public function testPatternsForLfi()
{
$inputParams = ['../../../../../../etc/passwd' => 'lfi', 'Lorem ipsum' => false];
$SL = new SecurityListener($this->mockInput());
foreach ($inputParams as $param => $expected) {
$result = $SL->checkAlertType($param);
$this->assertEquals($expected, $result[1]);
}
}
public function testWithoutException()
{
$config = (include __DIR__ . '/../../src/config.php');
$config['receivers']['blocker'] = ['min_gravity' => 1];
$listener = new SecurityListener($this->mockInput(['sql' => "this is a normal string"]));
$listener->setConfig($config);
$listener->waf->setIp(microtime());
$listener->listen();
}
public function testBasicAttackerEvent()
{
$this->setExpectedException('ThisTestItsOkay');
$guardian = new Guardian();
$guardian->request->setInput(['test' => 'nana\'']);
$guardian->when('attacked', function ($alerts) {
throw new ThisTestItsOkay();
});
$guardian->listen();
}
public function testLogWhenSomeoneTestSecurity()
{
$vectors = ["Hello'", '-1 order by 6-- -'];
$logFile = dirname(dirname(__DIR__)) . '/data/logs.txt';
$lastContent = file_get_contents($logFile);
foreach ($vectors as $vector) {
$request = $this->mockInput([$vector]);
$SL = new SecurityListener($request);
$SL->setConfig(['receivers' => ['to' => $logFile]]);
$SL->listen();
$this->assertNotEquals($lastContent, $lastContent = file_get_contents($logFile));
}
}
public function testIfListenerFireMailer()
{
$config = (include __DIR__ . '/../../src/config.php');
// turn on mailer
$config['receivers']['mail'] = ['to' => '*****@*****.**', 'from' => '*****@*****.**', 'subject' => 'Hello'];
$listener = new SecurityListener($this->mockInput(['sql' => "1337'"]));
$listener->setConfig($config);
$mailerFired = false;
$listener->enviroment->bind('Swift_MailTransport', function () use(&$mailerFired) {
$mocked = new DynamicObject();
$mocked->send = function () use(&$mailerFired) {
$mailerFired = true;
};
return $mocked;
});
$listener->listen();
$this->assertEquals($mailerFired, true);
}
