public void EvaluateReturnsIgnoreAppropriatelyWhenRequestIsAjax()
        {
            // Arrange.
            var mockRequest = new Mock <HttpRequestBase>();

            mockRequest.SetupGet(req => req.RawUrl).Returns("/getdata/");
            var requestEvaluator = new RequestEvaluator();

            // Act.
            RequestSecurity resultForNonAjaxRequest = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);

            var queryString = new NameValueCollection {
                { RequestEvaluator.XRequestedWithHeaderKey, RequestEvaluator.AjaxRequestHeaderValue }
            };

            mockRequest.Setup(req => req.QueryString).Returns(queryString);
            RequestSecurity resultForAjaxRequest = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);

            _fixture.Settings.IgnoreAjaxRequests = false;
            RequestSecurity resultForAjaxRequestWithIgnoreOff = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);

            // Assert.
            Assert.NotEqual(RequestSecurity.Ignore, resultForNonAjaxRequest);
            Assert.Equal(RequestSecurity.Ignore, resultForAjaxRequest);
            Assert.NotEqual(RequestSecurity.Ignore, resultForAjaxRequestWithIgnoreOff);
        }
        public void EvaluateReturnsIgnoreAppropriatelyWhenRequestPathIndicatesImage()
        {
            // Arrange.
            var pathsToTest = new[] {
                "/non-typical-image.psd",
                "/Media/Document.pdf",

                "/Images/SomeService/",
                "/Images/SomeService/?someKey=someValue",
                "/images/img-handler.ashx",
                "/images/img-handler.ashx?some-key=some-value",

                "/Manage/Images/indicator-alert.bmp",
                "/info/signs/sign1.gif",
                "/faavicon.ico",
                "/Media/logo.jpg",
                "/Media/other-logo.jpeg",
                "/SomeImage.png",
                "/drawings/machine.design.svg",
                "/Info/some-image.tiff",
                "/Info/another-image.tif",
                "/OtherResource.axd/resourceImage.webp",
                "/OddBall.xbm",

                "/Manage/Images/indicator-alert.bmp?someKey=someValue",
                "/info/signs/sign1.gif#hash",
                "/faavicon.ico?flag",
                "/Media/logo.jpg?some-key=some-value&other-key=other-value",
                "/Media/other-logo.jpeg?someKey=someValue#here",
                "/SomeImage.png?someKey=someValue&otherKey=otherValue#here-nor-there",
                "/drawings/machine.design.svg#hash.sub",
                "/Info/some-image.tiff?some.key=some.value",
                "/Info/another-image.tif?some.key=some.value#hash.sub",
                "/OtherResource.axd/resourceImage.webp?",
                "/OddBall.xbm?#"
            };
            var results          = new RequestSecurity[pathsToTest.Length];
            var mockRequest      = new Mock <HttpRequestBase>();
            var requestEvaluator = new RequestEvaluator();

            // Act.
            for (int index = 0; index < pathsToTest.Length; index++)
            {
                string path = pathsToTest[index];
                mockRequest.SetupGet(req => req.RawUrl).Returns(path);
                results[index] = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);
            }

            // Assert.
            for (int i = 0; i < 2; i++)
            {
                Assert.NotEqual(RequestSecurity.Ignore, results[i]);
            }

            for (int i = 2; i < results.Length; i++)
            {
                Assert.Equal(RequestSecurity.Ignore, results[i]);
            }
        }
        public void EvaluateReturnsInsecureWhenNoSettingsPathsMatchRequestPath()
        {
            // Arrange.
            var mockRequest = new Mock <HttpRequestBase>();

            mockRequest.SetupGet(req => req.RawUrl).Returns("/Info/AboutUs.aspx");
            var requestEvaluator = new RequestEvaluator();

            // Act.
            RequestSecurity security = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);

            // Assert.
            Assert.Equal(RequestSecurity.Insecure, security);
        }
        public void EvaluateReturnsIgnoreAppropriatelyWhenRequestPathIndicatesStyleSheet()
        {
            // Arrange.
            var pathsToTest = new[] {
                "/non-typical-image.psd",
                "/Media/Document.pdf",

                "/Styles/SomeService/",
                "/StyleSheets/SomeService/?someKey=someValue",
                "/styles/img-handler.ashx",
                "/stylesheets/img-handler.ashx?some-key=some-value",

                "/normalize.css",
                "/Media/Styles/Site.css",

                "/normalize.css?someKey=someValue",
                "/Media/Styles/Site.css#hash",
                "/normalize.css?flag",
                "/Media/Styles/Site.css?some-key=some-value&other-key=other-value",
                "/normalize.css?someKey=someValue#here",
                "/Media/Styles/Site.css?someKey=someValue&otherKey=otherValue#here-nor-there",
                "/normalize.alternative.css#hash.sub",
                "/Media/Styles/Site.css?some.key=some.value",
                "/normalize.css?some.key=some.value#hash.sub",
                "/Media/Styles/Site.css/resourceImage.webp?",
                "/normalize.css?#"
            };
            var results          = new RequestSecurity[pathsToTest.Length];
            var mockRequest      = new Mock <HttpRequestBase>();
            var requestEvaluator = new RequestEvaluator();

            // Act.
            for (int index = 0; index < pathsToTest.Length; index++)
            {
                string path = pathsToTest[index];
                mockRequest.SetupGet(req => req.RawUrl).Returns(path);
                results[index] = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);
            }

            // Assert.
            for (int i = 0; i < 2; i++)
            {
                Assert.NotEqual(RequestSecurity.Ignore, results[i]);
            }

            for (int i = 2; i < results.Length; i++)
            {
                Assert.Equal(RequestSecurity.Ignore, results[i]);
            }
        }
        public void EvaluateReturnsSecureWhenASecureSettingsPathMatchesRequestPath()
        {
            // Arrange.
            var mockRequest = new Mock <HttpRequestBase>();

            mockRequest.SetupGet(req => req.RawUrl).Returns("/login/");
            var requestEvaluator = new RequestEvaluator();

            // Act.
            RequestSecurity security = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);

            // Assert.
            Assert.Equal(RequestSecurity.Secure, security);
        }
        public void EvaluateReturnsIgnoreWhenModeIsOff()
        {
            // Arrange.
            var mockRequest = new Mock <HttpRequestBase>();
            var settings    = new Settings {
                Mode = Mode.Off
            };
            var requestEvaluator = new RequestEvaluator();

            // Act.
            RequestSecurity security = requestEvaluator.Evaluate(mockRequest.Object, settings);

            // Assert.
            Assert.Equal(RequestSecurity.Ignore, security);
        }
        public void EvaluateReturnsIgnoreWhenModeIsLocalOnlyAndRequestIsRemote()
        {
            // Arrange.
            var mockRequest = new Mock <HttpRequestBase>();

            mockRequest.SetupGet(req => req.IsLocal).Returns(false);
            var settings = new Settings {
                Mode = Mode.LocalOnly
            };
            var requestEvaluator = new RequestEvaluator();

            // Act.
            RequestSecurity security = requestEvaluator.Evaluate(mockRequest.Object, settings);

            // Assert.
            Assert.Equal(RequestSecurity.Ignore, security);
        }
        public void EvaluateReturnsIgnoreAppropriatelyWhenRequestIsSystemHandler()
        {
            // Arrange.
            var pathsToTest = new[] {
                "/",
                "/Default.aspx",
                "/Info/AboutUs.aspx",
                "/info/aboutus/",

                "/Manage/DownloadThatFile.axd",
                "/Info/WebResource.axd?i=C3E19B2A-15F0-4174-A245-20F08C1DF4B8",
                "/OtherResource.axd/additional/info",
                "/trace.axd#details"
            };
            var results          = new RequestSecurity[pathsToTest.Length];
            var mockRequest      = new Mock <HttpRequestBase>();
            var requestEvaluator = new RequestEvaluator();

            // Act.
            for (int index = 0; index < pathsToTest.Length; index++)
            {
                string path = pathsToTest[index];
                mockRequest.SetupGet(req => req.RawUrl).Returns(path);
                results[index] = requestEvaluator.Evaluate(mockRequest.Object, _fixture.Settings);
            }

            // Assert.
            for (int i = 0; i < 4; i++)
            {
                Assert.NotEqual(RequestSecurity.Ignore, results[i]);
            }

            for (int i = 4; i < results.Length; i++)
            {
                Assert.Equal(RequestSecurity.Ignore, results[i]);
            }
        }