public ICspSandboxDirectiveConfiguration GetOverridenCspSandboxConfig(CspSandboxOverride directiveOverride, ICspSandboxDirectiveConfiguration directiveConfig)
        {
            var result = directiveConfig ?? new CspSandboxDirectiveConfiguration();

            result.Enabled = directiveOverride.Enabled;

            if (directiveOverride.AllowForms.HasValue)
            {
                result.AllowForms = (bool)directiveOverride.AllowForms;
            }

            if (directiveOverride.AllowPointerLock.HasValue)
            {
                result.AllowPointerLock = (bool)directiveOverride.AllowPointerLock;
            }

            if (directiveOverride.AllowPopups.HasValue)
            {
                result.AllowPopups = (bool)directiveOverride.AllowPopups;
            }

            if (directiveOverride.AllowSameOrigin.HasValue)
            {
                result.AllowSameOrigin = (bool)directiveOverride.AllowSameOrigin;
            }

            if (directiveOverride.AllowScripts.HasValue)
            {
                result.AllowScripts = (bool)directiveOverride.AllowScripts;
            }

            if (directiveOverride.AllowTopNavigation.HasValue)
            {
                result.AllowTopNavigation = (bool)directiveOverride.AllowTopNavigation;
            }
            return result;
        }
        public void SetCspSandboxOverride_HasOverride_OverridesExistingOverride([Values(false, true)]bool reportOnly)
        {
            //There's an override for directive
            var currentDirectiveOverride = new CspSandboxDirectiveConfiguration();
            var overrideConfig = new CspOverrideConfiguration {SandboxDirective = currentDirectiveOverride};
            _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
            //We need an override and a result.
            var directiveOverride = new CspSandboxOverride();
            var directiveOverrideResult = new CspSandboxDirectiveConfiguration();
            _directiveOverrideHelper.Setup(h => h.GetOverridenCspSandboxConfig(directiveOverride, currentDirectiveOverride)).Returns(directiveOverrideResult);

            CspConfigurationOverrideHelper.SetCspSandboxOverride(MockContext, directiveOverride, reportOnly);

            //Verify that the override result was set on the override config.
            Assert.AreSame(directiveOverrideResult, overrideConfig.SandboxDirective);
        }
        public void SetCspSandboxOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly)
        {

            var contextConfig = new CspConfiguration();
            var overrideConfig = new CspOverrideConfiguration();
            //Returns CSP config from context
            _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig);
            _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
            //Returns cloned directive config from context config
            var clonedContextDirective = new CspSandboxDirectiveConfiguration();
            _directiveConfigMapper.Setup(m => m.GetCspSandboxConfigCloned(contextConfig)).Returns(clonedContextDirective);
            //We need an override and a result.
            var directiveOverride = new CspSandboxOverride();
            var directiveOverrideResult = new CspSandboxDirectiveConfiguration();
            _directiveOverrideHelper.Setup(h => h.GetOverridenCspSandboxConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);

            CspConfigurationOverrideHelper.SetCspSandboxOverride(MockContext, directiveOverride, reportOnly);

            //Verify that the override result was set on the override config.
            Assert.AreSame(directiveOverrideResult, overrideConfig.SandboxDirective);
        }
        internal void SetCspSandboxOverride(HttpContextBase context, CspSandboxOverride config, bool reportOnly)
        {
            var overrides = _contextConfigurationHelper.GetCspConfigurationOverride(context, reportOnly, false);

            var directiveToOverride = overrides.SandboxDirective;

            if (directiveToOverride == null)
            {
                var baseConfig = _contextConfigurationHelper.GetCspConfiguration(context, reportOnly);
                directiveToOverride = _configMapper.GetCspSandboxConfigCloned(baseConfig);
            }

            var newConfig = _cspDirectiveOverrideHelper.GetOverridenCspSandboxConfig(config, directiveToOverride);

            overrides.SandboxDirective = newConfig;
        }
        public void GetOverridenCspSandboxConfig_AllowTopNavigationNotSet_InheritsAllowTopNavigation([Values(true, false)] bool expectedResult)
        {
            var directiveConfig = new CspSandboxDirectiveConfiguration { AllowTopNavigation = expectedResult };
            var directiveOverride = new CspSandboxOverride();

            var newConfig = _overrideHelper.GetOverridenCspSandboxConfig(directiveOverride, directiveConfig);

            Assert.AreEqual(expectedResult, newConfig.AllowTopNavigation);
        }
        public void GetOverridenCspSandboxConfig_AllowScriptsOverride_OverridesAllowScripts([Values(true, false)] bool expectedResult)
        {
            var directiveConfig = new CspSandboxDirectiveConfiguration { AllowScripts = !expectedResult };
            var directiveOverride = new CspSandboxOverride { AllowScripts = expectedResult };

            var newConfig = _overrideHelper.GetOverridenCspSandboxConfig(directiveOverride, directiveConfig);

            Assert.AreEqual(expectedResult, newConfig.AllowScripts);
        }
        public void GetOverridenCspSandboxConfig_EnableOverride_OverridesEnabled([Values(true, false)] bool expectedResult)
        {
            var directiveConfig = new CspSandboxDirectiveConfiguration { Enabled = !expectedResult };
            var directiveOverride = new CspSandboxOverride { Enabled = expectedResult };

            var newConfig = _overrideHelper.GetOverridenCspSandboxConfig(directiveOverride, directiveConfig);

            Assert.AreEqual(expectedResult, newConfig.Enabled);
        }
Ejemplo n.º 8
0
 protected CspSandboxAttributeBase()
 {
     _directive = new CspSandboxOverride { Enabled = true };
     _configurationOverrideHelper = new CspConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper();
 }