def testDirective_eq(self):
srcExpr1 = URISourceExpression("http", "seclab.nu", "*", None)
srcExpr2 = URISourceExpression("https", "seclab.nu", 443, "/")
directive1a = Directive("object-src", [srcExpr1, srcExpr2])
directive1b = Directive("object-src", [srcExpr2, srcExpr1])
directive2 = Directive("frame-src", [srcExpr1, srcExpr2])
directive3 = Directive("object-src", [srcExpr2])
directive4a = Directive("script-src",
(SourceExpression.UNSAFE_INLINE(), ))
directive4b = Directive("script-src",
(SourceExpression("unsafe-inline"), ))
assert directive1a == directive1b
assert hash(directive1a) == hash(directive1b)
assert directive1a != directive2
assert directive1a != directive3
assert directive2 != directive3
assert directive4a == directive4b
assert hash(directive4a) == hash(directive4b)
assert Directive.INVALID() == Directive.INVALID()
assert Directive.INVALID() not in (directive1a, directive1b,
directive2, directive3)
assert Directive.INLINE_STYLE_BASE_RESTRICTION() not in (directive1a,
directive1b,
directive2,
directive3)
def testDirective_getType(self):
assert Directive("default-src", []).getType() == "default-src"
assert Directive.INLINE_STYLE_BASE_RESTRICTION().getType(
) == "style-src"
assert Directive.INLINE_SCRIPT_BASE_RESTRICTION().getType(
) == "script-src"
assert Directive.EVAL_SCRIPT_BASE_RESTRICTION().getType(
) == "script-src"
def testDirective_withoutPaths(self):
withPaths = Directive(
"script-src",
[DirectiveTest.sampleSrcExpr2,
SelfSourceExpression.SELF()])
withoutPaths = Directive("script-src", [
DirectiveTest.sampleSrcExpr2.removePath(),
SelfSourceExpression.SELF()
])
assert withPaths.withoutPaths() == withoutPaths
assert withoutPaths.withoutPaths() == withoutPaths
assert Directive.INVALID().withoutPaths() == Directive.INVALID()
assert Directive.EVAL_SCRIPT_BASE_RESTRICTION().withoutPaths(
) == Directive.EVAL_SCRIPT_BASE_RESTRICTION()
assert Directive.INLINE_SCRIPT_BASE_RESTRICTION().withoutPaths(
) == Directive.INLINE_SCRIPT_BASE_RESTRICTION()
assert Directive.INLINE_STYLE_BASE_RESTRICTION().withoutPaths(
) == Directive.INLINE_STYLE_BASE_RESTRICTION()
def testDirective_isRegularDirective(self):
assert Directive.INVALID().isRegularDirective() == False
assert Directive.EVAL_SCRIPT_BASE_RESTRICTION().isRegularDirective(
) == False
assert Directive.INLINE_SCRIPT_BASE_RESTRICTION().isRegularDirective(
) == False
assert Directive.INLINE_STYLE_BASE_RESTRICTION().isRegularDirective(
) == False
assert Directive("default-src", []).isRegularDirective() == True
def testDirective_asBasicDirectives_single(self):
assert Directive.INVALID().asBasicDirectives() == set([])
assert Directive.EVAL_SCRIPT_BASE_RESTRICTION().asBasicDirectives(
) == set([])
assert Directive.INLINE_SCRIPT_BASE_RESTRICTION().asBasicDirectives(
) == set([])
assert Directive.INLINE_STYLE_BASE_RESTRICTION().asBasicDirectives(
) == set([])
sampleDirective = Directive("img-src", [DirectiveTest.sampleSrcExpr1b])
assert sampleDirective.asBasicDirectives() == set([sampleDirective])
def testDirective_matches_special(self):
"""An invalid/special directive matches nothing."""
selfURI = DirectiveTest.sampleURI2
assert not Directive.INVALID().matches(URI.EMPTY(), selfURI)
assert not Directive.INVALID().matches(URI.INVALID(), selfURI)
assert not Directive.INVALID().matches(URI.INLINE(), selfURI)
assert not Directive.INVALID().matches(URI.EVAL(), selfURI)
assert not Directive.INVALID().matches(DirectiveTest.sampleURI1,
selfURI)
assert not Directive.EVAL_SCRIPT_BASE_RESTRICTION().matches(
URI.EMPTY(), selfURI)
assert not Directive.EVAL_SCRIPT_BASE_RESTRICTION().matches(
URI.INVALID(), selfURI)
assert not Directive.EVAL_SCRIPT_BASE_RESTRICTION().matches(
URI.INLINE(), selfURI)
assert not Directive.EVAL_SCRIPT_BASE_RESTRICTION().matches(
URI.EVAL(), selfURI)
assert not Directive.EVAL_SCRIPT_BASE_RESTRICTION().matches(
DirectiveTest.sampleURI1, selfURI)
assert not Directive.INLINE_SCRIPT_BASE_RESTRICTION().matches(
URI.EMPTY(), selfURI)
assert not Directive.INLINE_SCRIPT_BASE_RESTRICTION().matches(
URI.INVALID(), selfURI)
assert not Directive.INLINE_SCRIPT_BASE_RESTRICTION().matches(
URI.INLINE(), selfURI)
assert not Directive.INLINE_SCRIPT_BASE_RESTRICTION().matches(
URI.EVAL(), selfURI)
assert not Directive.INLINE_SCRIPT_BASE_RESTRICTION().matches(
DirectiveTest.sampleURI1, selfURI)
assert not Directive.INLINE_STYLE_BASE_RESTRICTION().matches(
URI.EMPTY(), selfURI)
assert not Directive.INLINE_STYLE_BASE_RESTRICTION().matches(
URI.INVALID(), selfURI)
assert not Directive.INLINE_STYLE_BASE_RESTRICTION().matches(
URI.INLINE(), selfURI)
assert not Directive.INLINE_STYLE_BASE_RESTRICTION().matches(
URI.EVAL(), selfURI)
assert not Directive.INLINE_STYLE_BASE_RESTRICTION().matches(
DirectiveTest.sampleURI1, selfURI)
def testDirectiveParser_parse_inlineStyleBaseRestriction(self):
"""The Firefox value 'inline style base restriction' for the 'violated-directive' field is parsed
correctly."""
firefoxViolatedDirective = "inline style base restriction"
assert DirectiveParser().parse(firefoxViolatedDirective) \
== Directive.INLINE_STYLE_BASE_RESTRICTION()
def testDirective_str_inlineStyleBaseRestriction(self):
assert str(Directive.INLINE_STYLE_BASE_RESTRICTION()
) == "inline style base restriction"
def testDirective_generateDirective_inline_special_style(self):
violated = Directive.INLINE_STYLE_BASE_RESTRICTION()
generated = violated.generateDirective("inline",
DirectiveTest.sampleURI1)
assert generated == Directive("style-src",
[SourceExpression.UNSAFE_INLINE()])