test: add Pest v1 security test infrastructure

Author: somethingwithproof

tests/Pest.php

@@ -0,0 +1,14 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Pest configuration file.
+ */
+
+require_once __DIR__ . '/bootstrap.php';

tests/Security/Php74CompatibilityTest.php

@@ -0,0 +1,101 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Verify plugin source files do not use PHP 8.0+ syntax.
+ * Cacti 1.2.x plugins must remain compatible with PHP 7.4.
+ */
+
+describe('PHP 7.4 compatibility in audit', function () {
+	$files = array(
+		'audit.php',
+		'audit_functions.php',
+		'setup.php',
+	);
+
+	it('does not use str_contains (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\bstr_contains\s*\(/', $contents))->toBe(0,
+				"{$relativeFile} uses str_contains() which requires PHP 8.0"
+			);
+		}
+	});
+
+	it('does not use str_starts_with (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\bstr_starts_with\s*\(/', $contents))->toBe(0,
+				"{$relativeFile} uses str_starts_with() which requires PHP 8.0"
+			);
+		}
+	});
+
+	it('does not use str_ends_with (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\bstr_ends_with\s*\(/', $contents))->toBe(0,
+				"{$relativeFile} uses str_ends_with() which requires PHP 8.0"
+			);
+		}
+	});
+
+	it('does not use nullsafe operator (PHP 8.0)', function () use ($files) {
+		foreach ($files as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			expect(preg_match('/\?->/', $contents))->toBe(0,
+				"{$relativeFile} uses nullsafe operator which requires PHP 8.0"
+			);
+		}
+	});
+});

tests/Security/PreparedStatementConsistencyTest.php

@@ -0,0 +1,59 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Verify migrated files use prepared DB helpers exclusively.
+ * Catches regressions where raw db_execute/db_fetch_* calls creep back in.
+ */
+
+describe('prepared statement consistency in audit', function () {
+	it('uses prepared DB helpers in all plugin files', function () {
+		$targetFiles = array(
+		'audit.php',
+		'audit_functions.php',
+		'setup.php',
+		);
+
+		$rawPattern = '/\bdb_(?:execute|fetch_row|fetch_assoc|fetch_cell)\s*\(/';
+		$preparedPattern = '/\bdb_(?:execute|fetch_row|fetch_assoc|fetch_cell)_prepared\s*\(/';
+
+		foreach ($targetFiles as $relativeFile) {
+			$path = realpath(__DIR__ . '/../../' . $relativeFile);
+
+			if ($path === false) {
+				continue;
+			}
+
+			$contents = file_get_contents($path);
+
+			if ($contents === false) {
+				continue;
+			}
+
+			$lines = explode("\n", $contents);
+			$rawCallsOutsideComments = 0;
+
+			foreach ($lines as $line) {
+				$trimmed = ltrim($line);
+
+				if (strpos($trimmed, '//') === 0 || strpos($trimmed, '*') === 0 || strpos($trimmed, '#') === 0) {
+					continue;
+				}
+
+				if (preg_match($rawPattern, $line) && !preg_match($preparedPattern, $line)) {
+					$rawCallsOutsideComments++;
+				}
+			}
+
+			expect($rawCallsOutsideComments)->toBe(0,
+				"File {$relativeFile} contains raw (unprepared) DB calls"
+			);
+		}
+	});
+});

tests/Security/SetupStructureTest.php

@@ -0,0 +1,36 @@
+<?php
+/*
+ +-------------------------------------------------------------------------+
+ | Copyright (C) 2004-2026 The Cacti Group                                 |
+ +-------------------------------------------------------------------------+
+ | Cacti: The Complete RRDtool-based Graphing Solution                     |
+ +-------------------------------------------------------------------------+
+*/
+
+/*
+ * Verify setup.php defines required plugin hooks and info function.
+ */
+
+describe('audit setup.php structure', function () {
+	$source = file_get_contents(realpath(__DIR__ . '/../../setup.php'));
+
+	it('defines plugin_audit_install function', function () use ($source) {
+		expect($source)->toContain('function plugin_audit_install');
+	});
+
+	it('defines plugin_audit_version function', function () use ($source) {
+		expect($source)->toContain('function plugin_audit_version');
+	});
+
+	it('defines plugin_audit_uninstall function', function () use ($source) {
+		expect($source)->toContain('function plugin_audit_uninstall');
+	});
+
+	it('returns version array with name key', function () use ($source) {
+		expect($source)->toMatch('/[\'\""]name[\'\""]\s*=>/');
+	});
+
+	it('returns version array with version key', function () use ($source) {
+		expect($source)->toMatch('/[\'\""]version[\'\""]\s*=>/');
+	});
+});