[HPHP Tainting] Static string support unit tests

Summary: - unit tests for static string detection via taints, originally part of D268875 Test Plan: - these are tests Reviewed By: amenghra Reviewers: srenfro, amenghra, pad CC: mwilliams, amenghra Revert Plan: Tags: - begin *PUBLIC* platform impact section - Bugzilla: # - end platform impact - Differential Revision: 269450
sarang25491 · Jun 24, 2011 · dc66e15 · dc66e15
1 parent 3b5cbb7
commit dc66e15
Show file tree

Hide file tree

Showing 37 changed files with 661 additions and 761 deletions.
diff --git a/src/test/tainting/print_r_01.php → src/test/tainting/core/array.php b/src/test/tainting/print_r_01.php → src/test/tainting/core/array.php
@@ -14,22 +14,36 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
-$a = "good\n";
-$b = print_r($a, true);
+/**
+ * Sanity checks for tainting array entries.
+ */
 
-if(fb_get_taint($b) & TAINT_HTML_MASK){
-  echo "b is tainted\n";
-} else {
-  echo "b is not tainted\n";
-}
+$arrg1 = array($good1);
+$arrb1 = array($bad1);
+echo "Testing array() on strings:\n";
+assert_not_tainted($arrg1[0]);
+assert_tainted($arrb1[0]);
 
-$b = array($a);
-$c = print_r($b, true);
+$arr = array(
+  'good1' => $good1,
+  'bad1'  => $bad1,
+  42      => array(
+    'good2' => $good2,
+    'bad2'  => $bad2,
+  ),
+);
+echo "\n";
+echo "Testing array containing mixed taints:\n";
+assert_not_tainted($arr);
+assert_tainted(print_r($arr, true));
 
-if(fb_get_taint($c) & TAINT_HTML_MASK){
-  echo "c is tainted\n";
-} else {
-  echo "c is not tainted\n";
-}
+echo "\n";
+echo "Testing taint independence among array entries:\n";
+assert_not_tainted($arr['good1']);
+assert_tainted($arr['bad1']);
+assert_not_tainted($arr[42]);
+assert_tainted(print_r($arr[42], true));
+assert_not_tainted($arr[42]['good2']);
+assert_tainted($arr[42]['bad2']);
diff --git a/src/test/tainting/concatenations.php → src/test/tainting/core/concatenations.php b/src/test/tainting/concatenations.php → src/test/tainting/core/concatenations.php
@@ -14,28 +14,29 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
- * Check that various forms of concatenations output the right taint information
+ * Check that various forms of concatenations output the right general taint
+ * information.  Concatenation tests for staticity can be found in ./static/
  */
 
 $a = $good1 . $good2;
-not_tainted($a);
+assert_not_tainted($a);
 
 $a = $good1 . $bad1;
-tainted($a);
+assert_tainted($a);
 
 $a = $good1;
 $a .= $good2;
-not_tainted($a);
+assert_not_tainted($a);
 
 $a = $good1;
 $a .= $bad1;
-tainted($a);
+assert_tainted($a);
 
 $a = "$good1 $good2";
-not_tainted($a);
+assert_not_tainted($a);
 
 $a = "$good1 $bad1";
-tainted($a);
+assert_tainted($a);
diff --git a/src/test/tainting/output.php → src/test/tainting/core/output.php b/src/test/tainting/output.php → src/test/tainting/core/output.php
@@ -14,161 +14,161 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
  * Taint tests for functions defined in output.idl.php
  */
 
-echo "testing ob_start\n";
+echo "Testing ob_start:\n";
 ob_start();
 ob_start();
 echo $good1;
 $a = ob_get_clean();
 echo $a;
 $b = ob_get_clean();
-not_tainted($a);
-not_tainted($b);
+assert_html_safe($a);
+assert_html_safe($b);
 
 ob_start();
 ob_start();
 echo $bad1;
 $a = ob_get_clean();
 echo $a;
 $b = ob_get_clean();
-tainted($a);
-tainted($b);
+assert_html_unsafe($a);
+assert_html_unsafe($b);
 
-echo "\n\n";
-echo "testing ob_clean\n";
+echo "\n";
+echo "Testing ob_clean:\n";
 ob_start();
 echo $good1;
 ob_clean();
 echo $good2;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 echo $bad1;
 ob_clean();
 echo $good1;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 echo $good1;
 ob_clean();
 echo $bad1;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
 ob_start();
 echo $bad1;
 ob_clean();
 echo $bad2;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_flush\n";
+echo "\n";
+echo "Testing ob_flush:\n";
 ob_start();
 ob_start();
 echo $good1;
 ob_flush();
 ob_end_clean();
 $a = ob_get_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_flush();
 ob_end_clean();
 $a = ob_get_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing ob_end_clean\n";
+echo "\n";
+echo "Testing ob_end_clean:\n";
 ob_start();
 ob_start();
 echo $good1;
 ob_end_clean();
 echo $good2;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_end_clean();
 echo $good1;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $good1;
 ob_end_clean();
 echo $bad1;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_end_clean();
 echo $bad2;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_end_flush\n";
+echo "\n";
+echo "Testing ob_end_flush:\n";
 ob_start();
 ob_start();
 echo $good1;
 ob_end_flush();
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 ob_start();
 echo $bad1;
 ob_end_flush();
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_get_clean\n";
+echo "\n";
+echo "Testing ob_get_clean:\n";
 ob_start();
 echo $good1;
-not_tainted(ob_get_clean());
+assert_html_safe(ob_get_clean());
 
 ob_start();
 echo $bad1;
-tainted(ob_get_clean());
+assert_html_unsafe(ob_get_clean());
 
-echo "\n\n";
-echo "testing ob_get_contents\n";
+echo "\n";
+echo "Testing ob_get_contents:\n";
 ob_start();
 echo $good1;
 $a = ob_get_contents();
 ob_end_clean();
-not_tainted($a);
+assert_html_safe($a);
 
 ob_start();
 echo $bad1;
 $a = ob_get_contents();
 ob_end_clean();
-tainted($a);
+assert_html_unsafe($a);
 
-echo "\n\n";
-echo "testing ob_get_flush\n";
+echo "\n";
+echo "Testing ob_get_flush:\n";
 ob_start();
 ob_start();
 echo $good1;
 $a = ob_get_flush();
 ob_end_clean();
 $b = ob_get_clean();
-not_tainted($a);
-not_tainted($b);
+assert_html_safe($a);
+assert_html_safe($b);
 
 ob_start();
 ob_start();
 echo $bad1;
 $a = ob_get_flush();
 ob_end_clean();
 $b = ob_get_clean();
-tainted($a);
-tainted($b);
+assert_html_unsafe($a);
+assert_html_unsafe($b);
 
 
diff --git a/src/test/tainting/references.php → src/test/tainting/core/references.php b/src/test/tainting/references.php → src/test/tainting/core/references.php
@@ -14,18 +14,18 @@
    | license@php.net so we can mail you a copy immediately.               |
    +----------------------------------------------------------------------+
 */
-require_once('setup.inc');
+require_once('../setup.inc');
 
 /**
- * Check that the reference operator doesn't cause us to loose any taint
- * information
+ * Check that the reference operator doesn't cause us to lose any taint
+ * information.
  */
 
 $a = $good1;
 $b = &$a;
 
 $a .= $good2;
-not_tainted($b);
+assert_not_tainted($b);
 
 $a .= $bad1;
-tainted($b);
+assert_tainted($b);