def test_config(self): """ Test that the various CSP_REPORTS_X settings correctly control which handlers are called. """ mock_paths = [ "cspreports.utils.email_admins", "cspreports.utils.save_report", "cspreports.utils.log_report", ] corresponding_settings = [ "CSP_REPORTS_EMAIL_ADMINS", "CSP_REPORTS_SAVE", "CSP_REPORTS_LOG", ] for i in range(len(mock_paths)): mocks = [patch(path) for path in mock_paths] settings_overrides = { setting: True if j == i else False for j, setting in enumerate(corresponding_settings) } with override_settings(**settings_overrides): with mocks[0] as mocked_object_0, mocks[ 1] as mocked_object_1, mocks[2] as mocked_object_2: mocked_objects = [ mocked_object_0, mocked_object_1, mocked_object_2 ] request = HttpRequest() utils.process_report(request) for k, mocked_object in enumerate(mocked_objects): if k == i: self.assertTrue(mocked_object.called) else: self.assertFalse(mocked_object.called)
def test_config(self): """ Test that the various CSP_REPORTS_X settings correctly control which handlers are called. """ mock_paths = [ "cspreports.utils.email_admins", "cspreports.utils.save_report", "cspreports.utils.log_report", ] corresponding_settings = [ "CSP_REPORTS_EMAIL_ADMINS", "CSP_REPORTS_SAVE", "CSP_REPORTS_LOG", ] for i in xrange(len(mock_paths)): mocks = [mock.patch(path) for path in mock_paths] settings_overrides = { setting: True if j == i else False for j, setting in enumerate(corresponding_settings) } with override_settings(**settings_overrides): with nested(*mocks) as mocked_objects: request = HttpRequest() utils.process_report(request) for k, mocked_object in enumerate(mocked_objects): if k == i: self.assertTrue(mocked_object.called) else: self.assertFalse(mocked_object.called)
def test_filter_function(self): """ Test that setting CSP_REPORTS_FILTER_FUNCTION allows the given function to filter out requests. """ report1 = '{"document-uri": "http://not-included.com/"}' report2 = '{"document-uri": "http://included.com/"}' request = HttpRequest() request._body = report1 with patch('cspreports.utils.log_report') as log_patch: utils.process_report(request) self.assertFalse(log_patch.called) request._body = report2 utils.process_report(request) self.assertTrue(log_patch.called)
def test_run_additional_handlers(self): """ Test that the run_additional_handlers function correctly calls each of the specified custom handler functions. """ # utils stores a cache of the handlers (for efficiency, so kill that) utils._additional_handlers = None request = HttpRequest() with override_settings( CSP_REPORTS_ADDITIONAL_HANDLERS=["cspreports.tests.my_handler"], CSP_REPORTS_EMAIL_ADMINS=False, CSP_REPORTS_LOG=False, CSP_REPORTS_SAVE=False, ): utils.process_report(request) self.assertTrue(request.my_handler_called)
def test_run_additional_handlers(self): """ Test that the run_additional_handlers function correctly calls each of the specified custom handler functions. """ # utils stores a cache of the handlers (for efficiency, so kill that) utils._additional_handlers = None request = HttpRequest() with override_settings( CSP_REPORTS_ADDITIONAL_HANDLERS=[ "cspreports.tests.test_utils.my_handler" ], CSP_REPORTS_EMAIL_ADMINS=False, CSP_REPORTS_LOG=False, CSP_REPORTS_SAVE=False, ): utils.process_report(request) self.assertTrue(request.my_handler_called)
def report_csp(request): """ The handler for browsers to send Content Security Policy violation reports to. The 'report-uri' in HTTP Content-Security-Policy headers should point to this view. """ process_report(request) return HttpResponse('')