2 /*********************************************************************************
3 * SugarCRM Community Edition is a customer relationship management program developed by
4 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6 * This program is free software; you can redistribute it and/or modify it under
7 * the terms of the GNU Affero General Public License version 3 as published by the
8 * Free Software Foundation with the addition of the following permission added
9 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
10 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
11 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
13 * This program is distributed in the hope that it will be useful, but WITHOUT
14 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
15 * FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
18 * You should have received a copy of the GNU Affero General Public License along with
19 * this program; if not, see http://www.gnu.org/licenses or write to the Free
20 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
23 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
24 * SW2-130, Cupertino, CA 95014, USA. or at email address contact@sugarcrm.com.
26 * The interactive user interfaces in modified source and object code versions
27 * of this program must display Appropriate Legal Notices, as required under
28 * Section 5 of the GNU Affero General Public License version 3.
30 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
31 * these Appropriate Legal Notices must retain the display of the "Powered by
32 * SugarCRM" logo. If the display of the logo is not reasonably feasible for
33 * technical reasons, the Appropriate Legal Notices must display the words
34 * "Powered by SugarCRM".
35 ********************************************************************************/
37 require_once 'ModuleInstall/ModuleScanner.php';
39 class ModuleScannerTest extends Sugar_PHPUnit_Framework_TestCase
43 public function setUp()
45 $this->fileLoc = "cache/moduleScannerTemp.php";
48 public function tearDown()
50 if (is_file($this->fileLoc))
51 unlink($this->fileLoc);
54 public function phpSamples()
57 array("<?php echo blah;", true),
58 array("<? echo blah;", true),
59 array("blah <? echo blah;", true),
60 array("blah <?xml echo blah;", true),
61 array("<?xml version=\"1.0\"></xml>", false),
62 array("<?xml \n echo blah;", true),
63 array("<?xml version=\"1.0\"><? blah ?></xml>", true),
64 array("<?xml version=\"1.0\"><?php blah ?></xml>", true),
69 * @dataProvider phpSamples
71 public function testPHPFile($content, $is_php)
73 $ms = new MockModuleScanner();
74 $this->assertEquals($is_php, $ms->isPHPFile($content), "Bad PHP file result");
77 public function testFileTemplatePass()
80 $fileModContents = <<<EOQ
82 require_once('include/SugarObjects/templates/file/File.php');
84 class testFile_sugar extends File {
85 function fileT_testFiles_sugar(){
87 \$this->file = new File();
93 file_put_contents($this->fileLoc, $fileModContents);
94 $ms = new ModuleScanner();
95 $errors = $ms->scanFile($this->fileLoc);
96 $this->assertTrue(empty($errors));
99 public function testFileFunctionFail()
102 $fileModContents = <<<EOQ
104 require_once('include/SugarObjects/templates/file/File.php');
106 class testFile_sugar extends File {
107 function fileT_testFiles_sugar(){
109 \$this->file = new File();
110 \$file = file('test.php');
116 file_put_contents($this->fileLoc, $fileModContents);
117 $ms = new ModuleScanner();
118 $errors = $ms->scanFile($this->fileLoc);
119 $this->assertTrue(!empty($errors));
122 public function testCallUserFunctionFail()
125 $fileModContents = <<<EOQ
127 call_user_func("sugar_file_put_contents", "test2.php", "test");
130 file_put_contents($this->fileLoc, $fileModContents);
131 $ms = new ModuleScanner();
132 $errors = $ms->scanFile($this->fileLoc);
133 $this->assertTrue(!empty($errors));
137 public function testCallMethodObjectOperatorFail()
140 $fileModContents = <<<EOQ
142 //doesnt matter what the class name is, what matters is use of the banned method, setlevel
143 \$GlobalLoggerClass->setLevel();
146 file_put_contents($this->fileLoc, $fileModContents);
147 $ms = new ModuleScanner();
148 $errors = $ms->scanFile($this->fileLoc);
149 $this->assertNotEmpty($errors, 'There should have been an error caught for use of "->setLevel()');
152 public function testCallMethodDoubleColonFail()
155 $fileModContents = <<<EOQ
157 //doesnt matter what the class name is, what matters is use of the banned method, setlevel
158 \$GlobalLoggerClass::setLevel();
161 file_put_contents($this->fileLoc, $fileModContents);
162 $ms = new ModuleScanner();
163 $errors = $ms->scanFile($this->fileLoc);
164 $this->assertNotEmpty($errors, 'There should have been an error caught for use of "::setLevel()');
170 * When ModuleScanner is enabled, handle bars templates are invalidating published
171 * package installation.
175 public function testBug56717ValidExtsAllowed() {
176 // Allowed file names
182 'config' => 'custom/config.php',
185 // Disallowed file names
187 'docx' => 'test.docx',
188 'docx(2)' => '../sugarcrm.xml/../sugarcrm/test.docx',
189 'java' => 'test.java',
190 'phtm' => 'test.phtm',
191 'md5' => 'files.md5',
192 'md5(2)' => '../sugarcrm/files.md5',
197 $ms = new ModuleScanner();
200 foreach ($allowed as $ext => $file) {
201 $valid = $ms->isValidExtension($file);
202 $this->assertTrue($valid, "The $ext extension should be valid on $file but the ModuleScanner is saying it is not");
206 foreach ($notAllowed as $ext => $file) {
207 $valid = $ms->isValidExtension($file);
208 $this->assertFalse($valid, "The $ext extension should not be valid on $file but the ModuleScanner is saying it is");
212 public function testConfigChecks()
216 'config_override.php',
217 'custom/../config_override.php',
218 'custom/.././config.php',
221 // Disallowed file names
224 'custom/modules/config.php',
225 'cache/config_override.php',
226 'modules/Module/config.php'
230 $ms = new ModuleScanner();
233 foreach ($isconfig as $file) {
234 $valid = $ms->isConfigFile($file);
235 $this->assertTrue($valid, "$file should be recognized as config file");
239 foreach ($notconfig as $ext => $file) {
240 $valid = $ms->isConfigFile($file);
241 $this->assertFalse($valid, "$file should not be recognized as config file");
248 public function testLockConfig()
251 $fileModContents = <<<EOQ
253 \$GLOBALS['sugar_config']['moduleInstaller']['test'] = true;
254 \$manifest = array();
255 \$installdefs = array();
258 file_put_contents($this->fileLoc, $fileModContents);
259 $ms = new MockModuleScanner();
260 $ms->config['test'] = false;
262 MSLoadManifest($this->fileLoc);
263 $errors = $ms->checkConfig($this->fileLoc);
264 $this->assertTrue(!empty($errors), "Not detected config change");
265 $this->assertFalse($ms->config['test'], "config was changed");
269 class MockModuleScanner extends ModuleScanner
272 public function isPHPFile($contents) {
273 return parent::isPHPFile($contents);