def testPolicy_matches_defaultSrcNotSpecified_noMatch(self):
"""Policy contains no directive of resource type, and no default directive either.
Should assume 'default-src *' (no match for inline/eval resources)."""
pol = Policy((PolicyTest.sampleDirective5, ))
selfURI = PolicyTest.sampleURI1a
assert not pol.matches(URI.INLINE(), "script-src", selfURI)
assert not pol.matches(URI.EVAL(), "script-src", selfURI)
def testPolicy_matches_defaultSrcNotSpecified_noMatch(self):
"""Policy contains no directive of resource type, and no default directive either.
Should assume 'default-src *' (no match for inline/eval resources)."""
pol = Policy((PolicyTest.sampleDirective5,))
selfURI = PolicyTest.sampleURI1a
assert not pol.matches(URI.INLINE(), "script-src", selfURI)
assert not pol.matches(URI.EVAL(), "script-src", selfURI)
def testPolicy_matches_nonMatchingDirectiveTypeButDefaultMatches(self):
"""Policy contains directive of resource type that does not match
and default directive that does match, but it should not be applied."""
pol = Policy(
(PolicyTest.sampleDirective1a, PolicyTest.sampleDirective5))
selfURI = PolicyTest.sampleURI2
assert not pol.matches(PolicyTest.sampleURI1a, "connect-src", selfURI)
def testPolicy_matches_matchingDirectiveType(self):
"""Policy contains directive of resource type that matches."""
pol = Policy(
(PolicyTest.sampleDirective1a, PolicyTest.sampleDirective5))
selfURI = PolicyTest.sampleURI2
assert pol.matches(
URI("https", "abc.seclab.nu", 443, "/path", "some-query"),
"connect-src", selfURI)
def testPolicy_matches_defaultSrcNotSpecified_match(self):
"""Policy contains no directive of resource type, and no default directive either.
Should assume 'default-src *' (match for regular resources)."""
pol = Policy((PolicyTest.sampleDirective5, ))
selfURI = PolicyTest.sampleURI1a
assert pol.matches(PolicyTest.sampleURI2, "script-src", selfURI)
def testPolicy_matches_defaultSrcNotUsable(self):
"""Policy contains no directive of resource type, but a default directive.
Default-src cannot be used in this case because not allowed for resource type."""
pol = Policy((PolicyTest.sampleDirective1a, ))
selfURI = PolicyTest.sampleURI2
assert not pol.matches(PolicyTest.sampleURI1a, "form-action", selfURI)
def testPolicy_matches_defaultSrcNoMatch(self):
"""Policy contains no directive of resource type, but a default directive.
Default-src does not match."""
pol = Policy((PolicyTest.sampleDirective1a, ))
selfURI = PolicyTest.sampleURI1a
assert not pol.matches(PolicyTest.sampleURI2, "img-src", selfURI)
def testPolicy_matches_defaultSrcMatches(self):
"""Policy contains no directive of resource type, but a default directive that matches."""
pol = Policy(
(PolicyTest.sampleDirective1a, PolicyTest.sampleDirective5))
selfURI = PolicyTest.sampleURI2
assert pol.matches(PolicyTest.sampleURI1a, "script-src", selfURI)
def testPolicy_matches_defaultSrcMatches(self):
"""Policy contains no directive of resource type, but a default directive that matches."""
pol = Policy((PolicyTest.sampleDirective1a, PolicyTest.sampleDirective5))
selfURI = PolicyTest.sampleURI2
assert pol.matches(PolicyTest.sampleURI1a, "script-src", selfURI)
def testPolicy_matches_nonMatchingDirectiveTypeButDefaultMatches(self):
"""Policy contains directive of resource type that does not match
and default directive that does match, but it should not be applied."""
pol = Policy((PolicyTest.sampleDirective1a, PolicyTest.sampleDirective5))
selfURI = PolicyTest.sampleURI2
assert not pol.matches(PolicyTest.sampleURI1a, "connect-src", selfURI)
def testPolicy_matches_matchingDirectiveType(self):
"""Policy contains directive of resource type that matches."""
pol = Policy((PolicyTest.sampleDirective1a, PolicyTest.sampleDirective5))
selfURI = PolicyTest.sampleURI2
assert pol.matches(URI("https", "abc.seclab.nu", 443, "/path", "some-query"), "connect-src", selfURI)
def testPolicy_matches_defaultSrcNotSpecified_match(self):
"""Policy contains no directive of resource type, and no default directive either.
Should assume 'default-src *' (match for regular resources)."""
pol = Policy((PolicyTest.sampleDirective5,))
selfURI = PolicyTest.sampleURI1a
assert pol.matches(PolicyTest.sampleURI2, "script-src", selfURI)
def testPolicy_matches_defaultSrcNotUsable(self):
"""Policy contains no directive of resource type, but a default directive.
Default-src cannot be used in this case because not allowed for resource type."""
pol = Policy((PolicyTest.sampleDirective1a,))
selfURI = PolicyTest.sampleURI2
assert not pol.matches(PolicyTest.sampleURI1a, "form-action", selfURI)
def testPolicy_matches_defaultSrcNoMatch(self):
"""Policy contains no directive of resource type, but a default directive.
Default-src does not match."""
pol = Policy((PolicyTest.sampleDirective1a,))
selfURI = PolicyTest.sampleURI1a
assert not pol.matches(PolicyTest.sampleURI2, "img-src", selfURI)