BadFunctions/Backticks: add unit tests

jrfnl · jrfnl · commit 93ca2d7f93fc · 2020-03-16T03:00:10.000+01:00
diff --git a/Security/Tests/BadFunctions/BackticksUnitTest.Drupal7.inc b/Security/Tests/BadFunctions/BackticksUnitTest.Drupal7.inc
@@ -0,0 +1,5 @@
+<?php
+
+$output = `$form['field']`; // Error (user input).
+$output = `$request['field']`; // Warning.
+`$_GET`; // Error (user input).
diff --git a/Security/Tests/BadFunctions/BackticksUnitTest.Drupal8.inc b/Security/Tests/BadFunctions/BackticksUnitTest.Drupal8.inc
@@ -0,0 +1,5 @@
+<?php
+
+$output = `$form['field']`; // Error (user input).
+$output = `$request['field']`; // Error (user input).
+`$_GET`; // Error (user input).
diff --git a/Security/Tests/BadFunctions/BackticksUnitTest.Symfony2.inc b/Security/Tests/BadFunctions/BackticksUnitTest.Symfony2.inc
@@ -0,0 +1,5 @@
+<?php
+
+$output = `$form['field']`; // Warning.
+$output = `$request['field']`; // Error (user input).
+`$_GET`; // Error (user input).
diff --git a/Security/Tests/BadFunctions/BackticksUnitTest.inc b/Security/Tests/BadFunctions/BackticksUnitTest.inc
@@ -0,0 +1,15 @@
+<?php
+
+// Not using variable input.
+$output = `ls -al`;
+
+// These should all give an error/warning.
+$output = `$form['field']`; // Warning.
+$output = `$request['field']`; // Warning.
+`$_GET`; // Error (user input).
+
+$output = `git blame --date=short "$filename"`; // Warning.
+
+// Incomplete command. Ignore.
+// Intentional parse error. This should be the last test in the file.
+$output = `ls
diff --git a/Security/Tests/BadFunctions/BackticksUnitTest.php b/Security/Tests/BadFunctions/BackticksUnitTest.php
@@ -0,0 +1,89 @@
+<?php
+/**
+ * Unit test class for the Backticks sniff.
+ */
+
+namespace PHPCS_SecurityAudit\Security\Tests\BadFunctions;
+
+use PHPCS_SecurityAudit\Security\Tests\AbstractSecurityTestCase;
+
+class BackticksUnitTest extends AbstractSecurityTestCase
+{
+
+	/**
+	 * Returns the lines where errors should occur.
+	 *
+	 * The key of the array should represent the line number and the value
+	 * should represent the number of errors that should occur on that line.
+	 *
+	 * @param string $testFile The name of the file being tested.
+	 *
+	 * @return array<int, int>
+	 */
+	public function getErrorList($testFile = '')
+	{
+		switch ($testFile) {
+			case 'BackticksUnitTest.inc':
+				return [
+					9  => 1,
+				];
+
+			case 'BackticksUnitTest.Drupal7.inc':
+				return [
+					3 => 1,
+					5 => 1,
+				];
+
+			case 'BackticksUnitTest.Drupal8.inc':
+				return [
+					3 => 1,
+					4 => 1,
+					5 => 1,
+				];
+
+			case 'BackticksUnitTest.Symfony2.inc':
+				return [
+					4 => 1,
+					5 => 1,
+				];
+
+			default:
+				return [];
+		}
+	}
+
+	/**
+	 * Returns the lines where warnings should occur.
+	 *
+	 * The key of the array should represent the line number and the value
+	 * should represent the number of warnings that should occur on that line.
+	 *
+	 * @param string $testFile The name of the file being tested.
+	 *
+	 * @return array<int, int>
+	 */
+	public function getWarningList($testFile = '')
+	{
+		switch ($testFile) {
+			case 'BackticksUnitTest.inc':
+				return [
+					7  => 1,
+					8  => 1,
+					11 => 1,
+				];
+
+			case 'BackticksUnitTest.Drupal7.inc':
+				return [
+					4 => 1,
+				];
+
+			case 'BackticksUnitTest.Symfony2.inc':
+				return [
+					3 => 1,
+				];
+
+			default:
+				return [];
+		}
+	}
+}
