initial commit
This commit is contained in:
44
tests/core/ConfigTest.php
Normal file
44
tests/core/ConfigTest.php
Normal file
@@ -0,0 +1,44 @@
|
||||
<?php
|
||||
|
||||
class ConfigTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/*
|
||||
* Create fake values, necessary to run the tests
|
||||
*/
|
||||
public function setUp()
|
||||
{
|
||||
$_SERVER['HTTP_HOST'] = 'localhost';
|
||||
$_SERVER['SCRIPT_NAME'] = 'index.php';
|
||||
Config::$config = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Reset everything
|
||||
*/
|
||||
public function tearDown()
|
||||
{
|
||||
putenv('APPLICATION_ENV=');
|
||||
Config::$config = null;
|
||||
}
|
||||
|
||||
/**
|
||||
* Checks if the correct config file for an EXISTING environment / config is called.
|
||||
*/
|
||||
public function testGetDefaultEnvironment()
|
||||
{
|
||||
// manually set environment to "development"
|
||||
putenv('APPLICATION_ENV=development');
|
||||
|
||||
// now get the default action to see if the correct config file (for development) is called
|
||||
$this->assertEquals('index', Config::get('DEFAULT_ACTION'));
|
||||
}
|
||||
|
||||
public function testGetFailingEnvironment()
|
||||
{
|
||||
// manually set environment to "foobar" (and non-existing environment)
|
||||
putenv('APPLICATION_ENV=foobar');
|
||||
|
||||
// call for environment should return false because config.foobar.php does not exist
|
||||
$this->assertEquals(false, Config::get('DEFAULT_ACTION'));
|
||||
}
|
||||
}
|
||||
23
tests/core/EnvironmentTest.php
Normal file
23
tests/core/EnvironmentTest.php
Normal file
@@ -0,0 +1,23 @@
|
||||
<?php
|
||||
|
||||
class EnvironmentTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
public function testGetDefault()
|
||||
{
|
||||
// call for environment should return "development"
|
||||
$this->assertEquals('development', Environment::get());
|
||||
}
|
||||
|
||||
public function testGetDevelopment()
|
||||
{
|
||||
putenv('APPLICATION_ENV=development');
|
||||
// call for environment should return "development"
|
||||
$this->assertEquals('development', Environment::get());
|
||||
}
|
||||
|
||||
public function testGetProduction()
|
||||
{
|
||||
putenv('APPLICATION_ENV=production');
|
||||
$this->assertEquals('production', Environment::get());
|
||||
}
|
||||
}
|
||||
262
tests/core/FilterTest.php
Normal file
262
tests/core/FilterTest.php
Normal file
@@ -0,0 +1,262 @@
|
||||
<?php
|
||||
|
||||
class FilterTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* When string argument contains bad code the encoded (and therefore un-dangerous) string should be returned
|
||||
*/
|
||||
public function testXSSFilterWithBadCodeInString_byref()
|
||||
{
|
||||
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
Filter::XSSFilter($codeBefore);
|
||||
$this->assertEquals($codeAfter, $codeBefore);
|
||||
}
|
||||
|
||||
/**
|
||||
* When string argument contains bad code the encoded (and therefore un-dangerous) string should be returned
|
||||
*/
|
||||
public function testXSSFilterWithBadCodeInString_return()
|
||||
{
|
||||
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$this->assertEquals($codeAfter, Filter::XSSFilter($codeBefore));
|
||||
}
|
||||
|
||||
|
||||
public function testXSSFilterWithArrayOfBadCode_byref()
|
||||
{
|
||||
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$badArray = [$codeBefore1, $codeBefore2];
|
||||
Filter::XSSFilter($badArray);
|
||||
|
||||
$this->assertEquals($codeAfter, $badArray[0]);
|
||||
$this->assertEquals($codeAfter, $badArray[1]);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithArrayOfBadCode_return()
|
||||
{
|
||||
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$badArray = [$codeBefore1, $codeBefore2];
|
||||
|
||||
$this->assertEquals($codeAfter, Filter::XSSFilter($badArray)[1]);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithAssociativeArrayOfBadCode()
|
||||
{
|
||||
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$badArray = ['foo' => $codeBefore1, 'bar' => $codeBefore2];
|
||||
Filter::XSSFilter($badArray);
|
||||
|
||||
$this->assertEquals($codeAfter, $badArray['foo']);
|
||||
$this->assertEquals($codeAfter, $badArray['bar']);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithSimpleObject_byref()
|
||||
{
|
||||
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
$integerBefore = 123;
|
||||
$integerAfter = 123;
|
||||
|
||||
$object = new stdClass();
|
||||
$object->int = $integerBefore;
|
||||
$object->str = 'foo';
|
||||
$object->badstr = $codeBefore;
|
||||
|
||||
Filter::XSSFilter($object);
|
||||
|
||||
$this->assertEquals('foo', $object->str);
|
||||
$this->assertEquals($integerAfter, $object->int);
|
||||
$this->assertEquals($codeAfter, $object->badstr);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithSimpleObject_return()
|
||||
{
|
||||
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
$integerBefore = 123;
|
||||
$integerAfter = 123;
|
||||
|
||||
$object = new stdClass();
|
||||
$object->str = 'foo';
|
||||
$object->badstr = $codeBefore;
|
||||
|
||||
$this->assertEquals($codeAfter, Filter::XSSFilter($object)->badstr);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithObjectContainingArray_byref()
|
||||
{
|
||||
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$badArray = ['foo' => 'bar', 'bad1' => $codeBefore1, 'bad2' => $codeBefore2];
|
||||
$object = new stdClass();
|
||||
$object->badArray = $badArray;
|
||||
|
||||
Filter::XSSFilter($object);
|
||||
|
||||
$this->assertEquals('bar', $object->badArray['foo']);
|
||||
$this->assertEquals($codeAfter, $object->badArray['bad1']);
|
||||
$this->assertEquals($codeAfter, $object->badArray['bad2']);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithObjectContainingArray_return()
|
||||
{
|
||||
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$badArray = ['foo' => 'bar', 'bad' => $codeBefore];
|
||||
$object = new stdClass();
|
||||
$object->badArray = $badArray;
|
||||
|
||||
$this->assertEquals($codeAfter, Filter::XSSFilter($object)->badArray['bad']);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithObjectContainingObject_byref()
|
||||
{
|
||||
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
|
||||
$object = new stdClass();
|
||||
$object->badStr = $codeBefore1;
|
||||
|
||||
$childObject = new stdClass();
|
||||
$childObject->badStr = $codeBefore2;
|
||||
|
||||
$object->badObject = $childObject;
|
||||
|
||||
Filter::XSSFilter($object);
|
||||
|
||||
$this->assertEquals($codeAfter, $object->badStr);
|
||||
$this->assertEquals($codeAfter, $object->badObject->badStr);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithObjectContainingObject_return()
|
||||
{
|
||||
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$object = new stdClass();
|
||||
$childObject = new stdClass();
|
||||
$childObject->badStr = $codeBefore;
|
||||
$object->badObject = $childObject;
|
||||
|
||||
$this->assertEquals($codeAfter, Filter::XSSFilter($object)->badObject->badStr);
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* For every type other than strings or arrays, the method should return the untouched passed argument
|
||||
*/
|
||||
public function testXSSFilterWithNonStringOrArrayArguments()
|
||||
{
|
||||
$integerBefore = 123;
|
||||
$integerAfter = 123;
|
||||
$arrayBefore = [1, 2, 3];
|
||||
$arrayAfter = [1, 2, 3];
|
||||
$floatsBefore = 17.001;
|
||||
$floatsAfter = 17.001;
|
||||
$null = null;
|
||||
|
||||
Filter::XSSFilter($integerBefore);
|
||||
Filter::XSSFilter($arrayBefore);
|
||||
Filter::XSSFilter($floatsBefore);
|
||||
Filter::XSSFilter($null);
|
||||
|
||||
$this->assertEquals($integerAfter, $integerBefore);
|
||||
$this->assertEquals($arrayBefore, $arrayAfter);
|
||||
$this->assertEquals($floatsBefore, $floatsAfter);
|
||||
$this->assertNull($null);
|
||||
}
|
||||
|
||||
/**
|
||||
* For every type other than strings or arrays, the method should return the untouched passed argument
|
||||
*/
|
||||
public function testXSSFilterWithNonStringOrArrayArguments_return()
|
||||
{
|
||||
$integerBefore = 123;
|
||||
$integerAfter = 123;
|
||||
$arrayBefore = [1, 2, 3];
|
||||
$arrayAfter = [1, 2, 3];
|
||||
$floatsBefore = 17.001;
|
||||
$floatsAfter = 17.001;
|
||||
$null = null;
|
||||
|
||||
$this->assertEquals($integerAfter, Filter::XSSFilter($integerBefore));
|
||||
$this->assertEquals($arrayBefore, Filter::XSSFilter($arrayBefore));
|
||||
$this->assertEquals($floatsBefore, Filter::XSSFilter($floatsBefore));
|
||||
$this->assertNull(Filter::XSSFilter($null));
|
||||
}
|
||||
|
||||
/**
|
||||
* For every type other than strings or arrays, the method should return the untouched passed argument
|
||||
*/
|
||||
public function testXSSFilterWithNonStringOrArrayArguments_byref()
|
||||
{
|
||||
$integerBefore = 123;
|
||||
$integerAfter = 123;
|
||||
$arrayBefore = [1, 2, 3];
|
||||
$arrayAfter = [1, 2, 3];
|
||||
$floatsBefore = 17.001;
|
||||
$floatsAfter = 17.001;
|
||||
$null = null;
|
||||
|
||||
Filter::XSSFilter($integerBefore);
|
||||
Filter::XSSFilter($arrayBefore);
|
||||
Filter::XSSFilter($floatsBefore);
|
||||
Filter::XSSFilter($null);
|
||||
|
||||
$this->assertEquals($integerAfter, $integerBefore);
|
||||
$this->assertEquals($arrayBefore, $arrayAfter);
|
||||
$this->assertEquals($floatsBefore, $floatsAfter);
|
||||
$this->assertNull($null);
|
||||
}
|
||||
|
||||
public function testXSSFilterWithComplexArrayOfBadCode()
|
||||
{
|
||||
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore3 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeBefore4 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
|
||||
$codeAfter = 'Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>';
|
||||
|
||||
$badObject = new stdClass();
|
||||
$badObject->badstr = $codeBefore4;
|
||||
|
||||
$badArray = [
|
||||
'foo',
|
||||
$codeBefore1,
|
||||
'bar',
|
||||
[
|
||||
'foo' => $codeBefore2,
|
||||
'bar' => $codeBefore3
|
||||
],
|
||||
$badObject
|
||||
];
|
||||
|
||||
Filter::XSSFilter($badArray);
|
||||
|
||||
$this->assertEquals('foo', $badArray[0]);
|
||||
$this->assertEquals($codeAfter, $badArray[1]);
|
||||
$this->assertEquals('bar', $badArray[2]);
|
||||
$this->assertEquals($codeAfter, $badArray[3]['foo']);
|
||||
$this->assertEquals($codeAfter, $badArray[3]['bar']);
|
||||
$this->assertEquals($codeAfter, $badArray[4]->badstr);
|
||||
}
|
||||
|
||||
}
|
||||
55
tests/core/RequestTest.php
Normal file
55
tests/core/RequestTest.php
Normal file
@@ -0,0 +1,55 @@
|
||||
<?php
|
||||
|
||||
class RequestTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* Testing the post() method of the Request class
|
||||
*/
|
||||
public function testPost()
|
||||
{
|
||||
$_POST["test"] = 22;
|
||||
$this->assertEquals(22, Request::post('test'));
|
||||
$this->assertEquals(null, Request::post('not_existing_key'));
|
||||
|
||||
// test trim & strip_tags: Method is used with second argument "true", triggering a cleaning of the input
|
||||
$_POST["attacker_string"] = ' <script>alert("yo!");</script> ';
|
||||
$this->assertEquals('alert("yo!");', Request::post('attacker_string', true));
|
||||
}
|
||||
|
||||
/**
|
||||
* Testing the postCheckbox() method of the Request class
|
||||
*/
|
||||
public function testPostCheckbox()
|
||||
{
|
||||
// Weird side-fact: a checked checkbox that has no manually set value will mostly contain 'on' as the default
|
||||
// value in most modern browsers btw, so it makes sense to test this
|
||||
$_POST['checkboxName'] = 'on';
|
||||
$this->assertEquals(1, Request::postCheckbox('checkboxName'));
|
||||
|
||||
$_POST['checkboxName'] = 1;
|
||||
$this->assertEquals(1, Request::postCheckbox('checkboxName'));
|
||||
|
||||
$_POST['checkboxName'] = null;
|
||||
$this->assertEquals(null, Request::postCheckbox('checkboxName'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Testing the get() method of the Request class
|
||||
*/
|
||||
public function testGet()
|
||||
{
|
||||
$_GET["test"] = 33;
|
||||
$this->assertEquals(33, Request::get('test'));
|
||||
$this->assertEquals(null, Request::get('not_existing_key'));
|
||||
}
|
||||
|
||||
/**
|
||||
* Testing the cookie() method of the Request class
|
||||
*/
|
||||
public function testCookie()
|
||||
{
|
||||
$_COOKIE["test"] = 44;
|
||||
$this->assertEquals(44, Request::cookie('test'));
|
||||
$this->assertEquals(null, Request::cookie('not_existing_key'));
|
||||
}
|
||||
}
|
||||
28
tests/core/TextTest.php
Normal file
28
tests/core/TextTest.php
Normal file
@@ -0,0 +1,28 @@
|
||||
<?php
|
||||
|
||||
class TextTest extends PHPUnit_Framework_TestCase
|
||||
{
|
||||
/**
|
||||
* When argument is existing key, then existing value should be returned
|
||||
*/
|
||||
public function testGet()
|
||||
{
|
||||
$this->assertEquals("The username or password is incorrect. Please try again.", Text::get('FEEDBACK_USERNAME_OR_PASSWORD_WRONG'));
|
||||
}
|
||||
|
||||
/**
|
||||
* When argument is null, should return null
|
||||
*/
|
||||
public function testGetWithNullKey()
|
||||
{
|
||||
$this->assertEquals(null, Text::get(null));
|
||||
}
|
||||
|
||||
/**
|
||||
* When key does not exist in text data file, should return null
|
||||
*/
|
||||
public function testGetWithNonExistingKey()
|
||||
{
|
||||
$this->assertEquals(null, Text::get('XXX'));
|
||||
}
|
||||
}
|
||||
24
tests/phpunit.xml
Normal file
24
tests/phpunit.xml
Normal file
@@ -0,0 +1,24 @@
|
||||
<?xml version="1.0" encoding="UTF-8"?>
|
||||
<phpunit backupGlobals="false"
|
||||
backupStaticAttributes="false"
|
||||
bootstrap="../vendor/autoload.php"
|
||||
colors="true"
|
||||
convertErrorsToExceptions="true"
|
||||
convertNoticesToExceptions="true"
|
||||
convertWarningsToExceptions="true"
|
||||
processIsolation="false"
|
||||
stopOnFailure="false"
|
||||
syntaxCheck="false">
|
||||
<testsuites>
|
||||
<testsuite name="Core Suite">
|
||||
<directory>./core/</directory>
|
||||
</testsuite>
|
||||
</testsuites>
|
||||
<filter>
|
||||
<whitelist processUncoveredFilesFromWhitelist="true">
|
||||
<directory suffix=".php">../application/core</directory>
|
||||
<directory suffix=".php">../application/model</directory>
|
||||
<directory suffix=".php">../application/controller</directory>
|
||||
</whitelist>
|
||||
</filter>
|
||||
</phpunit>
|
||||
Reference in New Issue
Block a user