darkhelm/notifications-admin
1
0
Fork 0
mirror of https://github.com/GSA/notifications-admin.git synced 2025-12-08 14:14:27 -05:00
Code Issues Packages Projects Releases Wiki Activity

testing fixed

Browse Source
This commit is contained in:
Beverly Nguyen
2025-04-29 15:41:06 -07:00
parent 69ae1ea0e1
commit e6b76486f4
2 changed files with 15 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
pytest.ini
View File

@@ -5,7 +5,7 @@ log_level = 999
env =
NOTIFY_ENVIRONMENT=test
ADMIN_CLIENT_SECRET=dev-notify-secret-key
API_HOST_NAME=test
API_HOST_NAME=http://you-forgot-to-mock-an-api-call-to
DANGEROUS_SALT=dev-notify-salt
SECRET_KEY=dev-notify-secret-key
ZENDESK_API_KEY=test

17
tests/app/main/views/test_headers.py
View File

@@ -1,5 +1,5 @@
from re import search
from flask import current_app
def test_owasp_useful_headers_set(
client_request,
@@ -26,9 +26,20 @@ def test_owasp_useful_headers_set(
)
assert search(r"'nonce-[^']+';", csp)
assert search(
r"connect-src 'self' https:\/\/gov-bam\.nr-data\.net https:\/\/www\.google-analytics\."
r"com http:\/\/localhost:6011 ws:\/\/localhost:6011;",
r"connect-src 'self' https:\/\/gov-bam\.nr-data\.net https:\/\/www\.google-analytics\.",
csp,
)
assert search(r"style-src 'self' static\.example\.com 'nonce-.*';", csp)
assert search(r"img-src 'self' static\.example\.com static-logos\.test\.com", csp)
api_host_name = current_app.config.get("API_HOST_NAME")
assert api_host_name is not None, f"API_HOST_NAME: {api_host_name} — is missing"
assert api_host_name in csp
if api_host_name.startswith("http://"):
assert api_host_name.replace("http://", "ws://") in csp
elif api_host_name.startswith("https://"):
assert api_host_name.replace("https://", "wss://") in csp
else:
raise AssertionError(
f"Unexpected API_HOST_NAME format: {api_host_name} — must start with 'http://' or 'https://'"
)