-12-23 18:01:32 +00:00
import { encodeScriptBase64, SCRIPTS_ENCODED_HEADER } from "./scripts_encoding";
describe("scripts_encoding", () => {
describe("SCRIPTS_ENCODED_HEADER", () => {
it("should have the expected value", () => {
expect(SCRIPTS_ENCODED_HEADER).toBe("X-Fleet-Scripts-Encoded");
});
});
describe("encodeScriptBase64", () => {
it("should return undefined for undefined input", () => {
expect(encodeScriptBase64(undefined)).toBeUndefined();
});
it("should return empty string for empty input", () => {
expect(encodeScriptBase64("")).toBe("");
});
it("should encode simple strings correctly", () => {
const encoded = encodeScriptBase64("Hello World");
// "Hello World" in base64 is "SGVsbG8gV29ybGQ="
expect(encoded).toBe("SGVsbG8gV29ybGQ=");
});
it("should encode PowerShell patterns with dollar brace", () => {
// eslint-disable-next-line no-template-curly-in-string
const encoded = encodeScriptBase64("${env:TEMP}");
// "${env:TEMP}" in base64 is "JHtlbnY6VEVNUH0="
expect(encoded).toBe("JHtlbnY6VEVNUH0=");
});
it("should encode PowerShell install script patterns", () => {
const script = "$installProcess = Start-Process msiexec.exe";
const encoded = encodeScriptBase64(script);
// Verify it's valid base64 and decodes back correctly
expect(atob(encoded!)).toBe(script);
});
it("should encode multiline PowerShell scripts", () => {
const script =
// eslint-disable-next-line no-template-curly-in-string
'$logFile = "${env:TEMP}/fleet-install.log"\nStart-Process msiexec.exe';
const encoded = encodeScriptBase64(script);
// Verify it's valid base64 and decodes back correctly
expect(atob(encoded!)).toBe(script);
});
it("should handle unicode characters correctly", () => {
const script = 'echo "Hello World"';
const encoded = encodeScriptBase64(script);
// Decode and verify using TextDecoder for proper UTF-8 handling
const decoded = atob(encoded!);
expect(decoded).toBe(script);
});
it("should produce valid base64 that Go can decode", () => {
// Test the specific WAF-triggering patterns
// eslint-disable-next-line no-template-curly-in-string
const envTemp = "${env:TEMP}";
// eslint-disable-next-line no-template-curly-in-string
const envInstallerPath = "${env:INSTALLER_PATH}";
// eslint-disable-next-line no-template-curly-in-string
const logFileScript = '$logFile = "${env:TEMP}/fleet-install.log"';
const testCases = [
envTemp,
envInstallerPath,
"Start-Process msiexec.exe",
logFileScript,
];
testCases.forEach((script) => {
const encoded = encodeScriptBase64(script);
expect(encoded).toBeDefined();
// Verify it's valid base64 (won't throw)
expect(() => atob(encoded!)).not.toThrow();
// Verify it decodes back to original
expect(atob(encoded!)).toBe(script);
});
});
});
});
Reference in a new issue Copy permalink