From 6e8c0b1729a52723e29e551be38c390a0178bfd4 Mon Sep 17 00:00:00 2001 From: Greg Bowler Date: Sun, 25 Sep 2022 13:04:38 +0100 Subject: [PATCH] Tests (#147) * maintenance: dependabot closes #142 * maintenance: dependabot closes #142 * feature: override real globals in tests * maintenance: static analysis improvements --- src/ProtectedGlobal.php | 11 +++- src/Protection.php | 35 +++++----- test/phpunit/ProtectionTest.php | 110 ++++++++------------------------ test/phpunit/phpunit.xml | 2 +- 4 files changed, 53 insertions(+), 105 deletions(-) diff --git a/src/ProtectedGlobal.php b/src/ProtectedGlobal.php index e84b9af..fe2be6c 100644 --- a/src/ProtectedGlobal.php +++ b/src/ProtectedGlobal.php @@ -3,11 +3,14 @@ use ArrayAccess; +/** @implements ArrayAccess */ class ProtectedGlobal implements ArrayAccess { const WARNING_MESSAGE = "Global variables are protected - see https://php.gt/globals"; - protected $whiteListData; + /** @var array */ + protected array $whiteListData; + /** @param array $whiteListData */ public function __construct(array $whiteListData = []) { $this->whiteListData = $whiteListData; } @@ -16,6 +19,7 @@ public function __toString():string { return self::WARNING_MESSAGE; } + /** @return array */ public function __debugInfo():array { return array_merge([ "WARNING" => (string)$this, @@ -28,15 +32,18 @@ public function offsetExists($offset):bool { } $this->throwException(); + /** @noinspection PhpUnreachableStatementInspection */ return false; } - public function offsetGet($offset) { + public function offsetGet($offset):mixed { if(array_key_exists($offset, $this->whiteListData)) { return $this->whiteListData[$offset]; } $this->throwException(); + /** @noinspection PhpUnreachableStatementInspection */ + return null; } public function offsetSet($offset, $value):void { diff --git a/src/Protection.php b/src/Protection.php index 69ffefa..ab00ae4 100644 --- a/src/Protection.php +++ b/src/Protection.php @@ -2,6 +2,15 @@ namespace Gt\ProtectedGlobal; class Protection { + const GLOBAL_KEYS = [ + "_ENV", + "_SERVER", + "_GET", + "_POST", + "_FILES", + "_COOKIE", + "_SESSION", + ]; /** * Pass in an optional whitelist to allow the specified globals to remain set. This is * useful for tools like XDebug which require access to the $_COOKIE superglobal. @@ -10,6 +19,10 @@ class Protection { * * The second parameter is a 2D array describing which keys to whitelist * within each GLOBAL. For example: ["_ENV" => ["keepThis", "andKeepThis"]] + * + * @param array $globalsToDeregister + * @param array $whiteList + * @return array */ public static function removeGlobals( array $globalsToDeregister, @@ -44,22 +57,10 @@ public static function removeGlobals( return $keep; } - public static function overrideInternals( - array $globals, - array &$env, - array &$server, - array &$get, - array &$post, - array &$files, - array &$cookie, - array &$session - ):void { - $env = new ProtectedGlobal($globals["_ENV"] ?? []); - $server = new ProtectedGlobal($globals["_SERVER"] ?? []); - $get = new ProtectedGlobal($globals["_GET"] ?? []); - $post = new ProtectedGlobal($globals["_POST"] ?? []); - $files = new ProtectedGlobal($globals["_FILES"] ?? []); - $cookie = new ProtectedGlobal($globals["_COOKIE"] ?? []); - $session = new ProtectedGlobal($globals["_SESSION"] ?? []); + /** @param array $whitelistedGlobals */ + public static function overrideInternals(array $whitelistedGlobals):void { + foreach(self::GLOBAL_KEYS as $key) { + $GLOBALS[$key] = new ProtectedGlobal($whitelistedGlobals[$key] ?? []); + } } } diff --git a/test/phpunit/ProtectionTest.php b/test/phpunit/ProtectionTest.php index 6c677ce..6529fd6 100644 --- a/test/phpunit/ProtectionTest.php +++ b/test/phpunit/ProtectionTest.php @@ -7,14 +7,21 @@ use PHPUnit\Framework\TestCase; class ProtectionTest extends TestCase { + public function testRemoveGlobals() { + $globals = [ + "_ENV" => [ + "somekey" => "somevalue", + ] + ]; + + self::assertArrayHasKey("somekey", $globals["_ENV"]); + $updated = Protection::removeGlobals($globals); + self::assertArrayNotHasKey("_ENV", $updated); + self::assertNotNull($globals); + } + public function testOverride() { $env = ["somekey" => "somevalue"]; - $server = []; - $get = []; - $post = []; - $files = []; - $cookie = []; - $session = []; $globals = [ "_ENV" => $env, ]; @@ -26,33 +33,18 @@ public function testOverride() { self::assertEquals("somevalue", $env["somekey"]); - Protection::overrideInternals( - $globals, - $env, - $server, - $get, - $post, - $files, - $cookie, - $session - ); + Protection::overrideInternals($globals); - self::assertInstanceOf(ProtectedGlobal::class, $env); + self::assertInstanceOf(ProtectedGlobal::class, $_ENV); self::assertEquals("somevalue", $env["somekey"]); } public function testWhitelist() { $env = ["somekey" => "somevalue", "anotherkey" => "anothervalue"]; - $server = []; - $get = []; - $post = []; - $files = []; - $cookie = []; - $session = []; $globals = [ "_ENV" => $env, ]; - Protection::removeGlobals( + $whitelist = Protection::removeGlobals( $globals, [ "_ENV" => [ @@ -60,20 +52,11 @@ public function testWhitelist() { ], ] ); - Protection::overrideInternals( - $globals, - $env, - $server, - $get, - $post, - $files, - $cookie, - $session - ); + Protection::overrideInternals($whitelist); - self::assertEquals("anothervalue", $env["anotherkey"]); + self::assertEquals("anothervalue", $_ENV["anotherkey"]); self::expectException(ProtectedGlobalException::class); - $variable = $env["somevalue"]; + $value = $_ENV["somevalue"]; } public function testWhitelistMany() { @@ -93,7 +76,7 @@ public function testWhitelistMany() { Protection::removeGlobals($env); Protection::removeGlobals($server); - $fixedGlobals = Protection::removeGlobals( + $whitelisted = Protection::removeGlobals( $globals, [ "_GET" => [ @@ -108,55 +91,12 @@ public function testWhitelistMany() { ); - Protection::overrideInternals( - $fixedGlobals, - $env, - $server, - $get, - $post, - $files, - $cookie, - $session - ); + Protection::overrideInternals($whitelisted); - self::assertEquals("Y2K", $get["name"]); - self::assertEquals("postvalue2", $post["postkey2"]); + self::assertEquals("Y2K", $_GET["name"]); + self::assertEquals("postvalue2", $_POST["postkey2"]); self::expectException(ProtectedGlobalException::class); - $variable = $post["postkey1"]; - } - - public function testWhitelistNotExists() { - $env = []; - $server = []; - $get = ["name" => "Cody", "species" => "Feline"]; - $post = []; - $files = []; - $cookie = []; - $session = []; - $globals = [ - "_GET" => $get, - ]; - $globals = Protection::removeGlobals( - $globals, - [ - "_GET" => [ - "name", - "age", - ], - ] - ); - Protection::overrideInternals( - $globals, - $env, - $server, - $get, - $post, - $files, - $cookie, - $session - ); - - self::assertEquals("Cody", $get["name"]); - self::assertNull($get["age"]); + $variable = $_POST["postkey1"]; + var_dump($variable); } } diff --git a/test/phpunit/phpunit.xml b/test/phpunit/phpunit.xml index 4e8887f..41b9f81 100644 --- a/test/phpunit/phpunit.xml +++ b/test/phpunit/phpunit.xml @@ -1,5 +1,5 @@ - + .