-
Notifications
You must be signed in to change notification settings - Fork 37
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Feature/adding integration tests (#144)
* Extracted all common header value tests to a single Integration test for the default middleware setup * Entire codebase now uses file-scoped namespaces * Ran dotnet-format on codebase * Minor version bump
- Loading branch information
1 parent
5603757
commit f3ef6d1
Showing
50 changed files
with
2,350 additions
and
2,459 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,29 +1,28 @@ | ||
| namespace OwaspHeaders.Core | ||
| namespace OwaspHeaders.Core; | ||
|
|
||
| public static class Constants | ||
| { | ||
| public static class Constants | ||
| { | ||
| public const string StrictTransportSecurityHeaderName = "Strict-Transport-Security"; | ||
| public const string StrictTransportSecurityHeaderName = "Strict-Transport-Security"; | ||
|
|
||
| public const string XFrameOptionsHeaderName = "X-Frame-Options"; | ||
| public const string XFrameOptionsHeaderName = "X-Frame-Options"; | ||
|
|
||
| public const string XssProtectionHeaderName = "X-XSS-Protection"; | ||
| public const string XssProtectionHeaderName = "X-XSS-Protection"; | ||
|
|
||
| public const string XContentTypeOptionsHeaderName = "X-Content-Type-Options"; | ||
| public const string XContentTypeOptionsHeaderName = "X-Content-Type-Options"; | ||
|
|
||
| public const string ContentSecurityPolicyHeaderName = "Content-Security-Policy"; | ||
| public const string ContentSecurityPolicyHeaderName = "Content-Security-Policy"; | ||
|
|
||
| public const string ContentSecurityPolicyReportOnlyHeaderName = "Content-Security-Policy-Report-Only"; | ||
| public const string ContentSecurityPolicyReportOnlyHeaderName = "Content-Security-Policy-Report-Only"; | ||
|
|
||
| public const string XContentSecurityPolicyHeaderName = "X-Content-Security-Policy"; | ||
| public const string XContentSecurityPolicyHeaderName = "X-Content-Security-Policy"; | ||
|
|
||
| public const string PermittedCrossDomainPoliciesHeaderName = "X-Permitted-Cross-Domain-Policies"; | ||
| public const string PermittedCrossDomainPoliciesHeaderName = "X-Permitted-Cross-Domain-Policies"; | ||
|
|
||
| public const string ReferrerPolicyHeaderName = "Referrer-Policy"; | ||
| public const string ReferrerPolicyHeaderName = "Referrer-Policy"; | ||
|
|
||
| public const string CacheControlHeaderName = "Cache-Control"; | ||
| public const string CacheControlHeaderName = "Cache-Control"; | ||
|
|
||
| public const string ExpectCtHeaderName = "Expect-CT"; | ||
| public const string ExpectCtHeaderName = "Expect-CT"; | ||
|
|
||
| public const string CrossOriginResourcePolicyHeaderName = "Cross-Origin-Resource-Policy"; | ||
| } | ||
| public const string CrossOriginResourcePolicyHeaderName = "Cross-Origin-Resource-Policy"; | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,8 +1,7 @@ | ||
| namespace OwaspHeaders.Core.Enums | ||
| namespace OwaspHeaders.Core.Enums; | ||
|
|
||
| public enum CspCommandType | ||
| { | ||
| public enum CspCommandType | ||
| { | ||
| Directive, | ||
| Uri | ||
| } | ||
| Directive, | ||
| Uri | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,21 +1,20 @@ | ||
| namespace OwaspHeaders.Core.Enums | ||
| namespace OwaspHeaders.Core.Enums; | ||
|
|
||
| /// <remarks>Please note: these enum values are named after the CSP Sandbox Types | ||
| /// exactly. This is so that we can use the value as a string, without having to | ||
| /// do any C# string magic (and waste cycles doing so) to get the right names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum CspSandboxType | ||
| { | ||
| /// <remarks>Please note: these enum values are named after the CSP Sandbox Types | ||
| /// exactly. This is so that we can use the value as a string, without having to | ||
| /// do any C# string magic (and waste cycles doing so) to get the right names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum CspSandboxType | ||
| { | ||
| allowForms, | ||
| allowModals, | ||
| allowOrientationLock, | ||
| allowPointerLock, | ||
| allowPopups, | ||
| allowPopupsToEscapeSandbox, | ||
| allowPresentation, | ||
| allowSameOrigin, | ||
| allowScripts, | ||
| allowTopNavigation | ||
| } | ||
| allowForms, | ||
| allowModals, | ||
| allowOrientationLock, | ||
| allowPointerLock, | ||
| allowPopups, | ||
| allowPopupsToEscapeSandbox, | ||
| allowPresentation, | ||
| allowSameOrigin, | ||
| allowScripts, | ||
| allowTopNavigation | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,20 +1,19 @@ | ||
| namespace OwaspHeaders.Core.Enums | ||
| namespace OwaspHeaders.Core.Enums; | ||
|
|
||
| public enum CspUriType | ||
| { | ||
| public enum CspUriType | ||
| { | ||
| Base, | ||
| DefaultUri, | ||
| Script, | ||
| Object, | ||
| Style, | ||
| Img, | ||
| Media, | ||
| Frame, | ||
| Child, | ||
| FrameAncestors, | ||
| Font, | ||
| Connect, | ||
| Manifest, | ||
| Form | ||
| } | ||
| Base, | ||
| DefaultUri, | ||
| Script, | ||
| Object, | ||
| Style, | ||
| Img, | ||
| Media, | ||
| Frame, | ||
| Child, | ||
| FrameAncestors, | ||
| Font, | ||
| Connect, | ||
| Manifest, | ||
| Form | ||
| } |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,19 +1,18 @@ | ||
| namespace OwaspHeaders.Core.Enums | ||
| namespace OwaspHeaders.Core.Enums; | ||
|
|
||
| /// <remarks>Please note: these enum values are named after Referrer Policy Options | ||
| /// exactly. This is so that we can use the value as a string, without having to | ||
| /// do any C# string magic (and waste cycles doing so) to get the right names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum ReferrerPolicyOptions | ||
| { | ||
| /// <remarks>Please note: these enum values are named after Referrer Policy Options | ||
| /// exactly. This is so that we can use the value as a string, without having to | ||
| /// do any C# string magic (and waste cycles doing so) to get the right names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum ReferrerPolicyOptions | ||
| { | ||
| noReferrer, | ||
| noReferrerWhenDowngrade, | ||
| origin, | ||
| originWhenCrossOrigin, | ||
| sameOrigin, | ||
| strictOrigin, | ||
| strictWhenCrossOrigin, | ||
| unsafeUrl | ||
| }; | ||
| } | ||
| noReferrer, | ||
| noReferrerWhenDowngrade, | ||
| origin, | ||
| originWhenCrossOrigin, | ||
| sameOrigin, | ||
| strictOrigin, | ||
| strictWhenCrossOrigin, | ||
| unsafeUrl | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,16 +1,15 @@ | ||
| namespace OwaspHeaders.Core.Enums | ||
| namespace OwaspHeaders.Core.Enums; | ||
|
|
||
| /// <remarks>Please note: these enum values are named after the X-Frame-Options | ||
| /// values exactly. This is so that we can use the value as a string, without | ||
| /// having to do any C# string magic (and waste cycles doing so) to get the right | ||
| /// names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum XFrameOptions | ||
| { | ||
| /// <remarks>Please note: these enum values are named after the X-Frame-Options | ||
| /// values exactly. This is so that we can use the value as a string, without | ||
| /// having to do any C# string magic (and waste cycles doing so) to get the right | ||
| /// names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum XFrameOptions | ||
| { | ||
| Deny, | ||
| Sameorigin, | ||
| Allowfrom, | ||
| AllowAll | ||
| }; | ||
| } | ||
| Deny, | ||
| Sameorigin, | ||
| Allowfrom, | ||
| AllowAll | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,17 +1,16 @@ | ||
| namespace OwaspHeaders.Core.Enums | ||
| namespace OwaspHeaders.Core.Enums; | ||
|
|
||
| /// <remarks> | ||
| /// Please note: these enum values are named after the X-Permitted-Cross-Domain-Options | ||
| /// values exactly. This is so that we can use the value as a string, without having to | ||
| /// do any C# string magic (and waste cycles doing so) to get the right names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum XPermittedCrossDomainOptionValue | ||
| { | ||
| /// <remarks> | ||
| /// Please note: these enum values are named after the X-Permitted-Cross-Domain-Options | ||
| /// values exactly. This is so that we can use the value as a string, without having to | ||
| /// do any C# string magic (and waste cycles doing so) to get the right names. | ||
| /// This does mean that Rider (et al.) will tell you that the naming convention | ||
| /// here is non-standard.</remarks> | ||
| public enum XPermittedCrossDomainOptionValue | ||
| { | ||
| none, | ||
| masterOnly, | ||
| byContentType, | ||
| byFtpFileType, | ||
| all | ||
| }; | ||
| } | ||
| none, | ||
| masterOnly, | ||
| byContentType, | ||
| byFtpFileType, | ||
| all | ||
| }; |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,36 +1,35 @@ | ||
| namespace OwaspHeaders.Core.Extensions | ||
| namespace OwaspHeaders.Core.Extensions; | ||
|
|
||
| public static class ContentSecurityPolicyExtensions | ||
| { | ||
| public static class ContentSecurityPolicyExtensions | ||
| /// <summary> | ||
| /// Used to set the Content Security Policy URIs for a given <see cref="CspUriType"/> | ||
| /// </summary> | ||
| public static SecureHeadersMiddlewareConfiguration SetCspUris( | ||
| this SecureHeadersMiddlewareConfiguration config, | ||
| List<ContentSecurityPolicyElement> baseUri, | ||
| CspUriType cspUriType) | ||
| { | ||
| /// <summary> | ||
| /// Used to set the Content Security Policy URIs for a given <see cref="CspUriType"/> | ||
| /// </summary> | ||
| public static SecureHeadersMiddlewareConfiguration SetCspUris( | ||
| this SecureHeadersMiddlewareConfiguration config, | ||
| List<ContentSecurityPolicyElement> baseUri, | ||
| CspUriType cspUriType) | ||
| if (config.UseContentSecurityPolicy) | ||
| { | ||
| if (config.UseContentSecurityPolicy) | ||
| { | ||
| config.ContentSecurityPolicyConfiguration?.SetCspUri(baseUri, cspUriType); | ||
| } | ||
|
|
||
| return config; | ||
| config.ContentSecurityPolicyConfiguration?.SetCspUri(baseUri, cspUriType); | ||
| } | ||
|
|
||
| /// <summary> | ||
| /// Used to set up the Content Security Policy Sandbox for a given or multiple | ||
| /// <see cref="CspSandboxType"/>s | ||
| /// </summary> | ||
| public static SecureHeadersMiddlewareConfiguration SetCspSandBox | ||
| (this SecureHeadersMiddlewareConfiguration config, params CspSandboxType[] sandboxType) | ||
| { | ||
| if (config.UseContentSecurityPolicy) | ||
| { | ||
| config.ContentSecurityPolicyConfiguration?.SetSandbox(sandboxType); | ||
| } | ||
| return config; | ||
| } | ||
|
|
||
| return config; | ||
| /// <summary> | ||
| /// Used to set up the Content Security Policy Sandbox for a given or multiple | ||
| /// <see cref="CspSandboxType"/>s | ||
| /// </summary> | ||
| public static SecureHeadersMiddlewareConfiguration SetCspSandBox | ||
| (this SecureHeadersMiddlewareConfiguration config, params CspSandboxType[] sandboxType) | ||
| { | ||
| if (config.UseContentSecurityPolicy) | ||
| { | ||
| config.ContentSecurityPolicyConfiguration?.SetSandbox(sandboxType); | ||
| } | ||
|
|
||
| return config; | ||
| } | ||
| } |
Oops, something went wrong.