BookStack Code Mirror - bookstack/blob - tests/Unit/SsrUrlValidatorTest.php

   1 <?php
   2
   3 namespace Tests\Unit;
   4
   5 use BookStack\Exceptions\HttpFetchException;
   6 use BookStack\Util\SsrUrlValidator;
   7 use Tests\TestCase;
   8
   9 class SsrUrlValidatorTest extends TestCase
  10 {
  11     public function test_allowed()
  12     {
  13         $testMap = [
  14             // Single values
  15             ['config' => '', 'url' => '', 'result' => false],
  16             ['config' => '', 'url' => 'https://example.com', 'result' => false],
  17             ['config' => '    ', 'url' => 'https://example.com', 'result' => false],
  18             ['config' => '*', 'url' => '', 'result' => false],
  19             ['config' => '*', 'url' => 'https://example.com', 'result' => true],
  20             ['config' => 'https://*', 'url' => 'https://example.com', 'result' => true],
  21             ['config' => 'http://*', 'url' => 'https://example.com', 'result' => false],
  22             ['config' => 'https://*example.com', 'url' => 'https://example.com', 'result' => true],
  23             ['config' => 'https://*ample.com', 'url' => 'https://example.com', 'result' => true],
  24             ['config' => 'https://*.example.com', 'url' => 'https://example.com', 'result' => false],
  25             ['config' => 'https://*.example.com', 'url' => 'https://test.example.com', 'result' => true],
  26             ['config' => '*//example.com', 'url' => 'https://example.com', 'result' => true],
  27             ['config' => '*//example.com', 'url' => 'http://example.com', 'result' => true],
  28             ['config' => '*//example.co', 'url' => 'http://example.co.uk', 'result' => false],
  29             ['config' => '*//example.co/bookstack', 'url' => 'https://example.co/bookstack/a/path', 'result' => true],
  30             ['config' => '*//example.co*', 'url' => 'https://example.co.uk/bookstack/a/path', 'result' => true],
  31             ['config' => 'https://example.com', 'url' => 'https://example.com/a/b/c?test=cat', 'result' => true],
  32             ['config' => 'https://example.com', 'url' => 'https://example.co.uk', 'result' => false],
  33
  34             // Escapes
  35             ['config' => 'https://(.*?).com', 'url' => 'https://example.com', 'result' => false],
  36             ['config' => 'https://example.com', 'url' => 'https://example.co.uk#https://example.com', 'result' => false],
  37
  38             // Multi values
  39             ['config' => '*//example.org *//example.com', 'url' => 'https://example.com', 'result' => true],
  40             ['config' => '*//example.org *//example.com', 'url' => 'https://example.com/a/b/c?test=cat#hello', 'result' => true],
  41             ['config' => '*.example.org *.example.com', 'url' => 'https://example.co.uk', 'result' => false],
  42             ['config' => '  *.example.org  *.example.com  ', 'url' => 'https://example.co.uk', 'result' => false],
  43             ['config' => '* *.example.com', 'url' => 'https://example.co.uk', 'result' => true],
  44             ['config' => '*//example.org *//example.com *//example.co.uk', 'url' => 'https://example.co.uk', 'result' => true],
  45             ['config' => '*//example.org *//example.com *//example.co.uk', 'url' => 'https://example.net', 'result' => false],
  46         ];
  47
  48         foreach ($testMap as $test) {
  49             $result = (new SsrUrlValidator($test['config']))->allowed($test['url']);
  50             $this->assertEquals($test['result'], $result, "Failed asserting url '{$test['url']}' with config '{$test['config']}' results " . ($test['result'] ? 'true' : 'false'));
  51         }
  52     }
  53
  54     public function test_enssure_allowed()
  55     {
  56         $result = (new SsrUrlValidator('https://example.com'))->ensureAllowed('https://example.com');
  57         $this->assertNull($result);
  58
  59         $this->expectException(HttpFetchException::class);
  60         (new SsrUrlValidator('https://example.com'))->ensureAllowed('https://test.example.com');
  61     }
  62 }