From f8dedf60638bffde3f92116db3f418d2e6260e80 Mon Sep 17 00:00:00 2001
From: Wojtek Kosior <koszko@koszko.org>
Date: Wed, 1 Jun 2022 18:14:09 +0200
Subject: allow eval() in injected scripts

---
 test/haketilo_test/unit/test_policy_deciding.py | 61 ++++++++++++++++---------
 1 file changed, 39 insertions(+), 22 deletions(-)

(limited to 'test/haketilo_test/unit/test_policy_deciding.py')

diff --git a/test/haketilo_test/unit/test_policy_deciding.py b/test/haketilo_test/unit/test_policy_deciding.py
index 75b35ac..1be488f 100644
--- a/test/haketilo_test/unit/test_policy_deciding.py
+++ b/test/haketilo_test/unit/test_policy_deciding.py
@@ -23,19 +23,36 @@ import pytest
 
 from ..script_loader import load_script
 
-csp_re = re.compile(r'^\S+\s+\S+;(?:\s+\S+\s+\S+;)*$')
-rule_re = re.compile(r'^\s*(?P<src_kind>\S+)\s+(?P<allowed_origins>\S+)$')
+csp_re = re.compile(r'''
+^
+\S+(?:\s+\S+)+;      # first directive
+(?:
+  \s+\S+(?:\s+\S+)+; # subsequent directive
+)*
+$
+''',
+re.VERBOSE)
+
+rule_re = re.compile(r'''
+^
+\s*
+(?P<src_kind>\S+)
+\s+
+(?P<allowed_origins>
+  \S+(?:\s+\S+)*
+)
+$
+''', re.VERBOSE)
+
 def parse_csp(csp):
-    '''
-    Parsing of CSP string into a dict. A simplified format of CSP is assumed.
-    '''
+    '''Parsing of CSP string into a dict.'''
     assert csp_re.match(csp)
 
     result = {}
 
     for rule in csp.split(';')[:-1]:
         match = rule_re.match(rule)
-        result[match.group('src_kind')] = match.group('allowed_origins')
+        result[match.group('src_kind')] = match.group('allowed_origins').split()
 
     return result
 
@@ -78,10 +95,10 @@ def test_decide_policy(execute_in_page):
     for prop in ('mapping', 'payload', 'nonce', 'error'):
         assert prop not in policy
     assert parse_csp(policy['csp']) == {
-        'prefetch-src':    "'none'",
-        'script-src-attr': "'none'",
-        'script-src':      "'none'",
-        'script-src-elem': "'none'"
+        'prefetch-src':    ["'none'"],
+        'script-src-attr': ["'none'"],
+        'script-src':      ["'none'", "'unsafe-eval'"],
+        'script-src-elem': ["'none'"]
     }
 
     policy = execute_in_page(
@@ -95,10 +112,10 @@ def test_decide_policy(execute_in_page):
     for prop in ('payload', 'nonce', 'error'):
         assert prop not in policy
     assert parse_csp(policy['csp']) == {
-        'prefetch-src':    "'none'",
-        'script-src-attr': "'none'",
-        'script-src':      "'none'",
-        'script-src-elem': "'none'"
+        'prefetch-src':    ["'none'"],
+        'script-src-attr': ["'none'"],
+        'script-src':      ["'none'", "'unsafe-eval'"],
+        'script-src-elem': ["'none'"]
     }
 
     policy = execute_in_page(
@@ -114,10 +131,10 @@ def test_decide_policy(execute_in_page):
     assert policy['nonce'] == \
         sha256('m1:res1:http://kno.wn/:abcd'.encode()).digest().hex()
     assert parse_csp(policy['csp']) == {
-        'prefetch-src':    f"'none'",
-        'script-src-attr': f"'none'",
-        'script-src':      f"'nonce-{policy['nonce']}'",
-        'script-src-elem': f"'nonce-{policy['nonce']}'"
+        'prefetch-src':    ["'none'"],
+        'script-src-attr': ["'none'"],
+        'script-src':      [f"'nonce-{policy['nonce']}'", "'unsafe-eval'"],
+        'script-src-elem': [f"'nonce-{policy['nonce']}'"]
     }
 
     policy = execute_in_page(
@@ -128,8 +145,8 @@ def test_decide_policy(execute_in_page):
     for prop in ('mapping', 'payload', 'nonce'):
         assert prop not in policy
     assert parse_csp(policy['csp']) == {
-        'prefetch-src':    "'none'",
-        'script-src-attr': "'none'",
-        'script-src':      "'none'",
-        'script-src-elem': "'none'"
+        'prefetch-src':    ["'none'"],
+        'script-src-attr': ["'none'"],
+        'script-src':      ["'none'", "'unsafe-eval'"],
+        'script-src-elem': ["'none'"]
     }
-- 
cgit v1.2.3