public void GetOverridenCspPluginTypesConfig_NullConfig_ReturnsNewDefaultConfig()
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration();
var directiveOverride = new CspPluginTypesOverride {
Enabled = directiveConfig.Enabled
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, null);
Assert.NotSame(directiveConfig, newConfig);
Assert.Equal(newConfig, directiveConfig, new CspPluginTypesDirectiveConfigurationEqualityComparer());
}
public void GetOverridenCspPluginTypesConfig_EnabledOverride_EnabledOverriden(bool expectedResult)
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
Enabled = !expectedResult
};
var directiveOverride = new CspPluginTypesOverride {
Enabled = expectedResult
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.Equal(expectedResult, newConfig.Enabled);
}
protected CspPluginTypesAttributeBase(params string[] mediaTypes)
{
_directive = new CspPluginTypesOverride {
Enabled = true, InheritMediaTypes = true
};
_configurationOverrideHelper = new CspConfigurationOverrideHelper();
_headerOverrideHelper = new HeaderOverrideHelper();
if (mediaTypes.Length > 0)
{
_directive.MediaTypes = mediaTypes;
}
}
public void GetOverridenCspPluginTypesConfig_MediaTypesOverride_OverriddesMediaTypes()
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf" }
};
var directiveOverride = new CspPluginTypesOverride {
MediaTypes = new[] { "image/png" }, InheritMediaTypes = false
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.True(newConfig.MediaTypes.Count() == 1);
Assert.True(newConfig.MediaTypes.First().Equals("image/png"));
}
public void GetOverridenCspPluginTypesConfig_NoMediaTypesOverride_KeepsMediaTypes()
{
var expectedMediaTypes = new[] { "application/pdf" };
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = expectedMediaTypes
};
var directiveOverride = new CspPluginTypesOverride {
InheritMediaTypes = true
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.True(expectedMediaTypes.SequenceEqual(newConfig.MediaTypes), "MediaTypes differed.");
}
public void GetOverridenCspPluginTypesConfig_MediaTypesOverrideWithMediaTypesInherited_KeepsAllMediaTypes()
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
var directiveOverride = new CspPluginTypesOverride {
MediaTypes = new[] { "image/png" }, InheritMediaTypes = true
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.Equal(2, newConfig.MediaTypes.Count());
Assert.Contains("application/pdf", newConfig.MediaTypes.ToList());
Assert.Contains("image/png", newConfig.MediaTypes.ToList());
}
public override void Process(TagHelperContext context, TagHelperOutput output)
{
new Rfc2045MediaTypeValidator().Validate(NwsCspPluginType);
var configOverride = new CspPluginTypesOverride {
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { NwsCspPluginType }
};
_cspConfigOverride.SetCspPluginTypesOverride(ViewContext.HttpContext, configOverride, false);
_cspConfigOverride.SetCspPluginTypesOverride(ViewContext.HttpContext, configOverride, true);
_headerOverride.SetCspHeaders(ViewContext.HttpContext, false);
_headerOverride.SetCspHeaders(ViewContext.HttpContext, true);
output.Attributes.Add(new TagHelperAttribute("type", NwsCspPluginType));
}
internal void SetCspPluginTypesOverride(HttpContextBase context, CspPluginTypesOverride config, bool reportOnly)
{
var overrides = _contextConfigurationHelper.GetCspConfigurationOverride(context, reportOnly, false);
var directiveToOverride = overrides.PluginTypesDirective;
if (directiveToOverride == null)
{
var baseConfig = _contextConfigurationHelper.GetCspConfiguration(context, reportOnly);
directiveToOverride = _configMapper.GetCspPluginTypesConfigCloned(baseConfig);
}
var newConfig = _cspDirectiveOverrideHelper.GetOverridenCspPluginTypesConfig(config, directiveToOverride);
overrides.PluginTypesDirective = newConfig;
}
public void SetCspPluginTypesOverride_HasOverride_OverridesExistingOverride([Values(false, true)] bool reportOnly)
{
//There's an override for directive
var currentDirectiveOverride = new CspPluginTypesDirectiveConfiguration();
var overrideConfig = new CspOverrideConfiguration {
PluginTypesDirective = currentDirectiveOverride
};
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//We need an override and a result.
var directiveOverride = new CspPluginTypesOverride();
var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, currentDirectiveOverride)).Returns(directiveOverrideResult);
CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective);
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType));
return(new HtmlString(attribute));
}
public void SetCspPluginTypesOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)] bool reportOnly)
{
var contextConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
//Returns CSP config from context
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny <HttpContextBase>(), reportOnly)).Returns(contextConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//Returns cloned directive config from context config
var clonedContextDirective = new CspPluginTypesDirectiveConfiguration();
_directiveConfigMapper.Setup(m => m.GetCspPluginTypesConfigCloned(contextConfig)).Returns(clonedContextDirective);
//We need an override and a result.
var directiveOverride = new CspPluginTypesOverride();
var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);
CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective);
}
/// <summary>
/// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive.
/// </summary>
/// <param name="helper"></param>
/// <param name="mediaType">The media type.</param>
public static HtmlString CspMediaType(this IHtmlHelper <dynamic> helper, string mediaType)
{
new Rfc2045MediaTypeValidator().Validate(mediaType);
var context = helper.ViewContext.HttpContext;
var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper();
var headerOverrideHelper = new HeaderOverrideHelper();
var configOverride = new CspPluginTypesOverride()
{
Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType }
};
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false);
cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true);
headerOverrideHelper.SetCspHeaders(context, false);
headerOverrideHelper.SetCspHeaders(context, true);
//TODO have a look at the encoder.
var attribute = $"type=\"{helper.Encode(mediaType)}\"";
return(new HtmlString(attribute));
}
public ICspPluginTypesDirectiveConfiguration GetOverridenCspPluginTypesConfig(CspPluginTypesOverride directiveOverride,
ICspPluginTypesDirectiveConfiguration directiveConfig)
{
var result = directiveConfig ?? new CspPluginTypesDirectiveConfiguration();
result.Enabled = directiveOverride.Enabled;
if (!directiveOverride.InheritMediaTypes)
{
result.MediaTypes = EmptySources;
}
if (directiveOverride.MediaTypes != null && directiveOverride.MediaTypes.Length > 0)
{
var newSources = new List <string>(result.MediaTypes);
newSources.AddRange(directiveOverride.MediaTypes);
result.MediaTypes = newSources.Distinct();
}
return(result);
}
