MAGETWO-58354: Automated functional test block cache exploit in cms page.

jilu1 · jilu1 · commit a6ae9547b4ee · 2016-10-06T10:21:21.000-05:00
diff --git a/dev/tests/functional/tests/app/Magento/Cms/Test/Constraint/AssertCmsPageOnFrontend.php b/dev/tests/functional/tests/app/Magento/Cms/Test/Constraint/AssertCmsPageOnFrontend.php
@@ -0,0 +1,52 @@
+<?php
+/**
+ * Copyright © 2016 Magento. All rights reserved.
+ * See COPYING.txt for license details.
+ */
+
+namespace Magento\Cms\Test\Constraint;
+
+use Magento\Cms\Test\Fixture\CmsPage;
+use Magento\Cms\Test\Page\CmsPage as FrontCmsPage;
+use Magento\Mtf\Client\BrowserInterface;
+use Magento\Mtf\Constraint\AbstractConstraint;
+
+/**
+ * Assert that created CMS page with expected contents displayed on Frontend.
+ */
+class AssertCmsPageOnFrontend extends AbstractConstraint
+{
+    /**
+     * Assert that created CMS page with expected contents displayed on Frontend.
+     *
+     * @param CmsPage $cms
+     * @param FrontCmsPage $frontCmsPage,
+     * @param BrowserInterface $browser
+     * @param string $displayContent
+     * @return void
+     */
+    public function processAssert(
+        CmsPage $cms,
+        FrontCmsPage $frontCmsPage,
+        BrowserInterface $browser,
+        $displayContent = null
+    ) {
+        $browser->open($_ENV['app_frontend_url'] . $cms->getIdentifier());
+        $fixtureContent = $cms->getContent();
+        \PHPUnit_Framework_Assert::assertContains(
+            $displayContent != null ? $displayContent : $fixtureContent['content'],
+            $frontCmsPage->getCmsPageBlock()->getPageContent(),
+            'Wrong content is displayed.'
+        );
+    }
+
+    /**
+     * CMS Page content equals to data from fixture.
+     *
+     * @return string
+     */
+    public function toString()
+    {
+        return 'CMS Page content equals to data from fixture.';
+    }
+}
diff --git a/dev/tests/functional/tests/app/Magento/Cms/Test/Constraint/AssertCmsPagePreview.php b/dev/tests/functional/tests/app/Magento/Cms/Test/Constraint/AssertCmsPagePreview.php
@@ -30,14 +30,16 @@ class AssertCmsPagePreview extends AbstractConstraint
      * @param FrontCmsPage $frontCmsPage
      * @param CmsPage $cms
      * @param BrowserInterface $browser
+     * @param string $displayContent
      * @return void
      */
     public function processAssert(
         CmsPageIndex $cmsIndex,
         FrontCmsIndex $frontCmsIndex,
         FrontCmsPage $frontCmsPage,
         CmsPage $cms,
-        BrowserInterface $browser
+        BrowserInterface $browser,
+        $displayContent = null
     ) {
         $cmsIndex->open();
         $filter = ['title' => $cms->getTitle()];
@@ -46,7 +48,7 @@ public function processAssert(
 
         $fixtureContent = $cms->getContent();
         \PHPUnit_Framework_Assert::assertContains(
-            $fixtureContent['content'],
+            $displayContent != null ? $displayContent : $fixtureContent['content'],
             $frontCmsPage->getCmsPageBlock()->getPageContent(),
             'Wrong content is displayed.'
         );
diff --git a/dev/tests/functional/tests/app/Magento/Cms/Test/TestCase/CreateCmsPageEntityTest.xml b/dev/tests/functional/tests/app/Magento/Cms/Test/TestCase/CreateCmsPageEntityTest.xml
@@ -54,5 +54,18 @@
             <constraint name="Magento\Cms\Test\Constraint\AssertCmsPageSuccessSaveMessage" />
             <constraint name="Magento\Cms\Test\Constraint\AssertCmsPageDisabledOnFrontend" />
         </variation>
+        <variation name="CreateCmsPageEntityTestVariation5" summary="Block Cache Exploit" ticketId="MAGETWO-48017">
+            <data name="tag" xsi:type="string">severity:S2</data>
+            <data name="fixtureType" xsi:type="string">cmsPage</data>
+            <data name="data/title" xsi:type="string">NewCmsPage%isolation%</data>
+            <data name="data/identifier" xsi:type="string">identifier-%isolation%</data>
+            <data name="data/store_id" xsi:type="string">Main Website/Main Website Store/Default Store View</data>
+            <data name="data/is_active" xsi:type="string">Yes</data>
+            <data name="data/content/content" xsi:type="string">\\{{block class=&apos;Magento\Framework\View\Element\Text&apos; text=&apos;bla bla bla&apos; cache_key=&apos;BACKEND_ACL_RESOURCES&apos; cache_lifetime=999\}}</data>
+            <data name="displayContent" xsi:type="string">bla bla bla</data>
+            <constraint name="Magento\Cms\Test\Constraint\AssertCmsPageSuccessSaveMessage" />
+            <constraint name="Magento\Cms\Test\Constraint\AssertCmsPagePreview" />
+            <constraint name="Magento\Cms\Test\Constraint\AssertCmsPageOnFrontend" />
+        </variation>
     </testCase>
 </config>
diff --git a/dev/tests/functional/tests/app/Magento/Cms/Test/etc/di.xml b/dev/tests/functional/tests/app/Magento/Cms/Test/etc/di.xml
@@ -66,6 +66,11 @@
             <argument name="severity" xsi:type="string">S3</argument>
         </arguments>
     </type>
+    <type name="Magento\Cms\Test\Constraint\AssertCmsPageOnFrontend">
+        <arguments>
+            <argument name="severity" xsi:type="string">S1</argument>
+        </arguments>
+    </type>
     <type name="Magento\Cms\Test\Constraint\AssertCmsPagePreview">
         <arguments>
             <argument name="severity" xsi:type="string">S1</argument>
