ILIAS  release_5-3 Revision v5.3.23-19-g915713cf615
Public Member Functions | Protected Member Functions | Static Protected Attributes
Twig_Tests_Extension_SandboxTest Class Reference
+ Inheritance diagram for Twig_Tests_Extension_SandboxTest:
+ Collaboration diagram for Twig_Tests_Extension_SandboxTest:

Public Member Functions

 testSandboxWithInheritance ()
 @expectedException Twig_Sandbox_SecurityError @expectedExceptionMessage Filter "json_encode" is not allowed in "1_child" at line 3. More...
 
 testSandboxGloballySet ()
 
 testSandboxUnallowedMethodAccessor ()
 
 testSandboxUnallowedFilter ()
 
 testSandboxUnallowedTag ()
 
 testSandboxUnallowedProperty ()
 
 testSandboxUnallowedToString ()
 
 testSandboxUnallowedToStringArray ()
 
 testSandboxUnallowedFunction ()
 
 testSandboxUnallowedRangeOperator ()
 
 testSandboxAllowMethodFoo ()
 
 testSandboxAllowMethodToString ()
 
 testSandboxAllowMethodToStringDisabled ()
 
 testSandboxAllowFilter ()
 
 testSandboxAllowTag ()
 
 testSandboxAllowProperty ()
 
 testSandboxAllowFunction ()
 
 testSandboxAllowRangeOperator ()
 
 testSandboxAllowFunctionsCaseInsensitive ()
 
 testSandboxLocallySetForAnInclude ()
 
 testMacrosInASandbox ()
 
 testSandboxDisabledAfterIncludeFunctionError ()
 

Protected Member Functions

 setUp ()
 
 getEnvironment ($sandboxed, $options, $templates, $tags=array(), $filters=array(), $methods=array(), $properties=array(), $functions=array())
 

Static Protected Attributes

static $params
 
static $templates
 

Detailed Description

Definition at line 12 of file SandboxTest.php.

Member Function Documentation

◆ getEnvironment()

Twig_Tests_Extension_SandboxTest::getEnvironment (   $sandboxed,
  $options,
  $templates,
  $tags = array(),
  $filters = array(),
  $methods = array(),
  $properties = array(),
  $functions = array() 
)
protected

Definition at line 281 of file SandboxTest.php.

282 {
283 $loader = new Twig_Loader_Array($templates);
284 $twig = new Twig_Environment($loader, array_merge(array('debug' => true, 'cache' => false, 'autoescape' => false), $options));
285 $policy = new Twig_Sandbox_SecurityPolicy($tags, $filters, $methods, $properties, $functions);
286 $twig->addExtension(new Twig_Extension_Sandbox($policy, $sandboxed));
287
288 return $twig;
289 }
$options
if(!isset( $_REQUEST[ 'ReturnTo'])) if(!isset($_REQUEST['AuthId'])) $options
Definition: as_login.php:20
Twig_Environment
Stores the Twig configuration.
Definition: Environment.php:18
Twig_Extension_Sandbox
@final
Definition: Sandbox.php:16
Twig_Loader_Array
Loads a template from an array.
Definition: Array.php:27
Twig_Sandbox_SecurityPolicy
Represents a security policy which need to be enforced when sandbox mode is enabled.
Definition: SecurityPolicy.php:20
Twig_Tests_Extension_SandboxTest\$templates
static $templates
Definition: SandboxTest.php:15
$tags
$tags
Definition: croninfo.php:19

References $loader, $options, $tags, and $templates.

Referenced by testMacrosInASandbox(), testSandboxAllowFilter(), testSandboxAllowFunction(), testSandboxAllowFunctionsCaseInsensitive(), testSandboxAllowMethodFoo(), testSandboxAllowMethodToString(), testSandboxAllowMethodToStringDisabled(), testSandboxAllowProperty(), testSandboxAllowRangeOperator(), testSandboxAllowTag(), testSandboxDisabledAfterIncludeFunctionError(), testSandboxGloballySet(), testSandboxLocallySetForAnInclude(), testSandboxUnallowedFilter(), testSandboxUnallowedFunction(), testSandboxUnallowedMethodAccessor(), testSandboxUnallowedProperty(), testSandboxUnallowedRangeOperator(), testSandboxUnallowedTag(), testSandboxUnallowedToString(), testSandboxUnallowedToStringArray(), and testSandboxWithInheritance().

+ Here is the caller graph for this function:

◆ setUp()

Twig_Tests_Extension_SandboxTest::setUp ( )
protected

Definition at line 17 of file SandboxTest.php.

18 {
19 self::$params = array(
20 'name' => 'Fabien',
21 'obj' => new FooObject(),
22 'arr' => array('obj' => new FooObject()),
23 );
24
25 self::$templates = array(
26 '1_basic1' => '{{ obj.foo }}',
27 '1_basic2' => '{{ name|upper }}',
28 '1_basic3' => '{% if name %}foo{% endif %}',
29 '1_basic4' => '{{ obj.bar }}',
30 '1_basic5' => '{{ obj }}',
31 '1_basic6' => '{{ arr.obj }}',
32 '1_basic7' => '{{ cycle(["foo","bar"], 1) }}',
33 '1_basic8' => '{{ obj.getfoobar }}{{ obj.getFooBar }}',
34 '1_basic9' => '{{ obj.foobar }}{{ obj.fooBar }}',
35 '1_basic' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
36 '1_layout' => '{% block content %}{% endblock %}',
37 '1_child' => "{% extends \"1_layout\" %}\n{% block content %}\n{{ \"a\"|json_encode }}\n{% endblock %}",
38 '1_include' => '{{ include("1_basic1", sandboxed=true) }}',
39 '1_range_operator' => '{{ (1..2)[0] }}',
40 );
41 }
$params
$params
Definition: disable.php:11

References $params.

◆ testMacrosInASandbox()

Twig_Tests_Extension_SandboxTest::testMacrosInASandbox ( )

Definition at line 250 of file SandboxTest.php.

251 {
252 $twig = $this->getEnvironment(true, array('autoescape' => 'html'), array('index' => <<<EOF
253{%- import _self as macros %}
254
255{%- macro test(text) %}<p>{{ text }}</p>{% endmacro %}
256
257{{- macros.test('username') }}
258EOF
259 ), array('macro', 'import'), array('escape'));
260
261 $this->assertEquals('<p>username</p>', $twig->loadTemplate('index')->render(array()));
262 }
EOF
const EOF
How fgetc() reports an End Of File.
Definition: JSMin_lib.php:92
Twig_Tests_Extension_SandboxTest\getEnvironment
getEnvironment($sandboxed, $options, $templates, $tags=array(), $filters=array(), $methods=array(), $properties=array(), $functions=array())
Definition: SandboxTest.php:281

References EOF, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxAllowFilter()

Twig_Tests_Extension_SandboxTest::testSandboxAllowFilter ( )

Definition at line 183 of file SandboxTest.php.

184 {
185 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array('upper'));
186 $this->assertEquals('FABIEN', $twig->loadTemplate('1_basic2')->render(self::$params), 'Sandbox allow some filters');
187 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxAllowFunction()

Twig_Tests_Extension_SandboxTest::testSandboxAllowFunction ( )

Definition at line 201 of file SandboxTest.php.

202 {
203 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array(), array(), array('cycle'));
204 $this->assertEquals('bar', $twig->loadTemplate('1_basic7')->render(self::$params), 'Sandbox allow some functions');
205 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxAllowFunctionsCaseInsensitive()

Twig_Tests_Extension_SandboxTest::testSandboxAllowFunctionsCaseInsensitive ( )

Definition at line 213 of file SandboxTest.php.

214 {
215 foreach (array('getfoobar', 'getFoobar', 'getFooBar') as $name) {
216 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array('FooObject' => $name));
217 FooObject::reset();
218 $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic8')->render(self::$params), 'Sandbox allow methods in a case-insensitive way');
219 $this->assertEquals(2, FooObject::$called['getFooBar'], 'Sandbox only calls method once');
220
221 $this->assertEquals('foobarfoobar', $twig->loadTemplate('1_basic9')->render(self::$params), 'Sandbox allow methods via shortcut names (ie. without get/set)');
222 }
223 }
FooObject\reset
static reset()
Definition: SandboxTest.php:298
FooObject\$called
static $called
Definition: SandboxTest.php:294
$name
if($format !==null) $name
Definition: metadata.php:146

References FooObject\$called, $name, $params, getEnvironment(), and FooObject\reset().

+ Here is the call graph for this function:

◆ testSandboxAllowMethodFoo()

Twig_Tests_Extension_SandboxTest::testSandboxAllowMethodFoo ( )

Definition at line 159 of file SandboxTest.php.

160 {
161 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array('FooObject' => 'foo'));
162 FooObject::reset();
163 $this->assertEquals('foo', $twig->loadTemplate('1_basic1')->render(self::$params), 'Sandbox allow some methods');
164 $this->assertEquals(1, FooObject::$called['foo'], 'Sandbox only calls method once');
165 }

References FooObject\$called, $params, getEnvironment(), and FooObject\reset().

+ Here is the call graph for this function:

◆ testSandboxAllowMethodToString()

Twig_Tests_Extension_SandboxTest::testSandboxAllowMethodToString ( )

Definition at line 167 of file SandboxTest.php.

168 {
169 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array('FooObject' => '__toString'));
170 FooObject::reset();
171 $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allow some methods');
172 $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
173 }

References FooObject\$called, $params, getEnvironment(), and FooObject\reset().

+ Here is the call graph for this function:

◆ testSandboxAllowMethodToStringDisabled()

Twig_Tests_Extension_SandboxTest::testSandboxAllowMethodToStringDisabled ( )

Definition at line 175 of file SandboxTest.php.

176 {
177 $twig = $this->getEnvironment(false, array(), self::$templates);
178 FooObject::reset();
179 $this->assertEquals('foo', $twig->loadTemplate('1_basic5')->render(self::$params), 'Sandbox allows __toString when sandbox disabled');
180 $this->assertEquals(1, FooObject::$called['__toString'], 'Sandbox only calls method once');
181 }

References FooObject\$called, $params, getEnvironment(), and FooObject\reset().

+ Here is the call graph for this function:

◆ testSandboxAllowProperty()

Twig_Tests_Extension_SandboxTest::testSandboxAllowProperty ( )

Definition at line 195 of file SandboxTest.php.

196 {
197 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array(), array('FooObject' => 'bar'));
198 $this->assertEquals('bar', $twig->loadTemplate('1_basic4')->render(self::$params), 'Sandbox allow some properties');
199 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxAllowRangeOperator()

Twig_Tests_Extension_SandboxTest::testSandboxAllowRangeOperator ( )

Definition at line 207 of file SandboxTest.php.

208 {
209 $twig = $this->getEnvironment(true, array(), self::$templates, array(), array(), array(), array(), array('range'));
210 $this->assertEquals('1', $twig->loadTemplate('1_range_operator')->render(self::$params), 'Sandbox allow the range operator');
211 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxAllowTag()

Twig_Tests_Extension_SandboxTest::testSandboxAllowTag ( )

Definition at line 189 of file SandboxTest.php.

190 {
191 $twig = $this->getEnvironment(true, array(), self::$templates, array('if'));
192 $this->assertEquals('foo', $twig->loadTemplate('1_basic3')->render(self::$params), 'Sandbox allow some tags');
193 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxDisabledAfterIncludeFunctionError()

Twig_Tests_Extension_SandboxTest::testSandboxDisabledAfterIncludeFunctionError ( )

Definition at line 264 of file SandboxTest.php.

265 {
266 $twig = $this->getEnvironment(false, array(), self::$templates);
267
268 $e = null;
269 try {
270 $twig->loadTemplate('1_include')->render(self::$params);
271 } catch (Throwable $e) {
272 } catch (Exception $e) {
273 }
274 if (null === $e) {
275 $this->fail('An exception should be thrown for this test to be valid.');
276 }
277
278 $this->assertFalse($twig->getExtension('Twig_Extension_Sandbox')->isSandboxed(), 'Sandboxed include() function call should not leave Sandbox enabled when an error occurs.');
279 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxGloballySet()

Twig_Tests_Extension_SandboxTest::testSandboxGloballySet ( )

Definition at line 53 of file SandboxTest.php.

54 {
55 $twig = $this->getEnvironment(false, array(), self::$templates);
56 $this->assertEquals('FOO', $twig->loadTemplate('1_basic')->render(self::$params), 'Sandbox does nothing if it is disabled globally');
57 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxLocallySetForAnInclude()

Twig_Tests_Extension_SandboxTest::testSandboxLocallySetForAnInclude ( )

Definition at line 225 of file SandboxTest.php.

226 {
227 self::$templates = array(
228 '2_basic' => '{{ obj.foo }}{% include "2_included" %}{{ obj.foo }}',
229 '2_included' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
230 );
231
232 $twig = $this->getEnvironment(false, array(), self::$templates);
233 $this->assertEquals('fooFOOfoo', $twig->loadTemplate('2_basic')->render(self::$params), 'Sandbox does nothing if disabled globally and sandboxed not used for the include');
234
235 self::$templates = array(
236 '3_basic' => '{{ obj.foo }}{% sandbox %}{% include "3_included" %}{% endsandbox %}{{ obj.foo }}',
237 '3_included' => '{% if obj.foo %}{{ obj.foo|upper }}{% endif %}',
238 );
239
240 $twig = $this->getEnvironment(true, array(), self::$templates);
241 try {
242 $twig->loadTemplate('3_basic')->render(self::$params);
243 $this->fail('Sandbox throws a SecurityError exception when the included file is sandboxed');
244 } catch (Twig_Sandbox_SecurityError $e) {
245 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedTagError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedTagError');
246 $this->assertEquals('sandbox', $e->getTagName());
247 }
248 }
Twig_Sandbox_SecurityError
Exception thrown when a security error occurs at runtime.
Definition: SecurityError.php:18

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedFilter()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedFilter ( )

Definition at line 72 of file SandboxTest.php.

73 {
74 $twig = $this->getEnvironment(true, array(), self::$templates);
75 try {
76 $twig->loadTemplate('1_basic2')->render(self::$params);
77 $this->fail('Sandbox throws a SecurityError exception if an unallowed filter is called');
78 } catch (Twig_Sandbox_SecurityError $e) {
79 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedFilterError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedFilterError');
80 $this->assertEquals('upper', $e->getFilterName(), 'Exception should be raised on the "upper" filter');
81 }
82 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedFunction()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedFunction ( )

Definition at line 135 of file SandboxTest.php.

136 {
137 $twig = $this->getEnvironment(true, array(), self::$templates);
138 try {
139 $twig->loadTemplate('1_basic7')->render(self::$params);
140 $this->fail('Sandbox throws a SecurityError exception if an unallowed function is called in the template');
141 } catch (Twig_Sandbox_SecurityError $e) {
142 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedFunctionError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedFunctionError');
143 $this->assertEquals('cycle', $e->getFunctionName(), 'Exception should be raised on the "cycle" function');
144 }
145 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedMethodAccessor()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedMethodAccessor ( )

Definition at line 59 of file SandboxTest.php.

60 {
61 $twig = $this->getEnvironment(true, array(), self::$templates);
62 try {
63 $twig->loadTemplate('1_basic1')->render(self::$params);
64 $this->fail('Sandbox throws a SecurityError exception if an unallowed method is called');
65 } catch (Twig_Sandbox_SecurityError $e) {
66 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError');
67 $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
68 $this->assertEquals('foo', $e->getMethodName(), 'Exception should be raised on the "foo" method');
69 }
70 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedProperty()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedProperty ( )

Definition at line 96 of file SandboxTest.php.

97 {
98 $twig = $this->getEnvironment(true, array(), self::$templates);
99 try {
100 $twig->loadTemplate('1_basic4')->render(self::$params);
101 $this->fail('Sandbox throws a SecurityError exception if an unallowed property is called in the template');
102 } catch (Twig_Sandbox_SecurityError $e) {
103 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedPropertyError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedPropertyError');
104 $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
105 $this->assertEquals('bar', $e->getPropertyName(), 'Exception should be raised on the "bar" property');
106 }
107 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedRangeOperator()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedRangeOperator ( )

Definition at line 147 of file SandboxTest.php.

148 {
149 $twig = $this->getEnvironment(true, array(), self::$templates);
150 try {
151 $twig->loadTemplate('1_range_operator')->render(self::$params);
152 $this->fail('Sandbox throws a SecurityError exception if the unallowed range operator is called');
153 } catch (Twig_Sandbox_SecurityError $e) {
154 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedFunctionError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedFunctionError');
155 $this->assertEquals('range', $e->getFunctionName(), 'Exception should be raised on the "range" function');
156 }
157 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedTag()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedTag ( )

Definition at line 84 of file SandboxTest.php.

85 {
86 $twig = $this->getEnvironment(true, array(), self::$templates);
87 try {
88 $twig->loadTemplate('1_basic3')->render(self::$params);
89 $this->fail('Sandbox throws a SecurityError exception if an unallowed tag is used in the template');
90 } catch (Twig_Sandbox_SecurityError $e) {
91 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedTagError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedTagError');
92 $this->assertEquals('if', $e->getTagName(), 'Exception should be raised on the "if" tag');
93 }
94 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedToString()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedToString ( )

Definition at line 109 of file SandboxTest.php.

110 {
111 $twig = $this->getEnvironment(true, array(), self::$templates);
112 try {
113 $twig->loadTemplate('1_basic5')->render(self::$params);
114 $this->fail('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template');
115 } catch (Twig_Sandbox_SecurityError $e) {
116 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError');
117 $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
118 $this->assertEquals('__tostring', $e->getMethodName(), 'Exception should be raised on the "__toString" method');
119 }
120 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxUnallowedToStringArray()

Twig_Tests_Extension_SandboxTest::testSandboxUnallowedToStringArray ( )

Definition at line 122 of file SandboxTest.php.

123 {
124 $twig = $this->getEnvironment(true, array(), self::$templates);
125 try {
126 $twig->loadTemplate('1_basic6')->render(self::$params);
127 $this->fail('Sandbox throws a SecurityError exception if an unallowed method (__toString()) is called in the template');
128 } catch (Twig_Sandbox_SecurityError $e) {
129 $this->assertInstanceOf('Twig_Sandbox_SecurityNotAllowedMethodError', $e, 'Exception should be an instance of Twig_Sandbox_SecurityNotAllowedMethodError');
130 $this->assertEquals('FooObject', $e->getClassName(), 'Exception should be raised on the "FooObject" class');
131 $this->assertEquals('__tostring', $e->getMethodName(), 'Exception should be raised on the "__toString" method');
132 }
133 }

References $params, and getEnvironment().

+ Here is the call graph for this function:

◆ testSandboxWithInheritance()

Twig_Tests_Extension_SandboxTest::testSandboxWithInheritance ( )

@expectedException Twig_Sandbox_SecurityError @expectedExceptionMessage Filter "json_encode" is not allowed in "1_child" at line 3.

Definition at line 47 of file SandboxTest.php.

48 {
49 $twig = $this->getEnvironment(true, array(), self::$templates, array('block'));
50 $twig->loadTemplate('1_child')->render(array());
51 }

References getEnvironment().

+ Here is the call graph for this function:

Field Documentation

◆ $params

Twig_Tests_Extension_SandboxTest::$params
staticprotected

Definition at line 14 of file SandboxTest.php.

◆ $templates

Twig_Tests_Extension_SandboxTest::$templates
staticprotected

Definition at line 15 of file SandboxTest.php.

Referenced by getEnvironment().

The documentation for this class was generated from the following file: