public void GoodExtensionsNotCaught()
{
var exts = _goodFiles.Select(System.IO.Path.GetExtension).ToList();
exts.ForEach(e =>
Assert.IsFalse(FileNames.IsKnownRiskyExtension(e), $"expected {e} to be marked as good")
);
}
public void BadExtensionsCaught()
{
var exts = _badFiles.Select(System.IO.Path.GetExtension).ToList();
exts.ForEach(e =>
Assert.IsTrue(FileNames.IsKnownRiskyExtension(e), $"expected {e} to be marked as bad")
);
}
internal bool ExtensionIsOk(string fileName, out HttpExceptionAbstraction preparedException)
{
if (!SiteAllowsExtension(fileName))
{
preparedException = HttpException.NotAllowedFileType(fileName, "Not in whitelisted CMS file types.");
return(false);
}
if (FileNames.IsKnownRiskyExtension(fileName))// AdamSecurityCheckHelpers.IsKnownRiskyExtension(fileName))
{
preparedException = HttpException.NotAllowedFileType(fileName, "This is a known risky file type.");
return(false);
}
preparedException = null;
return(true);
}
//[AssertionMethod] internal static bool IsKnownRiskyExtension(string fileName) => FileNames.IsKnownRiskyExtension(fileName);