def test_scan_detects_absence_of_trackers(self):
"""
If a site contains no known trackers, result.no_analytics should be True
"""
fpf_site = DirectoryEntry(title='FPF',
landing_page_url='https://freedom.press/',
onion_address='notreal.onion')
result = scanner.scan(fpf_site)
self.assertTrue(result.no_analytics)
def test_scan_detects_presence_of_trackers(self):
"""
If a site contains common trackers, result.no_analytics should be False
"""
ap_site = DirectoryEntry(title='AP',
landing_page_url='https://www.ap.org/en-us/',
onion_address='notreal.onion')
result = scanner.scan(ap_site)
self.assertFalse(result.no_analytics)
def test_scan_returns_result_if_site_live(self):
"""
If a site can be connected to, scanner should return a result with
result.live True
"""
securedrop = DirectoryEntry(title='Freedom of the Press Foundation',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion')
result = scanner.scan(securedrop)
self.assertTrue(result.live)
def test_scan_returns_reurns_url_if_site_not_live(self):
"""
If a site cannot be connected to, scanner should return a ScanResult
with the URL attribute set.
"""
securedrop = DirectoryEntry(title='Freedom of the Press Foundation',
landing_page_url=NON_EXISTENT_URL,
onion_address='notreal.onion')
result = scanner.scan(securedrop)
self.assertEqual(result.landing_page_url, NON_EXISTENT_URL)
def test_scan_returns_result_if_site_not_live(self):
"""
If a site cannot be connected to, scanner should return a ScanResult
with result.live False
In addition to vcrpy, this test mocks requests.get to simulate a
ConnectionError for a URL that does not exist without actually sending
an HTTP request to that URL
"""
securedrop = DirectoryEntry(title='Freedom of the Press Foundation',
landing_page_url=NON_EXISTENT_URL,
onion_address='notreal.onion')
result = scanner.scan(securedrop)
self.assertFalse(result.live)
def test_scan_result_attributes(self):
"""
If the site can be connected to, scanner should return a result with
all its attributes set
"""
securedrop = DirectoryEntry(title='Freedom of the Press Foundation',
landing_page_url='https://securedrop.org',
onion_address='notreal.onion')
result = scanner.scan(securedrop)
self.assertTrue(result.forces_https)
self.assertTrue(result.http_status_200_ok)
self.assertTrue(result.hsts)
self.assertTrue(result.hsts_max_age)
self.assertTrue(result.hsts_entire_domain)
self.assertTrue(result.hsts_preloaded)
self.assertIs(result.subdomain, False)
self.assertIs(result.no_cookies, False)
self.assertTrue(result.safe_onion_address)
self.assertIs(result.no_cdn, False)
self.assertTrue(result.no_cross_domain_redirects)
self.assertTrue(result.expected_encoding)
self.assertTrue(result.no_analytics)
self.assertTrue(result.no_server_info)
self.assertTrue(result.no_server_version)
self.assertTrue(result.csp_origin_only)
self.assertTrue(result.mime_sniffing_blocked)
self.assertIs(result.noopen_download, False)
self.assertTrue(result.xss_protection)
self.assertIs(result.clickjacking_protection, False)
self.assertIs(result.good_cross_domain_policy, False)
self.assertIs(result.http_1_0_caching_disabled, False)
self.assertIs(result.expires_set, False)
self.assertTrue(result.cache_control_set)
self.assertIs(result.cache_control_revalidate_set, False)
self.assertIs(result.cache_control_nocache_set, False)
self.assertIs(result.cache_control_notransform_set, False)
self.assertIs(result.cache_control_nostore_set, False)
self.assertIs(result.cache_control_private_set, False)
self.assertIs(result.referrer_policy_set_to_no_referrer, False)
self.assertIs(result.no_cross_domain_assets, False)
self.assertNotEqual(result.cross_domain_asset_summary, '')
def test_scan_detects_presence_of_cross_domain_assets(self):
"""
If a site contains cross-domain assets, result.no_cross_domain_assets should be False
"""
ap_site = DirectoryEntry(title='AP',
landing_page_url='https://www.ap.org/en-us/',
onion_address='notreal.onion')
result = scanner.scan(ap_site)
self.assertIs(result.no_cross_domain_assets, False)
expected_urls = (
'https://www.googletagmanager.com/ns.html?id=GTM-TSGB826',
'//searchg2-assets.crownpeak.net/crownpeak.searchg2-1.0.2.min.js',
'https://cdn.cookielaw.org/langswitch/ead3872f-33b9-4b16-a7f2-4ea8137893d3.js',
)
for url in expected_urls:
self.assertIn(url, result.cross_domain_asset_summary)
ignored_urls = (
'https://www.google-analytics.com/analytics.js',
'pardot.com/pd.js',
'https://www.googletagmanager.com/gtm.js?id=',
'www.crownpeak.com',
'searchg2.crownpeak.net/',
'http://www.w3.org/2000/svg',
'click.bs.carousel.data',
'click.bs.collapse.data',
'element.id',
'click.bs.modal.data',
'hidden.bs.tab',
'shown.bs.tab',
'bs.tab',
'hide.bs.tab',
'show.bs.tab',
'click.bs.tab.data',
)
for url in ignored_urls:
self.assertIn(url, result.ignored_cross_domain_assets)