composer/iTop
6
0
Fork 0
mirror of https://github.com/Combodo/iTop.git synced 2026-05-19 07:12:26 +02:00
Code Issues Packages Projects Releases Wiki Activity

WIP

Browse Source
This commit is contained in:
jf-cbd
2025-03-05 17:24:28 +01:00
parent 2dc9f5dcc6
commit 32dbf1490c
4 changed files with 40 additions and 63 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
core/restservices.class.inc.php
View File

@@ -129,7 +129,7 @@ public function SanitizeContent()
{
foreach($this->fields as $sFieldAttCode => $fieldValue)
{
try{
try {
$oAttDef = MetaModel::GetAttributeDef($this->class, $sFieldAttCode);
} catch (Exception $e) { // for special cases like ID
continue;
@@ -872,6 +872,7 @@ trait SanitizeTrait
if ($oAttDef instanceof iAttributeNoGroupBy) // iAttributeNoGroupBy is equivalent to sensitive attribute
{
$fields[$sFieldAttCode] = '*****';
return;
}
// for 1-n / n-n relation
if ($oAttDef instanceof AttributeLinkedSet) {
@@ -881,7 +882,7 @@ trait SanitizeTrait
if ($oLnkAttDef instanceof iAttributeNoGroupBy) { // 1-n relation
$fields[$sFieldAttCode][$i][$sLnkAttCode] = '*****';
}
if ($oAttDef instanceof AttributeLinkedSetIndirect && $oLnkAttDef instanceof AttributeExternalField) { // for n-n relation
elseif ($oAttDef instanceof AttributeLinkedSetIndirect && $oLnkAttDef instanceof AttributeExternalField) { // for n-n relation
$oExtKeyAttDef = MetaModel::GetAttributeDef($oLnkAttDef->GetTargetClass(), $oLnkAttDef->GetExtAttCode());
if ($oExtKeyAttDef instanceof iAttributeNoGroupBy) {
$fields[$sFieldAttCode][$i][$sLnkAttCode] = '*****';
@@ -889,6 +890,7 @@ trait SanitizeTrait
}
}
}
return;
}
// for external attribute

19
tests/php-unit-tests/unitary-tests/core/Delta/delta_test_sanitize_output.xml
View File

@@ -9,8 +9,9 @@
<key_type>autoincrement</key_type>
<db_table>test_server</db_table>
<db_key_field>id</db_key_field>
</properties> <presentation></presentation>
<methods></methods>
</properties>
<presentation/>
<methods/>
<fields>
<field id="contact_list" xsi:type="AttributeLinkedSetIndirect">
<linked_class>lnkContactTestToServer</linked_class>
@@ -41,8 +42,8 @@
<db_table>contact_test</db_table>
<db_key_field>id</db_key_field>
</properties>
<presentation></presentation>
<methods></methods>
<presentation/>
<methods/>
<fields>
<field id="password" xsi:type="AttributeEncryptedString">
<sql>password</sql>
@@ -65,8 +66,9 @@
<key_type>autoincrement</key_type>
<db_table>lnk_contact_server_test</db_table>
<db_key_field>id</db_key_field>
</properties> <presentation></presentation>
<methods></methods>
</properties>
<presentation/>
<methods/>
<fields>
<field id="contact_test_password" xsi:type="AttributeExternalField" _delta="define">
<extkey_attcode>contact_test_id</extkey_attcode>
@@ -96,8 +98,9 @@
<key_type>autoincrement</key_type>
<db_table>password_test</db_table>
<db_key_field>id</db_key_field>
</properties> <presentation></presentation>
<methods></methods>
</properties>
<presentation/>
<methods/>
<fields>
<field id="server_test_id" xsi:type="AttributeExternalKey" _delta="define">
<target_class>TestServer</target_class>

29
tests/php-unit-tests/unitary-tests/core/RestServicesSanitizeOutputTest.php
View File

@@ -1,22 +1,5 @@
<?php
declare(strict_types=1);
// Copyright (c) 2010-2018 Combodo SARL
//
// This file is part of iTop.
//
// iTop is free software; you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// iTop is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with iTop. If not, see <http://www.gnu.org/licenses/>
//
namespace Combodo\iTop\Test\UnitTest\Core;
@@ -46,7 +29,8 @@ class RestServicesSanitizeOutputTest extends ItopCustomDatamodelTestCase
public function testSanitizeJsonOutputOnSimpleAttribute()
{
$oContactTest = MetaModel::NewObject('ContactTest', [
'password' => self::SIMPLE_PASSWORD]);
'password' => self::SIMPLE_PASSWORD]
);
$oRestResultWithObject = new RestResultWithObjects();
$oRestResultWithObject->AddObject(0, 'ok', $oContactTest, ['ContactTest' => ['password']]);
$oRestResultWithObject->SanitizeContent();
@@ -62,7 +46,8 @@ class RestServicesSanitizeOutputTest extends ItopCustomDatamodelTestCase
public function testSanitizeJsonOutputAttributeExternalKeyOnNNRelation()
{
$oContactTest = $this->createObject('ContactTest', [
'password' => self::SIMPLE_PASSWORD]);
'password' => self::SIMPLE_PASSWORD]
);
$oTestServer = $this->createObject('TestServer', [
'name' => 'test_server',
@@ -84,10 +69,10 @@ class RestServicesSanitizeOutputTest extends ItopCustomDatamodelTestCase
static::assertContains(
'*****',
json_encode($oRestResultWithObject));
static::assertNotContains(
self::SIMPLE_PASSWORD,
json_encode($oRestResultWithObject));
}
/**
@@ -102,7 +87,6 @@ class RestServicesSanitizeOutputTest extends ItopCustomDatamodelTestCase
'name' => 'test_server',
]);
// create lnkContactTestToServer
$this->createObject('lnkContactTestToServer', [
'contact_test_id' => $oContactTest->GetKey(),
@@ -117,6 +101,7 @@ class RestServicesSanitizeOutputTest extends ItopCustomDatamodelTestCase
static::assertContains(
'*****',
json_encode($oRestResultWithObject));
static::assertNotContains(
self::SIMPLE_PASSWORD,
json_encode($oRestResultWithObject));
@@ -147,9 +132,11 @@ class RestServicesSanitizeOutputTest extends ItopCustomDatamodelTestCase
$oRestResultWithObject = new RestResultWithObjects();
$oRestResultWithObject->AddObject(0, 'ok', $oTestServer, ['TestServer' => ['id', 'password_list']]);
$oRestResultWithObject->SanitizeContent();
static::assertContains(
'*****',
json_encode($oRestResultWithObject));
static::assertNotContains(
self::SIMPLE_PASSWORD,
json_encode($oRestResultWithObject));

49
tests/php-unit-tests/unitary-tests/core/RestServicesTest.php
View File

@@ -1,21 +1,5 @@
<?php
// Copyright (c) 2010-2018 Combodo SARL
//
// This file is part of iTop.
//
// iTop is free software; you can redistribute it and/or modify
// it under the terms of the GNU Affero General Public License as published by
// the Free Software Foundation, either version 3 of the License, or
// (at your option) any later version.
//
// iTop is distributed in the hope that it will be useful,
// but WITHOUT ANY WARRANTY; without even the implied warranty of
// MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
// GNU Affero General Public License for more details.
//
// You should have received a copy of the GNU Affero General Public License
// along with iTop. If not, see <http://www.gnu.org/licenses/>
//
declare(strict_types=1);
namespace Combodo\iTop\Test\UnitTest\Core;
@@ -23,7 +7,7 @@ use Combodo\iTop\Test\UnitTest\ItopDataTestCase;
use CoreException;
use CoreServices;
use CoreUnexpectedValue;
use SimpleGraphException;
use RestResultWithObjects;
use UserLocal;
/**
@@ -33,11 +17,6 @@ use UserLocal;
*/
class RestServicesTest extends ItopDataTestCase
{
public function setUp(): void
{
parent::setUp();
}
/**
* @return void
* @dataProvider providerTestSanitizeJsonInput
@@ -46,10 +25,13 @@ class RestServicesTest extends ItopDataTestCase
{
$oRS = new CoreServices();
$sOutputJson = $oRS->SanitizeJsonInput($sJsonData);
$this->assertEquals($sExpectedJsonDataSanitized, $sOutputJson);
static::assertEquals($sExpectedJsonDataSanitized, $sOutputJson);
}
public function providerTestSanitizeJsonInput()
/**
* @return array[]
*/
public function providerTestSanitizeJsonInput(): array
{
return [
'core/check_credentials' => [
@@ -99,20 +81,22 @@ class RestServicesTest extends ItopDataTestCase
* @return void
* @throws CoreException
* @throws CoreUnexpectedValue
* @throws SimpleGraphException
* @dataProvider providerTestSanitizeJsonOutput
*/
public function testSanitizeJsonOutput($sOperation, $aJsonData, $sExpectedJsonDataSanitized)
{
$oUser = new UserLocal();
$oUser->Set('password', "123456");
$oRestResultWithObject = new \RestResultWithObjects();
$oRestResultWithObject->AddObject(0, "ok", $oUser, ['UserLocal' => ['login', 'password']]);
$oUser->Set('password', '123456');
$oRestResultWithObject = new RestResultWithObjects();
$oRestResultWithObject->AddObject(0, 'ok', $oUser, ['UserLocal' => ['login', 'password']]);
$oRestResultWithObject->SanitizeContent();
$this->assertEquals($sExpectedJsonDataSanitized, json_encode($oRestResultWithObject));
static::assertEquals($sExpectedJsonDataSanitized, json_encode($oRestResultWithObject));
}
public function providerTestSanitizeJsonOutput()
/**
* @return array[]
*/
public function providerTestSanitizeJsonOutput(): array
{
return [
@@ -134,7 +118,8 @@ class RestServicesTest extends ItopDataTestCase
'core/check_credentials' => [
'core/check_credentials',
['user' => 'admin', 'password' => 'admin'],
'{"objects":{"UserLocal::-1":{"code":0,"message":"ok","class":"UserLocal","key":-1,"fields":{"login":"","password":"*****"}}},"code":0,"message":null}' ],
'{"objects":{"UserLocal::-1":{"code":0,"message":"ok","class":"UserLocal","key":-1,"fields":{"login":"","password":"*****"}}},"code":0,"message":null}'
],
];
}
}