summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core
diff options
context:
space:
mode:
authorAhmad Anbar <aanbar@gmail.com>2015-04-06 18:59:53 +0200
committerAhmad Anbar <aanbar@gmail.com>2015-04-06 18:59:53 +0200
commit5e50c42ef27261bc7fcb279499ce76cfc2519aa6 (patch)
treed74d660534b72ddc0b6cda9147cecfb64a225346 /tests/codeigniter/core
parented520408514fff6486788e1543589418d24d885e (diff)
parent7726b75552f765af94038e47a4a4272ac08c646e (diff)
Merge remote-tracking branch 'upstream/develop' into develop
Diffstat (limited to 'tests/codeigniter/core')
-rw-r--r--tests/codeigniter/core/Input_test.php64
-rw-r--r--tests/codeigniter/core/Lang_test.php29
-rw-r--r--tests/codeigniter/core/Loader_test.php49
-rw-r--r--tests/codeigniter/core/Security_test.php134
-rw-r--r--tests/codeigniter/core/compat/password_test.php2
5 files changed, 269 insertions, 9 deletions
diff --git a/tests/codeigniter/core/Input_test.php b/tests/codeigniter/core/Input_test.php
index 21ff6d81f..c56900d22 100644
--- a/tests/codeigniter/core/Input_test.php
+++ b/tests/codeigniter/core/Input_test.php
@@ -134,6 +134,14 @@ class Input_test extends CI_TestCase {
$this->assertEquals('bar', $foo);
$this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", $harm);
$this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless);
+
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_POST['foo']['bar'] = 'baz';
+ $barArray = array('bar' => 'baz');
+
+ $this->assertEquals('baz', $this->input->post('foo[bar]'));
+ $this->assertEquals($barArray, $this->input->post('foo[]'));
+ $this->assertNull($this->input->post('foo[baz]'));
}
// --------------------------------------------------------------------
@@ -198,9 +206,22 @@ class Input_test extends CI_TestCase {
$this->markTestSkipped('TODO: Find a way to test HTTP headers');
}
+ // --------------------------------------------------------------------
+
+ public function test_get_request_header()
+ {
+ $this->markTestSkipped('TODO: Find a way to test HTTP headers');
+ }
+
+ // --------------------------------------------------------------------
+
public function test_ip_address()
{
+ $this->input->ip_address = '127.0.0.1';
+ $this->assertEquals('127.0.0.1', $this->input->ip_address());
+
// 127.0.0.1 is set in our Bootstrap file
+ $this->input->ip_address = FALSE;
$this->assertEquals('127.0.0.1', $this->input->ip_address());
// Invalid
@@ -208,10 +229,47 @@ class Input_test extends CI_TestCase {
$this->input->ip_address = FALSE; // reset cached value
$this->assertEquals('0.0.0.0', $this->input->ip_address());
- // TODO: Add proxy_ips tests
+ $_SERVER['REMOTE_ADDR'] = '127.0.0.1';
- // Back to reality
+ // Proxy_ips tests
+ $this->input->ip_address = FALSE;
+ $this->ci_set_config('proxy_ips', '127.0.0.3, 127.0.0.4, 127.0.0.2');
+ $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2';
+ $this->assertEquals('127.0.0.1', $this->input->ip_address());
+
+ // Invalid spoof
+ $this->input->ip_address = FALSE;
+ $this->ci_set_config('proxy_ips', 'invalid_ip_address');
+ $_SERVER['HTTP_CLIENT_IP'] = 'invalid_ip_address';
+ $this->assertEquals('127.0.0.1', $this->input->ip_address());
+
+ $this->input->ip_address = FALSE;
+ $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.1/1');
+ $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.1';
+ $this->assertEquals('127.0.0.1', $this->input->ip_address());
+
+ $this->input->ip_address = FALSE;
+ $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.2');
+ $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2';
+ $_SERVER['REMOTE_ADDR'] = '127.0.0.2';
+ $this->assertEquals('127.0.0.2', $this->input->ip_address());
+
+ //IPv6
+ $this->input->ip_address = FALSE;
+ $this->ci_set_config('proxy_ips', 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329/1, FE80:0000:0000:0000:0202:B3FF:FE1E:8300/2');
+ $_SERVER['HTTP_CLIENT_IP'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8300';
+ $_SERVER['REMOTE_ADDR'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329';
+ $this->assertEquals('FE80:0000:0000:0000:0202:B3FF:FE1E:8300', $this->input->ip_address());
+
+ $this->input->ip_address = FALSE;
$_SERVER['REMOTE_ADDR'] = '127.0.0.1'; // back to reality
}
-} \ No newline at end of file
+ // --------------------------------------------------------------------
+
+ public function test_user_agent()
+ {
+ $_SERVER['HTTP_USER_AGENT'] = 'test';
+ $this->assertEquals('test', $this->input->user_agent());
+ }
+}
diff --git a/tests/codeigniter/core/Lang_test.php b/tests/codeigniter/core/Lang_test.php
index 87a71c885..d2dd7598a 100644
--- a/tests/codeigniter/core/Lang_test.php
+++ b/tests/codeigniter/core/Lang_test.php
@@ -32,7 +32,7 @@ class Lang_test extends CI_TestCase {
// A language other than english
$this->ci_vfs_clone('system/language/english/email_lang.php', 'system/language/german/');
$this->assertTrue($this->lang->load('email', 'german'));
- $this->assertEquals('german', $this->lang->is_loaded['email_lang.php'] );
+ $this->assertEquals('german', $this->lang->is_loaded['email_lang.php']);
// Non-alpha idiom (should act the same as unspecified language)
$this->ci_vfs_clone('system/language/english/number_lang.php');
@@ -49,6 +49,32 @@ class Lang_test extends CI_TestCase {
// --------------------------------------------------------------------
+ public function test_multiple_file_load()
+ {
+ // Multiple files
+ $this->ci_vfs_clone('system/language/english/profiler_lang.php');
+ $files = array(
+ 0 => 'profiler',
+ 1 => 'nonexistent'
+ );
+ $this->setExpectedException(
+ 'RuntimeException',
+ 'CI Error: Unable to load the requested language file: language/english/nonexistent_lang.php'
+ );
+ $this->lang->load($files, 'english');
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_alternative_path_load()
+ {
+ // Alternative Path
+ $this->ci_vfs_clone('system/language/english/profiler_lang.php');
+ $this->assertTrue($this->lang->load('profiler', 'english', FALSE, TRUE, 'vfs://system/'));
+ }
+
+ // --------------------------------------------------------------------
+
/**
* @depends test_load
*/
@@ -60,5 +86,4 @@ class Lang_test extends CI_TestCase {
$this->assertFalse($this->lang->line('nonexistent_string'));
$this->assertFalse($this->lang->line(NULL));
}
-
}
diff --git a/tests/codeigniter/core/Loader_test.php b/tests/codeigniter/core/Loader_test.php
index 9e2092e05..cfaf6c74b 100644
--- a/tests/codeigniter/core/Loader_test.php
+++ b/tests/codeigniter/core/Loader_test.php
@@ -22,6 +22,9 @@ class Loader_test extends CI_TestCase {
public function test_library()
{
+ // Test getting CI_Loader object
+ $this->assertInstanceOf('CI_Loader', $this->load->library(NULL));
+
// Create library in VFS
$lib = 'unit_test_lib';
$class = 'CI_'.ucfirst($lib);
@@ -35,6 +38,13 @@ class Loader_test extends CI_TestCase {
$this->assertTrue(class_exists($class), $class.' does not exist');
$this->assertAttributeInstanceOf($class, $lib, $this->ci_obj);
+ // Create library in VFS
+ $lib = array('unit_test_lib' => 'unit_test_lib');
+
+ // Test loading as an array (int).
+ $this->assertInstanceOf('CI_Loader', $this->load->library($lib));
+ $this->assertTrue(class_exists($class), $class.' does not exist');
+
// Test a string given to params
$this->assertInstanceOf('CI_Loader', $this->load->library($lib, ' '));
@@ -319,6 +329,24 @@ class Loader_test extends CI_TestCase {
// --------------------------------------------------------------------
+ public function test_clear_vars()
+ {
+ $key1 = 'foo';
+ $val1 = 'bar';
+ $key2 = 'boo';
+ $val2 = 'hoo';
+ $this->assertInstanceOf('CI_Loader', $this->load->vars(array($key1 => $val1)));
+ $this->assertInstanceOf('CI_Loader', $this->load->vars($key2, $val2));
+ $this->assertEquals($val1, $this->load->get_var($key1));
+ $this->assertEquals(array($key1 => $val1, $key2 => $val2), $this->load->get_vars());
+
+ $this->assertInstanceOf('CI_Loader', $this->load->clear_vars());
+ $this->assertEquals('', $this->load->get_var($key1));
+ $this->assertEquals('', $this->load->get_var($key2));
+ }
+
+ // --------------------------------------------------------------------
+
public function test_helper()
{
// Create helper in VFS
@@ -443,6 +471,24 @@ class Loader_test extends CI_TestCase {
// --------------------------------------------------------------------
+ public function test_remove_package_path()
+ {
+ $dir = 'third-party';
+ $path = APPPATH.$dir.'/';
+ $path2 = APPPATH.'another/';
+ $paths = $this->load->get_package_paths(TRUE);
+
+ $this->assertInstanceOf('CI_Loader', $this->load->add_package_path($path));
+ $this->assertInstanceOf('CI_Loader', $this->load->remove_package_path($path));
+ $this->assertEquals($paths, $this->load->get_package_paths(TRUE));
+
+ $this->assertInstanceOf('CI_Loader', $this->load->add_package_path($path2));
+ $this->assertInstanceOf('CI_Loader', $this->load->remove_package_path());
+ $this->assertNotContains($path2, $this->load->get_package_paths(TRUE));
+ }
+
+ // --------------------------------------------------------------------
+
public function test_load_config()
{
$cfg = 'someconfig';
@@ -511,5 +557,4 @@ class Loader_test extends CI_TestCase {
// Verify config calls
$this->assertEquals($cfg['config'], $this->ci_obj->config->loaded);
}
-
-} \ No newline at end of file
+}
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index 402422ff8..3acd2a598 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -71,6 +71,47 @@ class Security_test extends CI_TestCase {
$this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless_string);
}
+ // --------------------------------------------------------------------
+
+ public function test_xss_clean_string_array()
+ {
+ $harm_strings = array(
+ "Hello, i try to <script>alert('Hack');</script> your site",
+ "Simple clean string",
+ "Hello, i try to <script>alert('Hack');</script> your site"
+ );
+
+ $harmless_strings = $this->security->xss_clean($harm_strings);
+
+ $this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless_strings[0]);
+ $this->assertEquals("Simple clean string", $harmless_strings[1]);
+ $this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless_strings[2]);
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_xss_clean_image_valid()
+ {
+ $harm_string = '<img src="test.png">';
+
+ $xss_clean_return = $this->security->xss_clean($harm_string, TRUE);
+
+ $this->assertTrue($xss_clean_return);
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_xss_clean_image_invalid()
+ {
+ $harm_string = '<img src=javascript:alert(String.fromCharCode(88,83,83))>';
+
+ $xss_clean_return = $this->security->xss_clean($harm_string, TRUE);
+
+ $this->assertFalse($xss_clean_return);
+ }
+
+ // --------------------------------------------------------------------
+
public function test_xss_clean_entity_double_encoded()
{
$input = '<a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a>';
@@ -79,6 +120,36 @@ class Security_test extends CI_TestCase {
// --------------------------------------------------------------------
+ public function test_xss_clean_js_img_removal()
+ {
+ $input = '<img src="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere';
+ $this->assertEquals('<img >', $this->security->xss_clean($input));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_xss_clean_sanitize_naughty_html()
+ {
+ $input = '<blink>';
+ $this->assertEquals('&lt;blink&gt;', $this->security->xss_clean($input));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_remove_evil_attributes()
+ {
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttribute="bar">', FALSE));
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeNoQuotes=bar>', FALSE));
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeWithSpaces = bar>', FALSE));
+ $this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->remove_evil_attributes('<foo prefixOnAttribute="bar">', FALSE));
+ $this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->remove_evil_attributes('<foo>onOutsideOfTag=test</foo>', FALSE));
+ $this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', FALSE));
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo fscommand=case-insensitive>', FALSE));
+ $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo seekSegmentTime=whatever>', FALSE));
+ }
+
+ // --------------------------------------------------------------------
+
public function test_xss_hash()
{
$this->assertEmpty($this->security->xss_hash);
@@ -91,6 +162,17 @@ class Security_test extends CI_TestCase {
// --------------------------------------------------------------------
+ public function test_get_random_bytes()
+ {
+ $length = "invalid";
+ $this->assertFalse($this->security->get_random_bytes($length));
+
+ $length = 10;
+ $this->assertNotEmpty($this->security->get_random_bytes($length));
+ }
+
+ // --------------------------------------------------------------------
+
public function test_entity_decode()
{
$encoded = '&lt;div&gt;Hello &lt;b&gt;Booya&lt;/b&gt;&lt;/div&gt;';
@@ -115,4 +197,54 @@ class Security_test extends CI_TestCase {
$this->assertEquals('foo', $safe_filename);
}
-} \ No newline at end of file
+ // --------------------------------------------------------------------
+
+ public function test_strip_image_tags()
+ {
+ $imgtags = array(
+ '<img src="smiley.gif" alt="Smiley face" height="42" width="42">',
+ '<img alt="Smiley face" height="42" width="42" src="smiley.gif">',
+ '<img src="http://www.w3schools.com/images/w3schools_green.jpg">',
+ '<img src="/img/sunset.gif" height="100%" width="100%">',
+ '<img src="mdn-logo-sm.png" alt="MD Logo" srcset="mdn-logo-HD.png 2x, mdn-logo-small.png 15w, mdn-banner-HD.png 100w 2x" />',
+ '<img sqrc="/img/sunset.gif" height="100%" width="100%">',
+ '<img srqc="/img/sunset.gif" height="100%" width="100%">',
+ '<img srcq="/img/sunset.gif" height="100%" width="100%">'
+ );
+
+ $urls = array(
+ 'smiley.gif',
+ 'smiley.gif',
+ 'http://www.w3schools.com/images/w3schools_green.jpg',
+ '/img/sunset.gif',
+ 'mdn-logo-sm.png',
+ '<img sqrc="/img/sunset.gif" height="100%" width="100%">',
+ '<img srqc="/img/sunset.gif" height="100%" width="100%">',
+ '<img srcq="/img/sunset.gif" height="100%" width="100%">'
+ );
+
+ for ($i = 0; $i < count($imgtags); $i++)
+ {
+ $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i]));
+ }
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_csrf_set_hash()
+ {
+ // Set cookie for security test
+ $_COOKIE['ci_csrf_cookie'] = md5(uniqid(mt_rand(), TRUE));
+
+ // Set config for Security class
+ $this->ci_set_config('csrf_protection', TRUE);
+ $this->ci_set_config('csrf_token_name', 'ci_csrf_token');
+
+ // leave csrf_cookie_name as blank to test _csrf_set_hash function
+ $this->ci_set_config('csrf_cookie_name', '');
+
+ $this->security = new Mock_Core_Security();
+
+ $this->assertNotEmpty($this->security->get_csrf_hash());
+ }
+}
diff --git a/tests/codeigniter/core/compat/password_test.php b/tests/codeigniter/core/compat/password_test.php
index c37c6ac0c..8a507d14a 100644
--- a/tests/codeigniter/core/compat/password_test.php
+++ b/tests/codeigniter/core/compat/password_test.php
@@ -132,7 +132,7 @@ class password_test extends CI_TestCase {
$this->assertFalse(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10, 'foo' => 3)));
// invalid: different (lower) cost
- $this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 09)));
+ $this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 9)));
// invalid: different (higher) cost
$this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11)));