CGI-Info
view release on metacpan or search on metacpan
t/integration.t view on Meta::CPAN
like($info->cgi_host_url(), qr{^https?://}, 'cgi_host_url has protocol');
};
# ============================================================
# 12. script_name, script_path, script_dir all consistent
# ============================================================
subtest 'script methods: name, path, dir all consistent' => sub {
reset_env();
if($^O eq 'MSWin32') {
pass('script methods Unix-path test skipped on Windows');
return;
}
$ENV{SCRIPT_FILENAME} = '/var/www/cgi-bin/myapp.cgi';
$ENV{SCRIPT_NAME} = '/cgi-bin/myapp.cgi';
my $info = CGI::Info->new();
my $name = $info->script_name();
my $path = $info->script_path();
my $dir = $info->script_dir();
is($name, 'myapp.cgi', 'script_name is basename');
is($path, '/var/www/cgi-bin/myapp.cgi', 'script_path is full path from SCRIPT_FILENAME');
is($dir, '/var/www/cgi-bin', 'script_dir is containing dir of script_path');
# script_name is the basename of script_path
like($path, qr/\Q$name\E$/, 'script_path ends with script_name');
# script_dir is the directory portion of script_path
like($path, qr/^\Q$dir\E/, 'script_path begins with script_dir');
};
# ============================================================
# 13. cookie() works alongside params() in the same session
# ============================================================
subtest 'cookies and params coexist in same request' => sub {
reset_env();
$ENV{GATEWAY_INTERFACE} = 'CGI/1.1';
$ENV{REQUEST_METHOD} = 'GET';
$ENV{QUERY_STRING} = 'page=2&sort=date';
$ENV{HTTP_COOKIE} = 'session=abc123; theme=dark';
my $info = CGI::Info->new();
my $params = $info->params();
is($params->{page}, '2', 'page param parsed');
is($params->{sort}, 'date', 'sort param parsed');
is($info->cookie('session'), 'abc123', 'session cookie read');
is($info->cookie('theme'), 'dark', 'theme cookie read');
# Cookie lookup doesn't disturb params
is($info->param('page'), '2', 'param still intact after cookie lookup');
is($info->param('sort'), 'date', 'sort param still intact');
};
subtest 'cookie: repeated lookups return same value (stateful jar)' => sub {
reset_env();
$ENV{HTTP_COOKIE} = 'user=nigel; prefs=verbose';
my $info = CGI::Info->new();
my $first = $info->cookie('user');
my $second = $info->cookie('user');
is($first, $second, 'repeated cookie() calls return same value');
is($first, 'nigel', 'cookie value is correct');
};
# ============================================================
# 14. tmpdir, logdir, rootdir: directory methods cross-check
# ============================================================
subtest 'directory methods: all return valid directories' => sub {
reset_env();
my $tmp = tempdir(CLEANUP => 1);
$ENV{C_DOCUMENT_ROOT} = $tmp;
my $info = CGI::Info->new();
my $tmpdir = $info->tmpdir();
my $rootdir = $info->rootdir();
my $logdir = $info->logdir();
ok(-d $tmpdir, 'tmpdir() is a directory');
ok(-d $rootdir, 'rootdir() is a directory');
ok(-d $logdir, 'logdir() is a directory');
ok(-w $tmpdir, 'tmpdir() is writable');
ok(-w $logdir, 'logdir() is writable');
is($rootdir, $tmp, 'rootdir() returns C_DOCUMENT_ROOT');
};
subtest 'logdir: set then get returns same value' => sub {
reset_env();
my $tmp = tempdir(CLEANUP => 1);
my $info = CGI::Info->new();
$info->logdir($tmp);
is($info->logdir(), $tmp, 'logdir() returns previously set directory');
};
# ============================================================
# 15. WAF: multiple attack types in sequence, each gets correct status
# ============================================================
subtest 'WAF: SQL injection blocked with 403' => sub {
reset_env();
$ENV{GATEWAY_INTERFACE} = 'CGI/1.1';
$ENV{REQUEST_METHOD} = 'GET';
$ENV{QUERY_STRING} = "id=1'%20OR%201=1";
my $info = CGI::Info->new();
ok(!defined $info->params(), 'SQL injection returns undef');
is($info->status(), 403, 'SQL injection status 403');
ok(defined $info->messages(), 'SQL injection logged to messages');
};
subtest 'WAF: XSS injection blocked with 403' => sub {
reset_env();
( run in 1.335 second using v1.01-cache-2.11-cpan-0bb4e1dffa6 )