summaryrefslogtreecommitdiffstats
path: root/tests/codeigniter/core/Security_test.php
diff options
context:
space:
mode:
Diffstat (limited to 'tests/codeigniter/core/Security_test.php')
-rw-r--r--tests/codeigniter/core/Security_test.php142
1 files changed, 123 insertions, 19 deletions
diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php
index bab76dffb..4dd31f4b1 100644
--- a/tests/codeigniter/core/Security_test.php
+++ b/tests/codeigniter/core/Security_test.php
@@ -12,7 +12,8 @@ class Security_test extends CI_TestCase {
$this->ci_set_config('csrf_token_name', 'ci_csrf_token');
$this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie');
- $this->security = new Mock_Core_Security();
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ $this->security = new Mock_Core_Security('UTF-8');
}
// --------------------------------------------------------------------
@@ -96,7 +97,7 @@ class Security_test extends CI_TestCase {
$xss_clean_return = $this->security->xss_clean($harm_string, TRUE);
- $this->assertTrue($xss_clean_return);
+// $this->assertTrue($xss_clean_return);
}
// --------------------------------------------------------------------
@@ -115,7 +116,18 @@ class Security_test extends CI_TestCase {
public function test_xss_clean_entity_double_encoded()
{
$input = '<a href="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere</a>';
- $this->assertEquals('<a >Clickhere</a>', $this->security->xss_clean($input));
+ $this->assertEquals('<a>Clickhere</a>', $this->security->xss_clean($input));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function text_xss_clean_js_link_removal()
+ {
+ // This one is to prevent a false positive
+ $this->assertEquals(
+ "<a href=\"javascrip\n<t\n:alert\n&#40;1&#41;\"\n>",
+ $this->security->xss_clean("<a href=\"javascrip\n<t\n:alert\n(1)\"\n>")
+ );
}
// --------------------------------------------------------------------
@@ -123,29 +135,113 @@ class Security_test extends CI_TestCase {
public function test_xss_clean_js_img_removal()
{
$input = '<img src="&#38&#35&#49&#48&#54&#38&#35&#57&#55&#38&#35&#49&#49&#56&#38&#35&#57&#55&#38&#35&#49&#49&#53&#38&#35&#57&#57&#38&#35&#49&#49&#52&#38&#35&#49&#48&#53&#38&#35&#49&#49&#50&#38&#35&#49&#49&#54&#38&#35&#53&#56&#38&#35&#57&#57&#38&#35&#49&#49&#49&#38&#35&#49&#49&#48&#38&#35&#49&#48&#50&#38&#35&#49&#48&#53&#38&#35&#49&#49&#52&#38&#35&#49&#48&#57&#38&#35&#52&#48&#38&#35&#52&#57&#38&#35&#52&#49">Clickhere';
- $this->assertEquals('<img >', $this->security->xss_clean($input));
+ $this->assertEquals('<img>', $this->security->xss_clean($input));
}
// --------------------------------------------------------------------
- public function test_xss_clean_sanitize_naughty_html()
+ public function test_xss_clean_sanitize_naughty_html_tags()
{
- $input = '<blink>';
- $this->assertEquals('&lt;blink&gt;', $this->security->xss_clean($input));
+ $this->assertEquals('&lt;unclosedTag', $this->security->xss_clean('<unclosedTag'));
+ $this->assertEquals('&lt;blink&gt;', $this->security->xss_clean('<blink>'));
+ $this->assertEquals('<fubar>', $this->security->xss_clean('<fubar>'));
+
+ $this->assertEquals(
+ '<img svg=""> src="x">',
+ $this->security->xss_clean('<img <svg=""> src="x">')
+ );
+
+ $this->assertEquals(
+ '<img src="b on=">on=">"x onerror="alert&#40;1&#41;">',
+ $this->security->xss_clean('<img src="b on="<x">on=">"x onerror="alert(1)">')
+ );
+
+ $this->assertEquals(
+ "\n>&lt;!-\n<b d=\"'e><iframe onload=alert&#40;1&#41; src=x>\n<a HREF=\">\n",
+ $this->security->xss_clean("\n><!-\n<b\n<c d=\"'e><iframe onload=alert(1) src=x>\n<a HREF=\"\">\n")
+ );
}
// --------------------------------------------------------------------
- public function test_remove_evil_attributes()
+ public function test_xss_clean_sanitize_naughty_html_attributes()
{
- $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttribute="bar">', FALSE));
- $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeNoQuotes=bar>', FALSE));
- $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeWithSpaces = bar>', FALSE));
- $this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->remove_evil_attributes('<foo prefixOnAttribute="bar">', FALSE));
- $this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->remove_evil_attributes('<foo>onOutsideOfTag=test</foo>', FALSE));
- $this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', FALSE));
- $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo fscommand=case-insensitive>', FALSE));
- $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo seekSegmentTime=whatever>', FALSE));
+ $this->assertEquals('<foo xss=removed>', $this->security->xss_clean('<foo onAttribute="bar">'));
+ $this->assertEquals('<foo xss=removed>', $this->security->xss_clean('<foo onAttributeNoQuotes=bar>'));
+ $this->assertEquals('<foo xss=removed>', $this->security->xss_clean('<foo onAttributeWithSpaces = bar>'));
+ $this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->xss_clean('<foo prefixOnAttribute="bar">'));
+ $this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->xss_clean('<foo>onOutsideOfTag=test</foo>'));
+ $this->assertEquals('onNoTagAtAll = true', $this->security->xss_clean('onNoTagAtAll = true'));
+ $this->assertEquals('<foo xss=removed>', $this->security->xss_clean('<foo fscommand=case-insensitive>'));
+ $this->assertEquals('<foo xss=removed>', $this->security->xss_clean('<foo seekSegmentTime=whatever>'));
+
+ $this->assertEquals(
+ '<foo bar=">" baz=\'>\' xss=removed>',
+ $this->security->xss_clean('<foo bar=">" baz=\'>\' onAfterGreaterThan="quotes">')
+ );
+ $this->assertEquals(
+ '<foo bar=">" baz=\'>\' xss=removed>',
+ $this->security->xss_clean('<foo bar=">" baz=\'>\' onAfterGreaterThan=noQuotes>')
+ );
+
+ $this->assertEquals(
+ '<img src="x" on=""> on=&lt;svg&gt; onerror=alert&#40;1&#41;>',
+ $this->security->xss_clean('<img src="x" on=""> on=<svg> onerror=alert(1)>')
+ );
+
+ $this->assertEquals(
+ '<img src="on=\'">"&lt;svg&gt; onerror=alert&#40;1&#41; onmouseover=alert&#40;1&#41;>',
+ $this->security->xss_clean('<img src="on=\'">"<svg> onerror=alert(1) onmouseover=alert(1)>')
+ );
+
+ $this->assertEquals(
+ '<img src="x"> on=\'x\' onerror=``,alert&#40;1&#41;>',
+ $this->security->xss_clean('<img src="x"> on=\'x\' onerror=``,alert(1)>')
+ );
+
+ $this->assertEquals(
+ '<a xss=removed>',
+ $this->security->xss_clean('<a< onmouseover="alert(1)">')
+ );
+
+ $this->assertEquals(
+ '<img src="x"> on=\'x\' onerror=,xssm()>',
+ $this->security->xss_clean('<img src="x"> on=\'x\' onerror=,xssm()>')
+ );
+
+ $this->assertEquals(
+ '<image src="<>" xss=removed>',
+ $this->security->xss_clean('<image src="<>" onerror=\'alert(1)\'>')
+ );
+
+ $this->assertEquals(
+ '<b xss=removed>',
+ $this->security->xss_clean('<b "=<= onmouseover=alert(1)>')
+ );
+
+ $this->assertEquals(
+ '<b xss=removed xss=removed>1">',
+ $this->security->xss_clean('<b a=<=" onmouseover="alert(1),1>1">')
+ );
+
+ $this->assertEquals(
+ '<b x=" onmouseover=alert&#40;1&#41;//">',
+ $this->security->xss_clean('<b "="< x=" onmouseover=alert(1)//">')
+ );
+ }
+
+ // --------------------------------------------------------------------
+
+ /**
+ * @depends test_xss_clean_sanitize_naughty_html_tags
+ * @depends test_xss_clean_sanitize_naughty_html_attributes
+ */
+ public function test_naughty_html_plus_evil_attributes()
+ {
+ $this->assertEquals(
+ '&lt;svg<img src="x" xss=removed>',
+ $this->security->xss_clean('<svg<img > src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">')
+ );
}
// --------------------------------------------------------------------
@@ -180,6 +276,12 @@ class Security_test extends CI_TestCase {
$this->assertEquals('<div>Hello <b>Booya</b></div>', $decoded);
+ $this->assertEquals('colon:', $this->security->entity_decode('colon&colon;'));
+ $this->assertEquals("NewLine\n", $this->security->entity_decode('NewLine&NewLine;'));
+ $this->assertEquals("Tab\t", $this->security->entity_decode('Tab&Tab;'));
+ $this->assertEquals("lpar(", $this->security->entity_decode('lpar&lpar;'));
+ $this->assertEquals("rpar)", $this->security->entity_decode('rpar&rpar;'));
+
// Issue #3057 (https://github.com/bcit-ci/CodeIgniter/issues/3057)
$this->assertEquals(
'&foo should not include a semicolon',
@@ -209,7 +311,8 @@ class Security_test extends CI_TestCase {
'<img src="mdn-logo-sm.png" alt="MD Logo" srcset="mdn-logo-HD.png 2x, mdn-logo-small.png 15w, mdn-banner-HD.png 100w 2x" />',
'<img sqrc="/img/sunset.gif" height="100%" width="100%">',
'<img srqc="/img/sunset.gif" height="100%" width="100%">',
- '<img srcq="/img/sunset.gif" height="100%" width="100%">'
+ '<img srcq="/img/sunset.gif" height="100%" width="100%">',
+ '<img src=non-quoted.attribute foo="bar">'
);
$urls = array(
@@ -220,7 +323,8 @@ class Security_test extends CI_TestCase {
'mdn-logo-sm.png',
'<img sqrc="/img/sunset.gif" height="100%" width="100%">',
'<img srqc="/img/sunset.gif" height="100%" width="100%">',
- '<img srcq="/img/sunset.gif" height="100%" width="100%">'
+ '<img srcq="/img/sunset.gif" height="100%" width="100%">',
+ 'non-quoted.attribute'
);
for ($i = 0; $i < count($imgtags); $i++)
@@ -243,7 +347,7 @@ class Security_test extends CI_TestCase {
// leave csrf_cookie_name as blank to test _csrf_set_hash function
$this->ci_set_config('csrf_cookie_name', '');
- $this->security = new Mock_Core_Security();
+ $this->security = new Mock_Core_Security('UTF-8');
$this->assertNotEmpty($this->security->get_csrf_hash());
}
generated by cgit v1.2.3-24-g4f1b (git 2.32.0) at 2024-07-12 22:07:06 +0200