forked from jvoisin/snuffleupagus
-
Notifications
You must be signed in to change notification settings - Fork 5
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
test cases for testing edge cases, eval and cmd execution
- Loading branch information
Showing
18 changed files
with
244 additions
and
0 deletions.
There are no files selected for viewing
7 changes: 7 additions & 0 deletions
7
src/tests/disable_function/config/disabled_functions_extra.ini
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,7 @@ | ||
| sp.disable_function.function("shell_exec").pos("0").value("ls").drop(); | ||
| sp.disable_function.function("exec").drop(); | ||
| sp.disable_function.function("passthru").drop(); | ||
| #sp.disable_function.function("system").drop(); | ||
| sp.disable_function.function("proc_open").drop(); | ||
| sp.disable_function.function("popen").drop(); | ||
| sp.disable_function.function("phpinfo").drop(); |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - exec | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| echo exec('ls -l'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'exec' in %a.php on line 2 |
12 changes: 12 additions & 0 deletions
12
src/tests/disable_function/disabled_functions_passthru.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - passthru | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| echo passthru('ls -l'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'passthru' in %a.php on line 2 |
12 changes: 12 additions & 0 deletions
12
src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - phpinfo via header_register_callback | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| header_register_callback('phpinfo'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'phpinfo' in Unknown on line 0 |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - popen | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| echo popen('ls -l', 'r'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'popen' in %a.php on line 2 |
17 changes: 17 additions & 0 deletions
17
src/tests/disable_function/disabled_functions_proc_open.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,17 @@ | ||
| --TEST-- | ||
| Disable functions - proc_open | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| $descriptorspec = array( | ||
| 0 => array("pipe", "r"), | ||
| 1 => array("pipe", "w"), | ||
| 2 => array("pipe", "w") | ||
| ); | ||
| echo proc_open('ls', $descriptorspec, $pipes); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'proc_open' in %a.php on line 7 |
12 changes: 12 additions & 0 deletions
12
src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via backtick operator | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| echo `ls`; | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 |
12 changes: 12 additions & 0 deletions
12
src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via backtick operator in context of a var name | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| echo ${`ls`}; | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 |
12 changes: 12 additions & 0 deletions
12
src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via backtick operator in context of a var name in a string | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| echo "{${`ls`}}"; | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 |
13 changes: 13 additions & 0 deletions
13
src/tests/disable_function/disabled_functions_shell_exec_closure.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via closure | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| $x = Closure::fromCallable('shell_exec'); | ||
| echo $x('ls'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3 |
14 changes: 14 additions & 0 deletions
14
src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via 1st class closure | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| <?php if (PHP_VERSION_ID < 80100) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| $x = shell_exec(...); | ||
| echo $x('ls'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3 |
14 changes: 14 additions & 0 deletions
14
src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,14 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via filter_input callback | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --GET-- | ||
| cmd=ls | ||
| --FILE-- | ||
| <?php | ||
| echo filter_input(INPUT_GET, 'cmd', FILTER_CALLBACK, array('options' => 'shell_exec')); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 |
16 changes: 16 additions & 0 deletions
16
src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via include(data://) | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| <?php if (PHP_VERSION_ID < 70400) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| allow_url_include=1 | ||
| --FILE-- | ||
| <?php | ||
| include('data://text/plain,'.urlencode('<?php shell_exec("ls");')); | ||
| ?> | ||
| --EXPECTF-- | ||
| Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0 | ||
|
|
||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in data%a line 1 |
16 changes: 16 additions & 0 deletions
16
src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,16 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via include(php://filter) | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| <?php if (PHP_VERSION_ID < 70400) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| allow_url_include=1 | ||
| --FILE-- | ||
| <?php | ||
| include('php://filter//resource=data://text/plain,'.urlencode('<?php shell_exec("ls");')); | ||
| ?> | ||
| --EXPECTF-- | ||
| Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0 | ||
|
|
||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in php%a line 1 |
18 changes: 18 additions & 0 deletions
18
src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,18 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via opcache.preload | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| <?php if (PHP_VERSION_ID < 70400) print "skip"; ?> | ||
| --EXTENSIONS-- | ||
| opcache | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| allow_url_include=1 | ||
| opcache.enable=1 | ||
| opcache.enable_cli=1 | ||
| opcache.preload=data://text/plain,%3C%3Fphp+shell_exec%28%22ls%22%29%3B | ||
| --FILE-- | ||
| <?php | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in data%a line 1 |
12 changes: 12 additions & 0 deletions
12
src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,12 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via register_shutdown_function | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| register_shutdown_function('shell_exec', 'ls'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in Unknown on line 0 |
20 changes: 20 additions & 0 deletions
20
src/tests/disable_function/disabled_functions_shell_exec_signal.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,20 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via signal handler | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| <?php if (PHP_VERSION_ID < 70100) print "skip"; ?> | ||
| --EXTENSIONS-- | ||
| pcntl | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| pcntl.async_signals=1 | ||
| --FILE-- | ||
| <?php | ||
| declare(ticks=1); | ||
| ini_set("pcntl.async_signals", "1"); | ||
| pcntl_signal(SIGALRM, function($signo) { shell_exec("ls"); }); | ||
| system("kill -14 " . getmypid()); | ||
| sleep(5); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 4 |
13 changes: 13 additions & 0 deletions
13
src/tests/disable_function/disabled_functions_shell_exec_var.phpt
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,13 @@ | ||
| --TEST-- | ||
| Disable functions - shell_exec via var call | ||
| --SKIPIF-- | ||
| <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | ||
| --INI-- | ||
| sp.configuration_file={PWD}/config/disabled_functions_extra.ini | ||
| --FILE-- | ||
| <?php | ||
| $x = 'shell_exec'; | ||
| echo $x('ls'); | ||
| ?> | ||
| --EXPECTF-- | ||
| Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3 |