New Test Suite: Security Best Practices #10
Description
Summary
Expand security testing significantly - currently only 2 basic tests (escaping and nonces).
Current State
- Only 2 security tests exist
- No SQL injection prevention tests
- No input validation tests
- No capability check tests
Proposed Tests
Knowledge Tests
- Input sanitization function selection
- SQL injection prevention patterns
- XSS prevention contexts
- Capability hierarchy and checks
- Nonce lifecycle and verification
Execution Tests
$wpdb->prepare()for SQL injection prevention- Input validation with
sanitize_*()functions wp_kses_*()for HTML sanitization- Capability checks (
current_user_can()) - File upload validation patterns
- AJAX handlers with proper nonce verification
Why This Matters
Security is critical. AI models generating insecure WordPress code is a significant risk. This suite would test security awareness.