function CoderReviewSecurityTest::testSecurityPregReplaceEval in Coder 7.2
Same name and namespace in other branches
- 7 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecurityPregReplaceEval()
Tests the functionality to detect correct use of preg_replace().
File
- coder_review/
tests/ coder_review_security.test, line 244
Class
- CoderReviewSecurityTest
- Tests the Coder_review functionality to detect security-related rules.
Code
function testSecurityPregReplaceEval() {
$this
->assertCoderReviewPass(' $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@mi", "myfunction("\\2", "\\3")", $txt);');
$this
->assertCoderReviewFail(' $txt = preg_replace("@(<a href=(.\\S+?)[^>]*>(.+?)</a>)@emi", "myfunction("\\2", "\\3")", $txt);');
$this
->assertCoderReviewPass(' $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/mis", "myfunction($foo)", $txt);');
$this
->assertCoderReviewFail(' $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/emis", "myfunction($foo)", $txt);');
$this
->assertCoderReviewPass(' $text=preg_replace("/^((> ?)+)([^>])/m", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
$this
->assertCoderReviewFail(' $text=preg_replace("/^((> ?)+)([^>])/me", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
}