‪TYPO3CMS  10.4
ProductionExceptionHandlerTest.php
Go to the documentation of this file.
1 <?php
2 
3 /*
4  * This file is part of the TYPO3 CMS project.
5  *
6  * It is free software; you can redistribute it and/or modify it under
7  * the terms of the GNU General Public License, either version 2
8  * of the License, or any later version.
9  *
10  * For the full copyright and license information, please read the
11  * LICENSE.txt file that was distributed with this source code.
12  *
13  * The TYPO3 project - inspiring people to share!
14  */
15 
16 namespace ‪TYPO3\CMS\Core\Tests\Unit\Error;
17 
18 use Prophecy\Argument;
19 use Psr\Log\LoggerInterface;
20 use ‪TYPO3\CMS\Core\Error\ProductionExceptionHandler;
21 use ‪TYPO3\CMS\Core\Information\Typo3Information;
22 use ‪TYPO3\CMS\Core\Utility\GeneralUtility;
23 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
24 
28 class ‪ProductionExceptionHandlerTest extends UnitTestCase
29 {
30  protected ‪$resetSingletonInstances = true;
31 
35  protected ‪$subject;
36 
40  protected function ‪setUp(): void
41  {
42  parent::setUp();
43  $this->subject = $this->getMockBuilder(ProductionExceptionHandler::class)
44  ->setMethods(['discloseExceptionInformation', 'sendStatusHeaders', 'writeLogEntries'])
45  ->disableOriginalConstructor()
46  ->getMock();
47  $this->subject->expects(self::any())->method('discloseExceptionInformation')->willReturn(true);
48  }
49 
53  public function ‪echoExceptionWebEscapesExceptionMessage()
54  {
55  $typo3InformationProphecy = $this->prophesize(Typo3Information::class);
56  $typo3InformationProphecy->getCopyrightYear()->willReturn('1999-20XX');
57  GeneralUtility::addInstance(Typo3Information::class, $typo3InformationProphecy->reveal());
58  $message = '<b>b</b><script>alert(1);</script>';
59  $exception = new \Exception($message, 1476049364);
60  ob_start();
61  $this->subject->echoExceptionWeb($exception);
62  ‪$output = ob_get_contents();
63  ob_end_clean();
64  self::assertStringContainsString(htmlspecialchars($message), ‪$output);
65  self::assertStringNotContainsString($message, ‪$output);
66  }
67 
71  public function ‪echoExceptionWebEscapesExceptionTitle()
72  {
73  $typo3InformationProphecy = $this->prophesize(Typo3Information::class);
74  $typo3InformationProphecy->getCopyrightYear()->willReturn('1999-20XX');
75  GeneralUtility::addInstance(Typo3Information::class, $typo3InformationProphecy->reveal());
76  $title = '<b>b</b><script>alert(1);</script>';
78  $exception = $this->getMockBuilder('Exception')
79  ->setMethods(['getTitle'])
80  ->setConstructorArgs(['some message'])
81  ->getMock();
82  $exception->expects(self::any())->method('getTitle')->willReturn($title);
83  ob_start();
84  $this->subject->echoExceptionWeb($exception);
85  ‪$output = ob_get_contents();
86  ob_end_clean();
87  self::assertStringContainsString(htmlspecialchars($title), ‪$output);
88  self::assertStringNotContainsString($title, ‪$output);
89  }
90 
96  public function ‪exampleUrlsForTokenAnonymization(): array
97  {
98  return [
99  'url with valid token' => [
100  'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8ea206693b0d530ccd6b2b36',
101  'http://localhost/typo3/index.php?M=foo&moduleToken=--AnonymizedToken--'
102  ],
103  'url with valid token in the middle' => [
104  'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8ea206693b0d530ccd6b2b36&param=asdf',
105  'http://localhost/typo3/index.php?M=foo&moduleToken=--AnonymizedToken--&param=asdf'
106  ],
107  'url with invalid token' => [
108  'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8/e',
109  'http://localhost/typo3/index.php?M=foo&moduleToken=5f1f7d447f22886e8/e',
110  ],
111  'url with empty token' => [
112  'http://localhost/typo3/index.php?M=foo&moduleToken=',
113  'http://localhost/typo3/index.php?M=foo&moduleToken=',
114  ],
115  'url with no token' => [
116  'http://localhost/typo3/index.php?M=foo',
117  'http://localhost/typo3/index.php?M=foo',
118  ],
119  ];
120  }
121 
128  public function ‪logEntriesContainAnonymousTokens(string $originalUrl, string $expectedUrl)
129  {
130  $typo3InformationProphecy = $this->prophesize(Typo3Information::class);
131  $typo3InformationProphecy->getCopyrightYear()->willReturn('1999-20XX');
132  GeneralUtility::addInstance(Typo3Information::class, $typo3InformationProphecy->reveal());
133  ‪$subject = new ProductionExceptionHandler();
134  $logger = $this->prophesize(LoggerInterface::class);
135  $logger->critical(Argument::containingString($expectedUrl), Argument::cetera())->shouldBeCalled();
136  ‪$subject->setLogger($logger->reveal());
137 
138  GeneralUtility::setIndpEnv('TYPO3_REQUEST_URL', $originalUrl);
139  ‪$GLOBALS['BE_USER'] = null;
140 
141  $exception = new \Exception('message', 1476049365);
142  ob_start();
143  ‪$subject->‪echoExceptionWeb($exception);
144  // output is caught, so it does not pollute the test run
145  ob_end_clean();
146  }
147 }
‪TYPO3\CMS\Core\Information\Typo3Information
Definition: Typo3Information.php:26
‪TYPO3\CMS\Core\Error\ProductionExceptionHandler
Definition: ProductionExceptionHandler.php:30
‪TYPO3\CMS\Core\Error\ProductionExceptionHandler\echoExceptionWeb
‪echoExceptionWeb(\Throwable $exception)
Definition: ProductionExceptionHandler.php:56
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\$subject
‪TYPO3 CMS Core Error ProductionExceptionHandler PHPUnit Framework MockObject MockObject $subject
Definition: ProductionExceptionHandlerTest.php:34
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest
Definition: ProductionExceptionHandlerTest.php:29
‪TYPO3\CMS\Core\Tests\Unit\Error
Definition: DebugExceptionHandlerTest.php:16
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\$resetSingletonInstances
‪$resetSingletonInstances
Definition: ProductionExceptionHandlerTest.php:30
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\echoExceptionWebEscapesExceptionMessage
‪echoExceptionWebEscapesExceptionMessage()
Definition: ProductionExceptionHandlerTest.php:52
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\setUp
‪setUp()
Definition: ProductionExceptionHandlerTest.php:39
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\echoExceptionWebEscapesExceptionTitle
‪echoExceptionWebEscapesExceptionTitle()
Definition: ProductionExceptionHandlerTest.php:70
‪$output
‪$output
Definition: annotationChecker.php:119
‪$GLOBALS
‪$GLOBALS['TYPO3_CONF_VARS']['EXTCONF']['adminpanel']['modules']
Definition: ext_localconf.php:5
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\exampleUrlsForTokenAnonymization
‪string[][] exampleUrlsForTokenAnonymization()
Definition: ProductionExceptionHandlerTest.php:95
‪TYPO3\CMS\Core\Utility\GeneralUtility
Definition: GeneralUtility.php:46
‪TYPO3\CMS\Core\Tests\Unit\Error\ProductionExceptionHandlerTest\logEntriesContainAnonymousTokens
‪logEntriesContainAnonymousTokens(string $originalUrl, string $expectedUrl)
Definition: ProductionExceptionHandlerTest.php:127