summaryrefslogtreecommitdiffstats
path: root/vendor/zendframework/zendxml/tests
diff options
context:
space:
mode:
Diffstat (limited to 'vendor/zendframework/zendxml/tests')
-rw-r--r--vendor/zendframework/zendxml/tests/Bootstrap.php92
-rw-r--r--vendor/zendframework/zendxml/tests/ZendXmlTest/MultibyteTest.php125
-rw-r--r--vendor/zendframework/zendxml/tests/ZendXmlTest/SecurityTest.php135
-rwxr-xr-xvendor/zendframework/zendxml/tests/phpunit.xml.dist27
4 files changed, 379 insertions, 0 deletions
diff --git a/vendor/zendframework/zendxml/tests/Bootstrap.php b/vendor/zendframework/zendxml/tests/Bootstrap.php
new file mode 100644
index 000000000..a9d0e6a55
--- /dev/null
+++ b/vendor/zendframework/zendxml/tests/Bootstrap.php
@@ -0,0 +1,92 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2014 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ * @package Zend
+ */
+
+/**
+ * Set error reporting to the level to which Zend Framework code must comply.
+ */
+error_reporting( E_ALL | E_STRICT );
+
+if (class_exists('PHPUnit_Runner_Version', true)) {
+ $phpUnitVersion = PHPUnit_Runner_Version::id();
+ if ('@package_version@' !== $phpUnitVersion && version_compare($phpUnitVersion, '3.7.0', '<')) {
+ echo 'This version of PHPUnit (' .
+ PHPUnit_Runner_Version::id() .
+ ') is not supported for ZendXml unit tests - use v 3.7.0 or higher.'
+ . PHP_EOL
+ ;
+ exit(1);
+ }
+ unset($phpUnitVersion);
+}
+
+/**
+ * Setup autoloading
+ */
+// Try to use Composer autoloader
+if (file_exists(__DIR__ . '/../vendor/autoload.php')) {
+ include_once __DIR__ . '/../vendor/autoload.php';
+}
+// ... or use a simple SPL autoloader
+else{
+
+ // update include path
+ set_include_path(implode(PATH_SEPARATOR, array(
+ __DIR__.'/../src',
+ __DIR__,
+ get_include_path()
+ )));
+
+ /**
+ * @link https://github.com/php-fig/fig-standards/blob/master/accepted/PSR-0.md#example-implementation
+ */
+ spl_autoload_register(function ($className) {
+ $className = ltrim($className, '\\');
+ $fileName = '';
+ $namespace = '';
+ if ($lastNsPos = strrpos($className, '\\')) {
+ $namespace = substr($className, 0, $lastNsPos);
+ $className = substr($className, $lastNsPos + 1);
+ $fileName = str_replace('\\', DIRECTORY_SEPARATOR, $namespace) . DIRECTORY_SEPARATOR;
+ }
+ $fileName .= str_replace('_', DIRECTORY_SEPARATOR, $className) . '.php';
+ require $fileName;
+ });
+
+}
+
+/**
+ * Code coverage option
+ */
+if (defined('TESTS_GENERATE_REPORT') && TESTS_GENERATE_REPORT === true) {
+ $codeCoverageFilter = new PHP_CodeCoverage_Filter();
+
+ $lastArg = end($_SERVER['argv']);
+ if (is_dir($zfCoreTests . '/' . $lastArg)) {
+ $codeCoverageFilter->addDirectoryToWhitelist($zfCoreLibrary . '/' . $lastArg);
+ } elseif (is_file($zfCoreTests . '/' . $lastArg)) {
+ $codeCoverageFilter->addDirectoryToWhitelist(dirname($zfCoreLibrary . '/' . $lastArg));
+ } else {
+ $codeCoverageFilter->addDirectoryToWhitelist($zfCoreLibrary);
+ }
+
+ /*
+ * Omit from code coverage reports the contents of the tests directory
+ */
+ $codeCoverageFilter->addDirectoryToBlacklist($zfCoreTests, '');
+ $codeCoverageFilter->addDirectoryToBlacklist(PEAR_INSTALL_DIR, '');
+ $codeCoverageFilter->addDirectoryToBlacklist(PHP_LIBDIR, '');
+
+ unset($codeCoverageFilter);
+}
+
+/*
+ * Unset global variables that are no longer needed.
+ */
+unset($phpUnitVersion);
diff --git a/vendor/zendframework/zendxml/tests/ZendXmlTest/MultibyteTest.php b/vendor/zendframework/zendxml/tests/ZendXmlTest/MultibyteTest.php
new file mode 100644
index 000000000..165e8fa51
--- /dev/null
+++ b/vendor/zendframework/zendxml/tests/ZendXmlTest/MultibyteTest.php
@@ -0,0 +1,125 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2015 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+namespace ZendTest\Xml;
+
+use ZendXml\Security as XmlSecurity;
+use ZendXml\Exception;
+use DOMDocument;
+use ReflectionMethod;
+use SimpleXMLElement;
+
+/**
+ * @group ZF2015-06
+ */
+class MultibyteTest extends \PHPUnit_Framework_TestCase
+{
+ public function multibyteEncodings()
+ {
+ return array(
+ 'UTF-16LE' => array('UTF-16LE', pack('CC', 0xff, 0xfe), 3),
+ 'UTF-16BE' => array('UTF-16BE', pack('CC', 0xfe, 0xff), 3),
+ 'UTF-32LE' => array('UTF-32LE', pack('CCCC', 0xff, 0xfe, 0x00, 0x00), 4),
+ 'UTF-32BE' => array('UTF-32BE', pack('CCCC', 0x00, 0x00, 0xfe, 0xff), 4),
+ );
+ }
+
+ public function getXmlWithXXE()
+ {
+ return <<<XML
+<?xml version="1.0" encoding="{ENCODING}"?>
+<!DOCTYPE methodCall [
+ <!ENTITY pocdata SYSTEM "file:///etc/passwd">
+]>
+<methodCall>
+ <methodName>retrieved: &pocdata;</methodName>
+</methodCall>
+XML;
+ }
+
+ /**
+ * Invoke ZendXml\Security::heuristicScan with the provided XML.
+ *
+ * @param string $xml
+ * @return void
+ * @throws Exception\RuntimeException
+ */
+ public function invokeHeuristicScan($xml)
+ {
+ $r = new ReflectionMethod('ZendXml\Security', 'heuristicScan');
+ $r->setAccessible(true);
+ return $r->invoke(null, $xml);
+ }
+
+ /**
+ * @dataProvider multibyteEncodings
+ * @group heuristicDetection
+ */
+ public function testDetectsMultibyteXXEVectorsUnderFPMWithEncodedStringMissingBOM($encoding, $bom, $bomLength)
+ {
+ $xml = $this->getXmlWithXXE();
+ $xml = str_replace('{ENCODING}', $encoding, $xml);
+ $xml = iconv('UTF-8', $encoding, $xml);
+ $this->assertNotSame(0, strncmp($xml, $bom, $bomLength));
+ $this->setExpectedException('ZendXml\Exception\RuntimeException', 'ENTITY');
+ $this->invokeHeuristicScan($xml);
+ }
+
+ /**
+ * @dataProvider multibyteEncodings
+ */
+ public function testDetectsMultibyteXXEVectorsUnderFPMWithEncodedStringUsingBOM($encoding, $bom)
+ {
+ $xml = $this->getXmlWithXXE();
+ $xml = str_replace('{ENCODING}', $encoding, $xml);
+ $orig = iconv('UTF-8', $encoding, $xml);
+ $xml = $bom . $orig;
+ $this->setExpectedException('ZendXml\Exception\RuntimeException', 'ENTITY');
+ $this->invokeHeuristicScan($xml);
+ }
+
+ public function getXmlWithoutXXE()
+ {
+ return <<<XML
+<?xml version="1.0" encoding="{ENCODING}"?>
+<methodCall>
+ <methodName>retrieved: &pocdata;</methodName>
+</methodCall>
+XML;
+ }
+
+ /**
+ * @dataProvider multibyteEncodings
+ */
+ public function testDoesNotFlagValidMultibyteXmlAsInvalidUnderFPM($encoding)
+ {
+ $xml = $this->getXmlWithoutXXE();
+ $xml = str_replace('{ENCODING}', $encoding, $xml);
+ $xml = iconv('UTF-8', $encoding, $xml);
+ try {
+ $result = $this->invokeHeuristicScan($xml);
+ $this->assertNull($result);
+ } catch (\Exception $e) {
+ $this->fail('Security scan raised exception when it should not have');
+ }
+ }
+
+ /**
+ * @dataProvider multibyteEncodings
+ * @group mixedEncoding
+ */
+ public function testDetectsXXEWhenXMLDocumentEncodingDiffersFromFileEncoding($encoding, $bom)
+ {
+ $xml = $this->getXmlWithXXE();
+ $xml = str_replace('{ENCODING}', 'UTF-8', $xml);
+ $xml = iconv('UTF-8', $encoding, $xml);
+ $xml = $bom . $xml;
+ $this->setExpectedException('ZendXml\Exception\RuntimeException', 'ENTITY');
+ $this->invokeHeuristicScan($xml);
+ }
+}
diff --git a/vendor/zendframework/zendxml/tests/ZendXmlTest/SecurityTest.php b/vendor/zendframework/zendxml/tests/ZendXmlTest/SecurityTest.php
new file mode 100644
index 000000000..fa3b30bf1
--- /dev/null
+++ b/vendor/zendframework/zendxml/tests/ZendXmlTest/SecurityTest.php
@@ -0,0 +1,135 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license http://framework.zend.com/license/new-bsd New BSD License
+ */
+namespace ZendTest\Xml;
+
+use ZendXml\Security as XmlSecurity;
+use ZendXml\Exception;
+use DOMDocument;
+use SimpleXMLElement;
+
+class SecurityTest extends \PHPUnit_Framework_TestCase
+{
+ /**
+ * @expectedException ZendXml\Exception\RuntimeException
+ */
+ public function testScanForXEE()
+ {
+ $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE results [<!ENTITY harmless "completely harmless">]>
+<results>
+ <result>This result is &harmless;</result>
+</results>
+XML;
+
+ $this->setExpectedException('ZendXml\Exception\RuntimeException');
+ $result = XmlSecurity::scan($xml);
+ }
+
+ public function testScanForXXE()
+ {
+ $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security');
+ file_put_contents($file, 'This is a remote content!');
+ $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$file">
+]>
+<results>
+ <result>&foo;</result>
+</results>
+XML;
+
+ try {
+ $result = XmlSecurity::scan($xml);
+ } catch (Exception\RuntimeException $e) {
+ unlink($file);
+ return;
+ }
+ $this->fail('An expected exception has not been raised.');
+ }
+
+ public function testScanSimpleXmlResult()
+ {
+ $result = XmlSecurity::scan($this->getXml());
+ $this->assertTrue($result instanceof SimpleXMLElement);
+ $this->assertEquals($result->result, 'test');
+ }
+
+ public function testScanDom()
+ {
+ $dom = new DOMDocument('1.0');
+ $result = XmlSecurity::scan($this->getXml(), $dom);
+ $this->assertTrue($result instanceof DOMDocument);
+ $node = $result->getElementsByTagName('result')->item(0);
+ $this->assertEquals($node->nodeValue, 'test');
+ }
+
+ public function testScanInvalidXml()
+ {
+ $xml = <<<XML
+<foo>test</bar>
+XML;
+
+ $result = XmlSecurity::scan($xml);
+ $this->assertFalse($result);
+ }
+
+ public function testScanInvalidXmlDom()
+ {
+ $xml = <<<XML
+<foo>test</bar>
+XML;
+
+ $dom = new DOMDocument('1.0');
+ $result = XmlSecurity::scan($xml, $dom);
+ $this->assertFalse($result);
+ }
+
+ public function testScanFile()
+ {
+ $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security');
+ file_put_contents($file, $this->getXml());
+
+ $result = XmlSecurity::scanFile($file);
+ $this->assertTrue($result instanceof SimpleXMLElement);
+ $this->assertEquals($result->result, 'test');
+ unlink($file);
+ }
+
+ public function testScanXmlWithDTD()
+ {
+ $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE results [
+<!ELEMENT results (result+)>
+<!ELEMENT result (#PCDATA)>
+]>
+<results>
+ <result>test</result>
+</results>
+XML;
+
+ $dom = new DOMDocument('1.0');
+ $result = XmlSecurity::scan($xml, $dom);
+ $this->assertTrue($result instanceof DOMDocument);
+ $this->assertTrue($result->validate());
+ }
+
+ protected function getXml()
+ {
+ return <<<XML
+<?xml version="1.0"?>
+<results>
+ <result>test</result>
+</results>
+XML;
+ }
+}
diff --git a/vendor/zendframework/zendxml/tests/phpunit.xml.dist b/vendor/zendframework/zendxml/tests/phpunit.xml.dist
new file mode 100755
index 000000000..069784bd7
--- /dev/null
+++ b/vendor/zendframework/zendxml/tests/phpunit.xml.dist
@@ -0,0 +1,27 @@
+<phpunit bootstrap="./Bootstrap.php" colors="true">
+ <testsuites>
+ <testsuite name="ZendXml Test Suite">
+ <directory>./ZendXmlTest</directory>
+ <exclude>./ZendXmlTest/TestAsset</exclude>
+ </testsuite>
+ </testsuites>
+
+ <groups>
+ <exclude>
+ </exclude>
+ </groups>
+
+ <listeners>
+ </listeners>
+
+ <filter>
+ <blacklist>
+ <directory suffix=".php">./ZendXmlTest</directory>
+ <directory>../vendor</directory>
+ </blacklist>
+ </filter>
+
+ <php>
+ </php>
+
+</phpunit>
generated by cgit v1.2.3 (git 2.25.1) at 2024-06-09 19:40:14 +0000