diff options
| author | Lukas Reschke <lukas@owncloud.com> | 2014-09-11 19:21:56 +0200 |
|---|---|---|
| committer | Lukas Reschke <lukas@owncloud.com> | 2014-09-22 20:02:32 +0200 |
| commit | 6eeb905871fc7a671f99fd22c2592358a6abc02d (patch) | |
| tree | 391889ddb92d83a766a109cd7fc6bd58a4805691 /tests | |
| parent | 70937dabcdf60a047000347523bfee7a53e673e6 (diff) | |
| download | nextcloud-server-6eeb905871fc7a671f99fd22c2592358a6abc02d.tar.gz nextcloud-server-6eeb905871fc7a671f99fd22c2592358a6abc02d.zip | |
Do only follow HTTP and HTTPS redirects
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server)
Get final redirect manually using get_headers()
Migrate to HTTPHelper class and add unit tests
Diffstat (limited to 'tests')
| -rw-r--r-- | tests/lib/httphelper.php | 88 |
1 files changed, 88 insertions, 0 deletions
diff --git a/tests/lib/httphelper.php b/tests/lib/httphelper.php new file mode 100644 index 00000000000..191200aee3d --- /dev/null +++ b/tests/lib/httphelper.php @@ -0,0 +1,88 @@ +<?php +/** + * Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com> + * This file is licensed under the Affero General Public License version 3 or + * later. + * See the COPYING-README file. + */ + +class TestHTTPHelper extends \PHPUnit_Framework_TestCase { + + /** @var \OC\AllConfig*/ + private $config; + /** @var \OC\HTTPHelper */ + private $httpHelperMock; + + function setUp() { + $this->config = $this->getMockBuilder('\OC\AllConfig') + ->disableOriginalConstructor()->getMock(); + $this->httpHelperMock = $this->getMockBuilder('\OC\HTTPHelper') + ->setConstructorArgs(array($this->config)) + ->setMethods(array('getHeaders')) + ->getMock(); + } + + public function testIsHTTPProvider() { + return array( + array('http://wwww.owncloud.org/enterprise/', true), + array('https://wwww.owncloud.org/enterprise/', true), + array('HTTPS://WWW.OWNCLOUD.ORG', true), + array('HTTP://WWW.OWNCLOUD.ORG', true), + array('FILE://WWW.OWNCLOUD.ORG', false), + array('file://www.owncloud.org', false), + array('FTP://WWW.OWNCLOUD.ORG', false), + array('ftp://www.owncloud.org', false), + ); + } + + /** + * Note: Not using a dataprovider because onConsecutiveCalls expects not + * an array but the function arguments directly + */ + public function testGetFinalLocationOfURLValid() { + $url = 'https://www.owncloud.org/enterprise/'; + $expected = 'https://www.owncloud.com/enterprise/'; + $this->httpHelperMock->expects($this->any()) + ->method('getHeaders') + ->will($this->onConsecutiveCalls( + array('Location' => 'http://www.owncloud.com/enterprise/'), + array('Location' => 'https://www.owncloud.com/enterprise/') + )); + $result = $this->httpHelperMock->getFinalLocationOfURL($url); + $this->assertSame($expected, $result); + } + + /** + * Note: Not using a dataprovider because onConsecutiveCalls expects not + * an array but the function arguments directly + */ + public function testGetFinalLocationOfURLInvalid() { + $url = 'https://www.owncloud.org/enterprise/'; + $expected = 'http://www.owncloud.com/enterprise/'; + $this->httpHelperMock->expects($this->any()) + ->method('getHeaders') + ->will($this->onConsecutiveCalls( + array('Location' => 'http://www.owncloud.com/enterprise/'), + array('Location' => 'file://etc/passwd'), + array('Location' => 'http://www.example.com/') + )); + $result = $this->httpHelperMock->getFinalLocationOfURL($url); + $this->assertSame($expected, $result); + } + + /** + * @expectedException \Exception + * @expectedExceptionMessage URL must begin with HTTPS or HTTP. + */ + public function testGetFinalLocationOfURLException() { + $this->httpHelperMock->getFinalLocationOfURL('file://etc/passwd'); + } + + /** + * @dataProvider testIsHTTPProvider + */ + public function testIsHTTP($url, $expected) { + $this->assertSame($expected, $this->httpHelperMock->isHTTPURL($url)); + } + +} |