Почетна Преглед Помоћ
Пријавите се
chiappa
/
sprint_planer_web
огледало од https://git.snix.ch/chiappa/sprint_planer_web.git
1
0
Креирај огранак 0
Датотеке Дискусије 0
Дрво: 2b8f1673f1
Гране Ознаке
sprint_planer_w...
/
tests
/
Repositories
/
AuditRepositoryTest.php

AuditRepositoryTest.php 2.2 KB
Историја Датотека

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667 
  1. <?php
    2. 

  2. 

  3. declare(strict_types=1);
    4. 

  4. 

  5. namespace App\Tests\Repositories;
    6. 

  6. 

  7. use App\Repositories\AuditRepository;
    8. 

  8. use App\Services\AuditLogger;
    9. 

  9. use App\Tests\TestCase;
    10. 

  10. use InvalidArgumentException;
    11. 

  11. 

  12. /**
    13. 

  13.  * R01-N11: AuditRepository::distinctColumn interpolates its argument into
    14. 

  14.  * SQL. The method is private and both internal callers pass literals, but
    15. 

  15.  * the runtime whitelist guard makes the contract explicit so a future
    16. 

  16.  * refactor can't open an injection vector.
    17. 

  17.  */
    18. 

  18. final class AuditRepositoryTest extends TestCase
    19. 

  19. {
    20. 

  20.     public function testDistinctActionsReturnsSortedUniqueValues(): void
    21. 

  21.     {
    22. 

  22.         $pdo    = $this->makeDb();
    23. 

  23.         $logger = new AuditLogger($pdo);
    24. 

  24.         $logger->record('UPDATE', 'worker', 1, ['n' => 1], ['n' => 2]);
    25. 

  25.         $logger->record('CREATE', 'worker', 2, null, ['n' => 1]);
    26. 

  26.         $logger->record('UPDATE', 'sprint', 3, ['n' => 1], ['n' => 2]);
    27. 

  27. 

  28.         $repo = new AuditRepository($pdo);
    29. 

  29.         $this->assertSame(['CREATE', 'UPDATE'], $repo->distinctActions());
    30. 

  30.     }
    31. 

  31. 

  32.     public function testDistinctEntityTypesReturnsSortedUniqueValues(): void
    33. 

  33.     {
    34. 

  34.         $pdo    = $this->makeDb();
    35. 

  35.         $logger = new AuditLogger($pdo);
    36. 

  36.         $logger->record('UPDATE', 'worker', 1, ['n' => 1], ['n' => 2]);
    37. 

  37.         $logger->record('UPDATE', 'sprint', 2, ['n' => 1], ['n' => 2]);
    38. 

  38.         $logger->record('UPDATE', 'worker', 3, ['n' => 1], ['n' => 2]);
    39. 

  39. 

  40.         $repo = new AuditRepository($pdo);
    41. 

  41.         $this->assertSame(['sprint', 'worker'], $repo->distinctEntityTypes());
    42. 

  42.     }
    43. 

  43. 

  44.     public function testDistinctColumnRejectsUnknownColumnViaReflection(): void
    45. 

  45.     {
    46. 

  46.         $pdo  = $this->makeDb();
    47. 

  47.         $repo = new AuditRepository($pdo);
    48. 

  48. 

  49.         $rm = new \ReflectionMethod($repo, 'distinctColumn');
    50. 

  50.         $rm->setAccessible(true);
    51. 

  51. 

  52.         $this->expectException(InvalidArgumentException::class);
    53. 

  53.         $rm->invoke($repo, 'user_email');
    54. 

  54.     }
    55. 

  55. 

  56.     public function testDistinctColumnRejectsInjectionAttemptViaReflection(): void
    57. 

  57.     {
    58. 

  58.         $pdo  = $this->makeDb();
    59. 

  59.         $repo = new AuditRepository($pdo);
    60. 

  60. 

  61.         $rm = new \ReflectionMethod($repo, 'distinctColumn');
    62. 

  62.         $rm->setAccessible(true);
    63. 

  63. 

  64.         $this->expectException(InvalidArgumentException::class);
    65. 

  65.         $rm->invoke($repo, 'action; DROP TABLE audit_log; --');
    66. 

  66.     }
    67. 

  67. }
    68.