smallsolar
/
libkiwix
mirror of https://github.com/kiwix/libkiwix.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Merge pull request #725 from kiwix/safer_testing_of_html_responses 

Safer testing of HTML responses
This commit is contained in:
Kelson 2022-03-18 07:03:02 +01:00 committed by GitHub
parent f893777dc0 ed46541b6f
commit a5baafd09f
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 75 additions and 35 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

110
test/server.cpp
View File

@ -322,26 +322,63 @@ TEST_F(ServerTest, 404)
EXPECT_EQ(404, zfs1_->GET(url)->status) << "url: " << url;
}
class TestContentIn404HtmlResponse
namespace TestingOfHtmlResponses
{
struct ExpectedResponseData
{
const std::string bookName, bookTitle, expectedBody;
};
enum ExpectedResponseDataType
{
book_name,
book_title,
expected_body
};
// Operator overloading is used as a means of defining a mini-DSL for
// defining test data in a concise way (see usage in
// TEST_F(ServerTest, 404WithBodyTesting))
ExpectedResponseData operator==(ExpectedResponseDataType t, std::string s)
{
switch (t)
{
case book_name: return ExpectedResponseData{s, "", ""};
case book_title: return ExpectedResponseData{"", s, ""};
case expected_body: return ExpectedResponseData{"", "", s};
default: assert(false); return ExpectedResponseData{};
}
}
std::string selectNonEmpty(const std::string& a, const std::string& b)
{
if ( a.empty() ) return b;
assert(b.empty());
return a;
}
ExpectedResponseData operator&&(const ExpectedResponseData& a,
const ExpectedResponseData& b)
{
return ExpectedResponseData{
selectNonEmpty(a.bookName, b.bookName),
selectNonEmpty(a.bookTitle, b.bookTitle),
selectNonEmpty(a.expectedBody, b.expectedBody)
};
}
class TestContentIn404HtmlResponse : public ExpectedResponseData
{
public:
TestContentIn404HtmlResponse(const std::string& url,
const std::string& expectedBody)
: url(url)
, expectedBody(expectedBody)
const ExpectedResponseData& erd)
: ExpectedResponseData(erd)
, url(url)
{}
TestContentIn404HtmlResponse(const std::string& url,
const std::string& bookName,
const std::string& bookTitle,
const std::string& expectedBody)
: url(url)
, bookName(bookName)
, bookTitle(bookTitle)
, expectedBody(expectedBody)
{}
const std::string url, bookName, bookTitle, expectedBody;
const std::string url;
std::string expectedResponse() const;
@ -445,11 +482,14 @@ std::string TestContentIn404HtmlResponse::taskbarLinks() const
+ R"("><button>&#x1F3B2;</button></a>)";
}
} // namespace TestingOfHtmlResponses
TEST_F(ServerTest, 404WithBodyTesting)
{
using namespace TestingOfHtmlResponses;
const std::vector<TestContentIn404HtmlResponse> testData{
{ /* url */ "/ROOT/random?content=non-existent-book",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
//EOLWHITESPACEMARKER
<p>
@ -458,7 +498,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/suggest?content=no-such-book&term=whatever",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
//EOLWHITESPACEMARKER
<p>
@ -467,7 +507,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/catalog/",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/catalog/" was not found on this server.
@ -478,7 +518,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/catalog/invalid_endpoint",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/catalog/invalid_endpoint" was not found on this server.
@ -489,7 +529,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/invalid-book/whatever",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/invalid-book/whatever" was not found on this server.
@ -500,9 +540,9 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/zimfile/invalid-article",
/* book name */ "zimfile",
/* book title */ "Ray Charles",
/* expected body */ R"(
book_name=="zimfile" &&
book_title=="Ray Charles" &&
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/zimfile/invalid-article" was not found on this server.
@ -513,7 +553,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ R"(/ROOT/"><svg onload=alert(1)>)",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/&quot;&gt;&lt;svg onload=alert(1)&gt;" was not found on this server.
@ -524,9 +564,9 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ R"(/ROOT/zimfile/"><svg onload=alert(1)>)",
/* book name */ "zimfile",
/* book title */ "Ray Charles",
/* expected body */ R"(
book_name=="zimfile" &&
book_title=="Ray Charles" &&
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/zimfile/&quot;&gt;&lt;svg onload=alert(1)&gt;" was not found on this server.
@ -537,7 +577,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/raw/no-such-book/meta/Title",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/raw/no-such-book/meta/Title" was not found on this server.
@ -548,7 +588,7 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/raw/zimfile/XYZ",
/* expected body */ R"(
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/raw/zimfile/XYZ" was not found on this server.
@ -559,9 +599,9 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/raw/zimfile/meta/invalid-metadata",
/* book name */ "zimfile",
/* book title */ "Ray Charles",
/* expected body */ R"(
book_name=="zimfile" &&
book_title=="Ray Charles" &&
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/raw/zimfile/meta/invalid-metadata" was not found on this server.
@ -572,9 +612,9 @@ TEST_F(ServerTest, 404WithBodyTesting)
)" },
{ /* url */ "/ROOT/raw/zimfile/content/invalid-article",
/* book name */ "zimfile",
/* book title */ "Ray Charles",
/* expected body */ R"(
book_name=="zimfile" &&
book_title=="Ray Charles" &&
expected_body==R"(
<h1>Not Found</h1>
<p>
The requested URL "/ROOT/raw/zimfile/content/invalid-article" was not found on this server.