Add @phpcs:ignore to test cases that unserialize fixtures

Created on 25 June 2024, 4 days ago

PHPCS complains about our use of unserialize() being insecure. PHPCS complains about ALL uses of unserialize() because if they process user provided data this can be hazardous.

But the way we use it is in a test case to test serialization of our custom RulesExpressions, which is

Used only when running tests on the testbot, and
Used with fixed and constrained input.

and there is no way this specific usage poses a security vulnerability for any site that has Rules installed.
Additionally, this same usage of unserialize() is done in core too.

Marking these known usages with @phpcs:ignore will prevent the warnings from polluting our test results, and will serve to document the usage as intentional within the code.

📌 Task

Status

Fixed

Version

4.0

Component

Tests

Created by

🇺🇸United States TR Cascadia

Live updates comments and jobs are added and updated live.

Merge Requests

!31Add @phpcs:ignore to test cases that unserialize fixtures
Merged
🇺🇸United States TR
updated 4 days ago

Comments & Activities

Issue created by @TR
Merge request !31Issue #3456901 by TR: Add @phpcs:ignore to test cases that unserialize fixtures → (Merged) created by TR
Comment 4 days ago →
🇺🇸United States TR Cascadia
Tests show PHPCS running green again.
Pipeline finished with Skipped
4 days ago
#207377

Comment 4 days ago →

System Message

TR → committed 52cf39b7 on 4.0.x

Issue #3456901 by TR: Add @phpcs:ignore to test cases that unserialize...

Status changed to Fixed 4 days ago4:26am 25 June 2024
Comment 4 days ago →
🇺🇸United States TR Cascadia

contrib.social Blog FAQ Discussions

Production build 0.69.0 2024

Add @phpcs:ignore to test cases that unserialize fixtures

Merge Requests

!31Add @phpcs:ignore to test cases that unserialize fixturesMerged

Comments & Activities

!31Add @phpcs:ignore to test cases that unserialize fixtures
Merged