Skip Navigation
Buy Now

Home Toolset Professional Support [Resolved] What is IntegrationTestCase doing?

[Resolved] What is IntegrationTestCase doing?

This support ticket is created 5 years, 1 month ago. There's a good chance that you are reading advice that it now obsolete.

This is the technical support forum for Toolset - a suite of plugins for developing WordPress sites without writing PHP.

Everyone can read this forum, but only Toolset clients can post in it. Toolset support works 6 days per week, 19 hours per day.

Our next available supporter will start replying to tickets in about 2.50 hours from now. Thank you for your understanding.

Sun Mon Tue Wed Thu Fri Sat
8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 8:00 – 12:00 - -
13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 13:00 – 17:00 - -

Supporter timezone: America/New_York (GMT-04:00)

Tagged: 

This topic contains 1 reply, has 2 voices.

Last updated by Christian Cox 5 years, 1 month ago.

Assisted by: Christian Cox.

Author
Posts
#1362655

Stina

Hi,
My security plugin reacts to some files, and says "The function eval called at line XX column XX, which should be avoided whenever possible."
/types/vendor/toolset/toolset-common/lib/Twig/src/Test/IntegrationTestCase.php
/types-access/vendor/toolset/toolset-common/lib/Twig/src/Test/IntegrationTestCase.php
/wp-views/vendor/toolset/toolset-common/lib/Twig/src/Test/IntegrationTestCase.php
/types-access/vendor/toolset/toolset-common/lib/Twig/src/Environment.php
/wp-views/vendor/toolset/toolset-common/lib/Twig/src/Environment.php

I suppose that I don't have to worry about the "eval", but I wonder what the Test files are doing?

Thank you!
Stina

#1362903

Christian Cox

Hi, our developers are certain that eval statement flags in security evaluations can be considered false positives. The eval() function is actually part of the requirements for using Toolset:
https://toolset.com/toolset-requirements/
https://toolset.com/documentation/programmer-reference/list-of-toolset-files-where-eval-php-function-is-used/
We use the Twig PHP library for PHP templating, and some of the PHP files in that library include the eval function. What these specific files do isn't clear to me as a supporter, but our developers have assured us they are aware of the use of eval() in this library, and there's nothing to worry about here. XSS scripting prevention is in place to prevent the types of issues your security evaluation has reported.

Known issues and solutions

Frequently asked support questions

Support tickets archive

Get help from experienced contractors

Meet Toolset support team

Toolset Customer Support Policy

Need to tell us something about the quality of support

How to remove personal information from your database for support