security = Security::getInstance(); } public function testSanitizeInput() { $input = ""; $expected = "<script>alert('XSS')</script>"; $this->assertEquals($expected, $this->security->sanitizeInput($input)); } public function testCSRFToken() { $token = $this->security->generateCSRFToken(); $this->assertTrue($this->security->validateCSRFToken($token)); $this->assertFalse($this->security->validateCSRFToken('invalid_token')); } public function testJWT() { $payload = ['user_id' => 1, 'role' => 'admin']; $token = $this->security->generateJWT($payload); $decoded = $this->security->validateJWT($token); $this->assertIsArray($decoded); $this->assertEquals(1, $decoded['user_id']); $this->assertEquals('admin', $decoded['role']); } public function testRateLimit() { $ip = '127.0.0.1'; $endpoint = 'test_endpoint'; // Should allow first request $this->assertTrue($this->security->checkRateLimit($ip, $endpoint, 2, 3600)); // Should allow second request $this->assertTrue($this->security->checkRateLimit($ip, $endpoint, 2, 3600)); // Should block third request $this->assertFalse($this->security->checkRateLimit($ip, $endpoint, 2, 3600)); } }