You are here

coder_review_security.test in Coder 7

Same filename and directory in other branches
  1. 7.2 coder_review/tests/coder_review_security.test

File

coder_review/tests/coder_review_security.test
View source
<?php

/**
 * @file
 * Set of simpletests for the security review.
 */
require_once dirname(__FILE__) . '/coder_review_test_case.tinc';
class CoderReviewSecurityTest extends CoderReviewTestCase {
  function __construct($id = NULL) {
    parent::__construct('security', $id);
  }
  public static function getInfo() {
    return array(
      'name' => t('Coder Security Tests'),
      'description' => t('Tests for the coder security review.'),
      'group' => t('Coder'),
    );
  }
  function testSecurityCheckPlain() {
    $this
      ->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal");');
    $this
      ->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal", array("html" => FALSE);');
    $this
      ->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal", array("html" => $value);');
    $this
      ->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal", array("html" => 0);');
    $this
      ->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array("html" => TRUE);');
    $this
      ->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => TRUE);');
    $this
      ->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array("html" => 1);');
    $this
      ->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => 1);');
  }
  function testSecuritySQLVariableInjection() {
    $this
      ->assertCoderReviewFail('  $results = db_query("SELECT * FROM {node_revisions} WHERE nid=$nid");');
    $this
      ->assertCoderReviewPass('  $results = db_query("SELECT * FROM {false_accounts} WHERE uids REGEXP \'^%s,|,%s,|,%s$\'");');
    $this
      ->assertCoderReviewPass('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
    $this
      ->assertCoderReviewPass('  $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')"));');
    $this
      ->assertCoderReviewFail('  $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\') AND nid=$nid"));');
    $this
      ->assertCoderReviewFail('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
    $this
      ->assertCoderReviewFail('  $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')"));');
    $this
      ->assertCoderReviewFail('  $results = db_query("SELECT * FROM {foo} WHERE name=$name");');
    $this
      ->assertCoderReviewFail('  db_query("INSERT INTO {foo} SET name=\'$name\'");');
    $this
      ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} SET name=\'$name\'";');
    $this
      ->assertCoderReviewPass('  db_result(db_query("SELECT filename FROM {system} WHERE name = \'%s\'", "ad_$detail->adtype"));');
  }
  function testSecuritySQLUnquotedPlaceholders() {
    $this
      ->assertCoderReviewFail('  $sql = "SELECT * FROM {foo} WHERE name=%s";');
    $this
      ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (%s)";');
    $this
      ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (1,%s)";');
    $this
      ->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (1, %s)";');
    $this
      ->assertCoderReviewPass('  $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
    $this
      ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (\'%s\')";');
    $this
      ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1,\'%s\')";');
    $this
      ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1, \'%s\')";');
    $this
      ->assertCoderReviewPass('  $sql = "SELECT * FROM {foo} WHERE name=%d";');
    $this
      ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (%d)";');
    $this
      ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1,%d)";');
    $this
      ->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1, %d)";');
  }
  function testSecurityDrupalSetMessage() {
    $this
      ->assertCoderReviewPass('  drupal_set_message(t("Here is some safe_data"));');
    $this
      ->assertCoderReviewPass('  drupal_set_message(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  drupal_set_message(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  drupal_set_message(check_plain($tainted_data));');
    $this
      ->assertCoderReviewPass('  drupal_set_message(filter_xss_admin($tainted_data));');
    $this
      ->assertCoderReviewPass('  drupal_set_message(format_plural($tainted_count, "1 item", "@count items"));');
    $this
      ->assertCoderReviewPass('  drupal_set_message(check_markup($tainted_data));');
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  drupal_set_message(\$tainted_data);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n drupal_set_message(\$tainted_data);\n}");
    $this
      ->assertCoderReviewFail('  drupal_set_message(t($tainted_data));');
    $this
      ->assertCoderReviewFail('  drupal_set_message("Here is some ". $tainted_data);');
    $this
      ->assertCoderReviewFail('  drupal_set_message("Here is some $tainted_data");');
    $this
      ->assertCoderReviewFail('  drupal_set_message(t("Here is some ". $tainted_data));');
    $this
      ->assertCoderReviewFail('  drupal_set_message(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data)));');
  }
  function testSecurityTriggerError() {
    $this
      ->assertCoderReviewPass('  trigger_error(t("Here is some safe_data"));');
    $this
      ->assertCoderReviewPass('  trigger_error(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  trigger_error(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  trigger_error(t("Here is some @safe_data", $safe_data_array));');
    $this
      ->assertCoderReviewPass('  trigger_error(check_plain($tainted_data));');
    $this
      ->assertCoderReviewPass('  trigger_error(filter_xss_admin($tainted_data));');
    $this
      ->assertCoderReviewPass('  trigger_error(format_plural($tainted_count, "1 item", "@count items"));');
    $this
      ->assertCoderReviewPass('  trigger_error(check_markup($tainted_data));');
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  trigger_error(\$tainted_data);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n trigger_error(\$tainted_data);\n}");
    $this
      ->assertCoderReviewFail('  trigger_error(t($tainted_data));');
    $this
      ->assertCoderReviewFail('  trigger_error("Here is some ". $tainted_data);');
    $this
      ->assertCoderReviewFail('  trigger_error("Here is some $tainted_data");');
    $this
      ->assertCoderReviewFail('  trigger_error(t("Here is some ". $tainted_data));');
    $this
      ->assertCoderReviewFail('  trigger_error(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }

  /*
  function testSecurityDrupalSetTitle() {
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some @safe_data", $safe_data_array));');
    $this->assertCoderReviewPass('  drupal_set_title(check_plain($tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(filter_xss_admin($tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  drupal_set_title(check_markup($tainted_data));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  drupal_set_title(\$tainted_data);\n}");
    $this->assertCoderReviewFail("  function abc() {\n drupal_set_title(\$tainted_data);\n}");
    $this->assertCoderReviewFail('  drupal_set_title(t($tainted_data));');
    $this->assertCoderReviewFail('  drupal_set_title("Here is some ". $tainted_data);');
    $this->assertCoderReviewFail('  drupal_set_title("Here is some $tainted_data");');
    $this->assertCoderReviewFail('  drupal_set_title(t("Here is some ". $tainted_data));');
    $this->assertCoderReviewFail('  drupal_set_title(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }
  */
  function testSecurityFormError() {
    $this
      ->assertCoderReviewPass('  form_error("name", t("Here is some safe_data"));');
    $this
      ->assertCoderReviewPass('  form_error($name, t("Here is some safe_data"));');
    $this
      ->assertCoderReviewPass('  form_error($name, t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  form_error($name, t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  form_error($name, t("Here is some @safe_data", $safe_data_array));');
    $this
      ->assertCoderReviewPass('  form_error($name, check_plain($tainted_data));');
    $this
      ->assertCoderReviewPass('  form_error($name, filter_xss_admin($tainted_data));');
    $this
      ->assertCoderReviewPass('  form_error($name, format_plural($tainted_count, "1 item", "@count items"));');
    $this
      ->assertCoderReviewPass('  form_error($name, check_markup($tainted_data));');
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  form_error(\$name, \$tainted_data);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n form_error(\$name, \$tainted_data);\n}");
    $this
      ->assertCoderReviewFail('  form_error($name, t($tainted_data));');
    $this
      ->assertCoderReviewFail('  form_error($name, "Here is some ". $tainted_data);');
    $this
      ->assertCoderReviewFail('  form_error($name, "Here is some $tainted_data");');
    $this
      ->assertCoderReviewFail('  form_error($name, t("Here is some ". $tainted_data));');
    $this
      ->assertCoderReviewFail('  form_error($name, t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }
  function testSecurityFormSetError() {
    $this
      ->assertCoderReviewPass('  form_set_error("name", t("Here is some safe_data"));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, t("Here is some safe_data"));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, t("Here is some @safe_data", $safe_data_array));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, check_plain($tainted_data));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, filter_xss_admin($tainted_data));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, format_plural($tainted_count, "1 item", "@count items"));');
    $this
      ->assertCoderReviewPass('  form_set_error($name, check_markup($tainted_data));');
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  form_set_error(\$name, \$tainted_data);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n form_set_error(\$name, \$tainted_data);\n}");
    $this
      ->assertCoderReviewFail('  form_set_error($name, t($tainted_data));');
    $this
      ->assertCoderReviewFail('  form_set_error($name, "Here is some ". $tainted_data);');
    $this
      ->assertCoderReviewFail('  form_set_error($name, "Here is some $tainted_data");');
    $this
      ->assertCoderReviewFail('  form_set_error($name, t("Here is some ". $tainted_data));');
    $this
      ->assertCoderReviewFail('  form_set_error($name, t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }
  function testSecurityConfirmForm() {
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some @safe_question", array("@safe_question" => $tainted_question), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some %safe_question", array("%safe_question" => $tainted_question), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some @safe_question", $safe_question_array), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, filter_xss_admin($tainted_question), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, format_plural($tainted_count, "1 item", "@count items"), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, check_markup($tainted_question), $path);');
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_question = check_plain('mystring');\n  confirm_form(\$form, \$tainted_question, \$path);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, \$tainted_question, \$path);\n}");
    $this
      ->assertCoderReviewFail('  confirm_form($form, t($tainted_question), $path);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, "Here is some ". $tainted_question, $path);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, "Here is some $tainted_question", $path);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, t("Here is some ". $tainted_question), $path);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, t("Here is some !tainted_question", array("!tainted_question" => $tainted_question), $path);');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("some @safe_desc", array("@safe_desc" => $tainted_desc)));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), t("safe_yes"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("some @safe_desc", array("@safe_desc" => $tainted_desc)), t("safe_yes"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), t("safe_yes"), t("safe_no"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("some @safe_desc", array("@safe_desc" => $tainted_desc)), t("safe_yes"), t("safe_no"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, check_plain($tainted_desc"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), check_plain($tainted_yes));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), t("safe_yes"), check_plain($tainted_no));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), check_plain($tainted_yes), check_plain($tainted_no));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, filter_xss_admin($tainted_desc));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, check_markup($tainted_desc));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, format_plural($tainted_count, "1 item", "@count items"));');
    $this
      ->assertCoderReviewPass('  confirm_form($form, format_plural($tainted_count, "1 item", "@count items"), $path, format_plural($tainted_desc, "1 item", "@count items"));');
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_q = check_plain('abc');\n  \$tainted_desc = check_plain('string');\n  confirm_form(\$form, \$tainted_q, \$path, \$tainted_desc);\n}");
    $this
      ->assertCoderReviewPass("  function abc() {\n \$tainted_desc = check_plain('mystring');\n  confirm_form(\$form, check_plain(\$tainted_question), \$path, \$tainted_desc);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, check_plain(\$tainted_question), \$path, \$tainted_desc);\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, check_plain(\$tainted_question), \$path, t(\$tainted_desc));\n}");
    $this
      ->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, check_plain(\$tainted_question), \$path, check_plain(\$tainted_desc), t(\$yes));\n}");
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), $yes);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), check_plain($yes), $no);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, "Here is some ". $tainted_desc);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, "Here is some $tainted_desc");');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), "Tainted " . $yes);');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), "Tainted $yes");');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, t("Here is some ". $tainted_desc));');
    $this
      ->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, t("Here is some !tainted_desc", array("!tainted_desc" =>  $tainted_desc)));');
  }
  function testSecurityPregReplaceEval() {
    $this
      ->assertCoderReviewPass('  $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@mi", "myfunction("\\2", "\\3")", $txt);');
    $this
      ->assertCoderReviewFail('  $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@emi", "myfunction("\\2", "\\3")", $txt);');
    $this
      ->assertCoderReviewPass('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/mis", "myfunction($foo)", $txt);');
    $this
      ->assertCoderReviewFail('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/emis", "myfunction($foo)", $txt);');
    $this
      ->assertCoderReviewPass('  $text=preg_replace("/^((> ?)+)([^>])/m", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
    $this
      ->assertCoderReviewFail('  $text=preg_replace("/^((> ?)+)([^>])/me", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
  }

  /*
  function testSecurityDbRewrite() {
    // Have to put all in a function foo() because tests don't work correctly due to #function-not in rule.
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node} n\"));\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node} foo\", \"foo\"));\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node}\", \"{node}\"));\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {mytable} t INNER JOIN {node} n ON t.nid = n.nid\"));\n}");
    $this->assertCoderReviewPass("  function bar() {\n  \$bar = \"SELECT * FROM {node}\";\n  \$sql = db_rewrite_sql(\$bar);\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$foo = \"SELECT COUNT(*) FROM {node}\";\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$foo = \"SELECT * FROM {node} WHERE nid = %d\";\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(\"SELECT * FROM {node} WHERE nid = %d\");\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$foo = \"SELECT * FROM {node}\";\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(\"SELECT * FROM {node}\");\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node}\"));\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(\"SELECT * FROM {mytable} t INNER JOIN {node} n ON t.nid = n.nid\");\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {mytable} t INNER JOIN {node} ON t.nid = n.nid\"));\n}");
  }
  */
  function testSecurityPostGetRequest() {
    $this
      ->assertCoderReviewPass('  $_POST["safe_data"] = "abc";');
    $this
      ->assertCoderReviewPass('  $_POST["tainted_data"] .= "abc";');
    $this
      ->assertCoderReviewPass('  $post = check_plain($_POST["tainted_data"]);');
    $this
      ->assertCoderReviewPass('  $post = check_markup($_POST["tainted_data"]);');
    $this
      ->assertCoderReviewPass('  $post = filter_xss($_POST["tainted_data"]);');
    $this
      ->assertCoderReviewPass('  $post = filter_xss_admin($_POST["tainted_data"]);');
    $this
      ->assertCoderReviewPass('  $post = form_set_cache($_POST["form_build_id"], $form_state);');
    $this
      ->assertCoderReviewFail('  $post = $_POST["tainted_data"];');
    $this
      ->assertCoderReviewFail('  t($_POST["tainted_data"]);');
  }
  function testSecurityEval() {
    $this
      ->assertCoderReviewFail('  return drupal_eval($code);');
    $this
      ->assertCoderReviewFail('  print eval($code);');
  }
  function testSecurityFormTag() {
    $this
      ->assertCoderReviewFail('  ?' . '><FORM action="foo.php"><?php');
    $this
      ->assertCoderReviewFail('  ?' . '><form action="foo.php"><?php');
    $this
      ->assertCoderReviewFail('  $form = \'<form action="foo.php">\'');
  }
  function testSecurityBlockSubject() {
    $this
      ->assertCoderReviewPass("  function mymodule_block() {\n  \$block['subject'] = 'title';\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_block() {\n  \$block['subject'] = check_plain(\$title);\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_block() {\n  \$block['subject'] = \$title;\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_block() {\n  \$block = array(\n 'subject' => \$title,\n  );\n}");
  }
  function testSecurityFAPITitleDescription() {
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => t('%title', array('%title' => \$title)),\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => 'abc',\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => check_plain(\$title),\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => t('%title', array('%title' => \$title)),\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$title = check_plain(\$title);\n  \$field = array(\n '#title' => \$title,\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$title = check_plain(\$title);\n  \$field = array(\n '#title' => t('!title', array('!title' => \$title)),\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#title' => \$title,\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#description' => \$description,\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form_alter() {\n  \$field = array(\n '#title' => \$title,\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#title' => t('!title', array('!title' => \$title)),\n  );\n}");
  }
  function testSecurityFAPIMarkupValue() {
    $this
      ->assertCoderReviewPass("  function mymodule_function() {\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#value' => check_plain(\$value),\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#value' => \$value,\n  '#type' => 'textfield',\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$value = check_plain(\$value);\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#value' => t('%value', array('%value' => \$value)),\n  );\n}");
    $this
      ->assertCoderReviewPass("  function mymodule_form() {\n  \$value = check_plain(\$value);\n  \$field = array(\n '#value' => t('!value', array('!value' => \$value)),\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form_alter() {\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#value' => \$value,\n  '#type' => 'markup',\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#type' => 'markup',\n  '#value' => \$value,\n  );\n}");
    $this
      ->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#value' => t('!value', array('!value' => \$value)),\n  );\n}");
  }

}

Classes