1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
|
<?php
/**
* Nextcloud - Gallery
*
*
* This file is licensed under the Affero General Public License version 3 or
* later. See the COPYING file.
*
* @author Olivier Paroz <galleryapps@oparoz.com>
*
* @copyright Olivier Paroz 2017
*/
namespace OCA\Gallery\Tests\Config;
use OCA\Gallery\Config\ConfigValidator;
/**
* Class ConfigValidatorTest
*
* @package OCA\Gallery\Tests\Config
*/
class ConfigValidatorTest extends \OCA\Gallery\Tests\GalleryUnitTest {
/** @var ConfigValidator */
protected $configValidator;
/**
* Test set up
*/
protected function setUp() {
parent::setUp();
$this->configValidator = new ConfigValidator();
}
public function providesIsConfigSafeData() {
// An empty config file
$emptyConfig = [];
// Info Config
$infoConfig = [
'description_link' => 'Local conf',
'copyright_link' => '2015 me',
];
// The sorting section of a standard root config
$sortingConfig = [
'type' => 'name',
'order' => 'des',
'inherit' => 'yes'
];
// Evil sorting type = unusable
$evilDateSortingConfig = [
'type' => 'date<script>alert(1)</script>',
'order' => 'des',
];
// Evil sorting order = unusable
$evilSortingOrderConfig = [
'type' => 'date',
'order' => 'des<script>alert(1)</script>',
];
// Setting a background colour
$designColourConfig = [
'background' => '#ff9f00'
];
// Evil background colour = unusable
$evilDesignColourConfig = [
'background' => '#ff9f00<script>alert(1)</script>'
];
/**
* @param $key
* @param $parsedConfigItem
* @param $expectedResult
*/
return [
[
'information', $emptyConfig, true
],
[
'sorting', $emptyConfig, true
],
[
'design', $emptyConfig, true
],
[
'information', $infoConfig, true
],
[
'sorting', $sortingConfig, true
],
[
'sorting', $evilDateSortingConfig, false
],
[
'sorting', $evilSortingOrderConfig, false
],
[
'design', $designColourConfig, true
],
[
'design', $evilDesignColourConfig, false
]
];
}
/**
* @dataProvider providesIsConfigSafeData
*
* @param string $key the configuration sub-section identifier
* @param array $parsedConfigItem the configuration for a sub-section
* @param array $expectedResult
*/
public function testIsConfigSafe($key, $parsedConfigItem, $expectedResult) {
$response = $this->configValidator->isConfigSafe($key, $parsedConfigItem);
$this->assertEquals($expectedResult, $response);
}
}
|