صفحهٔ اصلی گشت‌و‌گذار راهنما
ورود
chiappa
/
sprint_planer_web
mirrorاز https://git.snix.ch/chiappa/sprint_planer_web.git
1
0
انشعاب 0
پرونده‌ها مشکلات 0
درخت: 964a2f50ce
شاخه‌ها تگ‌ها
sprint_planer_w...
/
tests
/
Repositories
/
AuditRepositoryTest.php

AuditRepositoryTest.php 2.6 KB
تاريخچه خام

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475 
  1. <?php
    2. 

  2. /*
    3. 

  3.  * Copyright 2026 Alessandro Chiapparini <sprint_planer_web@chiapparini.org>
    4. 

  4.  * SPDX-License-Identifier: Apache-2.0
    5. 

  5.  *
    6. 

  6.  * Licensed under the Apache License, Version 2.0 (the "License");
    7. 

  7.  * you may not use this file except in compliance with the License.
    8. 

  8.  * See the LICENSE file in the project root for the full license text.
    9. 

  9.  */
    10. 

  10. 

  11. declare(strict_types=1);
    12. 

  12. 

  13. namespace App\Tests\Repositories;
    14. 

  14. 

  15. use App\Repositories\AuditRepository;
    16. 

  16. use App\Services\AuditLogger;
    17. 

  17. use App\Tests\TestCase;
    18. 

  18. use InvalidArgumentException;
    19. 

  19. 

  20. /**
    21. 

  21.  * R01-N11: AuditRepository::distinctColumn interpolates its argument into
    22. 

  22.  * SQL. The method is private and both internal callers pass literals, but
    23. 

  23.  * the runtime whitelist guard makes the contract explicit so a future
    24. 

  24.  * refactor can't open an injection vector.
    25. 

  25.  */
    26. 

  26. final class AuditRepositoryTest extends TestCase
    27. 

  27. {
    28. 

  28.     public function testDistinctActionsReturnsSortedUniqueValues(): void
    29. 

  29.     {
    30. 

  30.         $pdo    = $this->makeDb();
    31. 

  31.         $logger = new AuditLogger($pdo);
    32. 

  32.         $logger->record('UPDATE', 'worker', 1, ['n' => 1], ['n' => 2]);
    33. 

  33.         $logger->record('CREATE', 'worker', 2, null, ['n' => 1]);
    34. 

  34.         $logger->record('UPDATE', 'sprint', 3, ['n' => 1], ['n' => 2]);
    35. 

  35. 

  36.         $repo = new AuditRepository($pdo);
    37. 

  37.         $this->assertSame(['CREATE', 'UPDATE'], $repo->distinctActions());
    38. 

  38.     }
    39. 

  39. 

  40.     public function testDistinctEntityTypesReturnsSortedUniqueValues(): void
    41. 

  41.     {
    42. 

  42.         $pdo    = $this->makeDb();
    43. 

  43.         $logger = new AuditLogger($pdo);
    44. 

  44.         $logger->record('UPDATE', 'worker', 1, ['n' => 1], ['n' => 2]);
    45. 

  45.         $logger->record('UPDATE', 'sprint', 2, ['n' => 1], ['n' => 2]);
    46. 

  46.         $logger->record('UPDATE', 'worker', 3, ['n' => 1], ['n' => 2]);
    47. 

  47. 

  48.         $repo = new AuditRepository($pdo);
    49. 

  49.         $this->assertSame(['sprint', 'worker'], $repo->distinctEntityTypes());
    50. 

  50.     }
    51. 

  51. 

  52.     public function testDistinctColumnRejectsUnknownColumnViaReflection(): void
    53. 

  53.     {
    54. 

  54.         $pdo  = $this->makeDb();
    55. 

  55.         $repo = new AuditRepository($pdo);
    56. 

  56. 

  57.         $rm = new \ReflectionMethod($repo, 'distinctColumn');
    58. 

  58.         $rm->setAccessible(true);
    59. 

  59. 

  60.         $this->expectException(InvalidArgumentException::class);
    61. 

  61.         $rm->invoke($repo, 'user_email');
    62. 

  62.     }
    63. 

  63. 

  64.     public function testDistinctColumnRejectsInjectionAttemptViaReflection(): void
    65. 

  65.     {
    66. 

  66.         $pdo  = $this->makeDb();
    67. 

  67.         $repo = new AuditRepository($pdo);
    68. 

  68. 

  69.         $rm = new \ReflectionMethod($repo, 'distinctColumn');
    70. 

  70.         $rm->setAccessible(true);
    71. 

  71. 

  72.         $this->expectException(InvalidArgumentException::class);
    73. 

  73.         $rm->invoke($repo, 'action; DROP TABLE audit_log; --');
    74. 

  74.     }
    75. 

  75. }
    76.