PhpSpreadsheet/tests/PhpSpreadsheetTests/Reader/Security/XmlScannerTest.php

<?php

namespace PhpOffice\PhpSpreadsheetTests\Reader\Security;

use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner;
use PhpOffice\PhpSpreadsheet\Reader\Xls;
use PhpOffice\PhpSpreadsheet\Reader\Xlsx;
use PhpOffice\PhpSpreadsheet\Reader\Xml;
use PHPUnit\Framework\TestCase;

class XmlScannerTest extends TestCase
{
    /**
     * @dataProvider providerValidXML
     *
     * @param mixed $filename
     * @param mixed $expectedResult
     * @param $libxmlDisableEntityLoader
     */
    public function testValidXML($filename, $expectedResult, $libxmlDisableEntityLoader)
    {
        libxml_disable_entity_loader($libxmlDisableEntityLoader);

        $reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml());
        $result = $reader->scanFile($filename);
        self::assertEquals($expectedResult, $result);
        self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader());
    }

    public function providerValidXML()
    {
        $tests = [];
        foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestValid*.xml') as $file) {
            $filename = realpath($file);
            $expectedResult = file_get_contents($file);
            $tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, $expectedResult, true];
            $tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, $expectedResult, false];
        }

        return $tests;
    }

    /**
     * @dataProvider providerInvalidXML
     *
     * @param mixed $filename
     * @param $libxmlDisableEntityLoader
     */
    public function testInvalidXML($filename, $libxmlDisableEntityLoader)
    {
        $this->expectException(\PhpOffice\PhpSpreadsheet\Reader\Exception::class);

        libxml_disable_entity_loader($libxmlDisableEntityLoader);

        $reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml());
        $expectedResult = 'FAILURE: Should throw an Exception rather than return a value';
        $result = $reader->scanFile($filename);
        self::assertEquals($expectedResult, $result);
        self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader());
    }

    public function providerInvalidXML()
    {
        $tests = [];
        foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) {
            $filename = realpath($file);
            $tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, true];
            $tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, false];
        }

        return $tests;
    }

    public function testGetSecurityScannerForXmlBasedReader()
    {
        $fileReader = new Xlsx();
        $scanner = $fileReader->getSecuritySCanner();

        //    Must return an object...
        $this->assertInternalType('object', $scanner);
        //    ... of the correct type
        $this->assertInstanceOf(XmlScanner::class, $scanner);
    }

    public function testGetSecurityScannerForNonXmlBasedReader()
    {
        $fileReader = new Xls();
        $scanner = $fileReader->getSecuritySCanner();
        //    Must return a null...
        $this->assertNull($scanner);
    }

    /**
     * @dataProvider providerValidXMLForCallback
     *
     * @param mixed $filename
     * @param mixed $expectedResult
     */
    public function testSecurityScanWithCallback($filename, $expectedResult)
    {
        $fileReader = new Xlsx();
        $scanner = $fileReader->getSecuritySCanner();
        $scanner->setAdditionalCallback('strrev');
        $xml = $scanner->scanFile($filename);

        $this->assertEquals(strrev($expectedResult), $xml);
    }

    public function providerValidXMLForCallback()
    {
        $tests = [];
        foreach (glob(__DIR__ . '/../../../data/Reader/Xml/SecurityScannerWithCallback*.xml') as $file) {
            $tests[basename($file)] = [realpath($file), file_get_contents($file)];
        }

        return $tests;
    }

    /**
     * @dataProvider providerLibxmlSettings
     *
     * @param $libxmlDisableLoader
     */
    public function testNewInstanceCreationDoesntChangeLibxmlSettings($libxmlDisableLoader)
    {
        libxml_disable_entity_loader($libxmlDisableLoader);

        $reader = new Xml();
        self::assertEquals($libxmlDisableLoader, libxml_disable_entity_loader($libxmlDisableLoader));
        unset($reader);
    }

    public function providerLibxmlSettings()
    {
        return [
            [true],
            [false],
        ];
    }
}
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`<?php`

			`namespace PhpOffice\PhpSpreadsheetTests\Reader\Security;`

Add UTF-7 XXE Unit test data 2018-11-19 22:22:59 +00:00			`use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner;`
Refactor scanner into base reader class 2018-11-25 11:14:54 +00:00			`use PhpOffice\PhpSpreadsheet\Reader\Xls;`
Coding standards 2018-11-25 13:33:01 +00:00			`use PhpOffice\PhpSpreadsheet\Reader\Xlsx;`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`use PhpOffice\PhpSpreadsheet\Reader\Xml;`
phpcs cleanup 2018-11-20 07:18:35 +00:00			`use PHPUnit\Framework\TestCase;`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00
			`class XmlScannerTest extends TestCase`
			`{`
			`/**`
			`* @dataProvider providerValidXML`
			`*`
			`* @param mixed $filename`
			`* @param mixed $expectedResult`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`* @param $libxmlDisableEntityLoader`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`*/`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`public function testValidXML($filename, $expectedResult, $libxmlDisableEntityLoader)`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`{`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`libxml_disable_entity_loader($libxmlDisableEntityLoader);`

Use factory for XMLcanner 2018-11-23 22:05:17 +00:00			`$reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml());`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`$result = $reader->scanFile($filename);`
			`self::assertEquals($expectedResult, $result);`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader());`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`}`

			`public function providerValidXML()`
			`{`
			`$tests = [];`
Add UTF-7 XXE Unit test data 2018-11-19 22:22:59 +00:00			`foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestValid*.xml') as $file) {`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`$filename = realpath($file);`
			`$expectedResult = file_get_contents($file);`
			`$tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, $expectedResult, true];`
			`$tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, $expectedResult, false];`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`}`

			`return $tests;`
			`}`

			`/**`
			`* @dataProvider providerInvalidXML`
			`*`
			`* @param mixed $filename`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`* @param $libxmlDisableEntityLoader`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`*/`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`public function testInvalidXML($filename, $libxmlDisableEntityLoader)`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`{`
			`$this->expectException(\PhpOffice\PhpSpreadsheet\Reader\Exception::class);`

libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`libxml_disable_entity_loader($libxmlDisableEntityLoader);`

Use factory for XMLcanner 2018-11-23 22:05:17 +00:00			`$reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml());`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`$expectedResult = 'FAILURE: Should throw an Exception rather than return a value';`
			`$result = $reader->scanFile($filename);`
			`self::assertEquals($expectedResult, $result);`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader());`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`}`

			`public function providerInvalidXML()`
			`{`
			`$tests = [];`
Add UTF-7 XXE Unit test data 2018-11-19 22:22:59 +00:00			`foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) {`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`$filename = realpath($file);`
			`$tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, true];`
			`$tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, false];`
Clean handle charset in XXE scanner 2018-11-19 21:47:34 +00:00			`}`

			`return $tests;`
			`}`
Refactor scanner into base reader class 2018-11-25 11:14:54 +00:00
			`public function testGetSecurityScannerForXmlBasedReader()`
			`{`
			`$fileReader = new Xlsx();`
			`$scanner = $fileReader->getSecuritySCanner();`

			`// Must return an object...`
CS Complaining about not uisng $this->assertInternalType('object', $scanner); 2018-11-25 13:41:11 +00:00			`$this->assertInternalType('object', $scanner);`
Refactor scanner into base reader class 2018-11-25 11:14:54 +00:00			`// ... of the correct type`
			`$this->assertInstanceOf(XmlScanner::class, $scanner);`
			`}`

			`public function testGetSecurityScannerForNonXmlBasedReader()`
			`{`
			`$fileReader = new Xls();`
			`$scanner = $fileReader->getSecuritySCanner();`
			`// Must return a null...`
			`$this->assertNull($scanner);`
			`}`
Support for additional callback in XML Security Scanner 2018-11-25 13:00:35 +00:00
			`/**`
			`* @dataProvider providerValidXMLForCallback`
			`*`
			`* @param mixed $filename`
Coding standards 2018-11-25 13:33:01 +00:00			`* @param mixed $expectedResult`
Support for additional callback in XML Security Scanner 2018-11-25 13:00:35 +00:00			`*/`
			`public function testSecurityScanWithCallback($filename, $expectedResult)`
			`{`
			`$fileReader = new Xlsx();`
			`$scanner = $fileReader->getSecuritySCanner();`
			`$scanner->setAdditionalCallback('strrev');`
			`$xml = $scanner->scanFile($filename);`

			`$this->assertEquals(strrev($expectedResult), $xml);`
			`}`

			`public function providerValidXMLForCallback()`
			`{`
			`$tests = [];`
			`foreach (glob(__DIR__ . '/../../../data/Reader/Xml/SecurityScannerWithCallback*.xml') as $file) {`
			`$tests[basename($file)] = [realpath($file), file_get_contents($file)];`
			`}`

			`return $tests;`
			`}`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00
			`/**`
			`* @dataProvider providerLibxmlSettings`
			`*`
Fix a few Scrutinizer issues 2019-01-02 04:38:13 +00:00			`* @param $libxmlDisableLoader`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`*/`
Fix a few Scrutinizer issues 2019-01-02 04:38:13 +00:00			`public function testNewInstanceCreationDoesntChangeLibxmlSettings($libxmlDisableLoader)`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`{`
Fix a few Scrutinizer issues 2019-01-02 04:38:13 +00:00			`libxml_disable_entity_loader($libxmlDisableLoader);`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00
			`$reader = new Xml();`
Fix a few Scrutinizer issues 2019-01-02 04:38:13 +00:00			`self::assertEquals($libxmlDisableLoader, libxml_disable_entity_loader($libxmlDisableLoader));`
			`unset($reader);`
libxml_disable_entity_loader() changes global state so it should be used as local as possible Fixes #801 Closes #802 Closes #803 2018-12-17 03:52:04 +00:00			`}`

			`public function providerLibxmlSettings()`
			`{`
			`return [`
			`[true],`
			`[false],`
			`];`
			`}`
phpcs cleanup 2018-11-20 07:18:35 +00:00			`}`