yetangitu/PrivateBin
1
0
Fork 0
mirror of https://github.com/PrivateBin/PrivateBin.git synced 2025-10-03 01:39:15 +02:00
Code Issues Projects Releases Packages Wiki Activity

test: more test cases for testForeignUrlUsingUsernameTrick

Browse source
This commit is contained in:
rugk 2025-09-03 14:20:03 +00:00
parent 25dca0838e
commit e4f2383dd8
1 changed files with 12 additions and 3 deletions
Download patch file Download diff file Expand all files Collapse all files

15
tst/YourlsProxyTest.php
View file

@ -74,15 +74,24 @@ class YourlsProxyTest extends TestCase
* This tests for a trick using username of an URI, see:
* {@see https://cloud.google.com/blog/topics/threat-intelligence/url-obfuscation-schema-abuse/?hl=en}
*
* @return void
* @dataProvider providerForeignUrlUsernameTrick
*/
public function testForeignUrlUsingUsernameTrick(): void
public function testForeignUrlUsingUsernameTrick($url): void
{
$yourls = new YourlsProxy($this->_conf, 'https://example.com/@foreign.malicious.example?foo#bar');
$yourls = new YourlsProxy($this->_conf, $url);
$this->assertTrue($yourls->isError());
$this->assertEquals($yourls->getError(), 'Trying to shorten a URL that isn\'t pointing at our instance.');
}
public function providerForeignUrlUsernameTrick(): array
{
return array(
array('https://example.com@foreign.malicious.example?foo#bar'),
array('https://example.com/@foreign.malicious.example?foo#bar'),
array('https://example.com/?@foreign.malicious.example?foo#bar')
);
}
/**
* @dataProvider providerForeignUrl
*/