<?php
// $Id: coder_review_security.test,v 1.14 2010-08-20 09:41:19 snpower Exp $

/**
 * @file
 * Set of simpletests for the security review.
 */
require_once dirname(__FILE__) . '/coder_review_test_case.tinc';

class CoderReviewSecurityTest extends CoderReviewTestCase {
  function __construct($id = NULL) {
    parent::__construct('security', $id);
  }

  public static function getInfo() {
    return array(
      'name' => t('Coder Security Tests'),
      'description' => t('Tests for the coder security review.'),
      'group' => t('Coder'),
    );
  }

  function testSecurityCheckPlain() {
    $this->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal");');
    $this->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal", array("html" => FALSE);');
    $this->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal", array("html" => $value);');
    $this->assertCoderReviewFail('$var = l(check_plain($input), "path/to/drupal", array("html" => 0);');
    $this->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array("html" => TRUE);');
    $this->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => TRUE);');
    $this->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array("html" => 1);');
    $this->assertCoderReviewPass('$var = l(check_plain($input), "path/to/drupal", array(\'html\' => 1);');
  }

  function testSecuritySQLVariableInjection() {
    $this->assertCoderReviewFail('  $results = db_query("SELECT * FROM {node_revisions} WHERE nid=$nid");');
    $this->assertCoderReviewPass('  $results = db_query("SELECT * FROM {false_accounts} WHERE uids REGEXP \'^%s,|,%s,|,%s$\'");');
    $this->assertCoderReviewPass('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
    $this->assertCoderReviewPass('  $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\')"));');
    $this->assertCoderReviewFail('  $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=\'%s\' AND (r.title REGEXP \'^[^[:alpha:]].*$\') AND nid=$nid"));');
    $this->assertCoderReviewFail('  $results = db_query("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')");');
    $this->assertCoderReviewFail('  $results = db_query(db_rewrite_sql("SELECT COUNT(n.nid) FROM {node} n INNER JOIN {node_revisions} r USING (nid, vid) WHERE n.type=$type AND (r.title REGEXP \'^[^[:alpha:]].*$\')"));');
    $this->assertCoderReviewFail('  $results = db_query("SELECT * FROM {foo} WHERE name=$name");');
    $this->assertCoderReviewFail('  db_query("INSERT INTO {foo} SET name=\'$name\'");');
    $this->assertCoderReviewFail('  $sql = "INSERT INTO {foo} SET name=\'$name\'";');
    $this->assertCoderReviewPass('  update_sql("INSERT INTO {foo} SET name=\'$name\'");');
    $this->assertCoderReviewPass('  db_result(db_query("SELECT filename FROM {system} WHERE name = \'%s\'", "ad_$detail->adtype"));');
  }

  function testSecuritySQLUnquotedPlaceholders() {
    $this->assertCoderReviewFail('  $sql = "SELECT * FROM {foo} WHERE name=%s";');
    $this->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (%s)";');
    $this->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (1,%s)";');
    $this->assertCoderReviewFail('  $sql = "INSERT INTO {foo} (1, %s)";');
    $this->assertCoderReviewPass('  $sql = "SELECT * FROM {foo} WHERE name=\'%s\'";');
    $this->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (\'%s\')";');
    $this->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1,\'%s\')";');
    $this->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1, \'%s\')";');
    $this->assertCoderReviewPass('  $sql = "SELECT * FROM {foo} WHERE name=%d";');
    $this->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (%d)";');
    $this->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1,%d)";');
    $this->assertCoderReviewPass('  $sql = "INSERT INTO {foo} (1, %d)";');
  }

  function testSecurityDrupalSetMessage() {
    $this->assertCoderReviewPass('  drupal_set_message(t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  drupal_set_message(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_message(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_message(t("Here is some @safe_data", $safe_data_array));');
    $this->assertCoderReviewPass('  drupal_set_message(check_plain($tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_message(filter_xss_admin($tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_message(format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  drupal_set_message(check_markup($tainted_data));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  drupal_set_message(\$tainted_data);\n}");
    $this->assertCoderReviewFail("  function abc() {\n drupal_set_message(\$tainted_data);\n}");
    $this->assertCoderReviewFail('  drupal_set_message(t($tainted_data));');
    $this->assertCoderReviewFail('  drupal_set_message("Here is some ". $tainted_data);');
    $this->assertCoderReviewFail('  drupal_set_message("Here is some $tainted_data");');
    $this->assertCoderReviewFail('  drupal_set_message(t("Here is some ". $tainted_data));');
    $this->assertCoderReviewFail('  drupal_set_message(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data)));');
  }

  function testSecurityTriggerError() {
    $this->assertCoderReviewPass('  trigger_error(t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  trigger_error(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  trigger_error(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  trigger_error(t("Here is some @safe_data", $safe_data_array));');
    $this->assertCoderReviewPass('  trigger_error(check_plain($tainted_data));');
    $this->assertCoderReviewPass('  trigger_error(filter_xss_admin($tainted_data));');
    $this->assertCoderReviewPass('  trigger_error(format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  trigger_error(check_markup($tainted_data));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  trigger_error(\$tainted_data);\n}");
    $this->assertCoderReviewFail("  function abc() {\n trigger_error(\$tainted_data);\n}");
    $this->assertCoderReviewFail('  trigger_error(t($tainted_data));');
    $this->assertCoderReviewFail('  trigger_error("Here is some ". $tainted_data);');
    $this->assertCoderReviewFail('  trigger_error("Here is some $tainted_data");');
    $this->assertCoderReviewFail('  trigger_error(t("Here is some ". $tainted_data));');
    $this->assertCoderReviewFail('  trigger_error(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }

  function testSecurityDrupalSetTitle() {
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(t("Here is some @safe_data", $safe_data_array));');
    $this->assertCoderReviewPass('  drupal_set_title(check_plain($tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(filter_xss_admin($tainted_data));');
    $this->assertCoderReviewPass('  drupal_set_title(format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  drupal_set_title(check_markup($tainted_data));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  drupal_set_title(\$tainted_data);\n}");
    $this->assertCoderReviewFail("  function abc() {\n drupal_set_title(\$tainted_data);\n}");
    $this->assertCoderReviewFail('  drupal_set_title(t($tainted_data));');
    $this->assertCoderReviewFail('  drupal_set_title("Here is some ". $tainted_data);');
    $this->assertCoderReviewFail('  drupal_set_title("Here is some $tainted_data");');
    $this->assertCoderReviewFail('  drupal_set_title(t("Here is some ". $tainted_data));');
    $this->assertCoderReviewFail('  drupal_set_title(t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }

  function testSecurityFormError() {
    $this->assertCoderReviewPass('  form_error("name", t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  form_error($name, t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  form_error($name, t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  form_error($name, t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  form_error($name, t("Here is some @safe_data", $safe_data_array));');
    $this->assertCoderReviewPass('  form_error($name, check_plain($tainted_data));');
    $this->assertCoderReviewPass('  form_error($name, filter_xss_admin($tainted_data));');
    $this->assertCoderReviewPass('  form_error($name, format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  form_error($name, check_markup($tainted_data));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  form_error(\$name, \$tainted_data);\n}");
    $this->assertCoderReviewFail("  function abc() {\n form_error(\$name, \$tainted_data);\n}");
    $this->assertCoderReviewFail('  form_error($name, t($tainted_data));');
    $this->assertCoderReviewFail('  form_error($name, "Here is some ". $tainted_data);');
    $this->assertCoderReviewFail('  form_error($name, "Here is some $tainted_data");');
    $this->assertCoderReviewFail('  form_error($name, t("Here is some ". $tainted_data));');
    $this->assertCoderReviewFail('  form_error($name, t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }

  function testSecurityFormSetError() {
    $this->assertCoderReviewPass('  form_set_error("name", t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  form_set_error($name, t("Here is some safe_data"));');
    $this->assertCoderReviewPass('  form_set_error($name, t("Here is some @safe_data", array("@safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  form_set_error($name, t("Here is some %safe_data", array("%safe_data" => $tainted_data));');
    $this->assertCoderReviewPass('  form_set_error($name, t("Here is some @safe_data", $safe_data_array));');
    $this->assertCoderReviewPass('  form_set_error($name, check_plain($tainted_data));');
    $this->assertCoderReviewPass('  form_set_error($name, filter_xss_admin($tainted_data));');
    $this->assertCoderReviewPass('  form_set_error($name, format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  form_set_error($name, check_markup($tainted_data));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_data = check_plain('mystring');\n  form_set_error(\$name, \$tainted_data);\n}");
    $this->assertCoderReviewFail("  function abc() {\n form_set_error(\$name, \$tainted_data);\n}");
    $this->assertCoderReviewFail('  form_set_error($name, t($tainted_data));');
    $this->assertCoderReviewFail('  form_set_error($name, "Here is some ". $tainted_data);');
    $this->assertCoderReviewFail('  form_set_error($name, "Here is some $tainted_data");');
    $this->assertCoderReviewFail('  form_set_error($name, t("Here is some ". $tainted_data));');
    $this->assertCoderReviewFail('  form_set_error($name, t("Here is some !tainted_data", array("!tainted_data" => $tainted_data));');
  }

  function testSecurityConfirmForm() {
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some @safe_question", array("@safe_question" => $tainted_question), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some %safe_question", array("%safe_question" => $tainted_question), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some @safe_question", $safe_question_array), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, filter_xss_admin($tainted_question), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, format_plural($tainted_count, "1 item", "@count items"), $path);');
    $this->assertCoderReviewPass('  confirm_form($form, check_markup($tainted_question), $path);');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_question = check_plain('mystring');\n  confirm_form(\$form, \$tainted_question, \$path);\n}");
    $this->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, \$tainted_question, \$path);\n}");
    $this->assertCoderReviewFail('  confirm_form($form, t($tainted_question), $path);');
    $this->assertCoderReviewFail('  confirm_form($form, "Here is some ". $tainted_question, $path);');
    $this->assertCoderReviewFail('  confirm_form($form, "Here is some $tainted_question", $path);');
    $this->assertCoderReviewFail('  confirm_form($form, t("Here is some ". $tainted_question), $path);');
    $this->assertCoderReviewFail('  confirm_form($form, t("Here is some !tainted_question", array("!tainted_question" => $tainted_question), $path);');

    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("some @safe_desc", array("@safe_desc" => $tainted_desc)));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), t("safe_yes"));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("some @safe_desc", array("@safe_desc" => $tainted_desc)), t("safe_yes"));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), t("safe_yes"), t("safe_no"));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("some @safe_desc", array("@safe_desc" => $tainted_desc)), t("safe_yes"), t("safe_no"));');

    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, check_plain($tainted_desc"));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), check_plain($tainted_yes));');
    $this->assertCoderReviewPass('  confirm_form($form, t("Here is some safe_question"), $path, t("safe_description"), t("safe_yes"), check_plain($tainted_no));');
    $this->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), check_plain($tainted_yes), check_plain($tainted_no));');
    $this->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, filter_xss_admin($tainted_desc));');
    $this->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, check_markup($tainted_desc));');
    $this->assertCoderReviewPass('  confirm_form($form, check_plain($tainted_question), $path, format_plural($tainted_count, "1 item", "@count items"));');
    $this->assertCoderReviewPass('  confirm_form($form, format_plural($tainted_count, "1 item", "@count items"), $path, format_plural($tainted_desc, "1 item", "@count items"));');
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_q = check_plain('abc');\n  \$tainted_desc = check_plain('string');\n  confirm_form(\$form, \$tainted_q, \$path, \$tainted_desc);\n}");
    $this->assertCoderReviewPass("  function abc() {\n \$tainted_desc = check_plain('mystring');\n  confirm_form(\$form, check_plain(\$tainted_question), \$path, \$tainted_desc);\n}");

    $this->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, check_plain(\$tainted_question), \$path, \$tainted_desc);\n}");
    $this->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, check_plain(\$tainted_question), \$path, t(\$tainted_desc));\n}");
    $this->assertCoderReviewFail("  function abc() {\n confirm_form(\$form, check_plain(\$tainted_question), \$path, check_plain(\$tainted_desc), t(\$yes));\n}");
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), $yes);');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), check_plain($yes), $no);');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, "Here is some ". $tainted_desc);');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, "Here is some $tainted_desc");');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), "Tainted " . $yes);');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, check_plain($tainted_desc), "Tainted $yes");');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, t("Here is some ". $tainted_desc));');
    $this->assertCoderReviewFail('  confirm_form($form, check_plain($tainted_question), $path, t("Here is some !tainted_desc", array("!tainted_desc" =>  $tainted_desc)));');
  }

  function testSecurityPregReplaceEval() {
    $this->assertCoderReviewPass('  $txt = preg_replace("@(<a href=(.\S+?)[^>]*>(.+?)</a>)@mi", "myfunction("\\2", "\\3")", $txt);');
    $this->assertCoderReviewFail('  $txt = preg_replace("@(<a href=(.\S+?)[^>]*>(.+?)</a>)@emi", "myfunction("\\2", "\\3")", $txt);');
    $this->assertCoderReviewPass('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/mis", "myfunction($foo)", $txt);');
    $this->assertCoderReviewFail('  $txt = preg_replace("/(<link[^>]+href=?|<object[^>]+codebase=?|@import |src=?)?/emis", "myfunction($foo)", $txt);');
    $this->assertCoderReviewPass('  $text=preg_replace("/^((> ?)+)([^>])/m", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
    $this->assertCoderReviewFail('  $text=preg_replace("/^((> ?)+)([^>])/me", "EMAILDIV". ($oldest - substr_count("$1",">")).":$3", $text);');
  }

  function testSecurityDbRewrite() {
    // Have to put all in a function foo() because tests don't work correctly due to #function-not in rule.
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node} n\"));\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node} foo\", \"foo\"));\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node}\", \"{node}\"));\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {mytable} t INNER JOIN {node} n ON t.nid = n.nid\"));\n}");
    $this->assertCoderReviewPass("  function bar() {\n  \$bar = \"SELECT * FROM {node}\";\n  \$sql = db_rewrite_sql(\$bar);\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$foo = \"SELECT COUNT(*) FROM {node}\";\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$foo = \"SELECT * FROM {node} WHERE nid = %d\";\n}");
    $this->assertCoderReviewPass("  function foo() {\n  \$results = db_query(\"SELECT * FROM {node} WHERE nid = %d\");\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$foo = \"SELECT * FROM {node}\";\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(\"SELECT * FROM {node}\");\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {node}\"));\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(\"SELECT * FROM {mytable} t INNER JOIN {node} n ON t.nid = n.nid\");\n}");
    $this->assertCoderReviewFail("  function foo() {\n  \$results = db_query(db_rewrite_sql(\"SELECT * FROM {mytable} t INNER JOIN {node} ON t.nid = n.nid\"));\n}");
  }

  function testSecurityPostGetRequest() {
    $this->assertCoderReviewPass('  $_POST["safe_data"] = "abc";');
    $this->assertCoderReviewPass('  $_POST["tainted_data"] .= "abc";');
    $this->assertCoderReviewPass('  $post = check_plain($_POST["tainted_data"]);');
    $this->assertCoderReviewPass('  $post = check_markup($_POST["tainted_data"]);');
    $this->assertCoderReviewPass('  $post = filter_xss($_POST["tainted_data"]);');
    $this->assertCoderReviewPass('  $post = filter_xss_admin($_POST["tainted_data"]);');
    $this->assertCoderReviewPass('  $post = form_set_cache($_POST["form_build_id"], $form_state);');
    $this->assertCoderReviewFail('  $post = $_POST["tainted_data"];');
    $this->assertCoderReviewFail('  t($_POST["tainted_data"]);');
  }

  function testSecurityEval() {
    $this->assertCoderReviewFail('  return drupal_eval($code);');
    $this->assertCoderReviewFail('  print eval($code);');
  }

  function testSecurityFormTag() {
    $this->assertCoderReviewFail('  ?'. '><FORM action="foo.php"><?php');
    $this->assertCoderReviewFail('  ?'. '><form action="foo.php"><?php');
    $this->assertCoderReviewFail('  $form = \'<form action="foo.php">\'');
  }

  function testSecurityBlockSubject() {
    $this->assertCoderReviewPass("  function mymodule_block() {\n  \$block['subject'] = 'title';\n}");
    $this->assertCoderReviewPass("  function mymodule_block() {\n  \$block['subject'] = check_plain(\$title);\n}");
    $this->assertCoderReviewFail("  function mymodule_block() {\n  \$block['subject'] = \$title;\n}");
    $this->assertCoderReviewFail("  function mymodule_block() {\n  \$block = array(\n 'subject' => \$title,\n  );\n}");
  }

  function testSecurityFAPITitleDescription() {
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => t('%title', array('%title' => \$title)),\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => 'abc',\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => check_plain(\$title),\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#title' => t('%title', array('%title' => \$title)),\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$title = check_plain(\$title);\n  \$field = array(\n '#title' => \$title,\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$title = check_plain(\$title);\n  \$field = array(\n '#title' => t('!title', array('!title' => \$title)),\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#title' => \$title,\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#description' => \$description,\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form_alter() {\n  \$field = array(\n '#title' => \$title,\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#title' => t('!title', array('!title' => \$title)),\n  );\n}");
  }

  function testSecurityFAPIMarkupValue() {
    $this->assertCoderReviewPass("  function mymodule_function() {\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#value' => check_plain(\$value),\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#value' => \$value,\n  '#type' => 'textfield',\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$value = check_plain(\$value);\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$field = array(\n '#value' => t('%value', array('%value' => \$value)),\n  );\n}");
    $this->assertCoderReviewPass("  function mymodule_form() {\n  \$value = check_plain(\$value);\n  \$field = array(\n '#value' => t('!value', array('!value' => \$value)),\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form_alter() {\n  \$field = array(\n '#value' => \$value,\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#value' => \$value,\n  '#type' => 'markup',\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#type' => 'markup',\n  '#value' => \$value,\n  );\n}");
    $this->assertCoderReviewFail("  function mymodule_form() {\n  \$field = array(\n '#value' => t('!value', array('!value' => \$value)),\n  );\n}");
  }

}