6eeb905871
We do not want to follow redirects to other protocols since they might allow an adversary to bypass network restrictions. (i.e. a redirect to ftp:// might be used to access files of a FTP server which might be in a secure zone and not be reachable from the net but from the ownCloud server) Get final redirect manually using get_headers() Migrate to HTTPHelper class and add unit tests
88 lines
2.7 KiB
PHP
88 lines
2.7 KiB
PHP
<?php
|
|
/**
|
|
* Copyright (c) 2014 Lukas Reschke <lukas@owncloud.com>
|
|
* This file is licensed under the Affero General Public License version 3 or
|
|
* later.
|
|
* See the COPYING-README file.
|
|
*/
|
|
|
|
class TestHTTPHelper extends \PHPUnit_Framework_TestCase {
|
|
|
|
/** @var \OC\AllConfig*/
|
|
private $config;
|
|
/** @var \OC\HTTPHelper */
|
|
private $httpHelperMock;
|
|
|
|
function setUp() {
|
|
$this->config = $this->getMockBuilder('\OC\AllConfig')
|
|
->disableOriginalConstructor()->getMock();
|
|
$this->httpHelperMock = $this->getMockBuilder('\OC\HTTPHelper')
|
|
->setConstructorArgs(array($this->config))
|
|
->setMethods(array('getHeaders'))
|
|
->getMock();
|
|
}
|
|
|
|
public function testIsHTTPProvider() {
|
|
return array(
|
|
array('http://wwww.owncloud.org/enterprise/', true),
|
|
array('https://wwww.owncloud.org/enterprise/', true),
|
|
array('HTTPS://WWW.OWNCLOUD.ORG', true),
|
|
array('HTTP://WWW.OWNCLOUD.ORG', true),
|
|
array('FILE://WWW.OWNCLOUD.ORG', false),
|
|
array('file://www.owncloud.org', false),
|
|
array('FTP://WWW.OWNCLOUD.ORG', false),
|
|
array('ftp://www.owncloud.org', false),
|
|
);
|
|
}
|
|
|
|
/**
|
|
* Note: Not using a dataprovider because onConsecutiveCalls expects not
|
|
* an array but the function arguments directly
|
|
*/
|
|
public function testGetFinalLocationOfURLValid() {
|
|
$url = 'https://www.owncloud.org/enterprise/';
|
|
$expected = 'https://www.owncloud.com/enterprise/';
|
|
$this->httpHelperMock->expects($this->any())
|
|
->method('getHeaders')
|
|
->will($this->onConsecutiveCalls(
|
|
array('Location' => 'http://www.owncloud.com/enterprise/'),
|
|
array('Location' => 'https://www.owncloud.com/enterprise/')
|
|
));
|
|
$result = $this->httpHelperMock->getFinalLocationOfURL($url);
|
|
$this->assertSame($expected, $result);
|
|
}
|
|
|
|
/**
|
|
* Note: Not using a dataprovider because onConsecutiveCalls expects not
|
|
* an array but the function arguments directly
|
|
*/
|
|
public function testGetFinalLocationOfURLInvalid() {
|
|
$url = 'https://www.owncloud.org/enterprise/';
|
|
$expected = 'http://www.owncloud.com/enterprise/';
|
|
$this->httpHelperMock->expects($this->any())
|
|
->method('getHeaders')
|
|
->will($this->onConsecutiveCalls(
|
|
array('Location' => 'http://www.owncloud.com/enterprise/'),
|
|
array('Location' => 'file://etc/passwd'),
|
|
array('Location' => 'http://www.example.com/')
|
|
));
|
|
$result = $this->httpHelperMock->getFinalLocationOfURL($url);
|
|
$this->assertSame($expected, $result);
|
|
}
|
|
|
|
/**
|
|
* @expectedException \Exception
|
|
* @expectedExceptionMessage URL must begin with HTTPS or HTTP.
|
|
*/
|
|
public function testGetFinalLocationOfURLException() {
|
|
$this->httpHelperMock->getFinalLocationOfURL('file://etc/passwd');
|
|
}
|
|
|
|
/**
|
|
* @dataProvider testIsHTTPProvider
|
|
*/
|
|
public function testIsHTTP($url, $expected) {
|
|
$this->assertSame($expected, $this->httpHelperMock->isHTTPURL($url));
|
|
}
|
|
|
|
}
|