You are here

Home » API reference » Security Review 7 » security_review.test » SecurityReviewTestCase

public function SecurityReviewTestCase::testChecksUI in Security Review 7

File

tests/security_review.test, line 131
security_review.test. Drupal test cases for Security Review.

Class

SecurityReviewTestCase
Tests the functionality of the Security Review module.

Code

public function testChecksUI() {
  $this
    ->runChecklist();
  $this
    ->assertText('Untrusted users are not allowed to input dangerous HTML tags.');
  $this
    ->assertText('Errors are written to the screen.');
  $this
    ->assertText('Dangerous tags were not found in any submitted content (fields).');
  $this
    ->assertText('Only safe extensions are allowed for uploaded files and images.');

  // Alter text formats.
  $edit = array(
    'filters[filter_html][status]' => FALSE,
  );
  $submit_button = 'Save configuration';
  $this
    ->drupalPost('admin/config/content/formats/filtered_html', $edit, $submit_button);
  $this
    ->runChecklist();
  $this
    ->assertText('Untrusted users are allowed to input dangerous HTML tags.');

  // Confirm some other checks haven't changed.
  $this
    ->assertText('Errors are written to the screen.');
  $this
    ->assertText('Dangerous tags were not found in any submitted content (fields).');
  $this
    ->assertText('Only safe extensions are allowed for uploaded files and images.');

  // Alter error reporting.
  $edit = array(
    'error_level' => 0,
  );
  $this
    ->drupalPost('admin/config/development/logging', $edit, $submit_button);
  $this
    ->runChecklist();
  $this
    ->assertText('Error reporting set to log only.');

  // Confirm some other checks haven't changed.
  $this
    ->assertText('Untrusted users are allowed to input dangerous HTML tags.');
  $this
    ->assertText('Dangerous tags were not found in any submitted content (fields).');
  $this
    ->assertText('Only safe extensions are allowed for uploaded files and images.');

  // Create node with JS.
  $edit = array(
    'title' => 'test node',
    'body[und][0][value]' => '<script>alert("testing!");</script>',
  );
  $this
    ->drupalPost('node/add/article', $edit, 'Save');
  $this
    ->runChecklist();
  $this
    ->assertText('Dangerous tags were found in submitted content (fields).');

  // Confirm some other checks haven't changed.
  $this
    ->assertText('Error reporting set to log only.');
  $this
    ->assertText('Untrusted users are allowed to input dangerous HTML tags.');
  $this
    ->assertText('Only safe extensions are allowed for uploaded files and images.');

  // Alter article image upload extensions.
  $edit = array(
    'instance[settings][file_extensions]' => 'exe, php',
  );
  $this
    ->drupalPost('admin/structure/types/manage/article/fields/field_image', $edit, 'Save settings');
  $this
    ->runChecklist();
  $this
    ->assertText('Unsafe file extensions are allowed in uploads.');

  // Confirm some other checks haven't changed.
  $this
    ->assertText('Dangerous tags were found in submitted content (fields).');
  $this
    ->assertText('Error reporting set to log only.');
  $this
    ->assertText('Untrusted users are allowed to input dangerous HTML tags.');
}