Issues in SerializerFactoryTest.php (master) - Issues in master - wmde/WikibaseDataModelSerialization - Measure and Improve Code Quality continuously with Scrutinizer

Issues (67)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

tests/unit/SerializerFactoryTest.php (3 issues)

Labels

Deprecated Code 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Tests\Wikibase\DataModel;

use DataValues\Serializers\DataValueSerializer;
use InvalidArgumentException;
use PHPUnit\Framework\TestCase;
use ReflectionObject;
use Serializers\Serializer;
use Wikibase\DataModel\Entity\Item;
use Wikibase\DataModel\Entity\Property;
use Wikibase\DataModel\Reference;
use Wikibase\DataModel\ReferenceList;
use Wikibase\DataModel\SerializerFactory;
use Wikibase\DataModel\SiteLink;
use Wikibase\DataModel\Snak\PropertyNoValueSnak;
use Wikibase\DataModel\Snak\SnakList;
use Wikibase\DataModel\Snak\TypedSnak;
use Wikibase\DataModel\Statement\Statement;
use Wikibase\DataModel\Statement\StatementList;
use Wikibase\DataModel\Term\AliasGroup;
use Wikibase\DataModel\Term\AliasGroupList;
use Wikibase\DataModel\Term\Term;
use Wikibase\DataModel\Term\TermList;

/**
 * @license GPL-2.0-or-later
 * @author Thomas Pellissier Tanon
 * @author Bene* < [email protected] >
 */
class SerializerFactoryTest extends TestCase {

	private function buildSerializerFactory() {
		return new SerializerFactory( new DataValueSerializer() );
	}

	private function assertSerializesWithoutException( Serializer $serializer, $object ) {
		$serializer->serialize( $object );
		$this->assertTrue( true, 'No exception occurred during serialization' );
	}

	public function testNewEntitySerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newEntitySerializer(),
			new Item()
		);

		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newEntitySerializer(),
			Property::newFromType( 'string' )
		);
	}

	public function testNewItemSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newItemSerializer(),
			new Item()
		);
	}

	public function testNewPropertySerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newPropertySerializer(),
			Property::newFromType( 'string' )
		);
	}

	public function testNewSiteLinkSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newSiteLinkSerializer(),
			new SiteLink( 'enwiki', 'Nyan Cat' )
		);
	}

	public function testNewStatementSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newStatementSerializer(),
			new Statement( new PropertyNoValueSnak( 42 ) )
		);
	}

	public function testNewStatementListSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newStatementListSerializer(),
			new StatementList()
		);
	}

	public function testNewReferencesSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newReferencesSerializer(),
			new ReferenceList()
		);
	}

	public function testNewReferenceSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newReferenceSerializer(),
			new Reference()
		);
	}

	public function testNewSnakListSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newSnakListSerializer(),
			new SnakList( [] )
		);
	}

	public function testNewSnakSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newSnakSerializer(),
			new PropertyNoValueSnak( 42 )
		);
	}

	public function testFactoryCreateWithUnexpectedValue() {
		$this->expectException( InvalidArgumentException::class );
		new SerializerFactory( new DataValueSerializer(), 1.0 );
	}

	public function testNewSnakListSerializerWithUseObjectsForMaps() {
		$factory = new SerializerFactory(
			new DataValueSerializer(),
			SerializerFactory::OPTION_OBJECTS_FOR_MAPS
		);
		$serializer = $factory->newSnakListSerializer();

		$refObject   = new ReflectionObject( $serializer );
		$refProperty = $refObject->getProperty( 'useObjectsForMaps' );
		$refProperty->setAccessible( true );
		$value = $refProperty->getValue( $serializer );

		$this->assertTrue( $value );
	}

	public function testNewTypedSnakSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newTypedSnakSerializer(),
			new TypedSnak( new PropertyNoValueSnak( 42 ), 'kittens' )
		);
	}

	public function testNewTermSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newTermSerializer(),
			new Term( 'en', 'Foo' )
		);
	}

	public function testNewTermListSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newTermListSerializer(),
			new TermList( [ new Term( 'de', 'Foo' ) ] )
		);
	}

	public function testNewAliasGroupSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newAliasGroupSerializer(),
			new AliasGroup( 'en', [ 'foo', 'bar' ] )
		);
	}

	public function testNewAliasGroupListSerializer() {
		$this->assertSerializesWithoutException(
			$this->buildSerializerFactory()->newAliasGroupListSerializer(),
			new AliasGroupList( [ new AliasGroup( 'de', [ 'AA', 'BB' ] ) ] )
		);
	}

	public function testSerializeSnaksWithoutHashConstant() {
		$this->assertSame(
			// expected:
			SerializerFactory::OPTION_SERIALIZE_MAIN_SNAKS_WITHOUT_HASH |

			SerializerFactory::OPTION_SERIALIZE_QUALIFIER_SNAKS_WITHOUT_HASH |

			SerializerFactory::OPTION_SERIALIZE_REFERENCE_SNAKS_WITHOUT_HASH,

			// actual:
			SerializerFactory::OPTION_SERIALIZE_SNAKS_WITHOUT_HASH
		);
	}

}


1			<?php
2
3			namespace Tests\Wikibase\DataModel;
4
5			use DataValues\Serializers\DataValueSerializer;
6			use InvalidArgumentException;
7			use PHPUnit\Framework\TestCase;
8			use ReflectionObject;
9			use Serializers\Serializer;
10			use Wikibase\DataModel\Entity\Item;
11			use Wikibase\DataModel\Entity\Property;
12			use Wikibase\DataModel\Reference;
13			use Wikibase\DataModel\ReferenceList;
14			use Wikibase\DataModel\SerializerFactory;
15			use Wikibase\DataModel\SiteLink;
16			use Wikibase\DataModel\Snak\PropertyNoValueSnak;
17			use Wikibase\DataModel\Snak\SnakList;
18			use Wikibase\DataModel\Snak\TypedSnak;
19			use Wikibase\DataModel\Statement\Statement;
20			use Wikibase\DataModel\Statement\StatementList;
21			use Wikibase\DataModel\Term\AliasGroup;
22			use Wikibase\DataModel\Term\AliasGroupList;
23			use Wikibase\DataModel\Term\Term;
24			use Wikibase\DataModel\Term\TermList;
25
26			/**
27			* @license GPL-2.0-or-later
28			* @author Thomas Pellissier Tanon
29			* @author Bene* < [email protected] >
30			*/
31			class SerializerFactoryTest extends TestCase {
32
33			private function buildSerializerFactory() {
34			return new SerializerFactory( new DataValueSerializer() );
35			}
36
37			private function assertSerializesWithoutException( Serializer $serializer, $object ) {
38			$serializer->serialize( $object );
39			$this->assertTrue( true, 'No exception occurred during serialization' );
40			}
41
42			public function testNewEntitySerializer() {
43			$this->assertSerializesWithoutException(
44			$this->buildSerializerFactory()->newEntitySerializer(),
45			new Item()
46			);
47
48			$this->assertSerializesWithoutException(
49			$this->buildSerializerFactory()->newEntitySerializer(),
50			Property::newFromType( 'string' )
51			);
52			}
53
54			public function testNewItemSerializer() {
55			$this->assertSerializesWithoutException(
56			$this->buildSerializerFactory()->newItemSerializer(),
57			new Item()
58			);
59			}
60
61			public function testNewPropertySerializer() {
62			$this->assertSerializesWithoutException(
63			$this->buildSerializerFactory()->newPropertySerializer(),
64			Property::newFromType( 'string' )
65			);
66			}
67
68			public function testNewSiteLinkSerializer() {
69			$this->assertSerializesWithoutException(
70			$this->buildSerializerFactory()->newSiteLinkSerializer(),
71			new SiteLink( 'enwiki', 'Nyan Cat' )
72			);
73			}
74
75			public function testNewStatementSerializer() {
76			$this->assertSerializesWithoutException(
77			$this->buildSerializerFactory()->newStatementSerializer(),
78			new Statement( new PropertyNoValueSnak( 42 ) )
79			);
80			}
81
82			public function testNewStatementListSerializer() {
83			$this->assertSerializesWithoutException(
84			$this->buildSerializerFactory()->newStatementListSerializer(),
85			new StatementList()
86			);
87			}
88
89			public function testNewReferencesSerializer() {
90			$this->assertSerializesWithoutException(
91			$this->buildSerializerFactory()->newReferencesSerializer(),
92			new ReferenceList()
93			);
94			}
95
96			public function testNewReferenceSerializer() {
97			$this->assertSerializesWithoutException(
98			$this->buildSerializerFactory()->newReferenceSerializer(),
99			new Reference()
100			);
101			}
102
103			public function testNewSnakListSerializer() {
104			$this->assertSerializesWithoutException(
105			$this->buildSerializerFactory()->newSnakListSerializer(),
106			new SnakList( [] )
107			);
108			}
109
110			public function testNewSnakSerializer() {
111			$this->assertSerializesWithoutException(
112			$this->buildSerializerFactory()->newSnakSerializer(),
113			new PropertyNoValueSnak( 42 )
114			);
115			}
116
117			public function testFactoryCreateWithUnexpectedValue() {
118			$this->expectException( InvalidArgumentException::class );
119			new SerializerFactory( new DataValueSerializer(), 1.0 );
120			}
121
122			public function testNewSnakListSerializerWithUseObjectsForMaps() {
123			$factory = new SerializerFactory(
124			new DataValueSerializer(),
125			SerializerFactory::OPTION_OBJECTS_FOR_MAPS
126			);
127			$serializer = $factory->newSnakListSerializer();
128
129			$refObject = new ReflectionObject( $serializer );
130			$refProperty = $refObject->getProperty( 'useObjectsForMaps' );
131			$refProperty->setAccessible( true );
132			$value = $refProperty->getValue( $serializer );
133
134			$this->assertTrue( $value );
135			}
136
137			public function testNewTypedSnakSerializer() {
138			$this->assertSerializesWithoutException(
139			$this->buildSerializerFactory()->newTypedSnakSerializer(),
140			new TypedSnak( new PropertyNoValueSnak( 42 ), 'kittens' )
141			);
142			}
143
144			public function testNewTermSerializer() {
145			$this->assertSerializesWithoutException(
146			$this->buildSerializerFactory()->newTermSerializer(),
147			new Term( 'en', 'Foo' )
148			);
149			}
150
151			public function testNewTermListSerializer() {
152			$this->assertSerializesWithoutException(
153			$this->buildSerializerFactory()->newTermListSerializer(),
154			new TermList( [ new Term( 'de', 'Foo' ) ] )
155			);
156			}
157
158			public function testNewAliasGroupSerializer() {
159			$this->assertSerializesWithoutException(
160			$this->buildSerializerFactory()->newAliasGroupSerializer(),
161			new AliasGroup( 'en', [ 'foo', 'bar' ] )
162			);
163			}
164
165			public function testNewAliasGroupListSerializer() {
166			$this->assertSerializesWithoutException(
167			$this->buildSerializerFactory()->newAliasGroupListSerializer(),
168			new AliasGroupList( [ new AliasGroup( 'de', [ 'AA', 'BB' ] ) ] )
169			);
170			}
171
172			public function testSerializeSnaksWithoutHashConstant() {
173			$this->assertSame(
174			// expected:
175			SerializerFactory::OPTION_SERIALIZE_MAIN_SNAKS_WITHOUT_HASH \|
			0 ignored issues – show Deprecated Code introduced 2017-08-30 13:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `Wikibase\DataModel\Seria...MAIN_SNAKS_WITHOUT_HASH` has been deprecated with message: since 2.5 use OPTION_SERIALIZE_SNAKS_WITHOUT_HASH This class constant has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the constant will be removed from the class and what other constant to use instead. Loading history...
176			SerializerFactory::OPTION_SERIALIZE_QUALIFIER_SNAKS_WITHOUT_HASH \|
			0 ignored issues – show Deprecated Code introduced 2017-08-30 13:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `Wikibase\DataModel\Seria...FIER_SNAKS_WITHOUT_HASH` has been deprecated with message: since 2.5 use OPTION_SERIALIZE_SNAKS_WITHOUT_HASH This class constant has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the constant will be removed from the class and what other constant to use instead. Loading history...
177			SerializerFactory::OPTION_SERIALIZE_REFERENCE_SNAKS_WITHOUT_HASH,
			0 ignored issues – show Deprecated Code introduced 2017-08-30 13:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The constant `Wikibase\DataModel\Seria...ENCE_SNAKS_WITHOUT_HASH` has been deprecated with message: since 2.5 use OPTION_SERIALIZE_SNAKS_WITHOUT_HASH This class constant has been deprecated. The supplier of the class has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the constant will be removed from the class and what other constant to use instead. Loading history...
178			// actual:
179			SerializerFactory::OPTION_SERIALIZE_SNAKS_WITHOUT_HASH
180			);
181			}
182
183			}
184

wmde / WikibaseDataModelSerialization

Issues (67)

Security Analysis no request data

tests/unit/SerializerFactoryTest.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like