Beispiel #1
0
    def test_save_report_correct_format_missing_mandatory_fields(self):
        """ Test that the `save_report` saves CSPReport instance even if some required CSP Report
            fields are missing. However, the report should have its 'is_valid' field set to False.
        """
        assert CSPReport.objects.count() == 0  # sanity
        body = {
            'csp-report': {
                'document-uri': 'http://protected.example.cz/',
                'referrer':
                '',  # Required, but (for some reason) we treat an empty value as valid
                'blocked-uri': '',  # Ditto
                'violated-directive': 'Very protective directive.',
                'original-policy': 'Nothing is allowed.'
            }
        }
        request = RequestFactory(HTTP_USER_AGENT='Agent007').post(
            '/dummy/', json.dumps(body), content_type=JSON_CONTENT_TYPE)
        utils.save_report(request)

        reports = CSPReport.objects.all()
        self.assertQuerysetEqual(reports.values_list('user_agent'),
                                 [('Agent007', )],
                                 transform=tuple)
        report = reports[0]
        self.assertEqual(report.json, json.dumps(body))
        self.assertTrue(report.is_valid)
Beispiel #2
0
 def test_save_report(self):
     """ Test that the `save_report` handler correctly saves to the DB. """
     assert CSPReport.objects.count() == 0  # sanity
     request = HttpRequest()
     request._body = '{"document-uri": "http://example.com/"}'
     utils.save_report(request)
     reports = list(CSPReport.objects.all())
     self.assertEqual(len(reports), 1)
     self.assertEqual(reports[0].json, request.body)
Beispiel #3
0
 def test_save_report(self):
     """ Test that the `save_report` handler correctly saves to the DB. """
     assert CSPReport.objects.count() == 0 # sanity
     request = HttpRequest()
     request._body = '{"document-uri": "http://example.com/"}'
     utils.save_report(request)
     reports = list(CSPReport.objects.all())
     self.assertEqual(len(reports), 1)
     self.assertEqual(reports[0].json, request.body)
Beispiel #4
0
    def test_save_report_no_agent(self):
        """Test that the `save_report` handler correctly handles missing user agent header."""
        request = RequestFactory().post(
            '/dummy/',
            '{"document-uri": "http://example.com/"}',
            content_type=JSON_CONTENT_TYPE)

        utils.save_report(request)

        report = CSPReport.objects.first()
        self.assertQuerysetEqual(report.user_agent, '')
Beispiel #5
0
    def test_save_report(self):
        """ Test that the `save_report` handler correctly saves to the DB. """
        assert CSPReport.objects.count() == 0  # sanity
        body = '{"document-uri": "http://example.com/"}'
        request = RequestFactory(HTTP_USER_AGENT='Agent007').post(
            '/dummy/', body, content_type=JSON_CONTENT_TYPE)

        utils.save_report(request)

        reports = CSPReport.objects.all()
        self.assertQuerysetEqual(reports.values_list('user_agent'),
                                 [('Agent007', )],
                                 transform=tuple)
        self.assertEqual(reports[0].json, body)
Beispiel #6
0
    def test_save_report_correct_optional_fields(self):
        """ Test that the `save_report` saves all field values correctly, including coercion to the
            correct type(s).
        """
        assert CSPReport.objects.count() == 0  # sanity
        body = {
            'csp-report': {
                'document-uri': 'http://protected.example.cz/',
                'referrer': 'http://referrer.example.cz/',
                'blocked-uri': 'http://dangerous.example.cz/',
                'violated-directive': 'Very protective directive.',
                'original-policy': 'Nothing is allowed.',
                'source-file': 'nasty-script.js',
                'status-code': 0,
                'line-number': '36',
                'column-number': 32,
            }
        }
        request = RequestFactory(HTTP_USER_AGENT='Agent007').post(
            '/dummy/', json.dumps(body), content_type=JSON_CONTENT_TYPE)
        utils.save_report(request)

        report = CSPReport.objects.first()
        self.assertEqual(report.json, json.dumps(body))
        self.assertEqual(report.user_agent, 'Agent007')
        self.assertEqual(report.document_uri, 'http://protected.example.cz/')
        self.assertEqual(report.referrer, 'http://referrer.example.cz/')
        self.assertEqual(report.blocked_uri, 'http://dangerous.example.cz/')
        self.assertEqual(report.violated_directive,
                         'Very protective directive.')
        self.assertEqual(report.original_policy, 'Nothing is allowed.')
        self.assertEqual(report.source_file, 'nasty-script.js')
        self.assertEqual(report.status_code, 0)
        self.assertEqual(report.line_number, 36)
        self.assertEqual(report.column_number, 32)
        self.assertTrue(report.is_valid)