def test_disabled(self): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '0' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-disabled', result['result']) self.assertFalse(result['pass'])
def test_enabled_noblock(self): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '1' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-enabled', result['result']) self.assertTrue(result['pass'])
def test_enabled_block(self): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '1; mode=block' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-enabled-mode-block', result['result']) self.assertTrue(result['pass'])
def test_header_invalid(self): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = 'whimsy' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-header-invalid', result['result']) self.assertFalse(result['pass'])
def test_enabled_via_csp(self): self.reqs['responses']['auto'].headers['Content-Security-Policy'] = 'script-src \'none\'' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-not-needed-due-to-csp', result['result']) self.assertTrue(result['pass'])
def test_header_invalid(self): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = 'whimsy' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-header-invalid', result['result']) self.assertFalse(result['pass'])
def test_disabled(self): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = '0' result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-disabled', result['result']) self.assertFalse(result['pass'])
def test_enabled_via_csp(self): self.reqs['responses']['auto'].headers['Content-Security-Policy'] = "object-src 'none'; script-src 'none'" result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-not-needed-due-to-csp', result['result']) self.assertTrue(result['pass'])
def test_enabled_noblock(self): for value in ('1', '1 '): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = value result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-enabled', result['result']) self.assertTrue(result['pass'])
def test_header_invalid(self): for value in ('whimsy', '2; mode=block', '1; mode=block; mode=block', '1; mode=block, 1; mode=block'): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = value result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-header-invalid', result['result']) self.assertFalse(result['pass'])
def test_header_invalid(self): for value in ('whimsy', '2; mode=block', '1; mode=block; mode=block', '1; mode=block, 1; mode=block'): self.reqs['responses']['auto'].headers['X-XSS-Protection'] = value result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-header-invalid', result['result']) self.assertFalse(result['pass'])
def test_missing(self): result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-not-implemented', result['result']) self.assertFalse(result['pass'])
def test_missing(self): result = x_xss_protection(self.reqs) self.assertEquals('x-xss-protection-not-implemented', result['result']) self.assertFalse(result['pass'])