search:
summary | log | graphiclog1 | graphiclog2 | commit | commitdiff | tree | refs | edit | fork
blame | history | raw | HEAD
Adding tests for securing private variable inclussion on templates.
[akelos.git] / test / unit / lib / AkActionView / AkPhpCodeSanitizer.php
blobbaec8ae98be911264c5331c60987433214ea510b
1 <?php
2
3 require_once(dirname(__FILE__).'/../../../fixtures/config/config.php');
4 require_once(AK_LIB_DIR.DS.'AkActionView'.DS.'AkPhpCodeSanitizer.php');
5
6 class AkPhpCodeSanitizer_TestCase extends AkUnitTest
7 {
8
9 function test_should_avoid_private_variables()
10 {
11 $this->assertInvalidCode('<?php $_private; ?>');
12 $this->assertInvalidCode('<?=$_private?>');
13 }
14
15 function test_should_avoid_private_array_keys()
16 {
17 $this->assertInvalidCode('<?php echo $var[\'_private\']; ?>');
18 $this->assertInvalidCode('<?php $var["_private"]?>');
19 $this->assertInvalidCode('<?php $var[public][_private]?>');
20 $this->assertInvalidCode('<?php $var[{\'_private\'}]?>');
21 }
22
23 function test_should_avoid_private_object_attributes()
24 {
25 $this->assertInvalidCode('<?php echo $var->_private; ?>');
26 $this->assertInvalidCode('<?php $var->_private?>');
27 $this->assertInvalidCode('<?php $var->public->_private]?>');
28 $this->assertInvalidCode('<?php $var->{\'_private\'}?>');
29 $this->assertInvalidCode('<?php $var->$variable_attr?>');
30 }
31
32
33 /**/
34 function assertValidCode($code)
35 {
36 $this->CodeSanitizer =& new AkPhpCodeSanitizer();
37 $this->CodeSanitizer->setOptions(array('code'=>$code));
38 $this->assertTrue($this->CodeSanitizer->isCodeSecure(), 'Secure code not accepted: '.$code);
39 }
40
41 function assertInvalidCode($code)
42 {
43 $this->CodeSanitizer =& new AkPhpCodeSanitizer();
44 $this->CodeSanitizer->setOptions(array('code'=>$code));
45 $this->assertFalse($this->CodeSanitizer->isCodeSecure(), 'Unsecure code not detected: '.$code);
46 $this->assertErrorPattern('/You can\'t use/');
47 }
48
49 }
50
51 ?>
git-svn copy of the project.