Merge pull request #138 from romainneutron/fix-exception

Fix exceptions thrown by Report::fromRequest
nelmio · Feb 13, 2017 · 2ff1622 · 2ff1622
2 parents e12485e + cec0df6
commit 2ff1622
Show file tree

Hide file tree

Showing 3 changed files with 58 additions and 0 deletions.
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,3 +1,7 @@
+### 2.2.4 (2017-02-13)
+
+  * Fix exceptions thrown by Report::fromRequest
+
 ### 2.2.3 (2017-02-13)
 
   * Improve CSP filtering

diff --git a/ContentSecurityPolicy/Violation/Report.php b/ContentSecurityPolicy/Violation/Report.php
@@ -12,6 +12,9 @@
 namespace Nelmio\SecurityBundle\ContentSecurityPolicy\Violation;
 
 use Symfony\Component\HttpFoundation\Request;
+use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Exception\InvalidPayloadException;
+use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Exception\MissingCspReportException;
+use Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Exception\NoDataException;
 
 class Report
 {

diff --git a/Tests/ContentSecurityPolicy/Violation/ReportTest.php b/Tests/ContentSecurityPolicy/Violation/ReportTest.php
@@ -0,0 +1,51 @@
+<?php
+
+namespace Nelmio\SecurityBundle\ContentSecurityPolicy\Violation;
+
+use Symfony\Component\HttpFoundation\Request;
+
+class ReportTest extends \PHPUnit_Framework_TestCase
+{
+    /**
+     * @expectedException Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Exception\NoDataException
+     * @expectedExceptionMessage Content-Security-Policy Endpoint called without data
+     */
+    public function testFromRequestWithoutData()
+    {
+        Report::fromRequest(new Request());
+    }
+
+    /**
+     * @expectedException Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Exception\MissingCspReportException
+     * @expectedExceptionMessage Content-Security-Policy Endpoint called without "csp-report" data
+     */
+    public function testFromRequestWithoutReportKey()
+    {
+        Report::fromRequest(new Request(array(), array(), array(), array(), array(), array(), '{}'));
+    }
+
+    /**
+     * @expectedException Nelmio\SecurityBundle\ContentSecurityPolicy\Violation\Exception\InvalidPayloadException
+     * @expectedExceptionMessage Content-Security-Policy Endpoint called with invalid JSON data
+     */
+    public function testFromRequestWithInvalidJSON()
+    {
+        Report::fromRequest(new Request(array(), array(), array(), array(), array(), array(), 'yolo'));
+    }
+
+    public function testFromRequest()
+    {
+        $data = array(
+            'blocked-uri' => 'self',
+            'effective-directive' => 'script-src',
+            'script-sample' => 'try {  for(var lastpass_iter=0; lastpass',
+        );
+
+        $report = Report::fromRequest(new Request(array(), array(), array(), array(), array(), array(), json_encode(array(
+            'csp-report' => $data,
+        ))));
+
+        $this->assertSame($data, $report->getData());
+        $this->assertFalse($report->isData());
+    }
+}