From 56573b0b8bdd3aab92259d3625d3d3ad3e517488 Mon Sep 17 00:00:00 2001 From: "Paragon Initiative Enterprises, LLC" Date: Mon, 24 Jul 2017 16:04:59 -0400 Subject: [PATCH] More tests, update README. --- README.md | 5 ++++ test/BasicTest.php | 63 +++++++++++++--------------------------------- 2 files changed, 23 insertions(+), 45 deletions(-) diff --git a/README.md b/README.md index 6a6b137..e77a4c4 100644 --- a/README.md +++ b/README.md @@ -124,7 +124,12 @@ $csp->addSource('image', 'https://ytimg.com') * `disableOldBrowserSupport()` * `enableOldBrowserSupport()` * `hash()` +* `preHash()` * `setDirective()` +* `setDataAllowed()` +* `setSelfAllowed()` +* `setAllowUnsafeEval()` +* `setAllowUnsafeInline()` ## Inject a CSP header into a PSR-7 message diff --git a/test/BasicTest.php b/test/BasicTest.php index ca830ae..1ea4851 100644 --- a/test/BasicTest.php +++ b/test/BasicTest.php @@ -1,6 +1,5 @@ assertContains("'self'", $compiled); } - /* - public function testInjectCSPHeaderWithoutLegacy() + /** + * @covers CSPBuilder::setAllowUnsafeEval() + */ + public function testAllowUnsafeEval() { - $modifiedMessage = $this->getMock(MessageInterface::class, ['withAddedHeader']); - $message = $this->getMock(MessageInterface::class, ['withAddedHeader']); - $basic = CSPBuilder::fromFile(__DIR__.'/vectors/basic-csp.json'); - - $header = $basic - ->disableOldBrowserSupport() - ->compile(); - $message - ->expects(self::once()) - ->method('withAddedHeader') - ->with('Content-Security-Policy', $header) - ->willReturn($modifiedMessage); - - self::assertSame($modifiedMessage, $basic->injectCSPHeader($message)); + $csp = new CSPBuilder(); + $csp->setAllowUnsafeEval('script-src', true); + $compiled = $csp->compile(); + + $this->assertContains("'unsafe-eval'", $compiled); } - public function testInjectCSPHeaderWithLegacy() + /** + * @covers CSPBuilder::setAllowUnsafeInline() + */ + public function testAllowUnsafeInline() { - $originalMessage = $this->getMock(MessageInterface::class, ['withAddedHeader']); - $modifiedMessage1 = $this->getMock(MessageInterface::class, ['withAddedHeader']); - $modifiedMessage2 = $this->getMock(MessageInterface::class, ['withAddedHeader']); - $modifiedMessage3 = $this->getMock(MessageInterface::class, ['withAddedHeader']); - $basic = CSPBuilder::fromFile(__DIR__.'/vectors/basic-csp.json'); - - $header = $basic - ->disableOldBrowserSupport() - ->compile(); - $originalMessage - ->expects(self::once()) - ->method('withAddedHeader') - ->with('Content-Security-Policy', $header) - ->willReturn($modifiedMessage1); - $modifiedMessage1 - ->expects(self::once()) - ->method('withAddedHeader') - ->with('X-Content-Security-Policy', $header) - ->willReturn($modifiedMessage2); - $modifiedMessage2 - ->expects(self::once()) - ->method('withAddedHeader') - ->with('X-Webkit-CSP', $header) - ->willReturn($modifiedMessage3); - - self::assertSame($modifiedMessage3, $basic->injectCSPHeader($originalMessage, true)); + $csp = new CSPBuilder(); + $csp->setAllowUnsafeInline('script-src', true); + $compiled = $csp->compile(); + + $this->assertContains("'unsafe-inline'", $compiled); } - */ }