using Moq; using NUnit.Framework; using Umbraco.Cms.Core.Security; namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Security; public class FileStreamSecurityValidatorTests { [Test] public void IsConsideredSafe_True_NoAnalyzersPresent() { // Arrange var sut = new FileStreamSecurityValidator(Enumerable.Empty()); using var memoryStream = new MemoryStream(); using var streamWriter = new StreamWriter(memoryStream); streamWriter.Write("TestContent"); streamWriter.Flush(); memoryStream.Seek(0, SeekOrigin.Begin); // Act var validationResult = sut.IsConsideredSafe(memoryStream); // Assert Assert.IsTrue(validationResult); } [Test] public void IsConsideredSafe_True_NoAnalyzerMatchesType() { // Arrange var analyzerOne = new Mock(); analyzerOne.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(false); var analyzerTwo = new Mock(); analyzerTwo.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(false); var sut = new FileStreamSecurityValidator(new List{analyzerOne.Object,analyzerTwo.Object}); using var memoryStream = new MemoryStream(); using var streamWriter = new StreamWriter(memoryStream); streamWriter.Write("TestContent"); streamWriter.Flush(); memoryStream.Seek(0, SeekOrigin.Begin); // Act var validationResult = sut.IsConsideredSafe(memoryStream); // Assert Assert.IsTrue(validationResult); } [Test] public void IsConsideredSafe_True_AllMatchingAnalyzersReturnTrue() { // Arrange var matchingAnalyzerOne = new Mock(); matchingAnalyzerOne.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(true); matchingAnalyzerOne.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny())) .Returns(true); var matchingAnalyzerTwo = new Mock(); matchingAnalyzerTwo.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(true); matchingAnalyzerTwo.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny())) .Returns(true); var unmatchedAnalyzer = new Mock(); unmatchedAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(false); var sut = new FileStreamSecurityValidator(new List{matchingAnalyzerOne.Object,matchingAnalyzerTwo.Object}); using var memoryStream = new MemoryStream(); using var streamWriter = new StreamWriter(memoryStream); streamWriter.Write("TestContent"); streamWriter.Flush(); memoryStream.Seek(0, SeekOrigin.Begin); // Act var validationResult = sut.IsConsideredSafe(memoryStream); // Assert Assert.IsTrue(validationResult); } [Test] public void IsConsideredSafe_False_AnyMatchingAnalyzersReturnFalse() { // Arrange var saveMatchingAnalyzer = new Mock(); saveMatchingAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(true); saveMatchingAnalyzer.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny())) .Returns(true); var unsafeMatchingAnalyzer = new Mock(); unsafeMatchingAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(true); unsafeMatchingAnalyzer.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny())) .Returns(false); var unmatchedAnalyzer = new Mock(); unmatchedAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny())) .Returns(false); var sut = new FileStreamSecurityValidator(new List{saveMatchingAnalyzer.Object,unsafeMatchingAnalyzer.Object}); using var memoryStream = new MemoryStream(); using var streamWriter = new StreamWriter(memoryStream); streamWriter.Write("TestContent"); streamWriter.Flush(); memoryStream.Seek(0, SeekOrigin.Begin); // Act var validationResult = sut.IsConsideredSafe(memoryStream); // Assert Assert.IsFalse(validationResult); } }