diff options
Diffstat (limited to 'tests/unit')
-rw-r--r-- | tests/unit/Lib/ConfigTest.php | 61 |
1 files changed, 61 insertions, 0 deletions
diff --git a/tests/unit/Lib/ConfigTest.php b/tests/unit/Lib/ConfigTest.php new file mode 100644 index 000000000..a8ae3631b --- /dev/null +++ b/tests/unit/Lib/ConfigTest.php @@ -0,0 +1,61 @@ +<?php +declare(strict_types=1); + +/** + * Tests for the Zotlabs\Lib\Config class. + * + * Until we have database testing in place, we can only test the Congig::Get + * method for now. This should be improved once the database test framework is + * merged. + */ +class ConfigTest extends Zotlabs\Tests\Unit\UnitTestCase { + /* + * Hardcode a config that we can test against, and that we can + * reuse in all the test cases. + */ + public function setUp(): void { + \App::$config = array( + 'test' => array ( + 'plain' => 'plain value', + 'php-array' => 'a:3:{i:0;s:3:"one";i:1;s:3:"two";i:2;s:5:"three";}', + 'json-array' => 'json:["one","two","three"]', + 'object-injection' => 'a:1:{i:0;O:18:"Zotlabs\Lib\Config":0:{}}', + 'config_loaded' => true, + ), + ); + } + + public function testGetPlainTextValue(): void { + $this->assertEquals( + Zotlabs\Lib\Config::Get('test', 'plain'), + 'plain value' + ); + } + + public function testGetJSONSerializedArray(): void { + $this->assertEquals( + Zotlabs\Lib\Config::Get('test', 'json-array'), + array('one', 'two', 'three') + ); + } + + /* + * Test that we can retreive old style serialized arrays that were + * serialized with th PHP `serialize()` function. + */ + public function testGetPHPSerializedArray(): void { + $this->assertEquals( + Zotlabs\Lib\Config::Get('test', 'php-array'), + array('one', 'two', 'three') + ); + } + + /* + * Make sure we're not vulnerable to PHP Object injection attacks when + * using the PHP `unserialize()` function. + */ + public function testGetMaliciousPHPSerializedArray(): void { + $value = Zotlabs\Lib\Config::Get('test', 'object-injection'); + $this->assertEquals($value[0]::class, '__PHP_Incomplete_Class'); + } +} |