| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  | <?php | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  | namespace PhpOffice\PhpSpreadsheetTests\Reader\Security; | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-11-19 22:22:59 +00:00
										 |  |  | use PhpOffice\PhpSpreadsheet\Reader\Security\XmlScanner; | 
					
						
							| 
									
										
										
										
											2018-11-25 11:14:54 +00:00
										 |  |  | use PhpOffice\PhpSpreadsheet\Reader\Xls; | 
					
						
							| 
									
										
										
										
											2018-11-25 13:33:01 +00:00
										 |  |  | use PhpOffice\PhpSpreadsheet\Reader\Xlsx; | 
					
						
							| 
									
										
										
										
											2018-11-20 07:18:35 +00:00
										 |  |  | use PHPUnit\Framework\TestCase; | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  | class XmlScannerTest extends TestCase | 
					
						
							|  |  |  | { | 
					
						
							| 
									
										
										
										
											2020-04-27 10:28:36 +00:00
										 |  |  |     protected function setUp(): void | 
					
						
							| 
									
										
										
										
											2019-07-03 07:53:43 +00:00
										 |  |  |     { | 
					
						
							|  |  |  |         libxml_disable_entity_loader(false); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |     /** | 
					
						
							|  |  |  |      * @dataProvider providerValidXML | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param mixed $filename | 
					
						
							|  |  |  |      * @param mixed $expectedResult | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |      * @param $libxmlDisableEntityLoader | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |     public function testValidXML($filename, $expectedResult, $libxmlDisableEntityLoader) | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |     { | 
					
						
							| 
									
										
										
										
											2019-06-30 22:55:25 +00:00
										 |  |  |         $oldDisableEntityLoaderState = libxml_disable_entity_loader($libxmlDisableEntityLoader); | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-11-23 22:05:17 +00:00
										 |  |  |         $reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml()); | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |         $result = $reader->scanFile($filename); | 
					
						
							|  |  |  |         self::assertEquals($expectedResult, $result); | 
					
						
							| 
									
										
										
										
											2019-06-30 22:55:25 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         libxml_disable_entity_loader($oldDisableEntityLoaderState); | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function providerValidXML() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $tests = []; | 
					
						
							| 
									
										
										
										
											2018-11-19 22:22:59 +00:00
										 |  |  |         foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestValid*.xml') as $file) { | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |             $filename = realpath($file); | 
					
						
							|  |  |  |             $expectedResult = file_get_contents($file); | 
					
						
							|  |  |  |             $tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, $expectedResult, true]; | 
					
						
							|  |  |  |             $tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, $expectedResult, false]; | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $tests; | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @dataProvider providerInvalidXML | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param mixed $filename | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |      * @param $libxmlDisableEntityLoader | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |      */ | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |     public function testInvalidXML($filename, $libxmlDisableEntityLoader) | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |     { | 
					
						
							|  |  |  |         $this->expectException(\PhpOffice\PhpSpreadsheet\Reader\Exception::class); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |         libxml_disable_entity_loader($libxmlDisableEntityLoader); | 
					
						
							|  |  |  | 
 | 
					
						
							| 
									
										
										
										
											2018-11-23 22:05:17 +00:00
										 |  |  |         $reader = XmlScanner::getInstance(new \PhpOffice\PhpSpreadsheet\Reader\Xml()); | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |         $expectedResult = 'FAILURE: Should throw an Exception rather than return a value'; | 
					
						
							|  |  |  |         $result = $reader->scanFile($filename); | 
					
						
							|  |  |  |         self::assertEquals($expectedResult, $result); | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |         self::assertEquals($libxmlDisableEntityLoader, libxml_disable_entity_loader()); | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function providerInvalidXML() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $tests = []; | 
					
						
							| 
									
										
										
										
											2018-11-19 22:22:59 +00:00
										 |  |  |         foreach (glob(__DIR__ . '/../../../data/Reader/Xml/XEETestInvalidUTF*.xml') as $file) { | 
					
						
							| 
									
										
										
										
											2018-12-17 03:52:04 +00:00
										 |  |  |             $filename = realpath($file); | 
					
						
							|  |  |  |             $tests[basename($file) . '_libxml_entity_loader_disabled'] = [$filename, true]; | 
					
						
							|  |  |  |             $tests[basename($file) . '_libxml_entity_loader_enabled'] = [$filename, false]; | 
					
						
							| 
									
										
										
										
											2018-11-19 21:47:34 +00:00
										 |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $tests; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-11-25 11:14:54 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     public function testGetSecurityScannerForXmlBasedReader() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $fileReader = new Xlsx(); | 
					
						
							| 
									
										
										
										
											2019-07-03 07:53:43 +00:00
										 |  |  |         $scanner = $fileReader->getSecurityScanner(); | 
					
						
							| 
									
										
										
										
											2018-11-25 11:14:54 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |         //    Must return an object...
 | 
					
						
							| 
									
										
										
										
											2019-07-25 17:15:53 +00:00
										 |  |  |         self::assertIsObject($scanner); | 
					
						
							| 
									
										
										
										
											2018-11-25 11:14:54 +00:00
										 |  |  |         //    ... of the correct type
 | 
					
						
							|  |  |  |         $this->assertInstanceOf(XmlScanner::class, $scanner); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function testGetSecurityScannerForNonXmlBasedReader() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $fileReader = new Xls(); | 
					
						
							| 
									
										
										
										
											2019-07-03 07:53:43 +00:00
										 |  |  |         $scanner = $fileReader->getSecurityScanner(); | 
					
						
							| 
									
										
										
										
											2018-11-25 11:14:54 +00:00
										 |  |  |         //    Must return a null...
 | 
					
						
							|  |  |  |         $this->assertNull($scanner); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-11-25 13:00:35 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     /** | 
					
						
							|  |  |  |      * @dataProvider providerValidXMLForCallback | 
					
						
							|  |  |  |      * | 
					
						
							|  |  |  |      * @param mixed $filename | 
					
						
							| 
									
										
										
										
											2018-11-25 13:33:01 +00:00
										 |  |  |      * @param mixed $expectedResult | 
					
						
							| 
									
										
										
										
											2018-11-25 13:00:35 +00:00
										 |  |  |      */ | 
					
						
							|  |  |  |     public function testSecurityScanWithCallback($filename, $expectedResult) | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $fileReader = new Xlsx(); | 
					
						
							| 
									
										
										
										
											2019-07-03 07:53:43 +00:00
										 |  |  |         $scanner = $fileReader->getSecurityScanner(); | 
					
						
							| 
									
										
										
										
											2018-11-25 13:00:35 +00:00
										 |  |  |         $scanner->setAdditionalCallback('strrev'); | 
					
						
							|  |  |  |         $xml = $scanner->scanFile($filename); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $this->assertEquals(strrev($expectedResult), $xml); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function providerValidXMLForCallback() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $tests = []; | 
					
						
							|  |  |  |         foreach (glob(__DIR__ . '/../../../data/Reader/Xml/SecurityScannerWithCallback*.xml') as $file) { | 
					
						
							|  |  |  |             $tests[basename($file)] = [realpath($file), file_get_contents($file)]; | 
					
						
							|  |  |  |         } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         return $tests; | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2019-07-03 07:53:43 +00:00
										 |  |  | 
 | 
					
						
							|  |  |  |     public function testLibxmlDisableEntityLoaderIsRestoredWithoutShutdown() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $reader = new Xlsx(); | 
					
						
							|  |  |  |         unset($reader); | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |         $reader = new \XMLReader(); | 
					
						
							|  |  |  |         $opened = $reader->open(__DIR__ . '/../../../data/Reader/Xml/SecurityScannerWithCallbackExample.xml'); | 
					
						
							|  |  |  |         $this->assertTrue($opened); | 
					
						
							|  |  |  |     } | 
					
						
							|  |  |  | 
 | 
					
						
							|  |  |  |     public function testEncodingAllowsMixedCase() | 
					
						
							|  |  |  |     { | 
					
						
							|  |  |  |         $scanner = new XmlScanner(); | 
					
						
							|  |  |  |         $output = $scanner->scan($input = '<?xml version="1.0" encoding="utf-8"?><foo>bar</foo>'); | 
					
						
							|  |  |  |         $this->assertSame($input, $output); | 
					
						
							|  |  |  |     } | 
					
						
							| 
									
										
										
										
											2018-11-20 07:18:35 +00:00
										 |  |  | } |