security = new Security(); } public function testCanGenerateCsrfToken(): void { $token = $this->security->generateCsrfToken(); $this->assertIsString($token); $this->assertEquals(64, strlen($token)); // 32 bytes = 64 hex chars } public function testCanVerifyCsrfToken(): void { $token = $this->security->generateCsrfToken(); $this->assertTrue($this->security->verifyCsrfToken($token)); $this->assertFalse($this->security->verifyCsrfToken('invalid-token')); } public function testCanSanitizeString(): void { $input = 'Hello World'; $sanitized = $this->security->sanitizeString($input); $this->assertStringNotContainsString('