From 6fad74c710aaa1324b293b71374697e21c4cc352 Mon Sep 17 00:00:00 2001 From: nathangray Date: Tue, 17 Oct 2017 13:29:17 +0200 Subject: [PATCH] Fix test had no assertions --- api/src/loader/test/SecurityTest.php | 39 ++++++++++++++++++---------- 1 file changed, 26 insertions(+), 13 deletions(-) diff --git a/api/src/loader/test/SecurityTest.php b/api/src/loader/test/SecurityTest.php index c6da0cb65a..7536c9f559 100644 --- a/api/src/loader/test/SecurityTest.php +++ b/api/src/loader/test/SecurityTest.php @@ -164,8 +164,25 @@ class SecurityTest extends TestCase { * @param boolean $result If we expect the string to fail or not * * @dataProvider unserializeProvider + * @requires PHP < 7 */ - public function testUnserialize($str, $result) + public function testObjectsCannotBeUnserializedInPhp5($str, $result) + { + $r=@php_safe_unserialize($str); + + $this->assertSame($result, $r, 'Save unserialize failed'); + } + + /** + * Test safe unserialization + * + * @param String $str Serialized string to be checked + * @param boolean $result If we expect the string to fail or not + * + * @dataProvider unserializeProvider + * @requires PHP 7 + */ + public function testObjectsCannotBeUnserializedInPhp7($str, $result) { $r=@php_safe_unserialize($str); @@ -173,30 +190,26 @@ class SecurityTest extends TestCase { { if (!$result) { - if (PHP_VERSION >= 7) + $matches = null; + if (preg_match_all('/([^ ]+) Object\(/', array2string($r), $matches)) { - $matches = null; - if (preg_match_all('/([^ ]+) Object\(/', array2string($r), $matches)) + foreach($matches[1] as $class) { - foreach($matches[1] as $class) + if (!preg_match('/^__PHP_Incomplete_Class(#\d+)?$/', $class)) { - if (!preg_match('/^__PHP_Incomplete_Class(#\d+)?$/', $class)) - { - $this->fail($str); - } + $this->fail($str); } } } - else - { - $this->fail($str); - } } else { $this->fail("false positive: $str"); } } + // Avoid this test getting reported as no assertions, we do the testing + // in the foreach loop + $this->assertTrue(true); } /**