Issue juice-shop#699

KRM19 · Feb 2, 2019 · 526d1d1 · 526d1d1
1 parent 3c1e876
commit 526d1d1
Show file tree

Hide file tree

Showing 3 changed files with 7 additions and 5 deletions.
diff --git a/config/default.yml b/config/default.yml
@@ -36,6 +36,7 @@ application:
     acknowledgements: '/#/score-board'
 challenges:
   safetyOverride: false
+  overwriteUrlForProductTamperingChallenge: 'https://owasp.slack.com'
 products:
   -
     name: 'Apple Juice (1000ml)'

diff --git a/routes/verify.js b/routes/verify.js
@@ -145,8 +145,8 @@ exports.databaseRelatedChallenges = () => (req, res, next) => {
 
 function changeProductChallenge (osaft) {
   osaft.reload().then(() => {
-    if (!utils.contains(osaft.description, 'https://www.owasp.org/index.php/O-Saft')) {
-      if (utils.contains(osaft.description, '<a href="http://kimminich.de" target="_blank">More...</a>')) {
+    if (!utils.contains(osaft.description, `${config.get('products.8.urlForProductTamperingChallenge')}`)) {
+      if (utils.contains(osaft.description, `<a href="${config.get('challenges.overwriteUrlForProductTamperingChallenge')}" target="_blank">More...</a>`)) {
         utils.solve(challenges.changeProductChallenge)
       }
     }

diff --git a/test/server/verifySpec.js b/test/server/verifySpec.js
@@ -5,6 +5,7 @@ const expect = chai.expect
 chai.use(sinonChai)
 const cache = require('../../data/datacache')
 const insecurity = require('../../lib/insecurity')
+const config = require('config')
 
 describe('verify', () => {
   const verify = require('../../routes/verify')
@@ -194,8 +195,8 @@ describe('verify', () => {
         products.osaft = { reload () { return { then (cb) { cb() } } } }
       })
 
-      it('is solved when the link in the O-Saft product goes to http://kimminich.de', () => {
-        products.osaft.description = 'O-Saft, yeah! <a href="http://kimminich.de" target="_blank">More...</a>'
+      it(`is solved when the link in the O-Saft product goes to ${config.get('challenges.overwriteUrlForProductTamperingChallenge')}`, () => {
+        products.osaft.description = `O-Saft, yeah! <a href="${config.get('challenges.overwriteUrlForProductTamperingChallenge')}" target="_blank">More...</a>`
 
         verify.databaseRelatedChallenges()(this.req, this.res, this.next)
 
@@ -211,7 +212,7 @@ describe('verify', () => {
       })
 
       it('is not solved when the link in the O-Saft product remained unchanged', () => {
-        products.osaft.description = 'Vanilla O-Saft! <a href="https://www.owasp.org/index.php/O-Saft" target="_blank">More...</a>'
+        products.osaft.description = `Vanilla O-Saft! <a href="${config.get('products.8.urlForProductTamperingChallenge')}" target="_blank">More...</a>`
 
         verify.databaseRelatedChallenges()(this.req, this.res, this.next)