BadFunctions/EasyRFI: add unit tests

Author: jrfnl

Security/Tests/BadFunctions/EasyRFIUnitTest.0.inc

@@ -0,0 +1,17 @@
+<?php
+
+/*
+ * Paranoia mode = 0.
+ */
+
+// Base.
+include ( 'path/to/' . $_GET['filename'] ); // Error.
+include_once 'path/to/' . "$filename" . '.' . $extension;
+require getenv('PATHTOFILE'); // Error.
+
+// Drupal 7.
+require_once ( 'path/to/' . $form['filename'] );
+include arg(2) . drupal_get_query_parameters()['param'];
+
+// Prevent false positives on safe $_SERVER variables.
+include $_SERVER['DOCUMENT_ROOT'] . '/filename.php';

Security/Tests/BadFunctions/EasyRFIUnitTest.1.inc

@@ -0,0 +1,17 @@
+<?php
+
+/*
+ * Paranoia mode = 1.
+ */
+ 
+// Base.
+include ( 'path/to/' . $_GET['filename'] ); // Error.
+include 'path/to/' . "$filename" . '.' . $extension; // Warning x 2.
+include getenv('PATHTOFILE'); // Error.
+
+// Drupal 7.
+include ( 'path/to/' . $form['filename'] ); // Warning.
+include arg(2) . drupal_get_query_parameters()['param']; // Warning x 2.
+
+// Prevent false positives on safe $_SERVER variables.
+include $_SERVER['DOCUMENT_ROOT'] . '/filename.php'; // Error.

Security/Tests/BadFunctions/EasyRFIUnitTest.Drupal7.1.inc

@@ -0,0 +1,14 @@
+<?php
+
+/*
+ * Paranoia mode = 1, CmsFramework = Drupal7.
+ */
+ 
+// Base.
+include ( 'path/to/' . $_GET['filename'] ); // Error.
+include 'path/to/' . "$filename" . '.' . $extension; // Warning x 2.
+include getenv('PATHTOFILE'); // Error.
+
+// Drupal 7.
+include ( 'path/to/' . $form['filename'] ); // Error.
+include arg(2) . drupal_get_query_parameters()['param']; // Error x 2.

Security/Tests/BadFunctions/EasyRFIUnitTest.php

@@ -0,0 +1,83 @@
+<?php
+
+namespace PHPCS_SecurityAudit\Security\Tests\BadFunctions;
+
+use PHPCS_SecurityAudit\Security\Tests\AbstractSecurityTestCase;
+
+/**
+ * Unit test class for the EasyRFI sniff.
+ *
+ * @covers \PHPCS_SecurityAudit\Security\Sniffs\BadFunctions\EasyRFISniff
+ */
+class EasyRFIUnitTest extends AbstractSecurityTestCase
+{
+
+	/**
+	 * Returns the lines where errors should occur.
+	 *
+	 * The key of the array should represent the line number and the value
+	 * should represent the number of errors that should occur on that line.
+	 *
+	 * @param string $testFile The name of the file being tested.
+	 *
+	 * @return array<int, int>
+	 */
+	public function getErrorList($testFile = '')
+	{
+		switch ($testFile) {
+			case 'EasyRFIUnitTest.0.inc':
+				return [
+					8  => 1,
+					10 => 1,
+				];
+
+			case 'EasyRFIUnitTest.1.inc':
+				return [
+					8  => 1,
+					10 => 1,
+					17 => 1,
+				];
+
+			case 'EasyRFIUnitTest.Drupal7.1.inc':
+				return [
+					8  => 1,
+					10 => 1,
+					13 => 1,
+					14 => 2,
+				];
+
+			default:
+				return [];
+		}
+	}
+
+	/**
+	 * Returns the lines where warnings should occur.
+	 *
+	 * The key of the array should represent the line number and the value
+	 * should represent the number of warnings that should occur on that line.
+	 *
+	 * @param string $testFile The name of the file being tested.
+	 *
+	 * @return array<int, int>
+	 */
+	public function getWarningList($testFile = '')
+	{
+		switch ($testFile) {
+			case 'EasyRFIUnitTest.1.inc':
+				return [
+					9  => 2,
+					13 => 1,
+					14 => 2,
+				];
+
+			case 'EasyRFIUnitTest.Drupal7.1.inc':
+				return [
+					9  => 2,
+				];
+
+			default:
+				return [];
+		}
+	}
+}