Issues in TimeValueTest.php (master) - Issues in master - wmde/Time - Measure and Improve Code Quality continuously with Scrutinizer

Issues (16)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/DataValues/TimeValueTest.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace DataValues\Tests;

use DataValues\IllegalValueException;
use DataValues\TimeValue;
use PHPUnit\Framework\TestCase;

/**
 * @covers DataValues\TimeValue
 *
 * @group DataValue
 * @group DataValueExtensions
 *
 * @license GPL-2.0-or-later
 * @author Jeroen De Dauw < [email protected] >
 * @author Thiemo Kreuz
 */
class TimeValueTest extends TestCase {

	public function instanceProvider() {
		foreach ( $this->validConstructorArgumentsProvider() as $key => $args ) {
			yield $key => [ new TimeValue( ...$args ), $args ];
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
		}
	}

	public function validConstructorArgumentsProvider() {
		return array(
			'1 January' => array(
				'+2013-01-01T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Maximum timezone' => array(
				'+2013-01-01T00:00:00Z',
				7200, 9001, 9001,
				TimeValue::PRECISION_YEAR1G,
				'http://nyan.cat/original.php'
			),
			'Minimum timezone' => array(
				'+2013-01-01T00:00:00Z',
				-7200, 0, 42,
				TimeValue::PRECISION_YEAR,
				'http://nyan.cat/original.php'
			),
			'Negative year' => array(
				'-0005-01-01T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'No day' => array(
				'+2015-01-00T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_YEAR,
				'http://nyan.cat/original.php'
			),
			'No day and month' => array(
				'+2015-00-00T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_YEAR,
				'http://nyan.cat/original.php'
			),
			'Zero' => array(
				'+0000-00-00T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Minimum timestamp' => array(
				'-9999999999999999-12-31T23:59:61Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Maximum timestamp' => array(
				'+9999999999999999-12-31T23:59:61Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Leap year' => array(
				'+2000-02-29T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
			'Non-leap year 29 February' => array(
				'+2015-02-29T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
			'31 November' => array(
				'+2015-11-31T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
		);
	}

	public function invalidConstructorArgumentsProvider() {
		return array(
			'String timezone' => array(
				'+00000002013-01-01T00:00:00Z',
				'0', 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Float timezone' => array(
				'+00000002013-01-01T00:00:00Z',
				4.2, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Timezone out of range' => array(
				'+00000002013-01-01T00:00:00Z',
				-20 * 3600, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Precision out of range' => array(
				'+00000002013-01-01T00:00:00Z',
				0, 0, 0,
				15,
				'http://nyan.cat/original.php'
			),
			'Integer timestamp' => array(
				42,
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Float before' => array(
				'+00000002013-01-01T00:00:00Z',
				0, 4.2, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Negative after' => array(
				'+00000002013-01-01T00:00:00Z',
				0, 0, -1,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Non-ISO timestamp' => array(
				'bla',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Invalid separators' => array(
				'+00000002013/01/01 00:00:00',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'No month' => array(
				'+2015-00-01T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
			'No day but hour' => array(
				'+2015-01-00T01:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
			'No day but minute' => array(
				'+2015-01-00T00:01:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
			'No day but second' => array(
				'+2015-01-00T00:00:01Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
			'Month out of range' => array(
				'+00000002013-13-01T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Day out of range' => array(
				'+00000002013-01-32T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Hour out of range' => array(
				'+00000002013-01-01T24:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Minute out of range' => array(
				'+00000002013-01-01T00:60:00Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Second out of range' => array(
				'+00000002013-01-01T00:00:62Z',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Invalid timezone' => array(
				'+00000002013-01-01T00:00:00+60',
				0, 0, 0,
				TimeValue::PRECISION_SECOND,
				'http://nyan.cat/original.php'
			),
			'Year to long' => array(
				'+00000000000000001-01-01T00:00:00Z',
				0, 0, 0,
				TimeValue::PRECISION_DAY,
				'http://nyan.cat/original.php'
			),
		);
	}

	/**
	 * @dataProvider invalidConstructorArgumentsProvider
	 */
	public function testConstructorInvalid( $timestamp, $timezone, $before, $after, $precision, $calendarModel ) {
		$this->expectException( IllegalValueException::class );
		new TimeValue( $timestamp, $timezone, $before, $after, $precision, $calendarModel );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetTime( TimeValue $time, array $arguments ) {
		$this->assertEquals( $arguments[0], $time->getTime() );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetTimezone( TimeValue $time, array $arguments ) {
		$this->assertEquals( $arguments[1], $time->getTimezone() );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetBefore( TimeValue $time, array $arguments ) {
		$this->assertEquals( $arguments[2], $time->getBefore() );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetAfter( TimeValue $time, array $arguments ) {
		$this->assertEquals( $arguments[3], $time->getAfter() );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetPrecision( TimeValue $time, array $arguments ) {
		$this->assertEquals( $arguments[4], $time->getPrecision() );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetCalendarModel( TimeValue $time, array $arguments ) {
		$this->assertEquals( $arguments[5], $time->getCalendarModel() );
	}

	/**
	 * @dataProvider instanceProvider
	 */
	public function testGetValue( TimeValue $time, array $arguments ) {

		$this->assertTrue( $time->equals( $time->getValue() ) );
	}

	/**
	 * @dataProvider unpaddedYearsProvider
	 */
	public function testGivenUnpaddedYear_yearIsPadded( $year, $expected ) {
		$timeValue = new TimeValue(
			$year . '-01-01T00:00:00Z',
			0, 0, 0,
			TimeValue::PRECISION_DAY,
			'Stardate'
		);
		$this->assertSame( $expected . '-01-01T00:00:00Z', $timeValue->getTime() );
	}

	public function unpaddedYearsProvider() {
		return array(
			array( '+1', '+0001' ),
			array( '-10', '-0010' ),
			array( '+2015', '+2015' ),
			array( '+02015', '+2015' ),
			array( '+00000010000', '+10000' ),
			array( '+0000000000000001', '+0001' ),
			array( '+9999999999999999', '+9999999999999999' ),
		);
	}

}


1			<?php
2
3			namespace DataValues\Tests;
4
5			use DataValues\IllegalValueException;
6			use DataValues\TimeValue;
7			use PHPUnit\Framework\TestCase;
8
9			/**
10			* @covers DataValues\TimeValue
11			*
12			* @group DataValue
13			* @group DataValueExtensions
14			*
15			* @license GPL-2.0-or-later
16			* @author Jeroen De Dauw < [email protected] >
17			* @author Thiemo Kreuz
18			*/
19			class TimeValueTest extends TestCase {
20
21			public function instanceProvider() {
22			foreach ( $this->validConstructorArgumentsProvider() as $key => $args ) {
23			yield $key => [ new TimeValue( ...$args ), $args ];
			0 ignored issues – show Bug introduced 2020-10-21 15:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `TimeValue::__construct()` misses some required arguments starting with `$timezone`. Loading history... Documentation introduced 2020-10-21 15:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$args` is of type `array<integer,string\|int...integer","5":"string"}>`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
24			}
25			}
26
27			public function validConstructorArgumentsProvider() {
28			return array(
29			'1 January' => array(
30			'+2013-01-01T00:00:00Z',
31			0, 0, 0,
32			TimeValue::PRECISION_SECOND,
33			'http://nyan.cat/original.php'
34			),
35			'Maximum timezone' => array(
36			'+2013-01-01T00:00:00Z',
37			7200, 9001, 9001,
38			TimeValue::PRECISION_YEAR1G,
39			'http://nyan.cat/original.php'
40			),
41			'Minimum timezone' => array(
42			'+2013-01-01T00:00:00Z',
43			-7200, 0, 42,
44			TimeValue::PRECISION_YEAR,
45			'http://nyan.cat/original.php'
46			),
47			'Negative year' => array(
48			'-0005-01-01T00:00:00Z',
49			0, 0, 0,
50			TimeValue::PRECISION_SECOND,
51			'http://nyan.cat/original.php'
52			),
53			'No day' => array(
54			'+2015-01-00T00:00:00Z',
55			0, 0, 0,
56			TimeValue::PRECISION_YEAR,
57			'http://nyan.cat/original.php'
58			),
59			'No day and month' => array(
60			'+2015-00-00T00:00:00Z',
61			0, 0, 0,
62			TimeValue::PRECISION_YEAR,
63			'http://nyan.cat/original.php'
64			),
65			'Zero' => array(
66			'+0000-00-00T00:00:00Z',
67			0, 0, 0,
68			TimeValue::PRECISION_SECOND,
69			'http://nyan.cat/original.php'
70			),
71			'Minimum timestamp' => array(
72			'-9999999999999999-12-31T23:59:61Z',
73			0, 0, 0,
74			TimeValue::PRECISION_SECOND,
75			'http://nyan.cat/original.php'
76			),
77			'Maximum timestamp' => array(
78			'+9999999999999999-12-31T23:59:61Z',
79			0, 0, 0,
80			TimeValue::PRECISION_SECOND,
81			'http://nyan.cat/original.php'
82			),
83			'Leap year' => array(
84			'+2000-02-29T00:00:00Z',
85			0, 0, 0,
86			TimeValue::PRECISION_DAY,
87			'http://nyan.cat/original.php'
88			),
89			'Non-leap year 29 February' => array(
90			'+2015-02-29T00:00:00Z',
91			0, 0, 0,
92			TimeValue::PRECISION_DAY,
93			'http://nyan.cat/original.php'
94			),
95			'31 November' => array(
96			'+2015-11-31T00:00:00Z',
97			0, 0, 0,
98			TimeValue::PRECISION_DAY,
99			'http://nyan.cat/original.php'
100			),
101			);
102			}
103
104			public function invalidConstructorArgumentsProvider() {
105			return array(
106			'String timezone' => array(
107			'+00000002013-01-01T00:00:00Z',
108			'0', 0, 0,
109			TimeValue::PRECISION_SECOND,
110			'http://nyan.cat/original.php'
111			),
112			'Float timezone' => array(
113			'+00000002013-01-01T00:00:00Z',
114			4.2, 0, 0,
115			TimeValue::PRECISION_SECOND,
116			'http://nyan.cat/original.php'
117			),
118			'Timezone out of range' => array(
119			'+00000002013-01-01T00:00:00Z',
120			-20 * 3600, 0, 0,
121			TimeValue::PRECISION_SECOND,
122			'http://nyan.cat/original.php'
123			),
124			'Precision out of range' => array(
125			'+00000002013-01-01T00:00:00Z',
126			0, 0, 0,
127			15,
128			'http://nyan.cat/original.php'
129			),
130			'Integer timestamp' => array(
131			42,
132			0, 0, 0,
133			TimeValue::PRECISION_SECOND,
134			'http://nyan.cat/original.php'
135			),
136			'Float before' => array(
137			'+00000002013-01-01T00:00:00Z',
138			0, 4.2, 0,
139			TimeValue::PRECISION_SECOND,
140			'http://nyan.cat/original.php'
141			),
142			'Negative after' => array(
143			'+00000002013-01-01T00:00:00Z',
144			0, 0, -1,
145			TimeValue::PRECISION_SECOND,
146			'http://nyan.cat/original.php'
147			),
148			'Non-ISO timestamp' => array(
149			'bla',
150			0, 0, 0,
151			TimeValue::PRECISION_SECOND,
152			'http://nyan.cat/original.php'
153			),
154			'Invalid separators' => array(
155			'+00000002013/01/01 00:00:00',
156			0, 0, 0,
157			TimeValue::PRECISION_SECOND,
158			'http://nyan.cat/original.php'
159			),
160			'No month' => array(
161			'+2015-00-01T00:00:00Z',
162			0, 0, 0,
163			TimeValue::PRECISION_DAY,
164			'http://nyan.cat/original.php'
165			),
166			'No day but hour' => array(
167			'+2015-01-00T01:00:00Z',
168			0, 0, 0,
169			TimeValue::PRECISION_DAY,
170			'http://nyan.cat/original.php'
171			),
172			'No day but minute' => array(
173			'+2015-01-00T00:01:00Z',
174			0, 0, 0,
175			TimeValue::PRECISION_DAY,
176			'http://nyan.cat/original.php'
177			),
178			'No day but second' => array(
179			'+2015-01-00T00:00:01Z',
180			0, 0, 0,
181			TimeValue::PRECISION_DAY,
182			'http://nyan.cat/original.php'
183			),
184			'Month out of range' => array(
185			'+00000002013-13-01T00:00:00Z',
186			0, 0, 0,
187			TimeValue::PRECISION_SECOND,
188			'http://nyan.cat/original.php'
189			),
190			'Day out of range' => array(
191			'+00000002013-01-32T00:00:00Z',
192			0, 0, 0,
193			TimeValue::PRECISION_SECOND,
194			'http://nyan.cat/original.php'
195			),
196			'Hour out of range' => array(
197			'+00000002013-01-01T24:00:00Z',
198			0, 0, 0,
199			TimeValue::PRECISION_SECOND,
200			'http://nyan.cat/original.php'
201			),
202			'Minute out of range' => array(
203			'+00000002013-01-01T00:60:00Z',
204			0, 0, 0,
205			TimeValue::PRECISION_SECOND,
206			'http://nyan.cat/original.php'
207			),
208			'Second out of range' => array(
209			'+00000002013-01-01T00:00:62Z',
210			0, 0, 0,
211			TimeValue::PRECISION_SECOND,
212			'http://nyan.cat/original.php'
213			),
214			'Invalid timezone' => array(
215			'+00000002013-01-01T00:00:00+60',
216			0, 0, 0,
217			TimeValue::PRECISION_SECOND,
218			'http://nyan.cat/original.php'
219			),
220			'Year to long' => array(
221			'+00000000000000001-01-01T00:00:00Z',
222			0, 0, 0,
223			TimeValue::PRECISION_DAY,
224			'http://nyan.cat/original.php'
225			),
226			);
227			}
228
229			/**
230			* @dataProvider invalidConstructorArgumentsProvider
231			*/
232			public function testConstructorInvalid( $timestamp, $timezone, $before, $after, $precision, $calendarModel ) {
233			$this->expectException( IllegalValueException::class );
234			new TimeValue( $timestamp, $timezone, $before, $after, $precision, $calendarModel );
235			}
236
237			/**
238			* @dataProvider instanceProvider
239			*/
240			public function testGetTime( TimeValue $time, array $arguments ) {
241			$this->assertEquals( $arguments[0], $time->getTime() );
242			}
243
244			/**
245			* @dataProvider instanceProvider
246			*/
247			public function testGetTimezone( TimeValue $time, array $arguments ) {
248			$this->assertEquals( $arguments[1], $time->getTimezone() );
249			}
250
251			/**
252			* @dataProvider instanceProvider
253			*/
254			public function testGetBefore( TimeValue $time, array $arguments ) {
255			$this->assertEquals( $arguments[2], $time->getBefore() );
256			}
257
258			/**
259			* @dataProvider instanceProvider
260			*/
261			public function testGetAfter( TimeValue $time, array $arguments ) {
262			$this->assertEquals( $arguments[3], $time->getAfter() );
263			}
264
265			/**
266			* @dataProvider instanceProvider
267			*/
268			public function testGetPrecision( TimeValue $time, array $arguments ) {
269			$this->assertEquals( $arguments[4], $time->getPrecision() );
270			}
271
272			/**
273			* @dataProvider instanceProvider
274			*/
275			public function testGetCalendarModel( TimeValue $time, array $arguments ) {
276			$this->assertEquals( $arguments[5], $time->getCalendarModel() );
277			}
278
279			/**
280			* @dataProvider instanceProvider
281			*/
282			public function testGetValue( TimeValue $time, array $arguments ) {
			0 ignored issues – show Unused Code introduced 2019-09-13 14:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$arguments` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
283			$this->assertTrue( $time->equals( $time->getValue() ) );
284			}
285
286			/**
287			* @dataProvider unpaddedYearsProvider
288			*/
289			public function testGivenUnpaddedYear_yearIsPadded( $year, $expected ) {
290			$timeValue = new TimeValue(
291			$year . '-01-01T00:00:00Z',
292			0, 0, 0,
293			TimeValue::PRECISION_DAY,
294			'Stardate'
295			);
296			$this->assertSame( $expected . '-01-01T00:00:00Z', $timeValue->getTime() );
297			}
298
299			public function unpaddedYearsProvider() {
300			return array(
301			array( '+1', '+0001' ),
302			array( '-10', '-0010' ),
303			array( '+2015', '+2015' ),
304			array( '+02015', '+2015' ),
305			array( '+00000010000', '+10000' ),
306			array( '+0000000000000001', '+0001' ),
307			array( '+9999999999999999', '+9999999999999999' ),
308			);
309			}
310
311			}
312

wmde / Time

Issues (16)

Security Analysis no request data

tests/DataValues/TimeValueTest.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like