makary/phpbb
1
0
Fork 0
mirror of https://github.com/phpbb/phpbb.git synced 2025-06-08 04:18:52 +00:00
Code Issues Projects Releases Packages Wiki Activity

[ticket/13280] Make the tests failing

Browse source 
PHPBB3-13280
This commit is contained in:
Tristan Darricau 2014-11-12 12:16:36 +01:00
parent 6d533d2f86
commit f142ed28e4
4 changed files with 78 additions and 100 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

50
tests/security/base.php
View file

@ -13,6 +13,8 @@
abstract class phpbb_security_test_base extends phpbb_test_case abstract class phpbb_security_test_base extends phpbb_test_case
{ {
protected $server = array();
/** /**
* Set up the required user object and server variables for the suites * Set up the required user object and server variables for the suites
*/ */
@ -21,17 +23,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case
global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem; global $user, $phpbb_root_path, $phpEx, $request, $symfony_request, $phpbb_filesystem;
// Put this into a global function being run by every test to init a proper user session // Put this into a global function being run by every test to init a proper user session
$server['HTTP_HOST'] = 'localhost'; $this->server['HTTP_HOST'] = 'localhost';
$server['SERVER_NAME'] = 'localhost'; $this->server['SERVER_NAME'] = 'localhost';
$server['SERVER_ADDR'] = '127.0.0.1'; $this->server['SERVER_ADDR'] = '127.0.0.1';
$server['SERVER_PORT'] = 80; $this->server['SERVER_PORT'] = 80;
$server['REMOTE_ADDR'] = '127.0.0.1'; $this->server['REMOTE_ADDR'] = '127.0.0.1';
$server['QUERY_STRING'] = ''; $this->server['QUERY_STRING'] = '';
$server['REQUEST_URI'] = '/tests/'; $this->server['REQUEST_URI'] = '/tests/';
$server['SCRIPT_NAME'] = '/tests/index.php'; $this->server['SCRIPT_NAME'] = '/tests/index.php';
$server['PHP_SELF'] = '/tests/index.php'; $this->server['SCRIPT_FILENAME'] = '/var/www/tests/index.php';
$server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14'; $this->server['PHP_SELF'] = '/tests/index.php';
$server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3'; $this->server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
$this->server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
/* /*
[HTTP_ACCEPT_ENCODING] => gzip,deflate [HTTP_ACCEPT_ENCODING] => gzip,deflate
@ -40,31 +43,18 @@ abstract class phpbb_security_test_base extends phpbb_test_case
[SCRIPT_FILENAME] => /var/www/tests/index.php [SCRIPT_FILENAME] => /var/www/tests/index.php
*/ */
$request = new phpbb_mock_request(array(), array(), array(), $server); $request = new phpbb_mock_request(array(), array(), array(), $this->server);
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( $symfony_request = new \phpbb\symfony_request($request);
$request,
)); $phpbb_filesystem = new \phpbb\filesystem();
$symfony_request->expects($this->any())
->method('getScriptName')
->will($this->returnValue($server['SCRIPT_NAME']));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($server['QUERY_STRING']));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue('/'));
$phpbb_filesystem = new \phpbb\filesystem($symfony_request, $phpbb_root_path, $phpEx);
// Set no user and trick a bit to circumvent errors // Set no user and trick a bit to circumvent errors
$user = new \phpbb\user('\phpbb\datetime'); $user = new \phpbb\user('\phpbb\datetime');
$user->lang = true; $user->lang = true;
$user->browser = $server['HTTP_USER_AGENT']; $user->browser = $this->server['HTTP_USER_AGENT'];
$user->referer = ''; $user->referer = '';
$user->forwarded_for = ''; $user->forwarded_for = '';
$user->host = $server['HTTP_HOST']; $user->host = $this->server['HTTP_HOST'];
$user->page = \phpbb\session::extract_current_page($phpbb_root_path); $user->page = \phpbb\session::extract_current_page($phpbb_root_path);
} }

49
tests/security/extract_current_page_test.php
View file

@ -20,33 +20,25 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
public function security_variables() public function security_variables()
{ {
return array( return array(
array('http://localhost/phpBB/index.php', 'mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), array('mark=forums&x="><script>alert(/XSS/);</script>', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
array('http://localhost/phpBB/index.php', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E'), array('mark=forums&x=%22%3E%3Cscript%3Ealert(/XSS/);%3C/script%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
array('mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E', 'mark=forums&x=%22%3E%3Cscript%3Ealert%28%2FXSS%2F%29%3B%3C%2Fscript%3E'),
); );
} }
/** /**
* @dataProvider security_variables * @dataProvider security_variables
*/ */
public function test_query_string_php_self($url, $query_string, $expected) public function test_query_string_php_self($query_string, $expected)
{ {
global $symfony_request, $request; global $symfony_request, $request;
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( $this->server['REQUEST_URI'] = '';
$request, $this->server['QUERY_STRING'] = $query_string;
));
$symfony_request->expects($this->any()) $request = new phpbb_mock_request(array(), array(), array(), $this->server);
->method('getScriptName') $symfony_request = new \phpbb\symfony_request($request);
->will($this->returnValue($url));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($query_string));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue('/'));
$result = \phpbb\session::extract_current_page('./'); $result = \phpbb\session::extract_current_page('./');
$label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.'; $label = 'Running extract_current_page on ' . $query_string . ' with PHP_SELF filled.';
@ -56,25 +48,14 @@ class phpbb_security_extract_current_page_test extends phpbb_security_test_base
/** /**
* @dataProvider security_variables * @dataProvider security_variables
*/ */
public function test_query_string_request_uri($url, $query_string, $expected) public function test_query_string_request_uri($query_string, $expected)
{ {
global $symfony_request, $request; global $symfony_request, $request;
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( $this->server['QUERY_STRING'] = $query_string;
$request,
)); $request = new phpbb_mock_request(array(), array(), array(), $this->server);
$symfony_request->expects($this->any()) $symfony_request = new \phpbb\symfony_request($request);
->method('getScriptName')
->will($this->returnValue($url));
$symfony_request->expects($this->any())
->method('getQueryString')
->will($this->returnValue($query_string));
$symfony_request->expects($this->any())
->method('getBasePath')
->will($this->returnValue($server['REQUEST_URI']));
$symfony_request->expects($this->any())
->method('getPathInfo')
->will($this->returnValue('/'));
$result = \phpbb\session::extract_current_page('./'); $result = \phpbb\session::extract_current_page('./');

4
tests/security/redirect_test.php
View file

@ -73,6 +73,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
protected function setUp() protected function setUp()
{ {
global $phpbb_dispatcher;
parent::setUp(); parent::setUp();
$GLOBALS['config'] = array( $GLOBALS['config'] = array(
@ -80,6 +82,8 @@ class phpbb_security_redirect_test extends phpbb_security_test_base
); );
$this->path_helper = $this->get_path_helper(); $this->path_helper = $this->get_path_helper();
$phpbb_dispatcher = new phpbb_mock_event_dispatcher();
} }
/** /**

47
tests/session/extract_page_test.php
View file

@ -12,6 +12,7 @@
*/ */
require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php'; require_once dirname(__FILE__) . '/../test_framework/phpbb_session_test_case.php';
require_once dirname(__FILE__) . '/../../phpBB/includes/functions.php';
class phpbb_session_extract_page_test extends phpbb_session_test_case class phpbb_session_extract_page_test extends phpbb_session_test_case
{ {
@ -99,7 +100,7 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
// ^-- Ignored because .. returns different directory in live vs testing // ^-- Ignored because .. returns different directory in live vs testing
'query_string' => '', 'query_string' => '',
'script_path' => '/phpBB/adm/', 'script_path' => '/phpBB/adm/',
//'root_script_path' => '/phpBB/', //'root_script_path' => '/phpBB/adm/',
//'page' => 'adm/index.php', //'page' => 'adm/index.php',
'forum' => 0, 'forum' => 0,
), ),
@ -108,15 +109,15 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
'./', './',
'/phpBB/adm/app.php', '/phpBB/adm/app.php',
'page=1&test=2', 'page=1&test=2',
'/phpBB/', '/phpBB/adm/',
'/foo/bar', '/foo/bar',
array( array(
'page_name' => 'app.php/foo/bar', 'page_name' => 'app.php/foo/bar',
'page_dir' => '', //'page_dir' => '',
'query_string' => 'page=1&test=2', 'query_string' => 'page=1&test=2',
'script_path' => '/phpBB/', 'script_path' => '/phpBB/adm/',
'root_script_path' => '/phpBB/', //'root_script_path' => '/phpBB/adm/',
'page' => 'app.php/foo/bar?page=1&test=2', //'page' => 'app.php/foo/bar?page=1&test=2',
'forum' => 0, 'forum' => 0,
), ),
), ),
@ -142,23 +143,25 @@ class phpbb_session_extract_page_test extends phpbb_session_test_case
/** @dataProvider extract_current_page_data */ /** @dataProvider extract_current_page_data */
function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected) function test_extract_current_page($root_path, $getScriptName, $getQueryString, $getBasePath, $getPathInfo, $expected)
{ {
global $symfony_request; global $symfony_request, $request, $phpbb_filesystem;
$symfony_request = $this->getMock("\phpbb\symfony_request", array(), array( $phpbb_filesystem = new \phpbb\filesystem();
new phpbb_mock_request(),
)); $server['HTTP_HOST'] = 'localhost';
$symfony_request->expects($this->any()) $server['SERVER_NAME'] = 'localhost';
->method('getScriptName') $server['SERVER_ADDR'] = '127.0.0.1';
->will($this->returnValue($getScriptName)); $server['SERVER_PORT'] = 80;
$symfony_request->expects($this->any()) $server['REMOTE_ADDR'] = '127.0.0.1';
->method('getQueryString') $server['QUERY_STRING'] = $getQueryString;
->will($this->returnValue($getQueryString)); $server['REQUEST_URI'] = $getScriptName . $getPathInfo . ($getQueryString === '' ? '' : '?' . $getQueryString);
$symfony_request->expects($this->any()) $server['SCRIPT_NAME'] = $getScriptName;
->method('getBasePath') $server['SCRIPT_FILENAME'] = '/var/www/' . $getScriptName;
->will($this->returnValue($getBasePath)); $server['PHP_SELF'] = $getScriptName;
$symfony_request->expects($this->any()) $server['HTTP_USER_AGENT'] = 'Mozilla/5.0 (Windows; U; Windows NT 6.0; de; rv:1.8.1.14) Gecko/20080404 Firefox/2.0.0.14';
->method('getPathInfo') $server['HTTP_ACCEPT_LANGUAGE'] = 'de-de,de;q=0.8,en-us;q=0.5,en;q=0.3';
->will($this->returnValue($getPathInfo));
$request = new phpbb_mock_request(array(), array(), array(), $server);
$symfony_request = new \phpbb\symfony_request($request);
$output = \phpbb\session::extract_current_page($root_path); $output = \phpbb\session::extract_current_page($root_path);