TrustedDomainHelperTest.php 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * Copyright (c) 2015 Lukas Reschke <lukas@owncloud.com>
  5. * This file is licensed under the Affero General Public License version 3 or
  6. * later.
  7. * See the COPYING-README file.
  8. */
  9. namespace Test\Security;
  10. use OC\Security\TrustedDomainHelper;
  11. use OCP\IConfig;
  12. /**
  13. * Class TrustedDomainHelperTest
  14. */
  15. class TrustedDomainHelperTest extends \Test\TestCase {
  16. /** @var IConfig */
  17. protected $config;
  18. protected function setUp(): void {
  19. parent::setUp();
  20. $this->config = $this->getMockBuilder(IConfig::class)->getMock();
  21. }
  22. /**
  23. * @dataProvider trustedDomainDataProvider
  24. * @param string $trustedDomains
  25. * @param string $testDomain
  26. * @param bool $result
  27. */
  28. public function testIsTrustedUrl($trustedDomains, $testDomain, $result) {
  29. $this->config->method('getSystemValue')
  30. ->willReturnMap([
  31. ['overwritehost', '', ''],
  32. ['trusted_domains', [], $trustedDomains],
  33. ]);
  34. $trustedDomainHelper = new TrustedDomainHelper($this->config);
  35. $this->assertEquals($result, $trustedDomainHelper->isTrustedUrl('https://' . $testDomain . '/index.php/something'));
  36. }
  37. /**
  38. * @dataProvider trustedDomainDataProvider
  39. * @param string $trustedDomains
  40. * @param string $testDomain
  41. * @param bool $result
  42. */
  43. public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
  44. $this->config->method('getSystemValue')
  45. ->willReturnMap([
  46. ['overwritehost', '', ''],
  47. ['trusted_domains', [], $trustedDomains],
  48. ]);
  49. $trustedDomainHelper = new TrustedDomainHelper($this->config);
  50. $this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain));
  51. }
  52. /**
  53. * @return array
  54. */
  55. public function trustedDomainDataProvider() {
  56. $trustedHostTestList = [
  57. 'host.one.test',
  58. 'host.two.test',
  59. '[1fff:0:a88:85a3::ac1f]',
  60. 'host.three.test:443',
  61. '*.leading.host',
  62. 'trailing.host*',
  63. 'cen*ter',
  64. '*.leadingwith.port:123',
  65. 'trailingwith.port*:456',
  66. 'UPPERCASE.DOMAIN',
  67. 'lowercase.domain',
  68. ];
  69. return [
  70. // empty defaults to false with 8.1
  71. [null, 'host.one.test:8080', false],
  72. ['', 'host.one.test:8080', false],
  73. [[], 'host.one.test:8080', false],
  74. // trust list when defined
  75. [$trustedHostTestList, 'host.two.test:8080', true],
  76. [$trustedHostTestList, 'host.two.test:9999', true],
  77. [$trustedHostTestList, 'host.three.test:8080', false],
  78. [$trustedHostTestList, 'host.two.test:8080:aa:222', false],
  79. [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true],
  80. [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true],
  81. [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false],
  82. [$trustedHostTestList, 'host.three.test:443', true],
  83. [$trustedHostTestList, 'host.three.test:80', false],
  84. [$trustedHostTestList, 'host.three.test', false],
  85. // trust localhost regardless of trust list
  86. [$trustedHostTestList, 'localhost', true],
  87. [$trustedHostTestList, 'localhost:8080', true],
  88. [$trustedHostTestList, '127.0.0.1', true],
  89. [$trustedHostTestList, '127.0.0.1:8080', true],
  90. // do not trust invalid localhosts
  91. [$trustedHostTestList, 'localhost:1:2', false],
  92. [$trustedHostTestList, 'localhost: evil.host', false],
  93. // do not trust casting
  94. [[1], '1', false],
  95. // leading *
  96. [$trustedHostTestList, 'abc.leading.host', true],
  97. [$trustedHostTestList, 'abc.def.leading.host', true],
  98. [$trustedHostTestList, 'abc.def.leading.host.another', false],
  99. [$trustedHostTestList, 'abc.def.leading.host:123', true],
  100. [$trustedHostTestList, 'leading.host', false],
  101. // trailing *
  102. [$trustedHostTestList, 'trailing.host', true],
  103. [$trustedHostTestList, 'trailing.host.abc', true],
  104. [$trustedHostTestList, 'trailing.host.abc.def', true],
  105. [$trustedHostTestList, 'trailing.host.abc:123', true],
  106. [$trustedHostTestList, 'another.trailing.host', false],
  107. // center *
  108. [$trustedHostTestList, 'center', true],
  109. [$trustedHostTestList, 'cenxxxter', true],
  110. [$trustedHostTestList, 'cen.x.y.ter', true],
  111. // with port
  112. [$trustedHostTestList, 'abc.leadingwith.port:123', true],
  113. [$trustedHostTestList, 'abc.leadingwith.port:1234', false],
  114. [$trustedHostTestList, 'trailingwith.port.abc:456', true],
  115. [$trustedHostTestList, 'trailingwith.port.abc:123', false],
  116. // bad hostname
  117. [$trustedHostTestList, '-bad', false],
  118. [$trustedHostTestList, '-bad.leading.host', false],
  119. [$trustedHostTestList, 'bad..der.leading.host', false],
  120. // case sensitivity
  121. [$trustedHostTestList, 'uppercase.domain', true],
  122. [$trustedHostTestList, 'LOWERCASE.DOMAIN', true],
  123. ];
  124. }
  125. public function testIsTrustedDomainOverwriteHost() {
  126. $this->config->method('getSystemValue')
  127. ->with('overwritehost')
  128. ->willReturn('myproxyhost');
  129. $trustedDomainHelper = new TrustedDomainHelper($this->config);
  130. $this->assertTrue($trustedDomainHelper->isTrustedDomain('myproxyhost'));
  131. $this->assertTrue($trustedDomainHelper->isTrustedDomain('myotherhost'));
  132. }
  133. }