8 class ApiCSPReportTest
extends MediaWikiIntegrationTestCase
{
10 public function setUp() {
12 $this->setMwGlobals( [
13 'CSPFalsePositiveUrls' => [],
17 public function testInternalReportonly() {
20 'source' => 'internal',
23 'document-uri' => 'https://doc.test/path',
24 'referrer' => 'https://referrer.test/path',
25 'violated-directive' => 'connet-src',
26 'disposition' => 'report',
27 'blocked-uri' => 'https://blocked.test/path?query',
30 'source-file' => 'https://source.test/path?query',
33 $log = $this->doExecute( $params, $cspReport );
38 '[report-only] Received CSP report: ' .
39 '<https://blocked.test> blocked from being loaded on <https://doc.test/path>:4',
41 'method' => 'ApiCSPReport::execute',
44 'user-agent' => 'Test/0.0',
45 'source' => 'internal'
54 public function testFalsePositiveOriginMatch() {
57 'source' => 'internal',
60 'document-uri' => 'https://doc.test/path',
61 'referrer' => 'https://referrer.test/path',
62 'violated-directive' => 'connet-src',
63 'disposition' => 'report',
64 'blocked-uri' => 'https://blocked.test/path/file?query',
67 'source-file' => 'https://source.test/path/file?query',
70 $this->setMwGlobals( [
71 'wgCSPFalsePositiveUrls' => [
72 'https://blocked.test/path/' => true,
75 $log = $this->doExecute( $params, $cspReport );
84 private function doExecute( array $params, array $cspReport ) {
86 $logger = $this->createMock( Psr\Log\AbstractLogger
::class );
87 $logger->method( 'warning' )->will( $this->returnCallback(
88 function ( $msg, $ctx ) use ( &$log ) {
89 unset( $ctx['csp-report'] );
90 $log[] = [ $msg, $ctx ];
93 $this->setLogger( 'csp-report-only', $logger );
95 $postBody = json_encode( [ 'csp-report' => $cspReport ] );
96 $req = $this->getMockBuilder( FauxRequest
::class )
97 ->setMethods( [ 'getRawInput' ] )
98 ->setConstructorArgs( [ $params, /* $wasPosted */ true ] )
100 $req->method( 'getRawInput' )->willReturn( $postBody );
102 'Content-Type' => 'application/csp-report',
103 'User-Agent' => 'Test/0.0'
106 $api = $this->getMockBuilder( ApiCSPReport
::class )
107 ->disableOriginalConstructor()
108 ->setMethods( [ 'getParameter', 'getRequest', 'getResult' ] )
110 $api->method( 'getParameter' )->will( $this->returnCallback(
111 function ( $key ) use ( $req ) {
112 return $req->getRawVal( $key );
115 $api->method( 'getRequest' )->willReturn( $req );
116 $api->method( 'getResult' )->willReturn( new ApiResult( false ) );