def test_csp_gen_2(self):
csp_dict = { 'default-src' : ['self'] }
expected = " default-src 'self';"
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
self.assertEqual(generated,expected)
def test_csp_gen_3(self):
csp_dict = { 'script-src' : ['self','www.google-analytics.com','ajax.googleapis.com'] }
expected = " script-src 'self' www.google-analytics.com ajax.googleapis.com;"
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
self.assertEqual(generated,expected)
def test_csp_gen_1(self):
csp_dict = {
'default-src': ['self', 'cdn.example.com'], 'script-src': ['self', 'js.example.com'], 'style-src': ['self', 'css.example.com'], 'img-src': ['self', 'img.example.com'], 'connect-src': ['self'], 'font-src': ['fonts.example.com'], 'object-src': ['self'], 'media-src': ['media.example.com'], 'frame-src': ['self'], 'sandbox':[''], 'report-uri':'http://example.com/csp-report',
}
expected = " script-src 'self' js.example.com; default-src 'self' cdn.example.com; img-src 'self' img.example.com; connect-src 'self'; style-src 'self' css.example.com; report-uri http://example.com/csp-report; frame-src 'self'; sandbox ; object-src 'self'; media-src media.example.com; font-src fonts.example.com;"
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
self.assertEqual(generated,expected)
def test_csp_gen_2(self):
csp_dict = {'default-src': ('none', ), 'script-src': ['none']}
expected = "default-src 'none'; script-src 'none'"
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
expected_list = sorted(x.strip() for x in expected.split(';'))
generated_list = sorted(x.strip() for x in generated.split(';'))
self.assertEqual(generated_list, expected_list)
def test_csp_gen_2(self):
csp_dict = {'default-src': ('none',), 'script-src': ['none']}
expected = "default-src 'none'; script-src 'none'"
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
expected_list = sorted(x.strip() for x in expected.split(';'))
generated_list = sorted(x.strip() for x in generated.split(';'))
self.assertEqual(generated_list, expected_list)
def test_csp_gen_1(self):
csp_dict = {
'default-src': ['self', 'cdn.example.com'],
'script-src': ['self', 'js.example.com'],
'style-src': ['self', 'css.example.com'],
'img-src': ['self', 'img.example.com'],
'connect-src': [
'self',
],
'font-src': [
'fonts.example.com',
],
'object-src': ['self'],
'media-src': [
'media.example.com',
],
'frame-src': [
'*',
],
'sandbox': [
'',
],
'reflected-xss': 'filter',
'referrer': 'origin',
'report-uri': 'http://example.com/csp-report',
}
expected = ("script-src 'self' js.example.com;"
"default-src 'self' cdn.example.com;"
"img-src 'self' img.example.com;"
"connect-src 'self';"
"reflected-xss filter;"
"style-src 'self' css.example.com;"
"report-uri http://example.com/csp-report;"
"frame-src *;"
"sandbox ;"
"object-src 'self';"
"media-src media.example.com;"
"referrer origin;"
"font-src fonts.example.com")
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
# We can't assume the iteration order on the csp_dict, so we split the
# output, sort, and ensure we got all the results back, regardless of
# the order.
expected_list = sorted(x.strip() for x in expected.split(';'))
generated_list = sorted(x.strip() for x in generated.split(';'))
self.assertEqual(generated_list, expected_list)
def test_csp_gen_3(self):
csp_dict = {
'script-src': [
'self',
'www.google-analytics.com',
'ajax.googleapis.com',
],
}
expected = ("script-src "
"'self' www.google-analytics.com ajax.googleapis.com")
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
self.assertEqual(generated, expected)
def test_csp_gen_1(self):
csp_dict = {
'default-src': ['self', 'cdn.example.com'],
'script-src': ['self', 'js.example.com'],
'style-src': ['self', 'css.example.com'],
'img-src': ['self', 'img.example.com'],
'connect-src': ['self', ],
'font-src': ['fonts.example.com', ],
'object-src': ['self'],
'media-src': ['media.example.com', ],
'frame-src': ['*', ],
'sandbox': ['', ],
'reflected-xss': 'filter',
'referrer': 'origin',
'report-uri': 'http://example.com/csp-report',
}
expected = (
"script-src 'self' js.example.com;"
"default-src 'self' cdn.example.com;"
"img-src 'self' img.example.com;"
"connect-src 'self';"
"reflected-xss filter;"
"style-src 'self' css.example.com;"
"report-uri http://example.com/csp-report;"
"frame-src *;"
"sandbox ;"
"object-src 'self';"
"media-src media.example.com;"
"referrer origin;"
"font-src fonts.example.com"
)
csp = ContentSecurityPolicyMiddleware()
generated = csp._csp_builder(csp_dict)
# We can't assume the iteration order on the csp_dict, so we split the
# output, sort, and ensure we got all the results back, regardless of
# the order.
expected_list = sorted(x.strip() for x in expected.split(';'))
generated_list = sorted(x.strip() for x in generated.split(';'))
self.assertEqual(generated_list, expected_list)
def test_csp_gen_err6(self):
# Not an allowed directive, expect failure
csp_dict = {'reflected-xss': 'invalid'}
csp = ContentSecurityPolicyMiddleware()
self.assertRaises(MiddlewareNotUsed, csp._csp_builder, csp_dict)
def test_csp_gen_err4(self):
# Not an allowed directive, expect failure
csp_dict = {'sandbox': ('invalid', )}
csp = ContentSecurityPolicyMiddleware()
self.assertRaises(MiddlewareNotUsed, csp._csp_builder, csp_dict)
def test_csp_gen_err3(self):
csp_dict = {'sandbox': 'none'} # not a list or tuple, expect failure
csp = ContentSecurityPolicyMiddleware()
self.assertRaises(MiddlewareNotUsed, csp._csp_builder, csp_dict)
def test_csp_gen_err2(self):
csp_dict = {'invalid': 'self'} # invalid directive
csp = ContentSecurityPolicyMiddleware()
self.assertRaises(MiddlewareNotUsed, csp._csp_builder, csp_dict)
def test_csp_gen_err(self):
# argument not passed as array, expect failure
csp_dict = {'default-src': 'self'}
csp = ContentSecurityPolicyMiddleware()
self.assertRaises(MiddlewareNotUsed, csp._csp_builder, csp_dict)
