From c3fddfecfab29504097932184389a94251991bc7 Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek <ben@sektioneins.de>
Date: Tue, 14 Dec 2021 15:25:31 +0100
Subject: [PATCH] test cases for testing edge cases, eval and cmd execution

---
 .../config/disabled_functions_extra.ini       |  7 +++++++
 .../disabled_functions_exec.phpt              | 12 +++++++++++
 .../disabled_functions_passthru.phpt          | 12 +++++++++++
 ...led_functions_phpinfo_header_callback.phpt | 12 +++++++++++
 .../disabled_functions_popen.phpt             | 12 +++++++++++
 .../disabled_functions_proc_open.phpt         | 17 ++++++++++++++++
 ...isabled_functions_shell_exec_backtick.phpt | 12 +++++++++++
 ...led_functions_shell_exec_backtick_var.phpt | 12 +++++++++++
 ...ctions_shell_exec_backtick_var_string.phpt | 12 +++++++++++
 ...disabled_functions_shell_exec_closure.phpt | 13 ++++++++++++
 ...isabled_functions_shell_exec_closure2.phpt | 14 +++++++++++++
 ...led_functions_shell_exec_filter_input.phpt | 14 +++++++++++++
 ...led_functions_shell_exec_include_data.phpt | 16 +++++++++++++++
 ...unctions_shell_exec_include_phpfilter.phpt | 16 +++++++++++++++
 ..._functions_shell_exec_opcache_preload.phpt | 18 +++++++++++++++++
 ...unctions_shell_exec_shutdown_function.phpt | 12 +++++++++++
 .../disabled_functions_shell_exec_signal.phpt | 20 +++++++++++++++++++
 .../disabled_functions_shell_exec_var.phpt    | 13 ++++++++++++
 18 files changed, 244 insertions(+)
 create mode 100644 src/tests/disable_function/config/disabled_functions_extra.ini
 create mode 100644 src/tests/disable_function/disabled_functions_exec.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_passthru.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_popen.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_proc_open.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_closure.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_signal.phpt
 create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_var.phpt

diff --git a/src/tests/disable_function/config/disabled_functions_extra.ini b/src/tests/disable_function/config/disabled_functions_extra.ini
new file mode 100644
index 00000000..305c4b35
--- /dev/null
+++ b/src/tests/disable_function/config/disabled_functions_extra.ini
@@ -0,0 +1,7 @@
+sp.disable_function.function("shell_exec").pos("0").value("ls").drop();
+sp.disable_function.function("exec").drop();
+sp.disable_function.function("passthru").drop();
+#sp.disable_function.function("system").drop();
+sp.disable_function.function("proc_open").drop();
+sp.disable_function.function("popen").drop();
+sp.disable_function.function("phpinfo").drop();
diff --git a/src/tests/disable_function/disabled_functions_exec.phpt b/src/tests/disable_function/disabled_functions_exec.phpt
new file mode 100644
index 00000000..d49ea583
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_exec.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - exec
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+echo exec('ls -l');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'exec' in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_passthru.phpt b/src/tests/disable_function/disabled_functions_passthru.phpt
new file mode 100644
index 00000000..27eb8f8a
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_passthru.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - passthru
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+echo passthru('ls -l');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'passthru' in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt b/src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt
new file mode 100644
index 00000000..347101ee
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - phpinfo via header_register_callback
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php
+header_register_callback('phpinfo');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'phpinfo' in Unknown on line 0
diff --git a/src/tests/disable_function/disabled_functions_popen.phpt b/src/tests/disable_function/disabled_functions_popen.phpt
new file mode 100644
index 00000000..d027aed7
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_popen.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - popen
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+echo popen('ls -l', 'r');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'popen' in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_proc_open.phpt b/src/tests/disable_function/disabled_functions_proc_open.phpt
new file mode 100644
index 00000000..7c8c7eb4
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_proc_open.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Disable functions - proc_open
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+$descriptorspec = array(
+   0 => array("pipe", "r"),
+   1 => array("pipe", "w"),
+   2 => array("pipe", "w")
+);
+echo proc_open('ls', $descriptorspec, $pipes);
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'proc_open' in %a.php on line 7
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt
new file mode 100644
index 00000000..aeb64c29
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - shell_exec via backtick operator
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+echo `ls`;
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt
new file mode 100644
index 00000000..a312acfb
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - shell_exec via backtick operator in context of a var name
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+echo ${`ls`};
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt
new file mode 100644
index 00000000..ea77a7dd
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - shell_exec via backtick operator in context of a var name in a string
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php 
+echo "{${`ls`}}";
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_closure.phpt b/src/tests/disable_function/disabled_functions_shell_exec_closure.phpt
new file mode 100644
index 00000000..fd9343b2
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_closure.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Disable functions - shell_exec via closure
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php
+$x = Closure::fromCallable('shell_exec');
+echo $x('ls');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt b/src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt
new file mode 100644
index 00000000..fac6031e
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - shell_exec via 1st class closure
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 80100) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php
+$x = shell_exec(...);
+echo $x('ls');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt b/src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt
new file mode 100644
index 00000000..8a18d9b8
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - shell_exec via filter_input callback
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--GET--
+cmd=ls
+--FILE--
+<?php
+echo filter_input(INPUT_GET, 'cmd', FILTER_CALLBACK, array('options' => 'shell_exec'));
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt b/src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt
new file mode 100644
index 00000000..4c13db61
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Disable functions - shell_exec via include(data://)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 70400) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+allow_url_include=1
+--FILE--
+<?php
+include('data://text/plain,'.urlencode('<?php shell_exec("ls");'));
+?>
+--EXPECTF--
+Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0
+
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in data%a line 1
\ No newline at end of file
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt b/src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt
new file mode 100644
index 00000000..941d168a
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Disable functions - shell_exec via include(php://filter)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 70400) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+allow_url_include=1
+--FILE--
+<?php
+include('php://filter//resource=data://text/plain,'.urlencode('<?php shell_exec("ls");'));
+?>
+--EXPECTF--
+Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0
+
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in php%a line 1
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt
new file mode 100644
index 00000000..3e43a144
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Disable functions - shell_exec via opcache.preload
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 70400) print "skip"; ?>
+--EXTENSIONS--
+opcache
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+allow_url_include=1
+opcache.enable=1
+opcache.enable_cli=1
+opcache.preload=data://text/plain,%3C%3Fphp+shell_exec%28%22ls%22%29%3B
+--FILE--
+<?php
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in data%a line 1
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt b/src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt
new file mode 100644
index 00000000..8dcc40e3
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Disable functions - shell_exec via register_shutdown_function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php
+register_shutdown_function('shell_exec', 'ls');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in Unknown on line 0
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt b/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt
new file mode 100644
index 00000000..f99b4233
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Disable functions - shell_exec via signal handler
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+<?php if (PHP_VERSION_ID < 70100) print "skip"; ?>
+--EXTENSIONS--
+pcntl
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+pcntl.async_signals=1
+--FILE--
+<?php
+declare(ticks=1);
+ini_set("pcntl.async_signals", "1");
+pcntl_signal(SIGALRM, function($signo) { shell_exec("ls"); });
+system("kill -14 " . getmypid());
+sleep(5);
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 4
diff --git a/src/tests/disable_function/disabled_functions_shell_exec_var.phpt b/src/tests/disable_function/disabled_functions_shell_exec_var.phpt
new file mode 100644
index 00000000..e5a6a4e2
--- /dev/null
+++ b/src/tests/disable_function/disabled_functions_shell_exec_var.phpt
@@ -0,0 +1,13 @@
+--TEST--
+Disable functions - shell_exec via var call
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_extra.ini
+--FILE--
+<?php
+$x = 'shell_exec'; 
+echo $x('ls');
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3