tests/xss_filter_test.php

   1 <?php
   2 /**
   3  * @package test.util
   4  */
   5
   6 require_once("include/template_processor.php");
   7 require_once('include/text.php');
   8
   9 class AntiXSSTest extends PHPUnit_Framework_TestCase {
  10
  11         public function setUp() {
  12                 set_include_path(\r
  13                                 get_include_path() . PATH_SEPARATOR\r
  14                                 . 'include' . PATH_SEPARATOR\r
  15                                 . 'library' . PATH_SEPARATOR\r
  16                                 . 'library/phpsec' . PATH_SEPARATOR\r
  17                                 . '.' );
  18         }
  19
  20         /**
  21          * test no tags
  22          */
  23         public function testEscapeTags() {
  24                 $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
  25
  26                 $validstring=notags($invalidstring);
  27                 $escapedString=escape_tags($invalidstring);
  28
  29                 $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
  30                 $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
  31         }
  32
  33         /**
  34          *autonames should be random, even length
  35          */
  36         public function testAutonameEven() {
  37                 $autoname1=autoname(10);
  38                 $autoname2=autoname(10);
  39
  40                 $this->assertNotEquals($autoname1, $autoname2);
  41         }
  42
  43         /**
  44          *autonames should be random, odd length
  45          */
  46         public function testAutonameOdd() {
  47                 $autoname1=autoname(9);
  48                 $autoname2=autoname(9);
  49
  50                 $this->assertNotEquals($autoname1, $autoname2);
  51         }
  52
  53         /**
  54          * try to fail autonames
  55          */
  56         public function testAutonameNoLength() {
  57                 $autoname1=autoname(0);
  58                 $this->assertEquals(0, count($autoname1));
  59         }
  60
  61         public function testAutonameNegativeLength() {
  62                 $autoname1=autoname(-23);
  63                 $this->assertEquals(0, count($autoname1));
  64         }
  65
  66         //      public function testAutonameMaxLength() {
  67         //              $autoname2=autoname(PHP_INT_MAX);
  68         //              $this->assertEquals(PHP_INT_MAX, count($autoname2));
  69         //      }
  70
  71         public function testAutonameLength1() {
  72                 $autoname3=autoname(1);
  73                 $this->assertEquals(1, count($autoname3));
  74         }
  75
  76         /**
  77          *xmlify and unxmlify
  78          */
  79         public function testXmlify() {
  80                 $text="<tag>I want to break\n this!11!<?hard?></tag>";
  81                 $xml=xmlify($text); //test whether it actually may be part of a xml document
  82                 $retext=unxmlify($text);
  83
  84                 $this->assertEquals($text, $retext);
  85         }
  86
  87         /**
  88          * test hex2bin and reverse
  89          */
  90
  91         public function testHex2Bin() {
  92                 $this->assertEquals(-3, hex2bin(bin2hex(-3)));
  93                 $this->assertEquals(0, hex2bin(bin2hex(0)));
  94                 $this->assertEquals(12, hex2bin(bin2hex(12)));
  95                 $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
  96         }
  97
  98         /**
  99          * test expand_acl
 100          */
 101         public function testExpandAclNormal() {
 102                 $text="<1><2><3>";
 103                 $this->assertEquals(array(1, 2, 3), expand_acl($text));
 104         }
 105
 106         public function testExpandAclBigNumber() {
 107                 $text="<1><279012><15>";
 108                 $this->assertEquals(array(1, 279012, 15), expand_acl($text));
 109         }
 110
 111         public function testExpandAclString() {
 112                 $text="<1><279012><tt>"; //maybe that's invalid
 113                 $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
 114         }
 115
 116         public function testExpandAclSpace() {
 117                 $text="<1><279 012><32>"; //maybe that's invalid
 118                 $this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
 119         }
 120
 121         public function testExpandAclEmpty() {
 122                 $text=""; //maybe that's invalid
 123                 $this->assertEquals(array(), expand_acl($text));
 124         }
 125
 126         public function testExpandAclNoBrackets() {
 127                 $text="According to documentation, that's invalid. "; //should be invalid
 128                 $this->assertEquals(array(), expand_acl($text));
 129         }
 130
 131         public function testExpandAclJustOneBracket1() {
 132                 $text="<Another invalid string"; //should be invalid
 133                 $this->assertEquals(array(), expand_acl($text));
 134         }
 135
 136         public function testExpandAclJustOneBracket2() {
 137                 $text="Another invalid> string"; //should be invalid
 138                 $this->assertEquals(array(), expand_acl($text));
 139         }
 140
 141         public function testExpandAclCloseOnly() {
 142                 $text="Another> invalid> string>"; //should be invalid
 143                 $this->assertEquals(array(), expand_acl($text));
 144         }
 145
 146         public function testExpandAclOpenOnly() {
 147                 $text="<Another< invalid string<"; //should be invalid
 148                 $this->assertEquals(array(), expand_acl($text));
 149         }
 150
 151         public function testExpandAclNoMatching1() {
 152                 $text="<Another<> invalid <string>"; //should be invalid
 153                 $this->assertEquals(array(), expand_acl($text));
 154         }
 155
 156         public function testExpandAclNoMatching2() {
 157                 $text="<1>2><3>";
 158                 $this->assertEquals(array(), expand_acl($text));
 159         }
 160
 161         /**
 162          * test attribute contains
 163          */
 164         public function testAttributeContains1() {
 165                 $testAttr="class1 notclass2 class3";
 166                 $this->assertTrue(attribute_contains($testAttr, "class3"));
 167                 $this->assertFalse(attribute_contains($testAttr, "class2"));
 168         }
 169
 170         /**
 171          * test attribute contains
 172          */
 173         public function testAttributeContains2() {
 174                 $testAttr="class1 not-class2 class3";
 175                 $this->assertTrue(attribute_contains($testAttr, "class3"));
 176                 $this->assertFalse(attribute_contains($testAttr, "class2"));
 177         }
 178
 179         public function testAttributeContainsEmpty() {
 180                 $testAttr="";
 181                 $this->assertFalse(attribute_contains($testAttr, "class2"));
 182         }
 183
 184         public function testAttributeContainsSpecialChars() {
 185                 $testAttr="--... %\$ä() /(=?}";
 186                 $this->assertFalse(attribute_contains($testAttr, "class2"));
 187         }
 188
 189         //function qp, quick and dirty??
 190         //get_mentions
 191         //get_contact_block, bis Zeile 538
 192 }
 193 ?>