diff options
Diffstat (limited to 'tests/lib/Security/CSP')
3 files changed, 34 insertions, 26 deletions
diff --git a/tests/lib/Security/CSP/AddContentSecurityPolicyEventTest.php b/tests/lib/Security/CSP/AddContentSecurityPolicyEventTest.php index edc0c613655..39dd7a95890 100644 --- a/tests/lib/Security/CSP/AddContentSecurityPolicyEventTest.php +++ b/tests/lib/Security/CSP/AddContentSecurityPolicyEventTest.php @@ -15,7 +15,7 @@ use OCP\Security\CSP\AddContentSecurityPolicyEvent; use Test\TestCase; class AddContentSecurityPolicyEventTest extends TestCase { - public function testAddEvent() { + public function testAddEvent(): void { $cspManager = $this->createMock(ContentSecurityPolicyManager::class); $policy = $this->createMock(ContentSecurityPolicy::class); $event = new AddContentSecurityPolicyEvent($cspManager); diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php index dc0fe7c8340..a32a4132287 100644 --- a/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php +++ b/tests/lib/Security/CSP/ContentSecurityPolicyManagerTest.php @@ -11,8 +11,11 @@ declare(strict_types=1); namespace Test\Security\CSP; use OC\Security\CSP\ContentSecurityPolicyManager; +use OCP\AppFramework\Http\ContentSecurityPolicy; +use OCP\AppFramework\Http\EmptyContentSecurityPolicy; use OCP\EventDispatcher\IEventDispatcher; use OCP\Security\CSP\AddContentSecurityPolicyEvent; +use OCP\Server; use Test\TestCase; class ContentSecurityPolicyManagerTest extends TestCase { @@ -24,26 +27,26 @@ class ContentSecurityPolicyManagerTest extends TestCase { protected function setUp(): void { parent::setUp(); - $this->dispatcher = \OC::$server->query(IEventDispatcher::class); + $this->dispatcher = Server::get(IEventDispatcher::class); $this->contentSecurityPolicyManager = new ContentSecurityPolicyManager($this->dispatcher); } - public function testAddDefaultPolicy() { - $this->contentSecurityPolicyManager->addDefaultPolicy(new \OCP\AppFramework\Http\ContentSecurityPolicy()); + public function testAddDefaultPolicy(): void { + $this->contentSecurityPolicyManager->addDefaultPolicy(new ContentSecurityPolicy()); $this->addToAssertionCount(1); } - public function testGetDefaultPolicyWithPolicies() { - $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); + public function testGetDefaultPolicyWithPolicies(): void { + $policy = new ContentSecurityPolicy(); $policy->addAllowedFontDomain('mydomain.com'); $policy->addAllowedImageDomain('anotherdomain.de'); $this->contentSecurityPolicyManager->addDefaultPolicy($policy); - $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); + $policy = new ContentSecurityPolicy(); $policy->addAllowedFontDomain('example.com'); $policy->addAllowedImageDomain('example.org'); $policy->allowEvalScript(true); $this->contentSecurityPolicyManager->addDefaultPolicy($policy); - $policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy(); + $policy = new EmptyContentSecurityPolicy(); $policy->addAllowedChildSrcDomain('childdomain'); $policy->addAllowedFontDomain('anotherFontDomain'); $policy->addAllowedFormActionDomain('thirdDomain'); @@ -64,9 +67,9 @@ class ContentSecurityPolicyManagerTest extends TestCase { $this->assertSame($expectedStringPolicy, $this->contentSecurityPolicyManager->getDefaultPolicy()->buildPolicy()); } - public function testGetDefaultPolicyWithPoliciesViaEvent() { - $this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e) { - $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); + public function testGetDefaultPolicyWithPoliciesViaEvent(): void { + $this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e): void { + $policy = new ContentSecurityPolicy(); $policy->addAllowedFontDomain('mydomain.com'); $policy->addAllowedImageDomain('anotherdomain.de'); $policy->useStrictDynamic(true); @@ -75,16 +78,16 @@ class ContentSecurityPolicyManagerTest extends TestCase { $e->addPolicy($policy); }); - $this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e) { - $policy = new \OCP\AppFramework\Http\ContentSecurityPolicy(); + $this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e): void { + $policy = new ContentSecurityPolicy(); $policy->addAllowedFontDomain('example.com'); $policy->addAllowedImageDomain('example.org'); $policy->allowEvalScript(false); $e->addPolicy($policy); }); - $this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e) { - $policy = new \OCP\AppFramework\Http\EmptyContentSecurityPolicy(); + $this->dispatcher->addListener(AddContentSecurityPolicyEvent::class, function (AddContentSecurityPolicyEvent $e): void { + $policy = new EmptyContentSecurityPolicy(); $policy->addAllowedChildSrcDomain('childdomain'); $policy->addAllowedFontDomain('anotherFontDomain'); $policy->addAllowedFormActionDomain('thirdDomain'); diff --git a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php index f4281bd2b22..3765311155a 100644 --- a/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php +++ b/tests/lib/Security/CSP/ContentSecurityPolicyNonceManagerTest.php @@ -13,42 +13,46 @@ use OC\AppFramework\Http\Request; use OC\Security\CSP\ContentSecurityPolicyNonceManager; use OC\Security\CSRF\CsrfToken; use OC\Security\CSRF\CsrfTokenManager; +use PHPUnit\Framework\MockObject\MockObject; use Test\TestCase; class ContentSecurityPolicyNonceManagerTest extends TestCase { - /** @var CsrfTokenManager */ - private $csrfTokenManager; - /** @var Request */ + /** @var CsrfTokenManager&MockObject */ + private $CSRFTokenManager; + /** @var Request&MockObject */ private $request; /** @var ContentSecurityPolicyNonceManager */ private $nonceManager; protected function setUp(): void { - $this->csrfTokenManager = $this->createMock(CsrfTokenManager::class); + $this->CSRFTokenManager = $this->createMock(CsrfTokenManager::class); $this->request = $this->createMock(Request::class); $this->nonceManager = new ContentSecurityPolicyNonceManager( - $this->csrfTokenManager, + $this->CSRFTokenManager, $this->request ); } - public function testGetNonce() { + public function testGetNonce(): void { + $secret = base64_encode('secret'); + $tokenValue = base64_encode('secret' ^ 'value_') . ':' . $secret; $token = $this->createMock(CsrfToken::class); $token ->expects($this->once()) ->method('getEncryptedValue') - ->willReturn('MyToken'); + ->willReturn($tokenValue); - $this->csrfTokenManager + $this->CSRFTokenManager ->expects($this->once()) ->method('getToken') ->willReturn($token); - $this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce()); - $this->assertSame('TXlUb2tlbg==', $this->nonceManager->getNonce()); + $this->assertSame($secret, $this->nonceManager->getNonce()); + // call it twice but `getEncryptedValue` is expected to be called only once + $this->assertSame($secret, $this->nonceManager->getNonce()); } - public function testGetNonceServerVar() { + public function testGetNonceServerVar(): void { $token = 'SERVERNONCE'; $this->request ->method('__isset') @@ -61,6 +65,7 @@ class ContentSecurityPolicyNonceManagerTest extends TestCase { ->willReturn(['CSP_NONCE' => $token]); $this->assertSame($token, $this->nonceManager->getNonce()); + // call it twice but `CSP_NONCE` variable is expected to be loaded only once $this->assertSame($token, $this->nonceManager->getNonce()); } } |