Implement anti csrf measures

This is done by using the "samesite" cookie attribute.
author: xXx-caillou-xXx 2017-11-24 14:03:37 +0100
committer: jvoisin 2017-11-24 14:03:37 +0100
commit: 5a224ee0c92d1639395d6a0c629316ae64226125 (patch)
tree: 8925d27e2bbfa877e9fb1fc20868fbef3d009b04 /src/tests/config
parent: 79304a29661476dc75bba07c5a83133122bbcb5c (diff)
12 files changed, 16 insertions, 9 deletions
diff --git a/src/tests/config/broken_conf_cookie_action.ini b/src/tests/config/broken_conf_cookie_action.ini
new file mode 100644
index 0000000..5f07c28
--- /dev/null
+++ b/src/tests/config/broken_conf_cookie_action.ini
@@ -0,0 +1 @@
+sp.cookie.name("my_cookie_name");
diff --git a/src/tests/config/broken_conf_cookie_samesite.ini b/src/tests/config/broken_conf_cookie_samesite.ini
new file mode 100644
index 0000000..acc4aa0
--- /dev/null
+++ b/src/tests/config/broken_conf_cookie_samesite.ini
@@ -0,0 +1 @@
+sp.cookie.name("my_cookie_name").samesite("nop");
diff --git a/src/tests/config/broken_conf_line_empty_string.ini b/src/tests/config/broken_conf_line_empty_string.ini
index c130384..dfa5520 100644
--- a/src/tests/config/broken_conf_line_empty_string.ini
+++ b/src/tests/config/broken_conf_line_empty_string.ini
@@ -1 +1 @@
-sp.cookie_encryption.cookie(
+sp.cookie.name(
diff --git a/src/tests/config/broken_conf_line_no_closing.ini b/src/tests/config/broken_conf_line_no_closing.ini
index 24dc3f0..6a8c922 100644
--- a/src/tests/config/broken_conf_line_no_closing.ini
+++ b/src/tests/config/broken_conf_line_no_closing.ini
@@ -1 +1 @@
-sp.cookie_encryption.cookie("123"
+sp.cookie.name("123"
diff --git a/src/tests/config/broken_conf_lots_of_quotes.ini b/src/tests/config/broken_conf_lots_of_quotes.ini
index 310bce5..189a10d 100644
--- a/src/tests/config/broken_conf_lots_of_quotes.ini
+++ b/src/tests/config/broken_conf_lots_of_quotes.ini
@@ -1 +1 @@
-sp.cookie_encryption.cookie("this\"is a weird\"\"\"cookie\"name"");
+sp.cookie.name("this\"is a weird\"\"\"cookie\"name"");
diff --git a/src/tests/config/broken_conf_wrong_quotes.ini b/src/tests/config/broken_conf_wrong_quotes.ini
index 1c13e96..ff41f93 100644
--- a/src/tests/config/broken_conf_wrong_quotes.ini
+++ b/src/tests/config/broken_conf_wrong_quotes.ini
@@ -1 +1 @@
-sp.cookie_encryption.cookie("\)
+sp.cookie.name("\)
diff --git a/src/tests/config/config_encrypted_cookies.ini b/src/tests/config/config_encrypted_cookies.ini
index 977d27f..4b50440 100644
--- a/src/tests/config/config_encrypted_cookies.ini
+++ b/src/tests/config/config_encrypted_cookies.ini
@@ -1,3 +1,3 @@
 sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
-sp.cookie_encryption.cookie("super_cookie");
+sp.cookie.name("super_cookie").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/config/config_encrypted_cookies_empty_env.ini b/src/tests/config/config_encrypted_cookies_empty_env.ini
index ac1f840..8c7c779 100644
--- a/src/tests/config/config_encrypted_cookies_empty_env.ini
+++ b/src/tests/config/config_encrypted_cookies_empty_env.ini
@@ -1,2 +1,2 @@
 sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
-sp.cookie_encryption.cookie("super_cookie");
+sp.cookie.name("super_cookie").encrypt();
diff --git a/src/tests/config/config_encrypted_cookies_noname.ini b/src/tests/config/config_encrypted_cookies_noname.ini
index 27773e3..048e404 100644
--- a/src/tests/config/config_encrypted_cookies_noname.ini
+++ b/src/tests/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
 sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
-sp.cookie_encryption.cookie("");
+sp.cookie.name("").encrypt();
 sp.auto_cookie_secure.enable();
diff --git a/src/tests/config/config_samesite_cookies.ini b/src/tests/config/config_samesite_cookies.ini
new file mode 100644
index 0000000..9fb5f25
--- /dev/null
+++ b/src/tests/config/config_samesite_cookies.ini
@@ -0,0 +1,5 @@
+sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.cookie.name("super_cookie").samesite("Lax");
+sp.cookie.name("awful_cookie").samesite("strict").encrypt();
+sp.cookie.name("nice_cookie").samesite("STRICT");
+sp.auto_cookie_secure.enable();
diff --git a/src/tests/config/encrypt_cookies_no_env.ini b/src/tests/config/encrypt_cookies_no_env.ini
index 9e1c025..845bd02 100644
--- a/src/tests/config/encrypt_cookies_no_env.ini
+++ b/src/tests/config/encrypt_cookies_no_env.ini
@@ -1,2 +1,2 @@
 sp.global.secret_key("abcdef");
-sp.cookie_encryption.cookie("super_cookie");
+sp.cookie.name("super_cookie").encrypt();
diff --git a/src/tests/config/encrypt_cookies_no_key.ini b/src/tests/config/encrypt_cookies_no_key.ini
index 1b5cf83..a585e12 100644
--- a/src/tests/config/encrypt_cookies_no_key.ini
+++ b/src/tests/config/encrypt_cookies_no_key.ini
@@ -1,2 +1,2 @@
 sp.global.cookie_env_var("TEST");
-sp.cookie_encryption.cookie("super_cookie");
+sp.cookie.name("super_cookie").encrypt();
author	xXx-caillou-xXx	2017-11-24 14:03:37 +0100
committer	jvoisin	2017-11-24 14:03:37 +0100
commit	5a224ee0c92d1639395d6a0c629316ae64226125 (patch)
tree	8925d27e2bbfa877e9fb1fc20868fbef3d009b04 /src/tests/config
parent	79304a29661476dc75bba07c5a83133122bbcb5c (diff)

diff --git a/src/tests/config/broken_conf_cookie_action.ini b/src/tests/config/broken_conf_cookie_action.ini new file mode 100644 index 0000000..5f07c28 --- /dev/null +++ b/src/tests/config/broken_conf_cookie_action.ini
@@ -0,0 +1 @@
			sp.cookie.name("my_cookie_name");


diff --git a/src/tests/config/broken_conf_cookie_samesite.ini b/src/tests/config/broken_conf_cookie_samesite.ini new file mode 100644 index 0000000..acc4aa0 --- /dev/null +++ b/src/tests/config/broken_conf_cookie_samesite.ini
@@ -0,0 +1 @@
			sp.cookie.name("my_cookie_name").samesite("nop");


diff --git a/src/tests/config/broken_conf_line_empty_string.ini b/src/tests/config/broken_conf_line_empty_string.ini index c130384..dfa5520 100644 --- a/src/tests/config/broken_conf_line_empty_string.ini +++ b/src/tests/config/broken_conf_line_empty_string.ini
@@ -1 +1 @@
	sp.cookie_encryption.cookie(		sp.cookie.name(


diff --git a/src/tests/config/broken_conf_line_no_closing.ini b/src/tests/config/broken_conf_line_no_closing.ini index 24dc3f0..6a8c922 100644 --- a/src/tests/config/broken_conf_line_no_closing.ini +++ b/src/tests/config/broken_conf_line_no_closing.ini
@@ -1 +1 @@
	sp.cookie_encryption.cookie("123"		sp.cookie.name("123"


diff --git a/src/tests/config/broken_conf_lots_of_quotes.ini b/src/tests/config/broken_conf_lots_of_quotes.ini index 310bce5..189a10d 100644 --- a/src/tests/config/broken_conf_lots_of_quotes.ini +++ b/src/tests/config/broken_conf_lots_of_quotes.ini
@@ -1 +1 @@
	sp.cookie_encryption.cookie("this\"is a weird\"\"\"cookie\"name"");		sp.cookie.name("this\"is a weird\"\"\"cookie\"name"");


diff --git a/src/tests/config/broken_conf_wrong_quotes.ini b/src/tests/config/broken_conf_wrong_quotes.ini index 1c13e96..ff41f93 100644 --- a/src/tests/config/broken_conf_wrong_quotes.ini +++ b/src/tests/config/broken_conf_wrong_quotes.ini
@@ -1 +1 @@
	sp.cookie_encryption.cookie("\)		sp.cookie.name("\)


diff --git a/src/tests/config/config_encrypted_cookies.ini b/src/tests/config/config_encrypted_cookies.ini index 977d27f..4b50440 100644 --- a/src/tests/config/config_encrypted_cookies.ini +++ b/src/tests/config/config_encrypted_cookies.ini
@@ -1,3 +1,3 @@
1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");	1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
2	sp.cookie_encryption.cookie("super_cookie");	2	sp.cookie.name("super_cookie").encrypt();
3	sp.auto_cookie_secure.enable();	3	sp.auto_cookie_secure.enable();


diff --git a/src/tests/config/config_encrypted_cookies_empty_env.ini b/src/tests/config/config_encrypted_cookies_empty_env.ini index ac1f840..8c7c779 100644 --- a/src/tests/config/config_encrypted_cookies_empty_env.ini +++ b/src/tests/config/config_encrypted_cookies_empty_env.ini
@@ -1,2 +1,2 @@
1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");	1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
2	sp.cookie_encryption.cookie("super_cookie");	2	sp.cookie.name("super_cookie").encrypt();


diff --git a/src/tests/config/config_encrypted_cookies_noname.ini b/src/tests/config/config_encrypted_cookies_noname.ini index 27773e3..048e404 100644 --- a/src/tests/config/config_encrypted_cookies_noname.ini +++ b/src/tests/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");	1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
2	sp.cookie_encryption.cookie("");	2	sp.cookie.name("").encrypt();
3	sp.auto_cookie_secure.enable();	3	sp.auto_cookie_secure.enable();


diff --git a/src/tests/config/config_samesite_cookies.ini b/src/tests/config/config_samesite_cookies.ini new file mode 100644 index 0000000..9fb5f25 --- /dev/null +++ b/src/tests/config/config_samesite_cookies.ini
@@ -0,0 +1,5 @@
		1	sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
		2	sp.cookie.name("super_cookie").samesite("Lax");
		3	sp.cookie.name("awful_cookie").samesite("strict").encrypt();
		4	sp.cookie.name("nice_cookie").samesite("STRICT");
		5	sp.auto_cookie_secure.enable();


diff --git a/src/tests/config/encrypt_cookies_no_env.ini b/src/tests/config/encrypt_cookies_no_env.ini index 9e1c025..845bd02 100644 --- a/src/tests/config/encrypt_cookies_no_env.ini +++ b/src/tests/config/encrypt_cookies_no_env.ini
@@ -1,2 +1,2 @@
1	sp.global.secret_key("abcdef");	1	sp.global.secret_key("abcdef");
2	sp.cookie_encryption.cookie("super_cookie");	2	sp.cookie.name("super_cookie").encrypt();


diff --git a/src/tests/config/encrypt_cookies_no_key.ini b/src/tests/config/encrypt_cookies_no_key.ini index 1b5cf83..a585e12 100644 --- a/src/tests/config/encrypt_cookies_no_key.ini +++ b/src/tests/config/encrypt_cookies_no_key.ini
@@ -1,2 +1,2 @@
1	sp.global.cookie_env_var("TEST");	1	sp.global.cookie_env_var("TEST");
2	sp.cookie_encryption.cookie("super_cookie");	2	sp.cookie.name("super_cookie").encrypt();