Trang chủ Khám phá Trợ giúp
Đăng nhập
joker
/
packagist
1
0
Fork 0
Các tập tin Các vấn đề 0 Yêu cầu khéo về 0 Wiki
Tree: b4c4bfa8dc
Branches Tags
packagist
/
src
/
Packagist
/
WebBundle
/
Tests
/
SecurityAdvisory
/
RemoteSecurityAdvisoryTest.php

RemoteSecurityAdvisoryTest.php 3.0 KB
Lịch sử Raw

1234567891011121314151617181920212223242526272829303132333435363738394041424344454647484950515253545556575859606162636465666768697071727374 
  1. <?php declare(strict_types=1);
    2. 

  2. 

  3. namespace Packagist\WebBundle\Tests\SecurityAdvisory;
    4. 

  4. 

  5. use Packagist\WebBundle\Entity\SecurityAdvisory;
    6. 

  6. use Packagist\WebBundle\SecurityAdvisory\RemoteSecurityAdvisory;
    7. 

  7. use PHPUnit\Framework\TestCase;
    8. 

  8. 

  9. class RemoteSecurityAdvisoryTest extends TestCase
    10. 

  10. {
    11. 

  11.     public function testCreateFromFriendsOfPhp(): void
    12. 

  12.     {
    13. 

  13.         $advisory = RemoteSecurityAdvisory::createFromFriendsOfPhp('3f/pygmentize/2017-05-15.yaml', [
    14. 

  14.             'title' => 'Remote Code Execution',
    15. 

  15.             'link' => 'https://github.com/dedalozzo/pygmentize/issues/1',
    16. 

  16.             'cve' => null,
    17. 

  17.             'branches' => [
    18. 

  18.                 '1.x' => [
    19. 

  19.                     'time' => 1494806400,
    20. 

  20.                     'versions' => ['<1.2'],
    21. 

  21.                 ],
    22. 

  22.             ],
    23. 

  23.             'reference' => 'composer://3f/pygmentize'
    24. 

  24.         ]);
    25. 

  25. 

  26.         $this->assertSame('3f/pygmentize/2017-05-15.yaml', $advisory->getId());
    27. 

  27.         $this->assertSame('Remote Code Execution', $advisory->getTitle());
    28. 

  28.         $this->assertSame('https://github.com/dedalozzo/pygmentize/issues/1', $advisory->getLink());
    29. 

  29.         $this->assertNull($advisory->getCve());
    30. 

  30.         $this->assertSame('<1.2', $advisory->getAffectedVersions());
    31. 

  31.         $this->assertSame('3f/pygmentize', $advisory->getPackageName());
    32. 

  32.         $this->assertSame('2017-05-15 00:00:00', $advisory->getDate()->format('Y-m-d H:i:s'));
    33. 

  33.         $this->assertSame(SecurityAdvisory::PACKAGIST_ORG, $advisory->getComposerRepository());
    34. 

  34.     }
    35. 

  35. 

  36.     public function testCreateFromFriendsOfPhpOnlyYearAvailable(): void
    37. 

  37.     {
    38. 

  38.         $advisory = RemoteSecurityAdvisory::createFromFriendsOfPhp('erusev/parsedown/CVE-2019-10905.yaml', [
    39. 

  39.             'title' => 'Class-Name Injection',
    40. 

  40.             'link' => 'https://github.com/erusev/parsedown/issues/699',
    41. 

  41.             'cve' => 'CVE-2019-10905',
    42. 

  42.             'branches' => [
    43. 

  43.                 '1.0.x' => [
    44. 

  44.                     'time' => null,
    45. 

  45.                     'versions' => ['<1.7.2'],
    46. 

  46.                 ],
    47. 

  47. 

  48.             ],
    49. 

  49.             'reference' => 'composer://erusev/parsedown'
    50. 

  50.         ]);
    51. 

  51. 

  52.         $this->assertSame('2019-01-01 00:00:00', $advisory->getDate()->format('Y-m-d H:i:s'));
    53. 

  53.     }
    54. 

  54. 

  55.     public function testCreateFromFriendsOfPhpOnlyYearButBranchDatesAvailable(): void
    56. 

  56.     {
    57. 

  57.         $advisory = RemoteSecurityAdvisory::createFromFriendsOfPhp('magento/magento1ee/CVE-2019-8114.yaml', [
    58. 

  58.             'title' => 'PRODSECBUG-2462: Remote code execution via file upload in admin import feature',
    59. 

  59.             'link' => 'https://magento.com/security/patches/magento-2.3.3-and-2.2.10-security-update',
    60. 

  60.             'cve' => 'CVE-2019-8114',
    61. 

  61.             'branches' => [
    62. 

  62.                 '1' => [
    63. 

  63.                     'time' => 1570492800,
    64. 

  64.                     'versions' => ['>=1', '<1.14.4.3'],
    65. 

  65.                 ],
    66. 

  66. 

  67.             ],
    68. 

  68.             'reference' => 'composer://magento/magento1ee',
    69. 

  69.             'composer-repository' => false,
    70. 

  70.         ]);
    71. 

  71. 

  72.         $this->assertSame('2019-10-08 00:00:00', $advisory->getDate()->format('Y-m-d H:i:s'));
    73. 

  73.     }
    74. 

  74. }
    75.