Permalink
Browse files

Merge pull request #1360 from toopay/core-tests

Unit tests for Benchmark, Input and Security classes.
  • Loading branch information...
Phil Sturgeon
Phil Sturgeon committed May 16, 2012
2 parents f4f9f78 + 14455e5 commit 8279420f989a8cda4427c3983ee919c6a1073dd7
@@ -0,0 +1,42 @@
+<?php
+
+class Benchmark_test extends CI_TestCase {
+
+ public function set_up()
+ {
+ $this->benchmark = new Mock_Core_Benchmark();
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_mark()
+ {
+ $this->assertEmpty($this->benchmark->marker);
+
+ $this->benchmark->mark('code_start');
+
+ $this->assertEquals(1, count($this->benchmark->marker));
+ $this->assertArrayHasKey('code_start', $this->benchmark->marker);
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_elapsed_time()
+ {
+ $this->assertEquals('{elapsed_time}', $this->benchmark->elapsed_time());
+ $this->assertEmpty($this->benchmark->elapsed_time('undefined_point'));
+
+ $this->benchmark->mark('code_start');
+ sleep(1);
+ $this->benchmark->mark('code_end');
+
+ $this->assertEquals('1.00', $this->benchmark->elapsed_time('code_start', 'code_end', 3));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_memory_usage()
+ {
+ $this->assertEquals('{memory_usage}', $this->benchmark->memory_usage());
+ }
+}
@@ -0,0 +1,144 @@
+<?php
+
+class Input_test extends CI_TestCase {
+
+ public function set_up()
+ {
+ // Set server variable to GET as default, since this will leave unset in STDIN env
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+
+ // Set config for Input class
+ $this->ci_set_config('allow_get_array', TRUE);
+ $this->ci_set_config('global_xss_filtering', FALSE);
+ $this->ci_set_config('csrf_protection', FALSE);
+
+ $security = new Mock_Core_Security();
+ $utf8 = new Mock_Core_Utf8();
+
+ $this->input = new Mock_Core_Input($security, $utf8);
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_get_not_exists()
+ {
+ $this->assertEmpty($this->input->get());
+ $this->assertEmpty($this->input->get('foo'));
+
+ $this->assertTrue( ! $this->input->get());
+ $this->assertTrue( ! $this->input->get('foo'));
+
+ $this->assertTrue($this->input->get() == FALSE);
+ $this->assertTrue($this->input->get('foo') == FALSE);
+
+ $this->assertTrue($this->input->get() === FALSE);
+ $this->assertTrue($this->input->get('foo') === FALSE);
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_get_exist()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ $_GET['foo'] = 'bar';
+
+ $this->assertArrayHasKey('foo', $this->input->get());
+ $this->assertEquals('bar', $this->input->get('foo'));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_get_exist_with_xss_clean()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+ $_GET['harm'] = "Hello, i try to <script>alert('Hack');</script> your site";
+
+ $this->assertArrayHasKey('harm', $this->input->get());
+ $this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", $this->input->get('harm'));
+ $this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $this->input->get('harm', TRUE));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_post_not_exists()
+ {
+ $this->assertEmpty($this->input->post());
+ $this->assertEmpty($this->input->post('foo'));
+
+ $this->assertTrue( ! $this->input->post());
+ $this->assertTrue( ! $this->input->post('foo'));
+
+ $this->assertTrue($this->input->post() == FALSE);
+ $this->assertTrue($this->input->post('foo') == FALSE);
+
+ $this->assertTrue($this->input->post() === FALSE);
+ $this->assertTrue($this->input->post('foo') === FALSE);
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_post_exist()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_POST['foo'] = 'bar';
+
+ $this->assertArrayHasKey('foo', $this->input->post());
+ $this->assertEquals('bar', $this->input->post('foo'));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_post_exist_with_xss_clean()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_POST['harm'] = "Hello, i try to <script>alert('Hack');</script> your site";
+
+ $this->assertArrayHasKey('harm', $this->input->post());
+ $this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", $this->input->post('harm'));
+ $this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $this->input->post('harm', TRUE));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_get_post()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_POST['foo'] = 'bar';
+
+ $this->assertEquals('bar', $this->input->get_post('foo'));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_cookie()
+ {
+ $_COOKIE['foo'] = 'bar';
+
+ $this->assertEquals('bar', $this->input->cookie('foo'));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_server()
+ {
+ $this->assertEquals('GET', $this->input->server('REQUEST_METHOD'));
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_fetch_from_array()
+ {
+ $data = array(
+ 'foo' => 'bar',
+ 'harm' => 'Hello, i try to <script>alert(\'Hack\');</script> your site',
+ );
+
+ $foo = $this->input->fetch_from_array($data, 'foo');
+ $harm = $this->input->fetch_from_array($data, 'harm');
+ $harmless = $this->input->fetch_from_array($data, 'harm', TRUE);
+
+ $this->assertEquals('bar', $foo);
+ $this->assertEquals("Hello, i try to <script>alert('Hack');</script> your site", $harm);
+ $this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless);
+ }
+}
@@ -0,0 +1,73 @@
+<?php
+
+class Security_test extends CI_TestCase {
+
+ public function set_up()
+ {
+ // Set cookie for security test
+ $_COOKIE['ci_csrf_cookie'] = md5(uniqid(rand(), TRUE));
+
+ // Set config for Security class
+ $this->ci_set_config('csrf_protection', TRUE);
+ $this->ci_set_config('csrf_token_name', 'ci_csrf_token');
+ $this->ci_set_config('csrf_cookie_name', 'ci_csrf_cookie');
+
+ $this->security = new Mock_Core_Security();
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_csrf_verify()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'GET';
+
+ $this->assertInstanceOf('CI_Security', $this->security->csrf_verify());
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_csrf_verify_invalid()
+ {
+ // Without issuing $_POST[csrf_token_name], this request will triggering CSRF error
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+
+ $this->setExpectedException('RuntimeException', 'CI Error: The action you have requested is not allowed');
+
+ $this->security->csrf_verify();
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_csrf_verify_valid()
+ {
+ $_SERVER['REQUEST_METHOD'] = 'POST';
+ $_POST[$this->security->csrf_token_name] = $this->security->csrf_hash;
+
+ $this->assertInstanceOf('CI_Security', $this->security->csrf_verify());
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_get_csrf_hash()
+ {
+ $this->assertEquals($this->security->csrf_hash, $this->security->get_csrf_hash());
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_get_csrf_token_name()
+ {
+ $this->assertEquals('ci_csrf_token', $this->security->get_csrf_token_name());
+ }
+
+ // --------------------------------------------------------------------
+
+ public function test_xss_clean()
+ {
+ $harm_string = "Hello, i try to <script>alert('Hack');</script> your site";
+
+ $harmless_string = $this->security->xss_clean($harm_string);
+
+ $this->assertEquals("Hello, i try to [removed]alert&#40;'Hack'&#41;;[removed] your site", $harmless_string);
+ }
+}
@@ -6,7 +6,6 @@
//
// Prototype :
//
-// include_once('Mock_Core_Loader') // Will load ./mocks/core/loader.php
// $mock_table = new Mock_Libraries_Table(); // Will load ./mocks/libraries/table.php
// $mock_database_driver = new Mock_Database_Driver(); // Will load ./mocks/database/driver.php
// and so on...
@@ -0,0 +1,3 @@
+<?php
+
+class Mock_Core_Benchmark extends CI_Benchmark {}
View
@@ -0,0 +1,31 @@
+<?php
+
+class Mock_Core_Input extends CI_Input {
+
+ /**
+ * Since we use GLOBAL to fetch Security and Utf8 classes,
+ * we need to use inversion of control to mock up
+ * the same process within CI_Input class constructor.
+ *
+ * @covers CI_Input::__construct()
+ */
+ public function __construct($security, $utf8)
+ {
+ $this->_allow_get_array = (config_item('allow_get_array') === TRUE);
+ $this->_enable_xss = (config_item('global_xss_filtering') === TRUE);
+ $this->_enable_csrf = (config_item('csrf_protection') === TRUE);
+
+ // Assign Security and Utf8 classes
+ $this->security = $security;
+ $this->uni = $utf8;
+
+ // Sanitize global arrays
+ $this->_sanitize_globals();
+ }
+
+ public function fetch_from_array($array, $index = '', $xss_clean = FALSE)
+ {
+ return parent::_fetch_from_array($array, $index, $xss_clean);
+ }
+
+}
@@ -0,0 +1,30 @@
+<?php
+
+class Mock_Core_Security extends CI_Security {
+
+ public function csrf_set_cookie()
+ {
+ // We cannot set cookie in CLI mode, so for csrf test, who rely on $_COOKIE,
+ // we superseded set_cookie with directly set the cookie variable,
+ // @see : ./tests/codeigniter/core/Security_test.php, line 8
+ return $this;
+ }
+
+ // Overide inaccesible protected properties
+ public function __get($property)
+ {
+ return isset($this->{'_'.$property}) ? $this->{'_'.$property} : NULL;
+ }
+
+ // Overide inaccesible protected method
+ public function __call($method, $params)
+ {
+ if (is_callable(array($this, '_'.$method)))
+ {
+ return call_user_func_array(array($this, '_'.$method), $params);
+ }
+
+ throw new BadMethodCallException('Method '.$method.' was not found');
+ }
+
+}
View
@@ -0,0 +1,27 @@
+<?php
+
+class Mock_Core_Utf8 extends CI_Utf8 {
+
+ /**
+ * We need to define several constants as
+ * the same process within CI_Utf8 class constructor.
+ *
+ * @covers CI_Utf8::__construct()
+ */
+ public function __construct()
+ {
+ defined('UTF8_ENABLED') or define('UTF8_ENABLED', TRUE);
+
+ if (extension_loaded('mbstring'))
+ {
+ defined('MB_ENABLED') or define('MB_ENABLED', TRUE);
+ mb_internal_encoding('UTF-8');
+ }
+ else
+ {
+ defined('MB_ENABLED') or define('MB_ENABLED', FALSE);
+ }
+
+ }
+
+}
@@ -2,7 +2,7 @@
class Mock_Libraries_Table extends CI_Table {
- // Overide inaccesible private or protected method
+ // Overide inaccesible protected method
public function __call($method, $params)
{
if (is_callable(array($this, '_'.$method)))
@@ -21,8 +21,6 @@
<blacklist>
<directory suffix=".php">PEAR_INSTALL_DIR</directory>
<directory suffix=".php">PHP_LIBDIR</directory>
- <directory suffix=".php">PROJECT_BASE.'tests'</directory>
- <directory suffix=".php">'../../system/core/CodeIgniter.php'</directory>
</blacklist>
</filters>
</phpunit>
Oops, something went wrong.

0 comments on commit 8279420

Please sign in to comment.