Python Secure示例

示例#1

async def test_secure_redirect(test_client, test_server, ssl_ctx):
    async def handler(request):
        return web.Response()

    app = web.Application()
    app.router.add_get('/', handler)
    secure = Secure()
    await _setup(app, secure)
    http_srv = await test_server(app)
    https_srv = await test_server(app, ssl=ssl_ctx)
    secure._redirect_url = https_srv.make_url('/')
    conn = aiohttp.TCPConnector(verify_ssl=False)
    async with aiohttp.ClientSession(connector=conn) as cl:
        url = http_srv.make_url('/')
        resp = await cl.get(url)
        assert resp.status == 200
        assert resp.request_info.url.scheme == 'https'

示例#2

async def test_default_redirect():
    s = Secure()

    async def handler(request):
        pass

    req = make_mocked_request('GET', '/path', headers={'Host': 'example.com'})
    with pytest.raises(web.HTTPPermanentRedirect) as ctx:
        await s.middleware(req, handler)
    assert ctx.value.location == URL('https://example.com/path')

示例#3

async def test_secure_no_redirection(test_client):
    async def handler(request):
        return web.Response()

    app = web.Application()
    app.router.add_get('/', handler)
    await _setup(app, Secure(redirect=False))
    cl = await test_client(app)
    resp = await cl.get('/')
    assert resp.status == 400
    assert resp.request_info.url.scheme == 'http'

示例#4

async def test_no_sts(test_client, test_server, ssl_ctx):
    async def handler(request):
        return web.Response()

    app = web.Application()
    app.router.add_get('/', handler)
    await _setup(app, Secure(sts=None))
    srv = await test_server(app, ssl=ssl_ctx)
    conn = aiohttp.TCPConnector(verify_ssl=False)
    cl = await test_client(srv, connector=conn)
    resp = await cl.get('/')
    print(resp.request_info.url)
    assert resp.status == 200
    assert resp.headers['X-Frame-Options'] == 'DENY'
    assert 'Strict-Transport-Security' not in resp.headers
    assert resp.headers['X-Content-Type-Options'] == 'nosniff'
    assert resp.headers['X-XSS-Protection'] == '1; mode=block'

示例#5

文件： test_secure.py 项目： stevespark/aiohttp-remotes

async def test_no_x_frame(aiohttp_client, aiohttp_server, ssl_ctx):
    async def handler(request):
        return web.Response()

    app = web.Application()
    app.router.add_get('/', handler)
    await _setup(app, Secure(x_frame=None))
    srv = await aiohttp_server(app, ssl=ssl_ctx)
    conn = aiohttp.TCPConnector(ssl=False)
    cl = await aiohttp_client(srv, connector=conn)
    resp = await cl.get('/')
    print(resp.request_info.url)
    assert resp.status == 200
    assert 'X-Frame-Options' not in resp.headers
    expected = 'max-age=31536000; includeSubDomains'
    assert resp.headers['Strict-Transport-Security'] == expected
    assert resp.headers['X-Content-Type-Options'] == 'nosniff'
    assert resp.headers['X-XSS-Protection'] == '1; mode=block'

示例#6

def test_redirect_url_ok():
    Secure(redirect_url='https://example.com')

示例#7

def test_redirect_url_with_path():
    with pytest.raises(ValueError):
        Secure(redirect_url='https://example.com/path/to')

示例#8

def test_non_https_redirect_url():
    with pytest.raises(ValueError):
        Secure(redirect_url='http://example.com')