function SecurityAdvisoryTest::testPsa
Same name in other branches
- 9 core/modules/system/tests/src/Functional/SecurityAdvisories/SecurityAdvisoryTest.php \Drupal\Tests\system\Functional\SecurityAdvisories\SecurityAdvisoryTest::testPsa()
- 11.x core/modules/system/tests/src/Functional/SecurityAdvisories/SecurityAdvisoryTest.php \Drupal\Tests\system\Functional\SecurityAdvisories\SecurityAdvisoryTest::testPsa()
Tests that a security advisory is displayed.
File
-
core/
modules/ system/ tests/ src/ Functional/ SecurityAdvisories/ SecurityAdvisoryTest.php, line 118
Class
- SecurityAdvisoryTest
- Tests of security advisories functionality.
Namespace
Drupal\Tests\system\Functional\SecurityAdvisoriesCode
public function testPsa() : void {
$assert = $this->assertSession();
// Setup test PSA endpoint.
AdvisoryTestClientMiddleware::setTestEndpoint($this->workingEndpointMixed);
$mixed_advisory_links = [
'Critical Release - SA-2019-02-19',
'Critical Release - PSA-Really Old',
// The info for the test modules 'generic_module1_test' and
// 'generic_module2_test' are altered for this test so match the items in
// the test json feeds.
// @see advisory_feed_test_system_info_alter()
'Generic Module1 Project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
'Generic Module2 project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
];
// Confirm that links are not displayed if they are enabled.
$this->config('system.advisories')
->set('enabled', FALSE)
->save();
$this->assertAdvisoriesNotDisplayed($mixed_advisory_links);
$this->config('system.advisories')
->set('enabled', TRUE)
->save();
// A new request for the JSON feed will not be made on admin pages besides
// the status report.
$this->assertAdvisoriesNotDisplayed($mixed_advisory_links, [
'system.admin',
]);
// If both PSA and non-PSA advisories are displayed they should be displayed
// as errors.
$this->assertStatusReportLinks($mixed_advisory_links, REQUIREMENT_ERROR);
// The advisories will be displayed on admin pages if the response was
// stored from the status report request.
$this->assertAdminPageLinks($mixed_advisory_links, REQUIREMENT_ERROR);
// Confirm that a user without the correct permission will not see the
// advisories on admin pages.
$this->drupalLogin($this->drupalCreateUser([
'access administration pages',
// We have nothing under admin, so we need access to a child route to
// access the parent.
'administer modules',
]));
$this->assertAdvisoriesNotDisplayed($mixed_advisory_links, [
'system.admin',
]);
// Log back in with user with permission to see the advisories.
$this->drupalLogin($this->user);
// Test cache.
AdvisoryTestClientMiddleware::setTestEndpoint($this->nonWorkingEndpoint);
$this->assertAdminPageLinks($mixed_advisory_links, REQUIREMENT_ERROR);
$this->assertStatusReportLinks($mixed_advisory_links, REQUIREMENT_ERROR);
// Tests transmit errors with a JSON endpoint.
$this->tempStore
->delete('advisories_response');
$this->assertAdvisoriesNotDisplayed($mixed_advisory_links);
// Test that the site status report displays an error.
$this->drupalGet(Url::fromRoute('system.status'));
$assert->pageTextContains('Failed to fetch security advisory data:');
// Test a PSA endpoint that returns invalid JSON.
AdvisoryTestClientMiddleware::setTestEndpoint($this->invalidJsonEndpoint, TRUE);
// Assert that are no logged error messages before attempting to fetch the
// invalid endpoint.
$this->assertServiceAdvisoryLoggedErrors([]);
// On admin pages no message should be displayed if the feed is malformed.
$this->assertAdvisoriesNotDisplayed($mixed_advisory_links);
// Assert that there was an error logged for the invalid endpoint.
$this->assertServiceAdvisoryLoggedErrors([
'The security advisory JSON feed from Drupal.org could not be decoded.',
]);
// On the status report there should be no announcements section.
$this->drupalGet(Url::fromRoute('system.status'));
$assert->pageTextNotContains('Failed to fetch security advisory data:');
// Assert the error was logged again.
$this->assertServiceAdvisoryLoggedErrors([
'The security advisory JSON feed from Drupal.org could not be decoded.',
]);
AdvisoryTestClientMiddleware::setTestEndpoint($this->workingEndpointPsaOnly, TRUE);
$psa_advisory_links = [
'Critical Release - PSA-Really Old',
'Generic Module2 project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
];
// Admin page will not display the new links because a new feed request is
// not attempted.
$this->assertAdvisoriesNotDisplayed($psa_advisory_links, [
'system.admin',
]);
// If only PSA advisories are displayed they should be displayed as
// warnings.
$this->assertStatusReportLinks($psa_advisory_links, REQUIREMENT_WARNING);
$this->assertAdminPageLinks($psa_advisory_links, REQUIREMENT_WARNING);
AdvisoryTestClientMiddleware::setTestEndpoint($this->workingEndpointNonPsaOnly, TRUE);
$non_psa_advisory_links = [
'Critical Release - SA-2019-02-19',
'Generic Module1 Project - Moderately critical - Access bypass - SA-CONTRIB-2019-02-02',
];
// If only non-PSA advisories are displayed they should be displayed as
// errors.
$this->assertStatusReportLinks($non_psa_advisory_links, REQUIREMENT_ERROR);
$this->assertAdminPageLinks($non_psa_advisory_links, REQUIREMENT_ERROR);
// Confirm that advisory fetching can be disabled after enabled.
$this->config('system.advisories')
->set('enabled', FALSE)
->save();
$this->assertAdvisoriesNotDisplayed($non_psa_advisory_links);
// Assert no other errors were logged.
$this->assertServiceAdvisoryLoggedErrors([]);
}
Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.