@@ -33,6 +33,55 @@ public function setUp()
33
33
$ this ->collector = Bootstrap::getObjectManager ()->get (ConfigCollector::class);
34
34
}
35
35
36
+ /**
37
+ * Create expected policy objects.
38
+ *
39
+ * @return PolicyInterface[]
40
+ */
41
+ private function getExpectedPolicies (): array
42
+ {
43
+ return [
44
+ 'child-src ' => new FetchPolicy (
45
+ 'child-src ' ,
46
+ false ,
47
+ ['http://magento.com ' , 'http://devdocs.magento.com ' ],
48
+ ['http ' ],
49
+ true ,
50
+ true ,
51
+ false ,
52
+ [],
53
+ [],
54
+ true
55
+ ),
56
+ 'child-src2 ' => new FetchPolicy ('child-src ' , false , [], [], false , false , true ),
57
+ 'connect-src ' => new FetchPolicy ('connect-src ' ),
58
+ 'default-src ' => new FetchPolicy (
59
+ 'default-src ' ,
60
+ false ,
61
+ ['http://magento.com ' , 'http://devdocs.magento.com ' ],
62
+ [],
63
+ true
64
+ ),
65
+ 'font-src ' => new FetchPolicy ('font-src ' , false , [], [], true ),
66
+ 'frame-src ' => new FetchPolicy ('frame-src ' , false , [], [], true , false , false , [], [], true ),
67
+ 'img-src ' => new FetchPolicy ('img-src ' , false , [], [], true ),
68
+ 'manifest-src ' => new FetchPolicy ('manifest-src ' , false , [], [], true ),
69
+ 'media-src ' => new FetchPolicy ('media-src ' , false , [], [], true ),
70
+ 'object-src ' => new FetchPolicy ('object-src ' , false , [], [], true ),
71
+ 'script-src ' => new FetchPolicy ('script-src ' , false , [], [], true ),
72
+ 'style-src ' => new FetchPolicy ('style-src ' , false , [], [], true ),
73
+ 'base-uri ' => new FetchPolicy ('base-uri ' , false , [], [], true ),
74
+ 'plugin-types ' => new PluginTypesPolicy (
75
+ ['application/x-shockwave-flash ' , 'application/x-java-applet ' ]
76
+ ),
77
+ 'sandbox ' => new SandboxPolicy (true , true , true , true , false , false , true , true , true , true , true ),
78
+ 'form-action ' => new FetchPolicy ('form-action ' , false , [], [], true ),
79
+ 'frame-ancestors ' => new FetchPolicy ('frame-ancestors ' , false , [], [], true ),
80
+ 'block-all-mixed-content ' => new FlagPolicy ('block-all-mixed-content ' ),
81
+ 'upgrade-insecure-requests ' => new FlagPolicy ('upgrade-insecure-requests ' )
82
+ ];
83
+ }
84
+
36
85
/**
37
86
* Test initiating policies from config.
38
87
*
@@ -90,7 +139,7 @@ public function setUp()
90
139
* @magentoConfigFixture default_store csp/policies/storefront/frame_ancestors/none 0
91
140
* @magentoConfigFixture default_store csp/policies/storefront/frame_ancestors/self 1
92
141
* @magentoConfigFixture default_store csp/policies/storefront/plugin_types/policy_id plugin-types
93
- * @magentoConfigFixture default_store csp/policies/storefront/plugin_types/types/flash application/x-shockwave-flash
142
+ * @magentoConfigFixture default_store csp/policies/storefront/plugin_types/types/fl application/x-shockwave-flash
94
143
* @magentoConfigFixture default_store csp/policies/storefront/plugin_types/types/applet application/x-java-applet
95
144
* @magentoConfigFixture default_store csp/policies/storefront/sandbox/policy_id sandbox
96
145
* @magentoConfigFixture default_store csp/policies/storefront/sandbox/forms 1
@@ -111,233 +160,20 @@ public function setUp()
111
160
public function testCollecting (): void
112
161
{
113
162
$ policies = $ this ->collector ->collect ([]);
114
- $ childScrChecked = false ;
115
- $ childScr2Checked = false ;
116
- $ connectScrChecked = false ;
117
- $ defaultScrChecked = false ;
118
- $ fontScrChecked = false ;
119
- $ frameScrChecked = false ;
120
- $ imgScrChecked = false ;
121
- $ manifestScrChecked = false ;
122
- $ mediaScrChecked = false ;
123
- $ objectScrChecked = false ;
124
- $ scriptScrChecked = false ;
125
- $ styleScrChecked = false ;
126
- $ baseUriChecked = false ;
127
- $ pluginTypesChecked = false ;
128
- $ sandboxChecked = false ;
129
- $ formActionChecked = false ;
130
- $ frameAncestorsChecked = false ;
131
- $ blockAllMixedChecked = false ;
132
- $ upgradeChecked = false ;
163
+ $ checked = [];
164
+ $ expectedPolicies = $ this ->getExpectedPolicies ();
133
165
134
166
$ this ->assertNotEmpty ($ policies );
135
- /** @var PolicyInterface|FetchPolicy|FlagPolicy|SandboxPolicy|PluginTypesPolicy $policy */
167
+ /** @var PolicyInterface $policy */
136
168
foreach ($ policies as $ policy ) {
137
- switch ($ policy ->getId ())
138
- {
139
- case 'child-src ' :
140
- if ($ policy ->isEvalAllowed ()) {
141
- $ childScr2Checked = true ;
142
- } else {
143
- $ childScrChecked = !$ policy ->isNoneAllowed ()
144
- && $ policy ->getHostSources () == ['http://magento.com ' , 'http://devdocs.magento.com ' ]
145
- && $ policy ->getSchemeSources () == ['http ' ]
146
- && $ policy ->isSelfAllowed ()
147
- && !$ policy ->isEvalAllowed ()
148
- && $ policy ->isDynamicAllowed ()
149
- && $ policy ->getHashes () == []
150
- && $ policy ->getNonceValues () == []
151
- && $ policy ->isInlineAllowed ();
152
- }
153
- break ;
154
- case 'connect-src ' :
155
- $ connectScrChecked = $ policy ->isNoneAllowed ()
156
- && $ policy ->getHostSources () == []
157
- && $ policy ->getSchemeSources () == []
158
- && !$ policy ->isSelfAllowed ()
159
- && !$ policy ->isEvalAllowed ()
160
- && !$ policy ->isDynamicAllowed ()
161
- && $ policy ->getHashes () == []
162
- && $ policy ->getNonceValues () == []
163
- && !$ policy ->isInlineAllowed ();
164
- break ;
165
- case 'default-src ' :
166
- $ defaultScrChecked = !$ policy ->isNoneAllowed ()
167
- && $ policy ->getHostSources () == ['http://magento.com ' , 'http://devdocs.magento.com ' ]
168
- && $ policy ->getSchemeSources () == []
169
- && $ policy ->isSelfAllowed ()
170
- && !$ policy ->isEvalAllowed ()
171
- && !$ policy ->isDynamicAllowed ()
172
- && $ policy ->getHashes () == []
173
- && $ policy ->getNonceValues () == []
174
- && !$ policy ->isInlineAllowed ();
175
- break ;
176
- case 'font-src ' :
177
- $ fontScrChecked = !$ policy ->isNoneAllowed ()
178
- && $ policy ->getHostSources () == []
179
- && $ policy ->getSchemeSources () == []
180
- && $ policy ->isSelfAllowed ()
181
- && !$ policy ->isEvalAllowed ()
182
- && !$ policy ->isDynamicAllowed ()
183
- && $ policy ->getHashes () == []
184
- && $ policy ->getNonceValues () == []
185
- && !$ policy ->isInlineAllowed ();
186
- break ;
187
- case 'frame-src ' :
188
- $ frameScrChecked = !$ policy ->isNoneAllowed ()
189
- && $ policy ->getHostSources () == []
190
- && $ policy ->getSchemeSources () == []
191
- && $ policy ->isSelfAllowed ()
192
- && !$ policy ->isEvalAllowed ()
193
- && $ policy ->isDynamicAllowed ()
194
- && $ policy ->getHashes () == []
195
- && $ policy ->getNonceValues () == []
196
- && !$ policy ->isInlineAllowed ();
197
- break ;
198
- case 'img-src ' :
199
- $ imgScrChecked = !$ policy ->isNoneAllowed ()
200
- && $ policy ->getHostSources () == []
201
- && $ policy ->getSchemeSources () == []
202
- && $ policy ->isSelfAllowed ()
203
- && !$ policy ->isEvalAllowed ()
204
- && !$ policy ->isDynamicAllowed ()
205
- && $ policy ->getHashes () == []
206
- && $ policy ->getNonceValues () == []
207
- && !$ policy ->isInlineAllowed ();
208
- break ;
209
- case 'manifest-src ' :
210
- $ manifestScrChecked = !$ policy ->isNoneAllowed ()
211
- && $ policy ->getHostSources () == []
212
- && $ policy ->getSchemeSources () == []
213
- && $ policy ->isSelfAllowed ()
214
- && !$ policy ->isEvalAllowed ()
215
- && !$ policy ->isDynamicAllowed ()
216
- && $ policy ->getHashes () == []
217
- && $ policy ->getNonceValues () == []
218
- && !$ policy ->isInlineAllowed ();
219
- break ;
220
- case 'media-src ' :
221
- $ mediaScrChecked = !$ policy ->isNoneAllowed ()
222
- && $ policy ->getHostSources () == []
223
- && $ policy ->getSchemeSources () == []
224
- && $ policy ->isSelfAllowed ()
225
- && !$ policy ->isEvalAllowed ()
226
- && !$ policy ->isDynamicAllowed ()
227
- && $ policy ->getHashes () == []
228
- && $ policy ->getNonceValues () == []
229
- && !$ policy ->isInlineAllowed ();
230
- break ;
231
- case 'object-src ' :
232
- $ objectScrChecked = !$ policy ->isNoneAllowed ()
233
- && $ policy ->getHostSources () == []
234
- && $ policy ->getSchemeSources () == []
235
- && $ policy ->isSelfAllowed ()
236
- && !$ policy ->isEvalAllowed ()
237
- && !$ policy ->isDynamicAllowed ()
238
- && $ policy ->getHashes () == []
239
- && $ policy ->getNonceValues () == []
240
- && !$ policy ->isInlineAllowed ();
241
- break ;
242
- case 'script-src ' :
243
- $ scriptScrChecked = !$ policy ->isNoneAllowed ()
244
- && $ policy ->getHostSources () == []
245
- && $ policy ->getSchemeSources () == []
246
- && $ policy ->isSelfAllowed ()
247
- && !$ policy ->isEvalAllowed ()
248
- && !$ policy ->isDynamicAllowed ()
249
- && $ policy ->getHashes () == []
250
- && $ policy ->getNonceValues () == []
251
- && !$ policy ->isInlineAllowed ();
252
- break ;
253
- case 'style-src ' :
254
- $ styleScrChecked = !$ policy ->isNoneAllowed ()
255
- && $ policy ->getHostSources () == []
256
- && $ policy ->getSchemeSources () == []
257
- && $ policy ->isSelfAllowed ()
258
- && !$ policy ->isEvalAllowed ()
259
- && !$ policy ->isDynamicAllowed ()
260
- && $ policy ->getHashes () == []
261
- && $ policy ->getNonceValues () == []
262
- && !$ policy ->isInlineAllowed ();
263
- break ;
264
- case 'base-uri ' :
265
- $ baseUriChecked = !$ policy ->isNoneAllowed ()
266
- && $ policy ->getHostSources () == []
267
- && $ policy ->getSchemeSources () == []
268
- && $ policy ->isSelfAllowed ()
269
- && !$ policy ->isEvalAllowed ()
270
- && !$ policy ->isDynamicAllowed ()
271
- && $ policy ->getHashes () == []
272
- && $ policy ->getNonceValues () == []
273
- && !$ policy ->isInlineAllowed ();
274
- break ;
275
- case 'plugin-types ' :
276
- $ pluginTypesChecked = $ policy ->getTypes ()
277
- == ['application/x-shockwave-flash ' , 'application/x-java-applet ' ];
278
- break ;
279
- case 'sandbox ' :
280
- $ sandboxChecked = $ policy ->isFormAllowed ()
281
- && $ policy ->isModalsAllowed ()
282
- && $ policy ->isOrientationLockAllowed ()
283
- && $ policy ->isPointerLockAllowed ()
284
- && !$ policy ->isPopupsAllowed ()
285
- && !$ policy ->isPopupsToEscapeSandboxAllowed ()
286
- && $ policy ->isPresentationAllowed ()
287
- && $ policy ->isSameOriginAllowed ()
288
- && $ policy ->isScriptsAllowed ()
289
- && $ policy ->isTopNavigationAllowed ()
290
- && $ policy ->isTopNavigationByUserActivationAllowed ();
291
- break ;
292
- case 'form-action ' :
293
- $ formActionChecked = !$ policy ->isNoneAllowed ()
294
- && $ policy ->getHostSources () == []
295
- && $ policy ->getSchemeSources () == []
296
- && $ policy ->isSelfAllowed ()
297
- && !$ policy ->isEvalAllowed ()
298
- && !$ policy ->isDynamicAllowed ()
299
- && $ policy ->getHashes () == []
300
- && $ policy ->getNonceValues () == []
301
- && !$ policy ->isInlineAllowed ();
302
- break ;
303
- case 'frame-ancestors ' :
304
- $ frameAncestorsChecked = !$ policy ->isNoneAllowed ()
305
- && $ policy ->getHostSources () == []
306
- && $ policy ->getSchemeSources () == []
307
- && $ policy ->isSelfAllowed ()
308
- && !$ policy ->isEvalAllowed ()
309
- && !$ policy ->isDynamicAllowed ()
310
- && $ policy ->getHashes () == []
311
- && $ policy ->getNonceValues () == []
312
- && !$ policy ->isInlineAllowed ();
313
- break ;
314
- case 'block-all-mixed-content ' :
315
- $ blockAllMixedChecked = $ policy instanceof FlagPolicy;
316
- break ;
317
- case 'upgrade-insecure-requests ' :
318
- $ upgradeChecked = $ policy instanceof FlagPolicy;
319
- break ;
169
+ $ id = $ policy ->getId ();
170
+ if ($ id === 'child-src ' && $ policy ->isEvalAllowed ()) {
171
+ $ id = 'child-src2 ' ;
320
172
}
173
+ $ this ->assertEquals ($ expectedPolicies [$ id ], $ policy );
174
+ $ checked [] = $ id ;
321
175
}
322
-
323
- $ this ->assertTrue ($ childScrChecked );
324
- $ this ->assertTrue ($ childScr2Checked );
325
- $ this ->assertTrue ($ connectScrChecked );
326
- $ this ->assertTrue ($ defaultScrChecked );
327
- $ this ->assertTrue ($ fontScrChecked );
328
- $ this ->assertTrue ($ frameScrChecked );
329
- $ this ->assertTrue ($ imgScrChecked );
330
- $ this ->assertTrue ($ manifestScrChecked );
331
- $ this ->assertTrue ($ mediaScrChecked );
332
- $ this ->assertTrue ($ objectScrChecked );
333
- $ this ->assertTrue ($ scriptScrChecked );
334
- $ this ->assertTrue ($ styleScrChecked );
335
- $ this ->assertTrue ($ baseUriChecked );
336
- $ this ->assertTrue ($ pluginTypesChecked );
337
- $ this ->assertTrue ($ sandboxChecked );
338
- $ this ->assertTrue ($ formActionChecked );
339
- $ this ->assertTrue ($ frameAncestorsChecked );
340
- $ this ->assertTrue ($ blockAllMixedChecked );
341
- $ this ->assertTrue ($ upgradeChecked );
176
+ $ expectedIds = array_keys ($ expectedPolicies );
177
+ $ this ->assertEquals (sort ($ expectedIds ), sort ($ checked ));
342
178
}
343
179
}
0 commit comments