public void Should_apply_allow_and_deny_list_when_passed() { var headers = new Dictionary <string, string> { { "Accept", "test" }, { "Authorization", "secret" }, { "Cookie", "secret" }, { "Content-Length", "0" }, { "Ok", "OK" }, { "User-Agent", "Mozilla 1234" }, { "X-Forwarded-For", "1.2.3.4" } }; var result = HeaderScrubber.Scrub(headers, new [] { "Content-Length" }, new [] { "Ok" }); result .Select(x => x.Value) .Should() .Equal(new string[] { "true", "true", "true", "0", "true", "Mozilla 1234", "true" }); }
public void Should_always_allow_default_allowlist() { var allowList = new string[] { "Only-This" }; var headers = new Dictionary <string, string> { { "User-Agent", "something" } }; var result = HeaderScrubber.Scrub(headers, allowList, new string[] { }); result.Should().Equal(headers); }
internal ActionRequest PrepareApiCopy(string[] allowList, string[] denyList) { var copy = (ActionRequest)MemberwiseClone(); var scrubbed = HeaderScrubber.Scrub(Context.Headers, allowList, denyList); copy.Context = Context.WithHeaders(scrubbed); copy.SentAt = DateTime.Now; // Newtonsoft.Json doesn't apply custom converter to null values, so this must be empty instead copy.Context.ClientId = copy.Context.ClientId ?? ""; return(copy); }
public void Should_scrub_all_not_in_allowlist_to_truestring_regardless_of_casing( string[] unallowed, string[] allowList) { var headers = new Dictionary <string, string>( unallowed.Select(ToDictionaryEntry) .Union(allowList.Select(x => ToDictionaryEntry(x.ToUpper())))); var result = HeaderScrubber.Scrub(headers, allowList, new string[] { }); result .Where(x => x.Value == "true") .Select(x => x.Key) .Should() .Equal(unallowed, (s1, s2) => string.Equals(s1, s2, StringComparison.OrdinalIgnoreCase)); }
public void Should_always_apply_default_denylist() { var headers = new Dictionary <string, string> { { "Authorization", "secret" }, { "Cookie", "secret" }, { "Other", "secret" } }; var result = HeaderScrubber.Scrub(headers, new string[] { }, new string[] { "Other" }); result .Select(x => x.Value) .Should() .Equal(new string[] { "true", "true", "true" }); }
public void Should_scrub_http_from_header() { var headers = new Dictionary <string, string> { { "HTTP_Authorization", "secret" }, { "Cookie", "secret" }, { "HTTP_OK", "test" }, { "http_Another", "test" } }; var result = HeaderScrubber.Scrub(headers, new string[] { }, new string[] { }); result .Select(x => x.Value) .Should() .Equal(new string[] { "true", "true", "test", "test" }); }
public void Should_not_throw_exception_if_lists_are_null(Dictionary <string, string> headers) { var result = HeaderScrubber.Scrub(headers, null, null); }