1
|
|
|
<?php |
2
|
|
|
namespace Mezon\Security\Tests; |
3
|
|
|
|
4
|
|
|
class SecurityRulesUnitTest extends \PHPUnit\Framework\TestCase |
|
|
|
|
5
|
|
|
{ |
6
|
|
|
|
7
|
|
|
/** |
8
|
|
|
* Path to the directory where all files are stored |
9
|
|
|
* |
10
|
|
|
* @var string |
11
|
|
|
*/ |
12
|
|
|
public const PATH_TO_FILE_STORAGE = '/data/files/'; |
13
|
|
|
|
14
|
|
|
/** |
15
|
|
|
* Method returns path to storage |
16
|
|
|
* |
17
|
|
|
* @return string path to storage |
18
|
|
|
*/ |
19
|
|
|
protected function getPathToStorage(): string |
20
|
|
|
{ |
21
|
|
|
return SecurityRulesUnitTest::PATH_TO_FILE_STORAGE . date('Y/m/d/'); |
22
|
|
|
} |
23
|
|
|
|
24
|
|
|
/** |
25
|
|
|
* Testing edge cases of getFileValue |
26
|
|
|
*/ |
27
|
|
|
public function testGetEmptyFileValue(): void |
28
|
|
|
{ |
29
|
|
|
// setup |
30
|
|
|
$_FILES = [ |
31
|
|
|
'empty-file' => [ |
32
|
|
|
'size' => 0 |
33
|
|
|
] |
34
|
|
|
]; |
35
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
36
|
|
|
->setMethods([ |
37
|
|
|
'_prepareFs', |
38
|
|
|
'filePutContents', |
39
|
|
|
'moveUploadedFile' |
40
|
|
|
]) |
41
|
|
|
->setConstructorArgs([]) |
42
|
|
|
->getMock(); |
43
|
|
|
|
44
|
|
|
// test body |
45
|
|
|
$result = $securityRules->getFileValue('empty-file', false); |
46
|
|
|
|
47
|
|
|
// assertions |
48
|
|
|
$this->assertEquals('', $result); |
49
|
|
|
} |
50
|
|
|
|
51
|
|
|
/** |
52
|
|
|
* Method constructs element of the $_FILES array |
53
|
|
|
* |
54
|
|
|
* @param int $size |
55
|
|
|
* size of the file |
56
|
|
|
* @param string $file |
57
|
|
|
* file path |
58
|
|
|
* @param string $name |
59
|
|
|
* file name |
60
|
|
|
* @return array element of the $_FILES array |
61
|
|
|
*/ |
62
|
|
|
protected function constructUploadedFile(int $size, string $file, string $name, string $tmpName = ''): array |
63
|
|
|
{ |
64
|
|
|
$return = [ |
65
|
|
|
'size' => $size, |
66
|
|
|
'name' => $name |
67
|
|
|
]; |
68
|
|
|
|
69
|
|
|
if ($file !== '') { |
70
|
|
|
$return['file'] = $file; |
71
|
|
|
} |
72
|
|
|
|
73
|
|
|
if ($tmpName !== '') { |
74
|
|
|
$return['tmp_' . 'name'] = $tmpName; |
75
|
|
|
} |
76
|
|
|
|
77
|
|
|
return $return; |
78
|
|
|
} |
79
|
|
|
|
80
|
|
|
/** |
81
|
|
|
* Data provider for the testGetFileValue test |
82
|
|
|
* |
83
|
|
|
* @return array data for test testGetFileValue |
84
|
|
|
*/ |
85
|
|
|
public function getFileValueProvider(): array |
86
|
|
|
{ |
87
|
|
|
return [ |
88
|
|
|
[ |
89
|
|
|
true, |
90
|
|
|
[ |
91
|
|
|
'test-file' => $this->constructUploadedFile(2000, '1', '1') |
92
|
|
|
] |
93
|
|
|
], |
94
|
|
|
[ |
95
|
|
|
false, |
96
|
|
|
[ |
97
|
|
|
'test-file' => $this->constructUploadedFile(1, '1', '1') |
98
|
|
|
] |
99
|
|
|
], |
100
|
|
|
[ |
101
|
|
|
true, |
102
|
|
|
[ |
103
|
|
|
'test-file' => $this->constructUploadedFile(1, '', '1', '1') |
104
|
|
|
] |
105
|
|
|
] |
106
|
|
|
]; |
107
|
|
|
} |
108
|
|
|
|
109
|
|
|
/** |
110
|
|
|
* Method returns true if the field tmp_name is set |
111
|
|
|
* |
112
|
|
|
* @param array $file |
113
|
|
|
* validating file description |
114
|
|
|
* @return bool true if the field tmp_name is set, false otherwise |
115
|
|
|
*/ |
116
|
|
|
protected function tmpNameSet(array $file): bool |
117
|
|
|
{ |
118
|
|
|
return isset($file['tmp_name']); |
119
|
|
|
} |
120
|
|
|
|
121
|
|
|
/** |
122
|
|
|
* Testing edge cases of getFileValue |
123
|
|
|
* |
124
|
|
|
* @param bool $storeFile |
125
|
|
|
* do we need to store file |
126
|
|
|
* @param array $files |
127
|
|
|
* file ddescription |
128
|
|
|
* @dataProvider getFileValueProvider |
129
|
|
|
*/ |
130
|
|
|
public function testGetFileValue(bool $storeFile, array $files): void |
131
|
|
|
{ |
132
|
|
|
// setup |
133
|
|
|
$_FILES = $files; |
134
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
135
|
|
|
->setMethods([ |
136
|
|
|
'_prepareFs', |
137
|
|
|
'filePutContents', |
138
|
|
|
'moveUploadedFile' |
139
|
|
|
]) |
140
|
|
|
->setConstructorArgs([]) |
141
|
|
|
->getMock(); |
142
|
|
|
|
143
|
|
|
if ($storeFile) { |
144
|
|
|
if ($this->tmpNameSet($files['test-file'])) { |
145
|
|
|
$securityRules->expects($this->once()) |
146
|
|
|
->method('moveUploadedFile'); |
147
|
|
|
} else { |
148
|
|
|
$securityRules->expects($this->once()) |
149
|
|
|
->method('filePutContents'); |
150
|
|
|
} |
151
|
|
|
} |
152
|
|
|
|
153
|
|
|
// test body |
154
|
|
|
$result = $securityRules->getFileValue('test-file', $storeFile); |
155
|
|
|
|
156
|
|
|
// assertions |
157
|
|
|
if ($storeFile) { |
158
|
|
|
$this->assertStringContainsString($this->getPathToStorage(), $result); |
159
|
|
|
} else { |
160
|
|
|
$this->assertEquals(1, $result['size']); |
161
|
|
|
|
162
|
|
|
$this->assertEquals('1', $result['name']); |
163
|
|
|
if ($this->tmpNameSet($files['test-file'])) { |
164
|
|
|
$this->assertEquals('1', $result['tmp_name']); |
165
|
|
|
} else { |
166
|
|
|
$this->assertEquals('1', $result['file']); |
167
|
|
|
} |
168
|
|
|
} |
169
|
|
|
} |
170
|
|
|
|
171
|
|
|
/** |
172
|
|
|
* Data provider for the testStoreFileContent |
173
|
|
|
* |
174
|
|
|
* @return array data for the testStoreFileContent test |
175
|
|
|
*/ |
176
|
|
|
public function storeFileContentProvider(): array |
177
|
|
|
{ |
178
|
|
|
return [ |
179
|
|
|
[ |
180
|
|
|
true |
181
|
|
|
], |
182
|
|
|
[ |
183
|
|
|
false |
184
|
|
|
] |
185
|
|
|
]; |
186
|
|
|
} |
187
|
|
|
|
188
|
|
|
/** |
189
|
|
|
* Testing storeFileContent method |
190
|
|
|
* |
191
|
|
|
* @dataProvider storeFileContentProvider |
192
|
|
|
*/ |
193
|
|
|
public function testStoreFileContent(bool $decoded): void |
194
|
|
|
{ |
195
|
|
|
// setup |
196
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
197
|
|
|
->setMethods([ |
198
|
|
|
'_prepareFs', |
199
|
|
|
'filePutContents', |
200
|
|
|
'moveUploadedFile' |
201
|
|
|
]) |
202
|
|
|
->setConstructorArgs([]) |
203
|
|
|
->getMock(); |
204
|
|
|
$securityRules->method('_prepareFs')->willReturn('prepared'); |
205
|
|
|
$securityRules->expects($this->once()) |
206
|
|
|
->method('filePutContents'); |
207
|
|
|
|
208
|
|
|
// test body |
209
|
|
|
$result = $securityRules->storeFileContent('content', 'file-prefix', $decoded); |
210
|
|
|
|
211
|
|
|
// assertions |
212
|
|
|
$this->assertStringContainsString($this->getPathToStorage(), $result); |
213
|
|
|
} |
214
|
|
|
|
215
|
|
|
/** |
216
|
|
|
* Mock creation function |
217
|
|
|
* |
218
|
|
|
* @param mixed $returnValue |
219
|
|
|
* return value of the fileGetContents method |
220
|
|
|
* @return object mock |
221
|
|
|
*/ |
222
|
|
|
protected function getStoreFileMock($returnValue): object |
223
|
|
|
{ |
224
|
|
|
$securityRules = $this->getMockBuilder(\Mezon\Security\SecurityRules::class) |
225
|
|
|
->setMethods([ |
226
|
|
|
'fileGetContents', |
227
|
|
|
'_prepareFs', |
228
|
|
|
'filePutContents', |
229
|
|
|
]) |
230
|
|
|
->setConstructorArgs([]) |
231
|
|
|
->getMock(); |
232
|
|
|
$securityRules->expects($this->once()) |
233
|
|
|
->method('fileGetContents') |
234
|
|
|
->willReturn($returnValue); |
235
|
|
|
$securityRules->method('_prepareFs')->willReturn('prepared'); |
236
|
|
|
|
237
|
|
|
return $securityRules; |
238
|
|
|
} |
239
|
|
|
|
240
|
|
|
/** |
241
|
|
|
* Testing 'storeFile' method |
242
|
|
|
*/ |
243
|
|
|
public function testStoreFile(): void |
244
|
|
|
{ |
245
|
|
|
// setup |
246
|
|
|
$securityRules = $this->getStoreFileMock('content'); |
247
|
|
|
|
248
|
|
|
// test body |
249
|
|
|
$result = $securityRules->storeFile('c://file', 'prefix'); |
250
|
|
|
|
251
|
|
|
// assertions |
252
|
|
|
$this->assertStringContainsString($this->getPathToStorage(), $result); |
253
|
|
|
} |
254
|
|
|
|
255
|
|
|
/** |
256
|
|
|
* Testing 'storeFile' method for unexisting file |
257
|
|
|
*/ |
258
|
|
|
public function testStoreUnexistingFile(): void |
259
|
|
|
{ |
260
|
|
|
// setup |
261
|
|
|
$securityRules = $this->getStoreFileMock(false); |
262
|
|
|
|
263
|
|
|
// test body |
264
|
|
|
$result = $securityRules->storeFile('c://file', 'prefix'); |
265
|
|
|
|
266
|
|
|
// assertions |
267
|
|
|
$this->assertNull($result); |
268
|
|
|
} |
269
|
|
|
|
270
|
|
|
/** |
271
|
|
|
* Data provider for the test testIsUploadedFileValid |
272
|
|
|
* |
273
|
|
|
* @return array testing data |
274
|
|
|
*/ |
275
|
|
|
public function isUploadFileValidProvider(): array |
276
|
|
|
{ |
277
|
|
|
return [ |
278
|
|
|
[ |
279
|
|
|
$this->constructUploadedFile(2000, '1', '1'), |
280
|
|
|
[], |
281
|
|
|
true |
282
|
|
|
], |
283
|
|
|
[ |
284
|
|
|
$this->constructUploadedFile(2000, '1', '1'), |
285
|
|
|
[ |
286
|
|
|
new \Mezon\Security\Validators\File\Size(2000) |
287
|
|
|
], |
288
|
|
|
true |
289
|
|
|
], |
290
|
|
|
[ |
291
|
|
|
$this->constructUploadedFile(2000, '1', '1'), |
292
|
|
|
[ |
293
|
|
|
new \Mezon\Security\Validators\File\Size(1500) |
294
|
|
|
], |
295
|
|
|
false |
296
|
|
|
], |
297
|
|
|
[ |
298
|
|
|
$this->constructUploadedFile(2000, '1', '1', __DIR__ . '/SecurityRulesUnitTest.php'), |
299
|
|
|
[ |
300
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
301
|
|
|
'text/x-php' |
302
|
|
|
]) |
303
|
|
|
], |
304
|
|
|
true |
305
|
|
|
], |
306
|
|
|
[ |
307
|
|
|
$this->constructUploadedFile(2000, '1', '1', __DIR__ . '/SecurityRulesUnitTest.php'), |
308
|
|
|
[ |
309
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
310
|
|
|
'image/png' |
311
|
|
|
]) |
312
|
|
|
], |
313
|
|
|
false |
314
|
|
|
] |
315
|
|
|
]; |
316
|
|
|
} |
317
|
|
|
|
318
|
|
|
/** |
319
|
|
|
* Testing that uploaded file is valid |
320
|
|
|
* |
321
|
|
|
* @param array $file |
322
|
|
|
* uploaded file |
323
|
|
|
* @param array $validators |
324
|
|
|
* validators |
325
|
|
|
* @param bool $requiredResult |
326
|
|
|
* required result |
327
|
|
|
* @dataProvider isUploadFileValidProvider |
328
|
|
|
*/ |
329
|
|
|
public function testIsUploadedFileValid(array $file, array $validators, bool $requiredResult): void |
330
|
|
|
{ |
331
|
|
|
// setup |
332
|
|
|
$security = new \Mezon\Security\SecurityRules(); |
333
|
|
|
$_FILES['is-valid-file'] = $file; |
334
|
|
|
|
335
|
|
|
// test body |
336
|
|
|
$result = $security->isUploadedFileValid('is-valid-file', $validators); |
337
|
|
|
|
338
|
|
|
// assertions |
339
|
|
|
$this->assertEquals($requiredResult, $result); |
340
|
|
|
} |
341
|
|
|
|
342
|
|
|
/** |
343
|
|
|
* Data provider for the test testValidatingUnexistingFile |
344
|
|
|
* |
345
|
|
|
* @return array testing data |
346
|
|
|
*/ |
347
|
|
|
public function validatingUnexistingFileProvider(): array |
348
|
|
|
{ |
349
|
|
|
return [ |
350
|
|
|
[ |
351
|
|
|
new \Mezon\Security\Validators\File\Size(2000) |
352
|
|
|
], |
353
|
|
|
[ |
354
|
|
|
new \Mezon\Security\Validators\File\MimeType([ |
355
|
|
|
'image/png' |
356
|
|
|
]) |
357
|
|
|
] |
358
|
|
|
]; |
359
|
|
|
} |
360
|
|
|
|
361
|
|
|
/** |
362
|
|
|
* Trying to validate size of the unexisting file |
363
|
|
|
* |
364
|
|
|
* @param object $validator |
365
|
|
|
* validator |
366
|
|
|
* @dataProvider validatingUnexistingFileProvider |
367
|
|
|
*/ |
368
|
|
|
public function testValidatingUnexistingFile(object $validator): void |
369
|
|
|
{ |
370
|
|
|
// assertions |
371
|
|
|
$this->expectException(\Exception::class); |
372
|
|
|
|
373
|
|
|
// setup |
374
|
|
|
$security = new \Mezon\Security\SecurityRules(); |
375
|
|
|
|
376
|
|
|
// test body |
377
|
|
|
$security->isUploadedFileValid('unexisting-file', [ |
378
|
|
|
$validator |
379
|
|
|
]); |
380
|
|
|
} |
381
|
|
|
} |
382
|
|
|
|
The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g.
excluded_paths: ["lib/*"]
, you can move it to the dependency path list as follows:For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths