def test_disabled(self):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '0'
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-disabled', result['result'])
self.assertFalse(result['pass'])
def test_enabled_noblock(self):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '1'
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-enabled', result['result'])
self.assertTrue(result['pass'])
def test_enabled_block(self):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '1; mode=block'
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-enabled-mode-block', result['result'])
self.assertTrue(result['pass'])
def test_header_invalid(self):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = 'whimsy'
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-header-invalid', result['result'])
self.assertFalse(result['pass'])
def test_enabled_via_csp(self):
self.reqs['responses']['auto'].headers['Content-Security-Policy'] = 'script-src \'none\''
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-not-needed-due-to-csp', result['result'])
self.assertTrue(result['pass'])
def test_header_invalid(self):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = 'whimsy'
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-header-invalid', result['result'])
self.assertFalse(result['pass'])
def test_disabled(self):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '0'
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-disabled', result['result'])
self.assertFalse(result['pass'])
def test_enabled_via_csp(self):
self.reqs['responses']['auto'].headers['Content-Security-Policy'] = "object-src 'none'; script-src 'none'"
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-not-needed-due-to-csp', result['result'])
self.assertTrue(result['pass'])
def test_enabled_noblock(self):
for value in ('1', '1 '):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = value
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-enabled', result['result'])
self.assertTrue(result['pass'])
def test_header_invalid(self):
for value in ('whimsy',
'2; mode=block',
'1; mode=block; mode=block',
'1; mode=block, 1; mode=block'):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = value
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-header-invalid', result['result'])
self.assertFalse(result['pass'])
def test_header_invalid(self):
for value in ('whimsy',
'2; mode=block',
'1; mode=block; mode=block',
'1; mode=block, 1; mode=block'):
self.reqs['responses']['auto'].headers['X-XSS-Protection'] = value
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-header-invalid', result['result'])
self.assertFalse(result['pass'])
def test_missing(self):
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-not-implemented', result['result'])
self.assertFalse(result['pass'])
def test_missing(self):
result = x_xss_protection(self.reqs)
self.assertEquals('x-xss-protection-not-implemented', result['result'])
self.assertFalse(result['pass'])
