66a134e69e
Stricter checking for valid domain names
111 lines
3.7 KiB
PHP
111 lines
3.7 KiB
PHP
<?php
|
|
/**
|
|
* Copyright (c) 2015 Lukas Reschke <lukas@owncloud.com>
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
* later.
|
|
* See the COPYING-README file.
|
|
*/
|
|
|
|
namespace Test\Security;
|
|
|
|
use \OC\Security\TrustedDomainHelper;
|
|
use OCP\IConfig;
|
|
|
|
/**
|
|
* Class TrustedDomainHelperTest
|
|
*/
|
|
class TrustedDomainHelperTest extends \Test\TestCase {
|
|
/** @var IConfig */
|
|
protected $config;
|
|
|
|
protected function setUp() {
|
|
parent::setUp();
|
|
|
|
$this->config = $this->getMockBuilder('\OCP\IConfig')->getMock();
|
|
}
|
|
|
|
/**
|
|
* @dataProvider trustedDomainDataProvider
|
|
* @param string $trustedDomains
|
|
* @param string $testDomain
|
|
* @param bool $result
|
|
*/
|
|
public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
|
|
$this->config->expects($this->once())
|
|
->method('getSystemValue')
|
|
->with('trusted_domains')
|
|
->will($this->returnValue($trustedDomains));
|
|
|
|
$trustedDomainHelper = new TrustedDomainHelper($this->config);
|
|
$this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain));
|
|
}
|
|
|
|
/**
|
|
* @return array
|
|
*/
|
|
public function trustedDomainDataProvider() {
|
|
$trustedHostTestList = [
|
|
'host.one.test',
|
|
'host.two.test',
|
|
'[1fff:0:a88:85a3::ac1f]',
|
|
'host.three.test:443',
|
|
'*.leading.host',
|
|
'trailing.host*',
|
|
'cen*ter',
|
|
'*.leadingwith.port:123',
|
|
'trailingwith.port*:456',
|
|
];
|
|
return [
|
|
// empty defaults to false with 8.1
|
|
[null, 'host.one.test:8080', false],
|
|
['', 'host.one.test:8080', false],
|
|
[[], 'host.one.test:8080', false],
|
|
// trust list when defined
|
|
[$trustedHostTestList, 'host.two.test:8080', true],
|
|
[$trustedHostTestList, 'host.two.test:9999', true],
|
|
[$trustedHostTestList, 'host.three.test:8080', false],
|
|
[$trustedHostTestList, 'host.two.test:8080:aa:222', false],
|
|
[$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true],
|
|
[$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true],
|
|
[$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false],
|
|
[$trustedHostTestList, 'host.three.test:443', true],
|
|
[$trustedHostTestList, 'host.three.test:80', false],
|
|
[$trustedHostTestList, 'host.three.test', false],
|
|
// trust localhost regardless of trust list
|
|
[$trustedHostTestList, 'localhost', true],
|
|
[$trustedHostTestList, 'localhost:8080', true],
|
|
[$trustedHostTestList, '127.0.0.1', true],
|
|
[$trustedHostTestList, '127.0.0.1:8080', true],
|
|
// do not trust invalid localhosts
|
|
[$trustedHostTestList, 'localhost:1:2', false],
|
|
[$trustedHostTestList, 'localhost: evil.host', false],
|
|
// do not trust casting
|
|
[[1], '1', false],
|
|
// leading *
|
|
[$trustedHostTestList, 'abc.leading.host', true],
|
|
[$trustedHostTestList, 'abc.def.leading.host', true],
|
|
[$trustedHostTestList, 'abc.def.leading.host.another', false],
|
|
[$trustedHostTestList, 'abc.def.leading.host:123', true],
|
|
[$trustedHostTestList, 'leading.host', false],
|
|
// trailing *
|
|
[$trustedHostTestList, 'trailing.host', true],
|
|
[$trustedHostTestList, 'trailing.host.abc', true],
|
|
[$trustedHostTestList, 'trailing.host.abc.def', true],
|
|
[$trustedHostTestList, 'trailing.host.abc:123', true],
|
|
[$trustedHostTestList, 'another.trailing.host', false],
|
|
// center *
|
|
[$trustedHostTestList, 'center', true],
|
|
[$trustedHostTestList, 'cenxxxter', true],
|
|
[$trustedHostTestList, 'cen.x.y.ter', true],
|
|
// with port
|
|
[$trustedHostTestList, 'abc.leadingwith.port:123', true],
|
|
[$trustedHostTestList, 'abc.leadingwith.port:1234', false],
|
|
[$trustedHostTestList, 'trailingwith.port.abc:456', true],
|
|
[$trustedHostTestList, 'trailingwith.port.abc:123', false],
|
|
// bad hostname
|
|
[$trustedHostTestList, '-bad', false],
|
|
[$trustedHostTestList, '-bad.leading.host', false],
|
|
[$trustedHostTestList, 'bad..der.leading.host', false],
|
|
];
|
|
}
|
|
}
|