search

darkmsph1t / _spartan

npm project to package & configure common security middleware && add security.js file to code repo
5 stars 0 forks source link

Test Case => Do not allow access policy deactivation #48

Open darkmsph1t opened 6 years ago

darkmsph1t commented 6 years ago

if the application is externally exposed and sessions are managed within the application, then access control policies must be configured -----------------from closed #50 ----------------------------- Describe the bug Access Management Object does not get rewritten when the app.exposure = external, app.access = false & app.type = web || api

To Reproduce Steps to reproduce the behavior:

  1. Run _spartan init
  2. Choose Internet facing for exposure
  3. Choose Web or API for app type
  4. Choose Access Management outside of application option
  5. Complete the rest of the questionnaire
  6. Open security.json

Expected behavior

if app.exposure = external, app.access = false & app.type = web || api =>
console.log("Access Control Policy cannot be disabled for this exposure and application type")
sbAccess(obj, tmp)
=> write original access control settings into security.json
darkmsph1t commented 6 years ago

Here is the current solution:

if(!input.access){
    if(!input.access && input.type == 'Web' || !input.access && input.type == 'API'){
      console.log("Access Control Policy cannot be disabled for this application type and exposure, so the default settings have been added");
      input.access = true;
      sbAccess(input, tmp);
    }
darkmsph1t commented 6 years ago

patch not fully working. need to reopen