From 8331d8296b1972224cf6e1e391bba1c9380799a5 Mon Sep 17 00:00:00 2001 From: Daniel Kesselberg Date: Thu, 16 Jan 2020 11:26:29 +0100 Subject: Make getServerHost more robust to faulty user input Signed-off-by: Daniel Kesselberg --- tests/lib/AppFramework/Http/RequestTest.php | 46 +++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) (limited to 'tests') diff --git a/tests/lib/AppFramework/Http/RequestTest.php b/tests/lib/AppFramework/Http/RequestTest.php index 56982aaf511..be019050e1b 100644 --- a/tests/lib/AppFramework/Http/RequestTest.php +++ b/tests/lib/AppFramework/Http/RequestTest.php @@ -1222,6 +1222,52 @@ class RequestTest extends \Test\TestCase { $this->assertSame('', $request->getServerHost()); } + /** + * @return array + */ + public function dataGetServerHostTrustedDomain() { + return [ + 'is array' => ['my.trusted.host', ['my.trusted.host']], + 'is array but undefined index 0' => ['my.trusted.host', [2 => 'my.trusted.host']], + 'is string' => ['my.trusted.host', 'my.trusted.host'], + 'is null' => ['', null], + ]; + } + + /** + * @dataProvider dataGetServerHostTrustedDomain + * @param $expected + * @param $trustedDomain + */ + public function testGetServerHostTrustedDomain($expected, $trustedDomain) { + $this->config + ->method('getSystemValue') + ->willReturnCallback(function ($key, $default) use ($trustedDomain) { + if ($key === 'trusted_proxies') { + return ['1.2.3.4']; + } + if ($key === 'trusted_domains') { + return $trustedDomain; + } + return $default; + }); + + $request = new Request( + [ + 'server' => [ + 'HTTP_X_FORWARDED_HOST' => 'my.untrusted.host', + 'REMOTE_ADDR' => '1.2.3.4', + ], + ], + $this->secureRandom, + $this->config, + $this->csrfTokenManager, + $this->stream + ); + + $this->assertSame($expected, $request->getServerHost()); + } + public function testGetOverwriteHostDefaultNull() { $this->config ->expects($this->once()) -- cgit v1.2.3