zanex/ITL-Huge
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

initial commit

Browse Source
This commit is contained in:
Elias F.
2025-11-24 14:06:57 +01:00
commit 4fce91b055
81 changed files with 7718 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

44
tests/core/ConfigTest.php Normal file
View File

@@ -0,0 +1,44 @@
<?php
class ConfigTest extends PHPUnit_Framework_TestCase
{
/*
* Create fake values, necessary to run the tests
*/
public function setUp()
{
$_SERVER['HTTP_HOST'] = 'localhost';
$_SERVER['SCRIPT_NAME'] = 'index.php';
Config::$config = null;
}
/**
* Reset everything
*/
public function tearDown()
{
putenv('APPLICATION_ENV=');
Config::$config = null;
}
/**
* Checks if the correct config file for an EXISTING environment / config is called.
*/
public function testGetDefaultEnvironment()
{
// manually set environment to "development"
putenv('APPLICATION_ENV=development');
// now get the default action to see if the correct config file (for development) is called
$this->assertEquals('index', Config::get('DEFAULT_ACTION'));
}
public function testGetFailingEnvironment()
{
// manually set environment to "foobar" (and non-existing environment)
putenv('APPLICATION_ENV=foobar');
// call for environment should return false because config.foobar.php does not exist
$this->assertEquals(false, Config::get('DEFAULT_ACTION'));
}
}

23
tests/core/EnvironmentTest.php Normal file
View File

@@ -0,0 +1,23 @@
<?php
class EnvironmentTest extends PHPUnit_Framework_TestCase
{
public function testGetDefault()
{
// call for environment should return "development"
$this->assertEquals('development', Environment::get());
}
public function testGetDevelopment()
{
putenv('APPLICATION_ENV=development');
// call for environment should return "development"
$this->assertEquals('development', Environment::get());
}
public function testGetProduction()
{
putenv('APPLICATION_ENV=production');
$this->assertEquals('production', Environment::get());
}
}

262
tests/core/FilterTest.php Normal file
View File

@@ -0,0 +1,262 @@
<?php
class FilterTest extends PHPUnit_Framework_TestCase
{
/**
* When string argument contains bad code the encoded (and therefore un-dangerous) string should be returned
*/
public function testXSSFilterWithBadCodeInString_byref()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
Filter::XSSFilter($codeBefore);
$this->assertEquals($codeAfter, $codeBefore);
}
/**
* When string argument contains bad code the encoded (and therefore un-dangerous) string should be returned
*/
public function testXSSFilterWithBadCodeInString_return()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$this->assertEquals($codeAfter, Filter::XSSFilter($codeBefore));
}
public function testXSSFilterWithArrayOfBadCode_byref()
{
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$badArray = [$codeBefore1, $codeBefore2];
Filter::XSSFilter($badArray);
$this->assertEquals($codeAfter, $badArray[0]);
$this->assertEquals($codeAfter, $badArray[1]);
}
public function testXSSFilterWithArrayOfBadCode_return()
{
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$badArray = [$codeBefore1, $codeBefore2];
$this->assertEquals($codeAfter, Filter::XSSFilter($badArray)[1]);
}
public function testXSSFilterWithAssociativeArrayOfBadCode()
{
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$badArray = ['foo' => $codeBefore1, 'bar' => $codeBefore2];
Filter::XSSFilter($badArray);
$this->assertEquals($codeAfter, $badArray['foo']);
$this->assertEquals($codeAfter, $badArray['bar']);
}
public function testXSSFilterWithSimpleObject_byref()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$integerBefore = 123;
$integerAfter = 123;
$object = new stdClass();
$object->int = $integerBefore;
$object->str = 'foo';
$object->badstr = $codeBefore;
Filter::XSSFilter($object);
$this->assertEquals('foo', $object->str);
$this->assertEquals($integerAfter, $object->int);
$this->assertEquals($codeAfter, $object->badstr);
}
public function testXSSFilterWithSimpleObject_return()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$integerBefore = 123;
$integerAfter = 123;
$object = new stdClass();
$object->str = 'foo';
$object->badstr = $codeBefore;
$this->assertEquals($codeAfter, Filter::XSSFilter($object)->badstr);
}
public function testXSSFilterWithObjectContainingArray_byref()
{
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$badArray = ['foo' => 'bar', 'bad1' => $codeBefore1, 'bad2' => $codeBefore2];
$object = new stdClass();
$object->badArray = $badArray;
Filter::XSSFilter($object);
$this->assertEquals('bar', $object->badArray['foo']);
$this->assertEquals($codeAfter, $object->badArray['bad1']);
$this->assertEquals($codeAfter, $object->badArray['bad2']);
}
public function testXSSFilterWithObjectContainingArray_return()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$badArray = ['foo' => 'bar', 'bad' => $codeBefore];
$object = new stdClass();
$object->badArray = $badArray;
$this->assertEquals($codeAfter, Filter::XSSFilter($object)->badArray['bad']);
}
public function testXSSFilterWithObjectContainingObject_byref()
{
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$object = new stdClass();
$object->badStr = $codeBefore1;
$childObject = new stdClass();
$childObject->badStr = $codeBefore2;
$object->badObject = $childObject;
Filter::XSSFilter($object);
$this->assertEquals($codeAfter, $object->badStr);
$this->assertEquals($codeAfter, $object->badObject->badStr);
}
public function testXSSFilterWithObjectContainingObject_return()
{
$codeBefore = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$object = new stdClass();
$childObject = new stdClass();
$childObject->badStr = $codeBefore;
$object->badObject = $childObject;
$this->assertEquals($codeAfter, Filter::XSSFilter($object)->badObject->badStr);
}
/**
* For every type other than strings or arrays, the method should return the untouched passed argument
*/
public function testXSSFilterWithNonStringOrArrayArguments()
{
$integerBefore = 123;
$integerAfter = 123;
$arrayBefore = [1, 2, 3];
$arrayAfter = [1, 2, 3];
$floatsBefore = 17.001;
$floatsAfter = 17.001;
$null = null;
Filter::XSSFilter($integerBefore);
Filter::XSSFilter($arrayBefore);
Filter::XSSFilter($floatsBefore);
Filter::XSSFilter($null);
$this->assertEquals($integerAfter, $integerBefore);
$this->assertEquals($arrayBefore, $arrayAfter);
$this->assertEquals($floatsBefore, $floatsAfter);
$this->assertNull($null);
}
/**
* For every type other than strings or arrays, the method should return the untouched passed argument
*/
public function testXSSFilterWithNonStringOrArrayArguments_return()
{
$integerBefore = 123;
$integerAfter = 123;
$arrayBefore = [1, 2, 3];
$arrayAfter = [1, 2, 3];
$floatsBefore = 17.001;
$floatsAfter = 17.001;
$null = null;
$this->assertEquals($integerAfter, Filter::XSSFilter($integerBefore));
$this->assertEquals($arrayBefore, Filter::XSSFilter($arrayBefore));
$this->assertEquals($floatsBefore, Filter::XSSFilter($floatsBefore));
$this->assertNull(Filter::XSSFilter($null));
}
/**
* For every type other than strings or arrays, the method should return the untouched passed argument
*/
public function testXSSFilterWithNonStringOrArrayArguments_byref()
{
$integerBefore = 123;
$integerAfter = 123;
$arrayBefore = [1, 2, 3];
$arrayAfter = [1, 2, 3];
$floatsBefore = 17.001;
$floatsAfter = 17.001;
$null = null;
Filter::XSSFilter($integerBefore);
Filter::XSSFilter($arrayBefore);
Filter::XSSFilter($floatsBefore);
Filter::XSSFilter($null);
$this->assertEquals($integerAfter, $integerBefore);
$this->assertEquals($arrayBefore, $arrayAfter);
$this->assertEquals($floatsBefore, $floatsAfter);
$this->assertNull($null);
}
public function testXSSFilterWithComplexArrayOfBadCode()
{
$codeBefore1 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore2 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore3 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeBefore4 = "Hello <script>var http = new XMLHttpRequest(); http.open('POST', 'example.com/my_account/delete.php', true);</script>";
$codeAfter = 'Hello &lt;script&gt;var http = new XMLHttpRequest(); http.open(&#039;POST&#039;, &#039;example.com/my_account/delete.php&#039;, true);&lt;/script&gt;';
$badObject = new stdClass();
$badObject->badstr = $codeBefore4;
$badArray = [
'foo',
$codeBefore1,
'bar',
[
'foo' => $codeBefore2,
'bar' => $codeBefore3
],
$badObject
];
Filter::XSSFilter($badArray);
$this->assertEquals('foo', $badArray[0]);
$this->assertEquals($codeAfter, $badArray[1]);
$this->assertEquals('bar', $badArray[2]);
$this->assertEquals($codeAfter, $badArray[3]['foo']);
$this->assertEquals($codeAfter, $badArray[3]['bar']);
$this->assertEquals($codeAfter, $badArray[4]->badstr);
}
}

55
tests/core/RequestTest.php Normal file
View File

@@ -0,0 +1,55 @@
<?php
class RequestTest extends PHPUnit_Framework_TestCase
{
/**
* Testing the post() method of the Request class
*/
public function testPost()
{
$_POST["test"] = 22;
$this->assertEquals(22, Request::post('test'));
$this->assertEquals(null, Request::post('not_existing_key'));
// test trim & strip_tags: Method is used with second argument "true", triggering a cleaning of the input
$_POST["attacker_string"] = ' <script>alert("yo!");</script> ';
$this->assertEquals('alert("yo!");', Request::post('attacker_string', true));
}
/**
* Testing the postCheckbox() method of the Request class
*/
public function testPostCheckbox()
{
// Weird side-fact: a checked checkbox that has no manually set value will mostly contain 'on' as the default
// value in most modern browsers btw, so it makes sense to test this
$_POST['checkboxName'] = 'on';
$this->assertEquals(1, Request::postCheckbox('checkboxName'));
$_POST['checkboxName'] = 1;
$this->assertEquals(1, Request::postCheckbox('checkboxName'));
$_POST['checkboxName'] = null;
$this->assertEquals(null, Request::postCheckbox('checkboxName'));
}
/**
* Testing the get() method of the Request class
*/
public function testGet()
{
$_GET["test"] = 33;
$this->assertEquals(33, Request::get('test'));
$this->assertEquals(null, Request::get('not_existing_key'));
}
/**
* Testing the cookie() method of the Request class
*/
public function testCookie()
{
$_COOKIE["test"] = 44;
$this->assertEquals(44, Request::cookie('test'));
$this->assertEquals(null, Request::cookie('not_existing_key'));
}
}

28
tests/core/TextTest.php Normal file
View File

@@ -0,0 +1,28 @@
<?php
class TextTest extends PHPUnit_Framework_TestCase
{
/**
* When argument is existing key, then existing value should be returned
*/
public function testGet()
{
$this->assertEquals("The username or password is incorrect. Please try again.", Text::get('FEEDBACK_USERNAME_OR_PASSWORD_WRONG'));
}
/**
* When argument is null, should return null
*/
public function testGetWithNullKey()
{
$this->assertEquals(null, Text::get(null));
}
/**
* When key does not exist in text data file, should return null
*/
public function testGetWithNonExistingKey()
{
$this->assertEquals(null, Text::get('XXX'));
}
}