‪TYPO3CMS  11.5
ContentSecurityPolicyHeaderTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse;
19 
20 use PHPUnit\Framework\TestCase;
21 use ‪TYPO3\CMS\Install\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeader;
22 
23 class ‪ContentSecurityPolicyHeaderTest extends TestCase
24 {
25  public function ‪mitigatesCrossSiteScriptingDataProvider(): array
26  {
27  return [
28  '#1' => [
29  '',
30  null,
31  false,
32  ],
33  '#2' => [
34  "default-src 'none'",
35  null,
36  true,
37  ],
38  '#3' => [
39  "script-src 'none'",
40  null,
41  false,
42  ],
43  '#4' => [
44  "style-src 'none'",
45  null,
46  false,
47  ],
48  '#5' => [
49  "default-src 'none'; script-src 'none'",
50  null,
51  true,
52  ],
53  '#6' => [
54  "default-src 'none'; style-src 'none'",
55  null,
56  true,
57  ],
58  '#7' => [
59  "default-src 'none'; object-src 'none'",
60  null,
61  true,
62  ],
63  '#8' => [
64  "default-src 'none'; script-src 'self'; style-src 'self'; object-src 'self'",
65  null,
66  false,
67  ],
68  '#9' => [
69  "script-src 'none'; style-src 'none'; object-src 'none'",
70  null,
71  true,
72  ],
73  '#10' => [
74  "default-src 'none'; script-src 'unsafe-eval'; style-src 'none'; object-src 'none'",
75  null,
76  false,
77  ],
78  '#11' => [
79  "default-src 'none'; script-src 'unsafe-inline'; style-src 'none'; object-src 'none'",
80  null,
81  false,
82  ],
83  '#12' => [
84  "default-src 'self'; script-src 'none'; style-src 'unsafe-inline'; object-src 'none'",
85  null,
86  false,
87  ],
88  '#13' => [
89  "default-src 'self'; script-src 'none'; style-src 'unsafe-inline'; object-src 'none'",
90  'file.svg',
91  true,
92  ],
93  ];
94  }
95 
103  public function ‪mitigatesCrossSiteScripting(string $header, ?string $fileName, $expectation): void
104  {
105  $subject = new ‪ContentSecurityPolicyHeader($header);
106  self::assertSame($expectation, $subject->mitigatesCrossSiteScripting($fileName));
107  }
108 }
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeaderTest
Definition: ContentSecurityPolicyHeaderTest.php:24
‪TYPO3\CMS\Install\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeader
Definition: ContentSecurityPolicyHeader.php:26
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeaderTest\mitigatesCrossSiteScripting
‪mitigatesCrossSiteScripting(string $header, ?string $fileName, $expectation)
Definition: ContentSecurityPolicyHeaderTest.php:103
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse
Definition: ContentSecurityPolicyHeaderTest.php:18
‪TYPO3\CMS\Install\Tests\Unit\SystemEnvironment\ServerResponse\ContentSecurityPolicyHeaderTest\mitigatesCrossSiteScriptingDataProvider
‪mitigatesCrossSiteScriptingDataProvider()
Definition: ContentSecurityPolicyHeaderTest.php:25