Example #1
0
        public void CreateXXssProtectionResult_Disabled_ReturnsNull()
        {
            var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.Disabled };

            var result = _generator.CreateXXssProtectionResult(xssProtection);

            Assert.IsNull(result);
        }
Example #2
0
        public void CreateXXssProtectionResult_FilterEnabledPolicyWithBlockmode_ReturnsSetXssProtectionEnabledWithBlockModeResult()
        {
            var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled, BlockMode = true };

            var result = _generator.CreateXXssProtectionResult(xssProtection);

            Assert.IsNotNull(result);
            Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
            Assert.AreEqual("X-XSS-Protection", result.Name);
            Assert.AreEqual("1; mode=block", result.Value);
        }
Example #3
0
        public void CreateXXssProtectionResult_FilterDisabledPolicy_ReturnsSetXXssProtectionDisabledResult()
        {
            var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterDisabled };

            var result = _generator.CreateXXssProtectionResult(xssProtection);

            Assert.IsNotNull(result);
            Assert.AreEqual(HeaderResult.ResponseAction.Set, result.Action);
            Assert.AreEqual("X-XSS-Protection", result.Name);
            Assert.AreEqual("0", result.Value);
        }
Example #4
0
        public void GetXXssProtectionWithOverride_ConfigOverriden_ReturnsOverrideElement()
        {
            var configOverride = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled };

            _headerConfigurationOverrideHelper.SetXXssProtectionOverride(_mockContext, configOverride);

            Assert.AreSame(configOverride, _headerConfigurationOverrideHelper.GetXXssProtectionWithOverride(_mockContext));
        }
Example #5
0
        public void SetXXssProtectionHeader_Override_CreatesAndHandlesHeaderResult()
        {
            var contextConfig = new XXssProtectionConfiguration();
            var overrideConfig = new XXssProtectionConfiguration();
            _contextHelper.Setup(h => h.GetXXssProtectionConfiguration(It.IsAny<HttpContextBase>())).Returns(contextConfig);
            _configurationOverrideHelper.Setup(h => h.GetXXssProtectionWithOverride(It.IsAny<HttpContextBase>())).Returns(overrideConfig);
            _headerGenerator.Setup(g => g.CreateXXssProtectionResult(overrideConfig, contextConfig)).Returns(_expectedHeaderResult);

            _overrideHelper.SetXXssProtectionHeader(_mockContext);

            _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), _expectedHeaderResult), Times.Once);
        }
Example #6
0
        public void SetXXssProtectionHeader_NoOverride_DoesNothing()
        {
            var contextConfig = new XXssProtectionConfiguration();
            _contextHelper.Setup(h => h.GetXXssProtectionConfiguration(It.IsAny<HttpContextBase>())).Returns(contextConfig);
            _configurationOverrideHelper.Setup(h => h.GetXXssProtectionWithOverride(It.IsAny<HttpContextBase>())).Returns((XXssProtectionConfiguration)null);

            _overrideHelper.SetXXssProtectionHeader(_mockContext);

            _headerGenerator.Verify(g => g.CreateXXssProtectionResult(It.IsAny<XXssProtectionConfiguration>(), It.IsAny<XXssProtectionConfiguration>()), Times.Never);
            _headerResultHandler.Verify(h => h.HandleHeaderResult(It.IsAny<HttpResponseBase>(), It.IsAny<HeaderResult>()), Times.Never);
        }
Example #7
0
        public void GetXXssProtectionConfiguration_HasOwinConfig_ReturnsOwinConfig()
        {
            SetupOwinContext();
            var config = new XXssProtectionConfiguration();
            _owinContext.XXssProtection = config;

            var result = _contextHelper.GetXXssProtectionConfiguration(_mockContext);

            Assert.AreSame(config, result);
        }
Example #8
0
        public void GetXXssProtectionConfiguration_NoOwinContext_ReturnsSystemWebConfig()
        {
            var config = new XXssProtectionConfiguration();
            _systemWebContext.XXssProtection = config;

            var result = _contextHelper.GetXXssProtectionConfiguration(_mockContext);

            Assert.AreSame(config, result);
        }
Example #9
0
 /// <summary>
 /// Initializes a new instance of the <see cref="XXssProtectionAttribute"/> class
 /// </summary>
 public XXssProtectionAttribute()
 {
     _config = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterEnabled, BlockMode = true };
     _headerConfigurationOverrideHelper = new HeaderConfigurationOverrideHelper();
     _headerOverrideHelper = new HeaderOverrideHelper();
 }
Example #10
0
        public void CreateXXssProtectionResult_DisabledWithFilterEnabledinOldconfig_ReturnsRemoveXXssProtectionResult()
        {
            var oldXssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.FilterDisabled };
            var xssProtection = new XXssProtectionConfiguration { Policy = XXssPolicy.Disabled };

            var result = _generator.CreateXXssProtectionResult(xssProtection, oldXssProtection);

            Assert.IsNotNull(result);
            Assert.AreEqual("X-XSS-Protection", result.Name);
            Assert.AreEqual(HeaderResult.ResponseAction.Remove, result.Action);
        }