Commit | Line | Data |
---|---|---|
09ca2cbf JR |
1 | /* |
2 | The software in this package is distributed under the GNU General | |
3 | Public License version 2 (with a special exception described below). | |
4 | ||
5 | A copy of GNU General Public License (GPL) is included in this distribution, | |
6 | in the file COPYING.GPL. | |
7 | ||
8 | As a special exception, if other files instantiate templates or use macros | |
9 | or inline functions from this file, or you compile this file and link it | |
10 | with other works to produce a work based on this file, this file | |
11 | does not by itself cause the resulting work to be covered | |
12 | by the GNU General Public License. | |
13 | ||
14 | However the source code for this file must still be made available | |
15 | in accordance with section (3) of the GNU General Public License. | |
16 | ||
17 | This exception does not invalidate any other reasons why a work based | |
18 | on this file might be covered by the GNU General Public License. | |
19 | */ | |
20 | /** @file | |
21 | * @brief unit test for the restricted html functions. | |
22 | * | |
23 | * @copyright © Copyright 2017 Intra2net AG | |
24 | * | |
25 | */ | |
26 | #define BOOST_TEST_DYN_LINK | |
27 | #include <boost/test/unit_test.hpp> | |
d87beebd | 28 | #include <tmpfstream.hpp> |
09ca2cbf JR |
29 | |
30 | #include <restricted_html.hpp> | |
31 | ||
32 | using namespace std; | |
33 | using namespace I2n; | |
34 | ||
35 | BOOST_AUTO_TEST_SUITE(test_restricted_html) | |
36 | ||
37 | ||
a93685ca JR |
38 | BOOST_AUTO_TEST_CASE(DecodeStringURL) |
39 | { | |
40 | string output = decode_url("%77%77%77%2E%67%6F%6F%67%6C%65%2E%63%6F%6D"); | |
41 | BOOST_CHECK_EQUAL(string("www.google.com"), output); | |
42 | } | |
43 | ||
44 | BOOST_AUTO_TEST_CASE(DecodeStringURL2) | |
45 | { | |
46 | string output = decode_url("%3Cscript%3Ealert%28document.cookie%29%3C%2Fscr" | |
47 | "ipt%3E"); | |
48 | BOOST_CHECK_EQUAL(string("<script>alert(document.cookie)</script>"), output); | |
49 | } | |
50 | ||
51 | BOOST_AUTO_TEST_CASE(EncodeStringURL) | |
52 | { | |
53 | string output = encode_url("http://www.domain.com/params?param=b'ar:!~/"); | |
54 | BOOST_CHECK_EQUAL(string("http%3A%2F%2Fwww%2Edomain%2Ecom%2Fparams%3Fparam%" | |
55 | "3Db%27ar%3A%21%7E%2F"), output); | |
56 | } | |
57 | ||
58 | BOOST_AUTO_TEST_CASE(EncodeStringURL2) | |
59 | { | |
60 | string output = encode_url("http://www.google.com/<script>"); | |
61 | BOOST_CHECK_EQUAL(string("http%3A%2F%2Fwww%2Egoogle%2Ecom%2F%3Cscript%3E"), | |
62 | output); | |
63 | } | |
64 | ||
d87beebd C |
65 | BOOST_AUTO_TEST_CASE(RedirectHash1) |
66 | { | |
67 | tmpfstream TempFile; | |
68 | string TempFilePattern = "/tmp/libi2ncommon_test_restricted_html_XXXXXX"; | |
69 | TempFile.open(TempFilePattern); | |
70 | TempFile << "ABCDEF"; | |
71 | TempFile.close(); | |
72 | ||
73 | RedirectHash redirect_hash = RedirectHash(); | |
74 | redirect_hash.set_custom_filename(TempFile.get_tmp_filename()); | |
75 | ||
76 | string url1 = "http://www.domain.com/params?param=p"; | |
77 | string url2 = "http://www.google.com/search?q=test"; | |
78 | ||
79 | string url1_encoded = "http%3A%2F%2Fwww%2Edomain%2Ecom%2Fparams%3Fparam%3Dp"; | |
80 | string url2_encoded = "http%3A%2F%2Fwww%2Egoogle%2Ecom%2Fsearch%3Fq%3Dtest"; | |
81 | ||
82 | string hash1 = "a2Dlksjt5kBrt6Or4nKdxQ=="; | |
83 | string hash2 = "2BdwBA6vlqJS/3vWzUxa1w=="; | |
84 | ||
85 | string hash1_encoded = "a2Dlksjt5kBrt6Or4nKdxQ%3D%3D"; | |
86 | string hash2_encoded = "2BdwBA6vlqJS%2F3vWzUxa1w%3D%3D"; | |
87 | ||
88 | BOOST_CHECK_EQUAL(encode_url(url1) , url1_encoded); | |
89 | BOOST_CHECK_EQUAL(encode_url(url2) , url2_encoded); | |
90 | ||
91 | const string html = ("<html>" | |
92 | "<a href=\"/arnie?form=redirect&url=##BEGIN_URL##" + | |
93 | url1 +"##END_URL##\" target=\"_top\">Further information</a>" | |
94 | "<a href=\"/arnie?form=redirect&url=##BEGIN_URL##" + | |
95 | url2 +"##END_URL##\" target=\"_top\">Further information</a>" | |
96 | "</html>"); | |
97 | ||
98 | const string result = ("<html>" | |
99 | "<a href=\"/arnie?form=redirect&url=" + url1_encoded + "&urlauth=" + | |
100 | hash1_encoded + "\" target=\"_top\">Further information</a>" | |
101 | "<a href=\"/arnie?form=redirect&url=" + url2_encoded + "&urlauth=" + | |
102 | hash2_encoded + "\" target=\"_top\">Further information</a>" | |
103 | "</html>"); | |
104 | ||
105 | ||
106 | string new_html = redirect_hash.sign_urls(html); | |
107 | ||
108 | BOOST_CHECK_EQUAL(result, new_html); | |
109 | ||
110 | BOOST_CHECK(redirect_hash.validate_redirect_authtag(url1, hash1)); | |
111 | BOOST_CHECK(redirect_hash.validate_redirect_authtag(url2, hash2)); | |
112 | ||
113 | TempFile.unlink(); | |
114 | } | |
115 | ||
09ca2cbf | 116 | BOOST_AUTO_TEST_SUITE_END() |