public static bool CheckForAuthorise(this TypeViewer typeViewer, ControllerType controllerType)
{
var webApiAuthorizeAttributeName = typeof(System.Web.Http.AuthorizeAttribute).Name;
var mvcAuthorizeAttributeName = typeof(System.Web.Mvc.AuthorizeAttribute).Name;
var attributeToDetect = (controllerType == ControllerType.MVC)
? mvcAuthorizeAttributeName
: webApiAuthorizeAttributeName;
var classValidation = typeViewer.HasClassAttribute(attributeToDetect);
var methodValidation = typeViewer.HasMethodAttribute(attributeToDetect);
return(classValidation || methodValidation);
}
public static Csrf CheckForMitigations(this TypeViewer typeViewer, ControllerType controllerType)
{
const string webApiAntiForgeryAttributeName = "ValidateHttpAntiForgeryTokenAttribute";
var mvcAntiForgeryAttributeName = typeof(System.Web.Mvc.ValidateAntiForgeryTokenAttribute).Name;
var attributeToDetect = (controllerType == ControllerType.MVC)
? mvcAntiForgeryAttributeName
: webApiAntiForgeryAttributeName;
var classValidation = typeViewer.HasClassAttribute(attributeToDetect);
var methodValidation = typeViewer.HasMethodAttribute(attributeToDetect);
return(classValidation ? Csrf.Class
: methodValidation?Csrf.Method
: Csrf.None);
}
public void has_class_attribute_returns_false_by_default()
{
_sut.HasClassAttribute(typeof(ValidateHttpAntiForgeryToken).Name).ShouldBeFalse();
}