public void DuplicateAtomContentPropertiesShouldBeReject(string element) { AttackStringBuilder asb = new AttackStringBuilder(); asb.Append(@"<?xml version=""1.0"" encoding=""utf-8""?><entry xmlns=""http://www.w3.org/2005/Atom"" xmlns:d=""http://schemas.microsoft.com/ado/2007/08/dataservices"" xmlns:m=""http://schemas.microsoft.com/ado/2007/08/dataservices/metadata""><id /><title /><updated>2013-01-11T00:45:34Z</updated><author><name /></author><content type=""application/xml""><m:properties>"); asb.Repeat(element, 10000); asb.Append(@"</m:properties></content></entry>"); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, this.BaseAddress + "/Security_ArrayModel"); request.Content = new StringContent(asb.ToString(), Encoding.Unicode, "application/atom+xml"); var response = this.Client.SendAsync(request).Result; Assert.False(response.IsSuccessStatusCode); }
public void BigDataServiceVersionHeaderShouldBeRejected() { var model = new Security_ArrayModel(); AttackStringBuilder asb = new AttackStringBuilder(); asb.Append("3.0").Repeat("0", 100000); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, this.BaseAddress + "/Security_ArrayModel"); request.Content = new ObjectContent <Security_ArrayModel>(model, new JsonMediaTypeFormatter(), MediaTypeHeaderValue.Parse("application/json")); request.Headers.Add("DataServiceVersion", asb.ToString()); var response = this.Client.SendAsync(request).Result; Assert.False(response.IsSuccessStatusCode); }
public async Task BigDataServiceVersionHeaderShouldBeRejected() { var model = new Security_ArrayModel(); AttackStringBuilder asb = new AttackStringBuilder(); asb.Append("3.0").Repeat("0", 100000); HttpRequestMessage request = new HttpRequestMessage(HttpMethod.Post, this.BaseAddress + "/Security_ArrayModel"); request.Content = new StringContent(JsonConvert.SerializeObject(model)); request.Content.Headers.ContentType = MediaTypeHeaderValue.Parse("application/json"); request.Headers.Add("DataServiceVersion", asb.ToString()); var response = await this.Client.SendAsync(request); Assert.False(response.IsSuccessStatusCode); }
public void TestDeepNestedUri() { var url = new AttackStringBuilder().Append("/UriParser_Model1(0)/").Repeat("Self/", 150).ToString(); var response = this.Client.GetAsync(this.BaseAddress + url).Result; }