Errors in Price Checker project

LuosRestil · November 23, 2019, 12:45am

Tell us what’s happening:
Hello, fellow campers. I’ve just been working on the Price Checker project for the final certification here, and I’m having a few issues with the requirements. All the FCC tests pass automatically for some reason, so it doesn’t impact completion of the course, but I’d still like to know what to do about it for my own sake.
So one of the goals of this challenge is “Set the content security policies to only allow loading of scripts and CSS from your server.” We learned how to do this in the Helmet lessons, so no problem. Unfortunately, this project uses outside scripts, and setting Helmet’s contentSecurityPolicy to only allow scripts from my server breaks the whole thing. Am I just grossly misunderstanding the goal here?
Also, the functional tests won’t run at all because of errors in assertion-analyser.js and unit-tests.js. I was able to fix the problem in unit-tests.js, but I have no idea how to fix the other one.
Any advice on either of these would be fantastic.
My code can be found here: https://glitch.com/edit/#!/luos-fcc-stock-checker
Thanks for your time!

Your code so far

Your browser information:

User Agent is: Mozilla/5.0 (Macintosh; Intel Mac OS X 10_14_6) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/78.0.3904.97 Safari/537.36.

Challenge: undefined

Link to the challenge:
https://www.freecodecamp.org/learn/information-security-and-quality-assurance/information-security-and-quality-assurance-projects/stock-price-checker

MakingStuffs · November 23, 2019, 11:23pm

If I remember correctly this project is kinda broken as the stock API doesn’t provide a free public one anymore and the tests need to be completed yourself. I am pretty sure that is what I found, anyway.

I ended up using the following API: https://api.iextrading.com/

As for the HelmetJS issue, this is what I ended up with:

app.use(helmet.contentSecurityPolicy({
  directives: {
    defaultSrc: ["'self'", "cdnjs.cloudflare.com"],
    imgSrc: ["'self'", "hyperdev.com", "glitch.com"],
    scriptSrc: ["'self'", "code.jquery.com", "'unsafe-inline'"],
    sandbox: ['allow-forms', 'allow-scripts'],
    styleSrc: ["'self'","cdnjs.cloudflare.com", "'unsafe-inline'"]
  }
}));

More information about the CSP can be found here: https://helmetjs.github.io/docs/csp/

As for the assertion analyser, I cannot remember what I ended up having to do to fix it but this is what ended up working:

function objParser(str, init) {
  // finds objects, arrays, strings, and function arguments
  // between parens, because they may contain ','
  var openSym = ['[', '{', '"', "'", '('];
  var closeSym = [']', '}', '"', "'", ')'];
  var type;
  for(var i = (init || 0); i < str.length; i++ ) {
    type = openSym.indexOf(str[i]);
    if( type !== -1)  break;
  }
  if (type === -1) return null;
  var open = openSym[type];
  var close = closeSym[type];
  var count = 1;
  for(var k = i+1; k < str.length; k++) {
    if(open === '"' || open === "'") {
      if(str[k] === close) count--;
      if(str[k] === '\\') k++;
    } else {
      if(str[k] === open) count++;
      if(str[k] === close) count--;
    }
    if(count === 0) break;
  }
  if(count !== 0) return null;
  var obj = str.slice(i, k+1);
  return {
    start : i,
    end: k,
    obj: obj
  };
}

function replacer(str) {
  // replace objects with a symbol ( __#n)
  var obj;
  var cnt = 0;
  var data = [];
  while(obj = objParser(str)) {
    data[cnt] = obj.obj;
    str = str.substring(0, obj.start) + '__#' + cnt++ + str.substring(obj.end+1)
  }
  return {
    str : str,
    dictionary : data
  }
}

function splitter(str) {
  // split on commas, then restore the objects
  var strObj = replacer(str);
  var args = strObj.str.split(',');
  args = args.map(function(a){
    var m = a.match(/__#(\d+)/);
    while (m) {
      a = a.replace(/__#(\d+)/, strObj.dictionary[m[1]]);
      m = a.match(/__#(\d+)/);
    }
    return a.trim();
  })
  return args;
}

function assertionAnalyser(body) {
  
  // already filtered in the test runner
  // // remove comments
  // body = body.replace(/\/\/.*\n|\/\*.*\*\//g, '');
  // // get test function body
  // body = body.match(/\{\s*([\s\S]*)\}\s*$/)[1];
  
  if(!body) return "invalid assertion";
  // replace assertions bodies, so that they cannot
  // contain the word 'assertion'

  var body = body.match(/(?:browser\s*\.\s*)?assert\s*\.\s*\w*\([\s\S]*\)/)[0];
  var s = replacer(body);
  // split on 'assertion'
  var splittedAssertions = s.str.split('assert');
  var assertions = splittedAssertions.slice(1);
  // match the METHODS

  var assertionBodies = [];
  var methods = assertions.map(function(a, i){
    var m = a.match(/^\s*\.\s*(\w+)__#(\d+)/);
    assertionBodies.push(parseInt(m[2]));
    var pre = splittedAssertions[i].match(/browser\s*\.\s*/) ? 'browser.' : '';
    return pre + m[1];
  });
  if(methods.some(function(m){ return !m })) return "invalid assertion";
  // remove parens from the assertions bodies
  var bodies = assertionBodies.map(function(b){
    return s.dictionary[b].slice(1,-1).trim();
  });
  assertions = methods.map(function(m, i) {
    return {
      method: m,
      args: splitter(bodies[i]) //replace objects, split on ',' ,then restore objects
    }
  })
  return assertions;
}

module.exports = assertionAnalyser;

There was a post on here somewhere which explained what was broken but, surprise, I cannot find it… Anyway, hope this helps.

Sentero-esp12 · May 1, 2020, 5:02pm

This is what helped me:
if (m&&m[2]) assertionBodies.push(parseInt(m[2])); var pre = splittedAssertions[i].match(/browser\s*\.\s*/) ? 'browser.' : ''; if (m&&m[1]) return pre + m[1];

These are 113-115 lines in assertion-analyser.js

Also removing these lines from 1_unit-tests.js

//var StockHandler = require('../controllers/stockHandler.js'); //var stockPrices = new StockHandler();