diff options
author | Andrey Andreev <narf@bofh.bg> | 2012-06-07 20:56:59 +0200 |
---|---|---|
committer | Andrey Andreev <narf@bofh.bg> | 2012-06-07 20:56:59 +0200 |
commit | cd221aba73cb7a117c70ca237f0ee9dc14f80cf1 (patch) | |
tree | 39db53d645226c212eb697494320eef6302544a0 /tests/codeigniter/core/Security_test.php | |
parent | 1fcce9667fe8d1925a36549e22124411f5828230 (diff) | |
parent | 6c776538c4e8f1b932d5ec7431c1c8de8a5642a6 (diff) |
Merge upstream branch
Diffstat (limited to 'tests/codeigniter/core/Security_test.php')
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 105 |
1 files changed, 105 insertions, 0 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php new file mode 100644 index 000000000..b2f8c69d2 --- /dev/null +++ b/tests/codeigniter/core/Security_test.php @@ -0,0 +1,105 @@ +<?php + +class Security_test extends CI_TestCase { + + public function set_up() + { + // Set cookie for security test + $_COOKIE['ci_csrf_cookie'] = md5(uniqid(rand(), TRUE)); + + // Set config for Security class + $this->ci_set_config('csrf_protection', TRUE); + $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); + $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie'); + + $this->security = new Mock_Core_Security(); + } + + // -------------------------------------------------------------------- + + public function test_csrf_verify() + { + $_SERVER['REQUEST_METHOD'] = 'GET'; + + $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); + } + + // -------------------------------------------------------------------- + + public function test_csrf_verify_invalid() + { + // Without issuing $_POST[csrf_token_name], this request will triggering CSRF error + $_SERVER['REQUEST_METHOD'] = 'POST'; + + $this->setExpectedException('RuntimeException', 'CI Error: The action you have requested is not allowed'); + + $this->security->csrf_verify(); + } + + // -------------------------------------------------------------------- + + public function test_csrf_verify_valid() + { + $_SERVER['REQUEST_METHOD'] = 'POST'; + $_POST[$this->security->csrf_token_name] = $this->security->csrf_hash; + + $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); + } + + // -------------------------------------------------------------------- + + public function test_get_csrf_hash() + { + $this->assertEquals($this->security->csrf_hash, $this->security->get_csrf_hash()); + } + + // -------------------------------------------------------------------- + + public function test_get_csrf_token_name() + { + $this->assertEquals('ci_csrf_token', $this->security->get_csrf_token_name()); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean() + { + $harm_string = "Hello, i try to <script>alert('Hack');</script> your site"; + + $harmless_string = $this->security->xss_clean($harm_string); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); + } + + // -------------------------------------------------------------------- + + public function test_xss_hash() + { + $this->assertEmpty($this->security->xss_hash); + + // Perform hash + $this->security->xss_hash(); + + $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); + } + + // -------------------------------------------------------------------- + + public function test_entity_decode() + { + $encoded = '<div>Hello <b>Booya</b></div>'; + $decoded = $this->security->entity_decode($encoded); + + $this->assertEquals('<div>Hello <b>Booya</b></div>', $decoded); + } + + // -------------------------------------------------------------------- + + public function test_sanitize_filename() + { + $filename = './<!--foo-->'; + $safe_filename = $this->security->sanitize_filename($filename); + + $this->assertEquals('foo', $safe_filename); + } +}
\ No newline at end of file |