Skip to content

Commit d408f4c

Browse files
SISheogorathSISheogorath
committed
Add tests for csp.js
Since we lack of tests but got some great point to start, let's write more tests. This patch provides some basic tests for our CSP library. It's more an integration than a unit test, but gets the job done. Signed-off-by: Sheogorath <[email protected]>
1 parent 5f1406a commit d408f4c

File tree

2 files changed

+125
-0
lines changed

2 files changed

+125
-0
lines changed

package.json

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -184,6 +184,7 @@
184184
"less-loader": "^4.1.0",
185185
"mini-css-extract-plugin": "^0.4.1",
186186
"mocha": "^5.2.0",
187+
"mock-require": "^3.0.3",
187188
"optimize-css-assets-webpack-plugin": "^5.0.0",
188189
"script-loader": "^0.7.2",
189190
"string-loader": "^0.0.1",

test/csp.js

Lines changed: 124 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,124 @@
1+
/* eslint-env node, mocha */
2+
'use strict'
3+
4+
const assert = require('assert')
5+
const crypto = require('crypto')
6+
const fs = require('fs')
7+
const path = require('path')
8+
const mock = require('mock-require')
9+
10+
describe('Content security policies', function () {
11+
let defaultConfig, csp
12+
13+
before(function () {
14+
csp = require('../lib/csp')
15+
})
16+
17+
beforeEach(function () {
18+
// Reset config to make sure we don't influence other tests
19+
defaultConfig = {
20+
csp: {
21+
enable: true,
22+
directives: {
23+
},
24+
addDefaults: true,
25+
addDisqus: true,
26+
addGoogleAnalytics: true,
27+
upgradeInsecureRequests: 'auto',
28+
reportURI: undefined
29+
},
30+
useCDN: true
31+
}
32+
})
33+
34+
afterEach(function () {
35+
mock.stop('../lib/config')
36+
csp = mock.reRequire('../lib/csp')
37+
})
38+
39+
after(function () {
40+
mock.stopAll()
41+
csp = mock.reRequire('../lib/csp')
42+
})
43+
44+
// beginnging Tests
45+
it('Disable CDN', function () {
46+
let testconfig = defaultConfig
47+
testconfig.useCDN = false
48+
mock('../lib/config', testconfig)
49+
csp = mock.reRequire('../lib/csp')
50+
51+
assert(!csp.computeDirectives().scriptSrc.includes('https://cdnjs.cloudflare.com'))
52+
assert(!csp.computeDirectives().scriptSrc.includes('https://cdn.mathjax.org'))
53+
assert(!csp.computeDirectives().styleSrc.includes('https://cdnjs.cloudflare.com'))
54+
assert(!csp.computeDirectives().styleSrc.includes('https://fonts.googleapis.com'))
55+
assert(!csp.computeDirectives().fontSrc.includes('https://cdnjs.cloudflare.com'))
56+
assert(!csp.computeDirectives().fontSrc.includes('https://fonts.gstatic.com'))
57+
})
58+
59+
it('Disable Google Analytics', function () {
60+
let testconfig = defaultConfig
61+
testconfig.csp.addGoogleAnalytics = false
62+
mock('../lib/config', testconfig)
63+
csp = mock.reRequire('../lib/csp')
64+
65+
assert(!csp.computeDirectives().scriptSrc.includes('https://www.google-analytics.com'))
66+
})
67+
68+
it('Disable Disqus', function () {
69+
let testconfig = defaultConfig
70+
testconfig.csp.addDisqus = false
71+
mock('../lib/config', testconfig)
72+
csp = mock.reRequire('../lib/csp')
73+
74+
assert(!csp.computeDirectives().scriptSrc.includes('https://disqus.com'))
75+
assert(!csp.computeDirectives().scriptSrc.includes('https://*.disqus.com'))
76+
assert(!csp.computeDirectives().scriptSrc.includes('https://*.disquscdn.com'))
77+
assert(!csp.computeDirectives().styleSrc.includes('https://*.disquscdn.com'))
78+
assert(!csp.computeDirectives().fontSrc.includes('https://*.disquscdn.com'))
79+
})
80+
81+
it('Set ReportURI', function () {
82+
let testconfig = defaultConfig
83+
testconfig.csp.reportURI = 'https://example.com/reportURI'
84+
mock('../lib/config', testconfig)
85+
csp = mock.reRequire('../lib/csp')
86+
87+
assert.strictEqual(csp.computeDirectives().reportUri, 'https://example.com/reportURI')
88+
})
89+
90+
it('Set own directives', function () {
91+
let testconfig = defaultConfig
92+
mock('../lib/config', defaultConfig)
93+
csp = mock.reRequire('../lib/csp')
94+
const unextendedCSP = csp.computeDirectives()
95+
testconfig.csp.directives = {
96+
defaultSrc: ['https://default.example.com'],
97+
scriptSrc: ['https://script.example.com'],
98+
imgSrc: ['https://img.example.com'],
99+
styleSrc: ['https://style.example.com'],
100+
fontSrc: ['https://font.example.com'],
101+
objectSrc: ['https://object.example.com'],
102+
mediaSrc: ['https://media.example.com'],
103+
childSrc: ['https://child.example.com'],
104+
connectSrc: ['https://connect.example.com']
105+
}
106+
mock('../lib/config', testconfig)
107+
csp = mock.reRequire('../lib/csp')
108+
109+
const variations = ['default', 'script', 'img', 'style', 'font', 'object', 'media', 'child', 'connect']
110+
111+
for (let i = 0; i < variations.length; i++) {
112+
assert.strictEqual(csp.computeDirectives()[variations[i] + 'Src'].toString(), ['https://' + variations[i] + '.example.com'].concat(unextendedCSP[variations[i] + 'Src']).toString())
113+
}
114+
})
115+
116+
/*
117+
* This test reminds us to update the CSP hash for the speaker notes
118+
*/
119+
it('Unchanged hash for reveal.js speaker notes plugin', function () {
120+
const hash = crypto.createHash('sha1')
121+
hash.update(fs.readFileSync(path.resolve(__dirname, '../node_modules/reveal.js/plugin/notes/notes.html'), 'utf8'), 'utf8')
122+
assert.strictEqual(hash.digest('hex'), '471f3826880fac884a4a14faabc492bc854ae994')
123+
})
124+
})

0 commit comments

Comments
 (0)