def test_unsafe_inline_enabled_yes_case01(self): """ Test case in which site provides "unsafe-inline" related CSP for script. """ hrds = {} hrds[CSP_HEADER_FIREFOX] = CSP_DIRECTIVE_SCRIPT + " '" + CSP_DIRECTIVE_VALUE_UNSAFE_INLINE + "'" hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_SCRIPT + " 'self';" + CSP_DIRECTIVE_REPORT_URI + " /myrelativeuri" csp_headers = Headers(hrds.items()) http_response = HTTPResponse(200, "", csp_headers, self.url, self.url) self.assertTrue(unsafe_inline_enabled(http_response))
def test_unsafe_inline_enabled_yes_case02(self): ''' Test case in which site provides "unsafe-inline" related CSP for Style. ''' hrds = {} hrds[CSP_HEADER_FIREFOX] = CSP_DIRECTIVE_STYLE + " '" + \ CSP_DIRECTIVE_VALUE_UNSAFE_INLINE + "'" hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_SCRIPT + " 'self';" + \ CSP_DIRECTIVE_REPORT_URI + " /myrelativeuri" csp_headers = Headers(hrds.items()) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) self.assertTrue(unsafe_inline_enabled(http_response))
def test_unsafe_inline_enabled_no_case01(self): """ Test case in which site do not provides "unsafe-inline" related CSP (no directive value "unsafe-inline"). """ hrds = {} hrds[CSP_HEADER_FIREFOX] = CSP_DIRECTIVE_SCRIPT + " 'self'" hrds[CSP_HEADER_W3C_REPORT_ONLY] = ( CSP_DIRECTIVE_DEFAULT + " 'self';" + CSP_DIRECTIVE_REPORT_URI + " http://example.com" ) hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_SCRIPT + " 'self';" + CSP_DIRECTIVE_REPORT_URI + " /myrelativeuri" csp_headers = Headers(hrds.items()) http_response = HTTPResponse(200, "", csp_headers, self.url, self.url) self.assertFalse(unsafe_inline_enabled(http_response))
def test_unsafe_inline_enabled_no_case01(self): ''' Test case in which site do not provides "unsafe-inline" related CSP (no directive value "unsafe-inline"). ''' hrds = {} hrds[CSP_HEADER_FIREFOX] = CSP_DIRECTIVE_SCRIPT + " 'self'" hrds[CSP_HEADER_W3C_REPORT_ONLY] = CSP_DIRECTIVE_DEFAULT + \ " 'self';" + CSP_DIRECTIVE_REPORT_URI + " http://example.com" hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_SCRIPT + " 'self';" + \ CSP_DIRECTIVE_REPORT_URI + " /myrelativeuri" csp_headers = Headers(hrds.items()) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) self.assertFalse(unsafe_inline_enabled(http_response))