diff options
Diffstat (limited to 'tests/codeigniter/core')
| -rw-r--r-- | tests/codeigniter/core/Input_test.php | 64 | ||||
| -rw-r--r-- | tests/codeigniter/core/Lang_test.php | 29 | ||||
| -rw-r--r-- | tests/codeigniter/core/Loader_test.php | 49 | ||||
| -rw-r--r-- | tests/codeigniter/core/Security_test.php | 134 | ||||
| -rw-r--r-- | tests/codeigniter/core/compat/password_test.php | 2 |
5 files changed, 269 insertions, 9 deletions
diff --git a/tests/codeigniter/core/Input_test.php b/tests/codeigniter/core/Input_test.php index 21ff6d81f..c56900d22 100644 --- a/tests/codeigniter/core/Input_test.php +++ b/tests/codeigniter/core/Input_test.php @@ -134,6 +134,14 @@ class Input_test extends CI_TestCase { $this->assertEquals('bar', $foo); $this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", $harm); $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless); + + $_SERVER['REQUEST_METHOD'] = 'POST'; + $_POST['foo']['bar'] = 'baz'; + $barArray = array('bar' => 'baz'); + + $this->assertEquals('baz', $this->input->post('foo[bar]')); + $this->assertEquals($barArray, $this->input->post('foo[]')); + $this->assertNull($this->input->post('foo[baz]')); } // -------------------------------------------------------------------- @@ -198,9 +206,22 @@ class Input_test extends CI_TestCase { $this->markTestSkipped('TODO: Find a way to test HTTP headers'); } + // -------------------------------------------------------------------- + + public function test_get_request_header() + { + $this->markTestSkipped('TODO: Find a way to test HTTP headers'); + } + + // -------------------------------------------------------------------- + public function test_ip_address() { + $this->input->ip_address = '127.0.0.1'; + $this->assertEquals('127.0.0.1', $this->input->ip_address()); + // 127.0.0.1 is set in our Bootstrap file + $this->input->ip_address = FALSE; $this->assertEquals('127.0.0.1', $this->input->ip_address()); // Invalid @@ -208,10 +229,47 @@ class Input_test extends CI_TestCase { $this->input->ip_address = FALSE; // reset cached value $this->assertEquals('0.0.0.0', $this->input->ip_address()); - // TODO: Add proxy_ips tests + $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; - // Back to reality + // Proxy_ips tests + $this->input->ip_address = FALSE; + $this->ci_set_config('proxy_ips', '127.0.0.3, 127.0.0.4, 127.0.0.2'); + $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2'; + $this->assertEquals('127.0.0.1', $this->input->ip_address()); + + // Invalid spoof + $this->input->ip_address = FALSE; + $this->ci_set_config('proxy_ips', 'invalid_ip_address'); + $_SERVER['HTTP_CLIENT_IP'] = 'invalid_ip_address'; + $this->assertEquals('127.0.0.1', $this->input->ip_address()); + + $this->input->ip_address = FALSE; + $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.1/1'); + $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.1'; + $this->assertEquals('127.0.0.1', $this->input->ip_address()); + + $this->input->ip_address = FALSE; + $this->ci_set_config('proxy_ips', 'http://foo/bar/baz, 127.0.0.2'); + $_SERVER['HTTP_CLIENT_IP'] = '127.0.0.2'; + $_SERVER['REMOTE_ADDR'] = '127.0.0.2'; + $this->assertEquals('127.0.0.2', $this->input->ip_address()); + + //IPv6 + $this->input->ip_address = FALSE; + $this->ci_set_config('proxy_ips', 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329/1, FE80:0000:0000:0000:0202:B3FF:FE1E:8300/2'); + $_SERVER['HTTP_CLIENT_IP'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8300'; + $_SERVER['REMOTE_ADDR'] = 'FE80:0000:0000:0000:0202:B3FF:FE1E:8329'; + $this->assertEquals('FE80:0000:0000:0000:0202:B3FF:FE1E:8300', $this->input->ip_address()); + + $this->input->ip_address = FALSE; $_SERVER['REMOTE_ADDR'] = '127.0.0.1'; // back to reality } -}
\ No newline at end of file + // -------------------------------------------------------------------- + + public function test_user_agent() + { + $_SERVER['HTTP_USER_AGENT'] = 'test'; + $this->assertEquals('test', $this->input->user_agent()); + } +} diff --git a/tests/codeigniter/core/Lang_test.php b/tests/codeigniter/core/Lang_test.php index 87a71c885..d2dd7598a 100644 --- a/tests/codeigniter/core/Lang_test.php +++ b/tests/codeigniter/core/Lang_test.php @@ -32,7 +32,7 @@ class Lang_test extends CI_TestCase { // A language other than english $this->ci_vfs_clone('system/language/english/email_lang.php', 'system/language/german/'); $this->assertTrue($this->lang->load('email', 'german')); - $this->assertEquals('german', $this->lang->is_loaded['email_lang.php'] ); + $this->assertEquals('german', $this->lang->is_loaded['email_lang.php']); // Non-alpha idiom (should act the same as unspecified language) $this->ci_vfs_clone('system/language/english/number_lang.php'); @@ -49,6 +49,32 @@ class Lang_test extends CI_TestCase { // -------------------------------------------------------------------- + public function test_multiple_file_load() + { + // Multiple files + $this->ci_vfs_clone('system/language/english/profiler_lang.php'); + $files = array( + 0 => 'profiler', + 1 => 'nonexistent' + ); + $this->setExpectedException( + 'RuntimeException', + 'CI Error: Unable to load the requested language file: language/english/nonexistent_lang.php' + ); + $this->lang->load($files, 'english'); + } + + // -------------------------------------------------------------------- + + public function test_alternative_path_load() + { + // Alternative Path + $this->ci_vfs_clone('system/language/english/profiler_lang.php'); + $this->assertTrue($this->lang->load('profiler', 'english', FALSE, TRUE, 'vfs://system/')); + } + + // -------------------------------------------------------------------- + /** * @depends test_load */ @@ -60,5 +86,4 @@ class Lang_test extends CI_TestCase { $this->assertFalse($this->lang->line('nonexistent_string')); $this->assertFalse($this->lang->line(NULL)); } - } diff --git a/tests/codeigniter/core/Loader_test.php b/tests/codeigniter/core/Loader_test.php index 9e2092e05..cfaf6c74b 100644 --- a/tests/codeigniter/core/Loader_test.php +++ b/tests/codeigniter/core/Loader_test.php @@ -22,6 +22,9 @@ class Loader_test extends CI_TestCase { public function test_library() { + // Test getting CI_Loader object + $this->assertInstanceOf('CI_Loader', $this->load->library(NULL)); + // Create library in VFS $lib = 'unit_test_lib'; $class = 'CI_'.ucfirst($lib); @@ -35,6 +38,13 @@ class Loader_test extends CI_TestCase { $this->assertTrue(class_exists($class), $class.' does not exist'); $this->assertAttributeInstanceOf($class, $lib, $this->ci_obj); + // Create library in VFS + $lib = array('unit_test_lib' => 'unit_test_lib'); + + // Test loading as an array (int). + $this->assertInstanceOf('CI_Loader', $this->load->library($lib)); + $this->assertTrue(class_exists($class), $class.' does not exist'); + // Test a string given to params $this->assertInstanceOf('CI_Loader', $this->load->library($lib, ' ')); @@ -319,6 +329,24 @@ class Loader_test extends CI_TestCase { // -------------------------------------------------------------------- + public function test_clear_vars() + { + $key1 = 'foo'; + $val1 = 'bar'; + $key2 = 'boo'; + $val2 = 'hoo'; + $this->assertInstanceOf('CI_Loader', $this->load->vars(array($key1 => $val1))); + $this->assertInstanceOf('CI_Loader', $this->load->vars($key2, $val2)); + $this->assertEquals($val1, $this->load->get_var($key1)); + $this->assertEquals(array($key1 => $val1, $key2 => $val2), $this->load->get_vars()); + + $this->assertInstanceOf('CI_Loader', $this->load->clear_vars()); + $this->assertEquals('', $this->load->get_var($key1)); + $this->assertEquals('', $this->load->get_var($key2)); + } + + // -------------------------------------------------------------------- + public function test_helper() { // Create helper in VFS @@ -443,6 +471,24 @@ class Loader_test extends CI_TestCase { // -------------------------------------------------------------------- + public function test_remove_package_path() + { + $dir = 'third-party'; + $path = APPPATH.$dir.'/'; + $path2 = APPPATH.'another/'; + $paths = $this->load->get_package_paths(TRUE); + + $this->assertInstanceOf('CI_Loader', $this->load->add_package_path($path)); + $this->assertInstanceOf('CI_Loader', $this->load->remove_package_path($path)); + $this->assertEquals($paths, $this->load->get_package_paths(TRUE)); + + $this->assertInstanceOf('CI_Loader', $this->load->add_package_path($path2)); + $this->assertInstanceOf('CI_Loader', $this->load->remove_package_path()); + $this->assertNotContains($path2, $this->load->get_package_paths(TRUE)); + } + + // -------------------------------------------------------------------- + public function test_load_config() { $cfg = 'someconfig'; @@ -511,5 +557,4 @@ class Loader_test extends CI_TestCase { // Verify config calls $this->assertEquals($cfg['config'], $this->ci_obj->config->loaded); } - -}
\ No newline at end of file +} diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 402422ff8..3acd2a598 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -71,6 +71,47 @@ class Security_test extends CI_TestCase { $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } + // -------------------------------------------------------------------- + + public function test_xss_clean_string_array() + { + $harm_strings = array( + "Hello, i try to <script>alert('Hack');</script> your site", + "Simple clean string", + "Hello, i try to <script>alert('Hack');</script> your site" + ); + + $harmless_strings = $this->security->xss_clean($harm_strings); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]); + $this->assertEquals("Simple clean string", $harmless_strings[1]); + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean_image_valid() + { + $harm_string = '<img src="test.png">'; + + $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); + + $this->assertTrue($xss_clean_return); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean_image_invalid() + { + $harm_string = '<img src=javascript:alert(String.fromCharCode(88,83,83))>'; + + $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); + + $this->assertFalse($xss_clean_return); + } + + // -------------------------------------------------------------------- + public function test_xss_clean_entity_double_encoded() { $input = '<a href="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere</a>'; @@ -79,6 +120,36 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + public function test_xss_clean_js_img_removal() + { + $input = '<img src="&#106&#97&#118&#97&#115&#99&#114&#105&#112&#116&#58&#99&#111&#110&#102&#105&#114&#109&#40&#49&#41">Clickhere'; + $this->assertEquals('<img >', $this->security->xss_clean($input)); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean_sanitize_naughty_html() + { + $input = '<blink>'; + $this->assertEquals('<blink>', $this->security->xss_clean($input)); + } + + // -------------------------------------------------------------------- + + public function test_remove_evil_attributes() + { + $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttribute="bar">', FALSE)); + $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeNoQuotes=bar>', FALSE)); + $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo onAttributeWithSpaces = bar>', FALSE)); + $this->assertEquals('<foo prefixOnAttribute="bar">', $this->security->remove_evil_attributes('<foo prefixOnAttribute="bar">', FALSE)); + $this->assertEquals('<foo>onOutsideOfTag=test</foo>', $this->security->remove_evil_attributes('<foo>onOutsideOfTag=test</foo>', FALSE)); + $this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', FALSE)); + $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo fscommand=case-insensitive>', FALSE)); + $this->assertEquals('<foo [removed]>', $this->security->remove_evil_attributes('<foo seekSegmentTime=whatever>', FALSE)); + } + + // -------------------------------------------------------------------- + public function test_xss_hash() { $this->assertEmpty($this->security->xss_hash); @@ -91,6 +162,17 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + public function test_get_random_bytes() + { + $length = "invalid"; + $this->assertFalse($this->security->get_random_bytes($length)); + + $length = 10; + $this->assertNotEmpty($this->security->get_random_bytes($length)); + } + + // -------------------------------------------------------------------- + public function test_entity_decode() { $encoded = '<div>Hello <b>Booya</b></div>'; @@ -115,4 +197,54 @@ class Security_test extends CI_TestCase { $this->assertEquals('foo', $safe_filename); } -}
\ No newline at end of file + // -------------------------------------------------------------------- + + public function test_strip_image_tags() + { + $imgtags = array( + '<img src="smiley.gif" alt="Smiley face" height="42" width="42">', + '<img alt="Smiley face" height="42" width="42" src="smiley.gif">', + '<img src="http://www.w3schools.com/images/w3schools_green.jpg">', + '<img src="/img/sunset.gif" height="100%" width="100%">', + '<img src="mdn-logo-sm.png" alt="MD Logo" srcset="mdn-logo-HD.png 2x, mdn-logo-small.png 15w, mdn-banner-HD.png 100w 2x" />', + '<img sqrc="/img/sunset.gif" height="100%" width="100%">', + '<img srqc="/img/sunset.gif" height="100%" width="100%">', + '<img srcq="/img/sunset.gif" height="100%" width="100%">' + ); + + $urls = array( + 'smiley.gif', + 'smiley.gif', + 'http://www.w3schools.com/images/w3schools_green.jpg', + '/img/sunset.gif', + 'mdn-logo-sm.png', + '<img sqrc="/img/sunset.gif" height="100%" width="100%">', + '<img srqc="/img/sunset.gif" height="100%" width="100%">', + '<img srcq="/img/sunset.gif" height="100%" width="100%">' + ); + + for ($i = 0; $i < count($imgtags); $i++) + { + $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); + } + } + + // -------------------------------------------------------------------- + + public function test_csrf_set_hash() + { + // Set cookie for security test + $_COOKIE['ci_csrf_cookie'] = md5(uniqid(mt_rand(), TRUE)); + + // Set config for Security class + $this->ci_set_config('csrf_protection', TRUE); + $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); + + // leave csrf_cookie_name as blank to test _csrf_set_hash function + $this->ci_set_config('csrf_cookie_name', ''); + + $this->security = new Mock_Core_Security(); + + $this->assertNotEmpty($this->security->get_csrf_hash()); + } +} diff --git a/tests/codeigniter/core/compat/password_test.php b/tests/codeigniter/core/compat/password_test.php index c37c6ac0c..8a507d14a 100644 --- a/tests/codeigniter/core/compat/password_test.php +++ b/tests/codeigniter/core/compat/password_test.php @@ -132,7 +132,7 @@ class password_test extends CI_TestCase { $this->assertFalse(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 10, 'foo' => 3))); // invalid: different (lower) cost - $this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 09))); + $this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 9))); // invalid: different (higher) cost $this->assertTrue(password_needs_rehash('$2y$10$MTIzNDU2Nzg5MDEyMzQ1Nej0NmcAWSLR.oP7XOR9HD/vjUuOj100y', PASSWORD_BCRYPT, array('cost' => 11))); |