You are here

public function SelectTest::makeCommentsProvider in Drupal 8

Same name and namespace in other branches
  1. 9 core/tests/Drupal/KernelTests/Core/Database/SelectTest.php \Drupal\KernelTests\Core\Database\SelectTest::makeCommentsProvider()

Provides expected and input values for testVulnerableComment().

1 call to SelectTest::makeCommentsProvider()
SelectTest::testVulnerableComment in core/tests/Drupal/KernelTests/Core/Database/SelectTest.php
Tests query COMMENT system against vulnerabilities.

File

core/tests/Drupal/KernelTests/Core/Database/SelectTest.php, line 75

Class

SelectTest
Tests the Select query builder.

Namespace

Drupal\KernelTests\Core\Database

Code

public function makeCommentsProvider() {
  return [
    [
      '/*  */ ',
      [
        '',
      ],
    ],
    // Try and close the comment early.
    [
      '/* Exploit  * / DROP TABLE node. -- */ ',
      [
        'Exploit */ DROP TABLE node; --',
      ],
    ],
    // Variations on comment closing.
    [
      '/* Exploit  * / * / DROP TABLE node. -- */ ',
      [
        'Exploit */*/ DROP TABLE node; --',
      ],
    ],
    [
      '/* Exploit  *  * // DROP TABLE node. -- */ ',
      [
        'Exploit **// DROP TABLE node; --',
      ],
    ],
    // Try closing the comment in the second string which is appended.
    [
      '/* Exploit  * / DROP TABLE node. --. Another try  * / DROP TABLE node. -- */ ',
      [
        'Exploit */ DROP TABLE node; --',
        'Another try */ DROP TABLE node; --',
      ],
    ],
  ];
}