-
-
Save gsuttie/356ef60626f37e39e82a to your computer and use it in GitHub Desktop.
ldap tests
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
using System; | |
using System.Collections.Generic; | |
using System.Linq; | |
using System.Text; | |
using System.Threading.Tasks; | |
using NUnit.Framework; | |
namespace Ldap.Tests | |
{ | |
//https://searchcode.com/codesearch/view/11311613/ | |
//AntiXSS /trunk/Microsoft.Security.Application.Encoder.UnitTests/LdapTests.cs | |
//add antixss from nuget | |
[TestFixture] | |
public class ldapTests | |
{ | |
/// <summary> | |
/// Tests that passing a null to filter encoding should return a null. | |
/// </summary> | |
[Test] | |
public void PassingANullToFilterEncodeShouldReturnANull() | |
{ | |
const string Target = null; | |
const string Expected = null; | |
//string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests that passing an empty string to filter encoding should return an empty string. | |
/// </summary> | |
[Test] | |
public void PassingAnEmptyStringToFilterEncodeShouldReturnAnEmptyString() | |
{ | |
string target = string.Empty; | |
string expected = string.Empty; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target); | |
Assert.AreEqual(expected, actual); | |
} | |
/// <summary> | |
/// Tests the encoding of RFC4515 parenthesis example. | |
/// </summary> | |
[Test] | |
public void FilterEncodingShouldEncodeParenthesis() | |
{ | |
const string Target = @"Parens R Us (for all your parenthetical needs)"; | |
const string Expected = @"Parens R Us \28for all your parenthetical needs\29"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the encoding of RFC4515 asterisk example. | |
/// </summary> | |
[Test] | |
public void FilterEncodingShouldEncodeAsterisks() | |
{ | |
const string Target = @"*"; | |
const string Expected = @"\2a"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the encoding of RFC4515 backslash example. | |
/// </summary> | |
[Test] | |
public void FilterEncodingShouldEncodeBackslashes() | |
{ | |
const string Target = @"C:\MyFile"; | |
const string Expected = @"C:\5cMyFile"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the encoding of RFC4515 binary example. | |
/// </summary> | |
[Test] | |
public void FilterEncodingShouldEncodeBinary() | |
{ | |
char[] binaryData = new[] { '\u0000', '\u0000', '\u0000', '\u0004' }; | |
string target = new string(binaryData); | |
const string Expected = @"\00\00\00\04"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the encoding of RFC4515 accented example. | |
/// </summary> | |
[Test] | |
public void FilterEncodingShouldEncodeAccentedCharacters() | |
{ | |
const string Target = @"Lu?i?"; | |
const string Expected = @"Lu\c4\8di\c4\87"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the null non-printable character is encoded correctly in filter encoding. | |
/// </summary> | |
[Test] | |
public void FilterNullCharactersShouldBeHashThenHexEncoded() | |
{ | |
const string Target = "\u0000"; | |
const string Expected = @"\00"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the null non-printable character is encoded correctly in DN encoding. | |
/// </summary> | |
[Test] | |
public void FilterDelCharactersShouldBeHashThenHexEncoded() | |
{ | |
const string Target = "\u007f"; | |
const string Expected = @"\7f"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Checks the characters on http://projects.webappsec.org/LDAP-Injection are all escaped during filter encoding. | |
/// </summary> | |
[Test] | |
public void PassingAnUnsafeCharacterToFilterEncodeShouldNotReturnTheCharacter() | |
{ | |
string[] targetArray = new[] { "\u0000", "(", ")", "\\", "*", "/" }; | |
foreach (string target in targetArray) | |
{ | |
string notExpected = target; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target); | |
Assert.AreNotEqual(notExpected, actual); | |
} | |
} | |
/// <summary> | |
/// Tests that passing a null to DN encoding should return a null. | |
/// </summary> | |
[Test] | |
public void PassingANullToDistinguisedNameEncodeShouldReturnANull() | |
{ | |
const string Target = null; | |
const string Expected = null; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests that passing an empty string to DN encoding should return an empty string. | |
/// </summary> | |
[Test] | |
public void PassingAnEmptyStringToDistinguisedNameEncodeShouldReturnAnEmptyString() | |
{ | |
string target = string.Empty; | |
string expected = string.Empty; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target); | |
Assert.AreEqual(expected, actual); | |
} | |
/// <summary> | |
/// Tests that passing the always encoded values to DN encoding returns their slash escaped value. | |
/// </summary> | |
[Test] | |
public void PassingAnAlwaysEncodedValueToDistinguishedNameEncodeShouldReturnTheirSlashEscapedValue() | |
{ | |
const string Target = ",+\"\\<>;"; | |
const string Expected = "\\,\\+\\\"\\\\\\<\\>\\;"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Checks the characters on http://projects.webappsec.org/LDAP-Injection are all escaped during DN encoding. | |
/// </summary> | |
[Test] | |
public void PassingAnUnsafeCharacterToDistinguishedNameEncodeShouldNotReturnTheCharacter() | |
{ | |
string[] targetArray = new[] { "&", "!", "|", "=", "<", ">", ",", "+", "-", "\"", "'", ";" }; | |
foreach (string target in targetArray) | |
{ | |
string notExpected = target; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target); | |
Assert.AreNotEqual(notExpected, actual); | |
} | |
} | |
/// <summary> | |
/// Test that spaces at the start of a string get escaped properly. | |
/// </summary> | |
[Test] | |
public void PassingASpaceAtTheBeginningOfAStringToDistinguishedNameEncodeMustEscapeTheSpace() | |
{ | |
const string Target = " abcdef"; | |
const string Expected = "\\ abcdef"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Test that spaces at the end of a string get escaped properly. | |
/// </summary> | |
[Test] | |
public void PassingASpaceAtTheEndOfAStringToDistinguishedNameEncodeMustEscapeTheSpace() | |
{ | |
const string Target = "abcdef "; | |
const string Expected = "abcdef \\ "; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Test that a single space input does not trigger both start and finish escaping, but returns a single escaped space. | |
/// </summary> | |
[Test] | |
public void PassingASingleSpaceStringShouldReturnASingleEscapedString() | |
{ | |
const string Target = " "; | |
const string Expected = "\\ "; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Test that hashes at the start of a string get escaped properly. | |
/// </summary> | |
[Test] | |
public void PassingAHashAtTheBeginningOfAStringToDistinguishedNameEncodeMustEscapeTheHash() | |
{ | |
const string Target = "##abcdef"; | |
const string Expected = "\\##abcdef"; | |
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests that the override of initial character handling works with hashes. | |
/// </summary> | |
[Test] | |
public void PassingAHashAtTheBeginningOfAStringToDistinguishedNameEncodeButOverridingTheInitialRulesDoesNotEncodeTheHash() | |
{ | |
const string Target = "##abcdef"; | |
const string Expected = "##abcdef"; | |
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, false, true); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests that the override of initial character handling works with space. | |
/// </summary> | |
[Test] | |
public void PassingASpaceAtTheBeginningOfAStringToDistinguishedNameEncodeButOverridingTheInitialRulesDoesNotEncodeTheSpace() | |
{ | |
const string Target = " abcdef"; | |
const string Expected = " abcdef"; | |
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, false, true); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests that the override of final character handling works with hashes. | |
/// </summary> | |
[Test] | |
public void PassingASpaceAtTheEndOfAStringToDistinguishedNameEncodeButOverridingTheFinalRuleDoesNotEncodeTheSpace() | |
{ | |
const string Target = "abcdef# "; | |
const string Expected = "abcdef# "; | |
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, true, false); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the null non-printable character is encoded correctly in DN encoding. | |
/// </summary> | |
[Test] | |
public void DistinguishedNameNullCharactersShouldBeHashThenHexEncoded() | |
{ | |
const string Target = "\u0000"; | |
const string Expected = "#00"; | |
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, true, false); | |
Assert.AreEqual(Expected, actual); | |
} | |
/// <summary> | |
/// Tests the null non-printable character is encoded correctly in DN encoding. | |
/// </summary> | |
[Test] | |
public void DistinguishedNameDelCharactersShouldBeHashThenHexEncoded() | |
{ | |
const string Target = "\u007F"; | |
const string Expected = "#7F"; | |
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, true, false); | |
Assert.AreEqual(Expected, actual); | |
} | |
} | |
} |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment