<?php
require_once(dirname(__FILE__) .'/coder_test_case.tinc');

class CoderSecurityTest extends CoderTestCase {
  function __construct($id = NULL) {
    parent::__construct('security', $id);
  }
  
  function getInfo() {
    return array(
      'name' => t('Coder Security Tests'),
      'description' => t('Tests for the coder security review.'),
      'group' => t('Coder'),
    );
  }
  
  function testSecurityCheckPlain() {
    $this->assertCoderFail('$var = l(check_plain($input), "path/to/drupal");');
    $this->assertCoderFail('$var = l(check_plain($input), "path/to/drupal", array("html" => FALSE);');
    $this->assertCoderFail('$var = l(check_plain($input), "path/to/drupal", array("html" => $value);');
    $this->assertCoderFail('$var = l(check_plain($input), "path/to/drupal", array("html" => 0);');
    $this->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array("html" => TRUE);');
    $this->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => TRUE);');
    $this->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array("html" => 1);');
    $this->assertCoderPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => 1);');
  }

  function testSecuritySQLVariableInjection() {
    $this->assertCoderFail('  $results = db_query("SELECT * FROM {node} WHERE nid=$nid");');
    $this->assertCoderPass('  $results = db_query("SELECT * FROM {false_accounts} WHERE uids REGEXP \'^%s,|,%s,|,%s$\'");');
    $this->assertCoderPass('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
    $this->assertCoderFail('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\') AND nid=$nid");');
    $this->assertCoderFail('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
    $this->assertCoderFail('  $results = db_query("SELECT * FROM {foo} WHERE name=$name");');
    $this->assertCoderFail('  db_query("INSERT INTO {foo} SET name=\'$name\'");');
    $this->assertCoderFail('  $sql = "INSERT INTO {foo} SET name=\'$name\'";');
    $this->assertCoderPass('  update_sql("INSERT INTO {foo} SET name=\'$name\'");');
    $this->assertCoderPass('  db_result(db_query("SELECT filename FROM {system} WHERE name = \'%s\'", "ad_$detail->adtype"));');
  }

  function testSecuritySQLUnquotedPlaceholders() {
    $this->assertCoderFail('  $sql = "SELECT * FROM {foo} WHERE name=%s";');
    $this->assertCoderFail('  $sql = "INSERT INTO {foo} (%s)";');
    $this->assertCoderFail('  $sql = "INSERT INTO {foo} (1,%s)";');
    $this->assertCoderFail('  $sql = "INSERT INTO {foo} (1, %s)";');
    $this->assertCoderPass('  $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
    $this->assertCoderPass('  $sql = "INSERT INTO {foo} (\'%s\')";');
    $this->assertCoderPass('  $sql = "INSERT INTO {foo} (1,\'%s\')";');
    $this->assertCoderPass('  $sql = "INSERT INTO {foo} (1, \'%s\')";');
    $this->assertCoderPass('  $sql = "SELECT * FROM {foo} WHERE name=%d";');
    $this->assertCoderPass('  $sql = "INSERT INTO {foo} (%d)";');
    $this->assertCoderPass('  $sql = "INSERT INTO {foo} (1,%d)";');
    $this->assertCoderPass('  $sql = "INSERT INTO {foo} (1, %d)";');
  }
}