mirror of
https://github.com/phpbb/phpbb.git
synced 2025-08-12 03:34:04 +02:00
[develop-olympus] Backported 3.1 unit tests to 3.0.
Start adding unit tests for bugs you fix! Tests for anything are welcome really. We have to work on these a lot.
This commit is contained in:
Nils Adermann
86
tests/security/all_tests.php
Normal file
86
tests/security/all_tests.php
Normal file
@@ -0,0 +1,86 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* @package testing
|
||||
* @copyright (c) 2008 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
*
|
||||
*/
|
||||
|
||||
if (!defined('PHPUnit_MAIN_METHOD'))
|
||||
{
|
||||
define('PHPUnit_MAIN_METHOD', 'phpbb_security_all_tests::main');
|
||||
}
|
||||
|
||||
require_once 'test_framework/framework.php';
|
||||
require_once 'PHPUnit/TextUI/TestRunner.php';
|
||||
|
||||
require_once 'security/extract_current_page.php';
|
||||
require_once 'security/redirect.php';
|
||||
|
||||
class phpbb_security_all_tests extends PHPUnit_Framework_TestSuite
|
||||
{
|
||||
/**
|
||||
* Set up the required user object and server variables for the suites
|
||||
*/
|
||||
protected function setUp()
|
||||
{
|
||||
global $user, $phpbb_root_path;
|
||||
|
||||
// Put this into a global function being run by every test to init a proper user session
|
||||
$_SERVER['HTTP_HOST'] = 'localhost';
|
||||
$_SERVER['SERVER_NAME'] = 'localhost';
|
||||
$_SERVER['SERVER_ADDR'] = '127.0.0.1';
|
||||
$_SERVER['SERVER_PORT'] = 80;
|
||||
$_SERVER['REMOTE_ADDR'] = '127.0.0.1';
|
||||
$_SERVER['QUERY_STRING'] = '';
|
||||
$_SERVER['REQUEST_URI'] = '/tests/';
|
||||
$_SERVER['SCRIPT_NAME'] = '/tests/index.php';
|
||||
$_SERVER['PHP_SELF'] = '/tests/index.php';
|
||||
$_SERVER['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
|
||||
$_SERVER['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
|
||||
|
||||
/*
|
||||
[HTTP_ACCEPT_ENCODING] => gzip,deflate
|
||||
[HTTP_ACCEPT_CHARSET] => ISO-8859-1,utf-8;q=0.7,*;q=0.7
|
||||
DOCUMENT_ROOT] => /var/www/
|
||||
[SCRIPT_FILENAME] => /var/www/tests/index.php
|
||||
*/
|
||||
|
||||
// Set no user and trick a bit to circumvent errors
|
||||
$user = new user();
|
||||
$user->lang = true;
|
||||
$user->browser = (!empty($_SERVER['HTTP_USER_AGENT'])) ? htmlspecialchars((string) $_SERVER['HTTP_USER_AGENT']) : '';
|
||||
$user->referer = (!empty($_SERVER['HTTP_REFERER'])) ? htmlspecialchars((string) $_SERVER['HTTP_REFERER']) : '';
|
||||
$user->forwarded_for = (!empty($_SERVER['HTTP_X_FORWARDED_FOR'])) ? (string) $_SERVER['HTTP_X_FORWARDED_FOR'] : '';
|
||||
$user->host = (!empty($_SERVER['HTTP_HOST'])) ? (string) strtolower($_SERVER['HTTP_HOST']) : ((!empty($_SERVER['SERVER_NAME'])) ? $_SERVER['SERVER_NAME'] : getenv('SERVER_NAME'));
|
||||
$user->page = session::extract_current_page($phpbb_root_path);
|
||||
}
|
||||
|
||||
protected function tearDown()
|
||||
{
|
||||
global $user;
|
||||
$user = NULL;
|
||||
}
|
||||
|
||||
public static function main()
|
||||
{
|
||||
PHPUnit_TextUI_TestRunner::run(self::suite());
|
||||
}
|
||||
|
||||
public static function suite()
|
||||
{
|
||||
// I bet there is a better method calling this... :)
|
||||
$suite = new phpbb_security_all_tests('phpBB Security Fixes');
|
||||
|
||||
$suite->addTestSuite('phpbb_security_extract_current_page_test');
|
||||
$suite->addTestSuite('phpbb_security_redirect_test');
|
||||
|
||||
return $suite;
|
||||
}
|
||||
}
|
||||
|
||||
if (PHPUnit_MAIN_METHOD == 'phpbb_security_all_tests::main')
|
||||
{
|
||||
phpbb_security_all_tests::main();
|
||||
}
|
||||
53
tests/security/extract_current_page.php
Normal file
53
tests/security/extract_current_page.php
Normal file
@@ -0,0 +1,53 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* @package testing
|
||||
* @copyright (c) 2008 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
*
|
||||
*/
|
||||
|
||||
require_once 'test_framework/framework.php';
|
||||
|
||||
require_once '../phpBB/includes/functions.php';
|
||||
require_once '../phpBB/includes/session.php';
|
||||
|
||||
class phpbb_security_extract_current_page_test extends phpbb_test_case
|
||||
{
|
||||
public static function security_variables()
|
||||
{
|
||||
return array(
|
||||
array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
|
||||
array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'),
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider security_variables
|
||||
*/
|
||||
public function test_query_string_php_self($url, $query_string, $expected)
|
||||
{
|
||||
$_SERVER['PHP_SELF'] = $url;
|
||||
$_SERVER['QUERY_STRING'] = $query_string;
|
||||
|
||||
$result = session::extract_current_page('./');
|
||||
|
||||
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
|
||||
$this->assertEquals($expected, $result['query_string'], $label);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider security_variables
|
||||
*/
|
||||
public function test_query_string_request_uri($url, $query_string, $expected)
|
||||
{
|
||||
$_SERVER['REQUEST_URI'] = $url . '?' . $query_string;
|
||||
$_SERVER['QUERY_STRING'] = $query_string;
|
||||
|
||||
$result = session::extract_current_page('./');
|
||||
|
||||
$label = 'Running extract_current_page on ' . $query_string . ' with REQUEST_URI filled.';
|
||||
$this->assertEquals($expected, $result['query_string'], $label);
|
||||
}
|
||||
}
|
||||
|
||||
58
tests/security/redirect.php
Normal file
58
tests/security/redirect.php
Normal file
@@ -0,0 +1,58 @@
|
||||
<?php
|
||||
/**
|
||||
*
|
||||
* @package testing
|
||||
* @copyright (c) 2008 phpBB Group
|
||||
* @license http://opensource.org/licenses/gpl-license.php GNU Public License
|
||||
*
|
||||
*/
|
||||
|
||||
require_once 'test_framework/framework.php';
|
||||
|
||||
require_once '../phpBB/includes/functions.php';
|
||||
require_once '../phpBB/includes/session.php';
|
||||
|
||||
class phpbb_security_redirect_test extends phpbb_test_case
|
||||
{
|
||||
public static function provider()
|
||||
{
|
||||
// array(Input -> redirect(), expected triggered error (else false), expected returned result url (else false))
|
||||
return array(
|
||||
array('data://x', false, 'http://localhost/phpBB'),
|
||||
array('bad://localhost/phpBB/index.php', 'Tried to redirect to potentially insecure url.', false),
|
||||
array('http://www.otherdomain.com/somescript.php', false, 'http://localhost/phpBB'),
|
||||
array("http://localhost/phpBB/memberlist.php\n\rConnection: close", 'Tried to redirect to potentially insecure url.', false),
|
||||
array('javascript:test', false, 'http://localhost/phpBB/../tests/javascript:test'),
|
||||
array('http://localhost/phpBB/index.php;url=', 'Tried to redirect to potentially insecure url.', false),
|
||||
);
|
||||
}
|
||||
|
||||
protected function setUp()
|
||||
{
|
||||
$GLOBALS['config'] = array(
|
||||
'force_server_vars' => '0',
|
||||
);
|
||||
}
|
||||
|
||||
/**
|
||||
* @dataProvider provider
|
||||
*/
|
||||
public function test_redirect($test, $expected_error, $expected_result)
|
||||
{
|
||||
global $user;
|
||||
|
||||
if ($expected_error !== false)
|
||||
{
|
||||
$this->setExpectedTriggerError(E_USER_ERROR, $expected_error);
|
||||
}
|
||||
|
||||
$result = redirect($test, true);
|
||||
|
||||
// only verify result if we did not expect an error
|
||||
if ($expected_error === false)
|
||||
{
|
||||
$this->assertEquals($expected_result, $result);
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user