add test in GCP as well

Author: rluvaton

src/gcp_auth_test.ts

@@ -285,4 +285,25 @@ describe('GoogleCloudPlatformAuth', () => {
             expect(opts.headers.Authorization).to.equal(`Bearer ${token}`);
         }
     });
+
+    it('should throw if tried to run JavaScript inside the token key', async () => {
+        const token = 'token';
+        const responseStr = `{"token":{"accessToken":"${token}"}}`;
+
+        const user = {
+            authProvider: {
+                name: 'gcp',
+                config: {
+                    'cmd-path': join(__dirname, '..', 'test', 'echo space.js'),
+                    'cmd-args': `'${responseStr}'`,
+                    'expiry-key': '{.token.token_expiry}',
+
+                    // The problematic token
+                    'token-key': '{..[?(' + '(function a(arr){' + 'a([...arr, ...arr])' + '})([1]);)]}',
+                },
+            },
+        } as User;
+
+        await expect(auth.applyAuthentication(user, {})).to.eventually.be.rejectedWith('Eval [?(expr)] prevented in JSONPath expression.');
+    });
 });

src/json_path_test.ts

@@ -2,7 +2,7 @@ import { expect } from 'chai';
 import { jsonpath } from './json_path';
 
 describe('jsonpath', () => {
-    it('should throw if vulnerable for RCE (remote code execution)', () => {
+    it('should throw if tried to run JavaScript inside the path', () => {
         expect(() => {
             jsonpath('$..[?(' + '(function a(arr){' + 'a([...arr, ...arr])' + '})([1]);)]', {
                 nonEmpty: 'object',