youys
/
DocNet
Not watched
1
0
Fork 0
Code
Releases 14 Wiki Activity
Issues 0 Pull Requests 0 Datasets Model Cloudbrain
You can not select more than 25 topics Topics must start with a chinese character,a letter or number, can include dashes ('-') and can be up to 35 characters long.
Tree: 7d958f0994
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '7d958f0994'
${ noResults }
DocNet/src/MarkdownDeepTests/XssAttackTests.cs

137 lines
2.4 kB
Raw Blame History 

  1. using System;

  2. using System.Collections.Generic;

  3. using System.Linq;

  4. using System.Text;

  5. using MarkdownDeep;

  6. using NUnit.Framework;

  7. using System.Reflection;

  8. 

  9. namespace MarkdownDeepTests

  10. {

  11. 	[TestFixture]

  12. 	public class XssAttackTests

  13. 	{

  14. 		public bool IsTagReallySafe(HtmlTag tag)

  15. 		{

  16. 			switch (tag.name)

  17. 			{

  18. 				case "B":

  19. 				case "UL":

  20. 				case "LI":

  21. 				case "I":

  22. 					return tag.attributes.Count == 0;

  23. 

  24. 				case "A":

  25. 				case "a":

  26. 					return tag.closing && tag.attributes.Count == 0;

  27. 			}

  28. 

  29. 			return false;

  30. 		}

  31. 

  32. 

  33. 		public static IEnumerable<TestCaseData> GetTestsFromFile(string filename)

  34. 		{

  35. 			var tests = Utils.LoadTextResource("MarkdownDeepTests.testfiles.xsstests." + filename);

  36. 

  37. 			// Split into lines

  38. 			string[] lines = tests.Replace("\r\n", "\n").Split('\n');

  39. 

  40. 			// Join bac

  41. 			var strings = new List<string>();

  42. 			string str = null;

  43. 			foreach (var l in lines)

  44. 			{

  45. 				// Ignore

  46. 				if (l.StartsWith("////"))

  47. 					continue;

  48. 

  49. 				// Terminator?

  50. 				if (l == "====== UNTESTED ======")

  51. 				{

  52. 					str = null;

  53. 					break;

  54. 				}

  55. 

  56. 				// Blank line?

  57. 				if (String.IsNullOrEmpty(l.Trim()))

  58. 				{

  59. 					if (str != null)

  60. 						strings.Add(str);

  61. 					str = null;

  62. 

  63. 					continue;

  64. 				}

  65. 

  66. 				if (str == null)

  67. 					str = l;

  68. 				else

  69. 					str = str + "\n" + l;

  70. 			}

  71. 

  72. 			if (str != null)

  73. 				strings.Add(str);

  74. 

  75. 

  76. 			return from s in strings select new TestCaseData(s);

  77. 		}

  78. 

  79. 		public static IEnumerable<TestCaseData> GetAttacks()

  80. 		{

  81. 			return GetTestsFromFile("xss_attacks.txt");

  82. 		}

  83. 

  84. 

  85. 		[Test, TestCaseSource("GetAttacks")]

  86. 		public void TestAttacksAreBlocked(string input)

  87. 		{

  88. 			StringScanner p = new StringScanner(input);

  89. 

  90. 			while (!p.Eof)

  91. 			{

  92. 				HtmlTag tag=HtmlTag.Parse(p);

  93. 				if (tag!=null)

  94. 				{

  95. 					if (tag.IsSafe())

  96. 					{

  97. 						// There's a few tags that really are safe in the test data

  98. 						Assert.IsTrue(IsTagReallySafe(tag));

  99. 					}

  100. 				}

  101. 				else

  102. 				{

  103. 					// Next character

  104. 					p.SkipForward(1);

  105. 				}

  106. 			}

  107. 		}

  108. 

  109. 		public static IEnumerable<TestCaseData> GetAllowed()

  110. 		{

  111. 			return GetTestsFromFile("non_attacks.txt");

  112. 		}

  113. 

  114. 

  115. 		[Test, TestCaseSource("GetAllowed")]

  116. 		public void TestNonAttacksAreAllowed(string input)

  117. 		{

  118. 			StringScanner p = new StringScanner(input);

  119. 

  120. 			while (!p.Eof)

  121. 			{

  122. 				HtmlTag tag = HtmlTag.Parse(p);

  123. 				if (tag != null)

  124. 				{

  125. 					Assert.IsTrue(tag.IsSafe());

  126. 				}

  127. 				else

  128. 				{

  129. 					// Next character

  130. 					p.SkipForward(1);

  131. 				}

  132. 			}

  133. 		}

  134. 

  135. 	}

  136. }