UNPKG

csp_evaluator

Version:

Evaluate Content Security Policies for a wide range of bypasses and weaknesses

csp-evaluator.withgoogle.com

google/csp-evaluator

66 lines (57 loc) 2.18 kB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
/** * @fileoverview Tests for CSP Finding. * @author lwe@google.com (Lukas Weichselbaum) * * @license * Copyright 2016 Google Inc. All rights reserved. * Licensed under the Apache License, Version 2.0 (the "License"); * you may not use this file except in compliance with the License. * You may obtain a copy of the License at * * http://www.apache.org/licenses/LICENSE-2.0 * * Unless required by applicable law or agreed to in writing, software * distributed under the License is distributed on an "AS IS" BASIS, * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. * See the License for the specific language governing permissions and * limitations under the License. */ import 'jasmine'; import {Directive, Keyword} from './csp'; import {Finding, Severity, Type} from './finding'; describe('Test finding', () => { it('Finding', () => { const type = Type.MISSING_SEMICOLON; const description = 'description'; const severity = Severity.HIGH; const directive = Directive.SCRIPT_SRC; const value = Keyword.NONE; const finding = new Finding(type, description, severity, directive, value); expect(finding.type).toBe(type); expect(finding.description).toBe(description); expect(finding.severity).toBe(severity); expect(finding.directive).toBe(directive); expect(finding.value).toBe(value); }); it('GetHighestSeverity', () => { const finding1 = new Finding( Type.MISSING_SEMICOLON, 'description', Severity.HIGH, Directive.SCRIPT_SRC); const finding2 = new Finding( Type.MISSING_SEMICOLON, 'description', Severity.MEDIUM, Directive.SCRIPT_SRC); const finding3 = new Finding( Type.MISSING_SEMICOLON, 'description', Severity.INFO, Directive.SCRIPT_SRC); expect(Finding.getHighestSeverity([ finding1, finding3, finding2, finding1 ])).toBe(Severity.HIGH); expect(Finding.getHighestSeverity([ finding3, finding2 ])).toBe(Severity.MEDIUM); expect(Finding.getHighestSeverity([ finding3, finding3 ])).toBe(Severity.INFO); expect(Finding.getHighestSeverity([])).toBe(Severity.NONE); }); });