public void Test_Execute() { IIntrusionDetector detector = Esapi.IntrusionDetector; string url = Guid.NewGuid().ToString(); TransferAction action = new TransferAction(url); // Set context MockHttpContext.InitializeCurrentContext(); SurrogateWebPage page = new SurrogateWebPage(); HttpContext.Current.Handler = page; // Block try { Assert.AreNotEqual(HttpContext.Current.Request.RawUrl, action.Url); action.Execute(ActionArgs.Empty); Assert.Fail("Request not terminated"); } catch (Exception exp) { // FIXME : so far there is no other way to test the transfer except to check // the stack of the exception. Ideally we should be able to mock the request // transfer itself Assert.IsTrue(exp.StackTrace.Contains("at System.Web.HttpServerUtility.TransferRequest(String path)")); } }
public void Test_Execute() { IIntrusionDetector detector = Esapi.IntrusionDetector; string url = Guid.NewGuid().ToString(); RedirectAction action = new RedirectAction(url); // Set context MockHttpContext.InitializeCurrentContext(); SurrogateWebPage page = new SurrogateWebPage(); HttpContext.Current.Handler = page; // Block try { Assert.AreNotEqual(HttpContext.Current.Request.RawUrl, action.Url); action.Execute(ActionArgs.Empty); Assert.Fail("Request not terminated"); } catch (Exception exp) { // FIXME : so far there is no other way to test the redirect except to check // the stack of the exception. Ideally we should be able to mock the request // redirect itself Assert.IsTrue(exp.StackTrace.Contains("at System.Web.HttpResponse.Redirect(String url, Boolean endResponse)")); } }
public void Test_AddCsrfToken() { MockHttpContext.InitializeCurrentContext(); SurrogateWebPage page = new SurrogateWebPage(); HttpContext.Current.Handler = page; Esapi.HttpUtilities.AddCsrfToken(); Assert.AreEqual(page.ViewStateUserKey, HttpContext.Current.Session.SessionID); }
public void Test_Execute() { IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector; Assert.IsNotNull(detector); // Should be loaded by default BlockAction action = new BlockAction(); // Set context MockHttpContext.InitializeCurrentContext(); SurrogateWebPage page = new SurrogateWebPage(); HttpContext.Current.Handler = page; // Block Assert.AreNotEqual(HttpContext.Current.Response.StatusCode, action.StatusCode); action.Execute(ActionArgs.Empty); Assert.AreEqual(HttpContext.Current.Response.StatusCode, action.StatusCode); }