public void Match_Comments_CorrectMatchingPosition() { var code = "<?php\n" + "#password=secret\n" + "/*password=secret*/\n" + "/*\n" + "\n" + " password\n" + " =secret\n" + "*/" + "?>"; var pattern = "Comment: <[ \"(?i)(password|pwd)\\s*(\\=|is|\\:)\" ]>"; var matchingResults = PatternMatchingUtils.GetMatchings(code, pattern, Language.Php); Assert.AreEqual(2, matchingResults[0].BeginLine); Assert.AreEqual(2, matchingResults[0].BeginColumn); Assert.AreEqual(2, matchingResults[0].EndLine); Assert.AreEqual(11, matchingResults[0].EndColumn); Assert.AreEqual(3, matchingResults[1].BeginLine); Assert.AreEqual(3, matchingResults[1].BeginColumn); Assert.AreEqual(3, matchingResults[1].EndLine); Assert.AreEqual(12, matchingResults[1].EndColumn); Assert.AreEqual(6, matchingResults[2].BeginLine); Assert.AreEqual(5, matchingResults[2].BeginColumn); Assert.AreEqual(7, matchingResults[2].EndLine); Assert.AreEqual(16, matchingResults[2].EndColumn); }
public void Match_JavaScriptAndPhpPatternInsidePhp_MatchedExpected() { string code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "JavaScriptTestPatternsInsidePhp.php")); MatchingResultDto[] matchingResults = PatternMatchingUtils.GetMatchings(code, "#.innerHTML=<[\"\"]>", LanguageFlags.JavaScript); Assert.AreEqual(1, matchingResults.Length); }
public void Match_PatternWithNegation_CorrectCount() { var code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "XxeSample.java")); var pattern = "new XMLUtil().parse(<[~\".*\"]>)"; var matchingResults = PatternMatchingUtils.GetMatchings(code, pattern, Language.Java); Assert.AreEqual(4, matchingResults.Length); }
public void Match_JavaScriptTestPatterns_MatchedExpected() { var jsCodeAndPatterns = new Tuple <string, string>[] { new Tuple <string, string>("document.body.innerHTML=\"<svg/onload=alert(1)>\"", "#.innerHTML=<[\"\"]>"), new Tuple <string, string>("document.write(\"\\u003csvg/onload\\u003dalert(1)\\u003e\")", "document.write(<[\"\"]>)"), new Tuple <string, string>("$('<svg/onload=alert(1)>')", "$(<[\"\"]>)") }; foreach (var tuple in jsCodeAndPatterns) { var matchingResults = PatternMatchingUtils.GetMatchings(tuple.Item1, tuple.Item2, Language.JavaScript); Assert.AreEqual(1, matchingResults.Length); } }
public void Match_JavaScriptAndPhpPatternInsidePhp_MatchCorrectPatternDependsOnLanguage() { string code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "JavaScriptTestPatternsInsidePhp.php")); MatchingResultDto[] matchingResults; matchingResults = PatternMatchingUtils.GetMatchings(code, "#.innerHTML=<[\"\"]>", LanguageFlags.JavaScript, LanguageFlags.JavaScript); Assert.AreEqual(1, matchingResults.Length); matchingResults = PatternMatchingUtils.GetMatchings(code, "<[password]> = null", LanguageFlags.Php, LanguageFlags.Php); Assert.AreEqual(1, matchingResults.Length); matchingResults = PatternMatchingUtils.GetMatchings(code, "#.innerHTML=<[\"\"]>", LanguageFlags.Php, LanguageFlags.JavaScript); Assert.AreEqual(0, matchingResults.Length); matchingResults = PatternMatchingUtils.GetMatchings(code, "<[password]> = null", LanguageFlags.JavaScript, LanguageFlags.Php); Assert.AreEqual(0, matchingResults.Length); }