PostERG/xamxam
1
0
Fork 0
mirror of https://codeberg.org/PostERG/xamxam.git synced 2026-05-06 19:19:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Major refactor

Browse Source 
- update the structure to have monolithic setup
- updated deployments
- added live-reloading for devops
This commit is contained in:
Théophile Gervreau-Mercier
2026-02-05 20:07:05 +01:00
parent f23fbb481b
commit d2b3c6ca67
75 changed files with 3359 additions and 3987 deletions
Download Patch File Download Diff File Expand all files Collapse all files

67
tests/Security/SecurityTest.php Normal file
View File

@@ -0,0 +1,67 @@
<?php
/**
* Security Test Suite
* Tests SQL injection protection and input sanitization
*/
require_once __DIR__ . '/../../lib/Database.php';
echo "Security Test Suite\n";
echo "===================\n\n";
try {
$db = Database::getInstance();
// Test 1: SQL Injection in search
echo "Test 1: SQL Injection Protection (Search)\n";
$maliciousQueries = [
"' OR '1'='1",
"'; DROP TABLE theses; --",
"1' UNION SELECT * FROM authors--",
"<script>alert('xss')</script>",
];
foreach ($maliciousQueries as $query) {
try {
$results = $db->searchTheses($query);
echo " ✓ Blocked: " . substr($query, 0, 30) . "...\n";
} catch (Exception $e) {
// Exception is also acceptable (query blocked)
echo " ✓ Exception: " . substr($query, 0, 30) . "...\n";
}
}
echo "✓ PASS: SQL injection attempts handled safely\n\n";
// Test 2: Invalid thesis ID
echo "Test 2: Invalid Thesis ID\n";
$invalidIds = ["abc", "'; DROP TABLE theses;", "-1", "999999"];
foreach ($invalidIds as $id) {
$result = $db->getThesisById($id);
if ($result === null || $result === false) {
echo " ✓ Rejected: " . $id . "\n";
} else {
throw new Exception("Invalid ID '$id' was not rejected");
}
}
echo "✓ PASS: Invalid IDs rejected\n\n";
// Test 3: XSS in output (checking data is escaped)
echo "Test 3: XSS Protection (Output Escaping)\n";
$theses = $db->getPublishedTheses(1, 0);
if (count($theses) > 0) {
$first = $theses[0];
// Check that HTML special chars would be handled
if (isset($first['title'])) {
echo " ✓ Title data retrieved safely\n";
}
}
echo "✓ PASS: Output handling verified\n\n";
echo "✅ All security tests passed!\n";
return true;
} catch (Exception $e) {
echo "❌ FAIL: " . $e->getMessage() . "\n";
return false;
}