Added SQL injection protection for Mysqli and several test cases

author: Ben Fuhrmannek 2014-06-24 16:56:21 +0200
committer: Ben Fuhrmannek 2014-06-24 16:56:21 +0200
commit: 93721fdd94f90d48b290749398a26cef277ad129 (patch)
tree: 16d6f2bbe8ad8e5313b6bb07b18b182aee00b806
parent: f3efcde454d85cdf4b6ddafa05afe99cea5cfd78 (diff)
17 files changed, 428 insertions, 40 deletions
diff --git a/Changelog b/Changelog
index 2bad2b3..4e83cb3 100644
--- a/Changelog
+++ b/Changelog
@@ -1,3 +1,7 @@
+2014-06-24 - 0.9.37-dev
+        - Added SQL injection protection for Mysqli and several test cases
 2014-06-10 - 0.9.36
    - Added better handling of non existing/non executable shell scripts
diff --git a/execute.c b/execute.c
index 1f7cf15..098b074 100644
--- a/execute.c
+++ b/execute.c
@@ -880,7 +880,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
                return (0);
        }
    
-        if ((long) ih->arg1) {
+        if ((long) ih->arg2) {
            mysql_extension = 1;
        }
        
@@ -892,6 +892,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
        }
        len = Z_STRLEN_P(backup);
        query = Z_STRVAL_P(backup);
+        SDEBUG("SQL |%s|", query);
        
        s = query;
        e = s+len;
@@ -1552,9 +1553,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
 }
 internal_function_handler ihandlers[] = {
-    { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
+        { "preg_replace", ih_preg_replace, NULL, NULL, NULL },
-    { "mail", ih_mail, NULL, NULL, NULL },
+        { "mail", ih_mail, NULL, NULL, NULL },
-    { "symlink", ih_symlink, NULL, NULL, NULL },
+        { "symlink", ih_symlink, NULL, NULL, NULL },
        
        { "srand", ih_srand, NULL, NULL, NULL },
        { "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1564,86 @@ internal_function_handler ihandlers[] = {
        { "getrandmax", ih_getrandmax, NULL, NULL, NULL },
        { "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
        
-    { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "function_exists", ih_function_exists, NULL, NULL, NULL },
-    { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
-    { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
        
-    { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
+        /* Mysqli */
-    { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
-    { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
-    
+        { "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "function_exists", ih_function_exists, NULL, NULL, NULL },
+        { "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        
+        { "mysqli::query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::multi_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_multi_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::prepare", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_prepare", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::real_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli::send_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // removed in PHP 5.3
+        { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        // ----
+        
+        /* Mysql API - deprecated in PHP 5.5 */
+        { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
        
-    { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* MaxDB */
-    { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
+        { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        
+        { "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
+        { "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
+        { "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
-    { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Oracle OCI8 */
-    { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
+        { "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb", ih_fixusername, (void *)2, NULL, NULL },
+        /* FrontBase */
-    { "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
-    { "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
-    { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        /* Informix */
-    { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        /* Firebird/InterBase */
-    { "mysql_db_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_unbuffered_query", ih_querycheck, (void *)1, (void *)1, NULL },
+        { "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_query", ih_querycheck, (void *)2, (void *)1, NULL },
+        { "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_real_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_send_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_master_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli_slave_query", ih_querycheck, (void *)2, (void *)1, NULL },
-    { "mysqli", ih_fixusername, (void *)2, NULL, NULL },
+        /* Microsoft SQL Server */
-    { "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
+        { "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
-    { "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
+        
-    { "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },
+        { NULL, NULL, NULL, NULL, NULL }
-    { NULL, NULL, NULL, NULL, NULL }
 };
 #define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));
diff --git a/tests/sql/connect.inc b/tests/sql/connect.inc
new file mode 100644
index 0000000..367d63d
--- /dev/null
+++ b/tests/sql/connect.inc
@@ -0,0 +1,14 @@
+<?php
+        $host      = getenv("MYSQL_TEST_HOST")     ? getenv("MYSQL_TEST_HOST") : "localhost";
+        $port      = getenv("MYSQL_TEST_PORT")     ? getenv("MYSQL_TEST_PORT") : 3306;
+        $user      = getenv("MYSQL_TEST_USER")     ? getenv("MYSQL_TEST_USER") : "root";
+        $passwd    = getenv("MYSQL_TEST_PASSWD")   ? getenv("MYSQL_TEST_PASSWD") : "";
+        $db        = getenv("MYSQL_TEST_DB")       ? getenv("MYSQL_TEST_DB") : "test";
+        $socket    = getenv("MYSQL_TEST_SOCKET")   ? getenv("MYSQL_TEST_SOCKET") : null;
+        function connect_mysqli_oostyle() {
+                global $host, $port, $user, $passwd, $db, $socket;
+                return new mysqli($host, $user, $passwd, $db, $port, $socket);
+        }
+?>
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt
new file mode 100644
index 0000000..0436c64
--- /dev/null
+++ b/tests/sql/mysqli_comment_conditional.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment protection and MySQL condition (/*!...*/)
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*! ... */");
+flush();
+echo "mark.";
+?>
+--EXPECTF--
+mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_cstyle_fail.phpt b/tests/sql/mysqli_comment_cstyle_fail.phpt
new file mode 100644
index 0000000..56a8ccb
--- /dev/null
+++ b/tests/sql/mysqli_comment_cstyle_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (/*...*/) protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /* injection */");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_hashstyle_fail.phpt b/tests/sql/mysqli_comment_hashstyle_fail.phpt
new file mode 100644
index 0000000..6f5b517
--- /dev/null
+++ b/tests/sql/mysqli_comment_hashstyle_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (#) protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 # injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt
new file mode 100644
index 0000000..c32c76a
--- /dev/null
+++ b/tests/sql/mysqli_comment_sqlstyle.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (--) protection
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=1
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 -- injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_comment_sqlstyle_fail.phpt b/tests/sql/mysqli_comment_sqlstyle_fail.phpt
new file mode 100644
index 0000000..83e63c5
--- /dev/null
+++ b/tests/sql/mysqli_comment_sqlstyle_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL comment (--) protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=2
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 -- injection");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_multiselect.phpt b/tests/sql/mysqli_multiselect.phpt
new file mode 100644
index 0000000..63d6c19
--- /dev/null
+++ b/tests/sql/mysqli_multiselect.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with multiple SELECT statements
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=1
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1; SELECT 2");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Multiple SELECT in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_multiselect_fail.phpt b/tests/sql/mysqli_multiselect_fail.phpt
new file mode 100644
index 0000000..2bee62a
--- /dev/null
+++ b/tests/sql/mysqli_multiselect_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with multiple SELECT statements set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=2
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1; SELECT 2");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Multiple SELECT in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_multiselect_subselect.phpt b/tests/sql/mysqli_multiselect_subselect.phpt
new file mode 100644
index 0000000..e629720
--- /dev/null
+++ b/tests/sql/mysqli_multiselect_subselect.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with sub-SELECT
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=1
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT * FROM (SELECT 1)");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Multiple SELECT in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_no_constraints.phpt b/tests/sql/mysqli_no_constraints.phpt
new file mode 100644
index 0000000..1d7fff6
--- /dev/null
+++ b/tests/sql/mysqli_no_constraints.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Mysqli connection test without any constraints
+--INI--
+extension=mysqli.so
+suhosin.sql.comment=0
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 AS A UNION SELECT 2 -- injection");
+$rows = $result->fetch_all();
+if ($rows !== null && count($rows) == 2) { echo "ok"; }
+?>
+--EXPECTF--
+ok
+\ No newline at end of file
diff --git a/tests/sql/mysqli_open_comment.phpt b/tests/sql/mysqli_open_comment.phpt
new file mode 100644
index 0000000..29d3536
--- /dev/null
+++ b/tests/sql/mysqli_open_comment.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL open comment protection (/*...)
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=1
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Open comment in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_open_comment_fail.phpt b/tests/sql/mysqli_open_comment_fail.phpt
new file mode 100644
index 0000000..4645523
--- /dev/null
+++ b/tests/sql/mysqli_open_comment_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with SQL open comment protection (/*...) set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=2
+suhosin.sql.multiselect=0
+suhosin.sql.union=0
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 /*");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - Open comment in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/mysqli_union.phpt b/tests/sql/mysqli_union.phpt
new file mode 100644
index 0000000..9af9c61
--- /dev/null
+++ b/tests/sql/mysqli_union.phpt
@@ -0,0 +1,26 @@
+--TEST--
+Mysqli query with UNION protection
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=1
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 UNION SELECT 2");
+flush();
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - UNION in SQL query.*mark.
+\ No newline at end of file
diff --git a/tests/sql/mysqli_union_fail.phpt b/tests/sql/mysqli_union_fail.phpt
new file mode 100644
index 0000000..ee51a79
--- /dev/null
+++ b/tests/sql/mysqli_union_fail.phpt
@@ -0,0 +1,25 @@
+--TEST--
+Mysqli query with UNION protection set to fail
+--INI--
+extension=mysqli.so
+suhosin.sql.bailout_on_error=0
+suhosin.sql.comment=0
+suhosin.sql.opencomment=0
+suhosin.sql.multiselect=0
+suhosin.sql.union=2
+suhosin.log.stdout=32
+--SKIPIF--
+<?php
+include('skipifmysqli.inc');
+include('skipif.inc');
+?>
+--FILE--
+<?php
+include('connect.inc');
+$mysqli = connect_mysqli_oostyle();
+$result = $mysqli->query("SELECT 1 UNION SELECT 2");
+echo "mark.";
+?>
+--EXPECTREGEX--
+ALERT - UNION in SQL query.*\)
+\ No newline at end of file
diff --git a/tests/sql/skipifmysqli.inc b/tests/sql/skipifmysqli.inc
new file mode 100644
index 0000000..ee16cf1
--- /dev/null
+++ b/tests/sql/skipifmysqli.inc
@@ -0,0 +1,5 @@
+<?php
+if (!extension_loaded("mysqli")) {
+        die('skip - mysqli extension not available');
+}
+?>
+\ No newline at end of file
author	Ben Fuhrmannek	2014-06-24 16:56:21 +0200
committer	Ben Fuhrmannek	2014-06-24 16:56:21 +0200
commit	93721fdd94f90d48b290749398a26cef277ad129 (patch)
tree	16d6f2bbe8ad8e5313b6bb07b18b182aee00b806
parent	f3efcde454d85cdf4b6ddafa05afe99cea5cfd78 (diff)

diff --git a/Changelog b/Changelog index 2bad2b3..4e83cb3 100644 --- a/Changelog +++ b/Changelog
@@ -1,3 +1,7 @@
		1	2014-06-24 - 0.9.37-dev
		2
		3	- Added SQL injection protection for Mysqli and several test cases
		4
1	2014-06-10 - 0.9.36	5	2014-06-10 - 0.9.36
2		6
3	- Added better handling of non existing/non executable shell scripts	7	- Added better handling of non existing/non executable shell scripts


diff --git a/execute.c b/execute.c index 1f7cf15..098b074 100644 --- a/execute.c +++ b/execute.c
@@ -880,7 +880,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
880	return (0);	880	return (0);
881	}	881	}
882		882
883	if ((long) ih->arg1) {	883	if ((long) ih->arg2) {
884	mysql_extension = 1;	884	mysql_extension = 1;
885	}	885	}
886		886
@@ -892,6 +892,7 @@ int ih_querycheck(IH_HANDLER_PARAMS)
892	}	892	}
893	len = Z_STRLEN_P(backup);	893	len = Z_STRLEN_P(backup);
894	query = Z_STRVAL_P(backup);	894	query = Z_STRVAL_P(backup);
		895	SDEBUG("SQL \|%s\|", query);
895		896
896	s = query;	897	s = query;
897	e = s+len;	898	e = s+len;
@@ -1552,9 +1553,9 @@ static int ih_getrandmax(IH_HANDLER_PARAMS)
1552	}	1553	}
1553		1554
1554	internal_function_handler ihandlers[] = {	1555	internal_function_handler ihandlers[] = {
1555	{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },	1556	{ "preg_replace", ih_preg_replace, NULL, NULL, NULL },
1556	{ "mail", ih_mail, NULL, NULL, NULL },	1557	{ "mail", ih_mail, NULL, NULL, NULL },
1557	{ "symlink", ih_symlink, NULL, NULL, NULL },	1558	{ "symlink", ih_symlink, NULL, NULL, NULL },
1558		1559
1559	{ "srand", ih_srand, NULL, NULL, NULL },	1560	{ "srand", ih_srand, NULL, NULL, NULL },
1560	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },	1561	{ "mt_srand", ih_mt_srand, NULL, NULL, NULL },
@@ -1563,49 +1564,86 @@ internal_function_handler ihandlers[] = {
1563	{ "getrandmax", ih_getrandmax, NULL, NULL, NULL },	1564	{ "getrandmax", ih_getrandmax, NULL, NULL, NULL },
1564	{ "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },	1565	{ "mt_getrandmax", ih_getrandmax, NULL, NULL, NULL },
1565		1566
1566	{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },	1567	{ "function_exists", ih_function_exists, NULL, NULL, NULL },
1567	{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
1568	{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
1569	{ "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
1570	{ "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
1571	{ "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
1572		1568
1573	{ "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },	1569	/* Mysqli */
1574	{ "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },	1570	{ "mysqli::mysqli", ih_fixusername, (void *)2, NULL, NULL },
1575	{ "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1571	{ "mysqli_connect", ih_fixusername, (void *)2, NULL, NULL },
1576		1572	{ "mysqli::real_connect", ih_fixusername, (void *)2, NULL, NULL },
1577	{ "function_exists", ih_function_exists, NULL, NULL, NULL },	1573	{ "mysqli_real_connect", ih_fixusername, (void *)3, NULL, NULL },
		1574	{ "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },
		1575	{ "mysqli::change_user", ih_fixusername, (void *)1, NULL, NULL },
		1576
		1577	{ "mysqli::query", ih_querycheck, (void )1, (void )1, NULL },
		1578	{ "mysqli_query", ih_querycheck, (void )2, (void )1, NULL },
		1579	{ "mysqli::multi_query", ih_querycheck, (void )1, (void )1, NULL },
		1580	{ "mysqli_multi_query", ih_querycheck, (void )2, (void )1, NULL },
		1581	{ "mysqli::prepare", ih_querycheck, (void )1, (void )1, NULL },
		1582	{ "mysqli_prepare", ih_querycheck, (void )2, (void )1, NULL },
		1583	{ "mysqli::real_query", ih_querycheck, (void )1, (void )1, NULL },
		1584	{ "mysqli_real_query", ih_querycheck, (void )2, (void )1, NULL },
		1585	{ "mysqli::send_query", ih_querycheck, (void )1, (void )1, NULL },
		1586	{ "mysqli_send_query", ih_querycheck, (void )2, (void )1, NULL },
		1587	// removed in PHP 5.3
		1588	{ "mysqli_master_query", ih_querycheck, (void )2, (void )1, NULL },
		1589	{ "mysqli_slave_query", ih_querycheck, (void )2, (void )1, NULL },
		1590	// ----
		1591
		1592	/* Mysql API - deprecated in PHP 5.5 */
		1593	{ "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },
		1594	{ "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
		1595	{ "mysql_query", ih_querycheck, (void )1, (void )1, NULL },
		1596	{ "mysql_db_query", ih_querycheck, (void )2, (void )1, NULL },
		1597	{ "mysql_unbuffered_query", ih_querycheck, (void )1, (void )1, NULL },
1578		1598
1579	{ "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },	1599	/* MaxDB */
1580	{ "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1600	{ "maxdb::maxdb", ih_fixusername, (void *)2, NULL, NULL },
		1601	{ "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },
		1602	{ "maxdb::real_connect", ih_fixusername, (void *)2, NULL, NULL },
		1603	{ "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },
		1604	{ "maxdb::change_user", ih_fixusername, (void *)1, NULL, NULL },
		1605	{ "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },
		1606
		1607	{ "maxdb_master_query", ih_querycheck, (void *)2, NULL, NULL },
		1608	{ "maxdb::multi_query", ih_querycheck, (void *)1, NULL, NULL },
		1609	{ "maxdb_multi_query", ih_querycheck, (void *)2, NULL, NULL },
		1610	{ "maxdb::query", ih_querycheck, (void *)1, NULL, NULL },
		1611	{ "maxdb_query", ih_querycheck, (void *)2, NULL, NULL },
		1612	{ "maxdb::real_query", ih_querycheck, (void *)1, NULL, NULL },
		1613	{ "maxdb_real_query", ih_querycheck, (void *)2, NULL, NULL },
		1614	{ "maxdb::send_query", ih_querycheck, (void *)1, NULL, NULL },
		1615	{ "maxdb_send_query", ih_querycheck, (void *)2, NULL, NULL },
		1616	{ "maxdb::prepare", ih_querycheck, (void *)1, NULL, NULL },
		1617	{ "maxdb_prepare", ih_querycheck, (void *)2, NULL, NULL },
1581		1618
1582	{ "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },	1619	/* Oracle OCI8 */
1583	{ "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1620	{ "ocilogon", ih_fixusername, (void *)1, NULL, NULL },
		1621	{ "ociplogon", ih_fixusername, (void *)1, NULL, NULL },
		1622	{ "ocinlogon", ih_fixusername, (void *)1, NULL, NULL },
		1623	{ "oci_connect", ih_fixusername, (void *)1, NULL, NULL },
		1624	{ "oci_pconnect", ih_fixusername, (void *)1, NULL, NULL },
		1625	{ "oci_new_connect", ih_fixusername, (void *)1, NULL, NULL },
1584		1626
1585	{ "maxdb", ih_fixusername, (void *)2, NULL, NULL },	1627	/* FrontBase */
1586	{ "maxdb_change_user", ih_fixusername, (void *)2, NULL, NULL },	1628	{ "fbsql_connect", ih_fixusername, (void *)2, NULL, NULL },
1587	{ "maxdb_connect", ih_fixusername, (void *)2, NULL, NULL },	1629	{ "fbsql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1588	{ "maxdb_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1630	{ "fbsql_change_user", ih_fixusername, (void *)1, NULL, NULL },
1589	{ "maxdb_real_connect", ih_fixusername, (void *)3, NULL, NULL },	1631	{ "fbsql_username", ih_fixusername, (void *)2, NULL, NULL },
1590		1632
1591	{ "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },	1633	/* Informix */
1592	{ "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1634	{ "ifx_connect", ih_fixusername, (void *)2, NULL, NULL },
		1635	{ "ifx_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1593		1636
1594	{ "mysql_query", ih_querycheck, (void )1, (void )1, NULL },	1637	/* Firebird/InterBase */
1595	{ "mysql_db_query", ih_querycheck, (void )2, (void )1, NULL },	1638	{ "ibase_connect", ih_fixusername, (void *)2, NULL, NULL },
1596	{ "mysql_unbuffered_query", ih_querycheck, (void )1, (void )1, NULL },	1639	{ "ibase_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1597	{ "mysqli_query", ih_querycheck, (void )2, (void )1, NULL },	1640	{ "ibase_service_attach", ih_fixusername, (void *)2, NULL, NULL },
1598	{ "mysqli_real_query", ih_querycheck, (void )2, (void )1, NULL },
1599	{ "mysqli_send_query", ih_querycheck, (void )2, (void )1, NULL },
1600	{ "mysqli_master_query", ih_querycheck, (void )2, (void )1, NULL },
1601	{ "mysqli_slave_query", ih_querycheck, (void )2, (void )1, NULL },
1602		1641
1603	{ "mysqli", ih_fixusername, (void *)2, NULL, NULL },	1642	/* Microsoft SQL Server */
1604	{ "mysql_connect", ih_fixusername, (void *)2, NULL, NULL },	1643	{ "mssql_connect", ih_fixusername, (void *)2, NULL, NULL },
1605	{ "mysql_pconnect", ih_fixusername, (void *)2, NULL, NULL },	1644	{ "mssql_pconnect", ih_fixusername, (void *)2, NULL, NULL },
1606	{ "mysqli_change_user", ih_fixusername, (void *)2, NULL, NULL },	1645
1607	{ "mysql_real_connect", ih_fixusername, (void *)3, NULL, NULL },	1646	{ NULL, NULL, NULL, NULL, NULL }
1608	{ NULL, NULL, NULL, NULL, NULL }
1609	};	1647	};
1610		1648
1611	#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));	1649	#define FUNCTION_WARNING() zend_error(E_WARNING, "%s() has been disabled for security reasons", get_active_function_name(TSRMLS_C));


diff --git a/tests/sql/connect.inc b/tests/sql/connect.inc new file mode 100644 index 0000000..367d63d --- /dev/null +++ b/tests/sql/connect.inc
@@ -0,0 +1,14 @@
		1	<?php
		2
		3	$host = getenv("MYSQL_TEST_HOST") ? getenv("MYSQL_TEST_HOST") : "localhost";
		4	$port = getenv("MYSQL_TEST_PORT") ? getenv("MYSQL_TEST_PORT") : 3306;
		5	$user = getenv("MYSQL_TEST_USER") ? getenv("MYSQL_TEST_USER") : "root";
		6	$passwd = getenv("MYSQL_TEST_PASSWD") ? getenv("MYSQL_TEST_PASSWD") : "";
		7	$db = getenv("MYSQL_TEST_DB") ? getenv("MYSQL_TEST_DB") : "test";
		8	$socket = getenv("MYSQL_TEST_SOCKET") ? getenv("MYSQL_TEST_SOCKET") : null;
		9
		10	function connect_mysqli_oostyle() {
		11	global $host, $port, $user, $passwd, $db, $socket;
		12	return new mysqli($host, $user, $passwd, $db, $port, $socket);
		13	}
		14	?> \ No newline at end of file


diff --git a/tests/sql/mysqli_comment_conditional.phpt b/tests/sql/mysqli_comment_conditional.phpt new file mode 100644 index 0000000..0436c64 --- /dev/null +++ b/tests/sql/mysqli_comment_conditional.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL comment protection and MySQL condition (/!.../)
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=2
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 /! ... /");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTF--
		25	mark. \ No newline at end of file


diff --git a/tests/sql/mysqli_comment_cstyle_fail.phpt b/tests/sql/mysqli_comment_cstyle_fail.phpt new file mode 100644 index 0000000..56a8ccb --- /dev/null +++ b/tests/sql/mysqli_comment_cstyle_fail.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL comment (/.../) protection set to fail
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=2
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 /* injection */");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Comment in SQL query.*\) \ No newline at end of file


diff --git a/tests/sql/mysqli_comment_hashstyle_fail.phpt b/tests/sql/mysqli_comment_hashstyle_fail.phpt new file mode 100644 index 0000000..6f5b517 --- /dev/null +++ b/tests/sql/mysqli_comment_hashstyle_fail.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL comment (#) protection set to fail
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=2
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 # injection");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Comment in SQL query.*\) \ No newline at end of file


diff --git a/tests/sql/mysqli_comment_sqlstyle.phpt b/tests/sql/mysqli_comment_sqlstyle.phpt new file mode 100644 index 0000000..c32c76a --- /dev/null +++ b/tests/sql/mysqli_comment_sqlstyle.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL comment (--) protection
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=1
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 -- injection");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Comment in SQL query.*mark. \ No newline at end of file


diff --git a/tests/sql/mysqli_comment_sqlstyle_fail.phpt b/tests/sql/mysqli_comment_sqlstyle_fail.phpt new file mode 100644 index 0000000..83e63c5 --- /dev/null +++ b/tests/sql/mysqli_comment_sqlstyle_fail.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL comment (--) protection set to fail
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=2
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 -- injection");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Comment in SQL query.*\) \ No newline at end of file


diff --git a/tests/sql/mysqli_multiselect.phpt b/tests/sql/mysqli_multiselect.phpt new file mode 100644 index 0000000..63d6c19 --- /dev/null +++ b/tests/sql/mysqli_multiselect.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with multiple SELECT statements
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=1
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1; SELECT 2");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Multiple SELECT in SQL query.*mark. \ No newline at end of file


diff --git a/tests/sql/mysqli_multiselect_fail.phpt b/tests/sql/mysqli_multiselect_fail.phpt new file mode 100644 index 0000000..2bee62a --- /dev/null +++ b/tests/sql/mysqli_multiselect_fail.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with multiple SELECT statements set to fail
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=2
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1; SELECT 2");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Multiple SELECT in SQL query.*\) \ No newline at end of file


diff --git a/tests/sql/mysqli_multiselect_subselect.phpt b/tests/sql/mysqli_multiselect_subselect.phpt new file mode 100644 index 0000000..e629720 --- /dev/null +++ b/tests/sql/mysqli_multiselect_subselect.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with sub-SELECT
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=1
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT * FROM (SELECT 1)");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Multiple SELECT in SQL query.*mark. \ No newline at end of file


diff --git a/tests/sql/mysqli_no_constraints.phpt b/tests/sql/mysqli_no_constraints.phpt new file mode 100644 index 0000000..1d7fff6 --- /dev/null +++ b/tests/sql/mysqli_no_constraints.phpt
@@ -0,0 +1,26 @@
		1	--TEST--
		2	Mysqli connection test without any constraints
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.comment=0
		6	suhosin.sql.bailout_on_error=0
		7	suhosin.sql.comment=0
		8	suhosin.sql.opencomment=0
		9	suhosin.sql.multiselect=0
		10	suhosin.sql.union=0
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 AS A UNION SELECT 2 -- injection");
		21	$rows = $result->fetch_all();
		22	if ($rows !== null && count($rows) == 2) { echo "ok"; }
		23
		24	?>
		25	--EXPECTF--
		26	ok \ No newline at end of file


diff --git a/tests/sql/mysqli_open_comment.phpt b/tests/sql/mysqli_open_comment.phpt new file mode 100644 index 0000000..29d3536 --- /dev/null +++ b/tests/sql/mysqli_open_comment.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL open comment protection (/*...)
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=1
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 /*");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Open comment in SQL query.*mark. \ No newline at end of file


diff --git a/tests/sql/mysqli_open_comment_fail.phpt b/tests/sql/mysqli_open_comment_fail.phpt new file mode 100644 index 0000000..4645523 --- /dev/null +++ b/tests/sql/mysqli_open_comment_fail.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with SQL open comment protection (/*...) set to fail
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=2
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=0
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 /*");
		21	flush();
		22	echo "mark.";
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - Open comment in SQL query.*\) \ No newline at end of file


diff --git a/tests/sql/mysqli_union.phpt b/tests/sql/mysqli_union.phpt new file mode 100644 index 0000000..9af9c61 --- /dev/null +++ b/tests/sql/mysqli_union.phpt
@@ -0,0 +1,26 @@
		1	--TEST--
		2	Mysqli query with UNION protection
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=1
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 UNION SELECT 2");
		21	flush();
		22	echo "mark.";
		23
		24	?>
		25	--EXPECTREGEX--
		26	ALERT - UNION in SQL query.*mark. \ No newline at end of file


diff --git a/tests/sql/mysqli_union_fail.phpt b/tests/sql/mysqli_union_fail.phpt new file mode 100644 index 0000000..ee51a79 --- /dev/null +++ b/tests/sql/mysqli_union_fail.phpt
@@ -0,0 +1,25 @@
		1	--TEST--
		2	Mysqli query with UNION protection set to fail
		3	--INI--
		4	extension=mysqli.so
		5	suhosin.sql.bailout_on_error=0
		6	suhosin.sql.comment=0
		7	suhosin.sql.opencomment=0
		8	suhosin.sql.multiselect=0
		9	suhosin.sql.union=2
		10	suhosin.log.stdout=32
		11	--SKIPIF--
		12	<?php
		13	include('skipifmysqli.inc');
		14	include('skipif.inc');
		15	?>
		16	--FILE--
		17	<?php
		18	include('connect.inc');
		19	$mysqli = connect_mysqli_oostyle();
		20	$result = $mysqli->query("SELECT 1 UNION SELECT 2");
		21	echo "mark.";
		22
		23	?>
		24	--EXPECTREGEX--
		25	ALERT - UNION in SQL query.*\) \ No newline at end of file


diff --git a/tests/sql/skipifmysqli.inc b/tests/sql/skipifmysqli.inc new file mode 100644 index 0000000..ee16cf1 --- /dev/null +++ b/tests/sql/skipifmysqli.inc
@@ -0,0 +1,5 @@
		1	<?php
		2	if (!extension_loaded("mysqli")) {
		3	die('skip - mysqli extension not available');
		4	}
		5	?> \ No newline at end of file