Login   Register  
PHP Classes
elePHPant
Icontem

File: test/test.php

Recommend this page to a friend!
Stumble It! Stumble It! Bookmark in del.icio.us Bookmark in del.icio.us
  Classes of Manuel Lemos  >  Secure HTML parser and filter  >  test/test.php  >  Download  
File: test/test.php
Role: Unit test script
Content type: text/plain
Description: Markup parser unit test suite
Class: Secure HTML parser and filter
Parse and filter insecure HTML tags and CSS styles
Author: By
Last change: Added the selectors test.
Date: 4 years ago
Size: 10,065 bytes
 

Contents

Class file image Download
<?php

/*
 * test.php
 *
 * @(#) $Id: test.php,v 1.11 2009/12/06 06:39:32 mlemos Exp $
 *
 */

    
$__entities '&;
&#xz;
&#x;
&#xfffffffff;
&#xffffffff;
&#x0ffffffff;
&#z;
&#;
&#4294967296;
&#4294967295;
&#04294967295;
&1bogus;
&toolongentitity;
&ok;
&notok'
;
    
$entities_in_unsafe_url='
<a href="j&#0avascript:prompt(2)">Encoded NUL</a>
<a href="j&#9avascript:prompt(2)">Encoded TAB</a>
<a href="j&#97vascript:prompt(2)">Encoded a</a>
<a href="j&#x00avascript:prompt(2)">Hex-encoded NUL</a>
<a href="ja&#x09vascript:prompt(2)">Hex-encoded TAB</a>
<a href="j&#x61vascript:prompt(2)">Hex-encoded a</a>
<a href="j'
.Chr(0).'avascript:prompt(2)">Literal NUL</a>
<a href="ja'
.Chr(9).'vascript:prompt(2)">Literal TAB</a>
'
;
    
$quote_separating_unsafe_attribute='
<img src=missingimage.gif"onerror="alert(\'XSS\')>
'
;

    
$unicode_style '.test { color: \0065\0078\0070\0072\0065\0073\0073\0069\006f\006e\0028\0061\006c\0065\0072\0074\0028\0031\0029\0029 }';
    
$selectors 'h1 { color: red }
em { color: red }
h1 em { color: blue }
h1, h2, h3 { font-family: sans-serif }
*[lang=fr] { font-family: sans-serif }
[lang=fr] { font-family: sans-serif }
*.warning { font-family: sans-serif }
.warning { font-family: sans-serif }
*#myid { font-family: sans-serif }
#myid { font-family: sans-serif }
div * p { font-family: sans-serif }
div p *[href] { font-family: sans-serif }
body > p { line-height: 1.3 }
div ol>li p { line-height: 1.3 }
math + p { text-indent: 0 } 
h1 + h2 { margin-top: -5mm }   
h1.opener + h2 { margin-top: -5mm }
h1[title] { color: blue; }
span[class=example] { color: blue; }
span[hello="Cleveland"][goodbye="Columbus"] { color: blue; }
*[lang=fr] { display: none }
*[lang|="en"] { color: red }
DIALOGUE[character=romeo] { voice-family: "Laurence Olivier", charles, male }
DIALOGUE[character=juliet] { voice-family: "Vivien Leigh", victoria, female }
*.pastoral { color: green }
.pastoral { color: green }
H1.pastoral { color: green }
p.marine.pastoral { color: green }
h1#chapter1 { text-align: center }
div > p:first-child { text-indent: 0 }
a:link { color: red }
a:visited { color: blue }
a:hover { color: yellow }
a:active { color: lime }
a:focus { background: yellow }
a:focus:hover { background: white }
html:lang(fr-ca) { quotes: \'" \' \' "\' }
html:lang(de) { quotes: \'"\' \'"\' \'\2039\' \'\203A\' }
:lang(fr) > Q { quotes: \'" \' \' "\' }
:lang(de) > Q { quotes: \'"\' \'"\' \'\2039\' \'\203A\' }
p:first-line { text-transform: uppercase }
p { line-height: 1.1 }
p:first-letter { font-size: 3em; font-weight: normal }
span { font-weight: bold }
p { color: red; font-size: 12pt }
p:first-letter { color: green; font-size: 200% }
p:first-line { color: blue }
h1:before {content: counter(chapno, upper-roman) ". "}
p.special:before {content: "Special! "}
p.special:first-letter {color: #ffd800}
'
;
    
$__simple_file='sample/simple.html';
    
$__tests=array(
        
'normal'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/simple.txt',
            
'expectedfile'=>'expect/simple.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'File'=>$__simple_file,
                )
            )
        ),
        
'normal1bytebuffer'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/simple.txt',
            
'expectedfile'=>'expect/simple.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'File'=>$__simple_file,
                ),
                
'buffer_length'=>1
            
)
        ),
        
'tracklines'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/track_lines.txt',
            
'expectedfile'=>'expect/track_lines.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'File'=>$__simple_file,
                ),
                
'track_lines'=>1
            
)
        ),
        
'tracklines1bytebuffer'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/track_lines.txt',
            
'expectedfile'=>'expect/track_lines.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'File'=>$__simple_file,
                ),
                
'buffer_length'=>1,
                
'track_lines'=>1
            
)
        ),
        
'unfinishedtag'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/unfinishedtag.txt',
            
'expectedfile'=>'expect/unfinishedtag.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>'<tag',
                ),
                
'track_lines'=>1
            
)
        ),
        
'unfinishedtagend'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/unfinishedtagend.txt',
            
'expectedfile'=>'expect/unfinishedtagend.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>'<tag<tag>',
                ),
                
'track_lines'=>1
            
)
        ),
        
'unfinishedtagattribute'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/unfinishedtagattribute.txt',
            
'expectedfile'=>'expect/unfinishedtagattribute.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>'<tag attribute<tag>',
                ),
                
'track_lines'=>1
            
)
        ),
        
'unfinishedtagattributevalue'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/unfinishedtagattributevalue.txt',
            
'expectedfile'=>'expect/unfinishedtagattributevalue.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>'<tag attribute=value<tag>',
                ),
                
'track_lines'=>1
            
)
        ),
        
'unfinishedquotedtagattribute'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/unfinishedquotedtagattribute.txt',
            
'expectedfile'=>'expect/unfinishedquotedtagattribute.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>'<tag "attribute<tag>',
                ),
                
'track_lines'=>1
            
)
        ),
        
'unfinishedquotedtagattributevalue'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/unfinishedquotedtagattributevalue.txt',
            
'expectedfile'=>'expect/unfinishedquotedtagattributevalue.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>'<tag attribute="value<tag>',
                ),
                
'track_lines'=>1
            
)
        ),
        
'entities'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/entities.txt',
            
'expectedfile'=>'expect/entities.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>$__entities,
                ),
                
'track_lines'=>1
            
)
        ),
        
'entities1bytebuffer'=>array(
            
'script'=>'../test_markup_parser.php',
            
'generatedfile'=>'generated/entities.txt',
            
'expectedfile'=>'expect/entities.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>$__entities,
                ),
                
'track_lines'=>1,
                
'buffer_length'=>1
            
)
        ),
        
'unicodestylevalues'=>array(
            
'script'=>'../test_css_parser.php',
            
'generatedfile'=>'generated/unicodestylevalues.txt',
            
'expectedfile'=>'expect/unicodestylevalues.txt',
            
'options'=>array(
                
'Stylesheet'=>$unicode_style,
            )
        ),
        
'safehtmlfilter'=>array(
            
'script'=>'../test_safe_html_filter.php',
            
'generatedfile'=>'generated/safehtmlfilter.txt',
            
'expectedfile'=>'expect/safehtmlfilter.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'File'=>$__simple_file,
                    
'OnlyBody'=>0,
                    
'DTDCachePath'=>'../',
                )
            )
        ),
        
'entitiesinunsafeurl'=>array(
            
'script'=>'../test_safe_html_filter.php',
            
'generatedfile'=>'generated/entitiesinunsafeurl.txt',
            
'expectedfile'=>'expect/entitiesinunsafeurl.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>$entities_in_unsafe_url,
                    
'OnlyBody'=>1,
                    
'DTDCachePath'=>'../',
                )
            )
        ),
        
'quoteseparatingunsafeattribute'=>array(
            
'script'=>'../test_safe_html_filter.php',
            
'generatedfile'=>'generated/quoteseparatingunsafeattribute.txt',
            
'expectedfile'=>'expect/quoteseparatingunsafeattribute.txt',
            
'options'=>array(
                
'parameters'=>array(
                    
'Data'=>$quote_separating_unsafe_attribute,
                    
'OnlyBody'=>1,
                    
'DTDCachePath'=>'../',
                )
            )
        ),
        
'selectors'=>array(
            
'script'=>'../test_css_parser.php',
            
'generatedfile'=>'generated/selectors.txt',
            
'expectedfile'=>'expect/selectors.txt',
            
'options'=>array(
                
'Stylesheet'=>$selectors,
            )
        ),
    );

    
define('__TEST',1);
    if(IsSet(
$_SERVER['argv'])
    && 
GetType($_SERVER['argv']) == 'array'
    
&& count($_SERVER['argv']) > 1)
    {
        
$__try = array();
        for(
$__test 1$__test count($_SERVER['argv']); ++$__test)
        {
            
$__name $_SERVER['argv'][$__test];
            if(!IsSet(
$__tests[$__name]))
            {
                echo 
"\n".'There is no test named '.$__name.'.'."\n".str_repeat('_',80)."\n";
                
$__try = array();
                break;
            }
            
$__try[] = $__name;
        }
    }
    else
        
$__try array_keys($__tests);
    for(
$__different=$__test=$__checked=0$__test<count($__try); ++$__test)
    {
        
$__name $__try[$__test];
        
$__script=$__tests[$__name]['script'];
        if(!
file_exists($__script))
        {
            echo 
"\n".'Test script '.$__script.' does not exist.'."\n".str_repeat('_',80)."\n";
            continue;
        }
        echo 
'Test "'.$__name.'": ... ';
        
flush();
        if(IsSet(
$__tests[$__name]['options']))
            
$__test_options=$__tests[$__name]['options'];
        else
            
$__test_options=array();
        
ob_start();
        require(
$__script);
        
$output=ob_get_contents();
        
ob_end_clean();
        
$generated=$__tests[$__name]['generatedfile'];
        if(!(
$file fopen($generated'wb')))
            die(
'Could not create the generated output file '.$generated."\n");
        if(!
fputs($file$output)
        || !
fclose($file))
            die(
'Could not save the generated output to the file '.$generated."\n");
        
$expected=$__tests[$__name]['expectedfile'];
        if(!
file_exists($expected))
        {
            echo 
"\n".'Expected output file '.$expected.' does not exist.'."\n".str_repeat('_',80)."\n";
            continue;
        }
        
$diff=array();
        
exec('diff '.$expected.' '.$generated$diff);
        if(
count($diff))
        {
            echo 
"FAILED\n".'Output of script '.$__script.' is different from the expected file '.$expected." .\n".str_repeat('_',80)."\n";
            for(
$line=0$line<count($diff); $line++)
                echo 
$diff[$line]."\n";
            echo 
str_repeat('_',80)."\n";
            
flush();
            
$__different++;
        }
        else
            echo 
"OK\n";
        
$__checked++;
    }
    echo 
$__checked.' test '.($__checked=='was' 'were').' performed, '.($__checked!=$__test ? (($__test-$__checked==1) ? ' 1 test was skipped, ' : ($__test-$__checked).' tests were skipped, ') : '').($__different $__different.' failed' 'none has failed').'.'."\n";

?>