diff options
| author | Daimona Eaytoy <daimona.wiki@gmail.com> | 2023-09-23 22:27:14 +0200 |
|---|---|---|
| committer | Daimona Eaytoy <daimona.wiki@gmail.com> | 2023-09-23 22:32:25 +0200 |
| commit | 40a4dbb99e3f89aa84e61e80b6a5fdb8f3361469 (patch) | |
| tree | f7ffeadcfbd56b302a8085f54d6d4b4bdd710658 /tests/phan | |
| parent | d31d5bfa92b6cc10e06f16af11b182e9df9d8e72 (diff) | |
| download | mediawikicore-40a4dbb99e3f89aa84e61e80b6a5fdb8f3361469.tar.gz mediawikicore-40a4dbb99e3f89aa84e61e80b6a5fdb8f3361469.zip | |
Add base taint-check annotations to SelectQueryBuilder
This covers the tables, fields, and conds methods. Options and join
conds are more complex and will have to be special-cased in the plugin
itself.
Bug: T253380
Change-Id: Ic9fb15e083cca75c2b5c6bddd1df87b148acca6e
Diffstat (limited to 'tests/phan')
| -rw-r--r-- | tests/phan/TaintCheckAnnotationsTest.php | 29 |
1 files changed, 29 insertions, 0 deletions
diff --git a/tests/phan/TaintCheckAnnotationsTest.php b/tests/phan/TaintCheckAnnotationsTest.php index 3ffbed55e70b..a9dd1ffdb4e6 100644 --- a/tests/phan/TaintCheckAnnotationsTest.php +++ b/tests/phan/TaintCheckAnnotationsTest.php @@ -29,6 +29,7 @@ use MediaWiki\Status\Status; use MediaWiki\Title\TitleValue; use Shellbox\Command\UnboxedResult; use Shellbox\Shellbox; +use Wikimedia\Rdbms\SelectQueryBuilder; die( 'This file should never be loaded' ); @@ -325,6 +326,34 @@ class TaintCheckAnnotationsTest { $db->query( $quoted );// Safe } + function testSelectQueryBuilder( SelectQueryBuilder $sqb ) { + $sqb->table( $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->table( '', $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->tables( [ $_GET['a'] ] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->from( $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->from( '', $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + + $sqb->fields( [ $_GET['a'] ] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->select( [ $_GET['a'] ] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->field( $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->field( '', $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + + $sqb->where( [ $_GET['a'] ] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->where( $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->where( [ 'foo' => $_GET['a'] ] );// Safe + $sqb->andWhere( [ $_GET['a'] ] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->andWhere( $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->andWhere( [ 'foo' => $_GET['a'] ] );// Safe + $sqb->conds( [ $_GET['a'] ] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->conds( $_GET['a'] );// @phan-suppress-current-line SecurityCheck-SQLInjection + $sqb->conds( [ 'foo' => $_GET['a'] ] );// Safe + + echo $sqb->fetchResultSet();// @phan-suppress-current-line SecurityCheck-XSS + echo $sqb->fetchField();// @phan-suppress-current-line SecurityCheck-XSS + echo $sqb->fetchFieldValues();// @phan-suppress-current-line SecurityCheck-XSS + echo $sqb->fetchRow();// @phan-suppress-current-line SecurityCheck-XSS + } + function testMessage( Message $msg ) { echo $msg->plain();// @phan-suppress-current-line SecurityCheck-XSS echo $msg->text();// @phan-suppress-current-line SecurityCheck-XSS |