Harden quarantine provisioning; enforce strict permissions and update Ansible and docs

tests/DetectorsTest.php

@@ -0,0 +1,40 @@
+<?php
+
+use PHPUnit\Framework\TestCase;
+use UploadLogger\Detectors\FilenameDetector;
+use UploadLogger\Detectors\MimeDetector;
+use UploadLogger\Detectors\ContentDetector;
+use UploadLogger\Core\Context;
+
+final class DetectorsTest extends TestCase
+{
+    public function testFilenameDetector(): void
+    {
+        $det = new FilenameDetector();
+        $ctx = new Context('r','1.1.1.1','/','POST','',0,'guest','', '');
+        $res = $det->detect($ctx, ['name' => 'image.php.jpg', 'orig_name' => 'image.php.jpg']);
+        $this->assertTrue(!empty($res['suspicious']));
+    }
+
+    public function testMimeDetector(): void
+    {
+        $det = new MimeDetector();
+        $ctx = new Context('r','1.1.1.1','/','POST','',0,'guest','', '');
+        $res = $det->detect($ctx, ['name' => 'file.jpg', 'real_mime' => 'text/plain']);
+        $this->assertTrue(!empty($res['suspicious']));
+    }
+
+    public function testContentDetectorDetectsPhpTag(): void
+    {
+        $tmp = tempnam(sys_get_temp_dir(), 'ul');
+        file_put_contents($tmp, "<?php echo 'x'; ?>");
+
+        $det = new ContentDetector();
+        $ctx = new Context('r','1.1.1.1','/','POST','text/plain', 10, 'guest','', '');
+        $res = $det->detect($ctx, ['tmp' => $tmp, 'size' => filesize($tmp), 'real_mime' => 'text/plain']);
+
+        unlink($tmp);
+
+        $this->assertTrue(!empty($res['suspicious']), 'ContentDetector should flag PHP open tag');
+    }
+}