This repository has been archived by the owner on Aug 29, 2023. It is now read-only.
-
Notifications
You must be signed in to change notification settings - Fork 8
/
Copy pathtestFile.php
170 lines (127 loc) · 3.38 KB
/
testFile.php
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
<?php
error_reporting (E_ALL);
/**
* This is a test file, with several issues that
* should be reported by testability.
*/
final class Whatever
{
public function methodMan ($x, $y, $z)
{
// globals, over multiple lines
global $boom,
$bass;
// this variable can't be relied
static $cache, $cache2;
// new instances
$x = new StdClass(); // should be fine
$dt = new DateTime (); // should be fine
$db = new PDO(); // should be reported
// Static property of another class
$a = OtherClass::thing;
// Static property, same class
$a = Whatever::thing;
// Static method call, another class
Whatever::methodMan();
// error suppression
@$this->foo();
// Static method call, dynamic class
$xx::doBadThings();
${$varobj}::method();
Test::$foobar();
Test::$foo['bar']();
$test['thing']::do_it();
$double = function ($y) {
return $y*2;
};
// Static method call, same class
self::methodMan();
// static method call, whitelisted class
$x = DateTime::createFromFormat ($x, time());
// Parent class method call
parent::methodMan();
// Static constant from same class
$b = Whatever::notThisOne;
// includes are dangerous
include $dir.'dangerousFile.php';
include_once 'dangerousFile2.php';
include_once __DIR__.'/dangerousFile3.php';
// Callables (should be supported in the future)
array_map ('Blah::something', array(1,2,3));
// Static dynamic method call, another class
$y = Utils::$name;
// fluent interface method call (new instance, super global)
$thing = (new \Some\ClassThing())->doSomething($_GET['blah'])->run();
// global function call
dothis();
$thingToDo();
// exit
die('fff');
}
function __set ($name, $val)
{
$this->values[$name] = $val;
}
private function privateParts ()
{
// this method is untestable
}
protected function privateParts2 ()
{
// this one too
}
final public function finalSucks ()
{
// this function is not mockable
}
/**
* @codeCoverageIgnore
*/
private function immune ()
{
global $y;
$x = new Whatever (Things::thing);
doThisGlobalThing();
}
}
// this contains several of the same issues
// to test the parsing on global functions
function dothis()
{
global $diddy;
$y = new Whatever ();
$y->methodMan();
// super global references
// globals, different form
$w = $GLOBALS['whatever']['subnode'][$index];
$p1 = $_GET['p1'];
$normalArray['whatever']['happens'] = 'in vegas';
$ss = Zzz::numberOfThings;
// require is also dangerous
require 'iReallyShouldnt.php';
$varClass::method1();
try
{
callThisFunc();
}
catch (Exception $e) {}
Stuff::dependency();
}
# code on global space
thisScrewsTheFile();
BadThings::happen();
global $thingy;
$y = $_GET['y'];
$BLAH = 'ugly';
function __autoload ($xxx)
{
// require should not be reported on __autoload
require_once 'src/'.$xxx;
}
class ThingFactory
{
public function getThingX()
{
return new ThingX();
}
}