탐색 도움말
로그인
chiappa
/
irdb
의 미러 https://git.snix.ch/chiappa/irdb.git
1
0
포크 0
파일 이슈 0
트리: 6580a5b3cd
브랜치 태그
irdb
/
api
/
tests
/
Unit
/
Enrichment
/
DbipDownloaderTest.php

DbipDownloaderTest.php 4.2 KB
히스토리 Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace App\Tests\Unit\Enrichment;
    6. 

  6. 

  7. use App\Infrastructure\Enrichment\Downloaders\DbipDownloader;
    8. 

  8. use App\Infrastructure\Enrichment\Downloaders\DownloaderException;
    9. 

  9. use PHPUnit\Framework\TestCase;
    10. 

  10. 

  11. /**
    12. 

  12.  * SEC_REVIEW F49 — `DbipDownloader::gunzipWithCap` streams via
    13. 

  13.  * `gzopen`/`gzread` and aborts past a configurable cap so a
    14. 

  14.  * compromised DB-IP endpoint serving a tiny gzip whose decompressed
    15. 

  15.  * form is multi-GB cannot OOM the api or fill the disk.
    16. 

  16.  */
    17. 

  17. final class DbipDownloaderTest extends TestCase
    18. 

  18. {
    19. 

  19.     private string $tmpDir = '';
    20. 

  20. 

  21.     protected function setUp(): void
    22. 

  22.     {
    23. 

  23.         $this->tmpDir = sys_get_temp_dir() . '/irdb-dbip-' . bin2hex(random_bytes(6));
    24. 

  24.         mkdir($this->tmpDir);
    25. 

  25.     }
    26. 

  26. 

  27.     protected function tearDown(): void
    28. 

  28.     {
    29. 

  29.         if ($this->tmpDir !== '' && is_dir($this->tmpDir)) {
    30. 

  30.             foreach (glob($this->tmpDir . '/*') ?: [] as $f) {
    31. 

  31.                 @unlink($f);
    32. 

  32.             }
    33. 

  33.             @rmdir($this->tmpDir);
    34. 

  34.         }
    35. 

  35.     }
    36. 

  36. 

  37.     public function testNormalGunzipPasses(): void
    38. 

  38.     {
    39. 

  39.         $gzPath = $this->writeGzip('hello world');
    40. 

  40.         $outPath = $this->tmpDir . '/out.bin';
    41. 

  41. 

  42.         DbipDownloader::gunzipWithCap($gzPath, $outPath, maxBytes: 1024);
    43. 

  43. 

  44.         self::assertFileExists($outPath);
    45. 

  45.         self::assertSame('hello world', file_get_contents($outPath));
    46. 

  46.         // gz file is removed on success.
    47. 

  47.         self::assertFileDoesNotExist($gzPath);
    48. 

  48.     }
    49. 

  49. 

  50.     public function testOutputOverCapIsRejectedAndCleanedUp(): void
    51. 

  51.     {
    52. 

  52.         // 4 KiB of plaintext, cap at 1 KiB.
    53. 

  53.         $gzPath = $this->writeGzip(str_repeat('A', 4096));
    54. 

  54.         $outPath = $this->tmpDir . '/out.bin';
    55. 

  55. 

  56.         $threw = false;
    57. 

  57.         try {
    58. 

  58.             DbipDownloader::gunzipWithCap($gzPath, $outPath, maxBytes: 1024);
    59. 

  59.         } catch (DownloaderException $e) {
    60. 

  60.             $threw = true;
    61. 

  61.             self::assertStringContainsString('exceeds cap 1024 bytes', $e->getMessage());
    62. 

  62.         }
    63. 

  63.         self::assertTrue($threw, 'expected DownloaderException for over-cap output');
    64. 

  64.         // Partial output must NOT be left on disk — caller treats
    65. 

  65.         // existence of `$outPath` as "verified ready to swap".
    66. 

  66.         self::assertFileDoesNotExist($outPath);
    67. 

  67.         // gz input was NOT cleaned up (caller decides whether to retry).
    68. 

  68.         self::assertFileExists($gzPath);
    69. 

  69.     }
    70. 

  70. 

  71.     public function testEmptyGzipIsRejected(): void
    72. 

  72.     {
    73. 

  73.         // gzip of an empty string produces a valid gzip with 0 bytes
    74. 

  74.         // payload — the verifier downstream needs SOMETHING; an empty
    75. 

  75.         // file is suspicious enough to bail on.
    76. 

  76.         $gzPath = $this->writeGzip('');
    77. 

  77.         $outPath = $this->tmpDir . '/out.bin';
    78. 

  78. 

  79.         $threw = false;
    80. 

  80.         try {
    81. 

  81.             DbipDownloader::gunzipWithCap($gzPath, $outPath, maxBytes: 1024);
    82. 

  82.         } catch (DownloaderException $e) {
    83. 

  83.             $threw = true;
    84. 

  84.             self::assertStringContainsString('empty output', $e->getMessage());
    85. 

  85.         }
    86. 

  86.         self::assertTrue($threw);
    87. 

  87.         self::assertFileDoesNotExist($outPath);
    88. 

  88.     }
    89. 

  89. 

  90.     public function testMissingInputIsRejected(): void
    91. 

  91.     {
    92. 

  92.         $this->expectException(DownloaderException::class);
    93. 

  93.         DbipDownloader::gunzipWithCap(
    94. 

  94.             $this->tmpDir . '/does-not-exist.gz',
    95. 

  95.             $this->tmpDir . '/out.bin',
    96. 

  96.             maxBytes: 1024,
    97. 

  97.         );
    98. 

  98.     }
    99. 

  99. 

  100.     /**
    101. 

  101.      * Streams >chunk-size of plaintext through the gunzip helper to
    102. 

  102.      * prove the chunked read loop accumulates correctly.
    103. 

  103.      */
    104. 

  104.     public function testLargeInputStreamsCorrectly(): void
    105. 

  105.     {
    106. 

  106.         // 256 KiB of distinguishable bytes (4 × 64 KiB chunks).
    107. 

  107.         $payload = str_repeat('abcd', 256 * 1024 / 4);
    108. 

  108.         self::assertSame(256 * 1024, strlen($payload));
    109. 

  109.         $gzPath = $this->writeGzip($payload);
    110. 

  110.         $outPath = $this->tmpDir . '/big.bin';
    111. 

  111. 

  112.         DbipDownloader::gunzipWithCap($gzPath, $outPath, maxBytes: 512 * 1024);
    113. 

  113. 

  114.         self::assertFileExists($outPath);
    115. 

  115.         self::assertSame($payload, file_get_contents($outPath));
    116. 

  116.     }
    117. 

  117. 

  118.     private function writeGzip(string $plain): string
    119. 

  119.     {
    120. 

  120.         $path = $this->tmpDir . '/' . bin2hex(random_bytes(4)) . '.gz';
    121. 

  121.         $compressed = gzencode($plain, 6);
    122. 

  122.         self::assertNotFalse($compressed);
    123. 

  123.         file_put_contents($path, $compressed);
    124. 

  124. 

  125.         return $path;
    126. 

  126.     }
    127. 

  127. }
    128.