Some tests for the cookie encryption feature from Ben

author: Stefan Esser 2014-02-18 14:52:12 +0100
committer: Stefan Esser 2014-02-18 14:52:12 +0100
commit: 6fef70730793eccc4943bca48c47439cd19b213e (patch)
tree: 832e88b95420d99253cf61480df810c548992215
parent: 80e2f83cff1750937ba02916d2326ce75e09ef4c (diff)
15 files changed, 389 insertions, 0 deletions
diff --git a/tests/cookie/crypt.checkraddr_4.phpt b/tests/cookie/crypt.checkraddr_4.phpt
new file mode 100644
index 0000000..35c3495
--- /dev/null
+++ b/tests/cookie/crypt.checkraddr_4.phpt
@@ -0,0 +1,28 @@
+--TEST--
+cookie encryption with checkraddr=4
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=4
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(1) {
+  ["foo"]=>
+  string(3) "bar"
+}
+\ No newline at end of file
diff --git a/tests/cookie/crypt.checkraddr_4_incorrect.phpt b/tests/cookie/crypt.checkraddr_4_incorrect.phpt
new file mode 100644
index 0000000..00c2e23
--- /dev/null
+++ b/tests/cookie/crypt.checkraddr_4_incorrect.phpt
@@ -0,0 +1,26 @@
+--TEST--
+cookie encryption with checkraddr=4
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=4
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.2
+END;
+--COOKIE--
+foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(0) {
+}
+\ No newline at end of file
diff --git a/tests/cookie/crypt.cryptlist.phpt b/tests/cookie/crypt.cryptlist.phpt
new file mode 100644
index 0000000..e56ac24
--- /dev/null
+++ b/tests/cookie/crypt.cryptlist.phpt
@@ -0,0 +1,29 @@
+--TEST--
+cookie encryption with cryptlist set
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=0
+suhosin.cookie.cryptdocroot=0
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+suhosin.cookie.cryptlist=a,b,foo,c
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+setcookie('foo2', 'bar2');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
+Set-Cookie: foo2=bar2
+\ No newline at end of file
diff --git a/tests/cookie/crypt.docroot.phpt b/tests/cookie/crypt.docroot.phpt
new file mode 100644
index 0000000..9eeb24b
--- /dev/null
+++ b/tests/cookie/crypt.docroot.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie encryption using document root
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=On
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+DOCUMENT_ROOT=/var/www
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=CY8CspcGmDQPsap1NqJO1uAjB6fobur1Os5ZCqFGhU8.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.invalid.phpt b/tests/cookie/crypt.invalid.phpt
new file mode 100644
index 0000000..b1d11dd
--- /dev/null
+++ b/tests/cookie/crypt.invalid.phpt
@@ -0,0 +1,26 @@
+--TEST--
+cookie encryption with invalid cookie
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+foo=test
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(0) {
+}
+\ No newline at end of file
diff --git a/tests/cookie/crypt.key_default.phpt b/tests/cookie/crypt.key_default.phpt
new file mode 100644
index 0000000..91b1fcf
--- /dev/null
+++ b/tests/cookie/crypt.key_default.phpt
@@ -0,0 +1,23 @@
+--TEST--
+cookie encryption with default key
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=D3F4UL7
+suhosin.cookie.cryptua=0
+suhosin.cookie.cryptdocroot=0
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=Jq5FsTmo4aEWrLMKdoEeUuFxZ4IujCzrQjg-8Y-xphg.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.key_empty.phpt b/tests/cookie/crypt.key_empty.phpt
new file mode 100644
index 0000000..1736575
--- /dev/null
+++ b/tests/cookie/crypt.key_empty.phpt
@@ -0,0 +1,23 @@
+--TEST--
+cookie encryption with empty key
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=0
+suhosin.cookie.cryptdocroot=0
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=Jq5FsTmo4aEWrLMKdoEeUuFxZ4IujCzrQjg-8Y-xphg.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.key_empty_remote_addr.phpt b/tests/cookie/crypt.key_empty_remote_addr.phpt
new file mode 100644
index 0000000..fb00766
--- /dev/null
+++ b/tests/cookie/crypt.key_empty_remote_addr.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie encryption with empty key and REMOTE_ADDR set
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=0
+suhosin.cookie.cryptdocroot=0
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.no_encryption.phpt b/tests/cookie/crypt.no_encryption.phpt
new file mode 100644
index 0000000..095ce5f
--- /dev/null
+++ b/tests/cookie/crypt.no_encryption.phpt
@@ -0,0 +1,16 @@
+--TEST--
+cookie without encryption
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=0
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=bar
+\ No newline at end of file
diff --git a/tests/cookie/crypt.plainlist.phpt b/tests/cookie/crypt.plainlist.phpt
new file mode 100644
index 0000000..8a29bb0
--- /dev/null
+++ b/tests/cookie/crypt.plainlist.phpt
@@ -0,0 +1,29 @@
+--TEST--
+cookie encryption with plainlist set
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=0
+suhosin.cookie.cryptdocroot=0
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+suhosin.cookie.plainlist=a,b,foo2,c
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+setcookie('foo2', 'bar2');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
+Set-Cookie: foo2=bar2
+\ No newline at end of file
diff --git a/tests/cookie/crypt.raddr_1.phpt b/tests/cookie/crypt.raddr_1.phpt
new file mode 100644
index 0000000..54400b5
--- /dev/null
+++ b/tests/cookie/crypt.raddr_1.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie encryption using REMOTE_ADDR (cryptraddr=1)
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=1
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=lwB1g2gEIQbzRLsbKEyLcKlmu6kpBNRd6sft46-la-4.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.raddr_2.phpt b/tests/cookie/crypt.raddr_2.phpt
new file mode 100644
index 0000000..e87b5e7
--- /dev/null
+++ b/tests/cookie/crypt.raddr_2.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie encryption using REMOTE_ADDR (cryptraddr=2)
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=2
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=iTnKmpON_PFkZ2Sv8omXt_myOw0LIxwZTmj5OZYQ5c8.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.raddr_3.phpt b/tests/cookie/crypt.raddr_3.phpt
new file mode 100644
index 0000000..a1394a5
--- /dev/null
+++ b/tests/cookie/crypt.raddr_3.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie encryption using REMOTE_ADDR (cryptraddr=3)
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=3
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=q2LriHN5UE2RN8YKu8N-k2hE5ShtXbk8vZooBU0idWg.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.raddr_4.phpt b/tests/cookie/crypt.raddr_4.phpt
new file mode 100644
index 0000000..2862f9f
--- /dev/null
+++ b/tests/cookie/crypt.raddr_4.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie encryption using REMOTE_ADDR (cryptraddr=4)
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=Off
+suhosin.cookie.cryptdocroot=Off
+suhosin.cookie.cryptraddr=4
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+REMOTE_ADDR=127.0.0.1
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=KYNdxYn5b1vujSEplr6YyON2A04YRH0YY4pCZWQDxG8.
+\ No newline at end of file
diff --git a/tests/cookie/crypt.ua.phpt b/tests/cookie/crypt.ua.phpt
new file mode 100644
index 0000000..48a98b3
--- /dev/null
+++ b/tests/cookie/crypt.ua.phpt
@@ -0,0 +1,27 @@
+--TEST--
+cookie with encryption using HTTP_USER_AGENT
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.cookie.encrypt=1
+suhosin.cookie.cryptkey=
+suhosin.cookie.cryptua=On
+suhosin.cookie.cryptdocroot=0
+suhosin.cookie.cryptraddr=0
+suhosin.cookie.checkraddr=0
+;suhosin.cookie.cryptlist=
+;suhosin.cookie.plainlist=
+--ENV--
+return <<<END
+HTTP_USER_AGENT=test
+END;
+--COOKIE--
+a=b
+--FILE--
+<?php
+setcookie('foo', 'bar');
+$ch = preg_grep("/^Set-Cookie:/", headers_list());
+echo join("\n", array_values($ch));
+?>
+--EXPECTF--
+Set-Cookie: foo=ZWvJsNdplAsT5Uz57vuUq7-_pbjyXTGeMrUfSrgre5w.
+\ No newline at end of file
author	Stefan Esser	2014-02-18 14:52:12 +0100
committer	Stefan Esser	2014-02-18 14:52:12 +0100
commit	6fef70730793eccc4943bca48c47439cd19b213e (patch)
tree	832e88b95420d99253cf61480df810c548992215
parent	80e2f83cff1750937ba02916d2326ce75e09ef4c (diff)

diff --git a/tests/cookie/crypt.checkraddr_4.phpt b/tests/cookie/crypt.checkraddr_4.phpt new file mode 100644 index 0000000..35c3495 --- /dev/null +++ b/tests/cookie/crypt.checkraddr_4.phpt
@@ -0,0 +1,28 @@
	1	--TEST--
	2	cookie encryption with checkraddr=4
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=4
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
	20	--FILE--
	21	<?php
	22	var_dump($_COOKIE);
	23	?>
	24	--EXPECTF--
	25	array(1) {
	26	["foo"]=>
	27	string(3) "bar"
	28	} \ No newline at end of file


diff --git a/tests/cookie/crypt.checkraddr_4_incorrect.phpt b/tests/cookie/crypt.checkraddr_4_incorrect.phpt new file mode 100644 index 0000000..00c2e23 --- /dev/null +++ b/tests/cookie/crypt.checkraddr_4_incorrect.phpt
@@ -0,0 +1,26 @@
	1	--TEST--
	2	cookie encryption with checkraddr=4
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=4
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.2
	17	END;
	18	--COOKIE--
	19	foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
	20	--FILE--
	21	<?php
	22	var_dump($_COOKIE);
	23	?>
	24	--EXPECTF--
	25	array(0) {
	26	} \ No newline at end of file


diff --git a/tests/cookie/crypt.cryptlist.phpt b/tests/cookie/crypt.cryptlist.phpt new file mode 100644 index 0000000..e56ac24 --- /dev/null +++ b/tests/cookie/crypt.cryptlist.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	cookie encryption with cryptlist set
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=0
	9	suhosin.cookie.cryptdocroot=0
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	suhosin.cookie.cryptlist=a,b,foo,c
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	setcookie('foo2', 'bar2');
	24	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	25	echo join("\n", array_values($ch));
	26	?>
	27	--EXPECTF--
	28	Set-Cookie: foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
	29	Set-Cookie: foo2=bar2 \ No newline at end of file


diff --git a/tests/cookie/crypt.docroot.phpt b/tests/cookie/crypt.docroot.phpt new file mode 100644 index 0000000..9eeb24b --- /dev/null +++ b/tests/cookie/crypt.docroot.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie encryption using document root
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=On
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	DOCUMENT_ROOT=/var/www
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=CY8CspcGmDQPsap1NqJO1uAjB6fobur1Os5ZCqFGhU8. \ No newline at end of file


diff --git a/tests/cookie/crypt.invalid.phpt b/tests/cookie/crypt.invalid.phpt new file mode 100644 index 0000000..b1d11dd --- /dev/null +++ b/tests/cookie/crypt.invalid.phpt
@@ -0,0 +1,26 @@
	1	--TEST--
	2	cookie encryption with invalid cookie
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	foo=test
	20	--FILE--
	21	<?php
	22	var_dump($_COOKIE);
	23	?>
	24	--EXPECTF--
	25	array(0) {
	26	} \ No newline at end of file


diff --git a/tests/cookie/crypt.key_default.phpt b/tests/cookie/crypt.key_default.phpt new file mode 100644 index 0000000..91b1fcf --- /dev/null +++ b/tests/cookie/crypt.key_default.phpt
@@ -0,0 +1,23 @@
	1	--TEST--
	2	cookie encryption with default key
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=D3F4UL7
	8	suhosin.cookie.cryptua=0
	9	suhosin.cookie.cryptdocroot=0
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--COOKIE--
	15	a=b
	16	--FILE--
	17	<?php
	18	setcookie('foo', 'bar');
	19	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	20	echo join("\n", array_values($ch));
	21	?>
	22	--EXPECTF--
	23	Set-Cookie: foo=Jq5FsTmo4aEWrLMKdoEeUuFxZ4IujCzrQjg-8Y-xphg. \ No newline at end of file


diff --git a/tests/cookie/crypt.key_empty.phpt b/tests/cookie/crypt.key_empty.phpt new file mode 100644 index 0000000..1736575 --- /dev/null +++ b/tests/cookie/crypt.key_empty.phpt
@@ -0,0 +1,23 @@
	1	--TEST--
	2	cookie encryption with empty key
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=0
	9	suhosin.cookie.cryptdocroot=0
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--COOKIE--
	15	a=b
	16	--FILE--
	17	<?php
	18	setcookie('foo', 'bar');
	19	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	20	echo join("\n", array_values($ch));
	21	?>
	22	--EXPECTF--
	23	Set-Cookie: foo=Jq5FsTmo4aEWrLMKdoEeUuFxZ4IujCzrQjg-8Y-xphg. \ No newline at end of file


diff --git a/tests/cookie/crypt.key_empty_remote_addr.phpt b/tests/cookie/crypt.key_empty_remote_addr.phpt new file mode 100644 index 0000000..fb00766 --- /dev/null +++ b/tests/cookie/crypt.key_empty_remote_addr.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie encryption with empty key and REMOTE_ADDR set
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=0
	9	suhosin.cookie.cryptdocroot=0
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8. \ No newline at end of file


diff --git a/tests/cookie/crypt.no_encryption.phpt b/tests/cookie/crypt.no_encryption.phpt new file mode 100644 index 0000000..095ce5f --- /dev/null +++ b/tests/cookie/crypt.no_encryption.phpt
@@ -0,0 +1,16 @@
	1	--TEST--
	2	cookie without encryption
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=0
	7	--COOKIE--
	8	a=b
	9	--FILE--
	10	<?php
	11	setcookie('foo', 'bar');
	12	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	13	echo join("\n", array_values($ch));
	14	?>
	15	--EXPECTF--
	16	Set-Cookie: foo=bar \ No newline at end of file


diff --git a/tests/cookie/crypt.plainlist.phpt b/tests/cookie/crypt.plainlist.phpt new file mode 100644 index 0000000..8a29bb0 --- /dev/null +++ b/tests/cookie/crypt.plainlist.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	cookie encryption with plainlist set
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=0
	9	suhosin.cookie.cryptdocroot=0
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	suhosin.cookie.plainlist=a,b,foo2,c
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	setcookie('foo2', 'bar2');
	24	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	25	echo join("\n", array_values($ch));
	26	?>
	27	--EXPECTF--
	28	Set-Cookie: foo=EgJxlQxzPwoAcVFj395vssv3hy1rAem1lH9qZYUvRi8.
	29	Set-Cookie: foo2=bar2 \ No newline at end of file


diff --git a/tests/cookie/crypt.raddr_1.phpt b/tests/cookie/crypt.raddr_1.phpt new file mode 100644 index 0000000..54400b5 --- /dev/null +++ b/tests/cookie/crypt.raddr_1.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie encryption using REMOTE_ADDR (cryptraddr=1)
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=1
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=lwB1g2gEIQbzRLsbKEyLcKlmu6kpBNRd6sft46-la-4. \ No newline at end of file


diff --git a/tests/cookie/crypt.raddr_2.phpt b/tests/cookie/crypt.raddr_2.phpt new file mode 100644 index 0000000..e87b5e7 --- /dev/null +++ b/tests/cookie/crypt.raddr_2.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie encryption using REMOTE_ADDR (cryptraddr=2)
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=2
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=iTnKmpON_PFkZ2Sv8omXt_myOw0LIxwZTmj5OZYQ5c8. \ No newline at end of file


diff --git a/tests/cookie/crypt.raddr_3.phpt b/tests/cookie/crypt.raddr_3.phpt new file mode 100644 index 0000000..a1394a5 --- /dev/null +++ b/tests/cookie/crypt.raddr_3.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie encryption using REMOTE_ADDR (cryptraddr=3)
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=3
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=q2LriHN5UE2RN8YKu8N-k2hE5ShtXbk8vZooBU0idWg. \ No newline at end of file


diff --git a/tests/cookie/crypt.raddr_4.phpt b/tests/cookie/crypt.raddr_4.phpt new file mode 100644 index 0000000..2862f9f --- /dev/null +++ b/tests/cookie/crypt.raddr_4.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie encryption using REMOTE_ADDR (cryptraddr=4)
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=Off
	9	suhosin.cookie.cryptdocroot=Off
	10	suhosin.cookie.cryptraddr=4
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	REMOTE_ADDR=127.0.0.1
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=KYNdxYn5b1vujSEplr6YyON2A04YRH0YY4pCZWQDxG8. \ No newline at end of file


diff --git a/tests/cookie/crypt.ua.phpt b/tests/cookie/crypt.ua.phpt new file mode 100644 index 0000000..48a98b3 --- /dev/null +++ b/tests/cookie/crypt.ua.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	cookie with encryption using HTTP_USER_AGENT
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.cookie.encrypt=1
	7	suhosin.cookie.cryptkey=
	8	suhosin.cookie.cryptua=On
	9	suhosin.cookie.cryptdocroot=0
	10	suhosin.cookie.cryptraddr=0
	11	suhosin.cookie.checkraddr=0
	12	;suhosin.cookie.cryptlist=
	13	;suhosin.cookie.plainlist=
	14	--ENV--
	15	return <<<END
	16	HTTP_USER_AGENT=test
	17	END;
	18	--COOKIE--
	19	a=b
	20	--FILE--
	21	<?php
	22	setcookie('foo', 'bar');
	23	$ch = preg_grep("/^Set-Cookie:/", headers_list());
	24	echo join("\n", array_values($ch));
	25	?>
	26	--EXPECTF--
	27	Set-Cookie: foo=ZWvJsNdplAsT5Uz57vuUq7-_pbjyXTGeMrUfSrgre5w. \ No newline at end of file