public void NothingElseCalled_HostsReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowHosts("https://example1.com");
//Assert
string result = builder.Build();
Assert.Equal("https://example1.com", result);
}
public void NothingElseCalled_NoneReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowNone();
//Assert
string result = builder.Build();
Assert.Equal("'none'", result);
}
public void NothingElseCalled_ReportSampleReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.ReportSample();
//Assert
string result = builder.Build();
Assert.Equal("'report-sample'", result);
}
public void DuplicateUnsafeEvalAllowed_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowUnsafeEval().AllowUnsafeEval();
//Assert
string result = builder.Build();
Assert.Equal("'unsafe-eval'", result);
}
public void DuplicateHostsAllowed_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowHosts("https://example1.com", "https://example1.com");
//Assert
string result = builder.Build();
Assert.Equal("https://example1.com", result);
}
public void NothingElseCalled_AsteriskReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void DuplicateReportSampleAdded_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.ReportSample().ReportSample();
//Assert
string result = builder.Build();
Assert.Equal("'report-sample'", result);
}
public void NothingElseCalled_StrictDynamicReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.WithStrictDynamic();
//Assert
string result = builder.Build();
Assert.Equal("'strict-dynamic'", result);
}
public void NothingElseCalled_SchemasReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSchemas("blob:");
//Assert
string result = builder.Build();
Assert.Equal("blob:", result);
}
public void DuplicateSchemasAllowed_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSchemas("blob:", "blob:");
//Assert
string result = builder.Build();
Assert.Equal("blob:", result);
}
public void DuplicateStrictDynamicCalled_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.WithStrictDynamic().WithStrictDynamic();
//Assert
string result = builder.Build();
Assert.Equal("'strict-dynamic'", result);
}
public void NothingElseCalled_UnsafeEvalReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowUnsafeEval();
//Assert
string result = builder.Build();
Assert.Equal("'unsafe-eval'", result);
}
public void DuplicateNoneAllowed_DuplicatesRemoved()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowNone().AllowNone();
//Assert
string result = builder.Build();
Assert.Equal("'none'", result);
}
public void SomethingElseCalled_SchemasIncluded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSelf();
builder.AllowSchemas("blob:");
//Assert
string result = builder.Build();
Assert.Equal("'self' blob:", result);
}
public void SchemasAllowed_SchemasIgnored()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSchemas("blob:");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void SomethingElseCalled_StrictDynamicAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
builder.WithStrictDynamic();
//Assert
string result = builder.Build();
Assert.Equal("'strict-dynamic' *", result);
}
public void NothingElseCalled_HashReturned1()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputValue = "sha256-somehash";
//Act
builder.AllowHash(inputValue);
//Assert
string result = builder.Build();
Assert.Equal(inputValue, result);
}
public void DuplicateHashesAllowed_DuplicatesRemoved1()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputValue = "sha256-somehash";
//Act
builder.AllowHash(inputValue).AllowHash(inputValue);
//Assert
string result = builder.Build();
Assert.Equal(inputValue, result);
}
public void HostsAllowed_HostsIgnored()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowHosts("https://example1.com", "https://example2.com");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("*", result);
}
public void SomethingElseCalled_ReportSampleAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
builder.ReportSample();
//Assert
string result = builder.Build();
Assert.Equal("* 'report-sample'", result);
}
public void SomethingElseCalled_UnsafeEvalAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowAny();
builder.AllowUnsafeEval();
//Assert
string result = builder.Build();
Assert.Equal("'unsafe-eval' *", result);
}
public void SomethingElseCalled_HostsIncluded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSelf();
builder.AllowHosts("https://example1.com");
//Assert
string result = builder.Build();
Assert.Equal("'self' https://example1.com", result);
}
public void NothingElseCalled_HashReturned2()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputAlg = "sha256";
string inputHash = "somehash";
//Act
builder.AllowHash(inputAlg, inputHash);
//Assert
string result = builder.Build();
Assert.Equal($"{inputAlg}-{inputHash}", result);
}
public void SomethingElseCalled_HashAdded1()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputValue = "sha256-somehash";
//Act
builder.AllowAny();
builder.AllowHash(inputValue);
//Assert
string result = builder.Build();
Assert.Equal($"{inputValue} *", result);
}
public void DuplicateHashesAllowed_DuplicatesRemoved2()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
string inputAlg = "sha256";
string inputHash = "somehash";
//Act
builder.AllowHash(inputAlg, inputHash).AllowHash(inputAlg, inputHash);
//Assert
string result = builder.Build();
Assert.Equal($"{inputAlg}-{inputHash}", result);
}
public void SomethingElseCalled_AsteriskAdded()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowUnsafeInline();
builder.AllowHash("sha265-somehash");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("'unsafe-inline' sha265-somehash *", result);
}
public void SomethingElseCalled_OnlyNoneReturned()
{
//Arrange
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
//Act
builder.AllowSelf();
builder.AllowHosts("https://example1.com", "https://example2.com");
builder.AllowNone();
builder.AllowSchemas("blob:");
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal("'none'", result);
}
public void DuplicateNonceAllowed_DuplicatesRemoved()
{
//Arrange
string generatedNonce = "somenonce";
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
Mock <ICspNonceService> nonceServiceMock = new Mock <ICspNonceService>();
nonceServiceMock.Setup(x => x.GetNonce()).Returns(generatedNonce);
//Act
builder.AllowNonce(nonceServiceMock.Object).AllowNonce(nonceServiceMock.Object);
//Assert
string result = builder.Build();
Assert.Equal($"'nonce-{generatedNonce}'", result);
}
public void SomethingElseCalled_NonceAdded()
{
//Arrange
string generatedNonce = "somenonce";
FetchDirectiveBuilder builder = new FetchDirectiveBuilder();
Mock <ICspNonceService> nonceServiceMock = new Mock <ICspNonceService>();
nonceServiceMock.Setup(x => x.GetNonce()).Returns(generatedNonce);
//Act
builder.AllowNonce(nonceServiceMock.Object);
builder.AllowAny();
//Assert
string result = builder.Build();
Assert.Equal($"'nonce-{generatedNonce}' *", result);
}
