yetangitu/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-03 17:49:19 +02:00
Code Issues Projects Releases Packages Wiki Activity

test: more test cases for testForeignUrlUsingUsernameTrick

Browse source
This commit is contained in:
rugk 2025-09-03 14:20:03 +00:00
parent 25dca0838e
commit e4f2383dd8
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tst/YourlsProxyTest.php
View file

@ -74,15 +74,24 @@ class YourlsProxyTest extends TestCase
* This tests for a trick using username of an URI, see: * This tests for a trick using username of an URI, see:
* {@see https://cloud.google.com/blog/topics/threat-intelligence/url-obfuscation-schema-abuse/?hl=en} * {@see https://cloud.google.com/blog/topics/threat-intelligence/url-obfuscation-schema-abuse/?hl=en}
* *
* @return void * @dataProvider providerForeignUrlUsernameTrick
*/ */
public function testForeignUrlUsingUsernameTrick(): void public function testForeignUrlUsingUsernameTrick($url): void
{ {
$yourls = new YourlsProxy($this->_conf, 'https://example.com/@foreign.malicious.example?foo#bar'); $yourls = new YourlsProxy($this->_conf, $url);
$this->assertTrue($yourls->isError()); $this->assertTrue($yourls->isError());
$this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.'); $this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
} }
public function providerForeignUrlUsernameTrick(): array
{
return array(
array('https://example.com@foreign.malicious.example?foo#bar'),
array('https://example.com/@foreign.malicious.example?foo#bar'),
array('https://example.com/?@foreign.malicious.example?foo#bar')
);
}
/** /**
* @dataProvider providerForeignUrl * @dataProvider providerForeignUrl
*/ */