Files
nextcloud-server/tests/lib/Security/Ip/BruteforceAllowListTest.php
2025-07-20 00:49:11 -01:00

162 lines
3.1 KiB
PHP

<?php
declare(strict_types=1);
/**
* SPDX-FileCopyrightText: 2016 Nextcloud GmbH and Nextcloud contributors
* SPDX-License-Identifier: AGPL-3.0-or-later
*/
namespace Test\Security\Ip;
use OC\Security\Ip\BruteforceAllowList;
use OC\Security\Ip\Factory;
use OCP\IAppConfig;
use OCP\Security\Ip\IFactory;
use PHPUnit\Framework\MockObject\MockObject;
use Test\TestCase;
/**
* Based on the unit tests from Paragonie's Airship CMS
* Ref: https://github.com/paragonie/airship/blob/7e5bad7e3c0fbbf324c11f963fd1f80e59762606/test/unit/Engine/Security/AirBrakeTest.php
*
* @package Test\Security\Bruteforce
*/
class BruteforceAllowListTest extends TestCase {
/** @var IAppConfig|MockObject */
private $appConfig;
/** @var IFactory|MockObject */
private $factory;
/** @var BruteforceAllowList */
private $allowList;
protected function setUp(): void {
parent::setUp();
$this->appConfig = $this->createMock(IAppConfig::class);
$this->factory = new Factory();
$this->allowList = new BruteforceAllowList(
$this->appConfig,
$this->factory,
);
}
public static function dataIsBypassListed(): array {
return [
[
'10.10.10.10',
[
'whitelist_0' => '10.10.10.0/24',
],
true,
],
[
'10.10.10.10',
[
'whitelist_0' => '192.168.0.0/16',
],
false,
],
[
'10.10.10.10',
[
'whitelist_0' => '192.168.0.0/16',
'whitelist_1' => '10.10.10.0/24',
],
true,
],
[
'10.10.10.10',
[
'whitelist_0' => '10.10.10.11/31',
],
true,
],
[
'10.10.10.10',
[
'whitelist_0' => '10.10.10.9/31',
],
false,
],
[
'10.10.10.10',
[
'whitelist_0' => '10.10.10.15/29',
],
true,
],
[
'dead:beef:cafe::1',
[
'whitelist_0' => '192.168.0.0/16',
'whitelist_1' => '10.10.10.0/24',
'whitelist_2' => 'deaf:beef:cafe:1234::/64'
],
false,
],
[
'dead:beef:cafe::1',
[
'whitelist_0' => '192.168.0.0/16',
'whitelist_1' => '10.10.10.0/24',
'whitelist_2' => 'deaf:beef::/64'
],
false,
],
[
'dead:beef:cafe::1',
[
'whitelist_0' => '192.168.0.0/16',
'whitelist_1' => '10.10.10.0/24',
'whitelist_2' => 'deaf:cafe::/8'
],
true,
],
[
'dead:beef:cafe::1111',
[
'whitelist_0' => 'dead:beef:cafe::1100/123',
],
true,
],
[
'invalid',
[],
false,
],
];
}
/**
* @param string[] $allowList
*/
#[\PHPUnit\Framework\Attributes\DataProvider('dataIsBypassListed')]
public function testIsBypassListed(
string $ip,
array $allowList,
bool $isAllowListed,
): void {
$this->appConfig->method('searchKeys')
->with($this->equalTo('bruteForce'), $this->equalTo('whitelist_'))
->willReturn(array_keys($allowList));
$this->appConfig->method('getValueString')
->willReturnCallback(function ($app, $key, $default) use ($allowList) {
if ($app !== 'bruteForce') {
return $default;
}
if (isset($allowList[$key])) {
return $allowList[$key];
}
return $default;
});
$this->assertSame(
$isAllowListed,
$this->allowList->isBypassListed($ip)
);
}
}