ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Protected Attributes
enshrined\svgSanitize\Tests\SanitizerTest Class Reference

Class SanitizerTest. More...

+ Inheritance diagram for enshrined\svgSanitize\Tests\SanitizerTest:
+ Collaboration diagram for enshrined\svgSanitize\Tests\SanitizerTest:

Public Member Functions

 testLoadDefaultTags ()
 Make sure the initial tags are loaded. More...
 
 testLoadDefaultAttributes ()
 Make sure the initial attributes are loaded. More...
 
 testSetCustomTags ()
 Test the custom tag setters and getters. More...
 
 testSetCustomAttributes ()
 Test the custom attribute setters and getters. More...
 
 testSanitizeXMLDoc ()
 Test that malicious elements and attributes are removed from standard XML. More...
 
 testSanitizeSVGDoc ()
 Test that malicious elements and attributes are removed from an SVG. More...
 
 testBadXMLReturnsFalse ()
 Test that a badly formatted XML document returns false. More...
 
 testSanitizeHrefs ()
 Make sure that hrefs get sanitized correctly. More...
 
 testSanitizeHrefsNoXlinkNamespace ()
 Make sure that hrefs get sanitized correctly when the xlink namespace is omitted. More...
 
 testSanitizeExternal ()
 Make sure that external references get sanitized correctly. More...
 
 testSanitizeAndMinifiySVGDoc ()
 Test that minification of an SVG works. More...
 
 testThatAriaAndDataAttributesAreAllowed ()
 Test that ARIA and Data Attributes are allowed. More...
 
 testThatExternalUseElementsAreStripped ()
 Test that ARIA and Data Attributes are allowed. More...
 
 testMinifiedOptions ()
 Test setXMLOptions and minifying works as expected. More...
 
 useRecursionsAreDetected ()
 
 infiniteUseLoopsAreDetected ()
 
 testUseDOSattacksAreNullified ()
 Make sure that DOS attacks using the <use> element are detected. More...
 
 testLargeUseDOSattacksAreNullified ()
 Make sure that DOS attacks using the <use> element are detected, especially when the SVG is extremely large. More...
 

Protected Member Functions

 setUp ()
 Set up the test class. More...
 
 tearDown ()
 

Protected Attributes

 $class
 

Detailed Description

Class SanitizerTest.

Definition at line 12 of file SanitizerTest.php.

Member Function Documentation

◆ infiniteUseLoopsAreDetected()

enshrined\svgSanitize\Tests\SanitizerTest::infiniteUseLoopsAreDetected ( )
Test:

Definition at line 245 of file SanitizerTest.php.

246  {
247  $dataDirectory = __DIR__ . '/data';
248  $initialData = file_get_contents($dataDirectory . '/xlinkLoopTest.svg');
249  $expected = file_get_contents($dataDirectory . '/xlinkLoopClean.svg');
250 
251  $this->class->minify(false);
252  $cleanData = $this->class->sanitize($initialData);
253 
254  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
255  }

◆ setUp()

enshrined\svgSanitize\Tests\SanitizerTest::setUp ( )
protected

Set up the test class.

Definition at line 22 of file SanitizerTest.php.

23  {
24  $this->class = new Sanitizer();
25  }

◆ tearDown()

enshrined\svgSanitize\Tests\SanitizerTest::tearDown ( )
protected

Definition at line 27 of file SanitizerTest.php.

28  {
29  unset($this->class);
30  }

◆ testBadXMLReturnsFalse()

enshrined\svgSanitize\Tests\SanitizerTest::testBadXMLReturnsFalse ( )

Test that a badly formatted XML document returns false.

Definition at line 111 of file SanitizerTest.php.

112  {
113  $dataDirectory = __DIR__ . '/data';
114  $initialData = file_get_contents($dataDirectory . '/badXmlTestOne.svg');
115 
116  $cleanData = $this->class->sanitize($initialData);
117 
118  $this->assertEquals(false, $cleanData);
119  }

◆ testLargeUseDOSattacksAreNullified()

enshrined\svgSanitize\Tests\SanitizerTest::testLargeUseDOSattacksAreNullified ( )

Make sure that DOS attacks using the <use> element are detected, especially when the SVG is extremely large.

Definition at line 276 of file SanitizerTest.php.

277  {
278  $dataDirectory = __DIR__ . '/data';
279  $initialData = file_get_contents($dataDirectory . '/useDosTestTwo.svg');
280  $expected = file_get_contents($dataDirectory . '/useDosCleanTwo.svg');
281 
282  $this->class->minify(false);
283  $cleanData = $this->class->sanitize($initialData);
284 
285  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
286  }

◆ testLoadDefaultAttributes()

enshrined\svgSanitize\Tests\SanitizerTest::testLoadDefaultAttributes ( )

Make sure the initial attributes are loaded.

Definition at line 45 of file SanitizerTest.php.

References $attributes.

46  {
47  $attributes = $this->class->getAllowedAttrs();
48 
49  $this->assertInternalType('array', $attributes);
50  }
$attributes
$attributes
Definition: serviceValidate.php:33

◆ testLoadDefaultTags()

enshrined\svgSanitize\Tests\SanitizerTest::testLoadDefaultTags ( )

Make sure the initial tags are loaded.

Definition at line 35 of file SanitizerTest.php.

References $tags.

36  {
37  $tags = $this->class->getAllowedTags();
38 
39  $this->assertInternalType('array', $tags);
40  }
$tags
$tags
Definition: croninfo.php:19

◆ testMinifiedOptions()

enshrined\svgSanitize\Tests\SanitizerTest::testMinifiedOptions ( )

Test setXMLOptions and minifying works as expected.

Definition at line 216 of file SanitizerTest.php.

References $output.

217  {
218  $this->class->minify(true);
219  $this->class->removeXMLTag(true);
220  $this->class->setXMLOptions(0);
221 
222  $input = '<svg xmlns="http://www.w3.org/2000/svg" width="24" height="24" viewBox="0 0 24 24"><title>chevron-double-down</title><path d="M4 11.73l.68-.73L12 17.82 19.32 11l.68.73-7.66 7.13a.5.5 0 0 1-.68 0z"/><path d="M4 5.73L4.68 5 12 11.82 19.32 5l.68.73-7.66 7.13a.5.5 0 0 1-.68 0z"/></svg>';
223  $output = $this->class->sanitize($input);
224  $this->assertEquals($input, $output);
225  }
$output
if(!is_dir( $entity_dir)) exit("Fatal Error ([A-Za-z0-9]+)\+" &#(? foreach( $entity_files as $file) $output
Definition: generate-entity-file.php:67

◆ testSanitizeAndMinifiySVGDoc()

enshrined\svgSanitize\Tests\SanitizerTest::testSanitizeAndMinifiySVGDoc ( )

Test that minification of an SVG works.

Definition at line 168 of file SanitizerTest.php.

169  {
170  $dataDirectory = __DIR__ . '/data';
171  $initialData = file_get_contents($dataDirectory . '/svgTestOne.svg');
172  $expected = file_get_contents($dataDirectory . '/svgCleanOneMinified.svg');
173 
174  $this->class->minify(true);
175  $cleanData = $this->class->sanitize($initialData);
176  $this->class->minify(false);
177 
178  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
179  }

◆ testSanitizeExternal()

enshrined\svgSanitize\Tests\SanitizerTest::testSanitizeExternal ( )

Make sure that external references get sanitized correctly.

Definition at line 152 of file SanitizerTest.php.

153  {
154  $dataDirectory = __DIR__ . '/data';
155  $initialData = file_get_contents($dataDirectory . '/externalTest.svg');
156  $expected = file_get_contents($dataDirectory . '/externalClean.svg');
157 
158  $this->class->removeRemoteReferences(true);
159  $cleanData = $this->class->sanitize($initialData);
160  $this->class->removeRemoteReferences(false);
161 
162  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
163  }

◆ testSanitizeHrefs()

enshrined\svgSanitize\Tests\SanitizerTest::testSanitizeHrefs ( )

Make sure that hrefs get sanitized correctly.

Definition at line 124 of file SanitizerTest.php.

125  {
126  $dataDirectory = __DIR__ . '/data';
127  $initialData = file_get_contents($dataDirectory . '/hrefTestOne.svg');
128  $expected = file_get_contents($dataDirectory . '/hrefCleanOne.svg');
129 
130  $cleanData = $this->class->sanitize($initialData);
131 
132  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
133  }

◆ testSanitizeHrefsNoXlinkNamespace()

enshrined\svgSanitize\Tests\SanitizerTest::testSanitizeHrefsNoXlinkNamespace ( )

Make sure that hrefs get sanitized correctly when the xlink namespace is omitted.

Definition at line 138 of file SanitizerTest.php.

139  {
140  $dataDirectory = __DIR__ . '/data';
141  $initialData = file_get_contents($dataDirectory . '/hrefTestTwo.svg');
142  $expected = file_get_contents($dataDirectory . '/hrefCleanTwo.svg');
143 
144  $cleanData = $this->class->sanitize($initialData);
145 
146  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
147  }

◆ testSanitizeSVGDoc()

enshrined\svgSanitize\Tests\SanitizerTest::testSanitizeSVGDoc ( )

Test that malicious elements and attributes are removed from an SVG.

Definition at line 97 of file SanitizerTest.php.

98  {
99  $dataDirectory = __DIR__ . '/data';
100  $initialData = file_get_contents($dataDirectory . '/svgTestOne.svg');
101  $expected = file_get_contents($dataDirectory . '/svgCleanOne.svg');
102 
103  $cleanData = $this->class->sanitize($initialData);
104 
105  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
106  }

◆ testSanitizeXMLDoc()

enshrined\svgSanitize\Tests\SanitizerTest::testSanitizeXMLDoc ( )

Test that malicious elements and attributes are removed from standard XML.

Definition at line 83 of file SanitizerTest.php.

84  {
85  $dataDirectory = __DIR__ . '/data';
86  $initialData = file_get_contents($dataDirectory . '/xmlTestOne.xml');
87  $expected = file_get_contents($dataDirectory . '/xmlCleanOne.xml');
88 
89  $cleanData = $this->class->sanitize($initialData);
90 
91  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
92  }

◆ testSetCustomAttributes()

enshrined\svgSanitize\Tests\SanitizerTest::testSetCustomAttributes ( )

Test the custom attribute setters and getters.

Definition at line 69 of file SanitizerTest.php.

References $attributes, and enshrined\svgSanitize\Tests\Fixtures\TestAllowedAttributes\getAttributes().

70  {
71  $this->class->setAllowedAttrs(new TestAllowedAttributes());
72 
73  $attributes = $this->class->getAllowedAttrs();
74 
75  $this->assertInternalType('array', $attributes);
76 
77  $this->assertEquals( array_map('strtolower', TestAllowedAttributes::getAttributes()), $attributes);
78  }
$attributes
$attributes
Definition: serviceValidate.php:33
+ Here is the call graph for this function:

◆ testSetCustomTags()

enshrined\svgSanitize\Tests\SanitizerTest::testSetCustomTags ( )

Test the custom tag setters and getters.

Definition at line 55 of file SanitizerTest.php.

References $tags, and enshrined\svgSanitize\Tests\Fixtures\TestAllowedTags\getTags().

56  {
57  $this->class->setAllowedTags(new TestAllowedTags());
58 
59  $tags = $this->class->getAllowedTags();
60 
61  $this->assertInternalType('array', $tags);
62 
63  $this->assertEquals(array_map('strtolower', TestAllowedTags::getTags()), $tags);
64  }
$tags
$tags
Definition: croninfo.php:19
+ Here is the call graph for this function:

◆ testThatAriaAndDataAttributesAreAllowed()

enshrined\svgSanitize\Tests\SanitizerTest::testThatAriaAndDataAttributesAreAllowed ( )

Test that ARIA and Data Attributes are allowed.

Definition at line 184 of file SanitizerTest.php.

185  {
186  $dataDirectory = __DIR__ . '/data';
187  $initialData = file_get_contents($dataDirectory . '/ariaDataTest.svg');
188  $expected = file_get_contents($dataDirectory . '/ariaDataClean.svg');
189 
190  $this->class->minify(false);
191  $cleanData = $this->class->sanitize($initialData);
192  $this->class->minify(false);
193 
194  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
195  }

◆ testThatExternalUseElementsAreStripped()

enshrined\svgSanitize\Tests\SanitizerTest::testThatExternalUseElementsAreStripped ( )

Test that ARIA and Data Attributes are allowed.

Definition at line 200 of file SanitizerTest.php.

201  {
202  $dataDirectory = __DIR__ . '/data';
203  $initialData = file_get_contents($dataDirectory . '/useTest.svg');
204  $expected = file_get_contents($dataDirectory . '/useClean.svg');
205 
206  $this->class->minify(false);
207  $cleanData = $this->class->sanitize($initialData);
208  $this->class->minify(false);
209 
210  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
211  }

◆ testUseDOSattacksAreNullified()

enshrined\svgSanitize\Tests\SanitizerTest::testUseDOSattacksAreNullified ( )

Make sure that DOS attacks using the <use> element are detected.

Definition at line 260 of file SanitizerTest.php.

261  {
262  $dataDirectory = __DIR__ . '/data';
263  $initialData = file_get_contents($dataDirectory . '/useDosTest.svg');
264  $expected = file_get_contents($dataDirectory . '/useDosClean.svg');
265 
266  $this->class->minify(false);
267  $cleanData = $this->class->sanitize($initialData);
268 
269  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
270  }

◆ useRecursionsAreDetected()

enshrined\svgSanitize\Tests\SanitizerTest::useRecursionsAreDetected ( )
Test:

Definition at line 230 of file SanitizerTest.php.

231  {
232  $dataDirectory = __DIR__ . '/data';
233  $initialData = file_get_contents($dataDirectory . '/xlinkLaughsTest.svg');
234  $expected = file_get_contents($dataDirectory . '/xlinkLaughsClean.svg');
235 
236  $this->class->minify(false);
237  $cleanData = $this->class->sanitize($initialData);
238 
239  $this->assertXmlStringEqualsXmlString($expected, $cleanData);
240  }

Field Documentation

◆ $class

enshrined\svgSanitize\Tests\SanitizerTest::$class
protected

Definition at line 17 of file SanitizerTest.php.

The documentation for this class was generated from the following file: