From 8af88f3f729b7bcfd2a106f858b5445deafe5ed0 Mon Sep 17 00:00:00 2001 From: Taufan Aditya Date: Tue, 15 May 2012 21:52:53 +0700 Subject: Security Code coverage --- tests/codeigniter/core/Security_test.php | 79 ++++++++++++++++++++++++++++++++ 1 file changed, 79 insertions(+) create mode 100644 tests/codeigniter/core/Security_test.php (limited to 'tests/codeigniter/core/Security_test.php') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php new file mode 100644 index 000000000..c3b526965 --- /dev/null +++ b/tests/codeigniter/core/Security_test.php @@ -0,0 +1,79 @@ +ci_set_config('csrf_protection', TRUE); + $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); + // @see : ./Bootstrap.php Line 16 + $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie'); + $this->ci_set_config('csrf_expire', 7200); + $this->ci_set_config('csrf_regenerate', TRUE); + $this->ci_set_config('csrf_exclude_uris', array()); + + $this->ci_set_config('cookie_prefix', ""); + $this->ci_set_config('cookie_domain', ""); + $this->ci_set_config('cookie_path', "/"); + $this->ci_set_config('cookie_secure', FALSE); + $this->ci_set_config('cookie_httponly', FALSE); + + $this->security = new Mock_Core_Security(); + } + + // -------------------------------------------------------------------- + + public function test_csrf_verify() + { + $_SERVER['REQUEST_METHOD'] = 'GET'; + + $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); + } + + // -------------------------------------------------------------------- + + public function test_csrf_verify_invalid() + { + // Without issuing $_POST[csrf_token_name], this request will triggering CSRF error + $_SERVER['REQUEST_METHOD'] = 'POST'; + + $this->setExpectedException('RuntimeException', 'CI Error: The action you have requested is not allowed'); + + $this->security->csrf_verify(); + } + + // -------------------------------------------------------------------- + + public function test_csrf_verify_valid() + { + $_SERVER['REQUEST_METHOD'] = 'POST'; + $_POST[$this->security->csrf_token_name] = $this->security->csrf_hash; + + $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); + } + + // -------------------------------------------------------------------- + + public function test_get_csrf_hash() + { + $this->assertEquals($this->security->csrf_hash, $this->security->get_csrf_hash()); + } + + // -------------------------------------------------------------------- + + public function test_get_csrf_token_name() + { + $this->assertEquals('ci_csrf_token', $this->security->get_csrf_token_name()); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean() + { + $harm_string = "Hello, i try to your site"; + + $harmless_string = $this->security->xss_clean($harm_string); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); + } +} \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 7756af5df0a53930019e9fd7b828504f0c2c5427 Mon Sep 17 00:00:00 2001 From: Taufan Aditya Date: Tue, 15 May 2012 23:57:05 +0700 Subject: Input class code-coverage --- tests/codeigniter/core/Security_test.php | 14 ++++---------- 1 file changed, 4 insertions(+), 10 deletions(-) (limited to 'tests/codeigniter/core/Security_test.php') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index c3b526965..1796ba74d 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -4,19 +4,13 @@ class Security_test extends CI_TestCase { public function set_up() { + // Set cookie for security test + $_COOKIE['ci_csrf_cookie'] = md5(uniqid(rand(), TRUE)); + + // Set config for Security class $this->ci_set_config('csrf_protection', TRUE); $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); - // @see : ./Bootstrap.php Line 16 $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie'); - $this->ci_set_config('csrf_expire', 7200); - $this->ci_set_config('csrf_regenerate', TRUE); - $this->ci_set_config('csrf_exclude_uris', array()); - - $this->ci_set_config('cookie_prefix', ""); - $this->ci_set_config('cookie_domain', ""); - $this->ci_set_config('cookie_path', "/"); - $this->ci_set_config('cookie_secure', FALSE); - $this->ci_set_config('cookie_httponly', FALSE); $this->security = new Mock_Core_Security(); } -- cgit v1.2.3-24-g4f1b From 6c7526c95b3fbd502dc8105a67fd38da793caa4e Mon Sep 17 00:00:00 2001 From: Taufan Aditya Date: Sun, 27 May 2012 13:51:27 +0700 Subject: Continuation for Security and Table code-coverage, add coverage report to travis --- tests/codeigniter/core/Security_test.php | 32 ++++++++++++++++++++++++++++++++ 1 file changed, 32 insertions(+) (limited to 'tests/codeigniter/core/Security_test.php') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 1796ba74d..b2f8c69d2 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -70,4 +70,36 @@ class Security_test extends CI_TestCase { $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } + + // -------------------------------------------------------------------- + + public function test_xss_hash() + { + $this->assertEmpty($this->security->xss_hash); + + // Perform hash + $this->security->xss_hash(); + + $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); + } + + // -------------------------------------------------------------------- + + public function test_entity_decode() + { + $encoded = '<div>Hello <b>Booya</b></div>'; + $decoded = $this->security->entity_decode($encoded); + + $this->assertEquals('
Hello Booya
', $decoded); + } + + // -------------------------------------------------------------------- + + public function test_sanitize_filename() + { + $filename = './'; + $safe_filename = $this->security->sanitize_filename($filename); + + $this->assertEquals('foo', $safe_filename); + } } \ No newline at end of file -- cgit v1.2.3-24-g4f1b From c186288755aba46a2b6f0c3f104d9a6ce6b11a7f Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Sat, 9 Jun 2012 23:16:58 +0300 Subject: Cleanup/optimize tests/codeigniter/ --- tests/codeigniter/core/Security_test.php | 23 ++++++++++++----------- 1 file changed, 12 insertions(+), 11 deletions(-) (limited to 'tests/codeigniter/core/Security_test.php') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index b2f8c69d2..3f6e3b07a 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -1,7 +1,7 @@ security = new Mock_Core_Security(); } - + // -------------------------------------------------------------------- - + public function test_csrf_verify() { $_SERVER['REQUEST_METHOD'] = 'GET'; @@ -25,7 +25,7 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_csrf_verify_invalid() { // Without issuing $_POST[csrf_token_name], this request will triggering CSRF error @@ -37,7 +37,7 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_csrf_verify_valid() { $_SERVER['REQUEST_METHOD'] = 'POST'; @@ -47,21 +47,21 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_get_csrf_hash() { $this->assertEquals($this->security->csrf_hash, $this->security->get_csrf_hash()); } // -------------------------------------------------------------------- - + public function test_get_csrf_token_name() { $this->assertEquals('ci_csrf_token', $this->security->get_csrf_token_name()); } // -------------------------------------------------------------------- - + public function test_xss_clean() { $harm_string = "Hello, i try to your site"; @@ -72,7 +72,7 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_xss_hash() { $this->assertEmpty($this->security->xss_hash); @@ -84,7 +84,7 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_entity_decode() { $encoded = '<div>Hello <b>Booya</b></div>'; @@ -94,7 +94,7 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_sanitize_filename() { $filename = './'; @@ -102,4 +102,5 @@ class Security_test extends CI_TestCase { $this->assertEquals('foo', $safe_filename); } + } \ No newline at end of file -- cgit v1.2.3-24-g4f1b