Differences Between: [Versions 310 and 311] [Versions 310 and 400] [Versions 310 and 401] [Versions 310 and 402] [Versions 310 and 403] [Versions 39 and 310]
1 <?php 2 // This file is part of Moodle - http://moodle.org/ 3 // 4 // Moodle is free software: you can redistribute it and/or modify 5 // it under the terms of the GNU General Public License as published by 6 // the Free Software Foundation, either version 3 of the License, or 7 // (at your option) any later version. 8 // 9 // Moodle is distributed in the hope that it will be useful, 10 // but WITHOUT ANY WARRANTY; without even the implied warranty of 11 // MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the 12 // GNU General Public License for more details. 13 // 14 // You should have received a copy of the GNU General Public License 15 // along with Moodle. If not, see <http://www.gnu.org/licenses/>. 16 17 /** 18 * Unit tests for formula validation code. 19 * 20 * @package qtype_calculated 21 * @copyright 2014 The Open University 22 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 23 */ 24 25 26 defined('MOODLE_INTERNAL') || die(); 27 28 global $CFG; 29 require_once($CFG->dirroot . '/question/type/calculated/questiontype.php'); 30 31 32 /** 33 * Unit tests for formula validation code. 34 * 35 * @copyright 2014 The Open University 36 * @license http://www.gnu.org/copyleft/gpl.html GNU GPL v3 or later 37 */ 38 class qtype_calculated_formula_validation_testcase extends basic_testcase { 39 protected function assert_nonempty_string($actual) { 40 $this->assertIsString($actual); 41 $this->assertNotEquals('', $actual); 42 } 43 44 public function test_simple_equations_ok() { 45 $this->assertFalse(qtype_calculated_find_formula_errors(1)); 46 $this->assertFalse(qtype_calculated_find_formula_errors('1 + 1')); 47 $this->assertFalse(qtype_calculated_find_formula_errors('{x} + {y}')); 48 $this->assertFalse(qtype_calculated_find_formula_errors('{x}*{y}')); 49 $this->assertFalse(qtype_calculated_find_formula_errors('{x}*({y}+1)')); 50 } 51 52 public function test_simple_equations_errors() { 53 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('{a{b}}')); 54 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('{a{b}}')); 55 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('{a}({b})')); 56 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('2({b})')); 57 } 58 59 public function test_safe_functions_ok() { 60 $this->assertFalse(qtype_calculated_find_formula_errors('abs(-1)')); 61 $this->assertFalse(qtype_calculated_find_formula_errors('tan(pi())')); 62 $this->assertFalse(qtype_calculated_find_formula_errors('log(10)')); 63 $this->assertFalse(qtype_calculated_find_formula_errors('log(64, 2)')); 64 $this->assertFalse(qtype_calculated_find_formula_errors('atan2(1.0, 1.0)')); 65 $this->assertFalse(qtype_calculated_find_formula_errors('max(1.0, 1.0)')); 66 $this->assertFalse(qtype_calculated_find_formula_errors('max(1.0, 1.0, 2.0)')); 67 $this->assertFalse(qtype_calculated_find_formula_errors('max(1.0, 1.0, 2, 3)')); 68 } 69 70 public function test_php_comments_blocked() { 71 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('# No need for this.')); 72 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('/* Also blocked. */')); 73 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('1 + 1 /* Blocked too. */')); 74 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('// As is this.')); 75 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('1/*2')); 76 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('/*{a*///{x}}')); 77 } 78 79 public function test_dangerous_functions_blocked() { 80 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('eval(1)')); 81 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('system(1)')); 82 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('base64_decode(1)')); 83 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('unserialize(1)')); 84 85 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('cos(tan(1) + abs(cos(eval)) * pi())')); 86 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('eval (CONSTANTREADASSTRING)')); 87 $this->assert_nonempty_string(qtype_calculated_find_formula_errors("eval \t ()")); 88 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('"eval"()')); 89 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('?><?php()')); 90 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('?><?php+1')); 91 } 92 93 public function test_functions_with_wrong_num_args_caught() { 94 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('abs(-1, 1)')); 95 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('abs()')); 96 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('pi(1)')); 97 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('log()')); 98 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('log(64, 2, 3)')); 99 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('atan2(1.0)')); 100 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('atan2(1.0, 1.0, 2.0)')); 101 $this->assert_nonempty_string(qtype_calculated_find_formula_errors('max(1.0)')); 102 } 103 104 public function test_validation_of_formulas_in_text_ok() { 105 $this->assertFalse(qtype_calculated_find_formula_errors_in_text( 106 '<p>Look no equations.</p>')); 107 $this->assertFalse(qtype_calculated_find_formula_errors_in_text( 108 '<p>Simple variable: {x}.</p>')); 109 $this->assertFalse(qtype_calculated_find_formula_errors_in_text( 110 '<p>This is an equation: {=1+1}, as is this: {={x}+{y}}.</p>' . 111 '<p>Here is a more complex one: {=sin(2*pi()*{theta})}.</p>')); 112 } 113 114 public function test_validation_of_formulas_in_text_bad_function() { 115 $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text( 116 '<p>This is an equation: {=eval(1)}.</p>')); 117 $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text( 118 '<p>Good: {=1+1}, bad: {=eval(1)}, good: {={x}+{y}}.</p>')); 119 $this->assert_nonempty_string(qtype_calculated_find_formula_errors_in_text( 120 '<p>Bad: {=eval(1)}, bad: {=system(1)}.</p>')); 121 } 122 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body