Example #1
0
        public void Should_apply_allow_and_deny_list_when_passed()
        {
            var headers = new Dictionary <string, string> {
                {
                    "Accept", "test"
                },
                {
                    "Authorization", "secret"
                },
                {
                    "Cookie", "secret"
                },
                {
                    "Content-Length", "0"
                },
                {
                    "Ok", "OK"
                },
                {
                    "User-Agent", "Mozilla 1234"
                },
                {
                    "X-Forwarded-For", "1.2.3.4"
                }
            };

            var result = HeaderScrubber.Scrub(headers, new [] { "Content-Length" }, new [] { "Ok" });

            result
            .Select(x => x.Value)
            .Should()
            .Equal(new string[] { "true", "true", "true", "0", "true", "Mozilla 1234", "true" });
        }
Example #2
0
        public void Should_always_allow_default_allowlist()
        {
            var allowList = new string[] { "Only-This" };
            var headers   = new Dictionary <string, string> {
                {
                    "User-Agent", "something"
                }
            };

            var result = HeaderScrubber.Scrub(headers, allowList, new string[] { });

            result.Should().Equal(headers);
        }
Example #3
0
        internal ActionRequest PrepareApiCopy(string[] allowList, string[] denyList)
        {
            var copy     = (ActionRequest)MemberwiseClone();
            var scrubbed = HeaderScrubber.Scrub(Context.Headers, allowList, denyList);

            copy.Context = Context.WithHeaders(scrubbed);

            copy.SentAt = DateTime.Now;

            // Newtonsoft.Json doesn't apply custom converter to null values, so this must be empty instead
            copy.Context.ClientId = copy.Context.ClientId ?? "";

            return(copy);
        }
Example #4
0
        public void Should_scrub_all_not_in_allowlist_to_truestring_regardless_of_casing(
            string[] unallowed,
            string[] allowList)
        {
            var headers = new Dictionary <string, string>(
                unallowed.Select(ToDictionaryEntry)
                .Union(allowList.Select(x => ToDictionaryEntry(x.ToUpper()))));

            var result = HeaderScrubber.Scrub(headers, allowList, new string[] { });

            result
            .Where(x => x.Value == "true")
            .Select(x => x.Key)
            .Should()
            .Equal(unallowed, (s1, s2) => string.Equals(s1, s2, StringComparison.OrdinalIgnoreCase));
        }
Example #5
0
        public void Should_always_apply_default_denylist()
        {
            var headers = new Dictionary <string, string> {
                {
                    "Authorization", "secret"
                },
                {
                    "Cookie", "secret"
                },
                {
                    "Other", "secret"
                }
            };

            var result = HeaderScrubber.Scrub(headers, new string[] { }, new string[] { "Other" });

            result
            .Select(x => x.Value)
            .Should()
            .Equal(new string[] { "true", "true", "true" });
        }
Example #6
0
        public void Should_scrub_http_from_header()
        {
            var headers = new Dictionary <string, string> {
                {
                    "HTTP_Authorization", "secret"
                },
                {
                    "Cookie", "secret"
                },
                {
                    "HTTP_OK", "test"
                },
                {
                    "http_Another", "test"
                }
            };

            var result = HeaderScrubber.Scrub(headers, new string[] { }, new string[] { });

            result
            .Select(x => x.Value)
            .Should()
            .Equal(new string[] { "true", "true", "test", "test" });
        }
Example #7
0
 public void Should_not_throw_exception_if_lists_are_null(Dictionary <string, string> headers)
 {
     var result = HeaderScrubber.Scrub(headers, null, null);
 }