public void ValidateRedirect_EnabledAndAbsoluteRedirectToSameSiteWithQueryString_NoException()
{
const int statusCode = 302;
const string location = "https://www.nwebsec.com/Something/Worth/Seeing?foo=bar";
var config = new RedirectValidationConfiguration {
Enabled = true
};
_redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config);
}
public void ValidateRedirect_EnabledAndAbsoluteRedirectToSameSite_NoException()
{
const int statusCode = 302;
const string location = "https://www.nwebsec.com/Something/Worth/Seeing";
var config = new RedirectValidationConfiguration {
Enabled = true
};
Assert.DoesNotThrow(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config));
}
public void ValidateRedirect_EnabledAndRelativeRedirectWithQueryString_NoException()
{
const int statusCode = 302;
const string location = "/Some/Interesting/Content?foo=bar";
var config = new RedirectValidationConfiguration {
Enabled = true
};
_redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config);
}
public void ValidateRedirect_EnabledAndRedirect_ThrowsException()
{
const int statusCode = 302;
const string location = "http://evilsite.com";
var config = new RedirectValidationConfiguration {
Enabled = true
};
Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config));
}
public void ValidateRedirect_DisabledAndRedirect_NoException()
{
const int statusCode = 302;
const string location = "http://evilsite.com";
var config = new RedirectValidationConfiguration {
Enabled = false
};
_redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config);
}
public void ValidateRedirect_EnabledAndRelativeRedirect_NoException()
{
const int statusCode = 302;
const string location = "/Some/Interesting/Content";
var config = new RedirectValidationConfiguration {
Enabled = true
};
Assert.DoesNotThrow(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config));
}
public void ValidateRedirect_EnabledAndNoRedirect_NoException()
{
var config = new RedirectValidationConfiguration {
Enabled = true
};
foreach (var statusCode in new[] { 200, 304, 401, 403, 404, 500 })
{
_redirectValidator.ValidateRedirect(statusCode, "", RequestUriHttps, config);
}
}
public void ValidateRedirect_EnabledAndAbsoluteRedirectToPort_ThrowsException()
{
const int statusCode = 302;
const string location = "https://www.nwebsec.com:81/";
var config = new RedirectValidationConfiguration
{
Enabled = true,
AllowedUris = new[] { new Uri("https://www.expectedsite.com").AbsoluteUri }
};
Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config));
}
public void ValidateRedirect_EnabledAndAbsoluteRedirectToParentPathWithQueryString_ThrowsException()
{
const int statusCode = 302;
const string location = "https://www.expectedsite.com/?foo=bar";
var config = new RedirectValidationConfiguration
{
Enabled = true,
AllowedUris = new[] { new Uri("https://www.expectedsite.com/Kittens").AbsoluteUri }
};
Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config));
}
public void ValidateRedirect_EnabledAndAbsoluteRedirectToSubPath_NoException()
{
const int statusCode = 302;
const string location = "https://www.expectedsite.com/Kittens";
var config = new RedirectValidationConfiguration
{
Enabled = true,
AllowedUris = new[] { new Uri("https://www.expectedsite.com").AbsoluteUri }
};
_redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config);
}
public void ValidateRedirect_EnabledAndAbsoluteRedirectToWhiteListedSite_NoException()
{
const int statusCode = 302;
const string location = "https://www.expectedsite.com";
var config = new RedirectValidationConfiguration
{
Enabled = true,
AllowedUris = new[] { new Uri("https://www.expectedsite.com").AbsoluteUri }
};
Assert.DoesNotThrow(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config));
}
public void ValidateRedirect_SamehostToHttpsOtherThanConfiguredCustomPortsIncluding443_ThrowsException()
{
const int statusCode = 302;
var config = new RedirectValidationConfiguration
{
Enabled = true,
SameHostRedirectConfiguration = new SameHostHttpsRedirectConfiguration {
Enabled = true, Ports = new[] { 4567, 443 }
}
};
Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:9999/", RequestUriHttp, config));
}
public void ValidateRedirect_SamehostToHttpsOnConfiguredCustomPorts_NoException()
{
const int statusCode = 302;
var config = new RedirectValidationConfiguration
{
Enabled = true,
SameHostRedirectConfiguration = new SameHostHttpsRedirectConfiguration {
Enabled = true, Ports = new[] { 4567, 8989 }
}
};
_redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:4567/", RequestUriHttp, config);
_redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:8989/", RequestUriHttp, config);
}
public void ValidateRedirect_SamehostToHttpsAndNoCustomPortsConfigured_NoException()
{
const int statusCode = 302;
var config = new RedirectValidationConfiguration
{
Enabled = true,
SameHostRedirectConfiguration = new SameHostHttpsRedirectConfiguration {
Enabled = true
}
};
_redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com/", RequestUriHttp, config);
_redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:443/", RequestUriHttp, config);
}
