diff options
| -rw-r--r-- | tests/Framework/Mime.php (renamed from tests/MailDecode.php) | 4 | ||||
| -rw-r--r-- | tests/Framework/Shared.php | 161 | ||||
| -rw-r--r-- | tests/Framework/Utils.php (renamed from tests/Utils.php) | 36 | ||||
| -rw-r--r-- | tests/Framework/VCard.php (renamed from tests/VCards.php) | 4 | ||||
| -rw-r--r-- | tests/ModCss.php | 39 | ||||
| -rw-r--r-- | tests/bootstrap.php | 2 | ||||
| -rw-r--r-- | tests/phpunit.xml | 9 |
7 files changed, 206 insertions, 49 deletions
diff --git a/tests/MailDecode.php b/tests/Framework/Mime.php index 7969603dd..dcd55992a 100644 --- a/tests/MailDecode.php +++ b/tests/Framework/Mime.php @@ -1,11 +1,11 @@ <?php /** - * Test class to test messages decoding functions + * Test class to test rcube_mime class * * @package Tests */ -class MailDecode extends PHPUnit_Framework_TestCase +class Framework_Mime extends PHPUnit_Framework_TestCase { /** diff --git a/tests/Framework/Shared.php b/tests/Framework/Shared.php new file mode 100644 index 000000000..d38fb03a3 --- /dev/null +++ b/tests/Framework/Shared.php @@ -0,0 +1,161 @@ +<?php + +/** + * Test class to test rcube_shared functions + * + * @package Tests + */ +class Framework_Shared extends PHPUnit_Framework_TestCase +{ + + /** + * rcube_shared.inc: in_array_nocase() + */ + function test_in_array_nocase() + { + $haystack = array('Test'); + $needle = 'test'; + $result = in_array_nocase($needle, $haystack); + + $this->assertTrue($result, $title); + + $result = in_array_nocase($needle, null); + + $this->assertFalse($result, $title); + } + + /** + * rcube_shared.inc: get_boolean() + */ + function test_get_boolean() + { + $input = array( + false, 'false', '0', 'no', 'off', 'nein', 'FALSE', '', null, + ); + + foreach ($input as $idx => $value) { + $this->assertFalse(get_boolean($value), "Invalid result for $idx test item"); + } + + $input = array( + true, 'true', '1', 1, 'yes', 'anything', 1000, + ); + + foreach ($input as $idx => $value) { + $this->assertTrue(get_boolean($value), "Invalid result for $idx test item"); + } + } + + /** + * rcube_shared.inc: parse_bytes() + */ + function test_parse_bytes() + { + $data = array( + '1' => 1, + '1024' => 1024, + '2k' => 2 * 1024, + '2 k' => 2 * 1024, + '2kb' => 2 * 1024, + '2kB' => 2 * 1024, + '2m' => 2 * 1048576, + '2 m' => 2 * 1048576, + '2mb' => 2 * 1048576, + '2mB' => 2 * 1048576, + '2g' => 2 * 1024 * 1048576, + '2 g' => 2 * 1024 * 1048576, + '2gb' => 2 * 1024 * 1048576, + '2gB' => 2 * 1024 * 1048576, + ); + + foreach ($data as $value => $expected) { + $result = parse_bytes($value); + $this->assertEquals($expected, $result, "Invalid parse_bytes() result for $value"); + } + } + + /** + * rcube_shared.inc: slashify() + */ + function test_slashify() + { + $data = array( + 'test' => 'test/', + 'test/' => 'test/', + '' => '/', + "\\" => "\\/", + ); + + foreach ($data as $value => $expected) { + $result = slashify($value); + $this->assertEquals($expected, $result, "Invalid slashify() result for $value"); + } + + } + + /** + * rcube_shared.inc: unslashify() + */ + function test_unslashify() + { + $data = array( + 'test' => 'test', + 'test/' => 'test', + '/' => '', + "\\/" => "\\", + 'test/test' => 'test/test', + 'test//' => 'test', + ); + + foreach ($data as $value => $expected) { + $result = unslashify($value); + $this->assertEquals($expected, $result, "Invalid unslashify() result for $value"); + } + + } + + /** + * rcube_shared.inc: get_offset_sec() + */ + function test_get_offset_sec() + { + $data = array( + '1s' => 1, + '1m' => 1 * 60, + '1h' => 1 * 60 * 60, + '1d' => 1 * 60 * 60 * 24, + '1w' => 1 * 60 * 60 * 24 * 7, + '1y' => (int) '1y', + 100 => 100, + '100' => 100, + ); + + foreach ($data as $value => $expected) { + $result = get_offset_sec($value); + $this->assertEquals($expected, $result, "Invalid get_offset_sec() result for $value"); + } + + } + + /** + * rcube_shared.inc: array_keys_recursive() + */ + function test_array_keys_recursive() + { + $input = array( + 'one' => array( + 'two' => array( + 'three' => array(), + 'four' => 'something', + ), + ), + 'five' => 'test', + ); + + $result = array_keys_recursive($input); + $input_str = 'one,two,three,four,five'; + $result_str = implode(',', $result); + + $this->assertEquals($input_str, $result_str, "Invalid array_keys_recursive() result"); + } +} diff --git a/tests/Utils.php b/tests/Framework/Utils.php index ad0aa1dde..b6cc5d577 100644 --- a/tests/Utils.php +++ b/tests/Framework/Utils.php @@ -5,7 +5,7 @@ * * @package Tests */ -class Utils extends PHPUnit_Framework_TestCase +class Framework_Utils extends PHPUnit_Framework_TestCase { /** @@ -82,4 +82,38 @@ class Utils extends PHPUnit_Framework_TestCase $this->assertFalse(rcube_utils::check_email($email, false), $title); } + /** + * rcube_utils::mod_css_styles() + */ + function test_mod_css_styles() + { + $css = file_get_contents(TESTS_DIR . 'src/valid.css'); + $mod = rcube_utils::mod_css_styles($css, 'rcmbody'); + + $this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition"); + $this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); + $this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); + $this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); + } + + /** + * rcube_utils::mod_css_styles() + */ + function test_mod_css_styles_xss() + { + $mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No url() values allowed"); + + $mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No import statements"); + + $mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No expression properties"); + + $mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks"); + + $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); + } } diff --git a/tests/VCards.php b/tests/Framework/VCard.php index e61dca934..a830c2cbc 100644 --- a/tests/VCards.php +++ b/tests/Framework/VCard.php @@ -5,12 +5,12 @@ * * @package Tests */ -class VCards extends PHPUnit_Framework_TestCase +class Framework_VCard extends PHPUnit_Framework_TestCase { function _srcpath($fn) { - return realpath(dirname(__FILE__) . '/src/' . $fn); + return realpath(dirname(__FILE__) . '/../src/' . $fn); } function test_parse_one() diff --git a/tests/ModCss.php b/tests/ModCss.php deleted file mode 100644 index 38cf84c9d..000000000 --- a/tests/ModCss.php +++ /dev/null @@ -1,39 +0,0 @@ -<?php - -/** - * Test class to test rcmail_mod_css_styles and XSS vulnerabilites - * - * @package Tests - */ -class ModCss extends PHPUnit_Framework_TestCase -{ - - function test_modcss() - { - $css = file_get_contents(TESTS_DIR . 'src/valid.css'); - $mod = rcmail_mod_css_styles($css, 'rcmbody'); - - $this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition"); - $this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); - $this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); - $this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); - } - - function test_xss() - { - $mod = rcmail_mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); - $this->assertEquals("/* evil! */", $mod, "No url() values allowed"); - - $mod = rcmail_mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); - $this->assertEquals("/* evil! */", $mod, "No import statements"); - - $mod = rcmail_mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); - $this->assertEquals("/* evil! */", $mod, "No expression properties"); - - $mod = rcmail_mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); - $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks"); - - $mod = rcmail_mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); - $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); - } -} diff --git a/tests/bootstrap.php b/tests/bootstrap.php index b32112592..a9e25610c 100644 --- a/tests/bootstrap.php +++ b/tests/bootstrap.php @@ -31,3 +31,5 @@ if (@is_dir(TESTS_DIR . 'config')) { } require_once(INSTALL_PATH . 'program/include/iniset.php'); + +rcmail::get_instance()->config->set('devel_mode', false); diff --git a/tests/phpunit.xml b/tests/phpunit.xml index d6212f458..1bde91be1 100644 --- a/tests/phpunit.xml +++ b/tests/phpunit.xml @@ -3,13 +3,12 @@ colors="true"> <testsuites> <testsuite name="All Tests"> + <file>Framework/Mime.php</file> + <file>Framework/Shared.php</file> + <file>Framework/Utils.php</file> + <file>Framework/VCard.php</file> <file>HtmlToText.php</file> - <file>MailDecode.php</file> <file>MailFunc.php</file> - <file>ModCss.php</file> - <file>Shared.php</file> - <file>Utils.php</file> - <file>VCards.php</file> </testsuite> </testsuites> </phpunit> |