aboutsummaryrefslogblamecommitdiffstats
path: root/tests/unit/Lib/ConfigTest.php
blob: c853cdd8705d66e76a73ab3904286e5dfb6ea862 (plain) (tree)





















                                                                                                    
                                                                                






























                                                                          

                                                                          








                                                                              







                                                                                
<?php
declare(strict_types=1);

/**
 * Tests for the Zotlabs\Lib\Config class.
 *
 * Until we have database testing in place, we can only test the Congig::Get
 * method for now. This should be improved once the database test framework is
 * merged.
 */
class ConfigTest extends Zotlabs\Tests\Unit\UnitTestCase {
	/*
	 * Hardcode a config that we can test against, and that we can
	 * reuse in all the test cases.
	 */
	public function setUp(): void {
		\App::$config = array(
			'test' => array (
				'plain' => 'plain value',
				'php-array' => 'a:3:{i:0;s:3:"one";i:1;s:3:"two";i:2;s:5:"three";}',
				'json-array' => 'json:["one","two","three"]',
				'object-injection' => 'a:1:{i:0;O:18:"Zotlabs\Lib\Config":0:{}}',
				'unserialized-array' => ['one', 'two', 'three'],
				'config_loaded' => true,
			),
		);
	}

	public function testGetPlainTextValue(): void {
		$this->assertEquals(
			Zotlabs\Lib\Config::Get('test', 'plain'),
			'plain value'
		);
	}

	public function testGetJSONSerializedArray(): void {
		$this->assertEquals(
			Zotlabs\Lib\Config::Get('test', 'json-array'),
			array('one', 'two', 'three')
		);
	}

	/*
	 * Test that we can retreive old style serialized arrays that were
	 * serialized with th PHP `serialize()` function.
	 */
	public function testGetPHPSerializedArray(): void {
		$this->assertEquals(
			Zotlabs\Lib\Config::Get('test', 'php-array'),
			array('one', 'two', 'three')
		);
	}

	/*
	 * Test that we can retreive unserialized arrays which are usually
	 * returned from the existing config cache.
	 */
	public function testGetPHPUnserializedArray(): void {
		$this->assertEquals(
			Zotlabs\Lib\Config::Get('test', 'unserialized-array'),
			array('one', 'two', 'three')
		);
	}

	/*
	 * Make sure we're not vulnerable to PHP Object injection attacks when
	 * using the PHP `unserialize()` function.
	 */
	public function testGetMaliciousPHPSerializedArray(): void {
		$value = Zotlabs\Lib\Config::Get('test', 'object-injection');
		$this->assertEquals($value[0]::class, '__PHP_Incomplete_Class');
	}
}