diff options
Diffstat (limited to 'test/haketilo_test/unit/test_policy_deciding.py')
| -rw-r--r-- | test/haketilo_test/unit/test_policy_deciding.py | 61 |
1 files changed, 39 insertions, 22 deletions
diff --git a/test/haketilo_test/unit/test_policy_deciding.py b/test/haketilo_test/unit/test_policy_deciding.py index 75b35ac..1be488f 100644 --- a/test/haketilo_test/unit/test_policy_deciding.py +++ b/test/haketilo_test/unit/test_policy_deciding.py @@ -23,19 +23,36 @@ import pytest from ..script_loader import load_script -csp_re = re.compile(r'^\S+\s+\S+;(?:\s+\S+\s+\S+;)*$') -rule_re = re.compile(r'^\s*(?P<src_kind>\S+)\s+(?P<allowed_origins>\S+)$') +csp_re = re.compile(r''' +^ +\S+(?:\s+\S+)+; # first directive +(?: + \s+\S+(?:\s+\S+)+; # subsequent directive +)* +$ +''', +re.VERBOSE) + +rule_re = re.compile(r''' +^ +\s* +(?P<src_kind>\S+) +\s+ +(?P<allowed_origins> + \S+(?:\s+\S+)* +) +$ +''', re.VERBOSE) + def parse_csp(csp): - ''' - Parsing of CSP string into a dict. A simplified format of CSP is assumed. - ''' + '''Parsing of CSP string into a dict.''' assert csp_re.match(csp) result = {} for rule in csp.split(';')[:-1]: match = rule_re.match(rule) - result[match.group('src_kind')] = match.group('allowed_origins') + result[match.group('src_kind')] = match.group('allowed_origins').split() return result @@ -78,10 +95,10 @@ def test_decide_policy(execute_in_page): for prop in ('mapping', 'payload', 'nonce', 'error'): assert prop not in policy assert parse_csp(policy['csp']) == { - 'prefetch-src': "'none'", - 'script-src-attr': "'none'", - 'script-src': "'none'", - 'script-src-elem': "'none'" + 'prefetch-src': ["'none'"], + 'script-src-attr': ["'none'"], + 'script-src': ["'none'", "'unsafe-eval'"], + 'script-src-elem': ["'none'"] } policy = execute_in_page( @@ -95,10 +112,10 @@ def test_decide_policy(execute_in_page): for prop in ('payload', 'nonce', 'error'): assert prop not in policy assert parse_csp(policy['csp']) == { - 'prefetch-src': "'none'", - 'script-src-attr': "'none'", - 'script-src': "'none'", - 'script-src-elem': "'none'" + 'prefetch-src': ["'none'"], + 'script-src-attr': ["'none'"], + 'script-src': ["'none'", "'unsafe-eval'"], + 'script-src-elem': ["'none'"] } policy = execute_in_page( @@ -114,10 +131,10 @@ def test_decide_policy(execute_in_page): assert policy['nonce'] == \ sha256('m1:res1:http://kno.wn/:abcd'.encode()).digest().hex() assert parse_csp(policy['csp']) == { - 'prefetch-src': f"'none'", - 'script-src-attr': f"'none'", - 'script-src': f"'nonce-{policy['nonce']}'", - 'script-src-elem': f"'nonce-{policy['nonce']}'" + 'prefetch-src': ["'none'"], + 'script-src-attr': ["'none'"], + 'script-src': [f"'nonce-{policy['nonce']}'", "'unsafe-eval'"], + 'script-src-elem': [f"'nonce-{policy['nonce']}'"] } policy = execute_in_page( @@ -128,8 +145,8 @@ def test_decide_policy(execute_in_page): for prop in ('mapping', 'payload', 'nonce'): assert prop not in policy assert parse_csp(policy['csp']) == { - 'prefetch-src': "'none'", - 'script-src-attr': "'none'", - 'script-src': "'none'", - 'script-src-elem': "'none'" + 'prefetch-src': ["'none'"], + 'script-src-attr': ["'none'"], + 'script-src': ["'none'", "'unsafe-eval'"], + 'script-src-elem': ["'none'"] } |