From c7533fc1b25eda818b371967be97a26e275e55c5 Mon Sep 17 00:00:00 2001 From: Heesung Ahn Date: Mon, 9 Mar 2015 19:02:27 -0400 Subject: Update Security Unit test Signed-off-by:Heesung Ahn --- tests/codeigniter/core/Security_test.php | 94 +++++++++++++++++++++++++++++++- 1 file changed, 91 insertions(+), 3 deletions(-) (limited to 'tests/codeigniter/core') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index c96eecf02..7d415131b 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -45,7 +45,7 @@ class Security_test extends CI_TestCase { $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); } - + // -------------------------------------------------------------------- public function test_get_csrf_hash() @@ -70,13 +70,70 @@ class Security_test extends CI_TestCase { $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } + + // -------------------------------------------------------------------- + + public function test_xss_clean_string_array() + { + $harm_strings = array( + "Hello, i try to your site", + "Simple clean string", + "Hello, i try to your site" + ); + + $harmless_strings = $this->security->xss_clean($harm_strings); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]); + $this->assertEquals("Simple clean string", $harmless_strings[1]); + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean_image_valid() + { + $harm_string = ''; + + $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); + $this->assertTrue($xss_clean_return); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean_image_invalid() + { + $harm_string = ''; + + $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); + + $this->assertFalse($xss_clean_return); + } + + // -------------------------------------------------------------------- + public function test_xss_clean_entity_double_encoded() { $input = 'Clickhere'; $this->assertEquals('Clickhere', $this->security->xss_clean($input)); } - + + // -------------------------------------------------------------------- + + public function test_xss_clean_js_img_removal() + { + $input = 'Clickhere'; + $this->assertEquals('', $this->security->xss_clean($input)); + } + + // -------------------------------------------------------------------- + + public function test_xss_clean_sanitize_naughty_html() + { + $input = ''; + $this->assertEquals('<blink>', $this->security->xss_clean($input)); + } + // -------------------------------------------------------------------- public function test_remove_evil_attributes() @@ -101,7 +158,19 @@ class Security_test extends CI_TestCase { $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- + + public function test_get_random_bytes() + { + $length = "invalid"; + $this->assertFalse($this->security->get_random_bytes($length)); + + + $length = 10; + $this->assertNotEmpty($this->security->get_random_bytes($length)); + } + + // -------------------------------------------------------------------- public function test_entity_decode() { @@ -158,4 +227,23 @@ class Security_test extends CI_TestCase { $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); } } + + // -------------------------------------------------------------------- + + public function test_csrf_set_hash() + { + // Set cookie for security test + $_COOKIE['ci_csrf_cookie'] = md5(uniqid(mt_rand(), TRUE)); + + // Set config for Security class + $this->ci_set_config('csrf_protection', TRUE); + $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); + + // leave csrf_cookie_name as blank to test _csrf_set_hash function + $this->ci_set_config('csrf_cookie_name', ''); + + $this->security = new Mock_Core_Security(); + + $this->assertNotEmpty($this->security->get_csrf_hash()); + } } \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 34eca8aa7ffbbacd18a54809a25e63db389eacd3 Mon Sep 17 00:00:00 2001 From: Heesung Ahn Date: Mon, 9 Mar 2015 19:36:29 -0400 Subject: Update Security Unit test Signed-off-by:Heesung Ahn --- tests/codeigniter/core/Security_test.php | 36 ++++++++++++++++---------------- 1 file changed, 18 insertions(+), 18 deletions(-) (limited to 'tests/codeigniter/core') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 7d415131b..8faf1b58a 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -45,7 +45,7 @@ class Security_test extends CI_TestCase { $this->assertInstanceOf('CI_Security', $this->security->csrf_verify()); } - + // -------------------------------------------------------------------- public function test_get_csrf_hash() @@ -70,7 +70,7 @@ class Security_test extends CI_TestCase { $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string); } - + // -------------------------------------------------------------------- public function test_xss_clean_string_array() @@ -87,9 +87,9 @@ class Security_test extends CI_TestCase { $this->assertEquals("Simple clean string", $harmless_strings[1]); $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); } - + // -------------------------------------------------------------------- - + public function test_xss_clean_image_valid() { $harm_string = ''; @@ -98,9 +98,9 @@ class Security_test extends CI_TestCase { $this->assertTrue($xss_clean_return); } - + // -------------------------------------------------------------------- - + public function test_xss_clean_image_invalid() { $harm_string = ''; @@ -109,31 +109,31 @@ class Security_test extends CI_TestCase { $this->assertFalse($xss_clean_return); } - + // -------------------------------------------------------------------- - + public function test_xss_clean_entity_double_encoded() { $input = 'Clickhere'; $this->assertEquals('Clickhere', $this->security->xss_clean($input)); } - + // -------------------------------------------------------------------- - + public function test_xss_clean_js_img_removal() { $input = 'Clickhere'; $this->assertEquals('', $this->security->xss_clean($input)); } - + // -------------------------------------------------------------------- - + public function test_xss_clean_sanitize_naughty_html() { $input = ''; $this->assertEquals('<blink>', $this->security->xss_clean($input)); } - + // -------------------------------------------------------------------- public function test_remove_evil_attributes() @@ -159,7 +159,7 @@ class Security_test extends CI_TestCase { } // -------------------------------------------------------------------- - + public function test_get_random_bytes() { $length = "invalid"; @@ -169,7 +169,7 @@ class Security_test extends CI_TestCase { $length = 10; $this->assertNotEmpty($this->security->get_random_bytes($length)); } - + // -------------------------------------------------------------------- public function test_entity_decode() @@ -195,7 +195,7 @@ class Security_test extends CI_TestCase { $this->assertEquals('foo', $safe_filename); } - + // -------------------------------------------------------------------- public function test_strip_image_tags() @@ -227,9 +227,9 @@ class Security_test extends CI_TestCase { $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); } } - + // -------------------------------------------------------------------- - + public function test_csrf_set_hash() { // Set cookie for security test -- cgit v1.2.3-24-g4f1b From a1525136a25404c40dff8383ec7ff1b4f5d3e68b Mon Sep 17 00:00:00 2001 From: Heesung Ahn Date: Tue, 10 Mar 2015 09:26:39 -0400 Subject: Fixed indentation Signed-off-by:Heesung Ahn --- tests/codeigniter/core/Security_test.php | 131 +++++++++++++++---------------- 1 file changed, 65 insertions(+), 66 deletions(-) (limited to 'tests/codeigniter/core') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 8faf1b58a..7f467fb1b 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -73,44 +73,44 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- - public function test_xss_clean_string_array() + public function test_xss_clean_string_array() { - $harm_strings = array( - "Hello, i try to your site", - "Simple clean string", - "Hello, i try to your site" - ); + $harm_strings = array( + "Hello, i try to your site", + "Simple clean string", + "Hello, i try to your site" + ); $harmless_strings = $this->security->xss_clean($harm_strings); - - $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]); - $this->assertEquals("Simple clean string", $harmless_strings[1]); - $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); + + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]); + $this->assertEquals("Simple clean string", $harmless_strings[1]); + $this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_image_valid() + public function test_xss_clean_image_valid() { - $harm_string = ''; + $harm_string = ''; $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); $this->assertTrue($xss_clean_return); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_image_invalid() + public function test_xss_clean_image_invalid() { - $harm_string = ''; + $harm_string = ''; $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); $this->assertFalse($xss_clean_return); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- public function test_xss_clean_entity_double_encoded() { @@ -118,17 +118,17 @@ class Security_test extends CI_TestCase { $this->assertEquals('Clickhere', $this->security->xss_clean($input)); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_js_img_removal() + public function test_xss_clean_js_img_removal() { $input = 'Clickhere'; $this->assertEquals('', $this->security->xss_clean($input)); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_xss_clean_sanitize_naughty_html() + public function test_xss_clean_sanitize_naughty_html() { $input = ''; $this->assertEquals('<blink>', $this->security->xss_clean($input)); @@ -158,19 +158,18 @@ class Security_test extends CI_TestCase { $this->assertTrue(preg_match('#^[0-9a-f]{32}$#iS', $this->security->xss_hash) === 1); } - // -------------------------------------------------------------------- - - public function test_get_random_bytes() - { - $length = "invalid"; - $this->assertFalse($this->security->get_random_bytes($length)); + // -------------------------------------------------------------------- + public function test_get_random_bytes() + { + $length = "invalid"; + $this->assertFalse($this->security->get_random_bytes($length)); - $length = 10; - $this->assertNotEmpty($this->security->get_random_bytes($length)); - } + $length = 10; + $this->assertNotEmpty($this->security->get_random_bytes($length)); + } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- public function test_entity_decode() { @@ -196,54 +195,54 @@ class Security_test extends CI_TestCase { $this->assertEquals('foo', $safe_filename); } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- public function test_strip_image_tags() { - $imgtags = Array( - 'Smiley face', - 'Smiley face', - '', - '', - 'MD Logo', - '', - '', - '' - ); - - $urls = Array( - 'smiley.gif', - 'smiley.gif', - 'http://www.w3schools.com/images/w3schools_green.jpg', - '/img/sunset.gif', - 'mdn-logo-sm.png', - '', - '', - '' - ); - - for($i = 0; $i < count($imgtags); $i++) - { - $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); - } + $imgtags = Array( + 'Smiley face', + 'Smiley face', + '', + '', + 'MD Logo', + '', + '', + '' + ); + + $urls = Array( + 'smiley.gif', + 'smiley.gif', + 'http://www.w3schools.com/images/w3schools_green.jpg', + '/img/sunset.gif', + 'mdn-logo-sm.png', + '', + '', + '' + ); + + for($i = 0; $i < count($imgtags); $i++) + { + $this->assertEquals($urls[$i], $this->security->strip_image_tags($imgtags[$i])); + } } - // -------------------------------------------------------------------- + // -------------------------------------------------------------------- - public function test_csrf_set_hash() + public function test_csrf_set_hash() { - // Set cookie for security test + // Set cookie for security test $_COOKIE['ci_csrf_cookie'] = md5(uniqid(mt_rand(), TRUE)); // Set config for Security class $this->ci_set_config('csrf_protection', TRUE); $this->ci_set_config('csrf_token_name', 'ci_csrf_token'); - - // leave csrf_cookie_name as blank to test _csrf_set_hash function + + // leave csrf_cookie_name as blank to test _csrf_set_hash function $this->ci_set_config('csrf_cookie_name', ''); $this->security = new Mock_Core_Security(); - - $this->assertNotEmpty($this->security->get_csrf_hash()); - } + + $this->assertNotEmpty($this->security->get_csrf_hash()); + } } \ No newline at end of file -- cgit v1.2.3-24-g4f1b