2 // System.Web.HttpRequestTest.cs - Unit tests for System.Web.HttpRequest
5 // Sebastien Pouliot <sebastien@ximian.com>
7 // Copyright (C) 2005 Novell, Inc (http://www.novell.com)
9 // Permission is hereby granted, free of charge, to any person obtaining
10 // a copy of this software and associated documentation files (the
11 // "Software"), to deal in the Software without restriction, including
12 // without limitation the rights to use, copy, modify, merge, publish,
13 // distribute, sublicense, and/or sell copies of the Software, and to
14 // permit persons to whom the Software is furnished to do so, subject to
15 // the following conditions:
17 // The above copyright notice and this permission notice shall be
18 // included in all copies or substantial portions of the Software.
20 // THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
21 // EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
22 // MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND
23 // NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE
24 // LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION
25 // OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION
26 // WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE.
32 using NUnit.Framework;
34 namespace MonoTests.System.Web {
37 public class HttpRequestTest {
41 [ExpectedException (typeof (HttpRequestValidationException))]
42 public void ValidateInput_XSS ()
44 string problem = "http://server.com/attack2.aspx?test=<script>alert('vulnerability')</script>";
45 string decoded = HttpUtility.UrlDecode (problem);
46 int n = decoded.IndexOf ('?');
47 HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
48 request.ValidateInput ();
49 // the next statement throws
50 Assert.AreEqual ("<script>alert('vulnerability')</script>", request.QueryString ["test"], "QueryString");
54 // * this is to avoid a regression that would cause Mono to
55 // fail again on item #2 of the XSS vulnerabilities listed at:
56 // http://it-project.ru/andir/docs/aspxvuln/aspxvuln.en.xml
57 // * The author notes that Microsoft has decided not to fix
58 // this issue (hence the NotDotNet category).
61 [Category ("NotDotNet")]
62 [ExpectedException (typeof (HttpRequestValidationException))]
63 public void ValidateInput_XSS_Unicode ()
65 string problem = "http://server.com/attack2.aspx?test=%uff1cscript%uff1ealert('vulnerability')%uff1c/script%uff1e";
66 string decoded = HttpUtility.UrlDecode (problem);
67 int n = decoded.IndexOf ('?');
68 HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
69 request.ValidateInput ();
70 // the next statement throws
71 Assert.AreEqual ("\xff1cscript\xff1ealert('vulnerability')\xff1c/script\xff1e", request.QueryString ["test"], "QueryString");
74 // This has affected ASP.NET 1.1 but it seems fixed now
75 // http://secunia.com/advisories/9716/
76 // http://weblogs.asp.net/kaevans/archive/2003/11/12/37169.aspx
78 [ExpectedException (typeof (HttpRequestValidationException))]
79 public void ValidateInput_XSS_Null ()
81 string problem = "http://secunia.com/?test=<%00SCRIPT>alert(document.cookie)</SCRIPT>";
82 string decoded = HttpUtility.UrlDecode (problem);
83 int n = decoded.IndexOf ('?');
84 HttpRequest request = new HttpRequest (null, decoded.Substring (0,n), decoded.Substring (n+1));
85 request.ValidateInput ();
86 // the next statement throws
87 Assert.AreEqual ("<SCRIPT>alert(document.cookie)</SCRIPT>", request.QueryString ["test"], "QueryString");