aboutsummaryrefslogtreecommitdiffstats
path: root/tests/unit
diff options
context:
space:
mode:
Diffstat (limited to 'tests/unit')
-rw-r--r--tests/unit/Lib/ConfigTest.php61
1 files changed, 61 insertions, 0 deletions
diff --git a/tests/unit/Lib/ConfigTest.php b/tests/unit/Lib/ConfigTest.php
new file mode 100644
index 000000000..a8ae3631b
--- /dev/null
+++ b/tests/unit/Lib/ConfigTest.php
@@ -0,0 +1,61 @@
+<?php
+declare(strict_types=1);
+
+/**
+ * Tests for the Zotlabs\Lib\Config class.
+ *
+ * Until we have database testing in place, we can only test the Congig::Get
+ * method for now. This should be improved once the database test framework is
+ * merged.
+ */
+class ConfigTest extends Zotlabs\Tests\Unit\UnitTestCase {
+ /*
+ * Hardcode a config that we can test against, and that we can
+ * reuse in all the test cases.
+ */
+ public function setUp(): void {
+ \App::$config = array(
+ 'test' => array (
+ 'plain' => 'plain value',
+ 'php-array' => 'a:3:{i:0;s:3:"one";i:1;s:3:"two";i:2;s:5:"three";}',
+ 'json-array' => 'json:["one","two","three"]',
+ 'object-injection' => 'a:1:{i:0;O:18:"Zotlabs\Lib\Config":0:{}}',
+ 'config_loaded' => true,
+ ),
+ );
+ }
+
+ public function testGetPlainTextValue(): void {
+ $this->assertEquals(
+ Zotlabs\Lib\Config::Get('test', 'plain'),
+ 'plain value'
+ );
+ }
+
+ public function testGetJSONSerializedArray(): void {
+ $this->assertEquals(
+ Zotlabs\Lib\Config::Get('test', 'json-array'),
+ array('one', 'two', 'three')
+ );
+ }
+
+ /*
+ * Test that we can retreive old style serialized arrays that were
+ * serialized with th PHP `serialize()` function.
+ */
+ public function testGetPHPSerializedArray(): void {
+ $this->assertEquals(
+ Zotlabs\Lib\Config::Get('test', 'php-array'),
+ array('one', 'two', 'three')
+ );
+ }
+
+ /*
+ * Make sure we're not vulnerable to PHP Object injection attacks when
+ * using the PHP `unserialize()` function.
+ */
+ public function testGetMaliciousPHPSerializedArray(): void {
+ $value = Zotlabs\Lib\Config::Get('test', 'object-injection');
+ $this->assertEquals($value[0]::class, '__PHP_Incomplete_Class');
+ }
+}