function RequestSanitizerTest::providerTestRequestSanitization

Same name in other branches
  1. 9 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()
  2. 10 core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()
  3. 11.x core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php \Drupal\Tests\Core\Security\RequestSanitizerTest::providerTestRequestSanitization()

Data provider for testRequestSanitization.

Return value

array

File

core/tests/Drupal/Tests/Core/Security/RequestSanitizerTest.php, line 100

Class

RequestSanitizerTest
Tests RequestSanitizer class.

Namespace

Drupal\Tests\Core\Security

Code

public function providerTestRequestSanitization() {
    $tests = [];
    $request = new Request([
        'q' => 'index.php',
    ]);
    $tests['no sanitization GET'] = [
        $request,
        [
            'query' => [
                'q' => 'index.php',
            ],
        ],
    ];
    $request = new Request([], [
        'field' => 'value',
    ]);
    $tests['no sanitization POST'] = [
        $request,
        [
            'request' => [
                'field' => 'value',
            ],
        ],
    ];
    $request = new Request([], [], [], [
        'key' => 'value',
    ]);
    $tests['no sanitization COOKIE'] = [
        $request,
        [
            'cookies' => [
                'key' => 'value',
            ],
        ],
    ];
    $request = new Request([
        'q' => 'index.php',
    ], [
        'field' => 'value',
    ], [], [
        'key' => 'value',
    ]);
    $tests['no sanitization GET, POST, COOKIE'] = [
        $request,
        [
            'query' => [
                'q' => 'index.php',
            ],
            'request' => [
                'field' => 'value',
            ],
            'cookies' => [
                'key' => 'value',
            ],
        ],
    ];
    $request = new Request([
        'q' => 'index.php',
    ]);
    $tests['no sanitization GET log'] = [
        $request,
        [
            'query' => [
                'q' => 'index.php',
            ],
        ],
        [],
    ];
    $request = new Request([], [
        'field' => 'value',
    ]);
    $tests['no sanitization POST log'] = [
        $request,
        [
            'request' => [
                'field' => 'value',
            ],
        ],
        [],
    ];
    $request = new Request([], [], [], [
        'key' => 'value',
    ]);
    $tests['no sanitization COOKIE log'] = [
        $request,
        [
            'cookies' => [
                'key' => 'value',
            ],
        ],
        [],
    ];
    $request = new Request([
        '#q' => 'index.php',
    ]);
    $tests['sanitization GET'] = [
        $request,
    ];
    $request = new Request([], [
        '#field' => 'value',
    ]);
    $tests['sanitization POST'] = [
        $request,
    ];
    $request = new Request([], [], [], [
        '#key' => 'value',
    ]);
    $tests['sanitization COOKIE'] = [
        $request,
    ];
    $request = new Request([
        '#q' => 'index.php',
    ], [
        '#field' => 'value',
    ], [], [
        '#key' => 'value',
    ]);
    $tests['sanitization GET, POST, COOKIE'] = [
        $request,
    ];
    $request = new Request([
        '#q' => 'index.php',
    ]);
    $tests['sanitization GET log'] = [
        $request,
        [],
        [
            'Potentially unsafe keys removed from query string parameters (GET): #q',
        ],
    ];
    $request = new Request([], [
        '#field' => 'value',
    ]);
    $tests['sanitization POST log'] = [
        $request,
        [],
        [
            'Potentially unsafe keys removed from request body parameters (POST): #field',
        ],
    ];
    $request = new Request([], [], [], [
        '#key' => 'value',
    ]);
    $tests['sanitization COOKIE log'] = [
        $request,
        [],
        [
            'Potentially unsafe keys removed from cookie parameters: #key',
        ],
    ];
    $request = new Request([
        '#q' => 'index.php',
    ], [
        '#field' => 'value',
    ], [], [
        '#key' => 'value',
    ]);
    $tests['sanitization GET, POST, COOKIE log'] = [
        $request,
        [],
        [
            'Potentially unsafe keys removed from query string parameters (GET): #q',
            'Potentially unsafe keys removed from request body parameters (POST): #field',
            'Potentially unsafe keys removed from cookie parameters: #key',
        ],
    ];
    $request = new Request([
        'q' => 'index.php',
        'foo' => [
            '#bar' => 'foo',
        ],
    ]);
    $tests['recursive sanitization log'] = [
        $request,
        [
            'query' => [
                'q' => 'index.php',
                'foo' => [],
            ],
        ],
        [
            'Potentially unsafe keys removed from query string parameters (GET): #bar',
        ],
    ];
    $request = new Request([
        'q' => 'index.php',
        'foo' => [
            '#bar' => 'foo',
        ],
    ]);
    $tests['recursive no sanitization whitelist'] = [
        $request,
        [
            'query' => [
                'q' => 'index.php',
                'foo' => [
                    '#bar' => 'foo',
                ],
            ],
        ],
        [],
        [
            '#bar',
        ],
    ];
    $request = new Request([], [
        '#field' => 'value',
    ]);
    $tests['no sanitization POST whitelist'] = [
        $request,
        [
            'request' => [
                '#field' => 'value',
            ],
        ],
        [],
        [
            '#field',
        ],
    ];
    $request = new Request([
        'q' => 'index.php',
        'foo' => [
            '#bar' => 'foo',
            '#foo' => 'bar',
        ],
    ]);
    $tests['recursive multiple sanitization log'] = [
        $request,
        [
            'query' => [
                'q' => 'index.php',
                'foo' => [],
            ],
        ],
        [
            'Potentially unsafe keys removed from query string parameters (GET): #bar, #foo',
        ],
    ];
    $request = new Request([
        '#q' => 'index.php',
    ]);
    $request->attributes
        ->set(RequestSanitizer::SANITIZED, TRUE);
    $tests['already sanitized request'] = [
        $request,
        [
            'query' => [
                '#q' => 'index.php',
            ],
        ],
    ];
    $request = new Request([
        'destination' => 'whatever?%23test=value',
    ]);
    $tests['destination removal GET'] = [
        $request,
    ];
    $request = new Request([], [
        'destination' => 'whatever?%23test=value',
    ]);
    $tests['destination removal POST'] = [
        $request,
    ];
    $request = new Request([], [], [], [
        'destination' => 'whatever?%23test=value',
    ]);
    $tests['destination removal COOKIE'] = [
        $request,
    ];
    $request = new Request([
        'destination' => 'whatever?%23test=value',
    ]);
    $tests['destination removal GET log'] = [
        $request,
        [],
        [
            'Potentially unsafe destination removed from query parameter bag because it contained the following keys: #test',
        ],
    ];
    $request = new Request([], [
        'destination' => 'whatever?%23test=value',
    ]);
    $tests['destination removal POST log'] = [
        $request,
        [],
        [
            'Potentially unsafe destination removed from request parameter bag because it contained the following keys: #test',
        ],
    ];
    $request = new Request([], [], [], [
        'destination' => 'whatever?%23test=value',
    ]);
    $tests['destination removal COOKIE log'] = [
        $request,
        [],
        [
            'Potentially unsafe destination removed from cookies parameter bag because it contained the following keys: #test',
        ],
    ];
    $request = new Request([
        'destination' => 'whatever?q[%23test]=value',
    ]);
    $tests['destination removal subkey'] = [
        $request,
    ];
    $request = new Request([
        'destination' => 'whatever?q[%23test]=value',
    ]);
    $tests['destination whitelist'] = [
        $request,
        [
            'query' => [
                'destination' => 'whatever?q[%23test]=value',
            ],
        ],
        [],
        [
            '#test',
        ],
    ];
    $request = new Request([
        'destination' => "whatever?\x00bar=base&%23test=value",
    ]);
    $tests['destination removal zero byte'] = [
        $request,
    ];
    $request = new Request([
        'destination' => 'whatever?q=value',
    ]);
    $tests['destination kept'] = [
        $request,
        [
            'query' => [
                'destination' => 'whatever?q=value',
            ],
        ],
    ];
    $request = new Request([
        'destination' => 'whatever',
    ]);
    $tests['destination no query'] = [
        $request,
        [
            'query' => [
                'destination' => 'whatever',
            ],
        ],
    ];
    return $tests;
}

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.