View source
<?php
require_once dirname(__FILE__) . '/coder_test_case.tinc';
class CoderSecurityTest extends CoderTestCase {
function __construct($id = NULL) {
parent::__construct('security', $id);
}
function getInfo() {
return array(
'name' => t('Coder Security Tests'),
'description' => t('Tests for the coder security review.'),
'group' => t('Coder'),
);
}
function testSecurityCheckPlain() {
$this
->assertCoderFail('$var = l(check_plain($input), "path/to/drupal");');
$this
->assertCoderFail('$var = l(check_plain($input), "path/to/drupal", array("html" => FALSE);');
$this
->assertCoderFail('$var = l(check_plain($input), "path/to/drupal", array("html" => $value);');
$this
->assertCoderFail('$var = l(check_plain($input), "path/to/drupal", array("html" => 0);');
$this
->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array("html" => TRUE);');
$this
->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => TRUE);');
$this
->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array("html" => 1);');
$this
->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => 1);');
}
function testSecuritySQLVariableInjection() {
$this
->assertCoderFail(' $results = db_query("SELECT * FROM {node} WHERE nid=$nid");');
$this
->assertCoderPass(' $results = db_query("SELECT * FROM {false_accounts} WHERE uids REGEXP \'^%s,|,%s,|,%s$\'");');
$this
->assertCoderPass(' $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
$this
->assertCoderFail(' $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\') AND nid=$nid");');
$this
->assertCoderFail(' $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
$this
->assertCoderFail(' $results = db_query("SELECT * FROM {foo} WHERE name=$name");');
$this
->assertCoderFail(' db_query("INSERT INTO {foo} SET name=\'$name\'");');
$this
->assertCoderFail(' $sql = "INSERT INTO {foo} SET name=\'$name\'";');
$this
->assertCoderPass(' update_sql("INSERT INTO {foo} SET name=\'$name\'");');
$this
->assertCoderPass(' db_result(db_query("SELECT filename FROM {system} WHERE name = \'%s\'", "ad_$detail->adtype"));');
}
function testSecuritySQLUnquotedPlaceholders() {
$this
->assertCoderFail(' $sql = "SELECT * FROM {foo} WHERE name=%s";');
$this
->assertCoderFail(' $sql = "INSERT INTO {foo} (%s)";');
$this
->assertCoderFail(' $sql = "INSERT INTO {foo} (1,%s)";');
$this
->assertCoderFail(' $sql = "INSERT INTO {foo} (1, %s)";');
$this
->assertCoderPass(' $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
$this
->assertCoderPass(' $sql = "INSERT INTO {foo} (\'%s\')";');
$this
->assertCoderPass(' $sql = "INSERT INTO {foo} (1,\'%s\')";');
$this
->assertCoderPass(' $sql = "INSERT INTO {foo} (1, \'%s\')";');
$this
->assertCoderPass(' $sql = "SELECT * FROM {foo} WHERE name=%d";');
$this
->assertCoderPass(' $sql = "INSERT INTO {foo} (%d)";');
$this
->assertCoderPass(' $sql = "INSERT INTO {foo} (1,%d)";');
$this
->assertCoderPass(' $sql = "INSERT INTO {foo} (1, %d)";');
}
}
