public void IsThreat_WithSafeInput_ReturnsFalse()
{
// Arrange
string input = "This is a safe input.";
NoFormulaeExcelSanitizer sanitizer = new NoFormulaeExcelSanitizer();
// Act
bool result = sanitizer.IsThreat(input);
// Assert
Assert.Equal(false, result);
}
public void IsThreat_WithUnsafeInput_ReturnsTrue()
{
// Arrange
string input = "=cmd|'/C ping 127.0.0.1'!A0";
NoFormulaeExcelSanitizer sanitizer = new NoFormulaeExcelSanitizer();
// Act
bool result = sanitizer.IsThreat(input);
// Assert
Assert.Equal(true, result);
}
public static string EncodeAndCheck(string value, NoFormulaeExcelSanitizer excelSanitizer)
{
string result;
if (value == null)
{
result = string.Empty;
}
else
{
result = value.Equals("0.000") ? string.Empty : value.ToString();
}
if (excelSanitizer.IsThreat(result))
{
var message = string.Format(
"A potentially dangerous string was identified and sanitised when writing CSV data. The value was \"{0}\".",
result);
Trace.TraceWarning(message);
result = excelSanitizer.Sanitize(result);
}
if (result.Contains(","))
{
result = string.Concat("\"", value, "\"");
}
result = result.Replace("\r\n", " ");
result = result.Replace("\n\n", " ");
result = result.Replace("\r", " ");
result = result.Replace("\n", " ");
result = result.Trim();
return(result);
}