diff options
-rw-r--r-- | tests/codeigniter/core/Security_test.php | 131 |
1 files changed, 65 insertions, 66 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 8faf1b58a..7f467fb1b 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -73,44 +73,44 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- - public function test_xss_clean_string_array() + public function test_xss_clean_string_array() { - $harm_strings = array( - "Hello, i try to <script>alert('Hack');</script> your site", - "Simple clean string", - "Hello, i try to <script>alert('Hack');</script> your site" - ); + $harm_strings = array( + "Hello, i try to <script>alert('Hack');</script> your site", + "Simple clean string", + "Hello, i try to <script>alert('Hack');</script> your site" + ); $harmless_strings = $this->security->xss_clean($harm_strings); - - $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]); - $this->assertEquals("Simple clean string", $harmless_strings[1]); - $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]); + $this->assertEquals("Simple clean string", $harmless_strings[1]); + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_image_valid() + public function test_xss_clean_image_valid() { - $harm_string = '<img src="test.png">'; + $harm_string = '<img src="test.png">'; $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); $this->assertTrue($xss_clean_return); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_image_invalid() + public function test_xss_clean_image_invalid() { - $harm_string = '<img src=javascript:alert(String.fromCharCode(88,83,83))>'; + $harm_string = '<img src=javascript:alert(String.fromCharCode(88,83,83))>'; $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); $this->assertFalse($xss_clean_return); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- public function test_xss_clean_entity_double_encoded() { @@ -118,17 +118,17 @@ class Security_test extends CI_TestCase { $this->assertEquals('<a >Clickhere</a>', $this->security->xss_clean($input)); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_js_img_removal() + public function test_xss_clean_js_img_removal() { $input = '<img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; $this->assertEquals('<img >', $this->security->xss_clean($input)); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_sanitize_naughty_html() + public function test_xss_clean_sanitize_naughty_html() { $input = '<blink>'; $this->assertEquals('<blink>', $this->security->xss_clean($input)); @@ -158,19 +158,18 @@ class Security_test extends CI_TestCase { $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); } - // -------------------------------------------------------------------- - - public function test_get_random_bytes() - { - $length = "invalid"; - $this->assertFalse($this->security->get_random_bytes($length)); + // -------------------------------------------------------------------- + public function test_get_random_bytes() + { + $length = "invalid"; + $this->assertFalse($this->security->get_random_bytes($length)); - $length = 10; - $this->assertNotEmpty($this->security->get_random_bytes($length)); - } + $length = 10; + $this->assertNotEmpty($this->security->get_random_bytes($length)); + } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- public function test_entity_decode() { @@ -196,54 +195,54 @@ class Security_test extends CI_TestCase { $this->assertEquals('foo', $safe_filename); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- public function test_strip_image_tags() { - $imgtags = Array( - '<img src="smiley.gif" alt="Smiley face" height="42" width="42">', - '<img alt="Smiley face" height="42" width="42" src="smiley.gif">', - '<img src="http://www.w3schools.com/images/w3schools_green.jpg">', - '<img src="/img/sunset.gif" height="100%" width="100%">', - '<img src="mdn-logo-sm.png" alt="MD Logo" srcset="mdn-logo-HD.png 2x, mdn-logo-small.png 15w, mdn-banner-HD.png 100w 2x" />', - '<img sqrc="/img/sunset.gif" height="100%" width="100%">', - '<img srqc="/img/sunset.gif" height="100%" width="100%">', - '<img srcq="/img/sunset.gif" height="100%" width="100%">' - ); - - $urls = Array( - 'smiley.gif', - 'smiley.gif', - 'http://www.w3schools.com/images/w3schools_green.jpg', - '/img/sunset.gif', - 'mdn-logo-sm.png', - '<img sqrc="/img/sunset.gif" height="100%" width="100%">', - '<img srqc="/img/sunset.gif" height="100%" width="100%">', - '<img srcq="/img/sunset.gif" height="100%" width="100%">' - ); - - for($i = 0; $i < count($imgtags); $i++) - { - $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); - } + $imgtags = Array( + '<img src="smiley.gif" alt="Smiley face" height="42" width="42">', + '<img alt="Smiley face" height="42" width="42" src="smiley.gif">', + '<img src="http://www.w3schools.com/images/w3schools_green.jpg">', + '<img src="/img/sunset.gif" height="100%" width="100%">', + '<img src="mdn-logo-sm.png" alt="MD Logo" srcset="mdn-logo-HD.png 2x, mdn-logo-small.png 15w, mdn-banner-HD.png 100w 2x" />', + '<img sqrc="/img/sunset.gif" height="100%" width="100%">', + '<img srqc="/img/sunset.gif" height="100%" width="100%">', + '<img srcq="/img/sunset.gif" height="100%" width="100%">' + ); + + $urls = Array( + 'smiley.gif', + 'smiley.gif', + 'http://www.w3schools.com/images/w3schools_green.jpg', + '/img/sunset.gif', + 'mdn-logo-sm.png', + '<img sqrc="/img/sunset.gif" height="100%" width="100%">', + '<img srqc="/img/sunset.gif" height="100%" width="100%">', + '<img srcq="/img/sunset.gif" height="100%" width="100%">' + ); + + for($i = 0; $i < count($imgtags); $i++) + { + $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); + } } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_csrf_set_hash() + public function test_csrf_set_hash() { - // Set cookie for security test + // Set cookie for security test $_COOKIE['ci_csrf_cookie'] = md5(uniqid(mt_rand(), TRUE)); // Set config for Security class $this->ci_set_config('csrf_protection', TRUE); $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); - - // leave csrf_cookie_name as blank to test _csrf_set_hash function + + // leave csrf_cookie_name as blank to test _csrf_set_hash function $this->ci_set_config('csrf_cookie_name', ''); $this->security = new Mock_Core_Security(); - - $this->assertNotEmpty($this->security->get_csrf_hash()); - } + + $this->assertNotEmpty($this->security->get_csrf_hash()); + } }
\ No newline at end of file |