You are here

Home » API reference » Content-Security-Policy 8 » CoreCspSubscriberTest.php

class CoreCspSubscriberTest in Content-Security-Policy 8

@coversDefaultClass \Drupal\csp\EventSubscriber\CoreCspSubscriber @group csp

Hierarchy

Expanded class hierarchy of CoreCspSubscriberTest

File

tests/src/Unit/EventSubscriber/CoreCspSubscriberTest.php, line 18

Namespace

Drupal\Tests\csp\Unit\EventSubscriber
View source 
class CoreCspSubscriberTest extends UnitTestCase {

  /**
   * The Library Dependency Resolver service.
   *
   * @var \Drupal\Core\Asset\LibraryDependencyResolverInterface|\PHPUnit\Framework\MockObject\MockObject
   */
  private $libraryDependencyResolver;

  /**
   * The Module Handler service.
   *
   * @var \Drupal\Core\Extension\ModuleHandlerInterface|\PHPUnit\Framework\MockObject\MockObject
   */
  private $moduleHandler;

  /**
   * The event subscriber for core modules.
   *
   * @var \Drupal\csp\EventSubscriber\CoreCspSubscriber
   */
  private $coreCspSubscriber;

  /**
   * The response object.
   *
   * @var \Drupal\Core\Render\HtmlResponse|\PHPUnit\Framework\MockObject\MockObject
   */
  private $response;

  /**
   * {@inheritdoc}
   */
  public function setUp() : void {
    parent::setUp();
    $this->libraryDependencyResolver = $this
      ->getMockBuilder(LibraryDependencyResolverInterface::class)
      ->disableOriginalConstructor()
      ->getMock();
    $this->libraryDependencyResolver
      ->method('getLibrariesWithDependencies')
      ->willReturnArgument(0);
    $this->moduleHandler = $this
      ->getMockBuilder(ModuleHandlerInterface::class)
      ->disableOriginalConstructor()
      ->getMock();
    $this->response = $this
      ->getMockBuilder(HtmlResponse::class)
      ->disableOriginalConstructor()
      ->getMock();
    $this->coreCspSubscriber = new CoreCspSubscriber($this->libraryDependencyResolver, $this->moduleHandler);
  }

  /**
   * Check that the subscriber listens to the Policy Alter event.
   *
   * @covers ::getSubscribedEvents
   */
  public function testSubscribedEvents() {
    $this
      ->assertArrayHasKey(CspEvents::POLICY_ALTER, CoreCspSubscriber::getSubscribedEvents());
  }

  /**
   * Test a response with no attachments.
   *
   * Classes like AjaxResponse may return an empty array, so an error shouldn't
   * be thrown if the 'library' element does not exist.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testNoAttachments() {
    $policy = new Csp();
    $this->response
      ->method('getAttachments')
      ->willReturn([]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->addToAssertionCount(1);
  }

  /**
   * CKEditor shouldn't alter the policy if no directives are enabled.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorScriptNoDirectives() {
    $policy = new Csp();
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'core/ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertFalse($alterEvent
      ->getPolicy()
      ->hasDirective('script-src'));
    $this
      ->assertFalse($alterEvent
      ->getPolicy()
      ->hasDirective('script-src-attr'));
    $this
      ->assertFalse($alterEvent
      ->getPolicy()
      ->hasDirective('script-src-elem'));
  }

  /**
   * Test that including ckeditor modifies enabled script directives.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorScript() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_ANY,
    ]);
    $policy
      ->setDirective('script-src', [
      Csp::POLICY_SELF,
    ]);
    $policy
      ->setDirective('script-src-attr', [
      Csp::POLICY_SELF,
    ]);
    $policy
      ->setDirective('script-src-elem', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'core/ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src-attr'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src-elem'));
  }

  /**
   * Test script-src-attr fallback if script-src enabled.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorScriptAttrFallback() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_ANY,
    ]);
    $policy
      ->setDirective('script-src', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'core/ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], array_unique($alterEvent
      ->getPolicy()
      ->getDirective('script-src-attr')));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src-elem'));
  }

  /**
   * Test fallback if only default-src is enabled.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorScriptDefaultFallback() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'core/ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], array_unique($alterEvent
      ->getPolicy()
      ->getDirective('script-src-attr')));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('script-src-elem'));
  }

  /**
   * Test that including ckeditor modifies enabled style directives.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorStyle() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_ANY,
    ]);
    $policy
      ->setDirective('style-src', [
      Csp::POLICY_SELF,
    ]);
    $policy
      ->setDirective('style-src-attr', [
      Csp::POLICY_SELF,
    ]);
    $policy
      ->setDirective('style-src-elem', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'ckeditor/drupal.ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('style-src'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('style-src-attr'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('style-src-elem'));
  }

  /**
   * Test style-src-elem fallback if style-src enabled.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorStyleElemFallback() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_ANY,
    ]);
    $policy
      ->setDirective('style-src', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'ckeditor/drupal.ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('style-src'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], array_unique($alterEvent
      ->getPolicy()
      ->getDirective('style-src-attr')));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], array_unique($alterEvent
      ->getPolicy()
      ->getDirective('style-src-elem')));
  }

  /**
   * Test style-src-elem fallback if default-src enabled.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testCkeditorStyleDefaultFallback() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'ckeditor/drupal.ckeditor',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], $alterEvent
      ->getPolicy()
      ->getDirective('style-src'));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], array_unique($alterEvent
      ->getPolicy()
      ->getDirective('style-src-attr')));
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      Csp::POLICY_UNSAFE_INLINE,
    ], array_unique($alterEvent
      ->getPolicy()
      ->getDirective('style-src-elem')));
  }

  /**
   * Test that including umami modifies enabled font directive.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testUmamiFont() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_ANY,
    ]);
    $policy
      ->setDirective('font-src', []);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'umami/webfonts',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      'https://fonts.gstatic.com',
    ], $alterEvent
      ->getPolicy()
      ->getDirective('font-src'));
  }

  /**
   * Test font-src fallback if default-src enabled.
   *
   * @covers ::onCspPolicyAlter
   */
  public function testUmamiFontDefaultFallback() {
    $policy = new Csp();
    $policy
      ->setDirective('default-src', [
      Csp::POLICY_SELF,
    ]);
    $this->response
      ->method('getAttachments')
      ->willReturn([
      'library' => [
        'umami/webfonts',
      ],
    ]);
    $alterEvent = new PolicyAlterEvent($policy, $this->response);
    $this->coreCspSubscriber
      ->onCspPolicyAlter($alterEvent);
    $this
      ->assertEquals([
      Csp::POLICY_SELF,
      'https://fonts.gstatic.com',
    ], $alterEvent
      ->getPolicy()
      ->getDirective('font-src'));
  }

}

Members

Namesort descending Modifiers Type Description Overrides
CoreCspSubscriberTest::$coreCspSubscriber private property The event subscriber for core modules.
CoreCspSubscriberTest::$libraryDependencyResolver private property The Library Dependency Resolver service.
CoreCspSubscriberTest::$moduleHandler private property The Module Handler service.
CoreCspSubscriberTest::$response private property The response object.
CoreCspSubscriberTest::setUp public function Overrides UnitTestCase::setUp
CoreCspSubscriberTest::testCkeditorScript public function Test that including ckeditor modifies enabled script directives.
CoreCspSubscriberTest::testCkeditorScriptAttrFallback public function Test script-src-attr fallback if script-src enabled.
CoreCspSubscriberTest::testCkeditorScriptDefaultFallback public function Test fallback if only default-src is enabled.
CoreCspSubscriberTest::testCkeditorScriptNoDirectives public function CKEditor shouldn't alter the policy if no directives are enabled.
CoreCspSubscriberTest::testCkeditorStyle public function Test that including ckeditor modifies enabled style directives.
CoreCspSubscriberTest::testCkeditorStyleDefaultFallback public function Test style-src-elem fallback if default-src enabled.
CoreCspSubscriberTest::testCkeditorStyleElemFallback public function Test style-src-elem fallback if style-src enabled.
CoreCspSubscriberTest::testNoAttachments public function Test a response with no attachments.
CoreCspSubscriberTest::testSubscribedEvents public function Check that the subscriber listens to the Policy Alter event.
CoreCspSubscriberTest::testUmamiFont public function Test that including umami modifies enabled font directive.
CoreCspSubscriberTest::testUmamiFontDefaultFallback public function Test font-src fallback if default-src enabled.
PhpunitCompatibilityTrait::getMock Deprecated public function Returns a mock object for the specified class using the available method.
PhpunitCompatibilityTrait::setExpectedException Deprecated public function Compatibility layer for PHPUnit 6 to support PHPUnit 4 code.
UnitTestCase::$randomGenerator protected property The random generator.
UnitTestCase::$root protected property The app root. 1
UnitTestCase::assertArrayEquals protected function Asserts if two arrays are equal by sorting them first.
UnitTestCase::getBlockMockWithMachineName Deprecated protected function Mocks a block with a block plugin. 1
UnitTestCase::getClassResolverStub protected function Returns a stub class resolver.
UnitTestCase::getConfigFactoryStub public function Returns a stub config factory that behaves according to the passed array.
UnitTestCase::getConfigStorageStub public function Returns a stub config storage that returns the supplied configuration.
UnitTestCase::getContainerWithCacheTagsInvalidator protected function Sets up a container with a cache tags invalidator.
UnitTestCase::getRandomGenerator protected function Gets the random generator for the utility methods.
UnitTestCase::getStringTranslationStub public function Returns a stub translation manager that just returns the passed string.
UnitTestCase::randomMachineName public function Generates a unique random string containing letters and numbers.