summaryrefslogtreecommitdiffstats
path: root/tests/lib/Security/TrustedDomainHelperTest.php
blob: 26158401f795f5430b27116480c03011073e542c (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
<?php
/**
 * Copyright (c) 2015 Lukas Reschke <lukas@owncloud.com>
 * This file is licensed under the Affero General Public License version 3 or
 * later.
 * See the COPYING-README file.
 */

namespace Test\Security;

use OC\Security\TrustedDomainHelper;
use OCP\IConfig;

/**
 * Class TrustedDomainHelperTest
 */
class TrustedDomainHelperTest extends \Test\TestCase {
	/** @var IConfig */
	protected $config;

	protected function setUp(): void {
		parent::setUp();

		$this->config = $this->getMockBuilder(IConfig::class)->getMock();
	}

	/**
	 * @dataProvider trustedDomainDataProvider
	 * @param string $trustedDomains
	 * @param string $testDomain
	 * @param bool $result
	 */
	public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
		$this->config->expects($this->once())
			->method('getSystemValue')
			->with('trusted_domains')
			->will($this->returnValue($trustedDomains));

		$trustedDomainHelper = new TrustedDomainHelper($this->config);
		$this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain));
	}

	/**
	 * @return array
	 */
	public function trustedDomainDataProvider() {
		$trustedHostTestList = [
			'host.one.test',
			'host.two.test',
			'[1fff:0:a88:85a3::ac1f]',
			'host.three.test:443',
			'*.leading.host',
			'trailing.host*',
			'cen*ter',
			'*.leadingwith.port:123',
			'trailingwith.port*:456',
			'UPPERCASE.DOMAIN',
			'lowercase.domain',
		];
		return [
			// empty defaults to false with 8.1
			[null, 'host.one.test:8080', false],
			['', 'host.one.test:8080', false],
			[[], 'host.one.test:8080', false],
			// trust list when defined
			[$trustedHostTestList, 'host.two.test:8080', true],
			[$trustedHostTestList, 'host.two.test:9999', true],
			[$trustedHostTestList, 'host.three.test:8080', false],
			[$trustedHostTestList, 'host.two.test:8080:aa:222', false],
			[$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true],
			[$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true],
			[$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false],
			[$trustedHostTestList, 'host.three.test:443', true],
			[$trustedHostTestList, 'host.three.test:80', false],
			[$trustedHostTestList, 'host.three.test', false],
			// trust localhost regardless of trust list
			[$trustedHostTestList, 'localhost', true],
			[$trustedHostTestList, 'localhost:8080', true],
			[$trustedHostTestList, '127.0.0.1', true],
			[$trustedHostTestList, '127.0.0.1:8080', true],
			// do not trust invalid localhosts
			[$trustedHostTestList, 'localhost:1:2', false],
			[$trustedHostTestList, 'localhost: evil.host', false],
			// do not trust casting
			[[1], '1', false],
			// leading *
			[$trustedHostTestList, 'abc.leading.host', true],
			[$trustedHostTestList, 'abc.def.leading.host', true],
			[$trustedHostTestList, 'abc.def.leading.host.another', false],
			[$trustedHostTestList, 'abc.def.leading.host:123', true],
			[$trustedHostTestList, 'leading.host', false],
			// trailing *
			[$trustedHostTestList, 'trailing.host', true],
			[$trustedHostTestList, 'trailing.host.abc', true],
			[$trustedHostTestList, 'trailing.host.abc.def', true],
			[$trustedHostTestList, 'trailing.host.abc:123', true],
			[$trustedHostTestList, 'another.trailing.host', false],
			// center *
			[$trustedHostTestList, 'center', true],
			[$trustedHostTestList, 'cenxxxter', true],
			[$trustedHostTestList, 'cen.x.y.ter', true],
			// with port
			[$trustedHostTestList, 'abc.leadingwith.port:123', true],
			[$trustedHostTestList, 'abc.leadingwith.port:1234', false],
			[$trustedHostTestList, 'trailingwith.port.abc:456', true],
			[$trustedHostTestList, 'trailingwith.port.abc:123', false],
			// bad hostname
			[$trustedHostTestList, '-bad', false],
			[$trustedHostTestList, '-bad.leading.host', false],
			[$trustedHostTestList, 'bad..der.leading.host', false],
			// case sensitivity
			[$trustedHostTestList, 'uppercase.domain', true],
			[$trustedHostTestList, 'LOWERCASE.DOMAIN', true],
		];
	}
}