public CspConfiguration(bool initializeDirectives = true)
{
if (!initializeDirectives)
{
return;
}
DefaultSrcDirective = new CspDirectiveConfiguration();
ScriptSrcDirective = new CspDirectiveConfiguration();
ObjectSrcDirective = new CspDirectiveConfiguration();
StyleSrcDirective = new CspDirectiveConfiguration();
ImgSrcDirective = new CspDirectiveConfiguration();
MediaSrcDirective = new CspDirectiveConfiguration();
FrameSrcDirective = new CspDirectiveConfiguration();
FontSrcDirective = new CspDirectiveConfiguration();
ConnectSrcDirective = new CspDirectiveConfiguration();
BaseUriDirective = new CspDirectiveConfiguration();
ChildSrcDirective = new CspDirectiveConfiguration();
FormActionDirective = new CspDirectiveConfiguration();
FrameAncestorsDirective = new CspDirectiveConfiguration();
ManifestSrcDirective = new CspDirectiveConfiguration();
PluginTypesDirective = new CspPluginTypesDirectiveConfiguration();
SandboxDirective = new CspSandboxDirectiveConfiguration();
UpgradeInsecureRequestsDirective = new CspUpgradeDirectiveConfiguration();
MixedContentDirective = new CspMixedContentDirectiveConfiguration();
ReportUriDirective = new CspReportUriDirectiveConfiguration();
}
public void GetOverridenCspMixedContentConfig_EnableOverride_OverridesEnabled(bool expectedResult)
{
var directiveConfig = new CspMixedContentDirectiveConfiguration {
Enabled = !expectedResult
};
var directiveOverride = new CspMixedContentOverride {
Enabled = expectedResult
};
var newConfig = _overrideHelper.GetOverridenCspMixedContentConfig(directiveOverride, directiveConfig);
Assert.Equal(expectedResult, newConfig.Enabled);
}
public void GetCspMixedContentConfigCloned_Configured_ClonesDirective(bool enabled)
{
var directive = new CspMixedContentDirectiveConfiguration {
Enabled = enabled
};
var cspConfig = new CspConfiguration(false)
{
MixedContentDirective = directive
};
var mapper = new CspConfigMapper();
var result = mapper.GetCspMixedContentConfigCloned(cspConfig);
Assert.NotNull(result);
Assert.NotSame(directive, result);
Assert.Equal(directive.Enabled, result.Enabled);
}
public void SetCspMixedContentOverride_HasOverride_OverridesExistingOverride(bool reportOnly)
{
//There's an override for directive
var currentDirectiveOverride = new CspMixedContentDirectiveConfiguration();
var overrideConfig = new CspOverrideConfiguration {
MixedContentDirective = currentDirectiveOverride
};
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContext>(), reportOnly, false)).Returns(overrideConfig);
//We need an override and a result.
var directiveOverride = new CspMixedContentOverride();
var directiveOverrideResult = new CspMixedContentDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspMixedContentConfig(directiveOverride, currentDirectiveOverride)).Returns(directiveOverrideResult);
_cspConfigurationOverrideHelper.SetCspMixedContentOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.Same(directiveOverrideResult, overrideConfig.MixedContentDirective);
}
public void SetCspMixedContentOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides(bool reportOnly)
{
var contextConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
//Returns CSP config from context
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny <HttpContext>(), reportOnly)).Returns(contextConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContext>(), reportOnly, false)).Returns(overrideConfig);
//Returns cloned directive config from context config
var clonedContextDirective = new CspMixedContentDirectiveConfiguration();
_directiveConfigMapper.Setup(m => m.GetCspMixedContentConfigCloned(contextConfig)).Returns(clonedContextDirective);
//We need an override and a result.
var directiveOverride = new CspMixedContentOverride();
var directiveOverrideResult = new CspMixedContentDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspMixedContentConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);
_cspConfigurationOverrideHelper.SetCspMixedContentOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.Same(directiveOverrideResult, overrideConfig.MixedContentDirective);
}