Brian Wolff has submitted this change and it was merged. (
https://gerrit.wikimedia.org/r/395759 )
Change subject: Add test for array addition with SQL_NUMKEY
......................................................................
Add test for array addition with SQL_NUMKEY
Change-Id: Id539689bff92e484c3442bc0c0de9d7936e28abb
---
A tests/integration/dbarrayplus/db.php
A tests/integration/dbarrayplus/expectedResults.txt
A tests/integration/dbarrayplus/test.php
3 files changed, 74 insertions(+), 0 deletions(-)
diff --git a/tests/integration/dbarrayplus/db.php
b/tests/integration/dbarrayplus/db.php
new file mode 100644
index 0000000..d6796b6
--- /dev/null
+++ b/tests/integration/dbarrayplus/db.php
@@ -0,0 +1,34 @@
+<?php
+namespace Wikimedia\Rdbms;
+
+interface IDatabase {
+ public function query( $sql, $method );
+ public function select(
+ $table, $vars, $conds = '', $fname = __METHOD__,
+ $options = [], $join_conds = []
+ );
+ public function insert( $table, $a, $fname = __METHOD__, $options = []
);
+}
+
+class Database implements IDatabase {
+ public function query( $sql, $method ) {
+ // do some stuff
+ return (object)[ 'some_field' => 'some value' ];
+ }
+
+ public function select(
+ $table, $vars, $conds = '', $fname = __METHOD__,
+ $options = [], $join_conds = []
+ ) {
+ return (object)[ 'some_field' => 'some value' ];
+ }
+ public function insert( $table, $a, $fname = __METHOD__, $options = []
) {
+ return true;
+ }
+}
+
+class MysqlDatabase extends Database {
+ public function getType() {
+ return 'mysql';
+ }
+}
diff --git a/tests/integration/dbarrayplus/expectedResults.txt
b/tests/integration/dbarrayplus/expectedResults.txt
new file mode 100644
index 0000000..2b2116f
--- /dev/null
+++ b/tests/integration/dbarrayplus/expectedResults.txt
@@ -0,0 +1,2 @@
+integration/dbarrayplus/test.php:28 SecurityCheck-SQLInjection Calling method
\Wikimedia\Rdbms\MysqlDatabase::insert() in [no method] that outputs using
tainted argument $unsafe. (Caused by: integration/dbarrayplus/test.php +18)
+integration/dbarrayplus/test.php:34 SecurityCheck-SQLInjection Calling method
\Wikimedia\Rdbms\MysqlDatabase::insert() in [no method] that outputs using
tainted argument $[arg #2]. (Caused by: integration/dbarrayplus/test.php +7;
integration/dbarrayplus/test.php +18)
diff --git a/tests/integration/dbarrayplus/test.php
b/tests/integration/dbarrayplus/test.php
new file mode 100644
index 0000000..649adf1
--- /dev/null
+++ b/tests/integration/dbarrayplus/test.php
@@ -0,0 +1,38 @@
+<?php
+
+use Wikimedia\Rdbms\MysqlDatabase;
+
+$db = new MysqlDatabase;
+
+$rows = [
+ 'first' => 1,
+ 'second' => 2,
+ 'fifth' => $_GET['fifth']
+];
+
+$rows2 = [
+ 'third' => 'something'
+];
+
+
+$unsafe = [
+ "fourth = fourth+" . $_GET['increment']
+];
+
+$db->insert(
+ 'foo',
+ $rows + $rows2,
+ __METHOD__
+);
+
+$db->insert(
+ 'foo',
+ $unsafe,
+ __METHOD__
+);
+
+$db->insert(
+ 'foo',
+ $rows + $rows2 + $unsafe,
+ __METHOD__
+);
--
To view, visit https://gerrit.wikimedia.org/r/395759
To unsubscribe, visit https://gerrit.wikimedia.org/r/settings
Gerrit-MessageType: merged
Gerrit-Change-Id: Id539689bff92e484c3442bc0c0de9d7936e28abb
Gerrit-PatchSet: 1
Gerrit-Project: mediawiki/tools/phan/SecurityCheckPlugin
Gerrit-Branch: master
Gerrit-Owner: Brian Wolff <bawolff...@gmail.com>
Gerrit-Reviewer: Brian Wolff <bawolff...@gmail.com>
_______________________________________________
MediaWiki-commits mailing list
MediaWiki-commits@lists.wikimedia.org
https://lists.wikimedia.org/mailman/listinfo/mediawiki-commits
