Exemplo n.º 1
0
        public void GetCspReportFromRequest_FromChrome_ReadsCspReportFromRequest()
        {
            var helper = new CspReportHelper();
            var mockRequest = new Mock<HttpRequestBase>();
            const string cspReport =
                "{\"csp-report\":{\"document-uri\":\"http://localhost/NWebsecMvc3\",\"violated-directive\":\"script-src 'none'\",\"original-policy\":\"script-src 'none'; report-uri /NWebsecMvc3/WebResource.axd?cspReport=true\",\"blocked-uri\":\"http://localhost/NWebsecMvc3/Scripts/jquery-1.7.1.min.js\"}}";
            var cspReportBytes = Encoding.UTF8.GetBytes(cspReport);
            using (var ms = new MemoryStream(cspReportBytes))
            {
                mockRequest.Setup(r => r.InputStream).Returns(ms);

                CspViolationReport violationReport;
                Assert.IsTrue(helper.TryGetCspReportFromRequest(mockRequest.Object, out violationReport));
                var values = violationReport.Details;

                Assert.IsNotNull(values);
                Assert.AreEqual("http://localhost/NWebsecMvc3", values.DocumentUri);
                Assert.AreEqual("script-src 'none'", values.ViolatedDirective);
                Assert.AreEqual("script-src 'none'; report-uri /NWebsecMvc3/WebResource.axd?cspReport=true",
                                values.OriginalPolicy);
                Assert.AreEqual("http://localhost/NWebsecMvc3/Scripts/jquery-1.7.1.min.js", values.BlockedUri);
                Assert.AreEqual("", values.Referrer);

            }
        }
Exemplo n.º 2
0
        public void GetCspReportFromRequest_IncludesUserAgentInCspReport()
        {
            const string userAgent = "Opera, of course!";
            var helper = new CspReportHelper();
            var mockRequest = new Mock<HttpRequestBase>();
            mockRequest.Setup(r => r.UserAgent).Returns(userAgent);
            const string cspReport =
                "{\"csp-report\":{\"document-uri\":\"http://localhost/NWebsecMvc3\",\"referrer\":\"\",\"blocked-uri\":\"http://localhost/NWebsecMvc3/Scripts/jquery-1.7.1.min.js\",\"violated-directive\":\"script-src 'none'\"}}";
            var cspReportBytes = Encoding.UTF8.GetBytes(cspReport);
            using (var ms = new MemoryStream(cspReportBytes))
            {
                mockRequest.Setup(r => r.InputStream).Returns(ms);

                CspViolationReport violationReport;
                Assert.IsTrue(helper.TryGetCspReportFromRequest(mockRequest.Object, out violationReport));
                
                Assert.AreEqual(userAgent, violationReport.UserAgent);
            }
        }