From 51753e403fa69c0ce124ede27d300477e3e799ca Mon Sep 17 00:00:00 2001
From: VirtualTam <virtualtam@flibidi.net>
Date: Mon, 3 Dec 2018 00:34:53 +0100
Subject: namespacing: move HTTP utilities along \Shaarli\Http\ classes

Signed-off-by: VirtualTam <virtualtam@flibidi.net>
---
 tests/http/UrlUtils/CleanupUrlTest.php         | 111 +++++++++++++++++++++++++
 tests/http/UrlUtils/GetUrlSchemeTest.php       |  32 +++++++
 tests/http/UrlUtils/UnparseUrlTest.php         |  32 +++++++
 tests/http/UrlUtils/WhitelistProtocolsTest.php |  63 ++++++++++++++
 4 files changed, 238 insertions(+)
 create mode 100644 tests/http/UrlUtils/CleanupUrlTest.php
 create mode 100644 tests/http/UrlUtils/GetUrlSchemeTest.php
 create mode 100644 tests/http/UrlUtils/UnparseUrlTest.php
 create mode 100644 tests/http/UrlUtils/WhitelistProtocolsTest.php

(limited to 'tests/http/UrlUtils')

diff --git a/tests/http/UrlUtils/CleanupUrlTest.php b/tests/http/UrlUtils/CleanupUrlTest.php
new file mode 100644
index 00000000..6c4d124b
--- /dev/null
+++ b/tests/http/UrlUtils/CleanupUrlTest.php
@@ -0,0 +1,111 @@
+<?php
+/**
+ * Unitary tests for cleanup_url()
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+class CleanupUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * @var string reference URL
+     */
+    protected $ref = 'http://domain.tld:3000';
+
+
+    /**
+     * Clean empty URL
+     */
+    public function testCleanupUrlEmpty()
+    {
+        $this->assertEquals('', cleanup_url(''));
+    }
+
+    /**
+     * Clean an already cleaned URL
+     */
+    public function testCleanupUrlAlreadyClean()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref));
+        $this->ref2 = $this->ref.'/path/to/dir/';
+        $this->assertEquals($this->ref2, cleanup_url($this->ref2));
+    }
+
+    /**
+     * Clean URL fragments
+     */
+    public function testCleanupUrlFragment()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'#tk.rss_all'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'#xtor=RSS-'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'#xtor=RSS-U3ht0tkc4b'));
+    }
+
+    /**
+     * Clean URL query - single annoying parameter
+     */
+    public function testCleanupUrlQuerySingle()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?action_object_map=junk'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?action_ref_map=Cr4p!'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?action_type_map=g4R84g3'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?fb_stuff=v41u3'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?fb=71m3w4573'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_campaign=zomg'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_medium=numnum'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_source=c0d3'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?utm_term=1n4l'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?xtor=some-url'));
+
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?campaign_name=junk'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?campaign_start=junk'));
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?campaign_item_index=junk'));
+    }
+
+    /**
+     * Clean URL query - multiple annoying parameters
+     */
+    public function testCleanupUrlQueryMultiple()
+    {
+        $this->assertEquals($this->ref, cleanup_url($this->ref.'?xtor=some-url&fb=som3th1ng'));
+
+        $this->assertEquals($this->ref, cleanup_url(
+            $this->ref.'?fb=stuff&utm_campaign=zomg&utm_medium=numnum&utm_source=c0d3'
+        ));
+
+        $this->assertEquals($this->ref, cleanup_url(
+            $this->ref.'?campaign_start=zomg&campaign_name=numnum'
+        ));
+    }
+
+    /**
+     * Clean URL query - multiple annoying parameters and fragment
+     */
+    public function testCleanupUrlQueryFragment()
+    {
+        $this->assertEquals($this->ref, cleanup_url(
+            $this->ref.'?xtor=some-url&fb=som3th1ng#tk.rss_all'
+        ));
+
+        // ditch annoying query params and fragment, keep useful params
+        $this->assertEquals(
+            $this->ref.'?my=stuff&is=kept',
+            cleanup_url(
+                $this->ref.'?fb=zomg&my=stuff&utm_medium=numnum&is=kept#tk.rss_all'
+            )
+        );
+
+        // ditch annoying query params, keep useful params and fragment
+        $this->assertEquals(
+            $this->ref.'?my=stuff&is=kept#again',
+            cleanup_url(
+                $this->ref.'?fb=zomg&my=stuff&utm_medium=numnum&is=kept#again'
+            )
+        );
+    }
+}
diff --git a/tests/http/UrlUtils/GetUrlSchemeTest.php b/tests/http/UrlUtils/GetUrlSchemeTest.php
new file mode 100644
index 00000000..2b97f7be
--- /dev/null
+++ b/tests/http/UrlUtils/GetUrlSchemeTest.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Unitary tests for get_url_scheme()
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+class GetUrlSchemeTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Get empty scheme string for empty UrlUtils
+     */
+    public function testGetUrlSchemeEmpty()
+    {
+        $this->assertEquals('', get_url_scheme(''));
+    }
+
+    /**
+     * Get normal scheme of UrlUtils
+     */
+    public function testGetUrlScheme()
+    {
+        $this->assertEquals('http', get_url_scheme('http://domain.tld:3000'));
+        $this->assertEquals('https', get_url_scheme('https://domain.tld:3000'));
+        $this->assertEquals('http', get_url_scheme('domain.tld'));
+        $this->assertEquals('ssh', get_url_scheme('ssh://domain.tld'));
+        $this->assertEquals('ftp', get_url_scheme('ftp://domain.tld'));
+        $this->assertEquals('git', get_url_scheme('git://domain.tld/push?pull=clone#checkout'));
+    }
+}
diff --git a/tests/http/UrlUtils/UnparseUrlTest.php b/tests/http/UrlUtils/UnparseUrlTest.php
new file mode 100644
index 00000000..040d8c54
--- /dev/null
+++ b/tests/http/UrlUtils/UnparseUrlTest.php
@@ -0,0 +1,32 @@
+<?php
+/**
+ * Unpares UrlUtils's tests
+ */
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+/**
+ * Unitary tests for unparse_url()
+ */
+class UnparseUrlTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Thanks for building nothing
+     */
+    public function testUnparseEmptyArray()
+    {
+        $this->assertEquals('', unparse_url(array()));
+    }
+
+    /**
+     * Rebuild a full-featured URL
+     */
+    public function testUnparseFull()
+    {
+        $ref = 'http://username:password@hostname:9090/path'
+              .'?arg1=value1&arg2=value2#anchor';
+        $this->assertEquals($ref, unparse_url(parse_url($ref)));
+    }
+}
diff --git a/tests/http/UrlUtils/WhitelistProtocolsTest.php b/tests/http/UrlUtils/WhitelistProtocolsTest.php
new file mode 100644
index 00000000..69512dbd
--- /dev/null
+++ b/tests/http/UrlUtils/WhitelistProtocolsTest.php
@@ -0,0 +1,63 @@
+<?php
+
+namespace Shaarli\Http;
+
+require_once 'application/http/UrlUtils.php';
+
+/**
+ * Class WhitelistProtocolsTest
+ *
+ * Test whitelist_protocols() function of UrlUtils.
+ */
+class WhitelistProtocolsTest extends \PHPUnit\Framework\TestCase
+{
+    /**
+     * Test whitelist_protocols() on a note (relative URL).
+     */
+    public function testWhitelistProtocolsRelative()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = '?12443564';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = '/path.jpg';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() on a note (relative URL).
+     */
+    public function testWhitelistProtocolMissing()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'test.tld/path/?query=value#hash';
+        $this->assertEquals('http://'. $url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() with allowed protocols.
+     */
+    public function testWhitelistAllowedProtocol()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'http://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'https://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'ftp://test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+        $url = 'magnet:test.tld/path/?query=value#hash';
+        $this->assertEquals($url, whitelist_protocols($url, $whitelist));
+    }
+
+    /**
+     * Test whitelist_protocols() with allowed protocols.
+     */
+    public function testWhitelistDisallowedProtocol()
+    {
+        $whitelist = ['ftp', 'magnet'];
+        $url = 'javascript:alert("xss");';
+        $this->assertEquals('http://alert("xss");', whitelist_protocols($url, $whitelist));
+        $url = 'other://test.tld/path/?query=value#hash';
+        $this->assertEquals('http://test.tld/path/?query=value#hash', whitelist_protocols($url, $whitelist));
+    }
+}
-- 
cgit v1.2.3