feat(tests): automate 5 remaining guards as contract tests
Extract findPatternMatchesIn*Files() to ProjectFileAssertionSupport trait for reuse. Add contract tests for: - GR-SEC-005: Encryption centralized in Crypto.php - GR-SEC-006: File storage in storage/, not web/ - GR-SEC-002: No PII in error_log() calls - GR-CORE-012: POST-Redirect-GET pattern enforcement - GR-UI-015: i18n key completeness de ↔ en Brings automated guard coverage from 24 to 29 test files. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This commit is contained in:
54
tests/Architecture/SecurityCryptoContractTest.php
Normal file
54
tests/Architecture/SecurityCryptoContractTest.php
Normal file
@@ -0,0 +1,54 @@
|
||||
<?php
|
||||
|
||||
namespace MintyPHP\Tests\Architecture;
|
||||
|
||||
use PHPUnit\Framework\TestCase;
|
||||
|
||||
/**
|
||||
* GR-SEC-005: All encryption/decryption MUST use lib/Support/Crypto.php.
|
||||
* No raw openssl_encrypt/decrypt calls outside that single file.
|
||||
*/
|
||||
class SecurityCryptoContractTest extends TestCase
|
||||
{
|
||||
use ProjectFileAssertionSupport;
|
||||
|
||||
private const CRYPTO_FILE = 'lib/Support/Crypto.php';
|
||||
|
||||
public function testNoRawOpensslEncryptOutsideCrypto(): void
|
||||
{
|
||||
$violations = array_merge(
|
||||
$this->findPatternMatchesInPhpFiles('lib', '/\bopenssl_encrypt\s*\(/'),
|
||||
$this->findPatternMatchesInPhpFiles('pages', '/\bopenssl_encrypt\s*\(/')
|
||||
);
|
||||
|
||||
$violations = array_values(array_filter(
|
||||
$violations,
|
||||
static fn (string $path): bool => $path !== self::CRYPTO_FILE
|
||||
));
|
||||
|
||||
$this->assertSame(
|
||||
[],
|
||||
$violations,
|
||||
"Raw openssl_encrypt() found outside Crypto.php (GR-SEC-005):\n" . implode("\n", $violations)
|
||||
);
|
||||
}
|
||||
|
||||
public function testNoRawOpensslDecryptOutsideCrypto(): void
|
||||
{
|
||||
$violations = array_merge(
|
||||
$this->findPatternMatchesInPhpFiles('lib', '/\bopenssl_decrypt\s*\(/'),
|
||||
$this->findPatternMatchesInPhpFiles('pages', '/\bopenssl_decrypt\s*\(/')
|
||||
);
|
||||
|
||||
$violations = array_values(array_filter(
|
||||
$violations,
|
||||
static fn (string $path): bool => $path !== self::CRYPTO_FILE
|
||||
));
|
||||
|
||||
$this->assertSame(
|
||||
[],
|
||||
$violations,
|
||||
"Raw openssl_decrypt() found outside Crypto.php (GR-SEC-005):\n" . implode("\n", $violations)
|
||||
);
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user