dépôts / lhc / web / wiklou.git / blob
? search:
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Merge "Type hint against LinkTarget in WatchedItemStore"
[lhc/web/wiklou.git] / tests / phpunit / includes / api / ApiCSPReportTest.php
1 <?php
2
3 /**
4 * @group API
5 * @group medium
6 * @covers ApiCSPReport
7 */
8 class ApiCSPReportTest extends MediaWikiIntegrationTestCase {
9
10 public function setUp() {
11 parent::setUp();
12 $this->setMwGlobals( [
13 'CSPFalsePositiveUrls' => [],
14 ] );
15 }
16
17 public function testInternalReportonly() {
18 $params = [
19 'reportonly' => '1',
20 'source' => 'internal',
21 ];
22 $cspReport = [
23 'document-uri' => 'https://doc.test/path',
24 'referrer' => 'https://referrer.test/path',
25 'violated-directive' => 'connet-src',
26 'disposition' => 'report',
27 'blocked-uri' => 'https://blocked.test/path?query',
28 'line-number' => 4,
29 'column-number' => 2,
30 'source-file' => 'https://source.test/path?query',
31 ];
32
33 $log = $this->doExecute( $params, $cspReport );
34
35 $this->assertEquals(
36 [
37 [
38 '[report-only] Received CSP report: ' .
39 '<https://blocked.test> blocked from being loaded on <https://doc.test/path>:4',
40 [
41 'method' => 'ApiCSPReport::execute',
42 'user_id' => 'logged-out',
43 'user-agent' => 'Test/0.0',
44 'source' => 'internal'
45 ]
46 ],
47 ],
48 $log,
49 'logged messages'
50 );
51 }
52
53 public function testFalsePositiveOriginMatch() {
54 $params = [
55 'reportonly' => '1',
56 'source' => 'internal',
57 ];
58 $cspReport = [
59 'document-uri' => 'https://doc.test/path',
60 'referrer' => 'https://referrer.test/path',
61 'violated-directive' => 'connet-src',
62 'disposition' => 'report',
63 'blocked-uri' => 'https://blocked.test/path/file?query',
64 'line-number' => 4,
65 'column-number' => 2,
66 'source-file' => 'https://source.test/path/file?query',
67 ];
68
69 $this->setMwGlobals( [
70 'wgCSPFalsePositiveUrls' => [
71 'https://blocked.test/path/' => true,
72 ],
73 ] );
74 $log = $this->doExecute( $params, $cspReport );
75
76 $this->assertSame(
77 [],
78 $log,
79 'logged messages'
80 );
81 }
82
83 private function doExecute( array $params, array $cspReport ) {
84 $log = [];
85 $logger = $this->createMock( Psr\Log\AbstractLogger::class );
86 $logger->method( 'warning' )->will( $this->returnCallback(
87 function ( $msg, $ctx ) use ( &$log ) {
88 unset( $ctx['csp-report'] );
89 $log[] = [ $msg, $ctx ];
90 }
91 ) );
92 $this->setLogger( 'csp-report-only', $logger );
93
94 $postBody = json_encode( [ 'csp-report' => $cspReport ] );
95 $req = $this->getMockBuilder( FauxRequest::class )
96 ->setMethods( [ 'getRawInput' ] )
97 ->setConstructorArgs( [ $params, /* $wasPosted */ true ] )
98 ->getMock();
99 $req->method( 'getRawInput' )->willReturn( $postBody );
100 $req->setHeaders( [
101 'Content-Type' => 'application/csp-report',
102 'User-Agent' => 'Test/0.0'
103 ] );
104
105 $api = $this->getMockBuilder( ApiCSPReport::class )
106 ->disableOriginalConstructor()
107 ->setMethods( [ 'getParameter', 'getRequest', 'getResult' ] )
108 ->getMock();
109 $api->method( 'getParameter' )->will( $this->returnCallback(
110 function ( $key ) use ( $req ) {
111 return $req->getRawVal( $key );
112 }
113 ) );
114 $api->method( 'getRequest' )->willReturn( $req );
115 $api->method( 'getResult' )->willReturn( new ApiResult( false ) );
116
117 $api->execute();
118 return $log;
119 }
120 }
Wiklou, le Wiki du Wiklou