diff options
| author | Mario <mario@mariovavti.com> | 2023-12-20 10:27:56 +0000 |
|---|---|---|
| committer | Mario <mario@mariovavti.com> | 2023-12-20 10:27:56 +0000 |
| commit | b15e521b0eebba7001dc87be0bc9fe0cee19aa23 (patch) | |
| tree | 80ad23fd442ba5f7d7b3a6386b658b37569965aa /tests/unit/Lib/ConfigTest.php | |
| parent | 63c401e6d63e166ff8f545f06aa55503882871bb (diff) | |
| parent | 9c184ddfd0e986af7bb99a45a3c7c8f1bf616035 (diff) | |
| download | volse-hubzilla-b15e521b0eebba7001dc87be0bc9fe0cee19aa23.tar.gz volse-hubzilla-b15e521b0eebba7001dc87be0bc9fe0cee19aa23.tar.bz2 volse-hubzilla-b15e521b0eebba7001dc87be0bc9fe0cee19aa23.zip | |
Merge branch 'fix-config-deserialization' into 'dev'
Fix deserialization of config values broken by 69266cd6.
See merge request hubzilla/core!2077
Diffstat (limited to 'tests/unit/Lib/ConfigTest.php')
| -rw-r--r-- | tests/unit/Lib/ConfigTest.php | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/tests/unit/Lib/ConfigTest.php b/tests/unit/Lib/ConfigTest.php new file mode 100644 index 000000000..a8ae3631b --- /dev/null +++ b/tests/unit/Lib/ConfigTest.php @@ -0,0 +1,61 @@ +<?php +declare(strict_types=1); + +/** + * Tests for the Zotlabs\Lib\Config class. + * + * Until we have database testing in place, we can only test the Congig::Get + * method for now. This should be improved once the database test framework is + * merged. + */ +class ConfigTest extends Zotlabs\Tests\Unit\UnitTestCase { + /* + * Hardcode a config that we can test against, and that we can + * reuse in all the test cases. + */ + public function setUp(): void { + \App::$config = array( + 'test' => array ( + 'plain' => 'plain value', + 'php-array' => 'a:3:{i:0;s:3:"one";i:1;s:3:"two";i:2;s:5:"three";}', + 'json-array' => 'json:["one","two","three"]', + 'object-injection' => 'a:1:{i:0;O:18:"Zotlabs\Lib\Config":0:{}}', + 'config_loaded' => true, + ), + ); + } + + public function testGetPlainTextValue(): void { + $this->assertEquals( + Zotlabs\Lib\Config::Get('test', 'plain'), + 'plain value' + ); + } + + public function testGetJSONSerializedArray(): void { + $this->assertEquals( + Zotlabs\Lib\Config::Get('test', 'json-array'), + array('one', 'two', 'three') + ); + } + + /* + * Test that we can retreive old style serialized arrays that were + * serialized with th PHP `serialize()` function. + */ + public function testGetPHPSerializedArray(): void { + $this->assertEquals( + Zotlabs\Lib\Config::Get('test', 'php-array'), + array('one', 'two', 'three') + ); + } + + /* + * Make sure we're not vulnerable to PHP Object injection attacks when + * using the PHP `unserialize()` function. + */ + public function testGetMaliciousPHPSerializedArray(): void { + $value = Zotlabs\Lib\Config::Get('test', 'object-injection'); + $this->assertEquals($value[0]::class, '__PHP_Incomplete_Class'); + } +} |