mirror
/
PHPMailer
mirror of https://github.com/PHPMailer/PHPMailer.git
1
0
Fork 0
Code Issues Packages Projects Releases Wiki Activity

Tests: move tests for PHPMailer::validateAddress with custom validator to separate file (#2379) 

* Tests/reorganize: move email validation using custom validator test to own file

* ValidateAddressCustomValidatorTest: reorganize test

Split the test into three tests, each testing a specific situation and use a data provider for one of the tests.

Co-authored-by: jrfnl <jrfnl@users.noreply.github.com>
This commit is contained in:
Juliette 2021-06-23 23:42:01 +02:00 committed by GitHub
parent e6445ac201
commit ee70f2265e
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 115 additions and 56 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

56
test/PHPMailer/PHPMailerTest.php
View File

@ -63,62 +63,6 @@ final class PHPMailerTest extends TestCase
//self::assertTrue($this->mail->send(), $this->mail->ErrorInfo);
}
/**
* Test injecting a custom validator.
*/
public function testCustomValidator()
{
//Inject a one-off custom validator
self::assertTrue(
PHPMailer::validateAddress(
'user@example.com',
static function ($address) {
return strpos($address, '@') !== false;
}
),
'Custom validator false negative'
);
self::assertFalse(
PHPMailer::validateAddress(
'userexample.com',
static function ($address) {
return strpos($address, '@') !== false;
}
),
'Custom validator false positive'
);
//Set the default validator to an injected function
PHPMailer::$validator = static function ($address) {
return 'user@example.com' === $address;
};
self::assertTrue(
$this->Mail->addAddress('user@example.com'),
'Custom default validator false negative'
);
self::assertFalse(
//Need to pick a failing value which would pass all other validators
//to be sure we're using our custom one
$this->Mail->addAddress('bananas@example.com'),
'Custom default validator false positive'
);
//Set validator back to default
PHPMailer::$validator = 'php';
self::assertFalse(
//This is a valid address that FILTER_VALIDATE_EMAIL thinks is invalid
$this->Mail->addAddress('first.last@example.123'),
'PHP validator not behaving as expected'
);
//Test denying function name callables as validators
//See SECURITY.md and CVE-2021-3603
//If a `php` function defined in validators.php successfully overrides this built-in validator name,
//this would return false and we don't want to allow that
self::assertTrue(PHPMailer::validateAddress('test@example.com', 'php'));
//Check that a non-existent validator name falls back to a built-in validator
//and does not call a global function with that name
self::assertTrue(PHPMailer::validateAddress('test@example.com', 'phpx'));
}
/**
* Word-wrap an ASCII message.
*/

115
test/PHPMailer/ValidateAddressCustomValidatorTest.php Normal file
View File

@ -0,0 +1,115 @@
<?php
/**
* PHPMailer - PHP email transport unit tests.
* PHP version 5.5.
*
* @author Marcus Bointon <phpmailer@synchromedia.co.uk>
* @author Andy Prevost
* @copyright 2012 - 2020 Marcus Bointon
* @copyright 2004 - 2009 Andy Prevost
* @license http://www.gnu.org/copyleft/lesser.html GNU Lesser General Public License
*/
namespace PHPMailer\Test\PHPMailer;
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\Test\TestCase;
/**
* Test email address validation using a custom validator.
*
* @covers \PHPMailer\PHPMailer\PHPMailer::validateAddress
*/
final class ValidateAddressCustomValidatorTest extends TestCase
{
/**
* Test injecting a one-off custom validator.
*/
public function testOneOffCustomValidator()
{
$callback = static function ($address) {
return strpos($address, '@') !== false;
};
self::assertTrue(
PHPMailer::validateAddress('user@example.com', $callback),
'Custom validator false negative'
);
self::assertFalse(
PHPMailer::validateAddress('userexample.com', $callback),
'Custom validator false positive'
);
}
/**
* Test setting the default validator to an injected function.
*/
public function testSetDefaultValidatorToCustom()
{
// Set the default validator to an injected function.
PHPMailer::$validator = static function ($address) {
return 'user@example.com' === $address;
};
self::assertTrue(
$this->Mail->addAddress('user@example.com'),
'Custom default validator false negative'
);
// Need to pick a failing value which would pass all other validators
// to be sure we're using our custom one.
self::assertFalse(
$this->Mail->addAddress('bananas@example.com'),
'Custom default validator false positive'
);
// Set validator back to default
PHPMailer::$validator = 'php';
// This is a valid address that FILTER_VALIDATE_EMAIL thinks is invalid.
self::assertFalse(
$this->Mail->addAddress('first.last@example.123'),
'PHP validator not behaving as expected'
);
}
/**
* Test denying function name callables as validators.
*
* See SECURITY.md and CVE-2021-3603.
*
* @dataProvider dataRejectCallables
*
* @param string $callback Callback function name.
* @param string $message Message to display if the test would fail.
*/
public function testRejectCallables($callback, $message)
{
self::assertTrue(PHPMailer::validateAddress('test@example.com', $callback), $message);
}
/**
* Data provider.
*
* @return array
*/
public function dataRejectCallables()
{
return [
// If a `php` function defined in validators.php successfully overrides this built-in validator name,
// this would return false - and we don't want to allow that.
'php' => [
'callback' => 'php',
'message' => 'Build-in php validator overridden',
],
// Check that a non-existent validator name falls back to a built-in validator
// and does not call a global function with that name.
'phpx' => [
'callback' => 'phpx',
'message' => 'Global function called instead of default validator',
],
];
}
}