‪TYPO3CMS  ‪main
UriValueTest.php
Go to the documentation of this file.
1 <?php
2 
3 declare(strict_types=1);
4 
5 /*
6  * This file is part of the TYPO3 CMS project.
7  *
8  * It is free software; you can redistribute it and/or modify it under
9  * the terms of the GNU General Public License, either version 2
10  * of the License, or any later version.
11  *
12  * For the full copyright and license information, please read the
13  * LICENSE.txt file that was distributed with this source code.
14  *
15  * The TYPO3 project - inspiring people to share!
16  */
17 
18 namespace ‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy;
19 
20 use PHPUnit\Framework\Attributes\DataProvider;
21 use PHPUnit\Framework\Attributes\Test;
22 use ‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue;
23 use TYPO3\TestingFramework\Core\Unit\UnitTestCase;
24 
25 final class ‪UriValueTest extends UnitTestCase
26 {
27  public static function ‪uriIsParsedAndSerializedDataProvider(): \Generator
28  {
29  yield ['https://www.typo3.org/uri/path.html?key=value#fragment', 'https://www.typo3.org/uri/path.html?key=value'];
30  yield ['//www.typo3.org/uri/path.html?key=value#fragment', '//www.typo3.org/uri/path.html?key=value'];
31  yield ['https://www.typo3.org#fragment', 'https://www.typo3.org'];
32  yield ['//www.typo3.org#fragment', '//www.typo3.org'];
33  yield ['https://*.typo3.org#fragment', 'https://*.typo3.org'];
34  yield ['//*.typo3.org#fragment', '//*.typo3.org'];
35  yield ['www.typo3.org#fragment', 'www.typo3.org'];
36  yield ['*.typo3.org#fragment', '*.typo3.org'];
37 
38  yield ['https://www.typo3.org/uri/path.html?key=value'];
39  yield ['https://www.typo3.org'];
40  yield ['https://*.typo3.org'];
41  yield ['//www.typo3.org/uri/path.html?key=value'];
42  yield ['//www.typo3.org'];
43  yield ['www.typo3.org'];
44  yield ['*.typo3.org'];
45  yield ['*'];
46 
47  // expected behavior, falls back to upstream parserĀ“
48  // (since e.g. query-param is given, which is not expected here in the scope of CSP with `UriValue`)
49  yield ['www.typo3.org?key=value', '/www.typo3.org?key=value'];
50  yield ['*.typo3.org?key=value', '/%2A.typo3.org?key=value'];
51  }
52 
53  #[DataProvider('uriIsParsedAndSerializedDataProvider')]
54  #[Test]
55  public function ‪uriIsParsedAndSerialized(string $value, string $expectation = null): void
56  {
57  $uri = new ‪UriValue($value);
58  self::assertSame($expectation ?? $value, (string)$uri);
59  }
60 
61  public static function ‪urisAreEqualDataProvider(): \Generator
62  {
63  yield ['https://example.com/path/file.js', 'https://example.com/path/file.js', true];
64  yield ['https://example.com/path/file.js', 'https://example.com/path/file.css', false];
65  yield ['https://*.example.com', 'https://*.example.com', true];
66  yield ['example.com/path', 'example.com/path', true];
67  yield ['example.com/path', 'example.com/other', false];
68  yield ['*.example.com', '*.example.com', true];
69  }
70 
71  #[DataProvider('urisAreEqualDataProvider')]
72  #[Test]
73  public function ‪urisAreEqual(string $a, string $b, bool $expectation): void
74  {
75  self::assertSame($expectation, (new ‪UriValue($a))->equals(new ‪UriValue($b)));
76  }
77 
78  public static function ‪uriIsCoveredDataProvider(): \Generator
79  {
80  yield ['https://example.com/path/file.js', 'https://example.com/path/file.js', true];
81  yield ['https://example.com/path/file.js', 'https://example.com/path/file.css', false];
82  yield ['example.com/path', 'example.com/path', true];
83  yield ['example.com/path', 'example.com/other', false];
84  yield ['*.example.com', '*.example.com', true];
85  yield ['*', '*.example.com', true];
86 
87  yield ['https://example.com/', 'https://example.com/path/file.css', true];
88  yield ['example.com', 'https://example.com/path/file.css', true];
89  yield ['https://*.example.com', 'https://sub.example.com/path/file.css', true];
90  yield ['*.example.com', 'https://sub.example.com/path/file.css', true];
91  yield ['*.example.com', 'sub.example.com', true];
92  yield ['*.example.com', '*.sub.example.com', true];
93  yield ['sub.example.com', 'example.com', false];
94  yield ['*.sub.example.com', 'example.com', false];
95  yield ['sub.example.com', '*.example.com', false];
96  yield ['*.sub.example.com', '*.example.com', false];
97  yield ['*.example.com', '*', false];
98  }
99 
100  #[DataProvider('uriIsCoveredDataProvider')]
101  #[Test]
102  public function ‪uriIsCovered(string $a, string $b, bool $expectation): void
103  {
104  self::assertSame($expectation, (new ‪UriValue($a))->covers(new ‪UriValue($b)));
105  }
106 }
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest\uriIsCovered
‪uriIsCovered(string $a, string $b, bool $expectation)
Definition: UriValueTest.php:102
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest\urisAreEqualDataProvider
‪static urisAreEqualDataProvider()
Definition: UriValueTest.php:61
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy
Definition: ConsumableNonceTest.php:18
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest\uriIsParsedAndSerialized
‪uriIsParsedAndSerialized(string $value, string $expectation=null)
Definition: UriValueTest.php:55
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest
Definition: UriValueTest.php:26
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest\uriIsCoveredDataProvider
‪static uriIsCoveredDataProvider()
Definition: UriValueTest.php:78
‪TYPO3\CMS\Core\Security\ContentSecurityPolicy\UriValue
Definition: UriValue.php:29
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest\urisAreEqual
‪urisAreEqual(string $a, string $b, bool $expectation)
Definition: UriValueTest.php:73
‪TYPO3\CMS\Core\Tests\Unit\Security\ContentSecurityPolicy\UriValueTest\uriIsParsedAndSerializedDataProvider
‪static uriIsParsedAndSerializedDataProvider()
Definition: UriValueTest.php:27