Skip failing false positive for PHP < 7

This commit is contained in:
nathangray 2017-02-08 12:31:49 -07:00
parent 342230ef08
commit bbdd1e77c9

View File

@ -203,7 +203,7 @@ class SecurityTest extends TestCase {
*/ */
public function unserializeProvider() public function unserializeProvider()
{ {
return array( $tests = array(
// Serialized string, expected result // Serialized string, expected result
// things unsafe to unserialize // things unsafe to unserialize
Array("O:34:\"Horde_Kolab_Server_Decorator_Clean\":2:{s:43:\"\x00Horde_Kolab_Server_Decorator_Clean\x00_server\";", false), Array("O:34:\"Horde_Kolab_Server_Decorator_Clean\":2:{s:43:\"\x00Horde_Kolab_Server_Decorator_Clean\x00_server\";", false),
@ -215,9 +215,13 @@ class SecurityTest extends TestCase {
// string content, safe to unserialize // string content, safe to unserialize
Array(serialize('O:8:"stdClass"'), true), Array(serialize('O:8:"stdClass"'), true),
Array(serialize('C:16:"SplObjectStorage"'), true), Array(serialize('C:16:"SplObjectStorage"'), true),
Array(serialize(array('a', 'O:8:"stdClass"', 'b', 'C:16:"SplObjectStorage"')), true), Array(serialize(array('a', 'O:8:"stdClass"', 'b', 'C:16:"SplObjectStorage"')), true)
// false positive: failing our php<7 regular expression, because it has correct delimiter (^|;|{) in front of pattern :-(
Array(serialize('O:8:"stdClass";C:16:"SplObjectStorage"'), true),
); );
if (PHP_VERSION >= 7)
{
// Fails our php<7 regular expression, because it has correct delimiter (^|;|{) in front of pattern :-(
$tests[] = Array(serialize('O:8:"stdClass";C:16:"SplObjectStorage"'), true);
}
return $tests;
} }
} }