Search moodle.org's
Developer Documentation

See Release Notes

  • Bug fixes for general core bugs in 3.10.x will end 8 November 2021 (12 months).
  • Bug fixes for security issues in 3.10.x will end 9 May 2022 (18 months).
  • PHP version: minimum PHP 7.2.0 Note: minimum PHP version has increased since Moodle 3.8. PHP 7.3.x and 7.4.x are supported too.

Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]

   1  <?php
   2  // This file is part of Moodle - http://moodle.org/
   3  //
   4  // Moodle is free software: you can redistribute it and/or modify
   5  // it under the terms of the GNU General Public License as published by
   6  // the Free Software Foundation, either version 3 of the License, or
   7  // (at your option) any later version.
   8  //
   9  // Moodle is distributed in the hope that it will be useful,
  10  // but WITHOUT ANY WARRANTY; without even the implied warranty of
  11  // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  12  // GNU General Public License for more details.
  13  //
  14  // You should have received a copy of the GNU General Public License
  15  // along with Moodle.  If not, see <http://www.gnu.org/licenses/>.
  16  
  17  /**
  18   * Unit tests for formula validation code.
  19   *
  20   * @package    qtype_calculated
  21   * @copyright  2014 The Open University
  22   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  23   */
  24  
  25  
  26  defined('MOODLE_INTERNAL') || die();
  27  
  28  global $CFG;
  29  require_once($CFG->dirroot . '/question/type/calculated/questiontype.php');
  30  
  31  
  32  /**
  33   * Unit tests for formula validation code.
  34   *
  35   * @copyright  2014 The Open University
  36   * @license    http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later
  37   */
  38  class qtype_calculated_formula_validation_testcase extends basic_testcase {
  39      protected function assert_nonempty_string($actual) {
  40          $this->assertIsString($actual);
  41          $this->assertNotEquals('', $actual);
  42      }
  43  
  44      public function test_simple_equations_ok() {
  45          $this->assertFalse(qtype_calculated_find_formula_errors(1));
  46          $this->assertFalse(qtype_calculated_find_formula_errors('1 + 1'));
  47          $this->assertFalse(qtype_calculated_find_formula_errors('{x} + {y}'));
  48          $this->assertFalse(qtype_calculated_find_formula_errors('{x}*{y}'));
  49          $this->assertFalse(qtype_calculated_find_formula_errors('{x}*({y}+1)'));
  50      }
  51  
  52      public function test_simple_equations_errors() {
  53          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('{a{b}}'));
  54          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('{a{b}}'));
  55          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('{a}({b})'));
  56          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('2({b})'));
  57      }
  58  
  59      public function test_safe_functions_ok() {
  60          $this->assertFalse(qtype_calculated_find_formula_errors('abs(-1)'));
  61          $this->assertFalse(qtype_calculated_find_formula_errors('tan(pi())'));
  62          $this->assertFalse(qtype_calculated_find_formula_errors('log(10)'));
  63          $this->assertFalse(qtype_calculated_find_formula_errors('log(64, 2)'));
  64          $this->assertFalse(qtype_calculated_find_formula_errors('atan2(1.0, 1.0)'));
  65          $this->assertFalse(qtype_calculated_find_formula_errors('max(1.0, 1.0)'));
  66          $this->assertFalse(qtype_calculated_find_formula_errors('max(1.0, 1.0, 2.0)'));
  67          $this->assertFalse(qtype_calculated_find_formula_errors('max(1.0, 1.0, 2, 3)'));
  68      }
  69  
  70      public function test_php_comments_blocked() {
  71          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('# No need for this.'));
  72          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('/* Also blocked. */'));
  73          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('1 + 1 /* Blocked too. */'));
  74          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('// As is this.'));
  75          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('1/*2'));
  76          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('/*{a*///{x}}'));
  77      }
  78  
  79      public function test_dangerous_functions_blocked() {
  80          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('eval(1)'));
  81          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('system(1)'));
  82          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('base64_decode(1)'));
  83          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('unserialize(1)'));
  84  
  85          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('cos(tan(1) + abs(cos(eval)) * pi())'));
  86          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('eval (CONSTANTREADASSTRING)'));
  87          $this->assert_nonempty_string(qtype_calculated_find_formula_errors("eval \t ()"));
  88          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('"eval"()'));
  89          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('?><?php()'));
  90          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('?><?php+1'));
  91      }
  92  
  93      public function test_functions_with_wrong_num_args_caught() {
  94          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('abs(-1, 1)'));
  95          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('abs()'));
  96          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('pi(1)'));
  97          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('log()'));
  98          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('log(64, 2, 3)'));
  99          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('atan2(1.0)'));
 100          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('atan2(1.0, 1.0, 2.0)'));
 101          $this->assert_nonempty_string(qtype_calculated_find_formula_errors('max(1.0)'));
 102      }
 103  
 104      public function test_validation_of_formulas_in_text_ok() {
 105          $this->assertFalse(qtype_calculated_find_formula_errors_in_text(
 106                  '<p>Look no equations.</p>'));
 107          $this->assertFalse(qtype_calculated_find_formula_errors_in_text(
 108                  '<p>Simple variable: {x}.</p>'));
 109          $this->assertFalse(qtype_calculated_find_formula_errors_in_text(
 110                  '<p>This is an equation: {=1+1}, as is this: {={x}+{y}}.</p>' .
 111                  '<p>Here is a more complex one: {=sin(2*pi()*{theta})}.</p>'));
 112      }
 113  
 114      public function test_validation_of_formulas_in_text_bad_function() {
 115          $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text(
 116                  '<p>This is an equation: {=eval(1)}.</p>'));
 117          $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text(
 118                  '<p>Good: {=1+1}, bad: {=eval(1)}, good: {={x}+{y}}.</p>'));
 119          $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text(
 120                  '<p>Bad: {=eval(1)}, bad: {=system(1)}.</p>'));
 121      }
 122  }