Test for suhosin.request.disallow_ws

author: Stefan Esser 2014-02-12 19:32:05 +0100
committer: Stefan Esser 2014-02-12 19:32:05 +0100
commit: 7ac74540af7598e25b6970f2eb32abb12297b704 (patch)
tree: 2545c5f99e5d7975cbfc60418817f16218bfddaa
parent: 0b6f0ba5feeef8b7f5069736db795c184ae9ff57 (diff)
1 files changed, 27 insertions, 0 deletions
diff --git a/tests/filter/get_filter_request_disallow_ws.phpt b/tests/filter/get_filter_request_disallow_ws.phpt
new file mode 100644
index 0000000..fd22d62
--- /dev/null
+++ b/tests/filter/get_filter_request_disallow_ws.phpt
@@ -0,0 +1,27 @@
+--TEST--
+suhosin input filter (suhosin.request.disallow_ws)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.disallow_ws=1
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+var1=1&var2=2&%20var3=3& var4=4&
+--POST--
+--FILE--
+<?php
+var_dump($_GET);
+?>
+--EXPECTF--
+array(1) {
+  ["var2"]=>
+  string(1) "2"
+}
+ALERT - request variable name begins with disallowed whitespace - dropped variable ' var1' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - request variable name begins with disallowed whitespace - dropped variable ' var3' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - request variable name begins with disallowed whitespace - dropped variable ' var4' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 3 request variables - (3 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
author	Stefan Esser	2014-02-12 19:32:05 +0100
committer	Stefan Esser	2014-02-12 19:32:05 +0100
commit	7ac74540af7598e25b6970f2eb32abb12297b704 (patch)
tree	2545c5f99e5d7975cbfc60418817f16218bfddaa
parent	0b6f0ba5feeef8b7f5069736db795c184ae9ff57 (diff)

diff --git a/tests/filter/get_filter_request_disallow_ws.phpt b/tests/filter/get_filter_request_disallow_ws.phpt new file mode 100644 index 0000000..fd22d62 --- /dev/null +++ b/tests/filter/get_filter_request_disallow_ws.phpt
@@ -0,0 +1,27 @@
	1	--TEST--
	2	suhosin input filter (suhosin.request.disallow_ws)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.disallow_ws=1
	9	--SKIPIF--
	10	<?php include('skipif.inc'); ?>
	11	--COOKIE--
	12	--GET--
	13	+var1=1&var2=2&%20var3=3& var4=4&
	14	--POST--
	15	--FILE--
	16	<?php
	17	var_dump($_GET);
	18	?>
	19	--EXPECTF--
	20	array(1) {
	21	["var2"]=>
	22	string(1) "2"
	23	}
	24	ALERT - request variable name begins with disallowed whitespace - dropped variable ' var1' (attacker 'REMOTE_ADDR not set', file '%s')
	25	ALERT - request variable name begins with disallowed whitespace - dropped variable ' var3' (attacker 'REMOTE_ADDR not set', file '%s')
	26	ALERT - request variable name begins with disallowed whitespace - dropped variable ' var4' (attacker 'REMOTE_ADDR not set', file '%s')
	27	ALERT - dropped 3 request variables - (3 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file