-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCspValidationDemo.cs
More file actions
122 lines (114 loc) · 4.01 KB
/
CspValidationDemo.cs
File metadata and controls
122 lines (114 loc) · 4.01 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
using EasyAppDev.Blazor.PageCache.Configuration;
namespace EasyAppDev.Blazor.PageCache.Demo;
/// <summary>
/// Demonstrates CSP validation in action.
/// </summary>
public class CspValidationDemo
{
public static void Main()
{
var validator = new PageCacheOptionsValidator();
Console.WriteLine("=== CSP Configuration Validation Demo ===\n");
// Test 1: CSP enabled but no policy
Console.WriteLine("Test 1: CSP enabled but no policy provided");
var options1 = new PageCacheOptions
{
Security = new SecurityOptions
{
EnableContentSecurityPolicy = true,
ContentSecurityPolicy = null
}
};
var result1 = validator.Validate(null, options1);
Console.WriteLine($"Result: {(result1.Succeeded ? "SUCCESS" : "FAILED")}");
if (result1.Failed)
{
foreach (var failure in result1.Failures)
{
Console.WriteLine($" - {failure}");
}
}
Console.WriteLine();
// Test 2: Valid CSP policy
Console.WriteLine("Test 2: Valid CSP policy");
var options2 = new PageCacheOptions
{
Security = new SecurityOptions
{
EnableContentSecurityPolicy = true,
ContentSecurityPolicy = "default-src 'self'; script-src 'self' https://cdn.example.com;"
}
};
var result2 = validator.Validate(null, options2);
Console.WriteLine($"Result: {(result2.Succeeded ? "SUCCESS" : "FAILED")}");
if (result2.Failed)
{
foreach (var failure in result2.Failures)
{
Console.WriteLine($" - {failure}");
}
}
Console.WriteLine();
// Test 3: CSP with security warnings
Console.WriteLine("Test 3: CSP with unsafe-inline and unsafe-eval (warnings expected)");
var options3 = new PageCacheOptions
{
Security = new SecurityOptions
{
EnableContentSecurityPolicy = true,
ContentSecurityPolicy = "script-src 'self' 'unsafe-inline' 'unsafe-eval'",
CspReportOnlyMode = true
}
};
var result3 = validator.Validate(null, options3);
Console.WriteLine($"Result: {(result3.Succeeded ? "SUCCESS" : "FAILED")}");
if (result3.Failed)
{
foreach (var failure in result3.Failures)
{
Console.WriteLine($" - {failure}");
}
}
Console.WriteLine();
// Test 4: CSP with wildcard
Console.WriteLine("Test 4: CSP with wildcard in script-src (warning expected)");
var options4 = new PageCacheOptions
{
Security = new SecurityOptions
{
EnableContentSecurityPolicy = true,
ContentSecurityPolicy = "default-src 'self'; script-src *;"
}
};
var result4 = validator.Validate(null, options4);
Console.WriteLine($"Result: {(result4.Succeeded ? "SUCCESS" : "FAILED")}");
if (result4.Failed)
{
foreach (var failure in result4.Failures)
{
Console.WriteLine($" - {failure}");
}
}
Console.WriteLine();
// Test 5: CSP exceeding max length
Console.WriteLine("Test 5: CSP exceeding maximum length");
var longPolicy = new string('a', 5000);
var options5 = new PageCacheOptions
{
Security = new SecurityOptions
{
EnableContentSecurityPolicy = true,
ContentSecurityPolicy = longPolicy
}
};
var result5 = validator.Validate(null, options5);
Console.WriteLine($"Result: {(result5.Succeeded ? "SUCCESS" : "FAILED")}");
if (result5.Failed)
{
foreach (var failure in result5.Failures)
{
Console.WriteLine($" - {failure}");
}
}
}
}