示例#1
0
 def test_provides_csp_features_no_case01(self):
     """
     Test case in which site do not provides CSP features.
     """
     hrds = {}.items()
     csp_headers = Headers(hrds)
     http_response = HTTPResponse(200, "", csp_headers, self.url, self.url)
     self.assertFalse(provides_csp_features(http_response))
示例#2
0
文件: test_utils.py 项目: weisst/w3af
 def test_provides_csp_features_no_case01(self):
     '''
     Test case in which site do not provides CSP features.
     '''
     hrds = {}.items()
     csp_headers = Headers(hrds)
     http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)
     self.assertFalse(provides_csp_features(http_response))
示例#3
0
    def test_provides_csp_features_yes_case03(self):
        """
        Test case in which site provides CSP features using report-only +
        mandatory policies.
        """
        hrds = {}
        hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_OBJECT + " 'self'"
        hrds[CSP_HEADER_W3C_REPORT_ONLY] = CSP_DIRECTIVE_CONNECTION + " *"
        csp_headers = Headers(hrds.items())

        http_response = HTTPResponse(200, "", csp_headers, self.url, self.url)

        self.assertTrue(provides_csp_features(http_response))
示例#4
0
文件: test_utils.py 项目: weisst/w3af
    def test_provides_csp_features_yes_case03(self):
        '''
        Test case in which site provides CSP features using report-only +
        mandatory policies.
        '''
        hrds = {}
        hrds[CSP_HEADER_W3C] = CSP_DIRECTIVE_OBJECT + " 'self'"
        hrds[CSP_HEADER_W3C_REPORT_ONLY] = CSP_DIRECTIVE_CONNECTION + " *"
        csp_headers = Headers(hrds.items())

        http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)

        self.assertTrue(provides_csp_features(http_response))
示例#5
0
    def test_provides_csp_features_no_case03(self):
        """
        Test case in which site provides broken CSP.
        """
        # Note the errors in the directive:
        #     default-src -> default-source
        #     img-src -> image-src
        header_value = "default-src ' '; img-src ' '"
        hrds = {CSP_HEADER_W3C: header_value}.items()
        csp_headers = Headers(hrds)

        http_response = HTTPResponse(200, "", csp_headers, self.url, self.url)

        self.assertFalse(provides_csp_features(http_response))
示例#6
0
文件: test_utils.py 项目: weisst/w3af
    def test_provides_csp_features_no_case03(self):
        '''
        Test case in which site provides broken CSP.
        '''
        # Note the errors in the directive:
        #     default-src -> default-source
        #     img-src -> image-src
        header_value = "default-src ' '; img-src ' '"
        hrds = {CSP_HEADER_W3C: header_value}.items()
        csp_headers = Headers(hrds)

        http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)

        self.assertFalse(provides_csp_features(http_response))
示例#7
0
文件: test_utils.py 项目: weisst/w3af
    def test_provides_csp_features_yes_case02(self):
        '''
        Test case in which site provides CSP features using only report-only
        policies.
        '''
        header_value = "default-src 'self'; img-src *; object-src"\
                       " media1.example.com media2.example.com"\
                       " *.cdn.example.com; script-src"\
                       " trustedscripts.example.com"
        hrds = {CSP_HEADER_W3C_REPORT_ONLY: header_value}.items()
        csp_headers = Headers(hrds)

        http_response = HTTPResponse(200, '', csp_headers, self.url, self.url)

        self.assertTrue(provides_csp_features(http_response))
示例#8
0
    def test_provides_csp_features_yes_case02(self):
        """
        Test case in which site provides CSP features using only report-only
        policies.
        """
        header_value = (
            "default-src 'self'; img-src *; object-src"
            " media1.example.com media2.example.com"
            " *.cdn.example.com; script-src"
            " trustedscripts.example.com"
        )
        hrds = {CSP_HEADER_W3C_REPORT_ONLY: header_value}.items()
        csp_headers = Headers(hrds)

        http_response = HTTPResponse(200, "", csp_headers, self.url, self.url)

        self.assertTrue(provides_csp_features(http_response))