From 414396f7a485f1a91d51724d0a5c165a72b7d322 Mon Sep 17 00:00:00 2001 From: Stefan Giehl Date: Fri, 11 Dec 2020 00:38:10 +0100 Subject: Adds possibility to configure protocols for allowed outgoing connections (#16910) * Only allow http/https requests by default * ws * improve config name * fix typo * updates expected ui file --- tests/PHPUnit/Integration/HttpTest.php | 200 +++++++++++---------- ...ntegrationTest_admin_diagnostics_configfile.png | 4 +- 2 files changed, 112 insertions(+), 92 deletions(-) (limited to 'tests') diff --git a/tests/PHPUnit/Integration/HttpTest.php b/tests/PHPUnit/Integration/HttpTest.php index 73bcd27b35..3791c350c1 100644 --- a/tests/PHPUnit/Integration/HttpTest.php +++ b/tests/PHPUnit/Integration/HttpTest.php @@ -322,98 +322,118 @@ class HttpTest extends \PHPUnit\Framework\TestCase $this->assertEquals(51, strlen($result)); } - public function test_http_postsEvent() - { - $params = null; - $params2 = null; - Piwik::addAction('Http.sendHttpRequest', function () use (&$params) { - $params = func_get_args(); - }); - Piwik::addAction('Http.sendHttpRequest.end', function () use (&$params2) { - $params2 = func_get_args(); - }); - $destinationPath = PIWIK_USER_PATH . '/tmp/latest/LATEST'; - $url = Fixture::getRootUrl() . 'tests/PHPUnit/Integration/Http/Post.php'; - Http::sendHttpRequestBy( - Http::getTransportMethod(), - $url, - 30, - $userAgent = null, - $destinationPath, - $file = null, - $followDepth = 0, - $acceptLanguage = false, - $acceptInvalidSslCertificate = false, - $byteRange = array(10, 20), - $getExtendedInfo = false, - $httpMethod = 'POST', - $httpUsername = '', - $httpPassword = '', - array('adf2' => '44', 'afc23' => 'ab12') - ); - - $this->assertEquals(array($url, array( - 'httpMethod' => 'POST', - 'body' => array('adf2' => '44','afc23' => 'ab12'), - 'userAgent' => 'Matomo/' . Version::VERSION, - 'timeout' => 30, - 'headers' => array( - 'Range: bytes=10-20', + public function test_http_postsEvent() + { + $params = null; + $params2 = null; + Piwik::addAction('Http.sendHttpRequest', function () use (&$params) { + $params = func_get_args(); + }); + Piwik::addAction('Http.sendHttpRequest.end', function () use (&$params2) { + $params2 = func_get_args(); + }); + $destinationPath = PIWIK_USER_PATH . '/tmp/latest/LATEST'; + $url = Fixture::getRootUrl() . 'tests/PHPUnit/Integration/Http/Post.php'; + Http::sendHttpRequestBy( + Http::getTransportMethod(), + $url, + 30, + $userAgent = null, + $destinationPath, + $file = null, + $followDepth = 0, + $acceptLanguage = false, + $acceptInvalidSslCertificate = false, + $byteRange = array(10, 20), + $getExtendedInfo = false, + $httpMethod = 'POST', + $httpUsername = '', + $httpPassword = '', + array('adf2' => '44', 'afc23' => 'ab12') + ); + + $this->assertEquals(array($url, array( + 'httpMethod' => 'POST', + 'body' => array('adf2' => '44','afc23' => 'ab12'), + 'userAgent' => 'Matomo/' . Version::VERSION, + 'timeout' => 30, + 'headers' => array( + 'Range: bytes=10-20', 'Via: ' . Version::VERSION . ' (Matomo/' . Version::VERSION . ')', - 'X-Forwarded-For: 127.0.0.1', - ), - 'verifySsl' => true, - 'destinationPath' => $destinationPath - ), null, null, array()), $params); - - $this->assertNotEmpty($params2[4]);// headers - unset($params2[4]); - $this->assertEquals(array($url, array( - 'httpMethod' => 'POST', - 'body' => array('adf2' => '44','afc23' => 'ab12'), + 'X-Forwarded-For: 127.0.0.1', + ), + 'verifySsl' => true, + 'destinationPath' => $destinationPath + ), null, null, array()), $params); + + $this->assertNotEmpty($params2[4]);// headers + unset($params2[4]); + $this->assertEquals(array($url, array( + 'httpMethod' => 'POST', + 'body' => array('adf2' => '44','afc23' => 'ab12'), 'userAgent' => 'Matomo/' . Version::VERSION, - 'timeout' => 30, - 'headers' => array( - 'Range: bytes=10-20', + 'timeout' => 30, + 'headers' => array( + 'Range: bytes=10-20', 'Via: ' . Version::VERSION . ' (Matomo/' . Version::VERSION . ')', - 'X-Forwarded-For: 127.0.0.1', - ), - 'verifySsl' => true, - 'destinationPath' => $destinationPath - ), '{"adf2":"44","afc23":"ab12","method":"post"}', 200), $params2); - } - - public function test_http_returnsResultOfPostedEvent() - { - Piwik::addAction('Http.sendHttpRequest', function ($url, $args, &$response, &$status, &$headers) { - $response = '{test: true}'; - $status = 204; - $headers = array('content-length' => 948); - }); - - $result = Http::sendHttpRequestBy( - Http::getTransportMethod(), - Fixture::getRootUrl() . 'tests/PHPUnit/Integration/Http/Post.php', - 30, - $userAgent = null, - $destinationPath = null, - $file = null, - $followDepth = 0, - $acceptLanguage = false, - $acceptInvalidSslCertificate = false, - $byteRange = array(10, 20), - $getExtendedInfo = true, - $httpMethod = 'POST', - $httpUsername = '', - $httpPassword = '', - array('adf2' => '44', 'afc23' => 'ab12') - ); - - $this->assertEquals(array( - 'data' => '{test: true}', - 'status' => 204, - 'headers' => array('content-length' => 948) - ), $result); - } + 'X-Forwarded-For: 127.0.0.1', + ), + 'verifySsl' => true, + 'destinationPath' => $destinationPath + ), '{"adf2":"44","afc23":"ab12","method":"post"}', 200), $params2); + } + + public function test_http_returnsResultOfPostedEvent() + { + Piwik::addAction('Http.sendHttpRequest', function ($url, $args, &$response, &$status, &$headers) { + $response = '{test: true}'; + $status = 204; + $headers = array('content-length' => 948); + }); + + $result = Http::sendHttpRequestBy( + Http::getTransportMethod(), + Fixture::getRootUrl() . 'tests/PHPUnit/Integration/Http/Post.php', + 30, + $userAgent = null, + $destinationPath = null, + $file = null, + $followDepth = 0, + $acceptLanguage = false, + $acceptInvalidSslCertificate = false, + $byteRange = array(10, 20), + $getExtendedInfo = true, + $httpMethod = 'POST', + $httpUsername = '', + $httpPassword = '', + array('adf2' => '44', 'afc23' => 'ab12') + ); + + $this->assertEquals(array( + 'data' => '{test: true}', + 'status' => 204, + 'headers' => array('content-length' => 948) + ), $result); + } + /** + * @dataProvider getProtocolUrls + */ + public function test_invalid_protocols($url, $message) + { + self::expectException(\Exception::class); + self::expectExceptionMessage($message); + + Http::sendHttpRequest($url, 5); + } + + public function getProtocolUrls() + { + return [ + ['phar://malformed.url', 'Protocol phar not in list of allowed protocols: http,https'], + ['ftp://usful.ftp/file.md', 'Protocol ftp not in list of allowed protocols: http,https'], + ['rtp://custom.url', 'Protocol rtp not in list of allowed protocols: http,https'], + ['/local/file', 'Missing scheme in given url'], + ]; + } } diff --git a/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png b/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png index 1741dda716..f5d351ebd9 100644 --- a/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png +++ b/tests/UI/expected-screenshots/UIIntegrationTest_admin_diagnostics_configfile.png @@ -1,3 +1,3 @@ version https://git-lfs.github.com/spec/v1 -oid sha256:7830c47b5000e60962a26e9759c05ec75de0f12b10bc497ed79184f85f1a6dc4 -size 4547003 +oid sha256:4a8cd99b98901d36bae43b767d3060d0967519fb6f842cb88a35889cd01b800a +size 4564855 -- cgit v1.2.3