1
|
|
|
<?php |
2
|
|
|
namespace Mezon\Security\Tests; |
3
|
|
|
|
4
|
|
|
class SecurityRulesUnitTest extends \PHPUnit\Framework\TestCase |
|
|
|
|
5
|
|
|
{ |
6
|
|
|
|
7
|
|
|
/** |
8
|
|
|
* Path to the directory where all files are stored |
9
|
|
|
* |
10
|
|
|
* @var string |
11
|
|
|
*/ |
12
|
|
|
public const PATH_TO_FILE_STORAGE = '/data/files/'; |
13
|
|
|
|
14
|
|
|
/** |
15
|
|
|
* Field name of the testing file |
16
|
|
|
* |
17
|
|
|
* @var string |
18
|
|
|
*/ |
19
|
|
|
public const TEST_FILE_FIELD_NAME = 'test-file'; |
20
|
|
|
|
21
|
|
|
/** |
22
|
|
|
* Testing image |
23
|
|
|
* |
24
|
|
|
* @var string |
25
|
|
|
*/ |
26
|
|
|
public const TEST_PNG_IMAGE_PATH = __DIR__.'/res/test.png'; |
27
|
|
|
|
28
|
|
|
/** |
29
|
|
|
* Method returns path to storage |
30
|
|
|
* |
31
|
|
|
* @return string path to storage |
32
|
|
|
*/ |
33
|
|
|
protected function getPathToStorage(): string |
34
|
|
|
{ |
35
|
|
|
return SecurityRulesUnitTest::PATH_TO_FILE_STORAGE . date('Y/m/d/'); |
36
|
|
|
} |
37
|
|
|
|
38
|
|
|
/** |
39
|
|
|
* Testing edge cases of getFileValue |
40
|
|
|
*/ |
41
|
|
|
public function testGetEmptyFileValue(): void |
42
|
|
|
{ |
43
|
|
|
// setup |
44
|
|
|
$_FILES = [ |
45
|
|
|
'empty-file' => [ |
46
|
|
|
'size' => 0 |
47
|
|
|
] |
48
|
|
|
]; |
49
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
50
|
|
|
->setMethods([ |
51
|
|
|
'_prepareFs', |
52
|
|
|
'filePutContents', |
53
|
|
|
'moveUploadedFile' |
54
|
|
|
]) |
55
|
|
|
->setConstructorArgs([]) |
56
|
|
|
->getMock(); |
57
|
|
|
|
58
|
|
|
// test body |
59
|
|
|
$result = $securityRules->getFileValue('empty-file', false); |
60
|
|
|
|
61
|
|
|
// assertions |
62
|
|
|
$this->assertEquals('', $result); |
63
|
|
|
} |
64
|
|
|
|
65
|
|
|
/** |
66
|
|
|
* Method constructs element of the $_FILES array |
67
|
|
|
* |
68
|
|
|
* @param int $size |
69
|
|
|
* size of the file |
70
|
|
|
* @param string $file |
71
|
|
|
* file path |
72
|
|
|
* @param string $name |
73
|
|
|
* file name |
74
|
|
|
* @return array element of the $_FILES array |
75
|
|
|
*/ |
76
|
|
|
protected function constructUploadedFile(int $size, string $file, string $name, string $tmpName = ''): array |
77
|
|
|
{ |
78
|
|
|
$return = [ |
79
|
|
|
'size' => $size, |
80
|
|
|
'name' => $name |
81
|
|
|
]; |
82
|
|
|
|
83
|
|
|
if ($file !== '') { |
84
|
|
|
$return['file'] = $file; |
85
|
|
|
} |
86
|
|
|
|
87
|
|
|
if ($tmpName !== '') { |
88
|
|
|
$return['tmp_' . 'name'] = $tmpName; |
89
|
|
|
} |
90
|
|
|
|
91
|
|
|
return $return; |
92
|
|
|
} |
93
|
|
|
|
94
|
|
|
/** |
95
|
|
|
* Method constructs $_FILES array with one element |
96
|
|
|
* |
97
|
|
|
* @param int $size |
98
|
|
|
* size of the file |
99
|
|
|
* @param string $file |
100
|
|
|
* file path |
101
|
|
|
* @param string $name |
102
|
|
|
* file name |
103
|
|
|
* @return array element of the $_FILES array |
104
|
|
|
*/ |
105
|
|
|
protected function constructTestFiles(int $size, string $file, string $name, string $tmpName = ''): array |
106
|
|
|
{ |
107
|
|
|
return [ |
108
|
|
|
SecurityRulesUnitTest::TEST_FILE_FIELD_NAME => $this->constructUploadedFile($size, $file, $name, $tmpName) |
109
|
|
|
]; |
110
|
|
|
} |
111
|
|
|
|
112
|
|
|
/** |
113
|
|
|
* Data provider for the testGetFileValue test |
114
|
|
|
* |
115
|
|
|
* @return array data for test testGetFileValue |
116
|
|
|
*/ |
117
|
|
|
public function getFileValueProvider(): array |
118
|
|
|
{ |
119
|
|
|
return [ |
120
|
|
|
[ |
121
|
|
|
true, |
122
|
|
|
$this->constructTestFiles(2000, '1', '1') |
123
|
|
|
], |
124
|
|
|
[ |
125
|
|
|
false, |
126
|
|
|
$this->constructTestFiles(1, '1', '1') |
127
|
|
|
], |
128
|
|
|
[ |
129
|
|
|
true, |
130
|
|
|
$this->constructTestFiles(1, '', '1', '1') |
131
|
|
|
] |
132
|
|
|
]; |
133
|
|
|
} |
134
|
|
|
|
135
|
|
|
/** |
136
|
|
|
* Method returns true if the field tmp_name is set |
137
|
|
|
* |
138
|
|
|
* @param array $file |
139
|
|
|
* validating file description |
140
|
|
|
* @return bool true if the field tmp_name is set, false otherwise |
141
|
|
|
*/ |
142
|
|
|
protected function tmpNameSet(array $file): bool |
143
|
|
|
{ |
144
|
|
|
return isset($file['tmp_name']); |
145
|
|
|
} |
146
|
|
|
|
147
|
|
|
/** |
148
|
|
|
* Testing edge cases of getFileValue |
149
|
|
|
* |
150
|
|
|
* @param bool $storeFile |
151
|
|
|
* do we need to store file |
152
|
|
|
* @param array $files |
153
|
|
|
* file ddescription |
154
|
|
|
* @dataProvider getFileValueProvider |
155
|
|
|
*/ |
156
|
|
|
public function testGetFileValue(bool $storeFile, array $files): void |
157
|
|
|
{ |
158
|
|
|
// setup |
159
|
|
|
$_FILES = $files; |
160
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
161
|
|
|
->setMethods([ |
162
|
|
|
'_prepareFs', |
163
|
|
|
'filePutContents', |
164
|
|
|
'moveUploadedFile' |
165
|
|
|
]) |
166
|
|
|
->setConstructorArgs([]) |
167
|
|
|
->getMock(); |
168
|
|
|
|
169
|
|
|
if ($storeFile) { |
170
|
|
|
if ($this->tmpNameSet($files[SecurityRulesUnitTest::TEST_FILE_FIELD_NAME])) { |
171
|
|
|
$securityRules->expects($this->once()) |
172
|
|
|
->method('moveUploadedFile'); |
173
|
|
|
} else { |
174
|
|
|
$securityRules->expects($this->once()) |
175
|
|
|
->method('filePutContents'); |
176
|
|
|
} |
177
|
|
|
} |
178
|
|
|
|
179
|
|
|
// test body |
180
|
|
|
$result = $securityRules->getFileValue(SecurityRulesUnitTest::TEST_FILE_FIELD_NAME, $storeFile); |
181
|
|
|
|
182
|
|
|
// assertions |
183
|
|
|
if ($storeFile) { |
184
|
|
|
$this->assertStringContainsString($this->getPathToStorage(), $result); |
185
|
|
|
} else { |
186
|
|
|
$this->assertEquals(1, $result['size']); |
187
|
|
|
|
188
|
|
|
$this->assertEquals('1', $result['name']); |
189
|
|
|
if ($this->tmpNameSet($files[SecurityRulesUnitTest::TEST_FILE_FIELD_NAME])) { |
190
|
|
|
$this->assertEquals('1', $result['tmp_name']); |
191
|
|
|
} else { |
192
|
|
|
$this->assertEquals('1', $result['file']); |
193
|
|
|
} |
194
|
|
|
} |
195
|
|
|
} |
196
|
|
|
|
197
|
|
|
/** |
198
|
|
|
* Data provider for the testStoreFileContent |
199
|
|
|
* |
200
|
|
|
* @return array data for the testStoreFileContent test |
201
|
|
|
*/ |
202
|
|
|
public function storeFileContentProvider(): array |
203
|
|
|
{ |
204
|
|
|
return [ |
205
|
|
|
[ |
206
|
|
|
true |
207
|
|
|
], |
208
|
|
|
[ |
209
|
|
|
false |
210
|
|
|
] |
211
|
|
|
]; |
212
|
|
|
} |
213
|
|
|
|
214
|
|
|
/** |
215
|
|
|
* Testing storeFileContent method |
216
|
|
|
* |
217
|
|
|
* @dataProvider storeFileContentProvider |
218
|
|
|
*/ |
219
|
|
|
public function testStoreFileContent(bool $decoded): void |
220
|
|
|
{ |
221
|
|
|
// setup |
222
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
223
|
|
|
->setMethods([ |
224
|
|
|
'_prepareFs', |
225
|
|
|
'filePutContents', |
226
|
|
|
'moveUploadedFile' |
227
|
|
|
]) |
228
|
|
|
->setConstructorArgs([]) |
229
|
|
|
->getMock(); |
230
|
|
|
$securityRules->method('_prepareFs')->willReturn('prepared'); |
231
|
|
|
$securityRules->expects($this->once()) |
232
|
|
|
->method('filePutContents'); |
233
|
|
|
|
234
|
|
|
// test body |
235
|
|
|
$result = $securityRules->storeFileContent('content', 'file-prefix', $decoded); |
236
|
|
|
|
237
|
|
|
// assertions |
238
|
|
|
$this->assertStringContainsString($this->getPathToStorage(), $result); |
239
|
|
|
} |
240
|
|
|
|
241
|
|
|
/** |
242
|
|
|
* Mock creation function |
243
|
|
|
* |
244
|
|
|
* @param mixed $returnValue |
245
|
|
|
* return value of the fileGetContents method |
246
|
|
|
* @return object mock |
247
|
|
|
*/ |
248
|
|
|
protected function getStoreFileMock($returnValue): object |
249
|
|
|
{ |
250
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
251
|
|
|
->setMethods([ |
252
|
|
|
'fileGetContents', |
253
|
|
|
'_prepareFs', |
254
|
|
|
'filePutContents', |
255
|
|
|
]) |
256
|
|
|
->setConstructorArgs([]) |
257
|
|
|
->getMock(); |
258
|
|
|
$securityRules->expects($this->once()) |
259
|
|
|
->method('fileGetContents') |
260
|
|
|
->willReturn($returnValue); |
261
|
|
|
$securityRules->method('_prepareFs')->willReturn('prepared'); |
262
|
|
|
|
263
|
|
|
return $securityRules; |
264
|
|
|
} |
265
|
|
|
|
266
|
|
|
/** |
267
|
|
|
* Testing 'storeFile' method |
268
|
|
|
*/ |
269
|
|
|
public function testStoreFile(): void |
270
|
|
|
{ |
271
|
|
|
// setup |
272
|
|
|
$securityRules = $this->getStoreFileMock('content'); |
273
|
|
|
|
274
|
|
|
// test body |
275
|
|
|
$result = $securityRules->storeFile('c://file', 'prefix'); |
276
|
|
|
|
277
|
|
|
// assertions |
278
|
|
|
$this->assertStringContainsString($this->getPathToStorage(), $result); |
279
|
|
|
} |
280
|
|
|
|
281
|
|
|
/** |
282
|
|
|
* Testing 'storeFile' method for unexisting file |
283
|
|
|
*/ |
284
|
|
|
public function testStoreUnexistingFile(): void |
285
|
|
|
{ |
286
|
|
|
// setup |
287
|
|
|
$securityRules = $this->getStoreFileMock(false); |
288
|
|
|
|
289
|
|
|
// test body |
290
|
|
|
$result = $securityRules->storeFile('c://file', 'prefix'); |
291
|
|
|
|
292
|
|
|
// assertions |
293
|
|
|
$this->assertNull($result); |
294
|
|
|
} |
295
|
|
|
|
296
|
|
|
/** |
297
|
|
|
* Data provider for the test testIsUploadedFileValid |
298
|
|
|
* |
299
|
|
|
* @return array testing data |
300
|
|
|
*/ |
301
|
|
|
public function isUploadFileValidProvider(): array |
302
|
|
|
{ |
303
|
|
|
return [ |
304
|
|
|
[ |
305
|
|
|
$this->constructUploadedFile(2000, '1', '1'), |
306
|
|
|
[], |
307
|
|
|
true |
308
|
|
|
], |
309
|
|
|
[ |
310
|
|
|
$this->constructUploadedFile(2000, '1', '1'), |
311
|
|
|
[ |
312
|
|
|
new \Mezon\Security\Validators\File\Size(2000) |
313
|
|
|
], |
314
|
|
|
true |
315
|
|
|
], |
316
|
|
|
[ |
317
|
|
|
$this->constructUploadedFile(2000, '1', '1'), |
318
|
|
|
[ |
319
|
|
|
new \Mezon\Security\Validators\File\Size(1500) |
320
|
|
|
], |
321
|
|
|
false |
322
|
|
|
], |
323
|
|
|
[ |
324
|
|
|
$this->constructUploadedFile(2000, '1', '1', __DIR__ . '/SecurityRulesUnitTest.php'), |
325
|
|
|
[ |
326
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
327
|
|
|
'text/x-php' |
328
|
|
|
]) |
329
|
|
|
], |
330
|
|
|
true |
331
|
|
|
], |
332
|
|
|
[ |
333
|
|
|
$this->constructUploadedFile(2000, '1', '1', __DIR__ . '/SecurityRulesUnitTest.php'), |
334
|
|
|
[ |
335
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
336
|
|
|
'image/png' |
337
|
|
|
]) |
338
|
|
|
], |
339
|
|
|
false |
340
|
|
|
], |
341
|
|
|
[ |
342
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
343
|
|
|
[ |
344
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
345
|
|
|
'image/png' |
346
|
|
|
]) |
347
|
|
|
], |
348
|
|
|
true |
349
|
|
|
], |
350
|
|
|
[ |
351
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
352
|
|
|
[ |
353
|
|
|
new \Mezon\Security\Validators\File\ImageMaximumWidthHeight(500, 500) |
354
|
|
|
], |
355
|
|
|
false |
356
|
|
|
], |
357
|
|
|
[ |
358
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
359
|
|
|
[ |
360
|
|
|
new \Mezon\Security\Validators\File\ImageMaximumWidthHeight(500, 600) |
361
|
|
|
], |
362
|
|
|
false |
363
|
|
|
], |
364
|
|
|
[ |
365
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
366
|
|
|
[ |
367
|
|
|
new \Mezon\Security\Validators\File\ImageMaximumWidthHeight(500, 500) |
368
|
|
|
], |
369
|
|
|
false |
370
|
|
|
], |
371
|
|
|
[ |
372
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
373
|
|
|
[ |
374
|
|
|
new \Mezon\Security\Validators\File\ImageMaximumWidthHeight(600, 600) |
375
|
|
|
], |
376
|
|
|
true |
377
|
|
|
], |
378
|
|
|
[ |
379
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
380
|
|
|
[ |
381
|
|
|
new \Mezon\Security\Validators\File\ImageMinimumWidthHeight(500, 500) |
382
|
|
|
], |
383
|
|
|
true |
384
|
|
|
], |
385
|
|
|
[ |
386
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
387
|
|
|
[ |
388
|
|
|
new \Mezon\Security\Validators\File\ImageMinimumWidthHeight(600, 500) |
389
|
|
|
], |
390
|
|
|
false |
391
|
|
|
], |
392
|
|
|
[ |
393
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
394
|
|
|
[ |
395
|
|
|
new \Mezon\Security\Validators\File\ImageMinimumWidthHeight(500, 600) |
396
|
|
|
], |
397
|
|
|
false |
398
|
|
|
], |
399
|
|
|
[ |
400
|
|
|
$this->constructUploadedFile(6912, '1', '1', SecurityRulesUnitTest::TEST_PNG_IMAGE_PATH), |
401
|
|
|
[ |
402
|
|
|
new \Mezon\Security\Validators\File\ImageMinimumWidthHeight(600, 600) |
403
|
|
|
], |
404
|
|
|
false |
405
|
|
|
] |
406
|
|
|
]; |
407
|
|
|
} |
408
|
|
|
|
409
|
|
|
/** |
410
|
|
|
* Testing that uploaded file is valid |
411
|
|
|
* |
412
|
|
|
* @param array $file |
413
|
|
|
* uploaded file |
414
|
|
|
* @param array $validators |
415
|
|
|
* validators |
416
|
|
|
* @param bool $requiredResult |
417
|
|
|
* required result |
418
|
|
|
* @dataProvider isUploadFileValidProvider |
419
|
|
|
*/ |
420
|
|
|
public function testIsUploadedFileValid(array $file, array $validators, bool $requiredResult): void |
421
|
|
|
{ |
422
|
|
|
// setup |
423
|
|
|
$security = new \Mezon\Security\SecurityRules(); |
424
|
|
|
$_FILES['is-valid-file'] = $file; |
425
|
|
|
|
426
|
|
|
// test body |
427
|
|
|
$result = $security->isUploadedFileValid('is-valid-file', $validators); |
428
|
|
|
|
429
|
|
|
// assertions |
430
|
|
|
$this->assertEquals($requiredResult, $result); |
431
|
|
|
} |
432
|
|
|
|
433
|
|
|
/** |
434
|
|
|
* Data provider for the test testValidatingUnexistingFile |
435
|
|
|
* |
436
|
|
|
* @return array testing data |
437
|
|
|
*/ |
438
|
|
|
public function validatingUnexistingFileProvider(): array |
439
|
|
|
{ |
440
|
|
|
return [ |
441
|
|
|
[ |
442
|
|
|
new \Mezon\Security\Validators\File\Size(2000) |
443
|
|
|
], |
444
|
|
|
[ |
445
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
446
|
|
|
'image/jpeg' |
447
|
|
|
]) |
448
|
|
|
] |
449
|
|
|
]; |
450
|
|
|
} |
451
|
|
|
|
452
|
|
|
/** |
453
|
|
|
* Trying to validate size of the unexisting file |
454
|
|
|
* |
455
|
|
|
* @param object $validator |
456
|
|
|
* validator |
457
|
|
|
* @dataProvider validatingUnexistingFileProvider |
458
|
|
|
*/ |
459
|
|
|
public function testValidatingUnexistingFile(object $validator): void |
460
|
|
|
{ |
461
|
|
|
// assertions |
462
|
|
|
$this->expectException(\Exception::class); |
463
|
|
|
|
464
|
|
|
// setup |
465
|
|
|
$security = new \Mezon\Security\SecurityRules(); |
466
|
|
|
|
467
|
|
|
// test body |
468
|
|
|
$security->isUploadedFileValid('unexisting-file', [ |
469
|
|
|
$validator |
470
|
|
|
]); |
471
|
|
|
} |
472
|
|
|
} |
473
|
|
|
|
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths