Feat: extra validations for browser checks (#942)

* fix: scenario names can be any value

* feat: add validation for invalid properties

* chore: add more granular validations for browser scripts

* fix: improve validation on invalid properties to prevent bypassing

Author: VikaCep

src/page/NewCheck/__tests__/BrowserChecks/Scripted/1-script.ui.test.tsx

@@ -7,7 +7,8 @@ const checkType = CheckType.Browser;
 
 const browserImport = `import { browser } from 'k6/browser';`;
 const exportOptions = `export const options = { };`;
-const exportCorrectOptions = `export const options = {scenarios: {
+const exportCorrectOptions = `export const options = { 
+   scenarios: {
     ui: {
       options: {
         browser: {
@@ -62,5 +63,77 @@ describe(`BrowserCheck - 1 (Script) UI`, () => {
       const err = await screen.findByText('Script must set the type to chromium in the browser options.');
       expect(err).toBeInTheDocument();
     });
+
+    it(`will display an error when it defines a duration prop`, async () => {
+      const { user } = await renderNewForm(checkType);
+      const scriptTextAreaPreSubmit = screen.getByTestId(`code-editor`);
+      await user.clear(scriptTextAreaPreSubmit);
+
+      const invalidDurationOptions = `export const options = { 
+        scenarios: {
+          ui: {
+            duration: '1m',
+            options: {
+              browser: {
+                type: 'chromium',
+              },
+            },
+          },
+        },
+      };`;
+      await user.type(scriptTextAreaPreSubmit, browserImport + invalidDurationOptions);
+
+      await submitForm(user);
+      const err = await screen.findByText("Script can't define a duration value for this check");
+      expect(err).toBeInTheDocument();
+    });
+
+    it(`will display an error when it defines vus > 1`, async () => {
+      const { user } = await renderNewForm(checkType);
+      const scriptTextAreaPreSubmit = screen.getByTestId(`code-editor`);
+      await user.clear(scriptTextAreaPreSubmit);
+
+      const invalidVusOptions = `export const options = { 
+        scenarios: {
+          ui: {
+            vus: 2,
+            options: {
+              browser: {
+                type: 'chromium',
+              },
+            },
+          },
+        },
+      };`;
+      await user.type(scriptTextAreaPreSubmit, browserImport + invalidVusOptions);
+
+      await submitForm(user);
+      const err = await screen.findByText("Script can't define vus > 1 for this check");
+      expect(err).toBeInTheDocument();
+    });
+
+    it(`will display an error when it defines iterations > 1`, async () => {
+      const { user } = await renderNewForm(checkType);
+      const scriptTextAreaPreSubmit = screen.getByTestId(`code-editor`);
+      await user.clear(scriptTextAreaPreSubmit);
+
+      const invalidIterationsOptions = `export const options = { 
+        scenarios: {
+          ui: {
+            iterations: 2,
+            options: {
+              browser: {
+                type: 'chromium',
+              },
+            },
+          },
+        },
+      };`;
+      await user.type(scriptTextAreaPreSubmit, browserImport + invalidIterationsOptions);
+
+      await submitForm(user);
+      const err = await screen.findByText("Script can't define iterations > 1 for this check");
+      expect(err).toBeInTheDocument();
+    });
   });
 });

src/schemas/forms/script/parser.ts

@@ -32,7 +32,7 @@ function getPropertyValueByPath(obj: ObjectExpression, path: string[]): any {
     } else if (property?.value.type === 'Literal') {
       current = property.value.value;
     } else {
-      return undefined;
+      return property?.value;
     }
   }
   return current;
@@ -60,12 +60,18 @@ const optionExportMatcher: SimpleVisitors<{ options: ObjectExpression | null }>
   },
 };
 
-export function checkForChromium(objectExpression: ObjectExpression): boolean {
-  // Path to the property we're interested in
-  const path = ['scenarios', 'ui', 'options', 'browser', 'type'];
-  const value = getPropertyValueByPath(objectExpression, path);
+export function getProperty(objectExpression: ObjectExpression, propPath: string[]) {
+  const scenarios = getPropertyValueByPath(objectExpression, ['scenarios']);
+  if (!scenarios || scenarios.type !== 'ObjectExpression') {
+    return false;
+  }
 
-  return value === 'chromium';
+  for (const scenario of scenarios.properties) {
+    if (scenario.key.type === 'Identifier') {
+      const propValue = getPropertyValueByPath(scenario.value, propPath);
+      return propValue;
+    }
+  }
 }
 
 interface ImportBrowserState {

src/schemas/forms/script/validation.ts

@@ -1,6 +1,6 @@
 import { RefinementCtx, ZodIssueCode } from 'zod';
 
-import { checkForChromium, extractImportStatement, extractOptionsExport, parseScript } from './parser';
+import { extractImportStatement, extractOptionsExport, getProperty, parseScript } from './parser';
 
 const MAX_SCRIPT_IN_KB = 128;
 
@@ -36,13 +36,40 @@ export function validateBrowserScript(script: string, context: RefinementCtx) {
     });
   }
 
-  if (!checkForChromium(options)) {
+  const hasChromium = getProperty(options, ['options', 'browser', 'type']) === 'chromium';
+  if (!hasChromium) {
     return context.addIssue({
       code: ZodIssueCode.custom,
       message: 'Script must set the type to chromium in the browser options.',
     });
   }
 
+  const hasInvalidDuration = getProperty(options, ['duration']) !== undefined;
+  if (hasInvalidDuration) {
+    return context.addIssue({
+      code: ZodIssueCode.custom,
+      message: "Script can't define a duration value for this check",
+    });
+  }
+
+  const vus = getProperty(options, ['vus']);
+  const hasInvaludVus = vus !== undefined && vus !== 1;
+  if (hasInvaludVus) {
+    return context.addIssue({
+      code: ZodIssueCode.custom,
+      message: "Script can't define vus > 1 for this check",
+    });
+  }
+
+  const iterations = getProperty(options, ['iterations']);
+  const hasInvalidIterations = iterations !== undefined && iterations !== 1;
+  if (hasInvalidIterations) {
+    return context.addIssue({
+      code: ZodIssueCode.custom,
+      message: "Script can't define iterations > 1 for this check",
+    });
+  }
+
   const browserImport = extractImportStatement(program);
 
   if (browserImport === null) {