ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
SanitizerTest.php
Go to the documentation of this file.
1<?php
3
7use PHPUnit\Framework\TestCase;
8
12class SanitizerTest extends TestCase
13{
17 protected $class;
18
22 protected function setUp()
23 {
24 $this->class = new Sanitizer();
25 }
26
27 protected function tearDown()
28 {
29 unset($this->class);
30 }
31
35 public function testLoadDefaultTags()
36 {
37 $tags = $this->class->getAllowedTags();
38
39 $this->assertInternalType('array', $tags);
40 }
41
45 public function testLoadDefaultAttributes()
46 {
47 $attributes = $this->class->getAllowedAttrs();
48
49 $this->assertInternalType('array', $attributes);
50 }
51
55 public function testSetCustomTags()
56 {
57 $this->class->setAllowedTags(new TestAllowedTags());
58
59 $tags = $this->class->getAllowedTags();
60
61 $this->assertInternalType('array', $tags);
62
63 $this->assertEquals(array_map('strtolower', TestAllowedTags::getTags()), $tags);
64 }
65
69 public function testSetCustomAttributes()
70 {
71 $this->class->setAllowedAttrs(new TestAllowedAttributes());
72
73 $attributes = $this->class->getAllowedAttrs();
74
75 $this->assertInternalType('array', $attributes);
76
77 $this->assertEquals( array_map('strtolower', TestAllowedAttributes::getAttributes()), $attributes);
78 }
79
83 public function testSanitizeXMLDoc()
84 {
85 $dataDirectory = __DIR__ . '/data';
86 $initialData = file_get_contents($dataDirectory . '/xmlTestOne.xml');
87 $expected = file_get_contents($dataDirectory . '/xmlCleanOne.xml');
88
89 $cleanData = $this->class->sanitize($initialData);
90
91 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
92 }
93
97 public function testSanitizeSVGDoc()
98 {
99 $dataDirectory = __DIR__ . '/data';
100 $initialData = file_get_contents($dataDirectory . '/svgTestOne.svg');
101 $expected = file_get_contents($dataDirectory . '/svgCleanOne.svg');
102
103 $cleanData = $this->class->sanitize($initialData);
104
105 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
106 }
107
111 public function testBadXMLReturnsFalse()
112 {
113 $dataDirectory = __DIR__ . '/data';
114 $initialData = file_get_contents($dataDirectory . '/badXmlTestOne.svg');
115
116 $cleanData = $this->class->sanitize($initialData);
117
118 $this->assertEquals(false, $cleanData);
119 }
120
124 public function testSanitizeHrefs()
125 {
126 $dataDirectory = __DIR__ . '/data';
127 $initialData = file_get_contents($dataDirectory . '/hrefTestOne.svg');
128 $expected = file_get_contents($dataDirectory . '/hrefCleanOne.svg');
129
130 $cleanData = $this->class->sanitize($initialData);
131
132 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
133 }
134
139 {
140 $dataDirectory = __DIR__ . '/data';
141 $initialData = file_get_contents($dataDirectory . '/hrefTestTwo.svg');
142 $expected = file_get_contents($dataDirectory . '/hrefCleanTwo.svg');
143
144 $cleanData = $this->class->sanitize($initialData);
145
146 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
147 }
148
152 public function testSanitizeExternal()
153 {
154 $dataDirectory = __DIR__ . '/data';
155 $initialData = file_get_contents($dataDirectory . '/externalTest.svg');
156 $expected = file_get_contents($dataDirectory . '/externalClean.svg');
157
158 $this->class->removeRemoteReferences(true);
159 $cleanData = $this->class->sanitize($initialData);
160 $this->class->removeRemoteReferences(false);
161
162 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
163 }
164
169 {
170 $dataDirectory = __DIR__ . '/data';
171 $initialData = file_get_contents($dataDirectory . '/svgTestOne.svg');
172 $expected = file_get_contents($dataDirectory . '/svgCleanOneMinified.svg');
173
174 $this->class->minify(true);
175 $cleanData = $this->class->sanitize($initialData);
176 $this->class->minify(false);
177
178 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
179 }
180
185 {
186 $dataDirectory = __DIR__ . '/data';
187 $initialData = file_get_contents($dataDirectory . '/ariaDataTest.svg');
188 $expected = file_get_contents($dataDirectory . '/ariaDataClean.svg');
189
190 $this->class->minify(false);
191 $cleanData = $this->class->sanitize($initialData);
192 $this->class->minify(false);
193
194 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
195 }
196
201 {
202 $dataDirectory = __DIR__ . '/data';
203 $initialData = file_get_contents($dataDirectory . '/useTest.svg');
204 $expected = file_get_contents($dataDirectory . '/useClean.svg');
205
206 $this->class->minify(false);
207 $cleanData = $this->class->sanitize($initialData);
208 $this->class->minify(false);
209
210 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
211 }
212
216 public function testMinifiedOptions()
217 {
218 $this->class->minify(true);
219 $this->class->removeXMLTag(true);
220 $this->class->setXMLOptions(0);
221
222 $input = '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>chevron-double-down</title><path d="M4 11.73l.68-.73L12 17.82 19.32 11l.68.73-7.66 7.13a.5.5 0 0 1-.68 0z"/><path d="M4 5.73L4.68 5 12 11.82 19.32 5l.68.73-7.66 7.13a.5.5 0 0 1-.68 0z"/></svg>';
223 $output = $this->class->sanitize($input);
224 $this->assertEquals($input, $output);
225 }
226
230 public function useRecursionsAreDetected()
231 {
232 $dataDirectory = __DIR__ . '/data';
233 $initialData = file_get_contents($dataDirectory . '/xlinkLaughsTest.svg');
234 $expected = file_get_contents($dataDirectory . '/xlinkLaughsClean.svg');
235
236 $this->class->minify(false);
237 $cleanData = $this->class->sanitize($initialData);
238
239 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
240 }
241
246 {
247 $dataDirectory = __DIR__ . '/data';
248 $initialData = file_get_contents($dataDirectory . '/xlinkLoopTest.svg');
249 $expected = file_get_contents($dataDirectory . '/xlinkLoopClean.svg');
250
251 $this->class->minify(false);
252 $cleanData = $this->class->sanitize($initialData);
253
254 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
255 }
256
261 {
262 $dataDirectory = __DIR__ . '/data';
263 $initialData = file_get_contents($dataDirectory . '/useDosTest.svg');
264 $expected = file_get_contents($dataDirectory . '/useDosClean.svg');
265
266 $this->class->minify(false);
267 $cleanData = $this->class->sanitize($initialData);
268
269 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
270 }
271
277 {
278 $dataDirectory = __DIR__ . '/data';
279 $initialData = file_get_contents($dataDirectory . '/useDosTestTwo.svg');
280 $expected = file_get_contents($dataDirectory . '/useDosCleanTwo.svg');
281
282 $this->class->minify(false);
283 $cleanData = $this->class->sanitize($initialData);
284
285 $this->assertXmlStringEqualsXmlString($expected, $cleanData);
286 }
287}
An exception for terminatinating execution or to throw for unit testing.
testSanitizeSVGDoc()
Test that malicious elements and attributes are removed from an SVG.
testLargeUseDOSattacksAreNullified()
Make sure that DOS attacks using the <use> element are detected, especially when the SVG is extremely...
testSetCustomAttributes()
Test the custom attribute setters and getters.
testSanitizeHrefsNoXlinkNamespace()
Make sure that hrefs get sanitized correctly when the xlink namespace is omitted.
testSanitizeXMLDoc()
Test that malicious elements and attributes are removed from standard XML.
testLoadDefaultTags()
Make sure the initial tags are loaded.
testThatExternalUseElementsAreStripped()
Test that ARIA and Data Attributes are allowed.
testThatAriaAndDataAttributesAreAllowed()
Test that ARIA and Data Attributes are allowed.
testSetCustomTags()
Test the custom tag setters and getters.
testLoadDefaultAttributes()
Make sure the initial attributes are loaded.
testBadXMLReturnsFalse()
Test that a badly formatted XML document returns false.
testUseDOSattacksAreNullified()
Make sure that DOS attacks using the <use> element are detected.
testSanitizeExternal()
Make sure that external references get sanitized correctly.
testSanitizeHrefs()
Make sure that hrefs get sanitized correctly.
testMinifiedOptions()
Test setXMLOptions and minifying works as expected.
testSanitizeAndMinifiySVGDoc()
Test that minification of an SVG works.
$tags
Definition: croninfo.php:19
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\s+" &#(? foreach( $entity_files as $file) $output
$attributes