From 182c8414a1535f7f141ebca350a2b79d0d4a63ff Mon Sep 17 00:00:00 2001
From: Tim Almdal <tnalmdal@shaw.ca>
Date: Wed, 21 Oct 2009 11:48:40 -0700
Subject: Add the Gallery File Filters and a test to check that the user/group
 table is only accessed from the user module.

---
 modules/gallery/tests/Gallery_Filters.php       | 48 +++++++++++++++
 modules/gallery/tests/No_Direct_Access_Test.php | 77 +++++++++++++++++++++++++
 2 files changed, 125 insertions(+)
 create mode 100644 modules/gallery/tests/Gallery_Filters.php
 create mode 100644 modules/gallery/tests/No_Direct_Access_Test.php

(limited to 'modules/gallery/tests')

diff --git a/modules/gallery/tests/Gallery_Filters.php b/modules/gallery/tests/Gallery_Filters.php
new file mode 100644
index 00000000..d1bc2cfa
--- /dev/null
+++ b/modules/gallery/tests/Gallery_Filters.php
@@ -0,0 +1,48 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+class PhpCodeFilterIterator extends FilterIterator {
+  public function accept() {
+    $path_name = $this->getInnerIterator()->getPathName();
+    return substr($path_name, -4) == ".php";
+  }
+}
+
+class GalleryCodeFilterIterator extends FilterIterator {
+  public function accept() {
+    // Skip anything that we didn"t write
+    $path_name = $this->getInnerIterator()->getPathName();
+    return !(
+      strpos($path_name, ".svn") ||
+      strpos($path_name, DOCROOT . "test") !== false ||
+      strpos($path_name, DOCROOT . "var") !== false ||
+      strpos($path_name, MODPATH . "forge") !== false ||
+      strpos($path_name, MODPATH . "gallery/views/kohana_error_page.php") !== false ||
+      strpos($path_name, MODPATH . "gallery/views/kohana_profiler.php") !== false ||
+      strpos($path_name, MODPATH . "gallery_unit_test/views/kohana_error_page.php") !== false ||
+      strpos($path_name, MODPATH . "gallery_unit_test/views/kohana_unit_test_cli.php") !== false ||
+      strpos($path_name, MODPATH . "unit_test") !== false ||
+      strpos($path_name, MODPATH . "exif/lib") !== false ||
+      strpos($path_name, MODPATH . "user/lib/PasswordHash") !== false ||
+      strpos($path_name, DOCROOT . "lib/swfupload") !== false ||
+      strpos($path_name, SYSPATH) !== false ||
+      strpos($path_name, MODPATH . "gallery/libraries/HTMLPurifier") !== false ||
+      substr($path_name, -1, 1) == "~");
+  }
+}
diff --git a/modules/gallery/tests/No_Direct_Access_Test.php b/modules/gallery/tests/No_Direct_Access_Test.php
new file mode 100644
index 00000000..c6d8df95
--- /dev/null
+++ b/modules/gallery/tests/No_Direct_Access_Test.php
@@ -0,0 +1,77 @@
+<?php defined("SYSPATH") or die("No direct script access.");
+/**
+ * Gallery - a web based photo album viewer and editor
+ * Copyright (C) 2000-2009 Bharat Mediratta
+ *
+ * This program is free software; you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation; either version 2 of the License, or (at
+ * your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful, but
+ * WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+ * General Public License for more details.
+ *
+ * You should have received a copy of the GNU General Public License
+ * along with this program; if not, write to the Free Software
+ * Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA  02110-1301, USA.
+ */
+require_once("Gallery_Filters.php");
+
+class No_Direct_Access_Test extends Unit_Test_Case {
+  public function no_access_to_users_table_test() {
+    $dir = new UserModuleFilterIterator(
+      new PhpCodeFilterIterator(
+        new GalleryCodeFilterIterator(
+          new RecursiveIteratorIterator(
+            new RecursiveDirectoryIterator(DOCROOT)))));
+    $errors = array();
+    foreach ($dir as $file) {
+      //if (basename(dirname($file)) == "helpers") {
+      $file_as_string = file_get_contents($file);
+      if (preg_match("/ORM::factory\\(\"user\"/", $file_as_string)) {
+        foreach (split("\n", $file_as_string) as $l => $line) {
+          if (preg_match('/ORM::factory\\(\"user\"/', $line)) {
+            $errors[] = "$file($l) => $line";
+          }
+        }
+      }
+      $file_as_string = null;
+    }
+    if ($errors) {
+      $this->assert_false(true, "Direct access to the users table found:\n" . join("\n", $errors));
+    }
+  }
+
+  public function no_access_to_groups_table_test() {
+    $dir = new UserModuleFilterIterator(
+      new PhpCodeFilterIterator(
+        new GalleryCodeFilterIterator(
+          new RecursiveIteratorIterator(
+            new RecursiveDirectoryIterator(DOCROOT)))));
+    $errors = array();
+    foreach ($dir as $file) {
+      $file_as_string = file_get_contents($file);
+      if (preg_match("/ORM::factory\\(\"group\"/", $file_as_string)) {
+        foreach (split("\n", $file_as_string) as $l => $line) {
+          if (preg_match('/ORM::factory\\(\"group\"/', $line)) {
+            $errors[] = "$file($l) => $line";
+          }
+        }
+      }
+      $file_as_string = null;
+    }
+    if ($errors) {
+      $this->assert_false(true, "Direct access to the groups table found:\n" . join("\n", $errors));
+    }
+  }
+
+}
+
+class UserModuleFilterIterator extends FilterIterator {
+  public function accept() {
+    $path_name = $this->getInnerIterator()->getPathName();
+    return strpos($path_name, "/modules/user") === false;
+  }
+}
-- 
cgit v1.2.3