Add @phpcs:ignore to test cases that unserialize fixtures

Open on Drupal.org →

Created on 25 June 2024, 9 months ago

Updated 19 July 2024, 8 months ago

PHPCS complains about our use of unserialize() being insecure. PHPCS complains about ALL uses of unserialize() because if they process user provided data this can be hazardous.

But the way we use it is in a test case to test serialization of our custom RulesExpressions, which is

Used only when running tests on the testbot, and
Used with fixed and constrained input.

and there is no way this specific usage poses a security vulnerability for any site that has Rules installed.
Additionally, this same usage of unserialize() is done in core too.

Marking these known usages with @phpcs:ignore will prevent the warnings from polluting our test results, and will serve to document the usage as intentional within the code.

📌 Task

Status

Fixed

Version

4.0

Component

Tests

Created by

🇺🇸United States tr Cascadia

Live updates comments and jobs are added and updated live.

Sign in to follow issues

Merge Requests

!31Add @phpcs:ignore to test cases that unserialize fixtures
Merged
🇺🇸United States tr
updated 9 months ago

Comments & Activities

Issue created by @tr
Merge request !31Issue #3456901 by TR: Add @phpcs:ignore to test cases that unserialize fixtures → (Merged) created by tr
Comment 9 months ago →
🇺🇸United States tr Cascadia
Tests show PHPCS running green again.
Pipeline finished with Skipped
9 months ago
#207377

Comment 9 months ago →

TR → committed 52cf39b7 on 4.0.x

Issue #3456901 by TR: Add @phpcs:ignore to test cases that unserialize...

Status changed to Fixed 9 months ago4:26am 25 June 2024
Comment 9 months ago →
🇺🇸United States tr Cascadia

Comment 8 months ago →

TR → committed 6e43a41b on 8.x-3.x

Issue #3456901 by TR: Add @phpcs:ignore to test cases that unserialize...

Comment 8 months ago →
System Message
Automatically closed - issue fixed for 2 weeks with no activity.

contrib.social Blog FAQ Discussions

Production build 0.71.5 2024