public void Match_Comments_CorrectMatchingPosition()
{
var code =
"<?php\n" +
"#password=secret\n" +
"/*password=secret*/\n" +
"/*\n" +
"\n" +
" password\n" +
" =secret\n" +
"*/" +
"?>";
var pattern = "Comment: <[ \"(?i)(password|pwd)\\s*(\\=|is|\\:)\" ]>";
var matchingResults = PatternMatchingUtils.GetMatchings(code, pattern, Language.Php);
Assert.AreEqual(2, matchingResults[0].BeginLine);
Assert.AreEqual(2, matchingResults[0].BeginColumn);
Assert.AreEqual(2, matchingResults[0].EndLine);
Assert.AreEqual(11, matchingResults[0].EndColumn);
Assert.AreEqual(3, matchingResults[1].BeginLine);
Assert.AreEqual(3, matchingResults[1].BeginColumn);
Assert.AreEqual(3, matchingResults[1].EndLine);
Assert.AreEqual(12, matchingResults[1].EndColumn);
Assert.AreEqual(6, matchingResults[2].BeginLine);
Assert.AreEqual(5, matchingResults[2].BeginColumn);
Assert.AreEqual(7, matchingResults[2].EndLine);
Assert.AreEqual(16, matchingResults[2].EndColumn);
}
public void Match_JavaScriptAndPhpPatternInsidePhp_MatchedExpected()
{
string code = File.ReadAllText(Path.Combine(TestUtility.TestsDataPath, "JavaScriptTestPatternsInsidePhp.php"));
MatchResultDto[] matchResults = PatternMatchingUtils.GetMatches(code, "#.innerHTML=<[\"\"]>", JavaScript.Language);
Assert.AreEqual(1, matchResults.Length);
}
public void Match_PatternWithNegation_CorrectCount()
{
var code = File.ReadAllText(Path.Combine(TestHelper.TestsDataPath, "XxeSample.java"));
var pattern = "new XMLUtil().parse(<[~\".*\"]>)";
var matchingResults = PatternMatchingUtils.GetMatchings(code, pattern, Language.Java);
Assert.AreEqual(4, matchingResults.Length);
}
public void Match_PatternWithNegation_CorrectCount()
{
TextFile source = TextFile.Read(Path.Combine(TestUtility.TestsDataPath, "XxeSample.java"));
var pattern = "new XMLUtil().parse(<[~\".*\"]>)";
var matchResults = PatternMatchingUtils.GetMatches(source, pattern, Language.Java);
Assert.AreEqual(4, matchResults.Length);
}
public void Match_PhpInJsInPhp_CorrectMatching()
{
string fileName = Path.Combine(TestUtility.GrammarsDirectory, "php", "examples", "php-js-php.php");
string code = File.ReadAllText(Path.Combine(TestUtility.TestsDataPath, fileName));
var matchResults = PatternMatchingUtils.GetMatches(code, "<[GLOBALS|frame_content]>",
new[] { Php.Language, JavaScript.Language },
new[] { Php.Language, JavaScript.Language });
Assert.AreEqual(3, matchResults.Length);
Assert.IsTrue(matchResults[0].MatchedCode.Contains("GLOBAL"));
Assert.AreEqual(9, matchResults[0].LineColumnTextSpan.BeginLine);
Assert.IsTrue(matchResults[1].MatchedCode.Contains("frame_content"));
Assert.AreEqual(10, matchResults[1].LineColumnTextSpan.BeginLine);
}
public void Match_JavaScriptTestPatterns_MatchedExpected()
{
var jsCodeAndPatterns = new Tuple <string, string>[]
{
new Tuple <string, string>("document.body.innerHTML=\"<svg/onload=alert(1)>\"", "#.innerHTML=<[\"\"]>"),
new Tuple <string, string>("document.write(\"\\u003csvg/onload\\u003dalert(1)\\u003e\")", "document.write(<[\"\"]>)"),
new Tuple <string, string>("$('<svg/onload=alert(1)>')", "$(<[\"\"]>)")
};
foreach (var tuple in jsCodeAndPatterns)
{
var matchResults = PatternMatchingUtils.GetMatches(tuple.Item1, tuple.Item2, JavaScript.Language);
Assert.AreEqual(1, matchResults.Length, tuple.Item2 + " doesn't match " + tuple.Item1);
}
}
public void Match_Suppress_CorrectCount()
{
var source = new TextFile(
"<?php $password = \"hardcoded\";\n" +
"\n" +
"// ptai: suppress\n" +
"$password = \"hardcoded\"",
"text.php");
var pattern = "<[password]> = <[\"\"]>";
MatchResultDto[] matchResults = PatternMatchingUtils.GetMatches(source, pattern, Language.Php);
Assert.AreEqual(2, matchResults.Length);
Assert.AreEqual(1, matchResults.Count(matchResult => matchResult.Suppressed));
}
public void Match_JavaScriptAndPhpPatternInsidePhp_MatchCorrectPatternDependsOnLanguage()
{
string code = File.ReadAllText(Path.Combine(TestUtility.TestsDataPath, "JavaScriptTestPatternsInsidePhp.php"));
MatchResultDto[] matchResults;
matchResults = PatternMatchingUtils.GetMatches(code, "#.innerHTML=<[\"\"]>",
new[] { JavaScript.Language }, new[] { JavaScript.Language });
Assert.AreEqual(1, matchResults.Length);
matchResults = PatternMatchingUtils.GetMatches(code, "<[password]> = null",
new[] { Php.Language }, new[] { Php.Language });
Assert.AreEqual(1, matchResults.Length);
matchResults = PatternMatchingUtils.GetMatches(code, "#.innerHTML=<[\"\"]>",
new[] { Php.Language }, new[] { JavaScript.Language });
Assert.AreEqual(0, matchResults.Length);
matchResults = PatternMatchingUtils.GetMatches(code, "<[password]> = null",
new[] { JavaScript.Language }, new[] { Php.Language });
Assert.AreEqual(0, matchResults.Length);
}
public void Match_Comments_CorrectMatchingPosition()
{
TextFile source = new TextFile(
"<?php\n" +
"#password=secret\n" +
"/*password=secret*/\n" +
"/*\n" +
"\n" +
" password\n" +
" =secret\n" +
"*/" +
"?>",
"code.php");
var pattern = "Comment: <[ \"(?i)(password|pwd)\\s*(\\=|is|\\:)\" ]>";
MatchResultDto[] matchResults = PatternMatchingUtils.GetMatches(source, pattern, Language.Php);
LineColumnTextSpan textSpan0 = matchResults[0].LineColumnTextSpan;
Assert.AreEqual(2, textSpan0.BeginLine);
Assert.AreEqual(2, textSpan0.BeginColumn);
Assert.AreEqual(2, textSpan0.EndLine);
Assert.AreEqual(11, textSpan0.EndColumn);
LineColumnTextSpan textSpan1 = matchResults[1].LineColumnTextSpan;
Assert.AreEqual(3, textSpan1.BeginLine);
Assert.AreEqual(3, textSpan1.BeginColumn);
Assert.AreEqual(3, textSpan1.EndLine);
Assert.AreEqual(12, textSpan1.EndColumn);
LineColumnTextSpan textSpan2 = matchResults[2].LineColumnTextSpan;
Assert.AreEqual(6, textSpan2.BeginLine);
Assert.AreEqual(5, textSpan2.BeginColumn);
Assert.AreEqual(7, textSpan2.EndLine);
Assert.AreEqual(16, textSpan2.EndColumn);
}