From 886647d1caf7181e947a2e771600d1addfaf53ac Mon Sep 17 00:00:00 2001
From: Bernhard Posselt
Date: Mon, 24 Nov 2014 12:23:38 +0100
Subject: update zendxml
---
vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php | 152 ++++++++++++++++++++++
1 file changed, 152 insertions(+)
create mode 100644 vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php
(limited to 'vendor/ZendXml/tests/ZendXmlTest')
diff --git a/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php b/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php
new file mode 100644
index 000000000..0f0fbffba
--- /dev/null
+++ b/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php
@@ -0,0 +1,152 @@
+
+]>
+
+ This result is &harmless;
+
+XML;
+
+ $this->setExpectedException('ZendXml\Exception\RuntimeException');
+ $result = XmlSecurity::scan($xml);
+ }
+
+ public function testScanForXXE()
+ {
+ $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security');
+ file_put_contents($file, 'This is a remote content!');
+ $xml = <<
+
+]>
+
+ &foo;
+
+XML;
+
+ try {
+ $result = XmlSecurity::scan($xml);
+ } catch (Exception\RuntimeException $e) {
+ unlink($file);
+ return;
+ }
+ $this->fail('An expected exception has not been raised.');
+ }
+
+ public function testScanSimpleXmlResult()
+ {
+ $result = XmlSecurity::scan($this->getXml());
+ $this->assertTrue($result instanceof SimpleXMLElement);
+ $this->assertEquals($result->result, 'test');
+ }
+
+ public function testScanDom()
+ {
+ $dom = new DOMDocument('1.0');
+ $result = XmlSecurity::scan($this->getXml(), $dom);
+ $this->assertTrue($result instanceof DOMDocument);
+ $node = $result->getElementsByTagName('result')->item(0);
+ $this->assertEquals($node->nodeValue, 'test');
+ }
+
+ /**
+ * @requires PHP 5.4
+ */
+ public function testScanDomHTML()
+ {
+ // loadHtml accepts constants in php >= 5.4
+ // http://php.net/manual/de/domdocument.loadhtml.php
+ $dom = new DOMDocument('1.0');
+ $html = <<a simple test
+HTML;
+ $constants = LIBXML_HTML_NODEFDTD | LIBXML_HTML_NOIMPLIED;
+ $result = XmlSecurity::scanHtml($html, $dom, $constants);
+ $this->assertTrue($result instanceof DOMDocument);
+ $this->assertEquals($html, trim($result->saveHtml()));
+ }
+
+ public function testScanInvalidXml()
+ {
+ $xml = <<test
+XML;
+
+ $result = XmlSecurity::scan($xml);
+ $this->assertFalse($result);
+ }
+
+ public function testScanInvalidXmlDom()
+ {
+ $xml = <<test
+XML;
+
+ $dom = new DOMDocument('1.0');
+ $result = XmlSecurity::scan($xml, $dom);
+ $this->assertFalse($result);
+ }
+
+ public function testScanFile()
+ {
+ $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security');
+ file_put_contents($file, $this->getXml());
+
+ $result = XmlSecurity::scanFile($file);
+ $this->assertTrue($result instanceof SimpleXMLElement);
+ $this->assertEquals($result->result, 'test');
+ unlink($file);
+ }
+
+ public function testScanXmlWithDTD()
+ {
+ $xml = <<
+
+
+]>
+
+ test
+
+XML;
+
+ $dom = new DOMDocument('1.0');
+ $result = XmlSecurity::scan($xml, $dom);
+ $this->assertTrue($result instanceof DOMDocument);
+ $this->assertTrue($result->validate());
+ }
+
+ protected function getXml()
+ {
+ return <<
+
+ test
+
+XML;
+ }
+}
--
cgit v1.2.3