Brian Wolff has submitted this change and it was merged. ( https://gerrit.wikimedia.org/r/395759 )
Change subject: Add test for array addition with SQL_NUMKEY ...................................................................... Add test for array addition with SQL_NUMKEY Change-Id: Id539689bff92e484c3442bc0c0de9d7936e28abb --- A tests/integration/dbarrayplus/db.php A tests/integration/dbarrayplus/expectedResults.txt A tests/integration/dbarrayplus/test.php 3 files changed, 74 insertions(+), 0 deletions(-) diff --git a/tests/integration/dbarrayplus/db.php b/tests/integration/dbarrayplus/db.php new file mode 100644 index 0000000..d6796b6 --- /dev/null +++ b/tests/integration/dbarrayplus/db.php @@ -0,0 +1,34 @@ +<?php +namespace Wikimedia\Rdbms; + +interface IDatabase { + public function query( $sql, $method ); + public function select( + $table, $vars, $conds = '', $fname = __METHOD__, + $options = [], $join_conds = [] + ); + public function insert( $table, $a, $fname = __METHOD__, $options = [] ); +} + +class Database implements IDatabase { + public function query( $sql, $method ) { + // do some stuff + return (object)[ 'some_field' => 'some value' ]; + } + + public function select( + $table, $vars, $conds = '', $fname = __METHOD__, + $options = [], $join_conds = [] + ) { + return (object)[ 'some_field' => 'some value' ]; + } + public function insert( $table, $a, $fname = __METHOD__, $options = [] ) { + return true; + } +} + +class MysqlDatabase extends Database { + public function getType() { + return 'mysql'; + } +} diff --git a/tests/integration/dbarrayplus/expectedResults.txt b/tests/integration/dbarrayplus/expectedResults.txt new file mode 100644 index 0000000..2b2116f --- /dev/null +++ b/tests/integration/dbarrayplus/expectedResults.txt @@ -0,0 +1,2 @@ +integration/dbarrayplus/test.php:28 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\MysqlDatabase::insert() in [no method] that outputs using tainted argument $unsafe. (Caused by: integration/dbarrayplus/test.php +18) +integration/dbarrayplus/test.php:34 SecurityCheck-SQLInjection Calling method \Wikimedia\Rdbms\MysqlDatabase::insert() in [no method] that outputs using tainted argument $[arg #2]. (Caused by: integration/dbarrayplus/test.php +7; integration/dbarrayplus/test.php +18) diff --git a/tests/integration/dbarrayplus/test.php b/tests/integration/dbarrayplus/test.php new file mode 100644 index 0000000..649adf1 --- /dev/null +++ b/tests/integration/dbarrayplus/test.php @@ -0,0 +1,38 @@ +<?php + +use Wikimedia\Rdbms\MysqlDatabase; + +$db = new MysqlDatabase; + +$rows = [ + 'first' => 1, + 'second' => 2, + 'fifth' => $_GET['fifth'] +]; + +$rows2 = [ + 'third' => 'something' +]; + + +$unsafe = [ + "fourth = fourth+" . $_GET['increment'] +]; + +$db->insert( + 'foo', + $rows + $rows2, + __METHOD__ +); + +$db->insert( + 'foo', + $unsafe, + __METHOD__ +); + +$db->insert( + 'foo', + $rows + $rows2 + $unsafe, + __METHOD__ +); -- To view, visit https://gerrit.wikimedia.org/r/395759 To unsubscribe, visit https://gerrit.wikimedia.org/r/settings Gerrit-MessageType: merged Gerrit-Change-Id: Id539689bff92e484c3442bc0c0de9d7936e28abb Gerrit-PatchSet: 1 Gerrit-Project: mediawiki/tools/phan/SecurityCheckPlugin Gerrit-Branch: master Gerrit-Owner: Brian Wolff <bawolff...@gmail.com> Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com> _______________________________________________ MediaWiki-commits mailing list MediaWiki-commits@lists.wikimedia.org https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits