public void SessionIdLengthTester_Should_Not_Report_If_The_Cookie_Is_Not_SessionID()
{
// Prepare the test
var config = A.Fake <ISessionIdLengthTesterConfig>();
A.CallTo(() => config.KnownTechCookiePatterns).Returns(
new List <TechnologyStringPattern>
{
new TechnologyStringPattern("ASP.NET_SessionId", PatternMatchType.StartsWith, "ASP.NET", "Session ID cookie"),
});
IResponseAnalyser serverFingerprintingByCookieTester = new SessionIdLengthTester(config);
var requestEvent = this.GetHttpResponseReceivedEventArgs2();
requestEvent.Response.Headers.Add(new HttpHeader("Set-Cookie", "SessionId_some_other_random_value=abcd; httponly; secure;"));
requestEvent.Response.Cookies.Add(new HttpCookie()
{
Name = "SessionId_some_other_random_value", Value = "SomeValue", HttpOnly = true, IsSecure = true
});
var resultHolder = A.Fake <IApplicationReportDataHandler>();
serverFingerprintingByCookieTester.OnAnalysisResultPublished += resultHolder.HandleAnalysisResult;
// Invoke the method being tested
serverFingerprintingByCookieTester.AnalyseHttpResponse(this, requestEvent);
// Assert
Assert.IsNotNull(serverFingerprintingByCookieTester.Results);
Assert.IsNotNull(serverFingerprintingByCookieTester.Results.Count() == 0);
A.CallTo(() => resultHolder.HandleAnalysisResult(A <object> ._, A <AnalysisCompletedEventAgrs> ._)).MustNotHaveHappened();
}
public void SessionIdLengthTester_Should_NOT_Report_If_There_Is_No_Cookie_Present()
{
// Prepare the test
var config = A.Fake <ISessionIdLengthTesterConfig>();
A.CallTo(() => config.KnownTechCookiePatterns).Returns(
new List <TechnologyStringPattern>
{
new TechnologyStringPattern("ASP.NET_SessionId", PatternMatchType.StartsWith, "ASP.NET", "Session ID cookie"),
});
IResponseAnalyser serverFingerprintingByCookieTester = new SessionIdLengthTester(config);
var requestEvent = this.GetHttpResponseReceivedEventArgs2();
var resultHolder = A.Fake <IApplicationReportDataHandler>();
serverFingerprintingByCookieTester.OnAnalysisResultPublished += resultHolder.HandleAnalysisResult;
// Invoke the method being tested
serverFingerprintingByCookieTester.AnalyseHttpResponse(this, requestEvent);
// Assert
Assert.IsNotNull(serverFingerprintingByCookieTester.Results);
Assert.IsNotNull(serverFingerprintingByCookieTester.Results.Count() == 0);
A.CallTo(() => resultHolder.HandleAnalysisResult(A <object> ._, A <AnalysisCompletedEventAgrs> ._)).MustNotHaveHappened();
}
