.
*
* @author TechFuze
* @copyright Copyright (c) 2013 - 2016, Techfuze. (http://techfuze.net)
* @copyright Copyright (c) 1996 - 2015, Free Software Foundation, Inc. (http://www.fsf.org/)
* @license http://opensource.org/licenses/GPL-3.0 GPLv3 License
*
* @link http://fuzeworks.techfuze.net
* @since Version 0.0.1
*
* @version Version 0.0.1
*/
use FuzeWorks\Factory;
/**
* Class SecurityTest.
*
* Core testing suite, will test security class functionality
*/
class securityTest extends CoreTestAbstract
{
public function setUp()
{
// Set cookie for security test
$_COOKIE['fw_csrf_cookie'] = md5(uniqid(mt_rand(), TRUE));
// Set config for Security class
$config = Factory::getInstance()->config->getConfig('security');
$config->csrf_protection = true;
$config->csrf_token_name = 'fw_csrf_token';
$config->csrf_cookie_name = 'fw_csrf_cookie';
$this->security = new Mock_Core_Security();
}
// --------------------------------------------------------------------
public function test_csrf_verify()
{
$_SERVER['REQUEST_METHOD'] = 'GET';
$this->assertInstanceOf('FuzeWorks\Security', $this->security->csrf_verify());
}
// --------------------------------------------------------------------
/**
* @expectedException FuzeWorks\Exception\SecurityException
*/
public function test_csrf_verify_invalid()
{
// Without issuing $_POST[csrf_token_name], this request will triggering CSRF error
$_SERVER['REQUEST_METHOD'] = 'POST';
$this->security->csrf_verify();
}
// --------------------------------------------------------------------
public function test_csrf_verify_valid()
{
$_SERVER['REQUEST_METHOD'] = 'POST';
$_POST[$this->security->csrf_token_name] = $this->security->csrf_hash;
$this->assertInstanceOf('FuzeWorks\Security', $this->security->csrf_verify());
}
// --------------------------------------------------------------------
public function test_get_csrf_hash()
{
$this->assertEquals($this->security->csrf_hash, $this->security->get_csrf_hash());
}
// --------------------------------------------------------------------
public function test_get_csrf_token_name()
{
$this->assertEquals('fw_csrf_token', $this->security->get_csrf_token_name());
}
// --------------------------------------------------------------------
public function test_xss_clean()
{
$harm_string = "Hello, i try to your site";
$harmless_string = $this->security->xss_clean($harm_string);
$this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_string);
}
// --------------------------------------------------------------------
public function test_xss_clean_string_array()
{
$harm_strings = array(
"Hello, i try to your site",
"Simple clean string",
"Hello, i try to your site"
);
$harmless_strings = $this->security->xss_clean($harm_strings);
$this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[0]);
$this->assertEquals("Simple clean string", $harmless_strings[1]);
$this->assertEquals("Hello, i try to [removed]alert('Hack');[removed] your site", $harmless_strings[2]);
}
// --------------------------------------------------------------------
public function test_xss_clean_image_valid()
{
$harm_string = '';
$xss_clean_return = $this->security->xss_clean($harm_string, TRUE);
// $this->assertTrue($xss_clean_return);
}
// --------------------------------------------------------------------
public function test_xss_clean_image_invalid()
{
$harm_string = '';
$xss_clean_return = $this->security->xss_clean($harm_string, TRUE);
$this->assertFalse($xss_clean_return);
}
// --------------------------------------------------------------------
public function test_xss_clean_entity_double_encoded()
{
$input = 'Clickhere';
$this->assertEquals('Clickhere', $this->security->xss_clean($input));
}
// --------------------------------------------------------------------
public function text_xss_clean_js_link_removal()
{
// This one is to prevent a false positive
$this->assertEquals(
"",
$this->security->xss_clean("")
);
}
// --------------------------------------------------------------------
public function test_xss_clean_js_img_removal()
{
$input = 'Clickhere';
$this->assertEquals('', $this->security->xss_clean($input));
}
// --------------------------------------------------------------------
public function test_xss_clean_sanitize_naughty_html_tags()
{
$this->assertEquals('<unclosedTag', $this->security->xss_clean('assertEquals('<blink>', $this->security->xss_clean('