aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
-rw-r--r--build.xml52
-rw-r--r--tests/xss_filter_test.php217
-rw-r--r--tests/xss_filter_tests.php140
3 files changed, 265 insertions, 144 deletions
diff --git a/build.xml b/build.xml
index 83c530026..0f5745072 100644
--- a/build.xml
+++ b/build.xml
@@ -1,14 +1,58 @@
<?xml version="1.0" encoding="UTF-8"?>
<project name="friendica" default="test">
-
+ <!-- set up include directories, this is necessary for the tests to work -->
+ <php>
+ set_include_path(
+ get_include_path() . PATH_SEPARATOR
+ . 'include' . PATH_SEPARATOR
+ . 'library' . PATH_SEPARATOR
+ . 'library/phpsec' . PATH_SEPARATOR
+ . '.' );
+ </php>
+
+ <!-- ====================================================== -->
+ <!-- Target: clean-test -->
+ <!-- deletes directories with old test reports -->
+ <!-- ====================================================== -->
+ <target name="clean-test">
+ <delete dir="report" />
+ </target>
+
+ <!-- ====================================================== -->
+ <!-- Target: prepare-test -->
+ <!-- creates directories for test reports -->
+ <!-- ====================================================== -->
+ <target name="prepare-test" depends="clean-test">
+ <mkdir dir="report" />
+ </target>
+
<!-- =================================== -->
<!-- Target: test -->
<!-- this target runs all test files -->
<!-- =================================== -->
-
- <target name="test">
- <!-- there are no tests by now, so, nothing to do -->
+ <target name="test" depends="prepare-test">
+ <coverage-setup database="./report/coverage-database">
+ <fileset dir=".">
+ <include name="**/*.php" />
+ <exclude name="*test.php"/>
+ <exclude name="./index.php"/>
+ <exclude name="./library/**"/>
+ <exclude name="doc/**"/>
+ </fileset>
+ </coverage-setup>
+ <phpunit printsummary="true" >
+ <batchtest>
+ <fileset dir="tests">
+ <include name="*test.php" />
+ </fileset>
+ </batchtest>
+ <formatter type="xml" todir="report" outfile="testlog.xml" />
+ </phpunit>
+ <phpunitreport infile="report/testlog.xml" todir="report" />
+ <coverage-report outfile="report/coverage-database">
+ <report todir="report" styledir="/home/phing/etc" />
+ </coverage-report>
</target>
<!-- ===================================================== -->
diff --git a/tests/xss_filter_test.php b/tests/xss_filter_test.php
new file mode 100644
index 000000000..e480ef7ec
--- /dev/null
+++ b/tests/xss_filter_test.php
@@ -0,0 +1,217 @@
+<?php
+/**
+* Tests, without pHPUnit by now
+* @package test.util
+*/
+
+require_once('include/text.php');
+
+class AntiXSSTest extends PHPUnit_Framework_TestCase {
+
+/**
+* test no tags
+*/
+ public function testEscapeTags() {
+ $invalidstring='<submit type="button" onclick="alert(\'failed!\');" />';
+
+ $validstring=notags($invalidstring);
+ $escapedString=escape_tags($invalidstring);
+
+ $this->assertEquals('[submit type="button" onclick="alert(\'failed!\');" /]', $validstring);
+ $this->assertEquals("&lt;submit type=&quot;button&quot; onclick=&quot;alert('failed!');&quot; /&gt;", $escapedString);
+ }
+
+ /**
+ *autonames should be random, even length
+ */
+ public function testAutonameEven() {
+ $autoname1=autoname(10);
+ $autoname2=autoname(10);
+
+ $this->assertNotEquals($autoname1, $autoname2);
+ }
+
+ /**
+ *autonames should be random, odd length
+ */
+ public function testAutonameOdd() {
+ $autoname1=autoname(9);
+ $autoname2=autoname(9);
+
+ $this->assertNotEquals($autoname1, $autoname2);
+ }
+
+ /**
+ * try to fail autonames
+ */
+ public function testAutonameNoLength() {
+ $autoname1=autoname(0);
+ $this->assertEquals(0, count($autoname1));
+ }
+
+ public function testAutonameNegativeLength() {
+ $autoname1=autoname(-23);
+ $this->assertEquals(0, count($autoname1));
+ }
+
+// public function testAutonameMaxLength() {
+// $autoname2=autoname(PHP_INT_MAX);
+// $this->assertEquals(PHP_INT_MAX, count($autoname2));
+// }
+
+ public function testAutonameLength1() {
+ $autoname3=autoname(1);
+ $this->assertEquals(1, count($autoname3));
+ }
+
+ /**
+ *xmlify and unxmlify
+ */
+ public function testXmlify() {
+ $text="<tag>I want to break\n this!11!<?hard?></tag>";
+ $xml=xmlify($text); //test whether it actually may be part of a xml document
+ $retext=unxmlify($text);
+
+ $this->assertEquals($text, $retext);
+ }
+
+ /**
+ * test hex2bin and reverse
+ */
+
+ public function testHex2Bin() {
+ $this->assertEquals(-3, hex2bin(bin2hex(-3)));
+ $this->assertEquals(0, hex2bin(bin2hex(0)));
+ $this->assertEquals(12, hex2bin(bin2hex(12)));
+ $this->assertEquals(PHP_INT_MAX, hex2bin(bin2hex(PHP_INT_MAX)));
+ }
+
+ /**
+ * test expand_acl
+ */
+ public function testExpandAclNormal() {
+ $text="<1><2><3>";
+ $this->assertEquals(array(1, 2, 3), expand_acl($text));
+ }
+
+ public function testExpandAclBigNumber() {
+ $text="<1><279012><15>";
+ $this->assertEquals(array(1, 279012, 15), expand_acl($text));
+ }
+
+ public function testExpandAclString() {
+ $text="<1><279012><tt>"; //maybe that's invalid
+ $this->assertEquals(array(1, 279012, 'tt'), expand_acl($text));
+ }
+
+ public function testExpandAclSpace() {
+ $text="<1><279 012><32>"; //maybe that's invalid
+ $this->assertEquals(array(1, "279 012", "32"), expand_acl($text));
+ }
+
+ public function testExpandAclEmpty() {
+ $text=""; //maybe that's invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclNoBrackets() {
+ $text="According to documentation, that's invalid. "; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclJustOneBracket1() {
+ $text="<Another invalid string"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclJustOneBracket2() {
+ $text="Another invalid> string"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclCloseOnly() {
+ $text="Another> invalid> string>"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclOpenOnly() {
+ $text="<Another< invalid string<"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclNoMatching1() {
+ $text="<Another<> invalid <string>"; //should be invalid
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ public function testExpandAclNoMatching2() {
+ $text="<1>2><3>";
+ $this->assertEquals(array(), expand_acl($text));
+ }
+
+ /**
+ * test attribute contains
+ */
+ public function testAttributeContains1() {
+ $testAttr="class1 notclass2 class3";
+ $this->assertTrue(attribute_contains($testAttr, "class3"));
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test attribute contains
+ */
+ public function testAttributeContains2() {
+ $testAttr="class1 not-class2 class3";
+ $this->assertTrue(attribute_contains($testAttr, "class3"));
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ public function testAttributeContainsEmpty() {
+ $testAttr="";
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ public function testAttributeContainsSpecialChars() {
+ $testAttr="--... %\$ä() /(=?}";
+ $this->assertFalse(attribute_contains($testAttr, "class2"));
+ }
+
+ /**
+ * test get_tags
+ */
+ public function testGetTags() {
+ $text="hi @Mike, I'm just writing #test_cases, "
+ ." so @somebody@friendica.com may change #things. Of course I "
+ ."look for a lot of #pitfalls, like #tags at the end of a sentence "
+ ."@comment. I hope noone forgets about @fullstops.because that might"
+ ." break #things. @Mike@campino@friendica.eu is also #nice, isn't it? "
+ ."Now, add a @first_last tag. ";
+ //check whether this are all variants (no, auto-stuff is missing).
+
+ $tags=get_tags($text);
+
+ $this->assertEquals("@Mike", $tags[0]);
+ $this->assertEquals("#test_cases", $tags[1]);
+ $this->assertEquals("@somebody@friendica.com", $tags[2]);
+ $this->assertEquals("#things", $tags[3]);
+ $this->assertEquals("#pitfalls", $tags[4]);
+ $this->assertEquals("#tags", $tags[5]);
+ $this->assertEquals("@comment", $tags[6]);
+ $this->assertEquals("@fullstops", $tags[7]);
+ $this->assertEquals("#things", $tags[8]);
+ $this->assertEquals("@Mike", $tags[9]);
+ $this->assertEquals("@campino@friendica.eu", $tags[10]);
+ $this->assertEquals("#nice", $tags[11]);
+ $this->assertEquals("@first_last", $tags[12]);
+ }
+
+ public function testGetTagsEmpty() {
+ $tags=get_tags("");
+ $this->assertEquals(0, count($tags));
+ }
+//function qp, quick and dirty??
+//get_mentions
+//get_contact_block, bis Zeile 538
+}
+?>
diff --git a/tests/xss_filter_tests.php b/tests/xss_filter_tests.php
deleted file mode 100644
index 2d29e390a..000000000
--- a/tests/xss_filter_tests.php
+++ /dev/null
@@ -1,140 +0,0 @@
-<?php
-/**
-* Tests, without pHPUnit by now
-* @package test.util
-*/
-
-require_once(text.php);
-
-/**
-* test no tags
-*/
-$invalidstring='<submit type="button" onclick="alert(\'failed!\');" />'
-
-$validstring=notags($invalidstring);
-$escapedString=escape_tags($invalidstring);
-
-assert("[submit type="button" onclick="alert(\'failed!\');" /]", $validstring);
-assert("what ever", $escapedString);
-
-/**
-*autonames should be random, even length
-*/
-$autoname1=autoname(10);
-$autoname2=autoname(10);
-
-assertNotEquals($autoname1, $autoname2);
-
-/**
-*autonames should be random, odd length
-*/
-$autoname1=autoname(9);
-$autoname2=autoname(9);
-
-assertNotEquals($autoname1, $autoname2);
-
-/**
-* try to fail autonames
-*/
-$autoname1=autoname(0);
-$autoname2=autoname(MAX_VALUE);
-$autoname3=autoname(1);
-assert(count($autoname1), 0);
-assert(count($autoname2), MAX_VALUE);
-assert(count($autoname3), 1);
-
-/**
-*xmlify and unxmlify
-*/
-$text="<tag>I want to break\n this!11!<?hard?></tag>"
-$xml=xmlify($text); //test whether it actually may be part of a xml document
-$retext=unxmlify($text);
-
-assert($text, $retext);
-
-/**
-* test hex2bin and reverse
-*/
-
-assert(-3, hex2bin(bin2hex(-3)));
-assert(0, hex2bin(bin2hex(0)));
-assert(12, hex2bin(bin2hex(12)));
-assert(MAX_INT, hex2bin(bin2hex(MAX_INT)));
-
-/**
-* test expand_acl
-*/
-$text="<1><2><3>";
-assert(array(1, 2, 3), $text);
-
-$text="<1><279012><15>";
-assert(array(1, 279012, 15), $text);
-
-$text="<1><279012><tt>"; //maybe that's invalid
-assert(array(1, 279012, "tt"), $text);
-
-$text="<1><279 012><tt>"; //maybe that's invalid
-assert(array(1, "279 012", "tt"), $text);
-
-$text=""; //maybe that's invalid
-assert(array(), $text);
-
-$text="According to documentation, that's invalid. "; //should be invalid
-assert(array(), $text);
-
-$text="<Another invalid string"; //should be invalid
-assert(array(), $text);
-
-$text="Another invalid> string"; //should be invalid
-assert(array(), $text);
-
-$text="Another> invalid> string>"; //should be invalid
-assert(array(), $text);
-
-/**
-* test attribute contains
-*/
-$testAttr="class1 notclass2 class3";
-assertTrue(attribute_contains($testAttr, "class3"));
-assertFalse(attribute_contains($testAttr, "class2"));
-
-$testAttr="";
-assertFalse(attribute_contains($testAttr, "class2"));
-
-$testAttr="--... %$§() /(=?}";
-assertFalse(attribute_contains($testAttr, "class2"));
-
-/**
-* test get_tags
-*/
-$text="hi @Mike, I'm just writing #test_cases, ";
-$text.=" so @somebody@friendica.com may change #things. Of course I ";
-$text.="look for a lot of #pitfalls, like #tags at the end of a sentence ";
-$text.="@comment. I hope noone forgets about @fullstops.because that might";
-$text.=" break #things. @Mike@campino@friendica.eu is also #nice, isn't it? ";
-$text.="Now, add a @first_last tag. "
-//check whether this are all variants (no, auto-stuff is missing).
-
-$tags=get_tags($text);
-
-assert("@Mike", $tags[0]);
-assert("#test_cases", $tags[1]);
-assert("@somebody@friendica.com", $tags[2]);
-assert("#things", $tags[3]);
-assert("#pitfalls", $tags[4]);
-assert("#tags", $tags[5]);
-assert("@comment", $tags[6]);
-assert("@fullstops", $tags[7]);
-assert("#things", $tags[8]);
-assert("@Mike", $tags[9]);
-assert("@campino@friendica.eu", $tags[10]);
-assert("#nice", $tags[11]);
-assert("@first_last", $tags[12]);
-
-$tags=get_tags("");
-assert(0, count($tags));
-
-//function qp, quick and dirty??
-//get_mentions
-//get_contact_block, bis Zeile 538
-?>