|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace LaravelAt\ImageSanitize\Tests; |
|
4
|
|
|
|
|
5
|
|
|
use Illuminate\Http\Request; |
|
6
|
|
|
use Illuminate\Http\UploadedFile; |
|
7
|
|
|
use LaravelAt\ImageSanitize\ImageSanitize; |
|
8
|
|
|
use LaravelAt\ImageSanitize\RequestHandler; |
|
9
|
|
|
|
|
10
|
|
|
class RequestHandlerTest extends TestCase |
|
11
|
|
|
{ |
|
12
|
|
|
/** |
|
13
|
|
|
* @var RequestHandler |
|
14
|
|
|
*/ |
|
15
|
|
|
protected $handler; |
|
16
|
|
|
/** |
|
17
|
|
|
* @var ImageSanitize |
|
18
|
|
|
*/ |
|
19
|
|
|
protected $sanitizer; |
|
20
|
|
|
|
|
21
|
|
|
protected function setUp(): void |
|
22
|
|
|
{ |
|
23
|
|
|
parent::setUp(); |
|
24
|
|
|
|
|
25
|
|
|
$this->handler = $this->app->make(RequestHandler::class); |
|
|
|
|
|
|
26
|
|
|
|
|
27
|
|
|
$this->sanitizer = $this->app->make(ImageSanitize::class); |
|
28
|
|
|
} |
|
29
|
|
|
|
|
30
|
|
|
/** @test */ |
|
31
|
|
|
public function it_detects_images_in_the_request(): void |
|
32
|
|
|
{ |
|
33
|
|
|
$request = new Request; |
|
34
|
|
|
|
|
35
|
|
|
$request->files->set('image', UploadedFile::fake()->image('image.jpeg')); |
|
36
|
|
|
$request->files->set('pdf', UploadedFile::fake()->create('document.pdf')); |
|
37
|
|
|
|
|
38
|
|
|
$this->assertArrayHasKey( |
|
39
|
|
|
'image', |
|
40
|
|
|
$this->handler->getImages($request->allFiles()) |
|
41
|
|
|
); |
|
42
|
|
|
$this->assertArrayNotHasKey( |
|
43
|
|
|
'pdf', |
|
44
|
|
|
$this->handler->getImages($request->allFiles()) |
|
45
|
|
|
); |
|
46
|
|
|
} |
|
47
|
|
|
|
|
48
|
|
|
/** @test */ |
|
49
|
|
|
public function it_swaps_the_file_content_with_the_sanitized_string(): void |
|
50
|
|
|
{ |
|
51
|
|
|
$uploadedFile = UploadedFile::fake()->image('malicious.jpeg', '100', '100'); |
|
52
|
|
|
file_put_contents($uploadedFile->getPathname(), file_get_contents(__DIR__.'/stubs/exploit.jpeg')); |
|
53
|
|
|
|
|
54
|
|
|
$request = new Request; |
|
55
|
|
|
$request->files->set('image', $uploadedFile); |
|
56
|
|
|
|
|
57
|
|
|
$maliciousImageContent = $request->file('image')->get(); |
|
58
|
|
|
$this->handler->handle($request); |
|
59
|
|
|
|
|
60
|
|
|
$sanitizedImageContent = $request->file('image')->get(); |
|
61
|
|
|
$this->assertNotEquals( |
|
62
|
|
|
$maliciousImageContent, |
|
63
|
|
|
$sanitizedImageContent |
|
64
|
|
|
); |
|
65
|
|
|
$this->assertFalse($this->sanitizer->detect($sanitizedImageContent)); |
|
66
|
|
|
} |
|
67
|
|
|
} |
|
68
|
|
|
|
laravel-at /
laravel-image-sanitize
Adrian Nürnberger
This check looks for calls to methods that do not seem to exist on a given type. It looks for the method on the type itself as well as in inherited classes or implemented interfaces.
This is most likely a typographical error or the method has been renamed.