require 'spec_helper'

RSpec.describe Pluginscan::VariableSafetyChecker do
  describe ".all_safe" do
    it "returns true when two superglobals are both safe" do
      variable = "$_POST"
      content  = "if ( isset( $_POST['action'] ) && $_POST['action'] == 'enter-key' ) \{"
      expect(described_class.new.all_safe?(variable, content)).to eq true
    end

    it "returns false when, of two superglobals only one is safe" do
      variable = "$_POST"
      content  = "$submitted = isset( $_POST[$tagname] ) ? $_POST[$tagname] : '';"
      expect(described_class.new.all_safe?(variable, content)).to eq false
    end
  end

  describe ".match_count" do
    it "returns 1 when there is 1 occurrence" do
      expect(described_class.new.match_count("$_POST", "$contact_form->set_title( $_POST['wpcf7-title'] );")).to eq 1
    end
    it "returns 2 when there are 2 occurrences" do
      expect(described_class.new.match_count("$_POST", "$submitted = isset( $_POST[$tagname] ) ? $_POST[$tagname] : '';")).to eq 2
    end
  end

  describe ".wrapped_in_function_count - isset" do
    def count(content)
      described_class.new.wrapped_in_function_count('isset', variable, content)
    end

    context "when a single superglobal is wrapped in an 'isset'" do
      let(:variable) { "$_GET" }
      specify { expect(count("if ( isset( $_GET['action'] ) )")).to eq 1 }
      specify { expect(count("if ( isset ( $_GET['action'] ) )")).to eq 1 }
      specify { expect(count("if ( isset($_GET['action']))")).to eq 1 }
    end

    context 'when one superglobal is wrapped in isset and another is not' do
      let(:variable) { "$_POST" }
      specify { expect(count("$submitted = isset( $_POST[$tagname] ) ? $_POST[$tagname] : '';")).to eq 1 }
    end
  end

  describe ".wrapped_in_function_count - 'empty'" do
    def count(content)
      described_class.new.wrapped_in_function_count('empty', "$_POST", content)
    end

    context "when a single superglobal is wrapped in an 'empty'" do
      specify { expect(count("if ( ! empty( $_POST['post_ID'] ))")).to eq 1 }
      specify { expect(count("if ( ! empty ( $_POST['post_ID'] ) )")).to eq 1 }
      specify { expect(count("if ( ! empty($_POST['post_ID']))")).to eq 1 }
    end

    context "when two superglobals are wrapped in an 'empty'" do
      specify { expect(count("if ( !empty( $_POST['id'] ) && !empty( $_POST['url'] ) && check_admin_referer( 'comment_author_url_nonce' ) ) \{")).to eq 2 }
    end
  end

  describe ".used_in_infix_check_count - ==" do
    def count(content)
      described_class.new.used_in_infix_check_count('==', variable, content)
    end

    context "when a single superglobal is used in an equality check" do
      let(:variable) { "$_SERVER" }
      specify { expect(count("if ( 'POST'== $_SERVER['REQUEST_METHOD'] ) \{")).to eq 1 }
      specify { expect(count("if ( 'POST' == $_SERVER['REQUEST_METHOD'] ) \{")).to eq 1 }
      specify { expect(count("if ( 'POST' ==$_SERVER[ 'REQUEST_METHOD'] ) \{")).to eq 1 }
      specify { expect(count("if ( 'POST'==$_SERVER['REQUEST_METHOD'] ) \{")).to eq 1 }
      specify { expect(count("return $_SERVER[ 'HTTP_X_REQUESTED_WITH' ] == 'XMLHttpRequest';")).to be_truthy }
      specify { expect(count("return $_SERVER['HTTP_X_REQUESTED_WITH']=='XMLHttpRequest';")).to be_truthy }
    end

    context 'when one superglobal is used in an equality check and another is not' do
      let(:variable) { "$_POST" }
      specify { expect(count("if ( isset( $_POST['action'] ) && $_POST['action'] == 'enter-key' ) \{")).to eq 1 }
    end
  end
end