This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Copyright (c) Enalean, 2014. All rights reserved |
||
4 | * |
||
5 | * This file is a part of Tuleap. |
||
6 | * |
||
7 | * Tuleap is free software; you can redistribute it and/or modify |
||
8 | * it under the terms of the GNU General Public License as published by |
||
9 | * the Free Software Foundation; either version 2 of the License, or |
||
10 | * (at your option) any later version. |
||
11 | * |
||
12 | * Tuleap is distributed in the hope that it will be useful, |
||
13 | * but WITHOUT ANY WARRANTY; without even the implied warranty of |
||
14 | * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the |
||
15 | * GNU General Public License for more details. |
||
16 | * |
||
17 | * You should have received a copy of the GNU General Public License |
||
18 | * along with Tuleap. If not, see <http://www.gnu.org/licenses/ |
||
19 | */ |
||
20 | |||
21 | require_once dirname(__FILE__).'/../lib/autoload.php'; |
||
22 | |||
23 | /** |
||
24 | * @group BacklogItemsTest |
||
25 | */ |
||
26 | class BacklogItemsTest extends RestBase { |
||
27 | |||
28 | /** @var Test_Rest_TrackerFactory */ |
||
29 | private $tracker_test_helper; |
||
30 | |||
31 | private $backlog_items_datas = array( |
||
32 | array('I want to' => 'build a new interface', 'Status' => 'To be done', 'Content' => array()), |
||
33 | array('I want to' => 'finish the story', 'Status' => 'To be done', 'Content' => array( |
||
34 | array('Summary' => 'Implement the feature', 'Status'=> 'Done'), |
||
35 | array('Summary' => 'Write tests', 'Status' => 'On going') |
||
36 | )), |
||
37 | ); |
||
38 | |||
39 | private $stories_ids = array(); |
||
40 | |||
41 | public function setUp() { |
||
42 | parent::setUp(); |
||
43 | $this->tracker_test_helper = new Test\Rest\Tracker\TrackerFactory( |
||
44 | $this->client, |
||
45 | $this->rest_request, |
||
46 | REST_TestDataBuilder::PROJECT_PRIVATE_MEMBER_ID, |
||
47 | REST_TestDataBuilder::TEST_USER_1_NAME |
||
48 | ); |
||
49 | |||
50 | $this->createStoriesAndTasks(); |
||
51 | } |
||
52 | |||
53 | protected function getResponse($request) { |
||
54 | return $this->getResponseByToken( |
||
55 | $this->getTokenForUserName(REST_TestDataBuilder::TEST_USER_1_NAME), |
||
56 | $request |
||
57 | ); |
||
58 | } |
||
59 | |||
60 | public function testOPTIONS() { |
||
61 | $response = $this->getResponse($this->client->options('backlog_items/'.$this->stories_ids[0])); |
||
62 | $this->assertEquals(array('OPTIONS', 'GET'), $response->getHeader('Allow')->normalize()->toArray()); |
||
63 | } |
||
64 | |||
65 | public function testGET() { |
||
66 | $response = $this->getResponse($this->client->get('backlog_items/'.$this->stories_ids[0])); |
||
67 | $backlog_item = $response->json(); |
||
68 | |||
69 | $this->assertEquals($backlog_item['label'], "build a new interface"); |
||
70 | |||
71 | $this->assertEquals($response->getStatusCode(), 200); |
||
72 | } |
||
73 | |||
74 | public function testOPTIONSChildren() { |
||
75 | $response = $this->getResponse($this->client->options('backlog_items/'.$this->stories_ids[0].'/children')); |
||
76 | $this->assertEquals(array('OPTIONS', 'GET', 'PATCH'), $response->getHeader('Allow')->normalize()->toArray()); |
||
77 | } |
||
78 | |||
79 | public function testGETChildren() { |
||
80 | $response = $this->getResponse($this->client->get('backlog_items/'.$this->stories_ids[0].'/children')); |
||
81 | $backlog_items = $response->json(); |
||
82 | $this->assertCount(0, $backlog_items); |
||
83 | |||
84 | $response = $this->getResponse($this->client->get('backlog_items/'.$this->stories_ids[1].'/children')); |
||
85 | $backlog_items = $response->json(); |
||
86 | $this->assertCount(2, $backlog_items); |
||
87 | |||
88 | $first_task = $backlog_items[0]; |
||
89 | $this->assertEquals($first_task['label'], "Implement the feature"); |
||
90 | |||
91 | $this->assertEquals($response->getStatusCode(), 200); |
||
92 | } |
||
93 | |||
94 | public function testPATCHChildren() { |
||
95 | $uri = 'backlog_items/'.$this->stories_ids[1].'/children'; |
||
96 | $response = $this->getResponse($this->client->get($uri)); |
||
97 | $backlog_items = $response->json(); |
||
98 | |||
99 | $first_task = $backlog_items[0]; |
||
100 | $this->assertEquals($first_task['label'], "Implement the feature"); |
||
101 | |||
102 | $first_id = $backlog_items[0]['id']; |
||
103 | $second_id = $backlog_items[1]['id']; |
||
104 | |||
105 | // invert order of the two tasks |
||
106 | $response = $this->getResponse($this->client->patch($uri, null, json_encode(array( |
||
107 | 'order' => array( |
||
108 | 'ids' => array($second_id), |
||
109 | 'direction' => 'before', |
||
110 | 'compared_to' => $first_id |
||
111 | ) |
||
112 | )))); |
||
113 | $this->assertEquals($response->getStatusCode(), 200); |
||
114 | |||
115 | // assert that the two tasks are in the order |
||
116 | $response = $this->getResponse($this->client->get($uri)); |
||
117 | $backlog_items = $response->json(); |
||
118 | |||
119 | $first_task = $backlog_items[0]; |
||
120 | $this->assertEquals($first_task['label'], "Write tests"); |
||
121 | |||
122 | $first_id = $backlog_items[0]['id']; |
||
123 | $second_id = $backlog_items[1]['id']; |
||
124 | |||
125 | // re-invert order of the two tasks |
||
126 | $response = $this->getResponse($this->client->patch($uri, null, json_encode(array( |
||
127 | 'order' => array( |
||
128 | 'ids' => array($first_id), |
||
129 | 'direction' => 'after', |
||
130 | 'compared_to' => $second_id |
||
131 | ) |
||
132 | )))); |
||
133 | $this->assertEquals($response->getStatusCode(), 200); |
||
134 | |||
135 | // assert that the two tasks are in the order |
||
136 | $response = $this->getResponse($this->client->get($uri)); |
||
137 | $backlog_items = $response->json(); |
||
138 | |||
139 | $first_task = $backlog_items[0]; |
||
140 | $this->assertEquals($first_task['label'], "Implement the feature"); |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * @expectedException Guzzle\Http\Exception\ClientErrorResponseException |
||
145 | */ |
||
146 | public function testPATCHChildrenDuplicateIds() { |
||
147 | $uri = 'backlog_items/'.$this->stories_ids[1].'/children'; |
||
148 | $response = $this->getResponse($this->client->get($uri)); |
||
149 | $backlog_items = $response->json(); |
||
150 | |||
151 | $first_task = $backlog_items[0]; |
||
152 | $this->assertEquals($first_task['label'], "Implement the feature"); |
||
153 | |||
154 | $first_id = $backlog_items[0]['id']; |
||
155 | $second_id = $backlog_items[1]['id']; |
||
156 | |||
157 | $this->getResponse($this->client->patch($uri, null, json_encode(array( |
||
158 | 'order' => array( |
||
159 | 'ids' => array($second_id, $second_id), |
||
160 | 'direction' => 'before', |
||
161 | 'compared_to' => $first_id |
||
162 | ) |
||
163 | )))); |
||
164 | } |
||
165 | |||
166 | /** |
||
167 | * @expectedException Guzzle\Http\Exception\ClientErrorResponseException |
||
168 | */ |
||
169 | public function testPATCHSomeoneElseChildren() { |
||
170 | $uri = 'backlog_items/'.$this->stories_ids[1].'/children'; |
||
171 | $response = $this->getResponse($this->client->get($uri)); |
||
172 | $backlog_items = $response->json(); |
||
173 | |||
174 | foreach ($backlog_items as $backlog_item) { |
||
175 | $this->assertNotEquals($backlog_item['id'], 9999); |
||
176 | } |
||
177 | |||
178 | $first_id = $backlog_items[0]['id']; |
||
179 | |||
180 | $this->getResponse($this->client->patch($uri, null, json_encode(array( |
||
181 | 'order' => array( |
||
182 | 'ids' => array(9999), |
||
183 | 'direction' => 'before', |
||
184 | 'compared_to' => $first_id |
||
185 | ) |
||
186 | )))); |
||
187 | } |
||
188 | |||
189 | /** |
||
190 | * @expectedException Guzzle\Http\Exception\ClientErrorResponseException |
||
191 | */ |
||
192 | public function testGETChildrenWithWrongId() { |
||
193 | $response = $this->getResponse($this->client->get('backlog_items/700/children')); |
||
194 | $this->assertEquals($response->getStatusCode(), 404); |
||
195 | } |
||
196 | |||
197 | public function testPatchChildrenAdd() { |
||
198 | $uri = 'backlog_items/'.$this->stories_ids[1].'/children'; |
||
199 | $backlog_items = $this->getResponse($this->client->get($uri))->json(); |
||
200 | |||
201 | $first_id = $backlog_items[0]['id']; |
||
202 | $second_id = $backlog_items[1]['id']; |
||
203 | $third_id = $this->createTask("Bla bla bla", "On going"); |
||
204 | |||
205 | $response = $this->getResponse($this->client->patch($uri, null, json_encode(array( |
||
206 | 'order' => array( |
||
207 | 'ids' => array($third_id), |
||
208 | 'direction' => 'after', |
||
209 | 'compared_to' => $first_id |
||
210 | ), |
||
211 | 'add' => array( |
||
212 | array( |
||
213 | 'id' => $third_id, |
||
214 | ) |
||
215 | ) |
||
216 | )))); |
||
217 | $this->assertEquals($response->getStatusCode(), 200); |
||
218 | |||
219 | $this->assertEquals( |
||
220 | array( |
||
221 | $first_id, |
||
222 | $third_id, |
||
223 | $second_id, |
||
224 | ), |
||
225 | $this->getIdsOrderedByPriority($uri) |
||
226 | ); |
||
227 | } |
||
228 | |||
229 | public function testPatchChildrenMove() { |
||
230 | $uri = 'backlog_items/'.$this->stories_ids[1].'/children'; |
||
231 | $backlog_items = $this->getResponse($this->client->get($uri))->json(); |
||
232 | |||
233 | $first_id = $backlog_items[0]['id']; |
||
234 | $second_id = $backlog_items[1]['id']; |
||
235 | |||
236 | $task_in_another_story_id = $this->createTask("Bla bla bla", "On going"); |
||
237 | $another_story_id = $this->createStory("Another story", "To be done", array($task_in_another_story_id)); |
||
238 | |||
239 | try { |
||
240 | $response = $this->getResponse($this->client->patch($uri, null, json_encode(array( |
||
241 | 'order' => array( |
||
242 | 'ids' => array($task_in_another_story_id), |
||
243 | 'direction' => 'after', |
||
244 | 'compared_to' => $first_id |
||
245 | ), |
||
246 | 'add' => array( |
||
247 | array( |
||
248 | 'id' => $task_in_another_story_id, |
||
249 | 'remove_from' => $another_story_id, |
||
250 | ) |
||
251 | ) |
||
252 | )))); |
||
253 | $this->assertEquals($response->getStatusCode(), 200); |
||
254 | } catch(Exception $e) { |
||
255 | $res = $e->getResponse(); |
||
256 | var_dump($res->getStatusCode(), $res->getBody(true)); |
||
0 ignored issues
–
show
Security
Debugging Code
introduced
by
![]() |
|||
257 | } |
||
258 | $this->assertEquals( |
||
259 | array( |
||
260 | $first_id, |
||
261 | $task_in_another_story_id, |
||
262 | $second_id, |
||
263 | ), |
||
264 | $this->getIdsOrderedByPriority($uri) |
||
265 | ); |
||
266 | |||
267 | $this->assertCount(0, $this->getResponse($this->client->get('backlog_items/'.$another_story_id.'/children'))->json()); |
||
268 | } |
||
269 | private function getIdsOrderedByPriority($uri) { |
||
270 | $response = $this->getResponse($this->client->get($uri)); |
||
271 | $actual_order = array(); |
||
272 | foreach($response->json() as $backlog_element) { |
||
273 | $actual_order[] = $backlog_element['id']; |
||
274 | } |
||
275 | return $actual_order; |
||
276 | } |
||
277 | |||
278 | private function createStoriesAndTasks() { |
||
279 | foreach ($this->backlog_items_datas as $backlog_item_data) { |
||
280 | $this->stories_ids[] = $this->createStory( |
||
281 | $backlog_item_data['I want to'], |
||
282 | $backlog_item_data['Status'], |
||
283 | $this->createTasksForStory($backlog_item_data) |
||
284 | ); |
||
285 | } |
||
286 | } |
||
287 | |||
288 | private function createTasksForStory($story) { |
||
289 | $created_tasks = array(); |
||
290 | foreach ($story['Content'] as $task) { |
||
291 | $created_tasks[] = $this->createTask($task['Summary'], $task['Status']); |
||
292 | } |
||
293 | |||
294 | return $created_tasks; |
||
295 | } |
||
296 | |||
297 | private function createTask($name, $status) { |
||
298 | $tracker = $this->tracker_test_helper->getTrackerRest('task'); |
||
299 | $task = $tracker->createArtifact( |
||
300 | array( |
||
301 | $tracker->getSubmitTextValue('Summary', $name), |
||
302 | $tracker->getSubmitListValue('Status', $status) |
||
303 | ) |
||
304 | ); |
||
305 | return $task['id']; |
||
306 | } |
||
307 | |||
308 | private function createStory($iWantTo, $status, $tasks) { |
||
309 | $tracker = $this->tracker_test_helper->getTrackerRest('story'); |
||
310 | $story = $tracker->createArtifact( |
||
311 | array( |
||
312 | $tracker->getSubmitTextValue('I want to', $iWantTo), |
||
313 | $tracker->getSubmitListValue('Status', $status), |
||
314 | $tracker->getSubmitArtifactLinkValue($tasks) |
||
315 | ) |
||
316 | ); |
||
317 | return $story['id']; |
||
318 | } |
||
319 | } |
||
320 |