From 9b05f19338e209f05386e5b13fe0a704c94062bb Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Mon, 27 Aug 2012 08:45:13 +0200 Subject: Restructured tests --- tests/Framework/Utils.php | 119 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 119 insertions(+) create mode 100644 tests/Framework/Utils.php (limited to 'tests/Framework/Utils.php') diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php new file mode 100644 index 000000000..b6cc5d577 --- /dev/null +++ b/tests/Framework/Utils.php @@ -0,0 +1,119 @@ +', 'Encoded html within email is invalid'), + array('email.domain.com', 'Missing @'), + array('email@domain@domain.com', 'Two @ sign'), + array('.email@domain.com', 'Leading dot in address is not allowed'), + array('email.@domain.com', 'Trailing dot in address is not allowed'), + array('email..email@domain.com', 'Multiple dots'), + array('あいうえお@domain.com', 'Unicode char as address'), + array('email@domain.com (Joe Smith)', 'Text followed email is not allowed'), + array('email@domain', 'Missing top level domain (.com/.net/.org/etc)'), + array('email@-domain.com', 'Leading dash in front of domain is invalid'), +// array('email@domain.web', '.web is not a valid top level domain'), + array('email@123.123.123.123', 'IP address without brackets'), + array('email@2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets'), + array('email@IPv6:2001:2d12:c4fe:5afe::1', 'IPv6 address without brackets (2)'), + array('email@[111.222.333.44444]', 'Invalid IP format'), + array('email@[111.222.255.257]', 'Invalid IP format (2)'), + array('email@[.222.255.257]', 'Invalid IP format (3)'), + array('email@[::1]', 'Invalid IPv6 format (1)'), + array('email@[IPv6:2001:23x2:1]', 'Invalid IPv6 format (2)'), + array('email@[IPv6:1111:2222:33333::4444:5555]', 'Invalid IPv6 format (3)'), + array('email@[IPv6:1111::3333::4444:5555]', 'Invalid IPv6 format (4)'), + array('email@domain..com', 'Multiple dot in the domain portion is invalid'), + ); + } + + /** + * @dataProvider data_valid_email + */ + function test_valid_email($email, $title) + { + $this->assertTrue(rcube_utils::check_email($email, false), $title); + } + + /** + * @dataProvider data_invalid_email + */ + function test_invalid_email($email, $title) + { + $this->assertFalse(rcube_utils::check_email($email, false), $title); + } + + /** + * rcube_utils::mod_css_styles() + */ + function test_mod_css_styles() + { + $css = file_get_contents(TESTS_DIR . 'src/valid.css'); + $mod = rcube_utils::mod_css_styles($css, 'rcmbody'); + + $this->assertRegExp('/#rcmbody\s+\{/', $mod, "Replace body style definition"); + $this->assertRegExp('/#rcmbody h1\s\{/', $mod, "Prefix tag styles (single)"); + $this->assertRegExp('/#rcmbody h1, #rcmbody h2, #rcmbody h3, #rcmbody textarea\s+\{/', $mod, "Prefix tag styles (multiple)"); + $this->assertRegExp('/#rcmbody \.noscript\s+\{/', $mod, "Prefix class styles"); + } + + /** + * rcube_utils::mod_css_styles() + */ + function test_mod_css_styles_xss() + { + $mod = rcube_utils::mod_css_styles("body.main2cols { background-image: url('../images/leftcol.png'); }", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No url() values allowed"); + + $mod = rcube_utils::mod_css_styles("@import url('http://localhost/somestuff/css/master.css');", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No import statements"); + + $mod = rcube_utils::mod_css_styles("left:expression(document.body.offsetWidth-20)", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "No expression properties"); + + $mod = rcube_utils::mod_css_styles("left:exp/* */ression( alert('xss3') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks"); + + $mod = rcube_utils::mod_css_styles("background:\\0075\\0072\\006c( javascript:alert('xss') )", 'rcmbody'); + $this->assertEquals("/* evil! */", $mod, "Don't allow encoding quirks (2)"); + } +} -- cgit v1.2.3 From a65ce5d3b07deb578cc4c4aba5695bcea8c07a87 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Mon, 27 Aug 2012 12:23:30 +0200 Subject: Rename ip_check to check_ip, add IP checking tests --- program/include/rcube_utils.php | 4 ++-- tests/Framework/Utils.php | 47 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 49 insertions(+), 2 deletions(-) (limited to 'tests/Framework/Utils.php') diff --git a/program/include/rcube_utils.php b/program/include/rcube_utils.php index defb2aed1..aa748dc7f 100644 --- a/program/include/rcube_utils.php +++ b/program/include/rcube_utils.php @@ -94,7 +94,7 @@ class rcube_utils // Validate domain part if (preg_match('/^\[((IPv6:[0-9a-f:.]+)|([0-9.]+))\]$/i', $domain_part, $matches)) { - return self::ip_check(preg_replace('/^IPv6:/i', '', $matches[1])); // valid IPv4 or IPv6 address + return self::check_ip(preg_replace('/^IPv6:/i', '', $matches[1])); // valid IPv4 or IPv6 address } else { // If not an IP address @@ -154,7 +154,7 @@ class rcube_utils * * @return bool True if the address is valid */ - public static function ip_check($ip) + public static function check_ip($ip) { // IPv6, but there's no build-in IPv6 support if (strpos($ip, ':') !== false && !defined('AF_INET6')) { diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php index b6cc5d577..503b69a4a 100644 --- a/tests/Framework/Utils.php +++ b/tests/Framework/Utils.php @@ -82,6 +82,53 @@ class Framework_Utils extends PHPUnit_Framework_TestCase $this->assertFalse(rcube_utils::check_email($email, false), $title); } + /** + * Valid IP addresses for test_valid_ip() + */ + function data_valid_ip() + { + return array( + array('0.0.0.0'), + array('123.123.123.123'), + array('::'), + array('::1'), + array('::1.2.3.4'), + array('2001:2d12:c4fe:5afe::1'), + ); + } + + /** + * Valid IP addresses for test_invalid_ip() + */ + function data_invalid_ip() + { + return array( + array(''), + array(0), + array('123.123.123.1234'), + array('1.1.1.1.1'), + array('::1.2.3.260'), + array('::1.0'), + array('2001::c4fe:5afe::1'), + ); + } + + /** + * @dataProvider data_valid_ip + */ + function test_valid_ip($ip) + { + $this->assertTrue(rcube_utils::check_ip($ip)); + } + + /** + * @dataProvider data_invalid_ip + */ + function test_invalid_ip($ip) + { + $this->assertFalse(rcube_utils::check_ip($ip)); + } + /** * rcube_utils::mod_css_styles() */ -- cgit v1.2.3 From 5f8097b9eba09302be561d67ce035275494043e3 Mon Sep 17 00:00:00 2001 From: Aleksander Machniak Date: Mon, 27 Aug 2012 12:55:58 +0200 Subject: Added tests for specialchars quoting --- tests/Framework/Html.php | 26 ++++++++++++++++++++++++++ tests/Framework/Utils.php | 30 ++++++++++++++++++++++++++++++ 2 files changed, 56 insertions(+) (limited to 'tests/Framework/Utils.php') diff --git a/tests/Framework/Html.php b/tests/Framework/Html.php index 107f82805..8a27baca8 100644 --- a/tests/Framework/Html.php +++ b/tests/Framework/Html.php @@ -17,4 +17,30 @@ class Framework_Html extends PHPUnit_Framework_TestCase $this->assertInstanceOf('html', $object, "Class constructor"); } + + /** + * Data for test_quote() + */ + function data_quote() + { + return array( + array('abc', 'abc'), + array('?', '?'), + array('"', '"'), + array('<', '<'), + array('>', '>'), + array('&', '&'), + array('&', '&amp;'), + array('&', '&', true), + ); + } + + /** + * Test for quote() + * @dataProvider data_quote + */ + function test_quote($str, $result, $validate = false) + { + $this->assertEquals(html::quote($str, $validate), $result); + } } diff --git a/tests/Framework/Utils.php b/tests/Framework/Utils.php index 503b69a4a..e58835956 100644 --- a/tests/Framework/Utils.php +++ b/tests/Framework/Utils.php @@ -129,6 +129,36 @@ class Framework_Utils extends PHPUnit_Framework_TestCase $this->assertFalse(rcube_utils::check_ip($ip)); } + /** + * Data for test_rep_specialchars_output() + */ + function data_rep_specialchars_output() + { + return array( + array('', '', 'abc', 'abc'), + array('', '', '?', '?'), + array('', '', '"', '"'), + array('', '', '<', '<'), + array('', '', '>', '>'), + array('', '', '&', '&'), + array('', '', '&', '&amp;'), + array('', '', '', '<a>'), + array('', 'remove', '', ''), + ); + } + + /** + * Test for rep_specialchars_output + * @dataProvider data_rep_specialchars_output + */ + function test_rep_specialchars_output($type, $mode, $str, $res) + { + $result = rcube_utils::rep_specialchars_output( + $str, $type ? $type : 'html', $mode ? $mode : 'strict'); + + $this->assertEquals($result, $res); + } + /** * rcube_utils::mod_css_styles() */ -- cgit v1.2.3