From 886647d1caf7181e947a2e771600d1addfaf53ac Mon Sep 17 00:00:00 2001
From: Bernhard Posselt <dev@bernhard-posselt.com>
Date: Mon, 24 Nov 2014 12:23:38 +0100
Subject: update zendxml

---
 vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php | 152 ++++++++++++++++++++++
 1 file changed, 152 insertions(+)
 create mode 100644 vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php

(limited to 'vendor/ZendXml/tests/ZendXmlTest')

diff --git a/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php b/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php
new file mode 100644
index 000000000..0f0fbffba
--- /dev/null
+++ b/vendor/ZendXml/tests/ZendXmlTest/SecurityTest.php
@@ -0,0 +1,152 @@
+<?php
+/**
+ * Zend Framework (http://framework.zend.com/)
+ *
+ * @link      http://github.com/zendframework/zf2 for the canonical source repository
+ * @copyright Copyright (c) 2005-2013 Zend Technologies USA Inc. (http://www.zend.com)
+ * @license   http://framework.zend.com/license/new-bsd New BSD License
+ */
+namespace ZendTest\Xml;
+
+use ZendXml\Security as XmlSecurity;
+use ZendXml\Exception;
+use DOMDocument;
+use SimpleXMLElement;
+
+class SecurityTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @expectedException ZendXml\Exception\RuntimeException
+     */
+    public function testScanForXEE()
+    {
+        $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE results [<!ENTITY harmless "completely harmless">]>
+<results>
+    <result>This result is &harmless;</result>
+</results>
+XML;
+
+        $this->setExpectedException('ZendXml\Exception\RuntimeException');
+        $result = XmlSecurity::scan($xml);
+    }
+
+    public function testScanForXXE()
+    {
+        $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security');
+        file_put_contents($file, 'This is a remote content!');
+        $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$file">
+]>
+<results>
+    <result>&foo;</result>
+</results>
+XML;
+
+        try {
+            $result = XmlSecurity::scan($xml);
+        } catch (Exception\RuntimeException $e) {
+            unlink($file);
+            return;
+        }
+        $this->fail('An expected exception has not been raised.');
+    }
+
+    public function testScanSimpleXmlResult()
+    {
+        $result = XmlSecurity::scan($this->getXml());
+        $this->assertTrue($result instanceof SimpleXMLElement);
+        $this->assertEquals($result->result, 'test');
+    }
+
+    public function testScanDom()
+    {
+        $dom = new DOMDocument('1.0');
+        $result = XmlSecurity::scan($this->getXml(), $dom);
+        $this->assertTrue($result instanceof DOMDocument);
+        $node = $result->getElementsByTagName('result')->item(0);
+        $this->assertEquals($node->nodeValue, 'test');
+    }
+
+    /**
+     * @requires PHP 5.4
+     */
+    public function testScanDomHTML()
+    {
+        // loadHtml accepts constants in php >= 5.4
+        // http://php.net/manual/de/domdocument.loadhtml.php
+        $dom = new DOMDocument('1.0');
+        $html = <<<HTML
+<p>a simple test</p>
+HTML;
+        $constants = LIBXML_HTML_NODEFDTD | LIBXML_HTML_NOIMPLIED;
+        $result = XmlSecurity::scanHtml($html, $dom, $constants);
+        $this->assertTrue($result instanceof DOMDocument);
+        $this->assertEquals($html, trim($result->saveHtml()));
+    }
+
+    public function testScanInvalidXml()
+    {
+        $xml = <<<XML
+<foo>test</bar>
+XML;
+
+        $result = XmlSecurity::scan($xml);
+        $this->assertFalse($result);
+    }
+
+    public function testScanInvalidXmlDom()
+    {
+        $xml = <<<XML
+<foo>test</bar>
+XML;
+
+        $dom = new DOMDocument('1.0');
+        $result = XmlSecurity::scan($xml, $dom);
+        $this->assertFalse($result);
+    }
+
+    public function testScanFile()
+    {
+        $file = tempnam(sys_get_temp_dir(), 'ZendXml_Security');
+        file_put_contents($file, $this->getXml());
+
+        $result = XmlSecurity::scanFile($file);
+        $this->assertTrue($result instanceof SimpleXMLElement);
+        $this->assertEquals($result->result, 'test');
+        unlink($file);
+    }
+
+    public function testScanXmlWithDTD()
+    {
+        $xml = <<<XML
+<?xml version="1.0"?>
+<!DOCTYPE results [
+<!ELEMENT results (result+)>
+<!ELEMENT result (#PCDATA)>
+]>
+<results>
+    <result>test</result>
+</results>
+XML;
+
+        $dom = new DOMDocument('1.0');
+        $result = XmlSecurity::scan($xml, $dom);
+        $this->assertTrue($result instanceof DOMDocument);
+        $this->assertTrue($result->validate());
+    }
+
+    protected function getXml()
+    {
+        return <<<XML
+<?xml version="1.0"?>
+<results>
+    <result>test</result>
+</results>
+XML;
+    }
+}
-- 
cgit v1.2.3