protected CspPluginTypesAttributeBase(params string[] mediaTypes) { _directive = new CspPluginTypesOverride { Enabled = true, InheritMediaTypes = true }; _configurationOverrideHelper = new CspConfigurationOverrideHelper(); _headerOverrideHelper = new HeaderOverrideHelper(); if (mediaTypes.Length > 0) { _directive.MediaTypes = mediaTypes; } }
internal void SetCspPluginTypesOverride(HttpContextBase context, CspPluginTypesOverride config, bool reportOnly) { var overrides = _contextConfigurationHelper.GetCspConfigurationOverride(context, reportOnly, false); var directiveToOverride = overrides.PluginTypesDirective; if (directiveToOverride == null) { var baseConfig = _contextConfigurationHelper.GetCspConfiguration(context, reportOnly); directiveToOverride = _configMapper.GetCspPluginTypesConfigCloned(baseConfig); } var newConfig = _cspDirectiveOverrideHelper.GetOverridenCspPluginTypesConfig(config, directiveToOverride); overrides.PluginTypesDirective = newConfig; }
/// <summary> /// Generates a media type attribute suitable for an <object> or <embed> tag. The media type will be included in the CSP plugin-types directive. /// </summary> /// <param name="helper"></param> /// <param name="mediaType">The media type.</param> public static IHtmlString CspMediaType(this HtmlHelper helper, string mediaType) { new Rfc2045MediaTypeValidator().Validate(mediaType); var context = helper.ViewContext.HttpContext; var cspConfigurationOverrideHelper = new CspConfigurationOverrideHelper(); var headerOverrideHelper = new HeaderOverrideHelper(); var configOverride = new CspPluginTypesOverride() { Enabled = true, InheritMediaTypes = true, MediaTypes = new[] { mediaType } }; cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, false); cspConfigurationOverrideHelper.SetCspPluginTypesOverride(context, configOverride, true); headerOverrideHelper.SetCspHeaders(context, false); headerOverrideHelper.SetCspHeaders(context, true); var attribute = string.Format("type=\"{0}\"", helper.AttributeEncode(mediaType)); return new HtmlString(attribute); }
public void SetCspPluginTypesOverride_HasOverride_OverridesExistingOverride([Values(false, true)]bool reportOnly) { //There's an override for directive var currentDirectiveOverride = new CspPluginTypesDirectiveConfiguration(); var overrideConfig = new CspOverrideConfiguration { PluginTypesDirective = currentDirectiveOverride }; _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig); //We need an override and a result. var directiveOverride = new CspPluginTypesOverride(); var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration(); _directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, currentDirectiveOverride)).Returns(directiveOverrideResult); CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly); //Verify that the override result was set on the override config. Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective); }
public void SetCspPluginTypesOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)]bool reportOnly) { var contextConfig = new CspConfiguration(); var overrideConfig = new CspOverrideConfiguration(); //Returns CSP config from context _contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny<HttpContextBase>(), reportOnly)).Returns(contextConfig); _contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny<HttpContextBase>(), reportOnly, false)).Returns(overrideConfig); //Returns cloned directive config from context config var clonedContextDirective = new CspPluginTypesDirectiveConfiguration(); _directiveConfigMapper.Setup(m => m.GetCspPluginTypesConfigCloned(contextConfig)).Returns(clonedContextDirective); //We need an override and a result. var directiveOverride = new CspPluginTypesOverride(); var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration(); _directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult); CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly); //Verify that the override result was set on the override config. Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective); }
public void GetOverridenCspPluginTypesConfig_MediaTypesOverrideWithMediaTypesInherited_KeepsAllMediaTypes() { var directiveConfig = new CspPluginTypesDirectiveConfiguration { MediaTypes = new[] { "application/pdf", "image/png" } }; var directiveOverride = new CspPluginTypesOverride { MediaTypes = new[] { "image/png" }, InheritMediaTypes = true }; var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig); Assert.AreEqual(2, newConfig.MediaTypes.Count()); Assert.Contains("application/pdf", newConfig.MediaTypes.ToList()); Assert.Contains("image/png", newConfig.MediaTypes.ToList()); }
public void GetOverridenCspPluginTypesConfig_MediaTypesOverride_OverriddesMediaTypes() { var directiveConfig = new CspPluginTypesDirectiveConfiguration { MediaTypes = new[] { "application/pdf" } }; var directiveOverride = new CspPluginTypesOverride { MediaTypes = new[] { "image/png" }, InheritMediaTypes = false }; var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig); Assert.IsTrue(newConfig.MediaTypes.Count() == 1); Assert.IsTrue(newConfig.MediaTypes.First().Equals("image/png")); }
public void GetOverridenCspPluginTypesConfig_NoMediaTypesOverride_KeepsMediaTypes() { var expectedMediaTypes = new[] { "application/pdf" }; var directiveConfig = new CspPluginTypesDirectiveConfiguration { MediaTypes = expectedMediaTypes }; var directiveOverride = new CspPluginTypesOverride { InheritMediaTypes = true }; var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig); Assert.IsTrue(expectedMediaTypes.SequenceEqual(newConfig.MediaTypes), "MediaTypes differed."); }
public void GetOverridenCspPluginTypesConfig_EnabledOverride_EnabledOverriden([Values(true, false)] bool expectedResult) { var directiveConfig = new CspPluginTypesDirectiveConfiguration { Enabled = !expectedResult }; var directiveOverride = new CspPluginTypesOverride { Enabled = expectedResult }; var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig); Assert.AreEqual(expectedResult, newConfig.Enabled); }
public void GetOverridenCspPluginTypesConfig_NullConfig_ReturnsNewDefaultConfig() { var directiveConfig = new CspPluginTypesDirectiveConfiguration(); var directiveOverride = new CspPluginTypesOverride { Enabled = directiveConfig.Enabled }; var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, null); Assert.AreNotSame(directiveConfig, newConfig); Assert.That(newConfig, Is.EqualTo(directiveConfig).Using(new CspPluginTypesDirectiveConfigurationComparer())); }
public ICspPluginTypesDirectiveConfiguration GetOverridenCspPluginTypesConfig(CspPluginTypesOverride directiveOverride, ICspPluginTypesDirectiveConfiguration directiveConfig) { var result = directiveConfig ?? new CspPluginTypesDirectiveConfiguration(); result.Enabled = directiveOverride.Enabled; if (!directiveOverride.InheritMediaTypes) { result.MediaTypes = EmptySources; } if (directiveOverride.MediaTypes != null && directiveOverride.MediaTypes.Length > 0) { var newSources = new List<string>(result.MediaTypes); newSources.AddRange(directiveOverride.MediaTypes); result.MediaTypes = newSources.Distinct(); } return result; }