PhpSpreadsheet/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php

157 lines
5.2 KiB
PHP
Raw Permalink Normal View History

2018-11-19 21:47:34 +00:00
<?php
namespace PhpOffice\PhpSpreadsheetTests\Reader\Security;
2018-11-19 22:22:59 +00:00
use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner;
use PhpOffice\PhpSpreadsheet\Reader\Xls;
2018-11-25 13:33:01 +00:00
use PhpOffice\PhpSpreadsheet\Reader\Xlsx;
2018-11-20 07:18:35 +00:00
use PHPUnit\Framework\TestCase;
2020-05-18 04:49:57 +00:00
use XMLReader;
2018-11-19 21:47:34 +00:00
class XmlScannerTest extends TestCase
{
2020-04-27 10:28:36 +00:00
protected function setUp(): void
{
// php 8.+ deprecated libxml_disable_entity_loader() - It's on by default
if (\PHP_VERSION_ID < 80000) {
libxml_disable_entity_loader(false);
}
}
2018-11-19 21:47:34 +00:00
/**
* @dataProvider providerValidXML
*
* @param mixed $filename
* @param mixed $expectedResult
* @param $libxmlDisableEntityLoader
2018-11-19 21:47:34 +00:00
*/
2020-05-18 04:49:57 +00:00
public function testValidXML($filename, $expectedResult, $libxmlDisableEntityLoader): void
2018-11-19 21:47:34 +00:00
{
// php 8.+ deprecated libxml_disable_entity_loader() - It's on by default
if (\PHP_VERSION_ID < 80000) {
$oldDisableEntityLoaderState = libxml_disable_entity_loader($libxmlDisableEntityLoader);
}
2018-11-23 22:05:17 +00:00
$reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml());
2018-11-19 21:47:34 +00:00
$result = $reader->scanFile($filename);
self::assertEquals($expectedResult, $result);
// php 8.+ deprecated libxml_disable_entity_loader() - It's on by default
if (\PHP_VERSION_ID < 80000) {
libxml_disable_entity_loader($oldDisableEntityLoaderState);
}
2018-11-19 21:47:34 +00:00
}
public function providerValidXML()
{
$tests = [];
foreach (glob('tests/data/Reader/Xml/XEETestValid*.xml') as $file) {
$filename = realpath($file);
$expectedResult = file_get_contents($file);
$tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, $expectedResult, true];
$tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, $expectedResult, false];
2018-11-19 21:47:34 +00:00
}
return $tests;
}
/**
* @dataProvider providerInvalidXML
*
* @param mixed $filename
* @param $libxmlDisableEntityLoader
2018-11-19 21:47:34 +00:00
*/
2020-05-18 04:49:57 +00:00
public function testInvalidXML($filename, $libxmlDisableEntityLoader): void
2018-11-19 21:47:34 +00:00
{
$this->expectException(\PhpOffice\PhpSpreadsheet\Reader\Exception::class);
// php 8.+ deprecated libxml_disable_entity_loader() - It's on by default
if (\PHP_VERSION_ID < 80000) {
libxml_disable_entity_loader($libxmlDisableEntityLoader);
}
2018-11-23 22:05:17 +00:00
$reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml());
2018-11-19 21:47:34 +00:00
$expectedResult = 'FAILURE: Should throw an Exception rather than return a value';
$result = $reader->scanFile($filename);
self::assertEquals($expectedResult, $result);
// php 8.+ deprecated libxml_disable_entity_loader() - It's on by default
if (\PHP_VERSION_ID < 80000) {
self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader());
}
2018-11-19 21:47:34 +00:00
}
public function providerInvalidXML()
{
$tests = [];
foreach (glob('tests/data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) {
$filename = realpath($file);
$tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, true];
$tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, false];
2018-11-19 21:47:34 +00:00
}
return $tests;
}
2020-05-18 04:49:57 +00:00
public function testGetSecurityScannerForXmlBasedReader(): void
{
$fileReader = new Xlsx();
$scanner = $fileReader->getSecurityScanner();
// Must return an object...
self::assertIsObject($scanner);
// ... of the correct type
2020-05-18 04:49:57 +00:00
self::assertInstanceOf(XmlScanner::class, $scanner);
}
2020-05-18 04:49:57 +00:00
public function testGetSecurityScannerForNonXmlBasedReader(): void
{
$fileReader = new Xls();
$scanner = $fileReader->getSecurityScanner();
// Must return a null...
2020-05-18 04:49:57 +00:00
self::assertNull($scanner);
}
/**
* @dataProvider providerValidXMLForCallback
*
* @param mixed $filename
2018-11-25 13:33:01 +00:00
* @param mixed $expectedResult
*/
2020-05-18 04:49:57 +00:00
public function testSecurityScanWithCallback($filename, $expectedResult): void
{
$fileReader = new Xlsx();
$scanner = $fileReader->getSecurityScanner();
$scanner->setAdditionalCallback('strrev');
$xml = $scanner->scanFile($filename);
2020-05-18 04:49:57 +00:00
self::assertEquals(strrev($expectedResult), $xml);
}
public function providerValidXMLForCallback()
{
$tests = [];
foreach (glob('tests/data/Reader/Xml/SecurityScannerWithCallback*.xml') as $file) {
$tests[basename($file)] = [realpath($file), file_get_contents($file)];
}
return $tests;
}
2020-05-18 04:49:57 +00:00
public function testLibxmlDisableEntityLoaderIsRestoredWithoutShutdown(): void
{
$reader = new Xlsx();
unset($reader);
2020-05-18 04:49:57 +00:00
$reader = new XMLReader();
$opened = $reader->open('tests/data/Reader/Xml/SecurityScannerWithCallbackExample.xml');
2020-05-18 04:49:57 +00:00
self::assertTrue($opened);
}
2020-05-18 04:49:57 +00:00
public function testEncodingAllowsMixedCase(): void
{
$scanner = new XmlScanner();
$output = $scanner->scan($input = '<?xml version="1.0" encoding="utf-8"?><foo>bar</foo>');
2020-05-18 04:49:57 +00:00
self::assertSame($input, $output);
}
2018-11-20 07:18:35 +00:00
}