kevinveenbirkenbach/computer-playbook
1
0
Fork 0
mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-08-29 23:08:06 +02:00
Code Issues Packages Projects Releases Wiki Activity

Adapted CSP to new server dict structure

Browse Source
This commit is contained in:
Kevin Veen-Birkenbach
2025-08-07 13:00:52 +02:00
parent 051e4accd6
commit 5a0684fa2d
5 changed files with 41 additions and 36 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tests/unit/filter_plugins/test_csp_filters.py
View File

@@ -22,28 +22,30 @@ class TestCspFilters(unittest.TestCase):
'oauth2': True,
'matomo': True,
},
'csp': {
'whitelist': {
'script-src-elem': ['https://cdn.example.com'],
'connect-src': 'https://api.example.com',
},
'flags': {
'script-src': {
'unsafe-eval': True,
'unsafe-inline': False,
'server':{
'csp': {
'whitelist': {
'script-src-elem': ['https://cdn.example.com'],
'connect-src': 'https://api.example.com',
},
'style-src': {
'unsafe-inline': True,
'flags': {
'script-src': {
'unsafe-eval': True,
'unsafe-inline': False,
},
'style-src': {
'unsafe-inline': True,
},
},
},
'hashes': {
'script-src': [
"console.log('hello');",
],
'style-src': [
"body { background: #fff; }",
]
}
'hashes': {
'script-src': [
"console.log('hello');",
],
'style-src': [
"body { background: #fff; }",
]
}
}
},
},
'app2': {}
@@ -114,7 +116,7 @@ class TestCspFilters(unittest.TestCase):
def test_get_csp_inline_content_string(self):
# simulate single string instead of list
self.apps['app1']['csp']['hashes']['style-src'] = "body { color: red; }"
self.apps['app1']['server']['csp']['hashes']['style-src'] = "body { color: red; }"
snippets = self.filter.get_csp_inline_content(self.apps, 'app1', 'style-src')
self.assertEqual(snippets, ["body { color: red; }"])

22
tests/unit/filter_plugins/test_csp_hashes.py
View File

@@ -8,9 +8,11 @@ class TestCspHashes(unittest.TestCase):
# Sample applications dict for testing
self.applications = {
'app1': {
'csp': {
'hashes': {
'script-src-elem': ["existing-hash"]
'server':{
'csp': {
'hashes': {
'script-src-elem': ["existing-hash"]
}
}
}
}
@@ -20,25 +22,25 @@ class TestCspHashes(unittest.TestCase):
def test_appends_new_hash(self):
result = append_csp_hash(self.applications, 'app1', self.code)
# Original remains unchanged
self.assertNotIn(self.code, self.applications['app1']['csp']['hashes']['script-src-elem'])
self.assertNotIn(self.code, self.applications['app1']['server']['csp']['hashes']['script-src-elem'])
# New result should contain both existing and new
self.assertIn('existing-hash', result['app1']['csp']['hashes']['script-src-elem'])
self.assertIn(self.code, result['app1']['csp']['hashes']['script-src-elem'])
self.assertIn('existing-hash', result['app1']['server']['csp']['hashes']['script-src-elem'])
self.assertIn(self.code, result['app1']['server']['csp']['hashes']['script-src-elem'])
def test_does_not_duplicate_existing_hash(self):
# Append an existing hash
result = append_csp_hash(self.applications, 'app1', 'existing-hash')
# Should still only have one instance
hashes = result['app1']['csp']['hashes']['script-src-elem']
hashes = result['app1']['server']['csp']['hashes']['script-src-elem']
self.assertEqual(hashes.count('existing-hash'), 1)
def test_creates_missing_csp_structure(self):
# Remove csp and hashes keys
apps = {'app2': {}}
result = append_csp_hash(apps, 'app2', self.code)
self.assertIn('csp', result['app2'])
self.assertIn('hashes', result['app2']['csp'])
self.assertIn(self.code, result['app2']['csp']['hashes']['script-src-elem'])
self.assertIn('csp', result['app2']['server'])
self.assertIn('hashes', result['app2']['server']['csp'])
self.assertIn(self.code, result['app2']['server']['csp']['hashes']['script-src-elem'])
def test_non_dict_applications_raises(self):
with self.assertRaises(AnsibleFilterError):