Commit e2ed6d3c authored by Volker Krause's avatar Volker Krause
Browse files

Harden and test JSON processing in schema entry elements

parent 293d9371
......@@ -17,6 +17,7 @@
*/
require_once('restexception.php');
require_once('utils.php');
/** Represents a product schema entry element. */
class SchemaEntryElement
......@@ -36,6 +37,16 @@ class SchemaEntryElement
$this->schemaEntry = &$entry;
}
/** Checks if this schema entry element is valid. */
public function isValid()
{
if ($this->type != self::STRING_TYPE && $this->type != self::INT_TYPE && $this->type != self::NUMBER_TYPE && $this->type != self::BOOL_TYPE)
return false;
if (!Utils::isValidIdentifier($this->name))
return false;
return true;
}
/** Insert this element into storage. */
public function insert(Datastore $db, $entryId)
{
......@@ -73,9 +84,13 @@ class SchemaEntryElement
{
$elems = array();
foreach ($jsonArray as $jsonObj) {
if (!property_exists($jsonObj, 'name') || !property_exists($jsonObj, 'type'))
throw new RESTException('Incomplete schema entry element.', 400);
$e = new SchemaEntryElement($entry);
$e->name = $jsonObj->name;
$e->type = $jsonObj->type;
if (!$e->isValid())
throw new RESTException('Invalid schema entry element.', 400);
array_push($elems, $e);
}
return $elems;
......
......@@ -32,6 +32,7 @@ add_test(NAME providertest COMMAND providertest)
set(php_test_srcs
utilstest.php
schemaentrytest.php
schemaentryelementtest.php
producttest.php
sampletest.php
surveytest.php
......
<?php
/*
Copyright (C) 2016 Volker Krause <vkrause@kde.org>
This program is free software; you can redistribute it and/or modify it
under the terms of the GNU Library General Public License as published by
the Free Software Foundation; either version 2 of the License, or (at your
option) any later version.
This program is distributed in the hope that it will be useful, but WITHOUT
ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or
FITNESS FOR A PARTICULAR PURPOSE. See the GNU Library General Public
License for more details.
You should have received a copy of the GNU General Public License
along with this program. If not, see <http://www.gnu.org/licenses/>.
*/
require_once('../../server/shared/product.php');
require_once('../../server/shared/schemaentry.php');
require_once('../../server/shared/schemaentryelement.php');
class SchemaEntryElementTest extends PHPUnit_Framework_TestCase
{
public function testInvalidJson_data()
{
return [
'empty' => [ '{}' ],
'empty name' => [ '{ "name": "", "type": "string" }' ],
'empty type' => [ '{ "name": "foo", "type": "" }' ],
'invalid type' => [ '{ "name": "foo", "type": "bla" }' ],
'invalid name' => [ '{ "name": " foo ", "type": "string" }' ],
'invalid name 2' => [ '{ "name": "1foo ", "type": "string" }' ]
];
}
/**
* @dataProvider testInvalidJson_data
* @expectedException RESTException
* @exceptedExceptionCode 400
*/
public function testInvalidJson($input)
{
$p = new Product;
$se = new SchemaEntry($p);
SchemaEntryElement::fromJson(json_decode('[ ' . $input . ' ]'), $se);
}
}
......@@ -19,7 +19,7 @@
require_once('../../server/shared/product.php');
require_once('../../server/shared/schemaentry.php');
class UtilTest extends PHPUnit_Framework_TestCase
class SchemaEntryTest extends PHPUnit_Framework_TestCase
{
public function testDataTableName_data()
{
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment