public void GivenInvalidAttributesWhenChallengingPayloadAttributesForValidationThenSecurityThreatDiagnosticsMustRaiseExceptionDueToInjectedAttributss()
        {
            string invalidAttribute1 = "<script>function xss() { alert('injection'); } xss();</script>";
            string invalidAttribute2 = "<script>function xss() { alert('injection'); } xss();</script>";

            string[] attributes = { invalidAttribute1, invalidAttribute2 };
            validationAttributes.Attribute = attributes;

            Assert.Throws <ApplicationException>(() => SecurityThreatDiagnostics.ChallengeAttributesAgainstSecurityThreats(validationAttributes, options, CancellationToken.None));
        }
        public void GivenAttackVectorWithCharacterEscapedAttributesWhenChallengingPayloadAttributesForValidationThenSecurityThreatDiagnosticsMustRaiseExceptionDueToInvalidException()
        {
            string invalidAttribute1 = "{payload : {Name" + ":" + "PHNjcmlwdD5mdW5jdGlvbiBhdHRhY2sgKCkge2FsZXJ0KCd4c3MnKTt9YXR0YWNrKCk7PC9zY3JpcHQ+";
            string invalidAttribute2 = "Address : test";
            string invalidAttribute3 = "Mobile +358123456789 }}' >> mysqldump --all-databases > dump.sql";
            string parallel          = invalidAttribute1 + invalidAttribute2 + invalidAttribute3;

            string[] attributes = { invalidAttribute1, invalidAttribute2, invalidAttribute3, parallel };
            validationAttributes.Attribute = attributes;
            options.Base64Decode           = true;
            Assert.Throws <ApplicationException>(() => SecurityThreatDiagnostics.ChallengeAttributesAgainstSecurityThreats(validationAttributes, options, CancellationToken.None));
        }
        public void GivenAttackVectorWithMultipleAttributesWhenChallengingPayloadAttributesForValidationThenSecurityThreatDiagnosticsMustRaiseExceptionDueToFoundAttackPattern()
        {
            string invalidAttribute1 = "{ payload : {Name" + ":" + "%27 %3E%3E";
            string invalidAttribute2 = "Address" + ":" + "%3Cscript%3E function attack() %7B alert(%27xss%27)%3B %7D";
            string invalidAttribute3 = "Mobile" + ":" + "attack()%3B %3C%2Fscript%3E}}";
            string parallel          = invalidAttribute1 + invalidAttribute2 + invalidAttribute3;

            string[] attributes = { invalidAttribute1, invalidAttribute2, invalidAttribute3, parallel };
            validationAttributes.Attribute = attributes;

            Assert.Throws <ApplicationException>(() => SecurityThreatDiagnostics.ChallengeAttributesAgainstSecurityThreats(validationAttributes, options, CancellationToken.None));
        }