Koha-community/Koha
13
7
Fork 0
Code Issues Releases Wiki Activity
Koha/t/db_dependent/www/regressions.t
Martin Renvoize bbf7fad55f
Bug 23329: (RM follow-up) Restore DB after test 
Test plan:
1) Dump your DB before the tests is run
2) Run the test
3) Dumper your DB again and compare to the first dump
Success if there are no differences (other than the timestamp of the
dump)

Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
Signed-off-by: Kyle M Hall <kyle@bywatersolutions.com>
Signed-off-by: Martin Renvoize <martin.renvoize@ptfs-europe.com>
2019-11-27 11:30:19 +00:00

144 lines
5.6 KiB
Perl
Raw Blame History

#!/usr/bin/env perl
# This file is part of Koha.
#
# Koha is free software; you can redistribute it and/or modify it
# under the terms of the GNU General Public License as published by
# the Free Software Foundation; either version 3 of the License, or
# (at your option) any later version.
#
# Koha is distributed in the hope that it will be useful, but
# WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with Koha; if not, see <http://www.gnu.org/licenses>.
use Modern::Perl;
use Test::More tests => 1;
use Test::Mojo;
use t::lib::TestBuilder;
use t::lib::Mocks;
use C4::Context;
use C4::Biblio;
use Koha::Database;
use MARC::Field;
my $intranet =
$ENV{KOHA_INTRANET_URL} || C4::Context->preference("staffClientBaseURL");
my $opac = $ENV{KOHA_OPAC_URL} || C4::Context->preference("OPACBaseURL");
my $context = C4::Context->new();
my $db_name = $context->config("database");
my $db_host = $context->config("hostname");
my $db_port = $context->config("port") || '';
my $db_user = $context->config("user");
my $db_passwd = $context->config("pass");
`mysqldump --add-drop-table -u $db_user --password="$db_passwd" -h $db_host -P $db_port $db_name > dumpfile.sql`;
my $t = Test::Mojo->new();
my $schema = Koha::Database->new->schema;
my $builder = t::lib::TestBuilder->new;
subtest 'open redirection vulnerabilities in tracklinks' => sub {
plan tests => 36;
# No URI's
my $biblio = $builder->build_sample_biblio();
my $biblionumber1 = $biblio->biblionumber;
# Incorrect URI at Biblio level
$biblio = $builder->build_sample_biblio();
my $biblionumber2 = $biblio->biblionumber;
my $record = $biblio->metadata->record;
my $new856 = MARC::Field->new( '856', '', '', u => "www.bing.com" );
$record->insert_fields_ordered($new856);
C4::Biblio::ModBiblio( $record, $biblionumber2 );
# URI at Biblio level
$biblio = $builder->build_sample_biblio();
my $biblionumber3 = $biblio->biblionumber;
$record = $biblio->metadata->record;
$new856 = MARC::Field->new( '856', '', '', u => "http://www.google.com" );
$record->insert_fields_ordered($new856);
C4::Biblio::ModBiblio( $record, $biblionumber3 );
# URI at Item level
my $item = $builder->build_sample_item( { uri => 'http://www.google.com' } );
my $itemnumber1 = $item->itemnumber;
# Incorrect URI at Item level
$item = $builder->build_sample_item( { uri => 'www.bing.com ' } );
my $itemnumber2 = $item->itemnumber;
my $no_biblionumber =
'/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com';
my $bad_biblionumber1 =
'/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber='
. $biblionumber1;
my $bad_biblionumber2 =
'/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber='
. $biblionumber2;
my $good_biblionumber =
'/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&biblionumber='
. $biblionumber3;
my $bad_itemnumber =
'/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&itemnumber='
. $itemnumber2;
my $good_itemnumber =
'/cgi-bin/koha/tracklinks.pl?uri=http://www.google.com&itemnumber='
. $itemnumber1;
# Don't Track
t::lib::Mocks::mock_preference( 'TrackClicks', '' );
$t->get_ok( $opac . $no_biblionumber )
->status_is( 404, "404 for no biblionumber" );
$t->get_ok( $opac . $bad_biblionumber1 )
->status_is( 404, "404 for biblionumber containing no URI" );
$t->get_ok( $opac . $bad_biblionumber2 )
->status_is( 404, "404 for biblionumber containing different URI" );
$t->get_ok( $opac . $good_biblionumber )
->status_is( 302, "302 for biblionumber with matching URI" );
$t->get_ok( $opac . $bad_itemnumber )
->status_is( 404, "404 for itemnumber containing different URI" );
$t->get_ok( $opac . $good_itemnumber )
->status_is( 302, "302 for itemnumber with matching URI" );
# Track
t::lib::Mocks::mock_preference( 'TrackClicks', 'track' );
$t->get_ok( $opac . $no_biblionumber )
->status_is( 404, "404 for no biblionumber" );
$t->get_ok( $opac . $bad_biblionumber1 )
->status_is( 404, "404 for biblionumber containing no URI" );
$t->get_ok( $opac . $bad_biblionumber2 )
->status_is( 404, "404 for biblionumber containing different URI" );
$t->get_ok( $opac . $good_biblionumber )
->status_is( 302, "302 for biblionumber with matching URI" );
$t->get_ok( $opac . $bad_itemnumber )
->status_is( 404, "404 for itemnumber containing different URI" );
$t->get_ok( $opac . $good_itemnumber )
->status_is( 302, "302 for itemnumber with matching URI" );
# Track Anonymous
t::lib::Mocks::mock_preference( 'TrackClicks', 'anonymous' );
$t->get_ok( $opac . $no_biblionumber )
->status_is( 404, "404 for no biblionumber" );
$t->get_ok( $opac . $bad_biblionumber1 )
->status_is( 404, "404 for biblionumber containing no URI" );
$t->get_ok( $opac . $bad_biblionumber2 )
->status_is( 404, "404 for biblionumber containing different URI" );
$t->get_ok( $opac . $good_biblionumber )
->status_is( 302, "302 for biblionumber with matching URI" );
$t->get_ok( $opac . $bad_itemnumber )
->status_is( 404, "404 for itemnumber containing different URI" );
$t->get_ok( $opac . $good_itemnumber )
->status_is( 302, "302 for itemnumber with matching URI" );
};
`mysql -u $db_user --password="$db_passwd" -h $db_host -P $db_port --database="$db_name" < dumpfile.sql`;
`rm dumpfile.sql`;
View git blame Copy permalink