fanbinit/rhymix
1
0
Fork 0
mirror of https://github.com/Lastorder-DC/rhymix.git synced 2026-01-09 03:32:00 +09:00
Code Issues Projects Releases Packages Wiki Activity

Update unit tests

Browse source
This commit is contained in:
Kijin Sung 2016-03-11 15:36:36 +09:00
parent b89818e13d
commit e405fc69ac
4 changed files with 74 additions and 68 deletions
Download patch file Download diff file Expand all files Collapse all files

9
tests/unit/framework/DebugTest.php
View file

@ -45,10 +45,11 @@ class DebugTest extends \Codeception\TestCase\Test
'backtrace' => array(),
));
$queries = Rhymix\Framework\Debug::getQueries();
$this->assertEquals(1, count($queries));
$this->assertEquals('SELECT foo FROM bar', $queries[0]->query_string);
$this->assertEquals('This is a unit test', $queries[0]->message);
$this->assertEquals(1234, $queries[0]->error_code);
$this->assertGreaterThanOrEqual(1, count($queries));
$query = array_pop($queries);
$this->assertEquals('SELECT foo FROM bar', $query->query_string);
$this->assertEquals('This is a unit test', $query->message);
$this->assertEquals(1234, $query->error_code);
}
public function testDebugTranslateFilename()

0
tests/unit/framework/SecurityTest.php Normal file
View file

68
tests/unit/framework/security/HTMLFilterTest.php Normal file
View file

@ -0,0 +1,68 @@
<?php
class HTMLFilterTest extends \Codeception\TestCase\Test
{
public function testRemoveHackTag()
{
$tests = array(
// remove iframe
array(
'<div class="frame"><iframe src="path/to/file.html"></iframe><p><a href="#iframe">IFrame</a></p></div>',
'<div class="frame"><iframe></iframe><p><a href="#iframe">IFrame</a></p></div>'
),
// expression
array(
'<div class="dummy" style="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
'<div class="dummy"></div>'
),
// no quotes and no semicolon - http://ha.ckers.org/xss.html
array(
'<img src=javascript:alert(\'xss\')>',
''
),
// embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
array(
'<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">',
'<img src="jav%20ascript%3Aalert(\'XSS\');" alt="" />'
),
// issue 178
array(
'<img src="invalid.jpg"\nonerror="alert(1)" />',
'<img src="invalid.jpg" alt="" />'
),
// issue 534
array(
'<img src=\'as"df dummy=\'"1234\'" 4321\' asdf/*/>*/" onerror="console.log(\'Yet another XSS\')">',
'<img src="as" alt="" />*/" onerror="console.log(\'Yet another XSS\')"&gt;'
),
// issue 602
array(
'<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif" onload="eval(String.fromCharCode(105,61,49,48,48,59,119,104,105,108,101, 40,105,62,48,41,97,108,101,114,116,40,40,105,45,45,41,43,39,48264,47564,32, 45908,32,53364,47533,54616,49464,50836,39,41,59));">',
'<img alt="test" src="(http%3A//static.naver.com/www/u/2010/0611/nmms_215646753.gif" />'
),
// issue #1813 https://github.com/xpressengine/xe-core/issues/1813
array(
'<img src="?act=dispLayoutPreview" alt="dummy" />',
'<img alt="dummy" />'
),
array(
'<img src="?act =dispLayoutPreview" alt="dummy" />',
'<img alt="dummy" />'
),
array(
"<img src=\"?act\n=dispLayoutPreview\" alt=\"dummy\" />",
'<img alt="dummy" />'
),
array(
"<img src=\"?pam=act&a\nct =\r\n\tdispLayoutPreview\" alt=\"dummy\" />",
'<img alt="dummy" />'
)
);
foreach ($tests as $test)
{
$result = removeHackTag($test[0]);
$this->assertEquals($test[1], $result);
}
}
}

65
tests/unit/functions/LegacyTest.php
View file

@ -2,68 +2,5 @@
class LegacyTest extends \Codeception\TestCase\Test
{
public function testRemoveHackTag()
{
$tests = array(
// remove iframe
array(
'<div class="frame"><iframe src="path/to/file.html"></iframe><p><a href="#iframe">IFrame</a></p></div>',
// '<div class="frame">&lt;iframe src="path/to/file.html">&lt;/iframe><p><a href="#iframe">IFrame</a></p></div>'
'<div class="frame"><iframe></iframe><p><a href="#iframe">IFrame</a></p></div>'
),
// expression
array(
'<div class="dummy" style="xss:expr/*XSS*/ession(alert(\'XSS\'))">',
'<div class="dummy"></div>'
),
// no quotes and no semicolon - http://ha.ckers.org/xss.html
array(
'<img src=javascript:alert(\'xss\')>',
''
),
// embedded encoded tab to break up XSS - http://ha.ckers.org/xss.html
array(
'<IMG SRC="jav&#x09;ascript:alert(\'XSS\');">',
'<img src="jav%20ascript%3Aalert(\'XSS\');" alt="jav ascript:alert(\'XSS\');" />'
),
// issue 178
array(
'<img src="invalid.jpg"\nonerror="alert(1)" />',
'<img src="invalid.jpg" alt="invalid.jpg" />'
),
// issue 534
array(
'<img src=\'as"df dummy=\'"1234\'" 4321\' asdf/*/>*/" onerror="console.log(\'Yet another XSS\')">',
'<img src="as" alt="as&quot;df dummy=" />*/" onerror="console.log(\'Yet another XSS\')"&gt;'
),
// issue 602
array(
'<img alt="test" src="(http://static.naver.com/www/u/2010/0611/nmms_215646753.gif" onload="eval(String.fromCharCode(105,61,49,48,48,59,119,104,105,108,101, 40,105,62,48,41,97,108,101,114,116,40,40,105,45,45,41,43,39,48264,47564,32, 45908,32,53364,47533,54616,49464,50836,39,41,59));">',
'<img alt="test" src="(http%3A//static.naver.com/www/u/2010/0611/nmms_215646753.gif" />'
),
// issue #1813 https://github.com/xpressengine/xe-core/issues/1813
array(
'<img src="?act=dispLayoutPreview" alt="dummy" />',
'<img alt="dummy" />'
),
array(
'<img src="?act =dispLayoutPreview" alt="dummy" />',
'<img alt="dummy" />'
),
array(
"<img src=\"?act\n=dispLayoutPreview\" alt=\"dummy\" />",
'<img alt="dummy" />'
),
array(
"<img src=\"?pam=act&a\nct =\r\n\tdispLayoutPreview\" alt=\"dummy\" />",
'<img alt="dummy" />'
)
);
foreach ($tests as $test)
{
$result = removeHackTag($test[0]);
$this->assertEquals($test[1], $result);
}
}
}