Changeset View
Changeset View
Standalone View
Standalone View
src/infrastructure/env/__tests__/PhabricatorEnvTestCase.php
| <?php | <?php | ||||
| final class PhabricatorEnvTestCase extends PhabricatorTestCase { | final class PhabricatorEnvTestCase extends PhabricatorTestCase { | ||||
| public function testLocalWebResource() { | public function testLocalURIForLink() { | ||||
| $map = array( | $map = array( | ||||
| '/' => true, | '/' => true, | ||||
| '/D123' => true, | '/D123' => true, | ||||
| '/path/to/something/' => true, | '/path/to/something/' => true, | ||||
| "/path/to/\nHeader: x" => false, | "/path/to/\nHeader: x" => false, | ||||
| 'http://evil.com/' => false, | 'http://evil.com/' => false, | ||||
| '//evil.com/evil/' => false, | '//evil.com/evil/' => false, | ||||
| 'javascript:lol' => false, | 'javascript:lol' => false, | ||||
| '' => false, | '' => false, | ||||
| null => false, | null => false, | ||||
| '/\\evil.com' => false, | '/\\evil.com' => false, | ||||
| ); | ); | ||||
| foreach ($map as $uri => $expect) { | foreach ($map as $uri => $expect) { | ||||
| $this->assertEqual( | $this->assertEqual( | ||||
| $expect, | $expect, | ||||
| PhabricatorEnv::isValidLocalWebResource($uri), | PhabricatorEnv::isValidLocalURIForLink($uri), | ||||
| "Valid local resource: {$uri}"); | "Valid local resource: {$uri}"); | ||||
| } | } | ||||
| } | } | ||||
| public function testRemoteWebResource() { | public function testRemoteURIForLink() { | ||||
| $map = array( | $map = array( | ||||
| 'http://example.com/' => true, | 'http://example.com/' => true, | ||||
| 'derp://example.com/' => false, | 'derp://example.com/' => false, | ||||
| 'javascript:alert(1)' => false, | 'javascript:alert(1)' => false, | ||||
| 'http://127.0.0.1/' => true, | |||||
| 'http://169.254.169.254/latest/meta-data/hostname' => true, | |||||
| ); | ); | ||||
| foreach ($map as $uri => $expect) { | foreach ($map as $uri => $expect) { | ||||
| $this->assertEqual( | $this->assertEqual( | ||||
| $expect, | $expect, | ||||
| PhabricatorEnv::isValidRemoteWebResource($uri), | PhabricatorEnv::isValidRemoteURIForLink($uri), | ||||
| "Valid remote resource: {$uri}"); | "Valid linkable remote URI: {$uri}"); | ||||
| } | |||||
| } | |||||
| public function testRemoteURIForFetch() { | |||||
| $map = array( | |||||
| 'http://example.com/' => true, | |||||
| // No domain or protocol. | |||||
| '' => false, | |||||
| // No domain. | |||||
| 'http://' => false, | |||||
| // No protocol. | |||||
| 'evil.com' => false, | |||||
| // No protocol. | |||||
| '//evil.com' => false, | |||||
| // Bad protocol. | |||||
| 'javascript://evil.com/' => false, | |||||
| 'file:///etc/shadow' => false, | |||||
| // Unresolvable hostname. | |||||
| 'http://u1VcxwUp368SIFzl7rkWWg23KM5JPB2kTHHngxjXCQc.zzz/' => false, | |||||
| // Domains explicitly in blacklisted IP space. | |||||
| 'http://127.0.0.1/' => false, | |||||
| 'http://169.254.169.254/latest/meta-data/hostname' => false, | |||||
| // Domain resolves into blacklisted IP space. | |||||
| 'http://localhost/' => false, | |||||
| ); | |||||
| $protocols = array('http', 'https'); | |||||
| foreach ($map as $uri => $expect) { | |||||
| $this->assertEqual( | |||||
| $expect, | |||||
| PhabricatorEnv::isValidRemoteURIForFetch($uri, $protocols), | |||||
| "Valid fetchable remote URI: {$uri}"); | |||||
| } | } | ||||
| } | } | ||||
| public function testDictionarySource() { | public function testDictionarySource() { | ||||
| $source = new PhabricatorConfigDictionarySource(array('x' => 1)); | $source = new PhabricatorConfigDictionarySource(array('x' => 1)); | ||||
| $this->assertEqual( | $this->assertEqual( | ||||
| array( | array( | ||||
| ▲ Show 20 Lines • Show All 131 Lines • Show Last 20 Lines | |||||