|
1
|
|
|
<?php |
|
2
|
|
|
|
|
3
|
|
|
namespace Overblog\GraphQLBundle\Tests\ExpressionLanguage; |
|
4
|
|
|
|
|
5
|
|
|
use Overblog\GraphQLBundle\ExpressionLanguage\ExpressionLanguage; |
|
6
|
|
|
use Overblog\GraphQLBundle\Tests\DIContainerMockTrait; |
|
7
|
|
|
use PHPUnit\Framework\TestCase as BaseTestCase; |
|
8
|
|
|
use Symfony\Component\ExpressionLanguage\ExpressionFunction; |
|
9
|
|
|
use Symfony\Component\Security\Core\Authorization\AuthorizationCheckerInterface; |
|
10
|
|
|
|
|
11
|
|
|
abstract class TestCase extends BaseTestCase |
|
12
|
|
|
{ |
|
13
|
|
|
use DIContainerMockTrait; |
|
14
|
|
|
|
|
15
|
|
|
/** @var ExpressionLanguage */ |
|
16
|
|
|
protected $expressionLanguage; |
|
17
|
|
|
|
|
18
|
|
|
public function setUp() |
|
19
|
|
|
{ |
|
20
|
|
|
$this->expressionLanguage = new ExpressionLanguage(); |
|
21
|
|
|
$container = $this->getDIContainerMock(); |
|
22
|
|
|
$this->expressionLanguage->setContainer($container); |
|
23
|
|
|
foreach ($this->getFunctions() as $function) { |
|
24
|
|
|
$this->expressionLanguage->addFunction($function); |
|
25
|
|
|
} |
|
26
|
|
|
} |
|
27
|
|
|
|
|
28
|
|
|
/** |
|
29
|
|
|
* @return ExpressionFunction[] |
|
30
|
|
|
*/ |
|
31
|
|
|
abstract protected function getFunctions(); |
|
32
|
|
|
|
|
33
|
|
|
protected function assertExpressionCompile($expression, $with, array $expressionValues = [], $expects = null, $return = true, $assertMethod = 'assertTrue') |
|
34
|
|
|
{ |
|
35
|
|
|
$expressionValues['container'] = $this->getDIContainerMock(['security.authorization_checker' => $this->getAuthorizationCheckerIsGrantedWithExpectation($with, $expects, $return)]); |
|
36
|
|
|
extract($expressionValues); |
|
37
|
|
|
|
|
38
|
|
|
$code = $this->expressionLanguage->compile($expression, array_keys($expressionValues)); |
|
39
|
|
|
|
|
40
|
|
|
$this->$assertMethod(eval('return '.$code.';')); |
|
|
|
|
|
|
41
|
|
|
} |
|
42
|
|
|
|
|
43
|
|
|
private function getAuthorizationCheckerIsGrantedWithExpectation($with, $expects = null, $return = true) |
|
44
|
|
|
{ |
|
45
|
|
|
if (null === $expects) { |
|
46
|
|
|
$expects = $this->once(); |
|
47
|
|
|
} |
|
48
|
|
|
$authChecker = $this->getAuthorizationCheckerMock(); |
|
49
|
|
|
|
|
50
|
|
|
if ($return instanceof \PHPUnit_Framework_MockObject_Stub_Return) { |
|
|
|
|
|
|
51
|
|
|
$returnValue = $return; |
|
52
|
|
|
} else { |
|
53
|
|
|
$returnValue = $this->returnValue($return); |
|
54
|
|
|
} |
|
55
|
|
|
|
|
56
|
|
|
$methodExpectation = $authChecker |
|
57
|
|
|
->expects($expects) |
|
58
|
|
|
->method('isGranted'); |
|
59
|
|
|
|
|
60
|
|
|
call_user_func_array([$methodExpectation, 'with'], is_array($with) ? $with : [$with]); |
|
61
|
|
|
|
|
62
|
|
|
$methodExpectation->will($returnValue); |
|
63
|
|
|
|
|
64
|
|
|
return $authChecker; |
|
65
|
|
|
} |
|
66
|
|
|
|
|
67
|
|
|
private function getAuthorizationCheckerMock() |
|
68
|
|
|
{ |
|
69
|
|
|
$AuthorizationChecker = $this->getMockBuilder(AuthorizationCheckerInterface::class) |
|
70
|
|
|
->disableOriginalConstructor() |
|
71
|
|
|
->setMethods(['isGranted']) |
|
72
|
|
|
->getMock() |
|
73
|
|
|
; |
|
74
|
|
|
|
|
75
|
|
|
return $AuthorizationChecker; |
|
76
|
|
|
} |
|
77
|
|
|
} |
|
78
|
|
|
|
overblog /
GraphQLBundle
Loading history...
On one hand,
evalmight be exploited by malicious users if they somehow manage to inject dynamic content. On the other hand, with the emergence of faster PHP runtimes like the HHVM,evalprevents some optimization that they perform.