Title: Security plugin flagged this code Last modified: September 6, 2018 --- # Security plugin flagged this code * [miclovin](https://wordpress.org/support/users/miclovin/) * (@miclovin) * [7 years, 8 months ago](https://wordpress.org/support/topic/security-plugin-flagged-this-code/) * here: /mailpoet/vendor/symfony/debug/Tests/DebugClassLoaderTest.php on lines 121-124 and 416-420 * Defender said that this file contained suspicious code. Is it safe? What action should I take? * ``` * * For the full copyright and license information, please view the LICENSE * file that was distributed with this source code. */ namespace Symfony\Component\Debug\Tests; use PHPUnit\Framework\TestCase; use Symfony\Component\Debug\DebugClassLoader; use Symfony\Component\Debug\ErrorHandler; class DebugClassLoaderTest extends TestCase { /** * @var int Error reporting level before running tests */ private $errorReporting; private $loader; protected function setUp() { $this->errorReporting = error_reporting(E_ALL); $this->loader = new ClassLoader(); spl_autoload_register(array($this->loader, 'loadClass'), true, true); DebugClassLoader::enable(); } protected function tearDown() { DebugClassLoader::disable(); spl_autoload_unregister(array($this->loader, 'loadClass')); error_reporting($this->errorReporting); } public function testIdempotence() { DebugClassLoader::enable(); $functions = spl_autoload_functions(); foreach ($functions as $function) { if (is_array($function) && $function[0] instanceof DebugClassLoader) { $reflClass = new \ReflectionClass($function[0]); $reflProp = $reflClass->getProperty('classLoader'); $reflProp->setAccessible(true); $this->assertNotInstanceOf('Symfony\Component\Debug\DebugClassLoader', $reflProp->getValue($function[0])); return; } } $this->fail('DebugClassLoader did not register'); } /** * @expectedException \Exception * @expectedExceptionMessage boo */ public function testThrowingClass() { try { class_exists(__NAMESPACE__.'\Fixtures\Throwing'); $this->fail('Exception expected'); } catch (\Exception $e) { $this->assertSame('boo', $e->getMessage()); } // the second call also should throw class_exists(__NAMESPACE__.'\Fixtures\Throwing'); } public function testUnsilencing() { if (\PHP_VERSION_ID >= 70000) { $this->markTestSkipped('PHP7 throws exceptions, unsilencing is not required anymore.'); } if (defined('HHVM_VERSION')) { $this->markTestSkipped('HHVM is not handled in this test case.'); } ob_start(); $this->iniSet('log_errors', 0); $this->iniSet('display_errors', 1); // See below: this will fail with parse error // but this should not be @-silenced. @class_exists(__NAMESPACE__.'\TestingUnsilencing', true); $output = ob_get_clean(); $this->assertStringMatchesFormat('%aParse error%a', $output); } public function testStacking() { // the ContextErrorException must not be loaded to test the workaround // for https://bugs.php.net/65322. if (class_exists('Symfony\Component\Debug\Exception\ContextErrorException', false)) { $this->markTestSkipped('The ContextErrorException class is already loaded.'); } if (defined('HHVM_VERSION')) { $this->markTestSkipped('HHVM is not handled in this test case.'); } ErrorHandler::register(); try { // Trigger autoloading + E_STRICT at compile time // which in turn triggers $errorHandler->handle() // that again triggers autoloading for ContextErrorException. // Error stacking works around the bug above and everything is fine. eval(' namespace '.__NAMESPACE__.'; class ChildTestingStacking extends TestingStacking { function foo($bar) {} } '); $this->fail('ContextErrorException expected'); } catch (\ErrorException $exception) { // if an exception is thrown, the test passed $this->assertStringStartsWith(__FILE__, $exception->getFile()); if (\PHP_VERSION_ID < 70000) { $this->assertRegExp('/^Runtime Notice: Declaration/', $exception->getMessage()); $this->assertEquals(E_STRICT, $exception->getSeverity()); } else { $this->assertRegExp('/^Warning: Declaration/', $exception->getMessage()); $this->assertEquals(E_WARNING, $exception->getSeverity()); } } finally { restore_error_handler(); restore_exception_handler(); } } /** * @expectedException \RuntimeException * @expectedExceptionMessage Case mismatch between loaded and declared class names */ public function testNameCaseMismatch() { class_exists(__NAMESPACE__.'\TestingCaseMismatch', true); } /** * @expectedException \RuntimeException * @expectedExceptionMessage Case mismatch between class and real file names */ public function testFileCaseMismatch() { if (!file_exists(__DIR__.'/Fixtures/CaseMismatch.php')) { $this->markTestSkipped('Can only be run on case insensitive filesystems'); } class_exists(__NAMESPACE__.'\Fixtures\CaseMismatch', true); } /** * @expectedException \RuntimeException * @expectedExceptionMessage Case mismatch between loaded and declared class names */ public function testPsr4CaseMismatch() { class_exists(__NAMESPACE__.'\Fixtures\Psr4CaseMismatch', true); } public function testNotPsr0() { $this->assertTrue(class_exists(__NAMESPACE__.'\Fixtures\NotPSR0', true)); } public function testNotPsr0Bis() { $this->assertTrue(class_exists(__NAMESPACE__.'\Fixtures\NotPSR0bis', true)); } public function testClassAlias() { $this->assertTrue(class_exists(__NAMESPACE__.'\Fixtures\ClassAlias', true)); } /** * @dataProvider provideDeprecatedSuper */ public function testDeprecatedSuper($class, $super, $type) { set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_DEPRECATED); class_exists('Test\\'.__NAMESPACE__.'\\'.$class, true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $xError = array( 'type' => E_USER_DEPRECATED, 'message' => 'The "Test\Symfony\Component\Debug\Tests\\'.$class.'" class '.$type.' "Symfony\Component\Debug\Tests\Fixtures\\'.$super.'" that is deprecated but this is a test deprecation notice.', ); $this->assertSame($xError, $lastError); } public function provideDeprecatedSuper() { return array( array('DeprecatedInterfaceClass', 'DeprecatedInterface', 'implements'), array('DeprecatedParentClass', 'DeprecatedClass', 'extends'), ); } public function testInterfaceExtendsDeprecatedInterface() { set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_NOTICE); class_exists('Test\\'.__NAMESPACE__.'\\NonDeprecatedInterfaceClass', true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $xError = array( 'type' => E_USER_NOTICE, 'message' => '', ); $this->assertSame($xError, $lastError); } public function testDeprecatedSuperInSameNamespace() { set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_NOTICE); class_exists('Symfony\Bridge\Debug\Tests\Fixtures\ExtendsDeprecatedParent', true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $xError = array( 'type' => E_USER_NOTICE, 'message' => '', ); $this->assertSame($xError, $lastError); } public function testReservedForPhp7() { if (\PHP_VERSION_ID >= 70000) { $this->markTestSkipped('PHP7 already prevents using reserved names.'); } set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_NOTICE); class_exists('Test\\'.__NAMESPACE__.'\\Float', true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $xError = array( 'type' => E_USER_DEPRECATED, 'message' => 'The "Test\Symfony\Component\Debug\Tests\Float" class uses the reserved name "Float", it will break on PHP 7 and higher', ); $this->assertSame($xError, $lastError); } public function testExtendedFinalClass() { set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_NOTICE); class_exists('Test\\'.__NAMESPACE__.'\\ExtendsFinalClass', true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $xError = array( 'type' => E_USER_DEPRECATED, 'message' => 'The "Symfony\Component\Debug\Tests\Fixtures\FinalClass" class is considered final since version 3.3. It may change without further notice as of its next major version. You should not extend it from "Test\Symfony\Component\Debug\Tests\ExtendsFinalClass".', ); $this->assertSame($xError, $lastError); } public function testExtendedFinalMethod() { set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_NOTICE); class_exists(__NAMESPACE__.'\\Fixtures\\ExtendedFinalMethod', true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $xError = array( 'type' => E_USER_DEPRECATED, 'message' => 'The "Symfony\Component\Debug\Tests\Fixtures\FinalMethod::finalMethod()" method is considered final since version 3.3. It may change without further notice as of its next major version. You should not extend it from "Symfony\Component\Debug\Tests\Fixtures\ExtendedFinalMethod".', ); $this->assertSame($xError, $lastError); } public function testExtendedDeprecatedMethodDoesntTriggerAnyNotice() { set_error_handler(function () { return false; }); $e = error_reporting(0); trigger_error('', E_USER_NOTICE); class_exists('Test\\'.__NAMESPACE__.'\\ExtendsAnnotatedClass', true); error_reporting($e); restore_error_handler(); $lastError = error_get_last(); unset($lastError['file'], $lastError['line']); $this->assertSame(array('type' => E_USER_NOTICE, 'message' => ''), $lastError); } public function testInternalsUse() { $deprecations = array(); set_error_handler(function ($type, $msg) use (&$deprecations) { $deprecations[] = $msg; }); $e = error_reporting(E_USER_DEPRECATED); class_exists('Test\\'.__NAMESPACE__.'\\ExtendsInternals', true); error_reporting($e); restore_error_handler(); $this->assertSame($deprecations, array( 'The "Symfony\Component\Debug\Tests\Fixtures\InternalClass" class is considered internal since version 3.4. It may change without further notice. You should not use it from "Test\Symfony\Component\Debug\Tests\ExtendsInternalsParent".', 'The "Symfony\Component\Debug\Tests\Fixtures\InternalInterface" interface is considered internal. It may change without further notice. You should not use it from "Test\Symfony\Component\Debug\Tests\ExtendsInternalsParent".', 'The "Symfony\Component\Debug\Tests\Fixtures\InternalTrait" trait is considered internal. It may change without further notice. You should not use it from "Test\Symfony\Component\Debug\Tests\ExtendsInternals".', 'The "Symfony\Component\Debug\Tests\Fixtures\InternalTrait2::internalMethod()" method is considered internal since version 3.4. It may change without further notice. You should not extend it from "Test\Symfony\Component\Debug\Tests\ExtendsInternals".', )); } } class ClassLoader { public function loadClass($class) { } public function getClassMap() { return array(__NAMESPACE__.'\Fixtures\NotPSR0bis' => __DIR__.'/Fixtures/notPsr0Bis.php'); } public function findFile($class) { $fixtureDir = __DIR__.DIRECTORY_SEPARATOR.'Fixtures'.DIRECTORY_SEPARATOR; if (__NAMESPACE__.'\TestingUnsilencing' === $class) { eval('-- parse error --'); } elseif (__NAMESPACE__.'\TestingStacking' === $class) { eval('namespace '.__NAMESPACE__.'; class TestingStacking { function foo() {} }'); } elseif (__NAMESPACE__.'\TestingCaseMismatch' === $class) { eval('namespace '.__NAMESPACE__.'; class TestingCaseMisMatch {}'); } elseif (__NAMESPACE__.'\Fixtures\Psr4CaseMismatch' === $class) { return $fixtureDir.'psr4'.DIRECTORY_SEPARATOR.'Psr4CaseMismatch.php'; } elseif (__NAMESPACE__.'\Fixtures\NotPSR0' === $class) { return $fixtureDir.'reallyNotPsr0.php'; } elseif (__NAMESPACE__.'\Fixtures\NotPSR0bis' === $class) { return $fixtureDir.'notPsr0Bis.php'; } elseif ('Symfony\Bridge\Debug\Tests\Fixtures\ExtendsDeprecatedParent' === $class) { eval('namespace Symfony\Bridge\Debug\Tests\Fixtures; class ExtendsDeprecatedParent extends \\'.__NAMESPACE__.'\Fixtures\DeprecatedClass {}'); } elseif ('Test\\'.__NAMESPACE__.'\DeprecatedParentClass' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class DeprecatedParentClass extends \\'.__NAMESPACE__.'\Fixtures\DeprecatedClass {}'); } elseif ('Test\\'.__NAMESPACE__.'\DeprecatedInterfaceClass' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class DeprecatedInterfaceClass implements \\'.__NAMESPACE__.'\Fixtures\DeprecatedInterface {}'); } elseif ('Test\\'.__NAMESPACE__.'\NonDeprecatedInterfaceClass' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class NonDeprecatedInterfaceClass implements \\'.__NAMESPACE__.'\Fixtures\NonDeprecatedInterface {}'); } elseif ('Test\\'.__NAMESPACE__.'\Float' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class Float {}'); } elseif ('Test\\'.__NAMESPACE__.'\ExtendsFinalClass' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class ExtendsFinalClass extends \\'.__NAMESPACE__.'\Fixtures\FinalClass {}'); } elseif ('Test\\'.__NAMESPACE__.'\ExtendsAnnotatedClass' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class ExtendsAnnotatedClass extends \\'.__NAMESPACE__.'\Fixtures\AnnotatedClass { public function deprecatedMethod() { } }'); } elseif ('Test\\'.__NAMESPACE__.'\ExtendsInternals' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class ExtendsInternals extends ExtendsInternalsParent { use \\'.__NAMESPACE__.'\Fixtures\InternalTrait; public function internalMethod() { } }'); } elseif ('Test\\'.__NAMESPACE__.'\ExtendsInternalsParent' === $class) { eval('namespace Test\\'.__NAMESPACE__.'; class ExtendsInternalsParent extends \\'.__NAMESPACE__.'\Fixtures\InternalClass implements \\'.__NAMESPACE__.'\Fixtures\InternalInterface { }'); } } } ``` Viewing 2 replies - 1 through 2 (of 2 total) * [jonkalamar](https://wordpress.org/support/users/jonkalamar/) * (@jonkalamar) * [7 years, 8 months ago](https://wordpress.org/support/topic/security-plugin-flagged-this-code/#post-10703060) * Hello ! * This is a part from * [https://github.com/symfony/debug/blob/master/Tests/DebugClassLoaderTest.php](https://github.com/symfony/debug/blob/master/Tests/DebugClassLoaderTest.php) * comes from [https://symfony.com](https://symfony.com) tools and components for. php MailPoet may use. * if you read carefully Defender explanation it says : “Defender has found potentially harmful files on your website. _In many cases, the security scan will pick up harmless files_, but in some cases you may wish to remove the files listed below that look suspicious. * But MailPoet may give an answer about it. * Thread Starter [miclovin](https://wordpress.org/support/users/miclovin/) * (@miclovin) * [7 years, 8 months ago](https://wordpress.org/support/topic/security-plugin-flagged-this-code/#post-10712057) * Yes, potentially **harmful** or in many cases **harmless**. But which one is it? Viewing 2 replies - 1 through 2 (of 2 total) The topic ‘Security plugin flagged this code’ is closed to new replies. * ![](https://ps.w.org/mailpoet/assets/icon-256x256.png?rev=3284564) * [MailPoet - Newsletters, Email Marketing, and Automation](https://wordpress.org/plugins/mailpoet/) * [Frequently Asked Questions](https://wordpress.org/plugins/mailpoet/#faq) * [Support Threads](https://wordpress.org/support/plugin/mailpoet/) * [Active Topics](https://wordpress.org/support/plugin/mailpoet/active/) * [Unresolved Topics](https://wordpress.org/support/plugin/mailpoet/unresolved/) * [Reviews](https://wordpress.org/support/plugin/mailpoet/reviews/) ## Tags * [php](https://wordpress.org/support/topic-tag/php/) * 2 replies * 2 participants * Last reply from: [miclovin](https://wordpress.org/support/users/miclovin/) * Last activity: [7 years, 8 months ago](https://wordpress.org/support/topic/security-plugin-flagged-this-code/#post-10712057) * Status: not resolved