path: root/www/wiki/tests/integration
diff options
Diffstat (limited to 'www/wiki/tests/integration')
4 files changed, 347 insertions, 0 deletions
diff --git a/www/wiki/tests/integration/includes/http/CurlHttpRequestTest.php b/www/wiki/tests/integration/includes/http/CurlHttpRequestTest.php
new file mode 100644
index 00000000..c1884b87
--- /dev/null
+++ b/www/wiki/tests/integration/includes/http/CurlHttpRequestTest.php
@@ -0,0 +1,9 @@
+ * @group large
+ * @covers CurlHttpRequest
+ */
+class CurlHttpRequestTest extends MWHttpRequestTestCase {
+ protected static $httpEngine = 'curl';
diff --git a/www/wiki/tests/integration/includes/http/MWHttpRequestTestCase.php b/www/wiki/tests/integration/includes/http/MWHttpRequestTestCase.php
new file mode 100644
index 00000000..262eb350
--- /dev/null
+++ b/www/wiki/tests/integration/includes/http/MWHttpRequestTestCase.php
@@ -0,0 +1,251 @@
+use Wikimedia\TestingAccessWrapper;
+abstract class MWHttpRequestTestCase extends PHPUnit\Framework\TestCase {
+ protected static $httpEngine;
+ protected $oldHttpEngine;
+ public function setUp() {
+ parent::setUp();
+ $this->oldHttpEngine = Http::$httpEngine;
+ Http::$httpEngine = static::$httpEngine;
+ try {
+ $request = MWHttpRequest::factory( 'null:' );
+ } catch ( DomainException $e ) {
+ $this->markTestSkipped( static::$httpEngine . ' engine not supported' );
+ }
+ if ( static::$httpEngine === 'php' ) {
+ $this->assertInstanceOf( PhpHttpRequest::class, $request );
+ } else {
+ $this->assertInstanceOf( CurlHttpRequest::class, $request );
+ }
+ }
+ public function tearDown() {
+ parent::tearDown();
+ Http::$httpEngine = $this->oldHttpEngine;
+ }
+ // --------------------
+ public function testIsRedirect() {
+ $request = MWHttpRequest::factory( '' );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertFalse( $request->isRedirect() );
+ $request = MWHttpRequest::factory( '' );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertTrue( $request->isRedirect() );
+ }
+ public function testgetFinalUrl() {
+ $request = MWHttpRequest::factory( '' );
+ if ( !$request->canFollowRedirects() ) {
+ $this->markTestSkipped( 'cannot follow redirects' );
+ }
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertNotSame( '', $request->getFinalUrl() );
+ $request = MWHttpRequest::factory( '', [ 'followRedirects'
+ => true ] );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertSame( '', $request->getFinalUrl() );
+ $this->assertResponseFieldValue( 'url', '', $request );
+ $request = MWHttpRequest::factory( '', [ 'followRedirects'
+ => true ] );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertSame( '', $request->getFinalUrl() );
+ $this->assertResponseFieldValue( 'url', '', $request );
+ if ( static::$httpEngine === 'curl' ) {
+ $this->markTestIncomplete( 'maxRedirects seems to be ignored by CurlHttpRequest' );
+ return;
+ }
+ $request = MWHttpRequest::factory( '', [ 'followRedirects'
+ => true, 'maxRedirects' => 1 ] );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertNotSame( '', $request->getFinalUrl() );
+ }
+ public function testSetCookie() {
+ $request = MWHttpRequest::factory( '' );
+ $request->setCookie( 'foo', 'bar' );
+ $request->setCookie( 'foo2', 'bar2', [ 'domain' => '' ] );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertResponseFieldValue( 'cookies', [ 'foo' => 'bar' ], $request );
+ }
+ public function testSetCookieJar() {
+ $request = MWHttpRequest::factory( '' );
+ $cookieJar = new CookieJar();
+ $cookieJar->setCookie( 'foo', 'bar', [ 'domain' => '' ] );
+ $cookieJar->setCookie( 'foo2', 'bar2', [ 'domain' => '' ] );
+ $request->setCookieJar( $cookieJar );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertResponseFieldValue( 'cookies', [ 'foo' => 'bar' ], $request );
+ $request = MWHttpRequest::factory( '' );
+ $cookieJar = new CookieJar();
+ $request->setCookieJar( $cookieJar );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertHasCookie( 'foo', 'bar', $request->getCookieJar() );
+ $this->markTestIncomplete( 'CookieJar does not handle deletion' );
+ return;
+ $request = MWHttpRequest::factory( '' );
+ $cookieJar = new CookieJar();
+ $cookieJar->setCookie( 'foo', 'bar', [ 'domain' => '' ] );
+ $cookieJar->setCookie( 'foo2', 'bar2', [ 'domain' => '' ] );
+ $request->setCookieJar( $cookieJar );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertNotHasCookie( 'foo', $request->getCookieJar() );
+ $this->assertHasCookie( 'foo2', 'bar2', $request->getCookieJar() );
+ }
+ public function testGetResponseHeaders() {
+ $request = MWHttpRequest::factory( '' );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $headers = array_change_key_case( $request->getResponseHeaders(), CASE_LOWER );
+ $this->assertArrayHasKey( 'foo', $headers );
+ $this->assertSame( $request->getResponseHeader( 'Foo' ), 'bar' );
+ }
+ public function testSetHeader() {
+ $request = MWHttpRequest::factory( '' );
+ $request->setHeader( 'Foo', 'bar' );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertResponseFieldValue( [ 'headers', 'Foo' ], 'bar', $request );
+ }
+ public function testGetStatus() {
+ $request = MWHttpRequest::factory( '' );
+ $status = $request->execute();
+ $this->assertFalse( $status->isOK() );
+ $this->assertSame( $request->getStatus(), 418 );
+ }
+ public function testSetUserAgent() {
+ $request = MWHttpRequest::factory( '' );
+ $request->setUserAgent( 'foo' );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertResponseFieldValue( 'user-agent', 'foo', $request );
+ }
+ public function testSetData() {
+ $request = MWHttpRequest::factory( '', [ 'method' => 'POST' ] );
+ $request->setData( [ 'foo' => 'bar', 'foo2' => 'bar2' ] );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertResponseFieldValue( 'form', [ 'foo' => 'bar', 'foo2' => 'bar2' ], $request );
+ }
+ public function testSetCallback() {
+ if ( static::$httpEngine === 'php' ) {
+ $this->markTestIncomplete( 'PhpHttpRequest does not use setCallback()' );
+ return;
+ }
+ $request = MWHttpRequest::factory( '' );
+ $data = '';
+ $request->setCallback( function ( $fh, $content ) use ( &$data ) {
+ $data .= $content;
+ return strlen( $content );
+ } );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $data = json_decode( $data, true );
+ $this->assertInternalType( 'array', $data );
+ $this->assertArrayHasKey( 'origin', $data );
+ }
+ public function testBasicAuthentication() {
+ $request = MWHttpRequest::factory( '', [
+ 'username' => 'user',
+ 'password' => 'pass',
+ ] );
+ $status = $request->execute();
+ $this->assertTrue( $status->isGood() );
+ $this->assertResponseFieldValue( 'authenticated', true, $request );
+ $request = MWHttpRequest::factory( '', [
+ 'username' => 'user',
+ 'password' => 'wrongpass',
+ ] );
+ $status = $request->execute();
+ $this->assertFalse( $status->isOK() );
+ $this->assertSame( 401, $request->getStatus() );
+ }
+ public function testFactoryDefaults() {
+ $request = MWHttpRequest::factory( 'http://acme.test' );
+ $this->assertInstanceOf( MWHttpRequest::class, $request );
+ }
+ // --------------------
+ /**
+ * Verifies that the request was successful, returned valid JSON and the given field of that
+ * JSON data is as expected.
+ * @param string|string[] $key Path to the data in the response object
+ * @param mixed $expectedValue
+ * @param MWHttpRequest $response
+ */
+ protected function assertResponseFieldValue( $key, $expectedValue, MWHttpRequest $response ) {
+ $this->assertSame( 200, $response->getStatus(), 'response status is not 200' );
+ $data = json_decode( $response->getContent(), true );
+ $this->assertInternalType( 'array', $data, 'response is not JSON' );
+ $keyPath = '';
+ foreach ( (array)$key as $keySegment ) {
+ $keyPath .= ( $keyPath ? '.' : '' ) . $keySegment;
+ $this->assertArrayHasKey( $keySegment, $data, $keyPath . ' not found' );
+ $data = $data[$keySegment];
+ }
+ $this->assertSame( $expectedValue, $data );
+ }
+ /**
+ * Asserts that the cookie jar has the given cookie with the given value.
+ * @param string $expectedName Cookie name
+ * @param string $expectedValue Cookie value
+ * @param CookieJar $cookieJar
+ */
+ protected function assertHasCookie( $expectedName, $expectedValue, CookieJar $cookieJar ) {
+ $cookieJar = TestingAccessWrapper::newFromObject( $cookieJar );
+ $cookies = array_change_key_case( $cookieJar->cookie, CASE_LOWER );
+ $this->assertArrayHasKey( strtolower( $expectedName ), $cookies );
+ $cookie = TestingAccessWrapper::newFromObject(
+ $cookies[strtolower( $expectedName )] );
+ $this->assertSame( $expectedValue, $cookie->value );
+ }
+ /**
+ * Asserts that the cookie jar does not have the given cookie.
+ * @param string $name Cookie name
+ * @param CookieJar $cookieJar
+ */
+ protected function assertNotHasCookie( $name, CookieJar $cookieJar ) {
+ $cookieJar = TestingAccessWrapper::newFromObject( $cookieJar );
+ $this->assertArrayNotHasKey( strtolower( $name ),
+ array_change_key_case( $cookieJar->cookie, CASE_LOWER ) );
+ }
diff --git a/www/wiki/tests/integration/includes/http/PhpHttpRequestTest.php b/www/wiki/tests/integration/includes/http/PhpHttpRequestTest.php
new file mode 100644
index 00000000..8c461f35
--- /dev/null
+++ b/www/wiki/tests/integration/includes/http/PhpHttpRequestTest.php
@@ -0,0 +1,9 @@
+ * @group large
+ * @covers PhpHttpRequest
+ */
+class PhpHttpRequestTest extends MWHttpRequestTestCase {
+ protected static $httpEngine = 'php';
diff --git a/www/wiki/tests/integration/includes/shell/FirejailCommandTest.php b/www/wiki/tests/integration/includes/shell/FirejailCommandTest.php
new file mode 100644
index 00000000..1e008ee2
--- /dev/null
+++ b/www/wiki/tests/integration/includes/shell/FirejailCommandTest.php
@@ -0,0 +1,78 @@
+use MediaWiki\Shell\FirejailCommand;
+use MediaWiki\Shell\Shell;
+ * Integration tests to ensure that firejail actually prevents execution.
+ * Meant to run on vagrant, although will probably work on other setups
+ * as long as firejail and sudo has similar config.
+ *
+ * @group large
+ * @group Shell
+ * @covers FirejailCommand
+ */
+class FirejailCommandIntegrationTest extends PHPUnit\Framework\TestCase {
+ public function setUp() {
+ parent::setUp();
+ if ( Shell::command( 'which', 'firejail' )->execute()->getExitCode() ) {
+ $this->markTestSkipped( 'firejail not installed' );
+ } elseif ( wfIsWindows() ) {
+ $this->markTestSkipped( 'test supports POSIX environments only' );
+ }
+ }
+ public function testSanity() {
+ // Make sure that firejail works at all.
+ $command = new FirejailCommand( 'firejail' );
+ $command
+ ->unsafeParams( 'ls .' )
+ ->restrict( Shell::RESTRICT_DEFAULT );
+ $result = $command->execute();
+ $this->assertSame( 0, $result->getExitCode() );
+ }
+ /**
+ * @coversNothing
+ * @dataProvider provideExecute
+ */
+ public function testExecute( $testCommand, $flag ) {
+ if ( preg_match( '/^sudo /', $testCommand ) ) {
+ if ( Shell::command( 'sudo', '-n', 'ls', '/' )->execute()->getExitCode() ) {
+ $this->markTestSkipped( 'need passwordless sudo' );
+ }
+ }
+ $command = new FirejailCommand( 'firejail' );
+ $command
+ ->unsafeParams( $testCommand )
+ // If we don't restrict at all, firejail won't be invoked,
+ // so the test will give a false positive if firejail breaks
+ // the command for some non-flag-related reason. Instead,
+ // set some flag that won't get in the way.
+ ->restrict( $flag === Shell::NO_NETWORK ? Shell::PRIVATE_DEV : Shell::NO_NETWORK );
+ $result = $command->execute();
+ $this->assertSame( 0, $result->getExitCode(), 'sanity check' );
+ $command = new FirejailCommand( 'firejail' );
+ $command
+ ->unsafeParams( $testCommand )
+ ->restrict( $flag );
+ $result = $command->execute();
+ $this->assertNotSame( 0, $result->getExitCode(), 'real check' );
+ }
+ public function provideExecute() {
+ global $IP;
+ return [
+ [ 'sudo -n ls /', Shell::NO_ROOT ],
+ [ 'sudo -n ls /', Shell::SECCOMP ], // not a great test but seems to work
+ [ 'ls /dev/cpu', Shell::PRIVATE_DEV ],
+ [ 'curl -fsSo /dev/null', Shell::NO_NETWORK ],
+ [ 'exec ls /', Shell::NO_EXECVE ],
+ [ "cat $IP/LocalSettings.php", Shell::NO_LOCALSETTINGS ],
+ ];
+ }