Skip to content

Instantly share code, notes, and snippets.

@gsuttie

gsuttie/ldap

Created September 15, 2015 19:59
Show Gist options
  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
  • Save gsuttie/356ef60626f37e39e82a to your computer and use it in GitHub Desktop.
Save gsuttie/356ef60626f37e39e82a to your computer and use it in GitHub Desktop.
Download ZIP
ldap tests
Raw
ldap
using System;
using System.Collections.Generic;
using System.Linq;
using System.Text;
using System.Threading.Tasks;
using NUnit.Framework;
namespace Ldap.Tests
{
//https://searchcode.com/codesearch/view/11311613/
//AntiXSS /trunk/Microsoft.Security.Application.Encoder.UnitTests/LdapTests.cs
//add antixss from nuget
[TestFixture]
public class ldapTests
{
/// <summary>
/// Tests that passing a null to filter encoding should return a null.
/// </summary>
[Test]
public void PassingANullToFilterEncodeShouldReturnANull()
{
const string Target = null;
const string Expected = null;
//string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests that passing an empty string to filter encoding should return an empty string.
/// </summary>
[Test]
public void PassingAnEmptyStringToFilterEncodeShouldReturnAnEmptyString()
{
string target = string.Empty;
string expected = string.Empty;
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target);
Assert.AreEqual(expected, actual);
}
/// <summary>
/// Tests the encoding of RFC4515 parenthesis example.
/// </summary>
[Test]
public void FilterEncodingShouldEncodeParenthesis()
{
const string Target = @"Parens R Us (for all your parenthetical needs)";
const string Expected = @"Parens R Us \28for all your parenthetical needs\29";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the encoding of RFC4515 asterisk example.
/// </summary>
[Test]
public void FilterEncodingShouldEncodeAsterisks()
{
const string Target = @"*";
const string Expected = @"\2a";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the encoding of RFC4515 backslash example.
/// </summary>
[Test]
public void FilterEncodingShouldEncodeBackslashes()
{
const string Target = @"C:\MyFile";
const string Expected = @"C:\5cMyFile";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the encoding of RFC4515 binary example.
/// </summary>
[Test]
public void FilterEncodingShouldEncodeBinary()
{
char[] binaryData = new[] { '\u0000', '\u0000', '\u0000', '\u0004' };
string target = new string(binaryData);
const string Expected = @"\00\00\00\04";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the encoding of RFC4515 accented example.
/// </summary>
[Test]
public void FilterEncodingShouldEncodeAccentedCharacters()
{
const string Target = @"Lu?i?";
const string Expected = @"Lu\c4\8di\c4\87";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the null non-printable character is encoded correctly in filter encoding.
/// </summary>
[Test]
public void FilterNullCharactersShouldBeHashThenHexEncoded()
{
const string Target = "\u0000";
const string Expected = @"\00";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the null non-printable character is encoded correctly in DN encoding.
/// </summary>
[Test]
public void FilterDelCharactersShouldBeHashThenHexEncoded()
{
const string Target = "\u007f";
const string Expected = @"\7f";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Checks the characters on http://projects.webappsec.org/LDAP-Injection are all escaped during filter encoding.
/// </summary>
[Test]
public void PassingAnUnsafeCharacterToFilterEncodeShouldNotReturnTheCharacter()
{
string[] targetArray = new[] { "\u0000", "(", ")", "\\", "*", "/" };
foreach (string target in targetArray)
{
string notExpected = target;
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target);
Assert.AreNotEqual(notExpected, actual);
}
}
/// <summary>
/// Tests that passing a null to DN encoding should return a null.
/// </summary>
[Test]
public void PassingANullToDistinguisedNameEncodeShouldReturnANull()
{
const string Target = null;
const string Expected = null;
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests that passing an empty string to DN encoding should return an empty string.
/// </summary>
[Test]
public void PassingAnEmptyStringToDistinguisedNameEncodeShouldReturnAnEmptyString()
{
string target = string.Empty;
string expected = string.Empty;
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target);
Assert.AreEqual(expected, actual);
}
/// <summary>
/// Tests that passing the always encoded values to DN encoding returns their slash escaped value.
/// </summary>
[Test]
public void PassingAnAlwaysEncodedValueToDistinguishedNameEncodeShouldReturnTheirSlashEscapedValue()
{
const string Target = ",+\"\\<>;";
const string Expected = "\\,\\+\\\"\\\\\\<\\>\\;";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Checks the characters on http://projects.webappsec.org/LDAP-Injection are all escaped during DN encoding.
/// </summary>
[Test]
public void PassingAnUnsafeCharacterToDistinguishedNameEncodeShouldNotReturnTheCharacter()
{
string[] targetArray = new[] { "&", "!", "|", "=", "<", ">", ",", "+", "-", "\"", "'", ";" };
foreach (string target in targetArray)
{
string notExpected = target;
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(target);
Assert.AreNotEqual(notExpected, actual);
}
}
/// <summary>
/// Test that spaces at the start of a string get escaped properly.
/// </summary>
[Test]
public void PassingASpaceAtTheBeginningOfAStringToDistinguishedNameEncodeMustEscapeTheSpace()
{
const string Target = " abcdef";
const string Expected = "\\ abcdef";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Test that spaces at the end of a string get escaped properly.
/// </summary>
[Test]
public void PassingASpaceAtTheEndOfAStringToDistinguishedNameEncodeMustEscapeTheSpace()
{
const string Target = "abcdef ";
const string Expected = "abcdef \\ ";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Test that a single space input does not trigger both start and finish escaping, but returns a single escaped space.
/// </summary>
[Test]
public void PassingASingleSpaceStringShouldReturnASingleEscapedString()
{
const string Target = " ";
const string Expected = "\\ ";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Test that hashes at the start of a string get escaped properly.
/// </summary>
[Test]
public void PassingAHashAtTheBeginningOfAStringToDistinguishedNameEncodeMustEscapeTheHash()
{
const string Target = "##abcdef";
const string Expected = "\\##abcdef";
string actual = Microsoft.Security.Application.Encoder.LdapFilterEncode(Target);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests that the override of initial character handling works with hashes.
/// </summary>
[Test]
public void PassingAHashAtTheBeginningOfAStringToDistinguishedNameEncodeButOverridingTheInitialRulesDoesNotEncodeTheHash()
{
const string Target = "##abcdef";
const string Expected = "##abcdef";
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, false, true);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests that the override of initial character handling works with space.
/// </summary>
[Test]
public void PassingASpaceAtTheBeginningOfAStringToDistinguishedNameEncodeButOverridingTheInitialRulesDoesNotEncodeTheSpace()
{
const string Target = " abcdef";
const string Expected = " abcdef";
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, false, true);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests that the override of final character handling works with hashes.
/// </summary>
[Test]
public void PassingASpaceAtTheEndOfAStringToDistinguishedNameEncodeButOverridingTheFinalRuleDoesNotEncodeTheSpace()
{
const string Target = "abcdef# ";
const string Expected = "abcdef# ";
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, true, false);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the null non-printable character is encoded correctly in DN encoding.
/// </summary>
[Test]
public void DistinguishedNameNullCharactersShouldBeHashThenHexEncoded()
{
const string Target = "\u0000";
const string Expected = "#00";
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, true, false);
Assert.AreEqual(Expected, actual);
}
/// <summary>
/// Tests the null non-printable character is encoded correctly in DN encoding.
/// </summary>
[Test]
public void DistinguishedNameDelCharactersShouldBeHashThenHexEncoded()
{
const string Target = "\u007F";
const string Expected = "#7F";
string actual = Microsoft.Security.Application.Encoder.LdapDistinguishedNameEncode(Target, true, false);
Assert.AreEqual(Expected, actual);
}
}
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment