def test_provides_csp_features_no_case01(self): """ Test case in which site do not provides CSP features. """ hrds = {}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, "", csp_headers, self.url, self.url) self.assertFalse(provides_csp_features(http_response))
def test_provides_csp_features_no_case01(self): ''' Test case in which site do not provides CSP features. ''' hrds = {}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) self.assertFalse(provides_csp_features(http_response))
def test_provides_csp_features_yes_case03(self): """ Test case in which site provides CSP features using report-only + mandatory policies. """ hrds = {} hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_OBJECT + " 'self'" hrds[CSP_HEADER_W3C_REPORT_ONLY] = CSP_DIRECTIVE_CONNECTION + " *" csp_headers = Headers(hrds.items()) http_response = HTTPResponse(200, "", csp_headers, self.url, self.url) self.assertTrue(provides_csp_features(http_response))
def test_provides_csp_features_yes_case03(self): ''' Test case in which site provides CSP features using report-only + mandatory policies. ''' hrds = {} hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_OBJECT + " 'self'" hrds[CSP_HEADER_W3C_REPORT_ONLY] = CSP_DIRECTIVE_CONNECTION + " *" csp_headers = Headers(hrds.items()) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) self.assertTrue(provides_csp_features(http_response))
def test_provides_csp_features_no_case03(self): """ Test case in which site provides broken CSP. """ # Note the errors in the directive: # default-src -> default-source # img-src -> image-src header_value = "default-src ' '; img-src ' '" hrds = {CSP_HEADER_W3C: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, "", csp_headers, self.url, self.url) self.assertFalse(provides_csp_features(http_response))
def test_provides_csp_features_no_case03(self): ''' Test case in which site provides broken CSP. ''' # Note the errors in the directive: # default-src -> default-source # img-src -> image-src header_value = "default-src ' '; img-src ' '" hrds = {CSP_HEADER_W3C: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) self.assertFalse(provides_csp_features(http_response))
def test_provides_csp_features_yes_case02(self): ''' Test case in which site provides CSP features using only report-only policies. ''' header_value = "default-src 'self'; img-src *; object-src"\ " media1.example.com media2.example.com"\ " *.cdn.example.com; script-src"\ " trustedscripts.example.com" hrds = {CSP_HEADER_W3C_REPORT_ONLY: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, '', csp_headers, self.url, self.url) self.assertTrue(provides_csp_features(http_response))
def test_provides_csp_features_yes_case02(self): """ Test case in which site provides CSP features using only report-only policies. """ header_value = ( "default-src 'self'; img-src *; object-src" " media1.example.com media2.example.com" " *.cdn.example.com; script-src" " trustedscripts.example.com" ) hrds = {CSP_HEADER_W3C_REPORT_ONLY: header_value}.items() csp_headers = Headers(hrds) http_response = HTTPResponse(200, "", csp_headers, self.url, self.url) self.assertTrue(provides_csp_features(http_response))