Issues in AutomatedLinkTest.php (master) - Issues in master - dylangrech92/seotoolbox - Measure and Improve Code Quality continuously with Scrutinizer

Issues (8)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/AutomatedLinkTest.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Class AutomatedLinkTest
 * Run tests to check the Automated Link Object and it's functionality
 *
 * @method void assertTrue(boolean $test, string $message)
 */
class AutomatedLinkTest extends SapphireTest {

    public static $fixture_file = 'fixtures/AutomatedLinkTest.yml';

    /**
     * Test that links are included in the content field
     */
    public function testInsertion(){
        $this->objFromFixture('AutomatedLink','link');
        $page   = $this->createPage('<p>Checking if phrase is replaced</p>');
        $link   = $this->getLinkFromPage($page);
        $this->assertTrue($link->nodeValue === 'phrase', 'Link wasn\'t created');
    }

    /**
     * Test the individual properties of the automated link
     */
    public function testProperties(){
        $this->objFromFixture('AutomatedLink','link2');

        $page   = self::createPage('<p>Checking if properties is with correct props</p>');
        $link   = self::getLinkFromPage($page);

        $this->assertTrue( $link->nodeValue === 'properties', 'Phrase did not match' );
        $this->assertTrue( $link->getAttribute('title') === 'test title', 'Title did not match' );
        $this->assertTrue( $link->getAttribute('href') === '#test-anchor', 'Anchor did not match' );
        $this->assertTrue( $link->getAttribute('target') === '_blank', 'Target did not match' );
        $this->assertTrue( $link->getAttribute('rel') === 'nofollow', 'Rel did not match' );
    }

    /**
     * Test that the default properties match what we expect
     */
    public function testDefaultProperties(){
        $this->objFromFixture('AutomatedLink','link3');

        $page   = self::createPage('<p>Checking if default is correct</p>');
        $link   = self::getLinkFromPage($page);
        $auto   = AutomatedLink::get()->find('Phrase', 'default');

        $this->assertTrue( $link->nodeValue === 'default', 'Phrase did not match' );
        $this->assertTrue( $link->getAttribute('title') === '', 'Title did not match' );
        $this->assertTrue( $link->getAttribute('href') === '#', 'href did not match' );
        $this->assertTrue( $link->getAttribute('target') === '', 'Target did not match' );
        $this->assertTrue( $link->getAttribute('rel') === '', 'Rel did not match' );
        $this->assertTrue( (int) $link->getAttribute('data-id') === $auto->ID, 'data-id did not match' );
    }

    /**
     * Test that the default properties match what we expect
     */
    public function testLimitFilter(){
        $page   = self::createPage('<p>Checking if default is created only twice. default default</p>');
        $dom    = self::getPageDOM($page);
        $links  = $dom->getElementsByTagName('a');
        $this->assertTrue($links->length == 2, 'Was suppose to find 2 link. Found '.$links->length);
    }

    /**
     * Test that the default properties match what we expect
     */
    public function testDisableFilter(){
        GlobalAutoLinkSettings::$enabled = false;
        $page   = self::createPage('<p>Checking if default is created at all when automated links are disabled.</p>');
        $links  = self::getLinksFromPage($page);
        $this->assertTrue($links->length < 1, 'Was not suppose to find 0 links. Found '.$links->length);
        GlobalAutoLinkSettings::$enabled = true;
    }

    /**
     * Renders the passed $page and returns all links found if any
     *
     * @param SiteTree $page
     * @return DOMNameList
     */
    public static function getLinksFromPage(SiteTree $page){
        $dom = self::getPageDOM($page);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        return $dom->getElementsByTagName('a');
    }

    /**
     * Create a DOMDocument out of the $page supplied and
     * check that it only has 1 link.
     * If it does return it, else fail the test
     *
     * @param SiteTree $page
     * @return DOMDocument
     */
    public static function getLinkFromPage(SiteTree $page){
        $links = self::getLinksFromPage($page);
        return ( $links->length != 1 ) ? new DOMElement() : $links->item(0);
    }

    /**
     * Create a dummy object for testing functionality on the SiteTree
     *
     * @param string|null $content
     * @return Page
     */
    public static function createPage($content=null){
        $page = Page::create(array( 'Content' => $content ));
        $page->write();
        return $page;
    }

    /**
     * Render the $page supplied into a DOMDocument object
     *
     * @param Page $page
     * @return DOMDocument
     */
    public static function getPageDOM(Page $page){
        $controller = Page_Controller::create($page);
        $controller->invokeWithExtensions('addAutomatedLinks');
        return AutomatedLink::constructDOMDocument($controller->Content);
    }
}




1			<?php
2
3			/**
4			* Class AutomatedLinkTest
5			* Run tests to check the Automated Link Object and it's functionality
6			*
7			* @method void assertTrue(boolean $test, string $message)
8			*/
9			class AutomatedLinkTest extends SapphireTest {
10
11			public static $fixture_file = 'fixtures/AutomatedLinkTest.yml';
12
13			/**
14			* Test that links are included in the content field
15			*/
16			public function testInsertion(){
17			$this->objFromFixture('AutomatedLink','link');
18			$page = $this->createPage('<p>Checking if phrase is replaced</p>');
19			$link = $this->getLinkFromPage($page);
20			$this->assertTrue($link->nodeValue === 'phrase', 'Link wasn\'t created');
21			}
22
23			/**
24			* Test the individual properties of the automated link
25			*/
26			public function testProperties(){
27			$this->objFromFixture('AutomatedLink','link2');
28
29			$page = self::createPage('<p>Checking if properties is with correct props</p>');
30			$link = self::getLinkFromPage($page);
31
32			$this->assertTrue( $link->nodeValue === 'properties', 'Phrase did not match' );
33			$this->assertTrue( $link->getAttribute('title') === 'test title', 'Title did not match' );
34			$this->assertTrue( $link->getAttribute('href') === '#test-anchor', 'Anchor did not match' );
35			$this->assertTrue( $link->getAttribute('target') === '_blank', 'Target did not match' );
36			$this->assertTrue( $link->getAttribute('rel') === 'nofollow', 'Rel did not match' );
37			}
38
39			/**
40			* Test that the default properties match what we expect
41			*/
42			public function testDefaultProperties(){
43			$this->objFromFixture('AutomatedLink','link3');
44
45			$page = self::createPage('<p>Checking if default is correct</p>');
46			$link = self::getLinkFromPage($page);
47			$auto = AutomatedLink::get()->find('Phrase', 'default');
48
49			$this->assertTrue( $link->nodeValue === 'default', 'Phrase did not match' );
50			$this->assertTrue( $link->getAttribute('title') === '', 'Title did not match' );
51			$this->assertTrue( $link->getAttribute('href') === '#', 'href did not match' );
52			$this->assertTrue( $link->getAttribute('target') === '', 'Target did not match' );
53			$this->assertTrue( $link->getAttribute('rel') === '', 'Rel did not match' );
54			$this->assertTrue( (int) $link->getAttribute('data-id') === $auto->ID, 'data-id did not match' );
55			}
56
57			/**
58			* Test that the default properties match what we expect
59			*/
60			public function testLimitFilter(){
61			$page = self::createPage('<p>Checking if default is created only twice. default default</p>');
62			$dom = self::getPageDOM($page);
63			$links = $dom->getElementsByTagName('a');
64			$this->assertTrue($links->length == 2, 'Was suppose to find 2 link. Found '.$links->length);
65			}
66
67			/**
68			* Test that the default properties match what we expect
69			*/
70			public function testDisableFilter(){
71			GlobalAutoLinkSettings::$enabled = false;
72			$page = self::createPage('<p>Checking if default is created at all when automated links are disabled.</p>');
73			$links = self::getLinksFromPage($page);
74			$this->assertTrue($links->length < 1, 'Was not suppose to find 0 links. Found '.$links->length);
75			GlobalAutoLinkSettings::$enabled = true;
76			}
77
78			/**
79			* Renders the passed $page and returns all links found if any
80			*
81			* @param SiteTree $page
82			* @return DOMNameList
83			*/
84			public static function getLinksFromPage(SiteTree $page){
85			$dom = self::getPageDOM($page);
			0 ignored issues – show Documentation introduced 2016-09-28 07:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$page` is of type `object<SiteTree>`, but the function expects a `object<Page>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
86			return $dom->getElementsByTagName('a');
87			}
88
89			/**
90			* Create a DOMDocument out of the $page supplied and
91			* check that it only has 1 link.
92			* If it does return it, else fail the test
93			*
94			* @param SiteTree $page
95			* @return DOMDocument
96			*/
97			public static function getLinkFromPage(SiteTree $page){
98			$links = self::getLinksFromPage($page);
99			return ( $links->length != 1 ) ? new DOMElement() : $links->item(0);
100			}
101
102			/**
103			* Create a dummy object for testing functionality on the SiteTree
104			*
105			* @param string\|null $content
106			* @return Page
107			*/
108			public static function createPage($content=null){
109			$page = Page::create(array( 'Content' => $content ));
110			$page->write();
111			return $page;
112			}
113
114			/**
115			* Render the $page supplied into a DOMDocument object
116			*
117			* @param Page $page
118			* @return DOMDocument
119			*/
120			public static function getPageDOM(Page $page){
121			$controller = Page_Controller::create($page);
122			$controller->invokeWithExtensions('addAutomatedLinks');
123			return AutomatedLink::constructDOMDocument($controller->Content);
124			}
125			}
126
127
128

dylangrech92 / seotoolbox

Issues (8)

Security Analysis not enabled

tests/AutomatedLinkTest.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like