|
|
|
|
@ -10,17 +10,25 @@ class SQL_Injection_Test extends TestCase { |
|
|
|
|
/** |
|
|
|
|
* @dataProvider dataProviderForTest |
|
|
|
|
*/ |
|
|
|
|
public function testException($a) { |
|
|
|
|
$this->expectException(\Exception::class); |
|
|
|
|
\tts\safer_sql::get_safer_sql_text($a); |
|
|
|
|
public function testDangerious($a) { |
|
|
|
|
$ret = \tts\safer_sql::get_safer_sql_text($a); |
|
|
|
|
$this->assertTrue($ret['status'] == \tts\SQL_SAFETY_FLAG::dangerious); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* @dataProvider filterDataProviderForTest |
|
|
|
|
*/ |
|
|
|
|
public function testSQLFiltering($a, $b) { |
|
|
|
|
$ret = \tts\safer_sql::get_safer_sql_text($a); |
|
|
|
|
$this->assertEquals($ret["text"], $b); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
/** |
|
|
|
|
* @dataProvider safeDataProviderForTest |
|
|
|
|
*/ |
|
|
|
|
public function testSafeSQL($a) { |
|
|
|
|
$this->expectNotToPerformAssertions(); |
|
|
|
|
\tts\safer_sql::get_safer_sql_text($a); |
|
|
|
|
$ret = \tts\safer_sql::get_safer_sql_text($a); |
|
|
|
|
$this->assertTrue($ret['status'] == \tts\SQL_SAFETY_FLAG::good); |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public function dataProviderForTest() { |
|
|
|
|
@ -32,11 +40,21 @@ class SQL_Injection_Test extends TestCase { |
|
|
|
|
]; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public function filterDataProviderForTest() { |
|
|
|
|
return [ |
|
|
|
|
["/etc/password Hello", "etcpassword Hello"], |
|
|
|
|
["--; Bob", " Bob"], |
|
|
|
|
["&& Safe", " Safe"], |
|
|
|
|
["Hello /var/log/apache", "Hello varlogapache"] |
|
|
|
|
]; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
public function safeDataProviderForTest() { |
|
|
|
|
return [ |
|
|
|
|
["John walks (down the road)."], |
|
|
|
|
["Hey, Boy - Good Work!"], |
|
|
|
|
["I think; I'm good!"] |
|
|
|
|
["I think; I'm good!"], |
|
|
|
|
["Go dancing by the river or play ball and see it."] |
|
|
|
|
]; |
|
|
|
|
} |
|
|
|
|
|
|
|
|
|
|
Robert
3 years ago