Exemplos de CSPReport.from_message em Python

Exemplo n.º 1

    def test_empty_csp_report(self):
        # Test JSON with empty 'csp-report' object.
        report = CSPReport.from_message("{'csp-report': {}}")

        self.assertFalse(report.is_valid)
        self.assertEqual(report.json, "{'csp-report': {}}")
        self.assertIsNone(report.document_uri)

Exemplo n.º 2

    def test_invalid_json(self):
        # Test report which is not a valid JSON.
        report = CSPReport.from_message('NOT_A_JSON')

        self.assertFalse(report.is_valid)
        self.assertEqual(report.json, 'NOT_A_JSON')
        self.assertIsNone(report.document_uri)

Exemplo n.º 3

    def test_invalid_report(self):
        # Test report which is only a valid JSON.
        report = CSPReport.from_message('{}')

        self.assertFalse(report.is_valid)
        self.assertEqual(report.json, '{}')
        self.assertIsNone(report.document_uri)

Exemplo n.º 4

Arquivo: test_models.py Projeto: adamalton/django-csp-reports

    def test_json_str_value_to_int(self):
        data = {
            'csp-report': {
                'document-uri': 'http://protected.example.cz/',
                'referrer': 'http://referrer.example.cz/',
                'blocked-uri': 'http://dangerous.example.cz/',
                'violated-directive': 'Very protective directive.',
                'original-policy': 'Nothing is allowed.',
                'source-file': 'nasty-script.js',
                'status-code': 0,
                'line-number': '36',
                'column-number': 32,
            }
        }

        message = json.dumps(data)
        report = CSPReport.from_message(message)

        self.assertTrue(report.is_valid)
        self.assertEqual(report.json, message)
        self.assertEqual(report.document_uri, 'http://protected.example.cz/')
        self.assertEqual(report.referrer, 'http://referrer.example.cz/')
        self.assertEqual(report.blocked_uri, 'http://dangerous.example.cz/')
        self.assertEqual(report.violated_directive,
                         'Very protective directive.')
        self.assertEqual(report.source_file, 'nasty-script.js')
        self.assertEqual(report.line_number, 36)

Exemplo n.º 5

    def test_valid_csp_2_plus(self):
        # Test valid CSP report according to CSP level >= 2.0
        data = {
            'csp-report': {
                'document-uri': 'http://protected.example.cz/',
                'referrer': 'http://referrer.example.cz/',
                'blocked-uri': 'http://dangerous.example.cz/',
                'violated-directive': 'Very protective directive.',
                'original-policy': 'Nothing is allowed.',
                'source-file': 'nasty-script.js'
            }
        }
        message = json.dumps(data)
        report = CSPReport.from_message(message)

        self.assertTrue(report.is_valid)
        self.assertEqual(report.json, message)
        self.assertEqual(report.document_uri, 'http://protected.example.cz/')
        self.assertEqual(report.referrer, 'http://referrer.example.cz/')
        self.assertEqual(report.blocked_uri, 'http://dangerous.example.cz/')
        self.assertEqual(report.violated_directive,
                         'Very protective directive.')
        self.assertEqual(report.original_policy, 'Nothing is allowed.')
        self.assertEqual(report.source_file, 'nasty-script.js')
        self.assertIsNone(report.effective_directive)

Exemplo n.º 6

Arquivo: utils.py Projeto: adamalton/django-csp-reports

def save_report(request):
    message = request.body
    if isinstance(message, bytes):
        message = message.decode(request.encoding or settings.DEFAULT_CHARSET)

    report = CSPReport.from_message(message)
    report.user_agent = request.META.get('HTTP_USER_AGENT', '')
    report.save()

Exemplo n.º 7

    def test_partial_csp_report(self):
        # Test partial, but invalid CSP report
        data = {'csp-report': {'blocked-uri': 'self', 'violated-directive': 'inline script base restriction'}}
        message = json.dumps(data)
        report = CSPReport.from_message(message)

        self.assertFalse(report.is_valid)
        self.assertEqual(report.json, message)
        self.assertIsNone(report.document_uri)
        self.assertEqual(report.blocked_uri, 'self')
        self.assertEqual(report.violated_directive, 'inline script base restriction')

Exemplo n.º 8

    def test_valid_empty_fields(self):
        # Test valid CSP report according to CSP 1.0 with some fields with empty values
        data = {'csp-report': {'document-uri': 'http://protected.example.cz/',
                               'referrer': '',
                               'blocked-uri': '',
                               'violated-directive': 'Very protective directive.',
                               'original-policy': 'Nothing is allowed.'}}
        message = json.dumps(data)
        report = CSPReport.from_message(message)

        self.assertTrue(report.is_valid)
        self.assertEqual(report.json, message)
        self.assertEqual(report.document_uri, 'http://protected.example.cz/')
        self.assertEqual(report.referrer, '')
        self.assertEqual(report.blocked_uri, '')
        self.assertEqual(report.violated_directive, 'Very protective directive.')
        self.assertEqual(report.original_policy, 'Nothing is allowed.')
        self.assertIsNone(report.effective_directive)

Exemplo n.º 9

    def test_invalid_disposition(self):
        # Test invalid disposition is ignored.
        data = {'csp-report': {'document-uri': 'http://protected.example.cz/',
                               'referrer': 'http://referrer.example.cz/',
                               'blocked-uri': 'http://dangerous.example.cz/',
                               'violated-directive': 'Very protective directive.',
                               'original-policy': 'Nothing is allowed.',
                               'disposition': 'INVALID'}}
        message = json.dumps(data)
        report = CSPReport.from_message(message)

        self.assertTrue(report.is_valid)
        self.assertEqual(report.json, message)
        self.assertEqual(report.document_uri, 'http://protected.example.cz/')
        self.assertEqual(report.referrer, 'http://referrer.example.cz/')
        self.assertEqual(report.blocked_uri, 'http://dangerous.example.cz/')
        self.assertEqual(report.violated_directive, 'Very protective directive.')
        self.assertEqual(report.original_policy, 'Nothing is allowed.')
        self.assertIsNone(report.disposition)

Exemplo n.º 10

    def test_valid_line_number(self):
        # Test valid line number is extracted.
        data = {'csp-report': {'document-uri': 'http://protected.example.cz/',
                               'referrer': 'http://referrer.example.cz/',
                               'blocked-uri': 'http://dangerous.example.cz/',
                               'violated-directive': 'Very protective directive.',
                               'original-policy': 'Nothing is allowed.',
                               'line-number': 666}}
        message = json.dumps(data)
        report = CSPReport.from_message(message)

        self.assertTrue(report.is_valid)
        self.assertEqual(report.json, message)
        self.assertEqual(report.document_uri, 'http://protected.example.cz/')
        self.assertEqual(report.referrer, 'http://referrer.example.cz/')
        self.assertEqual(report.blocked_uri, 'http://dangerous.example.cz/')
        self.assertEqual(report.violated_directive, 'Very protective directive.')
        self.assertEqual(report.original_policy, 'Nothing is allowed.')
        self.assertEqual(report.line_number, 666)

Exemplo n.º 11

def save_report(request):
    report = CSPReport.from_message(
        request.body.decode(request.encoding or settings.DEFAULT_CHARSET))
    report.user_agent = request.META.get('HTTP_USER_AGENT', '')
    report.save()