public CspConfiguration(bool initializeDirectives = true)
{
if (!initializeDirectives)
{
return;
}
DefaultSrcDirective = new CspDirectiveConfiguration();
ScriptSrcDirective = new CspDirectiveConfiguration();
ObjectSrcDirective = new CspDirectiveConfiguration();
StyleSrcDirective = new CspDirectiveConfiguration();
ImgSrcDirective = new CspDirectiveConfiguration();
MediaSrcDirective = new CspDirectiveConfiguration();
FrameSrcDirective = new CspDirectiveConfiguration();
FontSrcDirective = new CspDirectiveConfiguration();
ConnectSrcDirective = new CspDirectiveConfiguration();
BaseUriDirective = new CspDirectiveConfiguration();
ChildSrcDirective = new CspDirectiveConfiguration();
FormActionDirective = new CspDirectiveConfiguration();
FrameAncestorsDirective = new CspDirectiveConfiguration();
ManifestSrcDirective = new CspDirectiveConfiguration();
PluginTypesDirective = new CspPluginTypesDirectiveConfiguration();
SandboxDirective = new CspSandboxDirectiveConfiguration();
UpgradeInsecureRequestsDirective = new CspUpgradeDirectiveConfiguration();
MixedContentDirective = new CspMixedContentDirectiveConfiguration();
ReportUriDirective = new CspReportUriDirectiveConfiguration();
}
public void GetCspPluginTypesConfigCloned_Configured_ClonesDirective()
{
var firstDirective = new CspPluginTypesDirectiveConfiguration()
{
Enabled = false,
MediaTypes = new[] { "application/pdf" }
};
var firstConfig = new CspConfiguration(false)
{
PluginTypesDirective = firstDirective
};
var secondDirective = new CspPluginTypesDirectiveConfiguration()
{
Enabled = true,
MediaTypes = new[] { "image/png", "application/pdf" }
};
var secondConfig = new CspConfiguration(false)
{
PluginTypesDirective = secondDirective
};
var mapper = new CspConfigMapper();
var firstResult = mapper.GetCspPluginTypesConfigCloned(firstConfig);
var secondResult = mapper.GetCspPluginTypesConfigCloned(secondConfig);
Assert.That(firstResult, Is.EqualTo(firstDirective).Using(new CspPluginTypesDirectiveConfigurationComparer()));
Assert.That(secondResult, Is.EqualTo(secondDirective).Using(new CspPluginTypesDirectiveConfigurationComparer()));
}
public CspConfiguration(bool initializeDirectives=true)
{
if (!initializeDirectives)
{
return;
}
DefaultSrcDirective = new CspDirectiveConfiguration();
ScriptSrcDirective = new CspDirectiveConfiguration();
ObjectSrcDirective = new CspDirectiveConfiguration();
StyleSrcDirective = new CspDirectiveConfiguration();
ImgSrcDirective = new CspDirectiveConfiguration();
MediaSrcDirective = new CspDirectiveConfiguration();
FrameSrcDirective = new CspDirectiveConfiguration();
FontSrcDirective = new CspDirectiveConfiguration();
ConnectSrcDirective = new CspDirectiveConfiguration();
BaseUriDirective = new CspDirectiveConfiguration();
ChildSrcDirective = new CspDirectiveConfiguration();
FormActionDirective = new CspDirectiveConfiguration();
FrameAncestorsDirective = new CspDirectiveConfiguration();
PluginTypesDirective = new CspPluginTypesDirectiveConfiguration();
SandboxDirective = new CspSandboxDirectiveConfiguration();
UpgradeInsecureRequestsDirective = new CspUpgradeDirectiveConfiguration();
ReportUriDirective = new CspReportUriDirectiveConfiguration();
}
public void Equals_CustomSourcesAreEqual_ReturnsTrue()
{
var firstConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
var secondConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
Assert.True(_equalityComparer.Equals(firstConfig, secondConfig));
}
public void Compare_CustomSourcesAreEqual_ReturnsZero()
{
var firstConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
var secondConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
Assert.AreEqual(0, _comparer.Compare(firstConfig, secondConfig));
}
public void GetOverridenCspPluginTypesConfig_NullConfig_ReturnsNewDefaultConfig()
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration();
var directiveOverride = new CspPluginTypesOverride {
Enabled = directiveConfig.Enabled
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, null);
Assert.NotSame(directiveConfig, newConfig);
Assert.Equal(newConfig, directiveConfig, new CspPluginTypesDirectiveConfigurationEqualityComparer());
}
public void Equals_CustomSourcesDiffersInElements_ReturnsFalse()
{
var firstConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
var secondConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "video/mp4" }
};
Assert.False(_equalityComparer.Equals(firstConfig, secondConfig));
Assert.False(_equalityComparer.Equals(secondConfig, firstConfig));
}
public void Equals_EnabledDiffers_ReturnsFalse()
{
var firstConfig = new CspPluginTypesDirectiveConfiguration {
Enabled = false
};
var secondConfig = new CspPluginTypesDirectiveConfiguration {
Enabled = true
};
Assert.False(_equalityComparer.Equals(firstConfig, secondConfig));
Assert.False(_equalityComparer.Equals(secondConfig, firstConfig));
}
public void Compare_CustomSourcesDiffersInElements_ReturnsNonzero()
{
var firstConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
var secondConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "video/mp4" }
};
Assert.Less(_comparer.Compare(firstConfig, secondConfig), 0);
Assert.Greater(_comparer.Compare(secondConfig, firstConfig), 0);
}
public void Compare_EnabledDiffers_ReturnsNonzero()
{
var firstConfig = new CspPluginTypesDirectiveConfiguration {
Enabled = false
};
var secondConfig = new CspPluginTypesDirectiveConfiguration {
Enabled = true
};
Assert.AreEqual(-1, _comparer.Compare(firstConfig, secondConfig));
Assert.AreEqual(1, _comparer.Compare(secondConfig, firstConfig));
}
public void GetOverridenCspPluginTypesConfig_EnabledOverride_EnabledOverriden(bool expectedResult)
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
Enabled = !expectedResult
};
var directiveOverride = new CspPluginTypesOverride {
Enabled = expectedResult
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.Equal(expectedResult, newConfig.Enabled);
}
public void GetOverridenCspPluginTypesConfig_MediaTypesOverride_OverriddesMediaTypes()
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf" }
};
var directiveOverride = new CspPluginTypesOverride {
MediaTypes = new[] { "image/png" }, InheritMediaTypes = false
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.True(newConfig.MediaTypes.Count() == 1);
Assert.True(newConfig.MediaTypes.First().Equals("image/png"));
}
public void GetOverridenCspPluginTypesConfig_NoMediaTypesOverride_KeepsMediaTypes()
{
var expectedMediaTypes = new[] { "application/pdf" };
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = expectedMediaTypes
};
var directiveOverride = new CspPluginTypesOverride {
InheritMediaTypes = true
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.True(expectedMediaTypes.SequenceEqual(newConfig.MediaTypes), "MediaTypes differed.");
}
public void GetOverridenCspPluginTypesConfig_MediaTypesOverrideWithMediaTypesInherited_KeepsAllMediaTypes()
{
var directiveConfig = new CspPluginTypesDirectiveConfiguration {
MediaTypes = new[] { "application/pdf", "image/png" }
};
var directiveOverride = new CspPluginTypesOverride {
MediaTypes = new[] { "image/png" }, InheritMediaTypes = true
};
var newConfig = _overrideHelper.GetOverridenCspPluginTypesConfig(directiveOverride, directiveConfig);
Assert.Equal(2, newConfig.MediaTypes.Count());
Assert.Contains("application/pdf", newConfig.MediaTypes.ToList());
Assert.Contains("image/png", newConfig.MediaTypes.ToList());
}
public void SetCspPluginTypesOverride_HasOverride_OverridesExistingOverride([Values(false, true)] bool reportOnly)
{
//There's an override for directive
var currentDirectiveOverride = new CspPluginTypesDirectiveConfiguration();
var overrideConfig = new CspOverrideConfiguration {
PluginTypesDirective = currentDirectiveOverride
};
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//We need an override and a result.
var directiveOverride = new CspPluginTypesOverride();
var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, currentDirectiveOverride)).Returns(directiveOverrideResult);
CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective);
}
public void SetCspPluginTypesOverride_NoCurrentOverride_ClonesConfigFromContextAndOverrides([Values(false, true)] bool reportOnly)
{
var contextConfig = new CspConfiguration();
var overrideConfig = new CspOverrideConfiguration();
//Returns CSP config from context
_contextHelper.Setup(h => h.GetCspConfiguration(It.IsAny <HttpContextBase>(), reportOnly)).Returns(contextConfig);
_contextHelper.Setup(h => h.GetCspConfigurationOverride(It.IsAny <HttpContextBase>(), reportOnly, false)).Returns(overrideConfig);
//Returns cloned directive config from context config
var clonedContextDirective = new CspPluginTypesDirectiveConfiguration();
_directiveConfigMapper.Setup(m => m.GetCspPluginTypesConfigCloned(contextConfig)).Returns(clonedContextDirective);
//We need an override and a result.
var directiveOverride = new CspPluginTypesOverride();
var directiveOverrideResult = new CspPluginTypesDirectiveConfiguration();
_directiveOverrideHelper.Setup(h => h.GetOverridenCspPluginTypesConfig(directiveOverride, clonedContextDirective)).Returns(directiveOverrideResult);
CspConfigurationOverrideHelper.SetCspPluginTypesOverride(MockContext, directiveOverride, reportOnly);
//Verify that the override result was set on the override config.
Assert.AreSame(directiveOverrideResult, overrideConfig.PluginTypesDirective);
}
