function CoderReviewSecurityTest::testSecuritySQLVariableInjection in Coder 7
Same name and namespace in other branches
- 7.2 coder_review/tests/coder_review_security.test \CoderReviewSecurityTest::testSecuritySQLVariableInjection()
File
- coder_review/
tests/ coder_review_security.test, line 33
Class
Code
function testSecuritySQLVariableInjection() {
$this
->assertCoderReviewFail(' $results = db_query("SELECT * FROM {node_revisions} WHERE nid=$nid");');
$this
->assertCoderReviewPass(' $results = db_query("SELECT * FROM {false_accounts} WHERE uids REGEXP \'^%s,|,%s,|,%s$\'");');
$this
->assertCoderReviewPass(' $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
$this
->assertCoderReviewPass(' $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')"));');
$this
->assertCoderReviewFail(' $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\') AND nid=$nid"));');
$this
->assertCoderReviewFail(' $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
$this
->assertCoderReviewFail(' $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')"));');
$this
->assertCoderReviewFail(' $results = db_query("SELECT * FROM {foo} WHERE name=$name");');
$this
->assertCoderReviewFail(' db_query("INSERT INTO {foo} SET name=\'$name\'");');
$this
->assertCoderReviewFail(' $sql = "INSERT INTO {foo} SET name=\'$name\'";');
$this
->assertCoderReviewPass(' db_result(db_query("SELECT filename FROM {system} WHERE name = \'%s\'", "ad_$detail->adtype"));');
}