Example #1
0
 def test_invalid_header_contentSecurity(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {
             "Content-Security-Policy": "$# default-src https://my.csp.domain.amsterdam"
         }
     )
     header_config = nginx.get_http_headers()
     self.assertEquals([], header_config)
Example #2
0
 def test_valid_header_referrerPolicy(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"Referrer-Policy": "no-referrer-when-downgrade"}
     )
     header_config = nginx.get_http_headers()
     self.assertIn(
         ("Referrer-Policy", "no-referrer-when-downgrade"), header_config,
     )
Example #3
0
 def test_valid_header_permittedPolicies(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-Permitted-Cross-Domain-Policies": "by-content-type"}
     )
     header_config = nginx.get_http_headers()
     self.assertIn(
         ("X-Permitted-Cross-Domain-Policies", "by-content-type"),
         header_config,
     )
Example #4
0
 def test_valid_header_xfrmaeOption(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-Frame-Options": "allow-from https://mendix.com"}
     )
     os.environ["X_FRAME_OPTIONS"] = "deny"
     header_config = nginx.get_http_headers()
     self.assertIn(
         ("X-Frame-Options", "allow-from https://mendix.com"),
         header_config,
     )
Example #5
0
 def test_valid_header_contentSecurity(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {
             "Content-Security-Policy": "default-src https: \u0027unsafe-eval\u0027 \u0027unsafe-inline\u0027; object-src \u0027none\u0027"  # noqa: E501
         }
     )
     header_config = nginx.get_http_headers()
     self.assertIn(
         (
             "Content-Security-Policy",
             "default-src https: \\'unsafe-eval\\' \\'unsafe-inline\\'; object-src \\'none\\'",
         ),  # noqa: E501
         header_config,
     )
Example #6
0
 def test_valid_header_xssProtection(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {
             "X-XSS-Protection": "1; report=https://domainwithnewstyle.tld.consultancy"
         }
     )
     header_config = nginx.get_http_headers()
     self.assertIn(
         (
             "X-XSS-Protection",
             "1; report=https://domainwithnewstyle.tld.consultancy",
         ),
         header_config,
     )
Example #7
0
 def test_valid_header_partial(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {
             "Referrer-Policy": "no-referrr-when-downgrade",
             "Access-Control-Allow-Origin": "https://this.is.mydomain.nl",
             "X-Content-Type-Options": "nosniff",
         }
     )
     header_config = nginx.get_http_headers()
     self.assertNotIn(
         (
             "X-XSS-Protection",
             "1; report=https://domainwithnewstyle.tld.consultancy",
         ),
         header_config,
     )
Example #8
0
 def test_invalid_header_contentType(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-Content-Type-Options": ""}
     )
     header_config = nginx.get_http_headers()
     self.assertEquals([], header_config)
Example #9
0
 def test_valid_header_contentType(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-Content-Type-Options": "nosniff"}
     )
     header_config = nginx.get_http_headers()
     self.assertIn(("X-Content-Type-Options", "nosniff"), header_config)
Example #10
0
 def test_invalid_header_accessControl(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"Access-Control-Allow-Origin": "htps://this.is.mydomain.nl"}
     )
     header_config = nginx.get_http_headers()
     self.assertEquals([], header_config)
Example #11
0
 def test_valid_header_accessControl(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"Access-Control-Allow-Origin": "*"}
     )
     header_config = nginx.get_http_headers()
     self.assertIn(("Access-Control-Allow-Origin", "*"), header_config)
Example #12
0
 def test_valid_with_xframeOption(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = "{}"
     os.environ["X_FRAME_OPTIONS"] = "DENY"
     header_config = nginx.get_http_headers()
     self.assertIn(("X-Frame-Options", "DENY"), header_config)
Example #13
0
 def test_invalid_header_xframeOption(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-Frame-Options": "allow-form htps://mendix.com"}
     )
     header_config = nginx.get_http_headers()
     self.assertEquals([], header_config)
Example #14
0
 def test_invalid_header_json(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = "invalid"
     with self.assertRaises(ValueError):
         nginx.get_http_headers()
Example #15
0
 def test_invalid_header_xssProtection(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-XSS-Protection": "1;mode=bock"}
     )
     header_config = nginx.get_http_headers()
     self.assertEquals([], header_config)
Example #16
0
 def test_invalid_header_permittedPolicies(self):
     os.environ["HTTP_RESPONSE_HEADERS"] = json.dumps(
         {"X-Permitted-Cross-Domain-Policies": "#%#^#^"}
     )
     header_config = nginx.get_http_headers()
     self.assertEquals([], header_config)