You are here

public function RequestSanitizerTest::providerTestRequestSanitization in Drupal 9

Same name and namespace in other branches
  1. 8 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()
  2. 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()

Data provider for testRequestSanitization.

Return value

array

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 100

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function providerTestRequestSanitization() {
  $tests = [];
  $request = new Request([
    'q' => 'index.php',
  ]);
  $tests['no sanitization GET'] = [
    $request,
    [
      'query' => [
        'q' => 'index.php',
      ],
    ],
  ];
  $request = new Request([], [
    'field' => 'value',
  ]);
  $tests['no sanitization POST'] = [
    $request,
    [
      'request' => [
        'field' => 'value',
      ],
    ],
  ];
  $request = new Request([], [], [], [
    'key' => 'value',
  ]);
  $tests['no sanitization COOKIE'] = [
    $request,
    [
      'cookies' => [
        'key' => 'value',
      ],
    ],
  ];
  $request = new Request([
    'q' => 'index.php',
  ], [
    'field' => 'value',
  ], [], [
    'key' => 'value',
  ]);
  $tests['no sanitization GET, POST, COOKIE'] = [
    $request,
    [
      'query' => [
        'q' => 'index.php',
      ],
      'request' => [
        'field' => 'value',
      ],
      'cookies' => [
        'key' => 'value',
      ],
    ],
  ];
  $request = new Request([
    'q' => 'index.php',
  ]);
  $tests['no sanitization GET log'] = [
    $request,
    [
      'query' => [
        'q' => 'index.php',
      ],
    ],
    [],
  ];
  $request = new Request([], [
    'field' => 'value',
  ]);
  $tests['no sanitization POST log'] = [
    $request,
    [
      'request' => [
        'field' => 'value',
      ],
    ],
    [],
  ];
  $request = new Request([], [], [], [
    'key' => 'value',
  ]);
  $tests['no sanitization COOKIE log'] = [
    $request,
    [
      'cookies' => [
        'key' => 'value',
      ],
    ],
    [],
  ];
  $request = new Request([
    '#q' => 'index.php',
  ]);
  $tests['sanitization GET'] = [
    $request,
  ];
  $request = new Request([], [
    '#field' => 'value',
  ]);
  $tests['sanitization POST'] = [
    $request,
  ];
  $request = new Request([], [], [], [
    '#key' => 'value',
  ]);
  $tests['sanitization COOKIE'] = [
    $request,
  ];
  $request = new Request([
    '#q' => 'index.php',
  ], [
    '#field' => 'value',
  ], [], [
    '#key' => 'value',
  ]);
  $tests['sanitization GET, POST, COOKIE'] = [
    $request,
  ];
  $request = new Request([
    '#q' => 'index.php',
  ]);
  $tests['sanitization GET log'] = [
    $request,
    [],
    [
      'Potentially unsafe keys removed from query string parameters (GET): #q',
    ],
  ];
  $request = new Request([], [
    '#field' => 'value',
  ]);
  $tests['sanitization POST log'] = [
    $request,
    [],
    [
      'Potentially unsafe keys removed from request body parameters (POST): #field',
    ],
  ];
  $request = new Request([], [], [], [
    '#key' => 'value',
  ]);
  $tests['sanitization COOKIE log'] = [
    $request,
    [],
    [
      'Potentially unsafe keys removed from cookie parameters: #key',
    ],
  ];
  $request = new Request([
    '#q' => 'index.php',
  ], [
    '#field' => 'value',
  ], [], [
    '#key' => 'value',
  ]);
  $tests['sanitization GET, POST, COOKIE log'] = [
    $request,
    [],
    [
      'Potentially unsafe keys removed from query string parameters (GET): #q',
      'Potentially unsafe keys removed from request body parameters (POST): #field',
      'Potentially unsafe keys removed from cookie parameters: #key',
    ],
  ];
  $request = new Request([
    'q' => 'index.php',
    'foo' => [
      '#bar' => 'foo',
    ],
  ]);
  $tests['recursive sanitization log'] = [
    $request,
    [
      'query' => [
        'q' => 'index.php',
        'foo' => [],
      ],
    ],
    [
      'Potentially unsafe keys removed from query string parameters (GET): #bar',
    ],
  ];
  $request = new Request([
    'q' => 'index.php',
    'foo' => [
      '#bar' => 'foo',
    ],
  ]);
  $tests['recursive no sanitization whitelist'] = [
    $request,
    [
      'query' => [
        'q' => 'index.php',
        'foo' => [
          '#bar' => 'foo',
        ],
      ],
    ],
    [],
    [
      '#bar',
    ],
  ];
  $request = new Request([], [
    '#field' => 'value',
  ]);
  $tests['no sanitization POST whitelist'] = [
    $request,
    [
      'request' => [
        '#field' => 'value',
      ],
    ],
    [],
    [
      '#field',
    ],
  ];
  $request = new Request([
    'q' => 'index.php',
    'foo' => [
      '#bar' => 'foo',
      '#foo' => 'bar',
    ],
  ]);
  $tests['recursive multiple sanitization log'] = [
    $request,
    [
      'query' => [
        'q' => 'index.php',
        'foo' => [],
      ],
    ],
    [
      'Potentially unsafe keys removed from query string parameters (GET): #bar, #foo',
    ],
  ];
  $request = new Request([
    '#q' => 'index.php',
  ]);
  $request->attributes
    ->set(RequestSanitizer::SANITIZED, TRUE);
  $tests['already sanitized request'] = [
    $request,
    [
      'query' => [
        '#q' => 'index.php',
      ],
    ],
  ];
  $request = new Request([
    'destination' => 'whatever?%23test=value',
  ]);
  $tests['destination removal GET'] = [
    $request,
  ];
  $request = new Request([], [
    'destination' => 'whatever?%23test=value',
  ]);
  $tests['destination removal POST'] = [
    $request,
  ];
  $request = new Request([], [], [], [
    'destination' => 'whatever?%23test=value',
  ]);
  $tests['destination removal COOKIE'] = [
    $request,
  ];
  $request = new Request([
    'destination' => 'whatever?%23test=value',
  ]);
  $tests['destination removal GET log'] = [
    $request,
    [],
    [
      'Potentially unsafe destination removed from query parameter bag because it contained the following keys: #test',
    ],
  ];
  $request = new Request([], [
    'destination' => 'whatever?%23test=value',
  ]);
  $tests['destination removal POST log'] = [
    $request,
    [],
    [
      'Potentially unsafe destination removed from request parameter bag because it contained the following keys: #test',
    ],
  ];
  $request = new Request([], [], [], [
    'destination' => 'whatever?%23test=value',
  ]);
  $tests['destination removal COOKIE log'] = [
    $request,
    [],
    [
      'Potentially unsafe destination removed from cookies parameter bag because it contained the following keys: #test',
    ],
  ];
  $request = new Request([
    'destination' => 'whatever?q[%23test]=value',
  ]);
  $tests['destination removal subkey'] = [
    $request,
  ];
  $request = new Request([
    'destination' => 'whatever?q[%23test]=value',
  ]);
  $tests['destination whitelist'] = [
    $request,
    [
      'query' => [
        'destination' => 'whatever?q[%23test]=value',
      ],
    ],
    [],
    [
      '#test',
    ],
  ];
  $request = new Request([
    'destination' => "whatever?\0bar=base&%23test=value",
  ]);
  $tests['destination removal zero byte'] = [
    $request,
  ];
  $request = new Request([
    'destination' => 'whatever?q=value',
  ]);
  $tests['destination kept'] = [
    $request,
    [
      'query' => [
        'destination' => 'whatever?q=value',
      ],
    ],
  ];
  $request = new Request([
    'destination' => 'whatever',
  ]);
  $tests['destination no query'] = [
    $request,
    [
      'query' => [
        'destination' => 'whatever',
      ],
    ],
  ];
  return $tests;
}