diff options
| author | Alexander Kampmann <programmer@nurfuerspam.de> | 2012-03-08 17:43:12 +0100 |
|---|---|---|
| committer | Alexander Kampmann <programmer@nurfuerspam.de> | 2012-03-08 17:43:12 +0100 |
| commit | 185fcd0701946babf61066b49582225286061563 (patch) | |
| tree | 16ec2814f981182897ba5a705bb0269dfd573a8d /tests/xss_filter_test.php | |
| parent | 4690d00141352db8ca96359cbbf65ce6eb4345c4 (diff) | |
| download | volse-hubzilla-185fcd0701946babf61066b49582225286061563.tar.gz volse-hubzilla-185fcd0701946babf61066b49582225286061563.tar.bz2 volse-hubzilla-185fcd0701946babf61066b49582225286061563.zip | |
better tests
Diffstat (limited to 'tests/xss_filter_test.php')
| -rw-r--r-- | tests/xss_filter_test.php | 217 |
1 files changed, 217 insertions, 0 deletions
diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php new file mode 100644 index 000000000..e480ef7ec --- /dev/null +++ b/tests/xss_filter_test.php @@ -0,0 +1,217 @@ +<?php +/** +* Tests, without pHPUnit by now +* @package test.util +*/ + +require_once('include/text.php'); + +class AntiXSSTest extends PHPUnit_Framework_TestCase { + +/** +* test no tags +*/ + public function testEscapeTags() { + $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />'; + + $validstring=notags($invalidstring); + $escapedString=escape_tags($invalidstring); + + $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring); + $this->assertEquals("<submit type="button" onclick="alert('failed!');" />", $escapedString); + } + + /** + *autonames should be random, even length + */ + public function testAutonameEven() { + $autoname1=autoname(10); + $autoname2=autoname(10); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + *autonames should be random, odd length + */ + public function testAutonameOdd() { + $autoname1=autoname(9); + $autoname2=autoname(9); + + $this->assertNotEquals($autoname1, $autoname2); + } + + /** + * try to fail autonames + */ + public function testAutonameNoLength() { + $autoname1=autoname(0); + $this->assertEquals(0, count($autoname1)); + } + + public function testAutonameNegativeLength() { + $autoname1=autoname(-23); + $this->assertEquals(0, count($autoname1)); + } + +// public function testAutonameMaxLength() { +// $autoname2=autoname(PHP_INT_MAX); +// $this->assertEquals(PHP_INT_MAX, count($autoname2)); +// } + + public function testAutonameLength1() { + $autoname3=autoname(1); + $this->assertEquals(1, count($autoname3)); + } + + /** + *xmlify and unxmlify + */ + public function testXmlify() { + $text="<tag>I want to break\n this!11!<?hard?></tag>"; + $xml=xmlify($text); //test whether it actually may be part of a xml document + $retext=unxmlify($text); + + $this->assertEquals($text, $retext); + } + + /** + * test hex2bin and reverse + */ + + public function testHex2Bin() { + $this->assertEquals(-3, hex2bin(bin2hex(-3))); + $this->assertEquals(0, hex2bin(bin2hex(0))); + $this->assertEquals(12, hex2bin(bin2hex(12))); + $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX))); + } + + /** + * test expand_acl + */ + public function testExpandAclNormal() { + $text="<1><2><3>"; + $this->assertEquals(array(1, 2, 3), expand_acl($text)); + } + + public function testExpandAclBigNumber() { + $text="<1><279012><15>"; + $this->assertEquals(array(1, 279012, 15), expand_acl($text)); + } + + public function testExpandAclString() { + $text="<1><279012><tt>"; //maybe that's invalid + $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text)); + } + + public function testExpandAclSpace() { + $text="<1><279 012><32>"; //maybe that's invalid + $this->assertEquals(array(1, "279 012", "32"), expand_acl($text)); + } + + public function testExpandAclEmpty() { + $text=""; //maybe that's invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoBrackets() { + $text="According to documentation, that's invalid. "; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclJustOneBracket1() { + $text="<Another invalid string"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclJustOneBracket2() { + $text="Another invalid> string"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclCloseOnly() { + $text="Another> invalid> string>"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclOpenOnly() { + $text="<Another< invalid string<"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoMatching1() { + $text="<Another<> invalid <string>"; //should be invalid + $this->assertEquals(array(), expand_acl($text)); + } + + public function testExpandAclNoMatching2() { + $text="<1>2><3>"; + $this->assertEquals(array(), expand_acl($text)); + } + + /** + * test attribute contains + */ + public function testAttributeContains1() { + $testAttr="class1 notclass2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test attribute contains + */ + public function testAttributeContains2() { + $testAttr="class1 not-class2 class3"; + $this->assertTrue(attribute_contains($testAttr, "class3")); + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + public function testAttributeContainsEmpty() { + $testAttr=""; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + public function testAttributeContainsSpecialChars() { + $testAttr="--... %\$รค() /(=?}"; + $this->assertFalse(attribute_contains($testAttr, "class2")); + } + + /** + * test get_tags + */ + public function testGetTags() { + $text="hi @Mike, I'm just writing #test_cases, " + ." so @somebody@friendica.com may change #things. Of course I " + ."look for a lot of #pitfalls, like #tags at the end of a sentence " + ."@comment. I hope noone forgets about @fullstops.because that might" + ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? " + ."Now, add a @first_last tag. "; + //check whether this are all variants (no, auto-stuff is missing). + + $tags=get_tags($text); + + $this->assertEquals("@Mike", $tags[0]); + $this->assertEquals("#test_cases", $tags[1]); + $this->assertEquals("@somebody@friendica.com", $tags[2]); + $this->assertEquals("#things", $tags[3]); + $this->assertEquals("#pitfalls", $tags[4]); + $this->assertEquals("#tags", $tags[5]); + $this->assertEquals("@comment", $tags[6]); + $this->assertEquals("@fullstops", $tags[7]); + $this->assertEquals("#things", $tags[8]); + $this->assertEquals("@Mike", $tags[9]); + $this->assertEquals("@campino@friendica.eu", $tags[10]); + $this->assertEquals("#nice", $tags[11]); + $this->assertEquals("@first_last", $tags[12]); + } + + public function testGetTagsEmpty() { + $tags=get_tags(""); + $this->assertEquals(0, count($tags)); + } +//function qp, quick and dirty?? +//get_mentions +//get_contact_block, bis Zeile 538 +} +?> |