public void EncodeUri_RelativePlainUri_ReturnsPlainUri()
{
const string expectedUri = "/CspReport";
var result = CspUriSource.EncodeUri(new Uri(expectedUri, UriKind.Relative));
Assert.Equal(expectedUri, result);
}
public void EncodeUri_AbsolutePlainUri_ReturnsPlainUri()
{
const string expectedUri = "https://report.nwebsec.com/CspReport";
var result = CspUriSource.EncodeUri(new Uri(expectedUri, UriKind.Absolute));
Assert.Equal(expectedUri, result);
}
public void EncodeUri_RelativeUriNeedsEncoding_ReturnsEncodedUri()
{
const string originalUri = "/CspReport,;";
const string expectedUri = "/CspReport%2C%3B";
var result = CspUriSource.EncodeUri(new Uri(originalUri, UriKind.Relative));
Assert.Equal(expectedUri, result);
}
public void EncodeUri_AbsoluteUriNeedsEncoding_ReturnsEncodedUri()
{
const string originalUri = "https://üüüüüü.de/CspReport,;/andré?a=b";
const string expectedUri = "https://xn--tdaaaaaa.de/CspReport%2C%3B/andr%C3%A9?a=b";
var result = CspUriSource.EncodeUri(new Uri(originalUri, UriKind.Absolute));
Assert.Equal(expectedUri, result);
}
public void EncodeUri_RelativeUriWithNoneAsciiChars_ReturnsEncodedUri()
{
const string originalUri = "/CspReport/André?a=b";
const string expectedUri = "/CspReport/Andr%C3%A9?a=b";
var result = CspUriSource.EncodeUri(new Uri(originalUri, UriKind.Relative));
Assert.Equal(expectedUri, result);
}
public override void Validate(object value)
{
var source = (string)value;
if (String.IsNullOrEmpty(source))
{
return;
}
try
{
CspUriSource.Parse(source);
}
catch (Exception e)
{
throw new ConfigurationErrorsException("Invalid source " + source + ". Details: " + e.Message, e);
}
}
/// <summary>
/// Sets custom sources for the CSP directive.
/// </summary>
/// <typeparam name="T">The type of the CSP directive configuration object.</typeparam>
/// <param name="directive">The CSP directive configuration object.</param>
/// <param name="sources">One or more custom sources.</param>
/// <returns>The CSP directive configuration object.</returns>
public static T CustomSources<T>(this T directive, params string[] sources) where T : class, ICspDirectiveBasicConfiguration
{
if (directive == null) throw new ArgumentNullException(nameof(directive));
if (sources.Length == 0) throw new ArgumentException("You must supply at least one source.", nameof(sources));
try
{
var type = typeof(T);
var enableHashes = type == typeof(ICspDirectiveConfiguration) || type == typeof(ICspDirectiveUnsafeInlineConfiguration);
directive.CustomSources = sources
.Select(s => (enableHashes ? CspHashSource.Parse(s) : null) ?? CspUriSource.Parse(s).ToString())
.ToArray();
}
catch (InvalidCspSourceException e)
{
throw new ArgumentException("Invalid source. Details: " + e.Message, nameof(sources), e);
}
return directive;
}
public void Uris(params string[] reportUris)
{
if (reportUris.Length == 0)
{
throw new ArgumentException("You must supply at least one report URI.", "reportUris");
}
var reportUriList = new List <string>();
foreach (var reportUri in reportUris)
{
Uri uri;
if (!Uri.TryCreate(reportUri, UriKind.RelativeOrAbsolute, out uri))
{
throw new ArgumentException("Could not parse reportUri: " + reportUri);
}
reportUriList.Add(CspUriSource.EncodeUri(uri));
}
ReportUris = reportUriList.ToArray();
}
/// <summary>
/// Sets custom sources for the CSP directive.
/// </summary>
/// <typeparam name="T">The type of the CSP directive configuration object.</typeparam>
/// <param name="directive">The CSP directive configuration object.</param>
/// <param name="sources">One or more custom sources.</param>
/// <returns>The CSP directive configuration object.</returns>
public static T CustomSources <T>(this T directive, params string[] sources) where T : class, ICspDirectiveBasicConfiguration
{
if (directive == null)
{
throw new ArgumentNullException(nameof(directive));
}
if (sources.Length == 0)
{
throw new ArgumentException("You must supply at least one source.", nameof(sources));
}
try
{
directive.CustomSources = sources.Select(s => CspUriSource.Parse(s).ToString()).ToArray();
}
catch (InvalidCspSourceException e)
{
throw new ArgumentException("Invalid source. Details: " + e.Message, nameof(sources), e);
}
return(directive);
}
public void Parse_WildcardTld_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("www.nwebsec.*"));
}
public void Parse_MissingScheme_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("//www.nwebsec.*"));
}
public void Parse_InvalidSchemeHost_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("0https://www.nwebsec.com"));
}
public void Parse_InvalidScheme_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("0https:"));
}
public void Parse_WildcardIdnHostWildcardPortAndPath_ReturnsResult()
{
var result = CspUriSource.Parse("*.üüüüüü.com:*/some/path");
Assert.Equal("*.xn--tdaaaaaa.com:*/some/path", result.ToString());
}
public void Parse_HostPortAndPath_ReturnsResult()
{
var result = CspUriSource.Parse("www.nwebsec.com:8000/some/path");
Assert.Equal("www.nwebsec.com:8000/some/path", result.ToString());
}
public void Parse_SchemeAndHostUpperCase_ReturnsLowerCaseResult()
{
var result = CspUriSource.Parse("HTTPS://www.NWEBSEC.com");
Assert.Equal("https://www.nwebsec.com", result.ToString());
}
public void Parse_SchemeOnly_ReturnsResult(string scheme)
{
var result = CspUriSource.Parse(scheme);
Assert.Equal(scheme, result.ToString());
}
public void Parse_SchemeHostAndInvalidPortNumber_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("https://www.nwebsec.com:65536"));
}
public void Parse_IdnHostAndWildCardPort_ReturnsResult()
{
var result = CspUriSource.Parse("www.üüüüüü.com:*");
Assert.Equal("www.xn--tdaaaaaa.com:*", result.ToString());
}
public void Parse_HostAndWildCardPort_ReturnsResult()
{
var result = CspUriSource.Parse("www.nwebsec.com:*");
Assert.Equal("www.nwebsec.com:*", result.ToString());
}
public void Parse_IdnHostPortAndPath_ReturnsResult()
{
var result = CspUriSource.Parse("www.üüüüüü.com:8000/some/path");
Assert.Equal("www.xn--tdaaaaaa.com:8000/some/path", result.ToString());
}
public void Parse_SchemeAndWildcardWithinHostname_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("https://www.*.com"));
}
public void Parse_SchemeHostAndDoublePort_ThrowsException()
{
Assert.Throws <InvalidCspSourceException>(() => CspUriSource.Parse("https://www.nwebsec.com:80:80"));
}
public void Parse_Host_ReturnsResult()
{
var result = CspUriSource.Parse("www.demo-nwebsec.com");
Assert.Equal("www.demo-nwebsec.com", result.ToString());
}
public void Parse_Wildcard_ReturnsResult()
{
var result = CspUriSource.Parse("*");
Assert.Equal("*", result.ToString());
}
public void Parse_WildcardIdnHost_ReturnsResult()
{
var result = CspUriSource.Parse("*.üüüüüü.com");
Assert.Equal("*.xn--tdaaaaaa.com", result.ToString());
}
public void Parse_SchemeAndHost_ReturnsResult()
{
var result = CspUriSource.Parse("https://www.nwebsec.com");
Assert.Equal("https://www.nwebsec.com", result.ToString());
}
public void Parse_WildcardHostAndPort_ReturnsResult()
{
var result = CspUriSource.Parse("*.nwebsec.com:8000");
Assert.Equal("*.nwebsec.com:8000", result.ToString());
}
public void Parse_SchemeAndIdnHost_ReturnsIdnResult()
{
var result = CspUriSource.Parse("https://www.üüüüüü.de");
Assert.Equal("https://www.xn--tdaaaaaa.de", result.ToString());
}
public void Parse_WildcardHostWildcardPortAndPath_ReturnsResult()
{
var result = CspUriSource.Parse("*.nwebsec.com:*/some/path");
Assert.Equal("*.nwebsec.com:*/some/path", result.ToString());
}
