class RequestSanitizerTest in Drupal 7
Tests DrupalRequestSanitizer class.
Hierarchy
- class \DrupalTestCase
- class \DrupalUnitTestCase
- class \RequestSanitizerTest
- class \DrupalUnitTestCase
Expanded class hierarchy of RequestSanitizerTest
File
- modules/
simpletest/ tests/ request_sanitizer.test, line 11 - Tests for the RequestSanitizer class.
View source
class RequestSanitizerTest extends DrupalUnitTestCase {
/**
* Log of errors triggered during sanitization.
*
* @var array
*/
protected $errors;
/**
* {@inheritdoc}
*/
public static function getInfo() {
return array(
'name' => 'DrupalRequestSanitizer',
'description' => 'Test the DrupalRequestSanitizer class',
'group' => 'System',
);
}
/**
* {@inheritdoc}
*/
protected function setUp() {
require_once DRUPAL_ROOT . '/includes/request-sanitizer.inc';
parent::setUp();
set_error_handler(array(
$this,
"sanitizerTestErrorHandler",
));
}
/**
* Iterate through all the RequestSanitizerTests.
*/
public function testRequestSanitization() {
foreach ($this
->requestSanitizerTests() as $label => $data) {
$this->errors = array();
// Normalize the test parameters.
$test = array(
'request' => $data[0],
'expected' => isset($data[1]) ? $data[1] : array(),
'expected_errors' => isset($data[2]) ? $data[2] : NULL,
'whitelist' => isset($data[3]) ? $data[3] : array(),
);
$this
->requestSanitizationTest($test['request'], $test['expected'], $test['expected_errors'], $test['whitelist'], $label);
}
}
/**
* Tests RequestSanitizer class.
*
* @param \SanitizerTestRequest $request
* The request to sanitize.
* @param array $expected
* An array of expected request parameters after sanitization.
* @param array|null $expected_errors
* An array of expected errors. If set to NULL then error logging is
* disabled.
* @param array $whitelist
* An array of keys to whitelist and not sanitize.
* @param string $label
* A descriptive name for each test / group of assertions.
*
* @throws \ReflectionException
*/
public function requestSanitizationTest(SanitizerTestRequest $request, array $expected = array(), array $expected_errors = NULL, array $whitelist = array(), $label = NULL) {
// Set up globals.
$_GET = $request
->getQuery();
$_POST = $request
->getRequest();
$_COOKIE = $request
->getCookies();
$_REQUEST = array_merge($request
->getQuery(), $request
->getRequest());
$GLOBALS['conf']['sanitize_input_whitelist'] = $whitelist;
$GLOBALS['conf']['sanitize_input_logging'] = is_null($expected_errors) ? FALSE : TRUE;
if ($label !== 'already sanitized request') {
$reflection = new \ReflectionProperty('DrupalRequestSanitizer', 'sanitized');
$reflection
->setAccessible(TRUE);
$reflection
->setValue(NULL, FALSE);
}
DrupalRequestSanitizer::sanitize();
if (isset($_GET['destination'])) {
DrupalRequestSanitizer::cleanDestination();
}
// Normalise the expected data.
$expected += array(
'cookies' => array(),
'query' => array(),
'request' => array(),
);
// Test PHP globals.
$this
->assertEqualLabelled($expected['cookies'], $_COOKIE, NULL, 'Other', $label . ' (COOKIE)');
$this
->assertEqualLabelled($expected['query'], $_GET, NULL, 'Other', $label . ' (GET)');
$this
->assertEqualLabelled($expected['request'], $_POST, NULL, 'Other', $label . ' (POST)');
$expected_request = array_merge($expected['query'], $expected['request']);
$this
->assertEqualLabelled($expected_request, $_REQUEST, NULL, 'Other', $label . ' (REQUEST)');
// Ensure any expected errors have been triggered.
if (!empty($expected_errors)) {
foreach ($expected_errors as $expected_error) {
$this
->assertError($expected_error, E_USER_NOTICE, $label . ' (errors)');
}
}
else {
$this
->assertEqualLabelled(array(), $this->errors, NULL, 'Other', $label . ' (errors)');
}
}
/**
* Data provider for testRequestSanitization.
*
* @return array
* A list of tests to carry out.
*/
public function requestSanitizerTests() {
$tests = array();
$request = new SanitizerTestRequest(array(
'q' => 'index.php',
));
$tests['no sanitization GET'] = array(
$request,
array(
'query' => array(
'q' => 'index.php',
),
),
);
$request = new SanitizerTestRequest(array(), array(
'field' => 'value',
));
$tests['no sanitization POST'] = array(
$request,
array(
'request' => array(
'field' => 'value',
),
),
);
$request = new SanitizerTestRequest(array(), array(), array(), array(
'key' => 'value',
));
$tests['no sanitization COOKIE'] = array(
$request,
array(
'cookies' => array(
'key' => 'value',
),
),
);
$request = new SanitizerTestRequest(array(
'q' => 'index.php',
), array(
'field' => 'value',
), array(), array(
'key' => 'value',
));
$tests['no sanitization GET, POST, COOKIE'] = array(
$request,
array(
'query' => array(
'q' => 'index.php',
),
'request' => array(
'field' => 'value',
),
'cookies' => array(
'key' => 'value',
),
),
);
$request = new SanitizerTestRequest(array(
'q' => 'index.php',
));
$tests['no sanitization GET log'] = array(
$request,
array(
'query' => array(
'q' => 'index.php',
),
),
array(),
);
$request = new SanitizerTestRequest(array(), array(
'field' => 'value',
));
$tests['no sanitization POST log'] = array(
$request,
array(
'request' => array(
'field' => 'value',
),
),
array(),
);
$request = new SanitizerTestRequest(array(), array(), array(), array(
'key' => 'value',
));
$tests['no sanitization COOKIE log'] = array(
$request,
array(
'cookies' => array(
'key' => 'value',
),
),
array(),
);
$request = new SanitizerTestRequest(array(
'#q' => 'index.php',
));
$tests['sanitization GET'] = array(
$request,
);
$request = new SanitizerTestRequest(array(), array(
'#field' => 'value',
));
$tests['sanitization POST'] = array(
$request,
);
$request = new SanitizerTestRequest(array(), array(), array(), array(
'#key' => 'value',
));
$tests['sanitization COOKIE'] = array(
$request,
);
$request = new SanitizerTestRequest(array(
'#q' => 'index.php',
), array(
'#field' => 'value',
), array(), array(
'#key' => 'value',
));
$tests['sanitization GET, POST, COOKIE'] = array(
$request,
);
$request = new SanitizerTestRequest(array(
'#q' => 'index.php',
));
$tests['sanitization GET log'] = array(
$request,
array(),
array(
'Potentially unsafe keys removed from query string parameters (GET): #q',
),
);
$request = new SanitizerTestRequest(array(), array(
'#field' => 'value',
));
$tests['sanitization POST log'] = array(
$request,
array(),
array(
'Potentially unsafe keys removed from request body parameters (POST): #field',
),
);
$request = new SanitizerTestRequest(array(), array(), array(), array(
'#key' => 'value',
));
$tests['sanitization COOKIE log'] = array(
$request,
array(),
array(
'Potentially unsafe keys removed from cookie parameters (COOKIE): #key',
),
);
$request = new SanitizerTestRequest(array(
'#q' => 'index.php',
), array(
'#field' => 'value',
), array(), array(
'#key' => 'value',
));
$tests['sanitization GET, POST, COOKIE log'] = array(
$request,
array(),
array(
'Potentially unsafe keys removed from query string parameters (GET): #q',
'Potentially unsafe keys removed from request body parameters (POST): #field',
'Potentially unsafe keys removed from cookie parameters (COOKIE): #key',
),
);
$request = new SanitizerTestRequest(array(
'q' => 'index.php',
'foo' => array(
'#bar' => 'foo',
),
));
$tests['recursive sanitization log'] = array(
$request,
array(
'query' => array(
'q' => 'index.php',
'foo' => array(),
),
),
array(
'Potentially unsafe keys removed from query string parameters (GET): #bar',
),
);
$request = new SanitizerTestRequest(array(
'q' => 'index.php',
'foo' => array(
'#bar' => 'foo',
),
));
$tests['recursive no sanitization whitelist'] = array(
$request,
array(
'query' => array(
'q' => 'index.php',
'foo' => array(
'#bar' => 'foo',
),
),
),
array(),
array(
'#bar',
),
);
$request = new SanitizerTestRequest(array(), array(
'#field' => 'value',
));
$tests['no sanitization POST whitelist'] = array(
$request,
array(
'request' => array(
'#field' => 'value',
),
),
array(),
array(
'#field',
),
);
$request = new SanitizerTestRequest(array(
'q' => 'index.php',
'foo' => array(
'#bar' => 'foo',
'#foo' => 'bar',
),
));
$tests['recursive multiple sanitization log'] = array(
$request,
array(
'query' => array(
'q' => 'index.php',
'foo' => array(),
),
),
array(
'Potentially unsafe keys removed from query string parameters (GET): #bar, #foo',
),
);
$request = new SanitizerTestRequest(array(
'#q' => 'index.php',
));
$tests['already sanitized request'] = array(
$request,
array(
'query' => array(
'#q' => 'index.php',
),
),
);
$request = new SanitizerTestRequest(array(
'destination' => 'whatever?%23test=value',
));
$tests['destination removal GET'] = array(
$request,
);
$request = new SanitizerTestRequest(array(
'destination' => 'whatever?%23test=value',
));
$tests['destination removal GET log'] = array(
$request,
array(),
array(
'Potentially unsafe destination removed from query string parameters (GET) because it contained the following keys: #test',
),
);
$request = new SanitizerTestRequest(array(
'destination' => 'whatever?q[%23test]=value',
));
$tests['destination removal subkey'] = array(
$request,
);
$request = new SanitizerTestRequest(array(
'destination' => 'whatever?q[%23test]=value',
));
$tests['destination whitelist'] = array(
$request,
array(
'query' => array(
'destination' => 'whatever?q[%23test]=value',
),
),
array(),
array(
'#test',
),
);
$request = new SanitizerTestRequest(array(
'destination' => "whatever?\0bar=base&%23test=value",
));
$tests['destination removal zero byte'] = array(
$request,
);
$request = new SanitizerTestRequest(array(
'destination' => 'whatever?q=value',
));
$tests['destination kept'] = array(
$request,
array(
'query' => array(
'destination' => 'whatever?q=value',
),
),
);
$request = new SanitizerTestRequest(array(
'destination' => 'whatever',
));
$tests['destination no query'] = array(
$request,
array(
'query' => array(
'destination' => 'whatever',
),
),
);
return $tests;
}
/**
* Catches and logs errors to $this->errors.
*
* @param int $errno
* The severity level of the error.
* @param string $errstr
* The error message.
*/
public function sanitizerTestErrorHandler($errno, $errstr) {
$this->errors[] = compact('errno', 'errstr');
}
/**
* Asserts that the expected error has been logged.
*
* @param string $errstr
* The error message.
* @param int $errno
* The severity level of the error.
* @param string $label
* The label to include with the message.
*
* @return bool
* TRUE if the assertion succeeded, FALSE otherwise.
*/
protected function assertError($errstr, $errno, $label) {
$label = empty($label) ? '' : $label . ': ';
foreach ($this->errors as $error) {
if ($error['errstr'] === $errstr && $error['errno'] === $errno) {
return $this
->pass($label . "Error with level {$errno} and message '{$errstr}' found");
}
}
return $this
->fail($label . "Error with level {$errno} and message '{$errstr}' not found in " . var_export($this->errors, TRUE));
}
/**
* Asserts two values are equal, includes a label.
*
* @param mixed $first
* The first value to check.
* @param mixed $second
* The second value to check.
* @param string $message
* The message to display along with the assertion.
* @param string $group
* The type of assertion - examples are "Browser", "PHP".
* @param string $label
* The label to include with the message.
*
* @return bool
* TRUE if the assertion succeeded, FALSE otherwise.
*/
protected function assertEqualLabelled($first, $second, $message = '', $group = 'Other', $label = '') {
$label = empty($label) ? '' : $label . ': ';
$message = $message ? $message : t('Value @first is equal to value @second.', array(
'@first' => var_export($first, TRUE),
'@second' => var_export($second, TRUE),
));
return $this
->assert($first == $second, $label . $message, $group);
}
}Members
Name |
Modifiers | Type | Description | Overrides |
|---|---|---|---|---|
|
DrupalTestCase:: |
protected | property | Assertions thrown in that test case. | |
|
DrupalTestCase:: |
protected | property | The database prefix of this test run. | |
|
DrupalTestCase:: |
protected | property | The original file directory, before it was changed for testing purposes. | |
|
DrupalTestCase:: |
public | property | Current results of this test case. | |
|
DrupalTestCase:: |
protected | property | Flag to indicate whether the test has been set up. | |
|
DrupalTestCase:: |
protected | property | ||
|
DrupalTestCase:: |
protected | property | ||
|
DrupalTestCase:: |
protected | property | This class is skipped when looking for the source of an assertion. | |
|
DrupalTestCase:: |
protected | property | The test run ID. | |
|
DrupalTestCase:: |
protected | property | Time limit for the test. | |
|
DrupalTestCase:: |
public | property | Whether to cache the installation part of the setUp() method. | |
|
DrupalTestCase:: |
public | property | Whether to cache the modules installation part of the setUp() method. | |
|
DrupalTestCase:: |
protected | property | URL to the verbose output file directory. | |
|
DrupalTestCase:: |
protected | function | Internal helper: stores the assert. | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are equal. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is false (an empty string, 0, NULL, or FALSE). | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are identical. | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are not equal. | |
|
DrupalTestCase:: |
protected | function | Check to see if two values are not identical. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is not NULL. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is NULL. | |
|
DrupalTestCase:: |
protected | function | Check to see if a value is not false (not an empty string, 0, NULL, or FALSE). | |
|
DrupalTestCase:: |
public static | function | Delete an assertion record by message ID. | |
|
DrupalTestCase:: |
protected | function | Fire an error assertion. | 1 |
|
DrupalTestCase:: |
public | function | Handle errors during test runs. | 1 |
|
DrupalTestCase:: |
protected | function | Handle exceptions. | |
|
DrupalTestCase:: |
protected | function | Fire an assertion that is always negative. | |
|
DrupalTestCase:: |
public static | function | Converts a list of possible parameters into a stack of permutations. | |
|
DrupalTestCase:: |
protected | function | Cycles through backtrace until the first non-assertion method is found. | |
|
DrupalTestCase:: |
public static | function | Returns the database connection to the site running Simpletest. | |
|
DrupalTestCase:: |
public static | function | Store an assertion from outside the testing context. | |
|
DrupalTestCase:: |
protected | function | Fire an assertion that is always positive. | |
|
DrupalTestCase:: |
public static | function | Generates a random string containing letters and numbers. | |
|
DrupalTestCase:: |
public static | function | Generates a random string of ASCII characters of codes 32 to 126. | |
|
DrupalTestCase:: |
public | function | Run all tests in this class. | |
|
DrupalTestCase:: |
protected | function | Logs a verbose message in a text file. | |
|
DrupalUnitTestCase:: |
protected | function | 1 | |
|
DrupalUnitTestCase:: |
function |
Constructor for DrupalUnitTestCase. Overrides DrupalTestCase:: |
||
|
RequestSanitizerTest:: |
protected | property | Log of errors triggered during sanitization. | |
|
RequestSanitizerTest:: |
protected | function | Asserts two values are equal, includes a label. | |
|
RequestSanitizerTest:: |
protected | function | Asserts that the expected error has been logged. | |
|
RequestSanitizerTest:: |
public static | function | ||
|
RequestSanitizerTest:: |
public | function | Tests RequestSanitizer class. | |
|
RequestSanitizerTest:: |
public | function | Data provider for testRequestSanitization. | |
|
RequestSanitizerTest:: |
public | function | Catches and logs errors to $this->errors. | |
|
RequestSanitizerTest:: |
protected | function |
Sets up unit test environment. Overrides DrupalUnitTestCase:: |
|
|
RequestSanitizerTest:: |
public | function | Iterate through all the RequestSanitizerTests. |