Skip to content

Commit

Permalink
Merge pull request #50 from paragonie/phpunit-bump
Browse files Browse the repository at this point in the history
Use newer PHPUnit
  • Loading branch information
paragonie-security authored Sep 2, 2020
2 parents 8d5e690 + c521953 commit 73ebd90
Show file tree
Hide file tree
Showing 5 changed files with 57 additions and 36 deletions.
3 changes: 2 additions & 1 deletion .travis.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,10 @@ language: php
sudo: false

php:
- "7.0"
- "7.1"
- "7.2"
- "7.3"
- "7.4"

matrix:
fast_finish: true
Expand Down
7 changes: 5 additions & 2 deletions composer.json
Original file line number Diff line number Diff line change
Expand Up @@ -30,15 +30,18 @@
}
},
"require": {
"php": "^7",
"php": "^7.1|^8",
"paragonie/constant_time_encoding": "^2"
},
"require-dev": {
"psr/http-message": "^1",
"phpunit/phpunit": "4.*|5.*",
"phpunit/phpunit": "^7|^8|^9",
"squizlabs/php_codesniffer": "^3",
"vimeo/psalm": "^3"
},
"scripts": {
"test": "phpunit && psalm"
},
"suggest": {
"psr/http-message": "For CSPBuilder::injectCSPHeader()"
}
Expand Down
6 changes: 0 additions & 6 deletions phpunit.xml.dist
Original file line number Diff line number Diff line change
Expand Up @@ -10,16 +10,10 @@
processIsolation="false"
stopOnError="false"
stopOnFailure="false"
syntaxCheck="true"
>
<testsuites>
<testsuite name="CSP Builder Test Suite">
<directory suffix="Test.php">./test</directory>
</testsuite>
</testsuites>
<filter>
<whitelist processUncoveredFilesFromWhitelist="true">
<directory suffix=".php">./src</directory>
</whitelist>
</filter>
</phpunit>
34 changes: 27 additions & 7 deletions src/CSPBuilder.php
Original file line number Diff line number Diff line change
Expand Up @@ -15,7 +15,7 @@ class CSPBuilder
const FORMAT_NGINX = 'nginx';

/**
* @var array
* @var array<array-key, mixed>
*/
private $policies = [];

Expand Down Expand Up @@ -142,6 +142,7 @@ public function compile(): string
*/
public function addSource(string $directive, string $path): self
{
$this->needsCompile = true;
switch ($directive) {
case 'child':
case 'frame':
Expand Down Expand Up @@ -212,6 +213,7 @@ public function addSource(string $directive, string $path): self
*/
public function addDirective(string $key, $value = null): self
{
$this->needsCompile = true;
if ($value === null) {
if (!isset($this->policies[$key])) {
$this->policies[$key] = true;
Expand Down Expand Up @@ -777,6 +779,8 @@ protected function compileSubgroup(string $directive, $policies = []): string
}
return $directive." 'none'; ";
}
/** @var array<array-key, mixed> $policies */

$ret = $directive.' ';
if ($directive === 'plugin-types') {
// Expects MIME types, not URLs
Expand All @@ -787,9 +791,12 @@ protected function compileSubgroup(string $directive, $policies = []): string
}

if (!empty($policies['allow'])) {
foreach ($policies['allow'] as $url) {
/** @var array<array-key, string> $allowedPolicies */
$allowedPolicies = $policies['allow'];
foreach ($allowedPolicies as $url) {
/** @var string|bool $url */
$url = \filter_var($url, FILTER_SANITIZE_URL);
if ($url !== false) {
if (\is_string($url)) {
if ($this->supportOldBrowsers && $directive !== 'sandbox') {
if (\strpos($url, '://') === false) {
if (($this->isHTTPSConnection() && $this->httpsTransformOnHttpsConnections)
Expand All @@ -812,7 +819,14 @@ protected function compileSubgroup(string $directive, $policies = []): string
}

if (!empty($policies['hashes'])) {
foreach ($policies['hashes'] as $hash) {
/** @var array<array-key, array<string, string>> $hashes */
$hashes = $policies['hashes'];
/** @var array<string, string> $hash */
foreach ($hashes as $hash) {
/**
* @var string $algo
* @var string $hashval
*/
foreach ($hash as $algo => $hashval) {
$ret .= \implode('', [
"'",
Expand All @@ -826,7 +840,10 @@ protected function compileSubgroup(string $directive, $policies = []): string
}

if (!empty($policies['nonces'])) {
foreach ($policies['nonces'] as $nonce) {
/** @var array<array-key, string> $nonces */
$nonces = $policies['nonces'];
/** @var string $nonce */
foreach ($nonces as $nonce) {
$ret .= \implode('', [
"'nonce-",
\preg_replace('/[^A-Za-z0-9\+\/=]/', '', $nonce),
Expand All @@ -836,8 +853,11 @@ protected function compileSubgroup(string $directive, $policies = []): string
}

if (!empty($policies['types'])) {
foreach ($policies['types'] as $type) {
$ret .= $type.' ';
/** @var array<array-key, string> $types */
$types = $policies['types'];
/** @var string $type */
foreach ($types as $type) {
$ret .= $type . ' ';
}
}

Expand Down
43 changes: 23 additions & 20 deletions test/BasicTest.php
Original file line number Diff line number Diff line change
Expand Up @@ -4,6 +4,7 @@

use ParagonIE\CSPBuilder\CSPBuilder;
use PHPUnit\Framework\TestCase;
use PHPUnit\Framework\MockObject\MockObject;

/**
* Class BasicTest
Expand Down Expand Up @@ -103,36 +104,38 @@ public function testPreHash()
*/
public function testSourceHttpsConversion()
{
/** @var CSPBuilder|\PHPUnit_Framework_MockObject_MockObject $cspHttp */
/** @var CSPBuilder|MockObject $cspHttp */
$cspHttp = $this->getMockBuilder(CSPBuilder::class)->setMethods(['isHTTPSConnection'])
->disableOriginalConstructor()->getMock();
$cspHttp->method('isHTTPSConnection')->willReturn(false);

$cspHttp->addSource('form', 'http://example.com');
$cspHttp->addSource('form', 'another.com');
$cspHttp->enableHttpsTransformOnHttpsConnections(); // enabled by default
/** @var string $compiledCspHttp */
$compiledCspHttp = $cspHttp->compile();
$this->assertContains('http://example.com', $compiledCspHttp);
$this->assertContains('http://another.com', $compiledCspHttp);
$this->assertStringContainsString('http://example.com', $compiledCspHttp);
$this->assertStringContainsString('http://another.com', $compiledCspHttp);

/** @var CSPBuilder|\PHPUnit_Framework_MockObject_MockObject $cspHttps */
/** @var CSPBuilder|MockObject $cspHttps */
$cspHttps = $this->getMockBuilder(CSPBuilder::class)->setMethods(['isHTTPSConnection'])
->disableOriginalConstructor()->getMock();
$cspHttps->method('isHTTPSConnection')->willReturn(true);

$cspHttps->addSource('form', 'http://example.com');
$cspHttps->addSource('form', 'another.com');

/** @var string $compiledCspHttpsWithConvertEnabled */
$compiledCspHttpsWithConvertEnabled = $cspHttps->compile();
$this->assertContains('https://example.com', $compiledCspHttpsWithConvertEnabled);
$this->assertContains('https://another.com', $compiledCspHttpsWithConvertEnabled);
$this->assertNotContains('http://example.com', $compiledCspHttpsWithConvertEnabled);
$this->assertNotContains('http://another.com', $compiledCspHttpsWithConvertEnabled);
$this->assertStringContainsString('https://example.com', $compiledCspHttpsWithConvertEnabled);
$this->assertStringContainsString('https://another.com', $compiledCspHttpsWithConvertEnabled);
$this->assertStringNotContainsString('http://example.com', $compiledCspHttpsWithConvertEnabled);
$this->assertStringNotContainsString('http://another.com', $compiledCspHttpsWithConvertEnabled);

$cspHttps->disableHttpsTransformOnHttpsConnections();
$compiledCspHttpsWithConvertDisabled = $cspHttps->compile();
$this->assertContains('http://example.com', $compiledCspHttpsWithConvertDisabled);
$this->assertContains('http://another.com', $compiledCspHttpsWithConvertDisabled);
$this->assertStringContainsString('http://example.com', $compiledCspHttpsWithConvertDisabled);
$this->assertStringContainsString('http://another.com', $compiledCspHttpsWithConvertDisabled);
}

/**
Expand All @@ -145,8 +148,8 @@ public function testUpgradeInsecureBeatsDisableHttpsConversionFlag()
$csp->disableHttpsTransformOnHttpsConnections();
$csp->addDirective('upgrade-insecure-requests');
$compiled = $csp->compile();
$this->assertContains('https://example.com', $compiled);
$this->assertNotContains('http://example.com', $compiled);
$this->assertStringContainsString('https://example.com', $compiled);
$this->assertStringNotContainsString('http://example.com', $compiled);
}

/**
Expand All @@ -159,7 +162,7 @@ public function testAllowDataUris()
$csp->setDataAllowed('img-src', true);
$compiled = $csp->compile();

$this->assertContains("data:", $compiled);
$this->assertStringContainsString("data:", $compiled);
}
/**
* @covers CSPBuilder::setSelfAllowed()
Expand Down Expand Up @@ -188,7 +191,7 @@ public function testAllowSelfUris()
$csp->setSelfAllowed('img-src', true);
$compiled = $csp->compile();

$this->assertContains("'self'", $compiled);
$this->assertStringContainsString("'self'", $compiled);
}

/**
Expand All @@ -201,7 +204,7 @@ public function testAllowUnsafeEval()
$csp->setAllowUnsafeEval('script-src', true);
$compiled = $csp->compile();

$this->assertContains("'unsafe-eval'", $compiled);
$this->assertStringContainsString("'unsafe-eval'", $compiled);
}

/**
Expand All @@ -214,7 +217,7 @@ public function testAllowUnsafeInline()
$csp->setAllowUnsafeInline('script-src', true);
$compiled = $csp->compile();

$this->assertContains("'unsafe-inline'", $compiled);
$this->assertStringContainsString("'unsafe-inline'", $compiled);
}

/**
Expand Down Expand Up @@ -251,13 +254,13 @@ public function testRemovingDirectives()
$csp->addSource('style-src', 'https://example.com');
$compiled = $csp->compile();

$this->assertContains('frame-ancestors https://example.com', $compiled);
$this->assertContains('style-src https://example.com', $compiled);
$this->assertStringContainsString('frame-ancestors https://example.com', $compiled);
$this->assertStringContainsString('style-src https://example.com', $compiled);

$csp->removeDirective('style-src');
$compiled = $csp->compile();

$this->assertContains('frame-ancestors https://example.com', $compiled);
$this->assertNotContains('style-src https://example.com', $compiled);
$this->assertStringContainsString('frame-ancestors https://example.com', $compiled);
$this->assertStringNotContainsString('style-src https://example.com', $compiled);
}
}

0 comments on commit 73ebd90

Please sign in to comment.