SecureUnserializerTest.php

<?php
/**
 * Copyright © Magento, Inc. All rights reserved.
 * See COPYING.txt for license details.
 */
namespace Magento\Framework\Unserialize\Test\Unit;

/**
 * Tests \Magento\Framework\Unserialize\SecureUnserializer.
 */
class SecureUnserializerTest extends \PHPUnit_Framework_TestCase
{
    /**
     * @var \Magento\Framework\Unserialize\SecureUnserializer
     */
    protected $unserializer;

    /**
     * @inheritdoc
     */
    protected function setUp()
    {
        $this->unserializer = new \Magento\Framework\Unserialize\SecureUnserializer();
    }

    /**
     * @return void
     */
    public function testUnserializeArray()
    {
        $array = ['foo' => 'bar', 1, 4];
        $this->assertEquals($array, $this->unserializer->unserialize(serialize($array)));
    }

    /**
     * @param string $serialized The string containing serialized object
     * @return void
     *
     * @expectedException \InvalidArgumentException
     * @expectedExceptionMessage Data contains serialized object and cannot be unserialized
     * @dataProvider serializedObjectDataProvider
     */
    public function testUnserializeObject($serialized)
    {
        $this->assertFalse($this->unserializer->unserialize($serialized));
    }

    /**
     * @return array
     */
    public function serializedObjectDataProvider()
    {
        return [
            // Upper and lower case serialized object indicators, nested in array
            ['a:2:{i:0;s:3:"foo";i:1;O:6:"Object":1:{s:11:"Objectvar";i:123;}}'],
            ['a:2:{i:0;s:3:"foo";i:1;o:6:"Object":1:{s:11:"Objectvar";i:123;}}'],
            ['a:2:{i:0;s:3:"foo";i:1;c:6:"Object":1:{s:11:"Objectvar";i:123;}}'],
            ['a:2:{i:0;s:3:"foo";i:1;C:6:"Object":1:{s:11:"Objectvar";i:123;}}'],

            // Positive, negative signs on object length, non-nested
            ['o:+6:"Object":1:{s:11:"Objectvar";i:123;}'],
            ['o:-6:"Object":1:{s:11:"Objectvar";i:123;}'],
        ];
    }
}