From 854af2326858ff2b03eaa186f5086b797386bda2 Mon Sep 17 00:00:00 2001 From: Quantum Date: Sat, 15 Jul 2017 02:36:31 -0400 Subject: [PATCH] Increase converage to 100%. --- csp_advanced/tests.py | 26 ++++++++++++++++++++++++-- csp_advanced/utils.py | 10 ++-------- 2 files changed, 26 insertions(+), 10 deletions(-) diff --git a/csp_advanced/tests.py b/csp_advanced/tests.py index 6518215..2fe7068 100644 --- a/csp_advanced/tests.py +++ b/csp_advanced/tests.py @@ -168,6 +168,19 @@ class TestMiddleware(SimpleTestCase): def test_setting_csp(self): self.assertEqual(self.make_ok_view()(self.get_request())['Content-Security-Policy'], "script-src 'self'") + @override_settings(ADVANCED_CSP='verbatim bad csp') + def test_setting_str(self): + self.assertEqual(self.make_ok_view()(self.get_request())['Content-Security-Policy'], 'verbatim bad csp') + + @override_settings(ADVANCED_CSP={'script-src': ['self']}) + def test_csp_exists(self): + @self.decorator_factory() + def view(request): + response = HttpResponse() + response['Content-Security-Policy'] = 'verbatim bad csp' + return response + self.assertEqual(view(self.get_request())['Content-Security-Policy'], 'verbatim bad csp') + @override_settings(ADVANCED_CSP={'bad': ['self']}) def test_invalid_csp(self): self.assertFalse('Content-Security-Policy' in self.make_ok_view()(self.get_request())) @@ -212,6 +225,15 @@ class TestMiddleware(SimpleTestCase): return response self.assertEqual(view(self.get_request())['Content-Security-Policy'], "style-src 'none'") + @override_settings(ADVANCED_CSP={'script-src': ['self']}) + def test_remove_csp(self): + @self.decorator_factory() + def view(request): + response = HttpResponse() + response.csp = {'override': True} + return response + self.assertFalse('Content-Security-Policy' in view(self.get_request())) + @override_settings(ADVANCED_CSP_REPORT_ONLY={'script-src': ['self']}) def test_override_csp_to_report_explicit(self): @self.decorator_factory() @@ -232,7 +254,7 @@ class TestMiddleware(SimpleTestCase): response = view(self.get_request()) self.assertEqual(response['Content-Security-Policy-Report-Only'], "script-src 'none'") - self.assertTrue('Content-Security-Policy' not in response) + self.assertFalse('Content-Security-Policy' in response) @override_settings(ADVANCED_CSP_REPORT_ONLY={'script-src': ['self']}) def test_override_csp_report_only_explicit(self): @@ -244,4 +266,4 @@ class TestMiddleware(SimpleTestCase): response = view(self.get_request()) self.assertEqual(response['Content-Security-Policy-Report-Only'], "script-src 'none'") - self.assertTrue('Content-Security-Policy' not in response) + self.assertFalse('Content-Security-Policy' in response) diff --git a/csp_advanced/utils.py b/csp_advanced/utils.py index ae04f4f..b7fd511 100644 --- a/csp_advanced/utils.py +++ b/csp_advanced/utils.py @@ -27,15 +27,9 @@ def merge_csp_dict(template, override): continue orig = result[key] if isinstance(orig, list): - if orig == template[key]: - result[key] = orig + list(value) - else: - orig += value + result[key] = orig + list(value) elif isinstance(orig, set): - if orig == template[key]: - result[key] = orig.union(value) - else: - orig.update(value) + result[key] = orig.union(value) elif isinstance(orig, tuple): result[key] = orig + tuple(value) else: