public void ValidateRedirect_EnabledAndAbsoluteRedirectToSameSiteWithQueryString_NoException() { const int statusCode = 302; const string location = "https://www.nwebsec.com/Something/Worth/Seeing?foo=bar"; var config = new RedirectValidationConfiguration { Enabled = true }; _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config); }
public void ValidateRedirect_EnabledAndAbsoluteRedirectToSameSite_NoException() { const int statusCode = 302; const string location = "https://www.nwebsec.com/Something/Worth/Seeing"; var config = new RedirectValidationConfiguration { Enabled = true }; Assert.DoesNotThrow(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config)); }
public void ValidateRedirect_EnabledAndRelativeRedirectWithQueryString_NoException() { const int statusCode = 302; const string location = "/Some/Interesting/Content?foo=bar"; var config = new RedirectValidationConfiguration { Enabled = true }; _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config); }
public void ValidateRedirect_EnabledAndRedirect_ThrowsException() { const int statusCode = 302; const string location = "http://evilsite.com"; var config = new RedirectValidationConfiguration { Enabled = true }; Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config)); }
public void ValidateRedirect_DisabledAndRedirect_NoException() { const int statusCode = 302; const string location = "http://evilsite.com"; var config = new RedirectValidationConfiguration { Enabled = false }; _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config); }
public void ValidateRedirect_EnabledAndRelativeRedirect_NoException() { const int statusCode = 302; const string location = "/Some/Interesting/Content"; var config = new RedirectValidationConfiguration { Enabled = true }; Assert.DoesNotThrow(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config)); }
public void ValidateRedirect_EnabledAndNoRedirect_NoException() { var config = new RedirectValidationConfiguration { Enabled = true }; foreach (var statusCode in new[] { 200, 304, 401, 403, 404, 500 }) { _redirectValidator.ValidateRedirect(statusCode, "", RequestUriHttps, config); } }
public void ValidateRedirect_EnabledAndAbsoluteRedirectToPort_ThrowsException() { const int statusCode = 302; const string location = "https://www.nwebsec.com:81/"; var config = new RedirectValidationConfiguration { Enabled = true, AllowedUris = new[] { new Uri("https://www.expectedsite.com").AbsoluteUri } }; Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config)); }
public void ValidateRedirect_EnabledAndAbsoluteRedirectToParentPathWithQueryString_ThrowsException() { const int statusCode = 302; const string location = "https://www.expectedsite.com/?foo=bar"; var config = new RedirectValidationConfiguration { Enabled = true, AllowedUris = new[] { new Uri("https://www.expectedsite.com/Kittens").AbsoluteUri } }; Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config)); }
public void ValidateRedirect_EnabledAndAbsoluteRedirectToSubPath_NoException() { const int statusCode = 302; const string location = "https://www.expectedsite.com/Kittens"; var config = new RedirectValidationConfiguration { Enabled = true, AllowedUris = new[] { new Uri("https://www.expectedsite.com").AbsoluteUri } }; _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config); }
public void ValidateRedirect_EnabledAndAbsoluteRedirectToWhiteListedSite_NoException() { const int statusCode = 302; const string location = "https://www.expectedsite.com"; var config = new RedirectValidationConfiguration { Enabled = true, AllowedUris = new[] { new Uri("https://www.expectedsite.com").AbsoluteUri } }; Assert.DoesNotThrow(() => _redirectValidator.ValidateRedirect(statusCode, location, RequestUriHttps, config)); }
public void ValidateRedirect_SamehostToHttpsOtherThanConfiguredCustomPortsIncluding443_ThrowsException() { const int statusCode = 302; var config = new RedirectValidationConfiguration { Enabled = true, SameHostRedirectConfiguration = new SameHostHttpsRedirectConfiguration { Enabled = true, Ports = new[] { 4567, 443 } } }; Assert.Throws <RedirectValidationException>(() => _redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:9999/", RequestUriHttp, config)); }
public void ValidateRedirect_SamehostToHttpsOnConfiguredCustomPorts_NoException() { const int statusCode = 302; var config = new RedirectValidationConfiguration { Enabled = true, SameHostRedirectConfiguration = new SameHostHttpsRedirectConfiguration { Enabled = true, Ports = new[] { 4567, 8989 } } }; _redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:4567/", RequestUriHttp, config); _redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:8989/", RequestUriHttp, config); }
public void ValidateRedirect_SamehostToHttpsAndNoCustomPortsConfigured_NoException() { const int statusCode = 302; var config = new RedirectValidationConfiguration { Enabled = true, SameHostRedirectConfiguration = new SameHostHttpsRedirectConfiguration { Enabled = true } }; _redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com/", RequestUriHttp, config); _redirectValidator.ValidateRedirect(statusCode, "https://www.nwebsec.com:443/", RequestUriHttp, config); }