def test_xml_not_valid(self):
        self.reqs['resources']['/crossdomain.xml'] = '<![..]>'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('xml-not-parsable', result['result'])
        self.assertFalse(result['pass'])
    def test_xml_not_valid(self):
        self.reqs['resources']['/crossdomain.xml'] = '<![..]>'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('xml-not-parsable', result['result'])
        self.assertFalse(result['pass'])
    def test_acao_public(self):
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = '*'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-public-access', result['result'])
        self.assertEquals('*', result['data']['acao'])
        self.assertTrue(result['pass'])
Exemple #4
0
    def test_acao_public(self):
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = '*'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-public-access', result['result'])
        self.assertEquals('*', result['data']['acao'])
        self.assertTrue(result['pass'])
Exemple #5
0
    def test_acao_restricted_with_acao(self):
        self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.services.mozilla.com'
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = 'https://mozilla.com'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
        self.assertTrue(result['pass'])
    def test_acao_restricted_with_acao(self):
        self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.security.mozilla.org'
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = 'https://mozilla.com'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
        self.assertTrue(result['pass'])
    def test_acao_universal_with_crossdomain(self):
        self.reqs['resources']['/crossdomain.xml'] = """
        <cross-domain-policy>
          <allow-access-from domain="*" secure="true"/>
        </cross-domain-policy>"""

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
        self.assertFalse(result['pass'])
Exemple #8
0
    def test_acao_universal_with_crossdomain(self):
        self.reqs['resources']['/crossdomain.xml'] = """
        <cross-domain-policy>
          <allow-access-from domain="*" secure="true"/>
        </cross-domain-policy>"""

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
        self.assertFalse(result['pass'])
    def test_acao_universal_with_acao(self):
        self.reqs['responses']['cors'].request.headers['Origin'] = 'https://http-observatory.services.mozilla.com'
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = \
            'https://http-observatory.services.mozilla.com'
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Credentials'] = 'true'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
        self.assertFalse(result['pass'])
    def test_acao_restricted_with_crossdomain(self):
        self.reqs['resources']['/crossdomain.xml'] = """
        <cross-domain-policy>
          <allow-access-from domain="http-observatory.security.mozilla.org" secure="true"/>
          <allow-access-from domain="github.com" secure="true"/>
        </cross-domain-policy>"""

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
        self.assertEquals(['http-observatory.security.mozilla.org', 'github.com'], result['data']['crossdomain'])
        self.assertTrue(result['pass'])
Exemple #11
0
    def test_acao_restricted_with_crossdomain(self):
        self.reqs['resources']['/crossdomain.xml'] = """
        <cross-domain-policy>
          <allow-access-from domain="http-observatory.services.mozilla.com" secure="true"/>
          <allow-access-from domain="github.com" secure="true"/>
        </cross-domain-policy>"""

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
        self.assertEquals(['http-observatory.services.mozilla.com', 'github.com'], result['data']['crossdomain'])
        self.assertTrue(result['pass'])
Exemple #12
0
    def test_acao_universal_with_acao(self):
        self.reqs['responses']['cors'].request.headers[
            'Origin'] = 'https://http-observatory.security.mozilla.org'
        self.reqs['responses']['cors'].headers['Access-Control-Allow-Origin'] = \
            'https://http-observatory.security.mozilla.org'
        self.reqs['responses']['cors'].headers[
            'Access-Control-Allow-Credentials'] = 'true'

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals(
            'cross-origin-resource-sharing-implemented-with-universal-access',
            result['result'])
        self.assertFalse(result['pass'])
Exemple #13
0
    def test_acao_universal_with_clientaccess(self):
        self.reqs['resources']['/clientaccesspolicy.xml'] = """
        <access-policy>
          <cross-domain-access>
            <policy>
              <allow-from http-methods="*">
                <domain uri="*"/>
              </allow-from>
            </policy>
          </cross-domain-access>
        </access-policy>"""
        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
        self.assertFalse(result['pass'])
    def test_acao_universal_with_clientaccess(self):
        self.reqs['resources']['/clientaccesspolicy.xml'] = """
        <access-policy>
          <cross-domain-access>
            <policy>
              <allow-from http-methods="*">
                <domain uri="*"/>
              </allow-from>
            </policy>
          </cross-domain-access>
        </access-policy>"""
        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-universal-access', result['result'])
        self.assertFalse(result['pass'])
Exemple #15
0
    def test_acao_restricted_with_clientaccess(self):
        self.reqs['resources']['/clientaccesspolicy.xml'] = """
        <access-policy>
          <cross-domain-access>
            <policy>
              <allow-from http-methods="*">
                <domain uri="http-observatory.services.mozilla.com"/>
                <domain uri="github.com"/>
              </allow-from>
            </policy>
          </cross-domain-access>
        </access-policy>"""

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
        self.assertEquals(['http-observatory.services.mozilla.com', 'github.com'],
                          result['data']['clientaccesspolicy'])
        self.assertTrue(result['pass'])
    def test_acao_restricted_with_clientaccess(self):
        self.reqs['resources']['/clientaccesspolicy.xml'] = """
        <access-policy>
          <cross-domain-access>
            <policy>
              <allow-from http-methods="*">
                <domain uri="http-observatory.security.mozilla.org"/>
                <domain uri="github.com"/>
              </allow-from>
            </policy>
          </cross-domain-access>
        </access-policy>"""

        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-implemented-with-restricted-access', result['result'])
        self.assertEquals(['http-observatory.security.mozilla.org', 'github.com'],
                          result['data']['clientaccesspolicy'])
        self.assertTrue(result['pass'])
Exemple #17
0
    def test_acao_not_implemented(self):
        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-not-implemented',
                          result['result'])
        self.assertTrue(result['pass'])
    def test_acao_not_implemented(self):
        result = cross_origin_resource_sharing(self.reqs)

        self.assertEquals('cross-origin-resource-sharing-not-implemented', result['result'])
        self.assertTrue(result['pass'])