public void NothingElseCalled_AsteriskReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void DuplicateAnyAllowed_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny().AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void SomethingElseCalled_UnsafeEvalAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
builder.AllowUnsafeEval();
//Assert
string result = builder.Build();
Assert.Equal("'unsafe-eval' *", result);
}
public void SchemasAllowed_SchemasIgnored()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSchemas("blob:");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void SomethingElseCalled_StrictDynamicAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
builder.WithStrictDynamic();
//Assert
string result = builder.Build();
Assert.Equal("'strict-dynamic' *", result);
}
public void HostsAllowed_HostsIgnored()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowHosts("https://example1.com", "https://example2.com");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void SomethingElseCalled_ReportSampleAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
builder.ReportSample();
//Assert
string result = builder.Build();
Assert.Equal("* 'report-sample'", result);
}
public void SomethingElseCalled_AsteriskAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowUnsafeInline();
builder.AllowHash("sha265-somehash");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("'unsafe-inline' sha265-somehash *", result);
}
public void SomethingElseCalled_HashAdded1()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputValue = "sha256-somehash";
//Act
builder.AllowAny();
builder.AllowHash(inputValue);
//Assert
string result = builder.Build();
Assert.Equal($"{inputValue} *", result);
}
public void SomethingElseCalled_HashAdded2()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputAlg = "sha256";
string inputHash = "somehash";
//Act
builder.AllowAny();
builder.AllowHash(inputAlg, inputHash);
//Assert
string result = builder.Build();
Assert.Equal($"{inputAlg}-{inputHash} *", result);
}
public void SomethingElseCalled_OnlyNoneReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSelf();
builder.AllowHosts("https://example1.com", "https://example2.com");
builder.AllowNone();
builder.AllowSchemas("blob:");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("'none'", result);
}
public void SomethingElseCalled_NonceAdded()
{
//Arrange
string generatedNonce = "somenonce";
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
Mock <ICspNonceService> nonceServiceMock = new Mock <ICspNonceService>();
nonceServiceMock.Setup(x => x.GetNonce()).Returns(generatedNonce);
//Act
builder.AllowNonce(nonceServiceMock.Object);
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal($"'nonce-{generatedNonce}' *", result);
}
