diff options
Diffstat (limited to 'vendor/ZendXml/tests')
-rw-r--r-- | vendor/ZendXml/tests/Bootstrap.php | 92 | ||||
-rw-r--r-- | vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php | 152 | ||||
-rwxr-xr-x | vendor/ZendXml/tests/phpunit.xml.dist | 27 |
3 files changed, 271 insertions, 0 deletions
diff --git a/vendor/ZendXml/tests/Bootstrap.php b/vendor/ZendXml/tests/Bootstrap.php new file mode 100644 index 000000000..a9d0e6a55 --- /dev/null +++ b/vendor/ZendXml/tests/Bootstrap.php @@ -0,0 +1,92 @@ +<?php +/** + * Zend Framework (http://framework.zend.com/) + * + * @link http://github.com/zendframework/zf2 for the canonical source repository + * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + * @package Zend + */ + +/** + * Set error reporting to the level to which Zend Framework code must comply. + */ +error_reporting( E_ALL | E_STRICT ); + +if (class_exists('PHPUnit_Runner_Version', true)) { + $phpUnitVersion = PHPUnit_Runner_Version::id(); + if ('@package_version@' !== $phpUnitVersion && version_compare($phpUnitVersion, '3.7.0', '<')) { + echo 'This version of PHPUnit (' . + PHPUnit_Runner_Version::id() . + ') is not supported for ZendXml unit tests - use v 3.7.0 or higher.' + . PHP_EOL + ; + exit(1); + } + unset($phpUnitVersion); +} + +/** + * Setup autoloading + */ +// Try to use Composer autoloader +if (file_exists(__DIR__ . '/../vendor/autoload.php')) { + include_once __DIR__ . '/../vendor/autoload.php'; +} +// ... or use a simple SPL autoloader +else{ + + // update include path + set_include_path(implode(PATH_SEPARATOR, array( + __DIR__.'/../src', + __DIR__, + get_include_path() + ))); + + /** + * @link https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md#example-implementation + */ + spl_autoload_register(function ($className) { + $className = ltrim($className, '\\'); + $fileName = ''; + $namespace = ''; + if ($lastNsPos = strrpos($className, '\\')) { + $namespace = substr($className, 0, $lastNsPos); + $className = substr($className, $lastNsPos + 1); + $fileName = str_replace('\\', DIRECTORY_SEPARATOR, $namespace) . DIRECTORY_SEPARATOR; + } + $fileName .= str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php'; + require $fileName; + }); + +} + +/** + * Code coverage option + */ +if (defined('TESTS_GENERATE_REPORT') && TESTS_GENERATE_REPORT === true) { + $codeCoverageFilter = new PHP_CodeCoverage_Filter(); + + $lastArg = end($_SERVER['argv']); + if (is_dir($zfCoreTests . '/' . $lastArg)) { + $codeCoverageFilter->addDirectoryToWhitelist($zfCoreLibrary . '/' . $lastArg); + } elseif (is_file($zfCoreTests . '/' . $lastArg)) { + $codeCoverageFilter->addDirectoryToWhitelist(dirname($zfCoreLibrary . '/' . $lastArg)); + } else { + $codeCoverageFilter->addDirectoryToWhitelist($zfCoreLibrary); + } + + /* + * Omit from code coverage reports the contents of the tests directory + */ + $codeCoverageFilter->addDirectoryToBlacklist($zfCoreTests, ''); + $codeCoverageFilter->addDirectoryToBlacklist(PEAR_INSTALL_DIR, ''); + $codeCoverageFilter->addDirectoryToBlacklist(PHP_LIBDIR, ''); + + unset($codeCoverageFilter); +} + +/* + * Unset global variables that are no longer needed. + */ +unset($phpUnitVersion); diff --git a/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php b/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php new file mode 100644 index 000000000..0f0fbffba --- /dev/null +++ b/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php @@ -0,0 +1,152 @@ +<?php +/** + * Zend Framework (http://framework.zend.com/) + * + * @link http://github.com/zendframework/zf2 for the canonical source repository + * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com) + * @license http://framework.zend.com/license/new-bsd New BSD License + */ +namespace ZendTest\Xml; + +use ZendXml\Security as XmlSecurity; +use ZendXml\Exception; +use DOMDocument; +use SimpleXMLElement; + +class SecurityTest extends \PHPUnit_Framework_TestCase +{ + /** + * @expectedException ZendXml\Exception\RuntimeException + */ + public function testScanForXEE() + { + $xml = <<<XML +<?xml version="1.0"?> +<!DOCTYPE results [<!ENTITY harmless "completely harmless">]> +<results> + <result>This result is &harmless;</result> +</results> +XML; + + $this->setExpectedException('ZendXml\Exception\RuntimeException'); + $result = XmlSecurity::scan($xml); + } + + public function testScanForXXE() + { + $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security'); + file_put_contents($file, 'This is a remote content!'); + $xml = <<<XML +<?xml version="1.0"?> +<!DOCTYPE root +[ +<!ENTITY foo SYSTEM "file://$file"> +]> +<results> + <result>&foo;</result> +</results> +XML; + + try { + $result = XmlSecurity::scan($xml); + } catch (Exception\RuntimeException $e) { + unlink($file); + return; + } + $this->fail('An expected exception has not been raised.'); + } + + public function testScanSimpleXmlResult() + { + $result = XmlSecurity::scan($this->getXml()); + $this->assertTrue($result instanceof SimpleXMLElement); + $this->assertEquals($result->result, 'test'); + } + + public function testScanDom() + { + $dom = new DOMDocument('1.0'); + $result = XmlSecurity::scan($this->getXml(), $dom); + $this->assertTrue($result instanceof DOMDocument); + $node = $result->getElementsByTagName('result')->item(0); + $this->assertEquals($node->nodeValue, 'test'); + } + + /** + * @requires PHP 5.4 + */ + public function testScanDomHTML() + { + // loadHtml accepts constants in php >= 5.4 + // http://php.net/manual/de/domdocument.loadhtml.php + $dom = new DOMDocument('1.0'); + $html = <<<HTML +<p>a simple test</p> +HTML; + $constants = LIBXML_HTML_NODEFDTD | LIBXML_HTML_NOIMPLIED; + $result = XmlSecurity::scanHtml($html, $dom, $constants); + $this->assertTrue($result instanceof DOMDocument); + $this->assertEquals($html, trim($result->saveHtml())); + } + + public function testScanInvalidXml() + { + $xml = <<<XML +<foo>test</bar> +XML; + + $result = XmlSecurity::scan($xml); + $this->assertFalse($result); + } + + public function testScanInvalidXmlDom() + { + $xml = <<<XML +<foo>test</bar> +XML; + + $dom = new DOMDocument('1.0'); + $result = XmlSecurity::scan($xml, $dom); + $this->assertFalse($result); + } + + public function testScanFile() + { + $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security'); + file_put_contents($file, $this->getXml()); + + $result = XmlSecurity::scanFile($file); + $this->assertTrue($result instanceof SimpleXMLElement); + $this->assertEquals($result->result, 'test'); + unlink($file); + } + + public function testScanXmlWithDTD() + { + $xml = <<<XML +<?xml version="1.0"?> +<!DOCTYPE results [ +<!ELEMENT results (result+)> +<!ELEMENT result (#PCDATA)> +]> +<results> + <result>test</result> +</results> +XML; + + $dom = new DOMDocument('1.0'); + $result = XmlSecurity::scan($xml, $dom); + $this->assertTrue($result instanceof DOMDocument); + $this->assertTrue($result->validate()); + } + + protected function getXml() + { + return <<<XML +<?xml version="1.0"?> +<results> + <result>test</result> +</results> +XML; + } +} diff --git a/vendor/ZendXml/tests/phpunit.xml.dist b/vendor/ZendXml/tests/phpunit.xml.dist new file mode 100755 index 000000000..069784bd7 --- /dev/null +++ b/vendor/ZendXml/tests/phpunit.xml.dist @@ -0,0 +1,27 @@ +<phpunit bootstrap="./Bootstrap.php" colors="true"> + <testsuites> + <testsuite name="ZendXml Test Suite"> + <directory>./ZendXmlTest</directory> + <exclude>./ZendXmlTest/TestAsset</exclude> + </testsuite> + </testsuites> + + <groups> + <exclude> + </exclude> + </groups> + + <listeners> + </listeners> + + <filter> + <blacklist> + <directory suffix=".php">./ZendXmlTest</directory> + <directory>../vendor</directory> + </blacklist> + </filter> + + <php> + </php> + +</phpunit> |