TrustedDomainHelperTest.php 4.8 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146
  1. <?php
  2. declare(strict_types=1);
  3. /**
  4. * SPDX-FileCopyrightText: 2016-2024 Nextcloud GmbH and Nextcloud contributors
  5. * SPDX-FileCopyrightText: 2016 ownCloud, Inc.
  6. * SPDX-License-Identifier: AGPL-3.0-or-later
  7. */
  8. namespace Test\Security;
  9. use OC\Security\TrustedDomainHelper;
  10. use OCP\IConfig;
  11. /**
  12. * Class TrustedDomainHelperTest
  13. */
  14. class TrustedDomainHelperTest extends \Test\TestCase {
  15. /** @var IConfig */
  16. protected $config;
  17. protected function setUp(): void {
  18. parent::setUp();
  19. $this->config = $this->getMockBuilder(IConfig::class)->getMock();
  20. }
  21. /**
  22. * @dataProvider trustedDomainDataProvider
  23. * @param string $trustedDomains
  24. * @param string $testDomain
  25. * @param bool $result
  26. */
  27. public function testIsTrustedUrl($trustedDomains, $testDomain, $result) {
  28. $this->config->method('getSystemValue')
  29. ->willReturnMap([
  30. ['overwritehost', '', ''],
  31. ['trusted_domains', [], $trustedDomains],
  32. ]);
  33. $trustedDomainHelper = new TrustedDomainHelper($this->config);
  34. $this->assertEquals($result, $trustedDomainHelper->isTrustedUrl('https://' . $testDomain . '/index.php/something'));
  35. }
  36. /**
  37. * @dataProvider trustedDomainDataProvider
  38. * @param string $trustedDomains
  39. * @param string $testDomain
  40. * @param bool $result
  41. */
  42. public function testIsTrustedDomain($trustedDomains, $testDomain, $result) {
  43. $this->config->method('getSystemValue')
  44. ->willReturnMap([
  45. ['overwritehost', '', ''],
  46. ['trusted_domains', [], $trustedDomains],
  47. ]);
  48. $trustedDomainHelper = new TrustedDomainHelper($this->config);
  49. $this->assertEquals($result, $trustedDomainHelper->isTrustedDomain($testDomain));
  50. }
  51. /**
  52. * @return array
  53. */
  54. public function trustedDomainDataProvider() {
  55. $trustedHostTestList = [
  56. 'host.one.test',
  57. 'host.two.test',
  58. '[1fff:0:a88:85a3::ac1f]',
  59. 'host.three.test:443',
  60. '*.leading.host',
  61. 'trailing.host*',
  62. 'cen*ter',
  63. '*.leadingwith.port:123',
  64. 'trailingwith.port*:456',
  65. 'UPPERCASE.DOMAIN',
  66. 'lowercase.domain',
  67. ];
  68. return [
  69. // empty defaults to false with 8.1
  70. [null, 'host.one.test:8080', false],
  71. ['', 'host.one.test:8080', false],
  72. [[], 'host.one.test:8080', false],
  73. // trust list when defined
  74. [$trustedHostTestList, 'host.two.test:8080', true],
  75. [$trustedHostTestList, 'host.two.test:9999', true],
  76. [$trustedHostTestList, 'host.three.test:8080', false],
  77. [$trustedHostTestList, 'host.two.test:8080:aa:222', false],
  78. [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]', true],
  79. [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801', true],
  80. [$trustedHostTestList, '[1fff:0:a88:85a3::ac1f]:801:34', false],
  81. [$trustedHostTestList, 'host.three.test:443', true],
  82. [$trustedHostTestList, 'host.three.test:80', false],
  83. [$trustedHostTestList, 'host.three.test', false],
  84. // trust localhost regardless of trust list
  85. [$trustedHostTestList, 'localhost', true],
  86. [$trustedHostTestList, 'localhost:8080', true],
  87. [$trustedHostTestList, '127.0.0.1', true],
  88. [$trustedHostTestList, '127.0.0.1:8080', true],
  89. // do not trust invalid localhosts
  90. [$trustedHostTestList, 'localhost:1:2', false],
  91. [$trustedHostTestList, 'localhost: evil.host', false],
  92. // do not trust casting
  93. [[1], '1', false],
  94. // leading *
  95. [$trustedHostTestList, 'abc.leading.host', true],
  96. [$trustedHostTestList, 'abc.def.leading.host', true],
  97. [$trustedHostTestList, 'abc.def.leading.host.another', false],
  98. [$trustedHostTestList, 'abc.def.leading.host:123', true],
  99. [$trustedHostTestList, 'leading.host', false],
  100. // trailing *
  101. [$trustedHostTestList, 'trailing.host', true],
  102. [$trustedHostTestList, 'trailing.host.abc', true],
  103. [$trustedHostTestList, 'trailing.host.abc.def', true],
  104. [$trustedHostTestList, 'trailing.host.abc:123', true],
  105. [$trustedHostTestList, 'another.trailing.host', false],
  106. // center *
  107. [$trustedHostTestList, 'center', true],
  108. [$trustedHostTestList, 'cenxxxter', true],
  109. [$trustedHostTestList, 'cen.x.y.ter', true],
  110. // with port
  111. [$trustedHostTestList, 'abc.leadingwith.port:123', true],
  112. [$trustedHostTestList, 'abc.leadingwith.port:1234', false],
  113. [$trustedHostTestList, 'trailingwith.port.abc:456', true],
  114. [$trustedHostTestList, 'trailingwith.port.abc:123', false],
  115. // bad hostname
  116. [$trustedHostTestList, '-bad', false],
  117. [$trustedHostTestList, '-bad.leading.host', false],
  118. [$trustedHostTestList, 'bad..der.leading.host', false],
  119. // case sensitivity
  120. [$trustedHostTestList, 'uppercase.domain', true],
  121. [$trustedHostTestList, 'LOWERCASE.DOMAIN', true],
  122. ];
  123. }
  124. public function testIsTrustedDomainOverwriteHost() {
  125. $this->config->method('getSystemValue')
  126. ->with('overwritehost')
  127. ->willReturn('myproxyhost');
  128. $trustedDomainHelper = new TrustedDomainHelper($this->config);
  129. $this->assertTrue($trustedDomainHelper->isTrustedDomain('myproxyhost'));
  130. $this->assertTrue($trustedDomainHelper->isTrustedDomain('myotherhost'));
  131. }
  132. }