Research
Security News
Malicious npm Packages Inject SSH Backdoors via Typosquatted Libraries
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
sinon-mock-server
Advanced tools
A more elegant mock server based on sinon fake server
npm install sinon-mock-server --save-dev
import mockServer from 'sinon-mock-server'
import myModule from 'my-module'
import chai from 'chai'
var expect = chai.expect
describe('api test', function() {
var server
var endpoint
var fetchPromise
beforeEach(function() {
server = mockServer()
endpoint = server.get('/api/books')
fetchPromise = myModule.fetchAllBooks()
})
afterEach(function () {
server.restore()
})
describe('when call successful', function() {
var books = [{
id: 1,
title: 'Moby dick'
}]
beforeEach(function() {
endpoint.resolves(200, books)
return fetchPromise
})
it('exposes the books', function() {
expect(mymodule.books).to.eql(books)
})
})
describe('when server fails', function() {
beforeEach(function() {
endpoint.rejects(500, {})
return fetchPromise.catch(function () {
//silence, fail is expected
})
})
it('exposes the Error', function() {
expect(mymodule.loadBooksFailed).to.eql(true)
})
})
})
server.restore()
restores the server
The server will have methods for the following verbs: get, post, put, patch, delete, head, options which can be used in the following way:
server.post(url, [requiredBody], [requiredHeaders])
server.post('/api/books', {
bodyParam: 3
}, {
'Content-Type': 'application/json'
})
For non standard HTTP verbs use server.use(method, url, [requiredBody], [requiredHeaders])
Url, requiredBody and requiredHeaders will all be wrapped in sinon.match
If you don't want this use server.post.strict
instead. You can still use sinon matchers as you please on some params like this:
server.post.strict(sinon.match('books'), {
bodyParam: 3
}, {
'Content-Type': sinon.match('application/json')
})
Url also supports regex matching:
server.post(/books/)
These methods will return a sinon stub that you can perform normal sinon assertions on, like:
var endpoint = server.post('/books').resolves({})
mymodule.createBook('new book').then(function () {
sinon.assert.calledOnce(endpoint)
sinon.assert.calledWithMatch(endpoint, 'POST', '/books', {
title: 'new Book'
}, {
'accept': sinon.match('json')
})
})
The stub is called like this:
stub(method, url, requestBody, requestHeaders)
Headers names are normalized (lowercased) before being called.
The stub also have the methods resolves
and rejects
on them that you can use to define success and failure responses.
They take these parameters:
resolves(responseBody) // default status 200
resolves(responseBody, responseHeaders) // default status 200
resolves(statusCode, responseBody)
resolves(statusCode, responseBody, responseHeaders)
// same with rejects but default status is 500
If the body is an array or an object it will automatically be serialized to JSON and the header content-type: application/json; charset=utf-8
will be set, unless the content-type header is already present in the responseHeaders.
For incoming requests the request body is parsed to JSON if the content-type in the request headers contains application/json
.
If an url is called and you don't have an matching endpoint defined the server will throw an error GET /api/not-existing: No such endpoint registered.
This is to help with testing. If you want to respond with something for all urls then register a catch all endpoint:
server.any(/.*/).rejects(404, 'Route not found')
Be aware that routes are matched in order. So make sure to add this endpoint last.
Create tests for new functionality and follow the eslint rules.
MIT © Martin Hansen
FAQs
Better fake mock server for sinon
We found that sinon-mock-server demonstrated a not healthy version release cadence and project activity because the last version was released a year ago. It has 1 open source maintainer collaborating on the project.
Did you know?
Socket for GitHub automatically highlights issues in each pull request and monitors the health of all your open source dependencies. Discover the contents of your packages and block harmful activity before you install or update your dependencies.
Research
Security News
Socket’s threat research team has detected six malicious npm packages typosquatting popular libraries to insert SSH backdoors.
Security News
MITRE's 2024 CWE Top 25 highlights critical software vulnerabilities like XSS, SQL Injection, and CSRF, reflecting shifts due to a refined ranking methodology.
Security News
In this segment of the Risky Business podcast, Feross Aboukhadijeh and Patrick Gray discuss the challenges of tracking malware discovered in open source softare.