PHPUnit
PHPUnit is a unit testing framework for the PHP programming language. It is an instance of the xUnit architecture for unit testing frameworks that originated with SUnit and became popular with JUnit. PHPUnit was created by Sebastian Bergmann and its development is hosted on GitHub.
Developer(s) | Sebastian Bergmann |
---|---|
Initial release | 27 November 2001[1] |
Stable release | 9.2.2
/ 7 June 2020[2] |
Repository | |
Written in | PHP |
Operating system | Cross-platform |
Type | Unit testing framework |
License | BSD 3 Clause |
Website | phpunit |
Purpose
PHPUnit is based on the idea that developers should be able to find mistakes in their newly committed code quickly and assert that no code regression has occurred in other parts of the code base. Much like other unit testing frameworks, PHPUnit uses assertions to verify that the behavior of the specific component - or "unit" - being tested behaves as expected.[3]
Benefits
The goal of unit testing is to isolate each part of the program and show that the individual parts are correct. A unit test provides a strict, written contract that the piece of code must satisfy. As a result, unit tests find problems early in the development cycle.
PHPUnit can output test results in a number of different formats, including JUnit XML and TestDox.
Vulnerabilities
A vulnerability that allowed attackers to execute remote code via PHPUnit was discovered in late 2017. By sending a payload of PHP code to a file that is part of PHPUnit, an attacker could execute PHP code on the webserver.[4]
References
- "PHP: Revision 63330". svn.php.net.
- "Releases ยท sebastianbergmann/phpunit". GitHub.
- Assertion (computing)
- Bergmann, Sebastian. "PHPUnit: A Security Risk?". The PHP Consulting Company. The PHP Consulting Company. Retrieved 20 October 2020.