Add tests for CSP

djbe · djbe · commit 06ce9882f40d · 2025-09-24T05:09:57.000+02:00
diff --git a/tests/nuxt-base/final/csp/env.properties b/tests/nuxt-base/final/csp/env.properties
@@ -0,0 +1,19 @@
+NGINX_CSP_CHILD_SRC="https://children.environment.com data:"
+NGINX_CSP_CONNECT_SRC="https://connection.environment.com data:"
+NGINX_CSP_FONT_SRC="https://fonts.environment.com data:"
+NGINX_CSP_FORM_ACTION="https://forms.environment.com data:"
+NGINX_CSP_FRAME_ANCESTORS="https://frames-anc.environment.com"
+NGINX_CSP_FRAME_SRC="https://frames.environment.com data:"
+NGINX_CSP_IMG_SRC="https://imgs.environment.com data:"
+NGINX_CSP_MANIFEST_SRC="https://manifests.environment.com data:"
+NGINX_CSP_MEDIA_SRC="https://media.environment.com data:"
+NGINX_CSP_OBJECT_SRC="https://objects.environment.com data:"
+NGINX_CSP_REQUIRE_TRUSTED_TYPES_FOR=""
+NGINX_CSP_SCRIPT_SRC="https://scripts.environment.com data: 'unsafe-inline'"
+NGINX_CSP_STYLE_SRC="https://styles.environment.com data: 'unsafe-inline'"
+NGINX_CSP_TRUSTED_TYPES="environment-foo env-bar"
+NGINX_CSP_WORKER_SRC="https://workers.environment.com data:"
+
+NGINX_CSP_MODE=report-only
+NGINX_CSP_REPORT_URI=https://sentry.appwi.se/api/347/security/?sentry_key=foo123
+NGINX_FRAME_OPTIONS=sameorigin
diff --git a/tests/nuxt-base/final/csp/extra-files/csp.properties b/tests/nuxt-base/final/csp/extra-files/csp.properties
@@ -0,0 +1,15 @@
+CHILD_SRC="https://children.embedded.com 'self'"
+CONNECT_SRC="https://connection.embedded.com 'self'"
+FONT_SRC="https://fonts.embedded.com 'self'"
+FORM_ACTION="https://forms.embedded.com 'self'"
+FRAME_ANCESTORS="https://frames-anc.embedded.com"
+FRAME_SRC="https://frames.embedded.com 'self'"
+IMG_SRC="https://imgs.embedded.com 'self'"
+MANIFEST_SRC="https://manifests.embedded.com 'self'"
+MEDIA_SRC="https://media.embedded.com 'self'"
+OBJECT_SRC="https://objects.embedded.com 'self'"
+REQUIRE_TRUSTED_TYPES_FOR="'script'"
+SCRIPT_SRC="https://scripts.embedded.com 'self' 'unsafe-inline'"
+STYLE_SRC="https://styles.embedded.com 'self' 'unsafe-inline'"
+TRUSTED_TYPES="embedded-foo 'allow-duplicates'"
+WORKER_SRC="https://workers.embedded.com 'self'"
diff --git a/tests/nuxt-base/final/csp/goss.yaml b/tests/nuxt-base/final/csp/goss.yaml
@@ -0,0 +1,26 @@
+---
+http:
+  check envs and secrets:
+    headers:
+      - >-
+        Content-Security-Policy-Report-Only:
+        default-src 'self';
+        child-src https://children.embedded.com 'self' https://children.environment.com data:;
+        connect-src https://connection.embedded.com 'self' https://connection.environment.com data:;
+        font-src https://fonts.embedded.com 'self' https://fonts.environment.com data:;
+        form-action https://forms.embedded.com 'self' https://forms.environment.com data:;
+        frame-ancestors https://frames-anc.embedded.com https://frames-anc.environment.com;
+        frame-src https://frames.embedded.com 'self' https://frames.environment.com data:;
+        img-src https://imgs.embedded.com 'self' https://imgs.environment.com data:;
+        manifest-src https://manifests.embedded.com 'self' https://manifests.environment.com data:;
+        media-src https://media.embedded.com 'self' https://media.environment.com data:;
+        object-src https://objects.embedded.com 'self' https://objects.environment.com data:;
+        require-trusted-types-for 'script';
+        script-src https://scripts.embedded.com 'self' 'unsafe-inline' https://scripts.environment.com data: 'unsafe-inline';
+        style-src https://styles.embedded.com 'self' 'unsafe-inline' https://styles.environment.com data: 'unsafe-inline';
+        trusted-types embedded-foo 'allow-duplicates' environment-foo env-bar;
+        worker-src https://workers.embedded.com 'self' https://workers.environment.com data:;
+        report-uri https://sentry.appwi.se/api/347/security/?sentry_key=foo123;
+      - 'X-Frame-Options: sameorigin'
+    status: 200
+    url: http://localhost:8080/
diff --git a/tests/nuxt-base/final/csp/goss_wait.yaml b/tests/nuxt-base/final/csp/goss_wait.yaml
@@ -0,0 +1,17 @@
+---
+command:
+  node monitor:
+    exec: 's6-svstat -u /run/service/node-memory-monitor'
+    exit-status: 0
+    stdout:
+      - 'true'
+port:
+  tcp:8080:
+    listening: true
+    ip:
+      - 0.0.0.0
+process:
+  nginx:
+    running: true
+  node:
+    running: true
diff --git a/tests/nuxt-base/final/csp/run_overrides b/tests/nuxt-base/final/csp/run_overrides
@@ -0,0 +1,3 @@
+CUSTOM_ARGUMENTS=(
+  --mount "type=bind,ro,source=$PWD/extra-files/csp.properties,target=/etc/csp-generator/default"
+)
diff --git a/tests/nuxt-base/final/default/goss.yaml b/tests/nuxt-base/final/default/goss.yaml
@@ -5,12 +5,14 @@ http:
     body:
       - 'Hey from index.mjs'
     headers:
+      - 'Content-Security-Policy: default-src ''self'';'
       - 'Cross-Origin-Opener-Policy: same-origin'
       - 'Cross-Origin-Resource-Policy: same-origin'
       - 'Permissions-Policy: interest-cohort=()'
       - 'Referrer-Policy: same-origin'
       - 'Strict-Transport-Security'
       - 'X-Content-Type-Options: nosniff'
+      - 'X-Frame-Options: deny'
       - 'X-Permitted-Cross-Domain-Policies: none'
       - 'X-Robots-Tag: none'
     status: 200
diff --git a/tests/payload-base/final/csp/env.properties b/tests/payload-base/final/csp/env.properties
@@ -0,0 +1,19 @@
+NGINX_CSP_CHILD_SRC="https://children.environment.com data:"
+NGINX_CSP_CONNECT_SRC="https://connection.environment.com data:"
+NGINX_CSP_FONT_SRC="https://fonts.environment.com data:"
+NGINX_CSP_FORM_ACTION="https://forms.environment.com data:"
+NGINX_CSP_FRAME_ANCESTORS="https://frames-anc.environment.com"
+NGINX_CSP_FRAME_SRC="https://frames.environment.com data:"
+NGINX_CSP_IMG_SRC="https://imgs.environment.com data:"
+NGINX_CSP_MANIFEST_SRC="https://manifests.environment.com data:"
+NGINX_CSP_MEDIA_SRC="https://media.environment.com data:"
+NGINX_CSP_OBJECT_SRC="https://objects.environment.com data:"
+NGINX_CSP_REQUIRE_TRUSTED_TYPES_FOR=""
+NGINX_CSP_SCRIPT_SRC="https://scripts.environment.com data: 'unsafe-inline'"
+NGINX_CSP_STYLE_SRC="https://styles.environment.com data: 'unsafe-inline'"
+NGINX_CSP_TRUSTED_TYPES="environment-foo env-bar"
+NGINX_CSP_WORKER_SRC="https://workers.environment.com data:"
+
+NGINX_CSP_MODE=report-only
+NGINX_CSP_REPORT_URI=https://sentry.appwi.se/api/347/security/?sentry_key=foo123
+NGINX_FRAME_OPTIONS=sameorigin
diff --git a/tests/payload-base/final/csp/extra-files/csp.properties b/tests/payload-base/final/csp/extra-files/csp.properties
@@ -0,0 +1,15 @@
+CHILD_SRC="https://children.embedded.com 'self'"
+CONNECT_SRC="https://connection.embedded.com 'self'"
+FONT_SRC="https://fonts.embedded.com 'self'"
+FORM_ACTION="https://forms.embedded.com 'self'"
+FRAME_ANCESTORS="https://frames-anc.embedded.com"
+FRAME_SRC="https://frames.embedded.com 'self'"
+IMG_SRC="https://imgs.embedded.com 'self'"
+MANIFEST_SRC="https://manifests.embedded.com 'self'"
+MEDIA_SRC="https://media.embedded.com 'self'"
+OBJECT_SRC="https://objects.embedded.com 'self'"
+REQUIRE_TRUSTED_TYPES_FOR="'script'"
+SCRIPT_SRC="https://scripts.embedded.com 'self' 'unsafe-inline'"
+STYLE_SRC="https://styles.embedded.com 'self' 'unsafe-inline'"
+TRUSTED_TYPES="embedded-foo 'allow-duplicates'"
+WORKER_SRC="https://workers.embedded.com 'self'"
diff --git a/tests/payload-base/final/csp/goss.yaml b/tests/payload-base/final/csp/goss.yaml
@@ -0,0 +1,26 @@
+---
+http:
+  check envs and secrets:
+    headers:
+      - >-
+        Content-Security-Policy-Report-Only:
+        default-src 'self';
+        child-src https://children.embedded.com 'self' https://children.environment.com data:;
+        connect-src https://connection.embedded.com 'self' https://connection.environment.com data:;
+        font-src https://fonts.embedded.com 'self' https://fonts.environment.com data:;
+        form-action https://forms.embedded.com 'self' https://forms.environment.com data:;
+        frame-ancestors https://frames-anc.embedded.com https://frames-anc.environment.com;
+        frame-src https://frames.embedded.com 'self' https://frames.environment.com data:;
+        img-src https://imgs.embedded.com 'self' https://imgs.environment.com data:;
+        manifest-src https://manifests.embedded.com 'self' https://manifests.environment.com data:;
+        media-src https://media.embedded.com 'self' https://media.environment.com data:;
+        object-src https://objects.embedded.com 'self' https://objects.environment.com data:;
+        require-trusted-types-for 'script';
+        script-src https://scripts.embedded.com 'self' 'unsafe-inline' https://scripts.environment.com data: 'unsafe-inline';
+        style-src https://styles.embedded.com 'self' 'unsafe-inline' https://styles.environment.com data: 'unsafe-inline';
+        trusted-types embedded-foo 'allow-duplicates' environment-foo env-bar;
+        worker-src https://workers.embedded.com 'self' https://workers.environment.com data:;
+        report-uri https://sentry.appwi.se/api/347/security/?sentry_key=foo123;
+      - 'X-Frame-Options: sameorigin'
+    status: 200
+    url: http://localhost:8080/
diff --git a/tests/payload-base/final/csp/goss_wait.yaml b/tests/payload-base/final/csp/goss_wait.yaml
@@ -0,0 +1,11 @@
+---
+port:
+  tcp:8080:
+    listening: true
+    ip:
+      - 0.0.0.0
+process:
+  nginx:
+    running: true
+  node:
+    running: true
diff --git a/tests/payload-base/final/csp/run_overrides b/tests/payload-base/final/csp/run_overrides
@@ -0,0 +1,3 @@
+CUSTOM_ARGUMENTS=(
+  --mount "type=bind,ro,source=$PWD/extra-files/csp.properties,target=/etc/csp-generator/default"
+)
diff --git a/tests/payload-base/final/default/goss.yaml b/tests/payload-base/final/default/goss.yaml
@@ -5,12 +5,14 @@ http:
     body:
       - 'Hey from server.js'
     headers:
+      - 'Content-Security-Policy: default-src ''self'';'
       - 'Cross-Origin-Opener-Policy: same-origin'
       - 'Cross-Origin-Resource-Policy: same-origin'
       - 'Permissions-Policy: interest-cohort=()'
       - 'Referrer-Policy: same-origin'
       - 'Strict-Transport-Security'
       - 'X-Content-Type-Options: nosniff'
+      - 'X-Frame-Options: deny'
       - 'X-Permitted-Cross-Domain-Policies: none'
       - 'X-Robots-Tag: none'
     status: 200
diff --git a/tests/php-base/fpm/csp/env.properties b/tests/php-base/fpm/csp/env.properties
@@ -0,0 +1,19 @@
+NGINX_CSP_CHILD_SRC="https://children.environment.com data:"
+NGINX_CSP_CONNECT_SRC="https://connection.environment.com data:"
+NGINX_CSP_FONT_SRC="https://fonts.environment.com data:"
+NGINX_CSP_FORM_ACTION="https://forms.environment.com data:"
+NGINX_CSP_FRAME_ANCESTORS="https://frames-anc.environment.com"
+NGINX_CSP_FRAME_SRC="https://frames.environment.com data:"
+NGINX_CSP_IMG_SRC="https://imgs.environment.com data:"
+NGINX_CSP_MANIFEST_SRC="https://manifests.environment.com data:"
+NGINX_CSP_MEDIA_SRC="https://media.environment.com data:"
+NGINX_CSP_OBJECT_SRC="https://objects.environment.com data:"
+NGINX_CSP_REQUIRE_TRUSTED_TYPES_FOR=""
+NGINX_CSP_SCRIPT_SRC="https://scripts.environment.com data: 'unsafe-inline'"
+NGINX_CSP_STYLE_SRC="https://styles.environment.com data: 'unsafe-inline'"
+NGINX_CSP_TRUSTED_TYPES="environment-foo env-bar"
+NGINX_CSP_WORKER_SRC="https://workers.environment.com data:"
+
+NGINX_CSP_MODE=report-only
+NGINX_CSP_REPORT_URI=https://sentry.appwi.se/api/347/security/?sentry_key=foo123
+NGINX_FRAME_OPTIONS=sameorigin
diff --git a/tests/php-base/fpm/csp/extra-files/csp.properties b/tests/php-base/fpm/csp/extra-files/csp.properties
@@ -0,0 +1,15 @@
+CHILD_SRC="https://children.embedded.com 'self'"
+CONNECT_SRC="https://connection.embedded.com 'self'"
+FONT_SRC="https://fonts.embedded.com 'self'"
+FORM_ACTION="https://forms.embedded.com 'self'"
+FRAME_ANCESTORS="https://frames-anc.embedded.com"
+FRAME_SRC="https://frames.embedded.com 'self'"
+IMG_SRC="https://imgs.embedded.com 'self'"
+MANIFEST_SRC="https://manifests.embedded.com 'self'"
+MEDIA_SRC="https://media.embedded.com 'self'"
+OBJECT_SRC="https://objects.embedded.com 'self'"
+REQUIRE_TRUSTED_TYPES_FOR="'script'"
+SCRIPT_SRC="https://scripts.embedded.com 'self' 'unsafe-inline'"
+STYLE_SRC="https://styles.embedded.com 'self' 'unsafe-inline'"
+TRUSTED_TYPES="embedded-foo 'allow-duplicates'"
+WORKER_SRC="https://workers.embedded.com 'self'"
diff --git a/tests/php-base/fpm/csp/goss.yaml b/tests/php-base/fpm/csp/goss.yaml
@@ -0,0 +1,26 @@
+---
+http:
+  check envs and secrets:
+    headers:
+      - >-
+        Content-Security-Policy-Report-Only:
+        default-src 'self';
+        child-src https://children.embedded.com 'self' https://children.environment.com data:;
+        connect-src https://connection.embedded.com 'self' https://connection.environment.com data:;
+        font-src https://fonts.embedded.com 'self' https://fonts.environment.com data:;
+        form-action https://forms.embedded.com 'self' https://forms.environment.com data:;
+        frame-ancestors https://frames-anc.embedded.com https://frames-anc.environment.com;
+        frame-src https://frames.embedded.com 'self' https://frames.environment.com data:;
+        img-src https://imgs.embedded.com 'self' https://imgs.environment.com data:;
+        manifest-src https://manifests.embedded.com 'self' https://manifests.environment.com data:;
+        media-src https://media.embedded.com 'self' https://media.environment.com data:;
+        object-src https://objects.embedded.com 'self' https://objects.environment.com data:;
+        require-trusted-types-for 'script';
+        script-src https://scripts.embedded.com 'self' 'unsafe-inline' https://scripts.environment.com data: 'unsafe-inline';
+        style-src https://styles.embedded.com 'self' 'unsafe-inline' https://styles.environment.com data: 'unsafe-inline';
+        trusted-types embedded-foo 'allow-duplicates' environment-foo env-bar;
+        worker-src https://workers.embedded.com 'self' https://workers.environment.com data:;
+        report-uri https://sentry.appwi.se/api/347/security/?sentry_key=foo123;
+      - 'X-Frame-Options: sameorigin'
+    status: 200
+    url: http://localhost:8080/
diff --git a/tests/php-base/fpm/csp/goss_wait.yaml b/tests/php-base/fpm/csp/goss_wait.yaml
@@ -0,0 +1,11 @@
+---
+port:
+  tcp:8080:
+    listening: true
+    ip:
+      - 0.0.0.0
+process:
+  php-fpm:
+    running: true
+  nginx:
+    running: true
diff --git a/tests/php-base/fpm/csp/run_overrides b/tests/php-base/fpm/csp/run_overrides
@@ -0,0 +1,3 @@
+CUSTOM_ARGUMENTS=(
+  --mount "type=bind,ro,source=$PWD/extra-files/csp.properties,target=/etc/csp-generator/default"
+)
diff --git a/tests/php-base/fpm/default/goss.yaml b/tests/php-base/fpm/default/goss.yaml
@@ -5,12 +5,14 @@ http:
     body:
       - 'Hey from index.php'
     headers:
+      - 'Content-Security-Policy: default-src ''self'';'
       - 'Cross-Origin-Opener-Policy: same-origin'
       - 'Cross-Origin-Resource-Policy: same-origin'
       - 'Permissions-Policy: interest-cohort=()'
       - 'Referrer-Policy: same-origin'
       - 'Strict-Transport-Security'
       - 'X-Content-Type-Options: nosniff'
+      - 'X-Frame-Options: deny'
       - 'X-Permitted-Cross-Domain-Policies: none'
       - 'X-Robots-Tag: none'
     status: 200
diff --git a/tests/php-base/octane/csp/env.properties b/tests/php-base/octane/csp/env.properties
@@ -0,0 +1,19 @@
+NGINX_CSP_CHILD_SRC="https://children.environment.com data:"
+NGINX_CSP_CONNECT_SRC="https://connection.environment.com data:"
+NGINX_CSP_FONT_SRC="https://fonts.environment.com data:"
+NGINX_CSP_FORM_ACTION="https://forms.environment.com data:"
+NGINX_CSP_FRAME_ANCESTORS="https://frames-anc.environment.com"
+NGINX_CSP_FRAME_SRC="https://frames.environment.com data:"
+NGINX_CSP_IMG_SRC="https://imgs.environment.com data:"
+NGINX_CSP_MANIFEST_SRC="https://manifests.environment.com data:"
+NGINX_CSP_MEDIA_SRC="https://media.environment.com data:"
+NGINX_CSP_OBJECT_SRC="https://objects.environment.com data:"
+NGINX_CSP_REQUIRE_TRUSTED_TYPES_FOR=""
+NGINX_CSP_SCRIPT_SRC="https://scripts.environment.com data: 'unsafe-inline'"
+NGINX_CSP_STYLE_SRC="https://styles.environment.com data: 'unsafe-inline'"
+NGINX_CSP_TRUSTED_TYPES="environment-foo env-bar"
+NGINX_CSP_WORKER_SRC="https://workers.environment.com data:"
+
+NGINX_CSP_MODE=report-only
+NGINX_CSP_REPORT_URI=https://sentry.appwi.se/api/347/security/?sentry_key=foo123
+NGINX_FRAME_OPTIONS=sameorigin
diff --git a/tests/php-base/octane/csp/extra-files/csp.properties b/tests/php-base/octane/csp/extra-files/csp.properties
@@ -0,0 +1,15 @@
+CHILD_SRC="https://children.embedded.com 'self'"
+CONNECT_SRC="https://connection.embedded.com 'self'"
+FONT_SRC="https://fonts.embedded.com 'self'"
+FORM_ACTION="https://forms.embedded.com 'self'"
+FRAME_ANCESTORS="https://frames-anc.embedded.com"
+FRAME_SRC="https://frames.embedded.com 'self'"
+IMG_SRC="https://imgs.embedded.com 'self'"
+MANIFEST_SRC="https://manifests.embedded.com 'self'"
+MEDIA_SRC="https://media.embedded.com 'self'"
+OBJECT_SRC="https://objects.embedded.com 'self'"
+REQUIRE_TRUSTED_TYPES_FOR="'script'"
+SCRIPT_SRC="https://scripts.embedded.com 'self' 'unsafe-inline'"
+STYLE_SRC="https://styles.embedded.com 'self' 'unsafe-inline'"
+TRUSTED_TYPES="embedded-foo 'allow-duplicates'"
+WORKER_SRC="https://workers.embedded.com 'self'"
diff --git a/tests/php-base/octane/csp/goss.yaml b/tests/php-base/octane/csp/goss.yaml
@@ -0,0 +1,26 @@
+---
+http:
+  check envs and secrets:
+    headers:
+      - >-
+        Content-Security-Policy-Report-Only:
+        default-src 'self';
+        child-src https://children.embedded.com 'self' https://children.environment.com data:;
+        connect-src https://connection.embedded.com 'self' https://connection.environment.com data:;
+        font-src https://fonts.embedded.com 'self' https://fonts.environment.com data:;
+        form-action https://forms.embedded.com 'self' https://forms.environment.com data:;
+        frame-ancestors https://frames-anc.embedded.com https://frames-anc.environment.com;
+        frame-src https://frames.embedded.com 'self' https://frames.environment.com data:;
+        img-src https://imgs.embedded.com 'self' https://imgs.environment.com data:;
+        manifest-src https://manifests.embedded.com 'self' https://manifests.environment.com data:;
+        media-src https://media.embedded.com 'self' https://media.environment.com data:;
+        object-src https://objects.embedded.com 'self' https://objects.environment.com data:;
+        require-trusted-types-for 'script';
+        script-src https://scripts.embedded.com 'self' 'unsafe-inline' https://scripts.environment.com data: 'unsafe-inline';
+        style-src https://styles.embedded.com 'self' 'unsafe-inline' https://styles.environment.com data: 'unsafe-inline';
+        trusted-types embedded-foo 'allow-duplicates' environment-foo env-bar;
+        worker-src https://workers.embedded.com 'self' https://workers.environment.com data:;
+        report-uri https://sentry.appwi.se/api/347/security/?sentry_key=foo123;
+      - 'X-Frame-Options: sameorigin'
+    status: 200
+    url: http://localhost:8080/
diff --git a/tests/php-base/octane/csp/goss_wait.yaml b/tests/php-base/octane/csp/goss_wait.yaml
@@ -0,0 +1,11 @@
+---
+port:
+  tcp:8080:
+    listening: true
+    ip:
+      - 0.0.0.0
+process:
+  php:
+    running: true
+  nginx:
+    running: true
diff --git a/tests/php-base/octane/csp/run_overrides b/tests/php-base/octane/csp/run_overrides
@@ -0,0 +1,3 @@
+CUSTOM_ARGUMENTS=(
+  --mount "type=bind,ro,source=$PWD/extra-files/csp.properties,target=/etc/csp-generator/default"
+)
diff --git a/tests/php-base/octane/default/goss.yaml b/tests/php-base/octane/default/goss.yaml
@@ -5,12 +5,14 @@ http:
     body:
       - 'Hey from index.php'
     headers:
+      - 'Content-Security-Policy: default-src ''self'';'
       - 'Cross-Origin-Opener-Policy: same-origin'
       - 'Cross-Origin-Resource-Policy: same-origin'
       - 'Permissions-Policy: interest-cohort=()'
       - 'Referrer-Policy: same-origin'
       - 'Strict-Transport-Security'
       - 'X-Content-Type-Options: nosniff'
+      - 'X-Frame-Options: deny'
       - 'X-Permitted-Cross-Domain-Policies: none'
       - 'X-Robots-Tag: none'
     status: 200
diff --git a/tests/web-base/final/csp/env.properties b/tests/web-base/final/csp/env.properties
diff --git a/tests/web-base/final/csp/extra-files/csp.properties b/tests/web-base/final/csp/extra-files/csp.properties
diff --git a/tests/web-base/final/csp/goss.yaml b/tests/web-base/final/csp/goss.yaml
diff --git a/tests/web-base/final/csp/goss_wait.yaml b/tests/web-base/final/csp/goss_wait.yaml
diff --git a/tests/web-base/final/csp/run_overrides b/tests/web-base/final/csp/run_overrides
diff --git a/tests/web-base/final/default/goss.yaml b/tests/web-base/final/default/goss.yaml

Original file line number	Diff line number	Diff line change
`@@ -0,0 +1,3 @@`
	`1`	`+CUSTOM_ARGUMENTS=(`
	`2`	`+ --mount "type=bind,ro,source=$PWD/extra-files/csp.properties,target=/etc/csp-generator/default"`
	`3`	`+)`