o ø•;hI7ã@sbddlmZddlZddlZddlmZmZmZmZddiZ dd„Z dd „Z Gd d „d ej ƒZ dS) é)Úabsolute_importN)Ú ALLOW_FROMÚDENYÚ NONCE_LENGTHÚTalismanzwsgi.url_schemeÚhttpscCódS©Nz Hello, world©r r r úO/var/www/html/venv/lib/python3.10/site-packages/flask_talisman/talisman_test.pyÚ hello_worldsr cCs t d¡S)Nz))ÚflaskZrender_template_stringr r r r Ú with_noncesÿrc@sŒeZdZdd„Zdd„Zdd„Zdd„Zd d „Zd d „Zd d„Z dd„Z dd„Z dd„Z dd„Z dd„Zdd„Zdd„Zdd„Zdd „Zd!S)"ÚTestTalismanExtensioncCsHt t¡|_t|jƒ|_|j ¡|_|j d¡t ƒ|j d¡t ƒdS)Nú/ú /with_nonce) r ÚFlaskÚ__name__ÚapprÚtalismanÚ test_clientÚclientÚrouter r)Úselfr r r ÚsetUp&s   zTestTalismanExtension.setUpcCsl|jjdtd}dddddœ}| ¡D]\}}| |j |¡|¡q|j d¡}| d |¡| d |¡dS) Nr©Zenviron_overridesÚ SAMEORIGINz#max-age=31556926; includeSubDomainsZnosniffzstrict-origin-when-cross-origin)úX-Frame-OptionsúStrict-Transport-SecurityúX-Content-Type-OptionszReferrer-PolicyúContent-Security-Policyúdefault-src 'self'zobject-src 'none')rÚgetÚ HTTPS_ENVIRONÚitemsÚ assertEqualÚheadersÚassertIn)rÚresponser&ÚkeyÚvalueÚcspr r r Ú testDefaults.sû  z"TestTalismanExtension.testDefaultscCsš|jjdddid}| |jd¡|j d¡}| |jd¡| |jd d¡¡d |j_|j d¡}| |jd ¡d |j_ |j d¡}| |jd¡dS) NrúX-Forwarded-Protor©r&éÈé.ZLocationzhttps://Ti-F) rr"r%Ú status_codeZ assertTruer&Ú startswithrZforce_https_permanentÚ force_https©rr(r r r ÚtestForceSslOptionOptionsAsÿ   z/TestTalismanExtension.testForceSslOptionOptionscCs8d|j_|j d¡}| d|j¡| |jdd¡dS)NTrúX-XSS-Protectionz 1; mode=block)rÚx_xss_protectionrr"r'r&r%r4r r r ÚtestForceXSSProtectionOptionsWs z3TestTalismanExtension.testForceXSSProtectionOptionscCsÊd|j_|j d¡}| d|j¡d|j_|jjdtd}| d|j¡d|j_|jjdddid}| d|j¡d|j_ |jjdtd}| d |jd¡d|j_ |jjdtd}| d |jd¡dS) NFrrrTr-rr.ZincludeSubDomainsZpreload) rZ force_sslrr"Ú assertNotInr&Zstrict_transport_securityr#r'Z,strict_transport_security_include_subdomainsZ!strict_transport_security_preloadr4r r r ÚtestHstsOptions_s& ÿ ÿz%TestTalismanExtension.testHstsOptionscCs†t|j_|jjdtd}| |jdd¡t|j_d|j_ |jjdtd}| |jdd¡d|j_|jjdtd}|  d|j¡dS)Nrrrrú example.comzALLOW-FROM example.com) rrZ frame_optionsrr"r#r%r&rZframe_options_allow_fromr9r4r r r ÚtestFrameOptionss ÿz&TestTalismanExtension.testFrameOptionscCs†d|jjd<|jjdtd}|jd}| d|¡| d|¡| d|¡d d g|jjd<|jjdtd}|jd}| d |¡| d |¡d |j_|jjdtd}| |jdd ¡d|j_|jjdtd}| d|j¡t   t ¡}t |d d|  ¡jdtd}| d |jd¡t   t ¡}t |dd|  ¡jdtd}| d|j¡t   t ¡}t |dd|  ¡jdtd}| d|j¡dS)NÚ*z image-srcrrr zdefault-src 'self';zobject-src 'none';z image-src *ú'self'r;r!zimage-src 'self' example.comzdefault-src 'foo' spam.eggsF©Úcontent_security_policy)Zx_content_type_optionsr)r7r6)rr@rr"r#r&r'r%r9r rrrr)rr(r+rr r r Ú testContentSecurityPolicyOptionsŽsH      þ    ÿ  þ    z6TestTalismanExtension.testContentSecurityPolicyOptionscCs¦d|j_d|j_|jjdtd}| d|j¡| d|jd¡| d|j¡d}d|i|j_ |jjdtd}| d|j¡| ||jd¡|j t t |j dd dS) NTzhttps://example.comrrz#Content-Security-Policy-Report-Onlyz report-urir zhttps://report-uri.io/)Ú#content_security_policy_report_only)rrBZ"content_security_policy_report_urirr"r#r'r&r9r@Z assertRaisesÚ ValueErrorrr)rr(Zoverride_report_urir r r Ú&testContentSecurityPolicyOptionsReport¿s0ÿþÿÿþ  ÿzz script-srcr;z style-srcrrr zscript-src 'self' 'nonce-{}'zstyle-src 'self'z style-src example.com 'nonce-{}'zstyle-src example.comzutf-8)rr@Z content_security_policy_nonce_inrrr"r#r&r'Úformatr ÚrequestZ csp_noncer9ÚdataÚdecoder%Úlenr)rrr(r+r r r ÚtestContentSecurityPolicyNonceÜs<    ÿ  þþ þþ þ"æz4TestTalismanExtension.testContentSecurityPolicyNoncecCsT|j d¡|jdddd„ƒƒ}|jjdtd}| d|j¡| |jdd¡dS) Nz/nocspr?cSrr r r r r r Únocspþóz2TestTalismanExtension.testDecorator..nocsprr rr) rrrrr"r#r9r&r%)rrKr(r r r Ú testDecoratorýs   z#TestTalismanExtension.testDecoratorcCs>|j d¡|jdddd„ƒƒ}|j d¡}| |jd¡dS)Nz /noforcehttpsF)r3cSrr r r r r r Ú noforcehttpsrLzCTestTalismanExtension.testDecoratorForceHttps..noforcehttpsr/)rrrrr"r%r1)rrNr(r r r ÚtestDecoratorForceHttpss    z-TestTalismanExtension.testDecoratorForceHttpscCs<d|j_|jjdtd}| d|j¡| |jdd¡dS)NTrrzX-Download-OptionsZnoopen)rZforce_file_saverr"r#r'r&r%r4r r r ÚtestForceFileSavesz'TestTalismanExtension.testForceFileSavecCs@|j d¡}| |jd¡|jjdddid}| |jd¡dS)Nz /bad_endpointr0r-rr.i”)rr"r%r1r4r r r ÚtestBadEndpoints ÿz%TestTalismanExtension.testBadEndpointcCs¢d|jjd<|jjdtd}|jd}| d|¡d|jjd<|jjdtd}|jd}| d |¡t t ¡}t |d d |  ¡jdtd}| d |jd¡dS) Nz'none'Ú geolocationrrzFeature-Policyzgeolocation 'none'z'self' example.comÚ fullscreenzfullscreen 'self' example.comzvibrate 'none')Úfeature_policy) rrTrr"r#r&r'r rrrr)rr(rTrr r r ÚtestFeaturePolicys        z'TestTalismanExtension.testFeaturePolicycCsöd|jjd<|jjdtd}|jd}| d|¡| d|¡d|jjd<d|jjd <|jjdtd}|jd}| d|¡| d |¡i|j_|jjdtd}|j d¡}| d|¡t  t ¡}t |d d |  ¡jdtd}| d |jd¡dS) Nz()rRrrzPermissions-Policyzbrowsing-topics=()zgeolocation=()z(self, "https://example.com")rSz8geolocation=(), fullscreen=(self, "https://example.com")zvibrate=(), geolocation=())Úpermissions_policy) rrVrr"r#r&r'r%r rrrr)rr(rVrr r r ÚtestPermissionsPolicy.s&             z+TestTalismanExtension.testPermissionsPolicycCs®d|jjd<|jjdtd}|jd}| d|¡d|jjd<d|jjd<|jjdtd}|jd}| d|¡t t ¡}t |dd |  ¡jdtd}| d|jd¡dS) Nz?0zoversized-imagesrrzDocument-Policyzoversized-images=?0zdocument-writez&oversized-images=?0, document-write=?0)Údocument_policy) rrXrr"r#r&r'r rrrr)rr(rXrr r r ÚtestDocumentPolicyHs         z(TestTalismanExtension.testDocumentPolicyN)rÚ __module__Ú __qualname__rr,r5r8r:r<rArDrJrMrOrPrQrUrWrYr r r r r$s" 1!   r)Ú __future__rZunittestr Zflask_talismanrrrrr#r rZTestCaserr r r r Ús