Issues in SiteLinkTest.php (master) - Issues in master - wmde/WikibaseDataModel - Measure and Improve Code Quality continuously with Scrutinizer

Issues (55)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/unit/SiteLinkTest.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Wikibase\DataModel\Tests;

use InvalidArgumentException;
use Wikibase\DataModel\Entity\ItemId;
use Wikibase\DataModel\Entity\ItemIdSet;
use Wikibase\DataModel\Entity\PropertyId;
use Wikibase\DataModel\SiteLink;

/**
 * @covers \Wikibase\DataModel\SiteLink
 *
 * @group Wikibase
 * @group WikibaseDataModel
 *
 * @license GPL-2.0-or-later
 * @author Jeroen De Dauw < [email protected] >
 * @author Michał Łazowik
 * @author Thiemo Kreuz
 */
class SiteLinkTest extends \PHPUnit\Framework\TestCase {

	public function testCanConstruct() {
		new SiteLink( 'enwiki', 'Wikidata' );
		$this->assertTrue( true );
	}

	/**
	 * @dataProvider siteIdProvider
	 */
	public function testGetSiteId( $siteId ) {
		$siteLink = new SiteLink( $siteId, 'Wikidata' );
		$this->assertSame( $siteId, $siteLink->getSiteId() );
	}

	public function siteIdProvider() {
		$argLists = [];

		$argLists[] = [ 'enwiki' ];
		$argLists[] = [ 'nlwiki' ];
		$argLists[] = [ 'Nyan!' ];

		return $argLists;
	}

	/**
	 * @dataProvider invalidStringIdentifierProvider
	 */
	public function testCannotConstructWithNonStringSiteId( $invalidSiteId ) {
		$this->expectException( InvalidArgumentException::class );
		new SiteLink( $invalidSiteId, 'Wikidata' );
	}

	public function invalidStringIdentifierProvider() {
		return [
			[ null ],
			[ true ],
			[ 42 ],
			[ '' ],
			[ [] ],
		];
	}

	/**
	 * @dataProvider pageNameProvider
	 */
	public function testGetPageName( $pageName ) {
		$siteLink = new SiteLink( 'enwiki', $pageName );
		$this->assertSame( $pageName, $siteLink->getPageName() );
	}

	public function pageNameProvider() {
		$argLists = [];

		$argLists[] = [ 'Wikidata' ];
		$argLists[] = [ 'Nyan_Cat' ];
		$argLists[] = [ 'NYAN DATA ALL ACROSS THE SKY ~=[,,_,,]:3' ];

		return $argLists;
	}

	/**
	 * @dataProvider invalidStringIdentifierProvider
	 */
	public function testCannotConstructWithNonStringPageName( $invalidPageName ) {
		$this->expectException( InvalidArgumentException::class );
		new SiteLink( 'enwiki', $invalidPageName );
	}

	/**
	 * @dataProvider badgesProvider
	 */
	public function testGetBadges( $badges, $expected ) {
		$siteLink = new SiteLink( 'enwiki', 'Wikidata', $badges );
		$this->assertEquals( $expected, $siteLink->getBadges() );
	}

	public function badgesProvider() {
		$argLists = [];

		$argLists[] = [ null, [] ];

		$badges = [];
		$expected = array_values( $badges );

		$argLists[] = [ $badges, $expected ];

		$badges = [
			new ItemId( 'Q149' )
		];
		$expected = array_values( $badges );

		$argLists[] = [ $badges, $expected ];

		// removing from the middle of array
		$badges = [
			new ItemId( 'Q36' ),
			new ItemId( 'Q149' ),
			new ItemId( 'Q7' )
		];

		$key = array_search(
			new ItemId( 'Q149' ),
			$badges
		);
		unset( $badges[$key] );

		$expected = array_values( $badges );

		$argLists[] = [ $badges, $expected ];

		return $argLists;
	}

	/**
	 * @dataProvider invalidBadgesProvider
	 */
	public function testCannotConstructWithInvalidBadges( $invalidBadges ) {
		$this->expectException( InvalidArgumentException::class );
		new SiteLink( 'enwiki', 'Wikidata', $invalidBadges );
	}

	public function invalidBadgesProvider() {
		return [
			// Stuff that's not an array
			[ true ],
			[ 42 ],
			[ 'nyan nyan' ],
			// Arrays with stuff that's not even an object
			[ [ 'nyan', 42 ] ],
			[ [ 'nyan', [] ] ],
			// Arrays with Entities that aren't Items
			[ [ new PropertyId( 'P2' ), new ItemId( 'Q149' ) ] ],
			[ [ new PropertyId( 'P2' ), new PropertyId( 'P3' ) ] ],
		];
	}

	/**
	 * @dataProvider linkProvider
	 */
	public function testSelfComparisonReturnsTrue( SiteLink $link ) {
		$this->assertTrue( $link->equals( $link ) );

		$linkCopy = unserialize( serialize( $link ) );
		$this->assertTrue( $link->equals( $linkCopy ) );
		$this->assertTrue( $linkCopy->equals( $link ) );
	}

	public function linkProvider() {
		return [
			[ new SiteLink( 'foo', 'Bar' ) ],
			[ new SiteLink( 'foo', 'Bar', [ new ItemId( 'Q42' ), new ItemId( 'Q9001' ) ] ) ],
			[ new SiteLink( 'foo', 'foo' ) ],
		];
	}

	/**
	 * @dataProvider nonEqualityProvider
	 */
	public function testGivenNonEqualLinks_equalsReturnsFalse( SiteLink $linkOne, SiteLink $linkTwo ) {
		$this->assertFalse( $linkOne->equals( $linkTwo ) );
		$this->assertFalse( $linkTwo->equals( $linkOne ) );
	}

	public function nonEqualityProvider() {
		return [
			[
				new SiteLink( 'foo', 'bar' ),
				new SiteLink( 'foo', 'Bar' ),
			],
			[
				new SiteLink( 'foo', 'bar' ),
				new SiteLink( 'Foo', 'bar' ),
			],
			[
				new SiteLink( 'foo', 'bar' ),
				new SiteLink( 'foo', 'bar', [ new ItemId( 'Q42' ) ] ),
			],
			[
				new SiteLink( 'foo', 'bar', [ new ItemId( 'Q42' ) ] ),
				new SiteLink( 'foo', 'bar', [ new ItemId( 'Q42' ), new ItemId( 'Q9001' ) ] ),
			],
		];
	}

	public function testCanConstructWithItemIdSet() {
		$badgesArray = [
			new ItemId( 'Q36' ),
			new ItemId( 'Q149' ),
		];
		$badges = new ItemIdSet( $badgesArray );

		$siteLink = new SiteLink( 'foo', 'bar', $badges );

		$this->assertEquals( $badgesArray, $siteLink->getBadges() );
	}

	public function testGivenNonItemIdCollectionForBadges_constructorThrowsException() {
		$this->expectException( InvalidArgumentException::class );
		new SiteLink( 'foo', 'bar', 42 );
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
	}

}


1			<?php
2
3			namespace Wikibase\DataModel\Tests;
4
5			use InvalidArgumentException;
6			use Wikibase\DataModel\Entity\ItemId;
7			use Wikibase\DataModel\Entity\ItemIdSet;
8			use Wikibase\DataModel\Entity\PropertyId;
9			use Wikibase\DataModel\SiteLink;
10
11			/**
12			* @covers \Wikibase\DataModel\SiteLink
13			*
14			* @group Wikibase
15			* @group WikibaseDataModel
16			*
17			* @license GPL-2.0-or-later
18			* @author Jeroen De Dauw < [email protected] >
19			* @author Michał Łazowik
20			* @author Thiemo Kreuz
21			*/
22			class SiteLinkTest extends \PHPUnit\Framework\TestCase {
23
24			public function testCanConstruct() {
25			new SiteLink( 'enwiki', 'Wikidata' );
26			$this->assertTrue( true );
27			}
28
29			/**
30			* @dataProvider siteIdProvider
31			*/
32			public function testGetSiteId( $siteId ) {
33			$siteLink = new SiteLink( $siteId, 'Wikidata' );
34			$this->assertSame( $siteId, $siteLink->getSiteId() );
35			}
36
37			public function siteIdProvider() {
38			$argLists = [];
39
40			$argLists[] = [ 'enwiki' ];
41			$argLists[] = [ 'nlwiki' ];
42			$argLists[] = [ 'Nyan!' ];
43
44			return $argLists;
45			}
46
47			/**
48			* @dataProvider invalidStringIdentifierProvider
49			*/
50			public function testCannotConstructWithNonStringSiteId( $invalidSiteId ) {
51			$this->expectException( InvalidArgumentException::class );
52			new SiteLink( $invalidSiteId, 'Wikidata' );
53			}
54
55			public function invalidStringIdentifierProvider() {
56			return [
57			[ null ],
58			[ true ],
59			[ 42 ],
60			[ '' ],
61			[ [] ],
62			];
63			}
64
65			/**
66			* @dataProvider pageNameProvider
67			*/
68			public function testGetPageName( $pageName ) {
69			$siteLink = new SiteLink( 'enwiki', $pageName );
70			$this->assertSame( $pageName, $siteLink->getPageName() );
71			}
72
73			public function pageNameProvider() {
74			$argLists = [];
75
76			$argLists[] = [ 'Wikidata' ];
77			$argLists[] = [ 'Nyan_Cat' ];
78			$argLists[] = [ 'NYAN DATA ALL ACROSS THE SKY ~=[,,_,,]:3' ];
79
80			return $argLists;
81			}
82
83			/**
84			* @dataProvider invalidStringIdentifierProvider
85			*/
86			public function testCannotConstructWithNonStringPageName( $invalidPageName ) {
87			$this->expectException( InvalidArgumentException::class );
88			new SiteLink( 'enwiki', $invalidPageName );
89			}
90
91			/**
92			* @dataProvider badgesProvider
93			*/
94			public function testGetBadges( $badges, $expected ) {
95			$siteLink = new SiteLink( 'enwiki', 'Wikidata', $badges );
96			$this->assertEquals( $expected, $siteLink->getBadges() );
97			}
98
99			public function badgesProvider() {
100			$argLists = [];
101
102			$argLists[] = [ null, [] ];
103
104			$badges = [];
105			$expected = array_values( $badges );
106
107			$argLists[] = [ $badges, $expected ];
108
109			$badges = [
110			new ItemId( 'Q149' )
111			];
112			$expected = array_values( $badges );
113
114			$argLists[] = [ $badges, $expected ];
115
116			// removing from the middle of array
117			$badges = [
118			new ItemId( 'Q36' ),
119			new ItemId( 'Q149' ),
120			new ItemId( 'Q7' )
121			];
122
123			$key = array_search(
124			new ItemId( 'Q149' ),
125			$badges
126			);
127			unset( $badges[$key] );
128
129			$expected = array_values( $badges );
130
131			$argLists[] = [ $badges, $expected ];
132
133			return $argLists;
134			}
135
136			/**
137			* @dataProvider invalidBadgesProvider
138			*/
139			public function testCannotConstructWithInvalidBadges( $invalidBadges ) {
140			$this->expectException( InvalidArgumentException::class );
141			new SiteLink( 'enwiki', 'Wikidata', $invalidBadges );
142			}
143
144			public function invalidBadgesProvider() {
145			return [
146			// Stuff that's not an array
147			[ true ],
148			[ 42 ],
149			[ 'nyan nyan' ],
150			// Arrays with stuff that's not even an object
151			[ [ 'nyan', 42 ] ],
152			[ [ 'nyan', [] ] ],
153			// Arrays with Entities that aren't Items
154			[ [ new PropertyId( 'P2' ), new ItemId( 'Q149' ) ] ],
155			[ [ new PropertyId( 'P2' ), new PropertyId( 'P3' ) ] ],
156			];
157			}
158
159			/**
160			* @dataProvider linkProvider
161			*/
162			public function testSelfComparisonReturnsTrue( SiteLink $link ) {
163			$this->assertTrue( $link->equals( $link ) );
164
165			$linkCopy = unserialize( serialize( $link ) );
166			$this->assertTrue( $link->equals( $linkCopy ) );
167			$this->assertTrue( $linkCopy->equals( $link ) );
168			}
169
170			public function linkProvider() {
171			return [
172			[ new SiteLink( 'foo', 'Bar' ) ],
173			[ new SiteLink( 'foo', 'Bar', [ new ItemId( 'Q42' ), new ItemId( 'Q9001' ) ] ) ],
174			[ new SiteLink( 'foo', 'foo' ) ],
175			];
176			}
177
178			/**
179			* @dataProvider nonEqualityProvider
180			*/
181			public function testGivenNonEqualLinks_equalsReturnsFalse( SiteLink $linkOne, SiteLink $linkTwo ) {
182			$this->assertFalse( $linkOne->equals( $linkTwo ) );
183			$this->assertFalse( $linkTwo->equals( $linkOne ) );
184			}
185
186			public function nonEqualityProvider() {
187			return [
188			[
189			new SiteLink( 'foo', 'bar' ),
190			new SiteLink( 'foo', 'Bar' ),
191			],
192			[
193			new SiteLink( 'foo', 'bar' ),
194			new SiteLink( 'Foo', 'bar' ),
195			],
196			[
197			new SiteLink( 'foo', 'bar' ),
198			new SiteLink( 'foo', 'bar', [ new ItemId( 'Q42' ) ] ),
199			],
200			[
201			new SiteLink( 'foo', 'bar', [ new ItemId( 'Q42' ) ] ),
202			new SiteLink( 'foo', 'bar', [ new ItemId( 'Q42' ), new ItemId( 'Q9001' ) ] ),
203			],
204			];
205			}
206
207			public function testCanConstructWithItemIdSet() {
208			$badgesArray = [
209			new ItemId( 'Q36' ),
210			new ItemId( 'Q149' ),
211			];
212			$badges = new ItemIdSet( $badgesArray );
213
214			$siteLink = new SiteLink( 'foo', 'bar', $badges );
215
216			$this->assertEquals( $badgesArray, $siteLink->getBadges() );
217			}
218
219			public function testGivenNonItemIdCollectionForBadges_constructorThrowsException() {
220			$this->expectException( InvalidArgumentException::class );
221			new SiteLink( 'foo', 'bar', 42 );
			0 ignored issues – show Documentation introduced 2016-02-04 18:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this `42` is of type `integer`, but the function expects a `object<Wikibase\DataMode...el\Entity\ItemId>>\|null`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
222			}
223
224			}
225

wmde / WikibaseDataModel

Issues (55)

Security Analysis no request data

tests/unit/SiteLinkTest.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like