Skip to content

Commit

Permalink
More tests, update README.
Browse files Browse the repository at this point in the history
  • Loading branch information
paragonie-security committed Jul 24, 2017
1 parent 4c04e16 commit 56573b0
Show file tree
Hide file tree
Showing 2 changed files with 23 additions and 45 deletions.
5 changes: 5 additions & 0 deletions README.md
Original file line number Diff line number Diff line change
Expand Up @@ -124,7 +124,12 @@ $csp->addSource('image', 'https://ytimg.com')
* `disableOldBrowserSupport()`
* `enableOldBrowserSupport()`
* `hash()`
* `preHash()`
* `setDirective()`
* `setDataAllowed()`
* `setSelfAllowed()`
* `setAllowUnsafeEval()`
* `setAllowUnsafeInline()`

## Inject a CSP header into a PSR-7 message

Expand Down
63 changes: 18 additions & 45 deletions test/BasicTest.php
Original file line number Diff line number Diff line change
@@ -1,6 +1,5 @@
<?php
use ParagonIE\CSPBuilder\CSPBuilder;
use Psr\Http\Message\MessageInterface;

/**
*
Expand Down Expand Up @@ -155,53 +154,27 @@ public function testAllowSelfUris()
$this->assertContains("'self'", $compiled);
}

/*
public function testInjectCSPHeaderWithoutLegacy()
/**
* @covers CSPBuilder::setAllowUnsafeEval()
*/
public function testAllowUnsafeEval()
{
$modifiedMessage = $this->getMock(MessageInterface::class, ['withAddedHeader']);
$message = $this->getMock(MessageInterface::class, ['withAddedHeader']);
$basic = CSPBuilder::fromFile(__DIR__.'/vectors/basic-csp.json');
$header = $basic
->disableOldBrowserSupport()
->compile();
$message
->expects(self::once())
->method('withAddedHeader')
->with('Content-Security-Policy', $header)
->willReturn($modifiedMessage);
self::assertSame($modifiedMessage, $basic->injectCSPHeader($message));
$csp = new CSPBuilder();
$csp->setAllowUnsafeEval('script-src', true);
$compiled = $csp->compile();

$this->assertContains("'unsafe-eval'", $compiled);
}

public function testInjectCSPHeaderWithLegacy()
/**
* @covers CSPBuilder::setAllowUnsafeInline()
*/
public function testAllowUnsafeInline()
{
$originalMessage = $this->getMock(MessageInterface::class, ['withAddedHeader']);
$modifiedMessage1 = $this->getMock(MessageInterface::class, ['withAddedHeader']);
$modifiedMessage2 = $this->getMock(MessageInterface::class, ['withAddedHeader']);
$modifiedMessage3 = $this->getMock(MessageInterface::class, ['withAddedHeader']);
$basic = CSPBuilder::fromFile(__DIR__.'/vectors/basic-csp.json');
$header = $basic
->disableOldBrowserSupport()
->compile();
$originalMessage
->expects(self::once())
->method('withAddedHeader')
->with('Content-Security-Policy', $header)
->willReturn($modifiedMessage1);
$modifiedMessage1
->expects(self::once())
->method('withAddedHeader')
->with('X-Content-Security-Policy', $header)
->willReturn($modifiedMessage2);
$modifiedMessage2
->expects(self::once())
->method('withAddedHeader')
->with('X-Webkit-CSP', $header)
->willReturn($modifiedMessage3);
self::assertSame($modifiedMessage3, $basic->injectCSPHeader($originalMessage, true));
$csp = new CSPBuilder();
$csp->setAllowUnsafeInline('script-src', true);
$compiled = $csp->compile();

$this->assertContains("'unsafe-inline'", $compiled);
}
*/
}

0 comments on commit 56573b0

Please sign in to comment.