InitialisationMiddlewareTest::testXSSProtectionHeaderNotAdded() - Code Metrics - Inspection of "Merge pull request #25 from madmatt/pulls/xss-prot..." - silverstripe/cwp-core - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 8a1eef...f999f4 )

by Daniel

created 2018-01-25 12:00 UTC

testXSSProtectionHeaderNotAdded() A

↳ Parent: InitialisationMiddlewareTest

Complexity

Conditions	1
Paths	1

Size

Total Lines	5
Code Lines	3

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
cc	1
eloc	3
nc	1
nop	0
dl	0
loc	5
rs	9.4285
c	1
b	0
f	0

<?php

namespace CWP\Core\Tests\Control;

use CWP\Core\Control\InitialisationMiddleware;
use SilverStripe\Control\HTTPRequest;
use SilverStripe\Core\Config\Config;
use SilverStripe\Core\Environment;
use SilverStripe\Dev\FunctionalTest;

class InitialisationMiddlewareTest extends FunctionalTest
{
    /**
     * @var HTTPRequest
     */
    protected $request;

    /**
     * @var InitialisationMiddleware
     */
    protected $middleware;

    protected function setUp()
    {
        parent::setUp();

        $this->request = new HTTPRequest('GET', '/');
        $this->middleware = new InitialisationMiddleware();

        Environment::setEnv('SS_OUTBOUND_PROXY', '');
        Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '');
        Environment::setEnv('NO_PROXY', '');
    }

    public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet()
    {
        $this->runMiddleware();

        $this->assertEmpty(
            Environment::getEnv('http_proxy'),
            'Proxy information is not set if no outbound proxy is configured'
        );
    }

    public function testConfigureEgressProxyWhenVarsAreSet()
    {
        Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com');
        Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024');

        $this->runMiddleware();

        $this->assertEquals(
            'http://example.com:8024',
            Environment::getEnv('http_proxy'),
            'Proxy is configured with proxy and port'
        );
    }

    public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined()
    {
        Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains');

        $this->runMiddleware();

        $this->assertSame(
            '',
            Environment::getEnv('NO_PROXY'),
            'No domain exclusions are set when none are defined'
        );
    }

    public function testConfigureEgressProxyDomainExclusions()
    {
        Config::modify()->set(
            InitialisationMiddleware::class,
            'egress_proxy_exclude_domains',
            'example.com'
        );

        Environment::setEnv('NO_PROXY', 'foo.com,bar.com');

        $this->runMiddleware();

        $this->assertSame(
            'foo.com,bar.com,example.com',
            Environment::getEnv('NO_PROXY'),
            'Domain exclusions are combined with existing values and configuration settings'
        );
    }

    public function testSecurityHeadersAddedByDefault()
    {
        $response = $this->get('test');
        $this->assertArrayHasKey('x-xss-protection', $response->getHeaders());
        $this->assertSame('1; mode=block', $response->getHeader('x-xss-protection'));
    }

    public function testXSSProtectionHeaderNotAdded()
    {
        Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_disabled', true);
        $response = $this->get('test');
        $this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders());
    }

    /**
     * Runs the middleware with a stubbed delegate
     */
    protected function runMiddleware()
    {
        $this->middleware->process($this->request, function () {
            // no op
        });
    }
}


1			<?php
2
3			namespace CWP\Core\Tests\Control;
4
5			use CWP\Core\Control\InitialisationMiddleware;
6			use SilverStripe\Control\HTTPRequest;
7			use SilverStripe\Core\Config\Config;
8			use SilverStripe\Core\Environment;
9			use SilverStripe\Dev\FunctionalTest;
10
11			class InitialisationMiddlewareTest extends FunctionalTest
12			{
13			/**
14			* @var HTTPRequest
15			*/
16			protected $request;
17
18			/**
19			* @var InitialisationMiddleware
20			*/
21			protected $middleware;
22
23			protected function setUp()
24			{
25			parent::setUp();
26
27			$this->request = new HTTPRequest('GET', '/');
28			$this->middleware = new InitialisationMiddleware();
29
30			Environment::setEnv('SS_OUTBOUND_PROXY', '');
31			Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '');
32			Environment::setEnv('NO_PROXY', '');
33			}
34
35			public function testDoNotConfigureProxyIfNoEnvironmentVarsAreSet()
36			{
37			$this->runMiddleware();
38
39			$this->assertEmpty(
40			Environment::getEnv('http_proxy'),
41			'Proxy information is not set if no outbound proxy is configured'
42			);
43			}
44
45			public function testConfigureEgressProxyWhenVarsAreSet()
46			{
47			Environment::setEnv('SS_OUTBOUND_PROXY', 'http://example.com');
48			Environment::setEnv('SS_OUTBOUND_PROXY_PORT', '8024');
49
50			$this->runMiddleware();
51
52			$this->assertEquals(
53			'http://example.com:8024',
54			Environment::getEnv('http_proxy'),
55			'Proxy is configured with proxy and port'
56			);
57			}
58
59			public function testDoNotConfigureProxyDomainExclusionsWhenNoneAreDefined()
60			{
61			Config::modify()->remove(InitialisationMiddleware::class, 'egress_proxy_exclude_domains');
62
63			$this->runMiddleware();
64
65			$this->assertSame(
66			'',
67			Environment::getEnv('NO_PROXY'),
68			'No domain exclusions are set when none are defined'
69			);
70			}
71
72			public function testConfigureEgressProxyDomainExclusions()
73			{
74			Config::modify()->set(
75			InitialisationMiddleware::class,
76			'egress_proxy_exclude_domains',
77			'example.com'
78			);
79
80			Environment::setEnv('NO_PROXY', 'foo.com,bar.com');
81
82			$this->runMiddleware();
83
84			$this->assertSame(
85			'foo.com,bar.com,example.com',
86			Environment::getEnv('NO_PROXY'),
87			'Domain exclusions are combined with existing values and configuration settings'
88			);
89			}
90
91			public function testSecurityHeadersAddedByDefault()
92			{
93			$response = $this->get('test');
94			$this->assertArrayHasKey('x-xss-protection', $response->getHeaders());
95			$this->assertSame('1; mode=block', $response->getHeader('x-xss-protection'));
96			}
97
98			public function testXSSProtectionHeaderNotAdded()
99			{
100			Config::modify()->set(InitialisationMiddleware::class, 'xss_protection_disabled', true);
101			$response = $this->get('test');
102			$this->assertArrayNotHasKey('x-xss-protection', $response->getHeaders());
103			}
104
105			/**
106			* Runs the middleware with a stubbed delegate
107			*/
108			protected function runMiddleware()
109			{
110			$this->middleware->process($this->request, function () {
111			// no op
112			});
113			}
114			}
115

silverstripe / cwp-core

Push — master ( 8a1eef...f999f4 )

testXSSProtectionHeaderNotAdded() A

Complexity

Size

Duplication

Importance

Duplication Side-by-Side

Filter issues like