yv01p/Umbraco-CMS
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
447cb881bd881928584c19dfb236e3c7b7248931
Umbraco-CMS/tests/Umbraco.Tests.UnitTests/Umbraco.Core/Security/FileStreamSecurityValidatorTests.cs
Sven Geusens 311d322129 Add code infrastructure to validate file content (#14657) 
* Implemented modular architecture for filestream security sanitization with an svg-html example

* 31440: Refactoring, applied to more entry points and removed test analyzer

* 31440 Added Unittests for FileStreamSecurityValidator

* PR fixes and better unittest mock names

---------

Co-authored-by: Sven Geusens <sge@umbraco.dk>
2023-08-21 13:08:26 +02:00

124 lines
4.6 KiB
C#
Raw Blame History

using Moq;
using NUnit.Framework;
using Umbraco.Cms.Core.Security;
namespace Umbraco.Cms.Tests.UnitTests.Umbraco.Core.Security;
public class FileStreamSecurityValidatorTests
{
[Test]
public void IsConsideredSafe_True_NoAnalyzersPresent()
{
// Arrange
var sut = new FileStreamSecurityValidator(Enumerable.Empty<IFileStreamSecurityAnalyzer>());
using var memoryStream = new MemoryStream();
using var streamWriter = new StreamWriter(memoryStream);
streamWriter.Write("TestContent");
streamWriter.Flush();
memoryStream.Seek(0, SeekOrigin.Begin);
// Act
var validationResult = sut.IsConsideredSafe(memoryStream);
// Assert
Assert.IsTrue(validationResult);
}
[Test]
public void IsConsideredSafe_True_NoAnalyzerMatchesType()
{
// Arrange
var analyzerOne = new Mock<IFileStreamSecurityAnalyzer>();
analyzerOne.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(false);
var analyzerTwo = new Mock<IFileStreamSecurityAnalyzer>();
analyzerTwo.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(false);
var sut = new FileStreamSecurityValidator(new List<IFileStreamSecurityAnalyzer>{analyzerOne.Object,analyzerTwo.Object});
using var memoryStream = new MemoryStream();
using var streamWriter = new StreamWriter(memoryStream);
streamWriter.Write("TestContent");
streamWriter.Flush();
memoryStream.Seek(0, SeekOrigin.Begin);
// Act
var validationResult = sut.IsConsideredSafe(memoryStream);
// Assert
Assert.IsTrue(validationResult);
}
[Test]
public void IsConsideredSafe_True_AllMatchingAnalyzersReturnTrue()
{
// Arrange
var matchingAnalyzerOne = new Mock<IFileStreamSecurityAnalyzer>();
matchingAnalyzerOne.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(true);
matchingAnalyzerOne.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny<Stream>()))
.Returns(true);
var matchingAnalyzerTwo = new Mock<IFileStreamSecurityAnalyzer>();
matchingAnalyzerTwo.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(true);
matchingAnalyzerTwo.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny<Stream>()))
.Returns(true);
var unmatchedAnalyzer = new Mock<IFileStreamSecurityAnalyzer>();
unmatchedAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(false);
var sut = new FileStreamSecurityValidator(new List<IFileStreamSecurityAnalyzer>{matchingAnalyzerOne.Object,matchingAnalyzerTwo.Object});
using var memoryStream = new MemoryStream();
using var streamWriter = new StreamWriter(memoryStream);
streamWriter.Write("TestContent");
streamWriter.Flush();
memoryStream.Seek(0, SeekOrigin.Begin);
// Act
var validationResult = sut.IsConsideredSafe(memoryStream);
// Assert
Assert.IsTrue(validationResult);
}
[Test]
public void IsConsideredSafe_False_AnyMatchingAnalyzersReturnFalse()
{
// Arrange
var saveMatchingAnalyzer = new Mock<IFileStreamSecurityAnalyzer>();
saveMatchingAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(true);
saveMatchingAnalyzer.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny<Stream>()))
.Returns(true);
var unsafeMatchingAnalyzer = new Mock<IFileStreamSecurityAnalyzer>();
unsafeMatchingAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(true);
unsafeMatchingAnalyzer.Setup(analyzer => analyzer.IsConsideredSafe(It.IsAny<Stream>()))
.Returns(false);
var unmatchedAnalyzer = new Mock<IFileStreamSecurityAnalyzer>();
unmatchedAnalyzer.Setup(analyzer => analyzer.ShouldHandle(It.IsAny<Stream>()))
.Returns(false);
var sut = new FileStreamSecurityValidator(new List<IFileStreamSecurityAnalyzer>{saveMatchingAnalyzer.Object,unsafeMatchingAnalyzer.Object});
using var memoryStream = new MemoryStream();
using var streamWriter = new StreamWriter(memoryStream);
streamWriter.Write("TestContent");
streamWriter.Flush();
memoryStream.Seek(0, SeekOrigin.Begin);
// Act
var validationResult = sut.IsConsideredSafe(memoryStream);
// Assert
Assert.IsFalse(validationResult);
}
}
Reference in New Issue View Git Blame Copy Permalink