public void Test_Execute()
{
IIntrusionDetector detector = Esapi.IntrusionDetector;
string url = Guid.NewGuid().ToString();
TransferAction action = new TransferAction(url);
// Set context
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
// Block
try {
Assert.AreNotEqual(HttpContext.Current.Request.RawUrl, action.Url);
action.Execute(ActionArgs.Empty);
Assert.Fail("Request not terminated");
}
catch (Exception exp) {
// FIXME : so far there is no other way to test the transfer except to check
// the stack of the exception. Ideally we should be able to mock the request
// transfer itself
Assert.IsTrue(exp.StackTrace.Contains("at System.Web.HttpServerUtility.TransferRequest(String path)"));
}
}
public void Test_Execute()
{
IIntrusionDetector detector = Esapi.IntrusionDetector;
string url = Guid.NewGuid().ToString();
RedirectAction action = new RedirectAction(url);
// Set context
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
// Block
try {
Assert.AreNotEqual(HttpContext.Current.Request.RawUrl, action.Url);
action.Execute(ActionArgs.Empty);
Assert.Fail("Request not terminated");
}
catch (Exception exp) {
// FIXME : so far there is no other way to test the redirect except to check
// the stack of the exception. Ideally we should be able to mock the request
// redirect itself
Assert.IsTrue(exp.StackTrace.Contains("at System.Web.HttpResponse.Redirect(String url, Boolean endResponse)"));
}
}
public void Test_AddCsrfToken()
{
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
Esapi.HttpUtilities.AddCsrfToken();
Assert.AreEqual(page.ViewStateUserKey, HttpContext.Current.Session.SessionID);
}
public void Test_AddCsrfToken()
{
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
Esapi.HttpUtilities.AddCsrfToken();
Assert.AreEqual(page.ViewStateUserKey, HttpContext.Current.Session.SessionID);
}
public void Test_Execute()
{
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
// Should be loaded by default
BlockAction action = new BlockAction();
// Set context
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
// Block
Assert.AreNotEqual(HttpContext.Current.Response.StatusCode, action.StatusCode);
action.Execute(ActionArgs.Empty);
Assert.AreEqual(HttpContext.Current.Response.StatusCode, action.StatusCode);
}
public void Test_Execute()
{
IntrusionDetector detector = Esapi.IntrusionDetector as IntrusionDetector;
Assert.IsNotNull(detector);
// Should be loaded by default
BlockAction action = new BlockAction();
// Set context
MockHttpContext.InitializeCurrentContext();
SurrogateWebPage page = new SurrogateWebPage();
HttpContext.Current.Handler = page;
// Block
Assert.AreNotEqual(HttpContext.Current.Response.StatusCode, action.StatusCode);
action.Execute(ActionArgs.Empty);
Assert.AreEqual(HttpContext.Current.Response.StatusCode, action.StatusCode);
}
