-
-
Notifications
You must be signed in to change notification settings - Fork 52
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #510 from MasoniteFramework/develop
Next Minor
- Loading branch information
Showing
14 changed files
with
143 additions
and
14 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,6 +1,6 @@ | ||
from .static import static | ||
from .password import password | ||
from .validator import validate | ||
from .misc import random_string, dot | ||
from .misc import random_string, dot, clean_request_input | ||
from .Extendable import Extendable | ||
from .time import cookie_expire_time |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,3 @@ | ||
"""Module for specifying the Masonite version in a central location.""" | ||
|
||
VERSION = '2.1.2' | ||
VERSION = '2.1.3' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,42 @@ | ||
"""SecureHeaders Middleware.""" | ||
|
||
from masonite.request import Request | ||
|
||
|
||
class SecureHeadersMiddleware: | ||
"""SecureHeaders Middleware.""" | ||
|
||
def __init__(self, request: Request): | ||
"""Inject Any Dependencies From The Service Container. | ||
Arguments: | ||
Request {masonite.request.Request} -- The Masonite request object | ||
""" | ||
self.request = request | ||
self.headers = { | ||
'Strict-Transport-Security': 'max-age=63072000; includeSubdomains', | ||
'X-Frame-Options': 'SAMEORIGIN', | ||
'X-XSS-Protection': '1; mode=block', | ||
'X-Content-Type-Options': 'nosniff', | ||
'Referrer-Policy': 'no-referrer, strict-origin-when-cross-origin', | ||
'Cache-control': 'no-cache, no-store, must-revalidate', | ||
'Pragma': 'no-cache', | ||
} | ||
|
||
def before(self): | ||
"""Run This Middleware Before The Route Executes. | ||
""" | ||
pass | ||
|
||
def after(self): | ||
"""Run This Middleware After The Route Executes. | ||
""" | ||
from config import middleware | ||
|
||
try: | ||
# Try importing secure headers if they exist in the config file | ||
self.headers.update(middleware.SECURE_HEADERS) | ||
except AttributeError: | ||
pass | ||
|
||
self.request.header(self.headers) |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -1,3 +1,4 @@ | ||
from .CsrfMiddleware import CsrfMiddleware | ||
from .MaintenanceModeMiddleware import MaintenanceModeMiddleware | ||
from .ResponseMiddleware import ResponseMiddleware | ||
from .SecureHeadersMiddleware import SecureHeadersMiddleware |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,19 @@ | ||
from masonite.helpers import clean_request_input | ||
|
||
class TestCleanRequestInput: | ||
|
||
def test_can_clean_string(self): | ||
assert clean_request_input('<img """><script>alert(\'hey\')</script>">') == '<img """><script>alert('hey')</script>">' | ||
|
||
def test_can_clean_list(self): | ||
assert clean_request_input( | ||
['<img """><script>alert(\'hey\')</script>">', '<img """><script>alert(\'hey\')</script>">'] | ||
) == [ | ||
'<img """><script>alert('hey')</script>">', | ||
'<img """><script>alert('hey')</script>">' | ||
] | ||
|
||
def test_can_clean_dictionary(self): | ||
assert clean_request_input( | ||
{'key': '<img """><script>alert(\'hey\')</script>">'} | ||
) == {'key': '<img """><script>alert('hey')</script>">'} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,29 @@ | ||
""" Test Maintenance Mode Midddleware """ | ||
import os | ||
|
||
from masonite.app import App | ||
from masonite.request import Request | ||
from masonite.middleware import SecureHeadersMiddleware | ||
from masonite.testsuite import generate_wsgi, TestSuite | ||
|
||
from config import middleware | ||
|
||
|
||
class TestSecureHeadersMiddleware: | ||
|
||
def setup_method(self): | ||
self.request = Request(generate_wsgi()) | ||
self.middleware = SecureHeadersMiddleware(self.request) | ||
self.app = TestSuite().create_container().container | ||
self.app.bind('Request', self.request.load_app(self.app)) | ||
self.request = self.app.make('Request') | ||
|
||
def test_secure_headers_middleware(self): | ||
self.middleware.after() | ||
assert self.request.header('Strict-Transport-Security') == 'max-age=63072000; includeSubdomains' | ||
assert self.request.header('X-Frame-Options') == 'SAMEORIGIN' | ||
|
||
def test_secure_headers_gets_middleware_from_the_config(self): | ||
self.request = self.app.make('Request') | ||
self.middleware.after() | ||
assert self.request.header('X-Content-Type-Options') == 'sniff-test' |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters