Tests for suhosin.XXX.max_array_depth

author: Stefan Esser 2014-02-13 11:08:59 +0100
committer: Stefan Esser 2014-02-13 11:08:59 +0100
commit: 63519762d8131b9c6d3f15cca5b498c780523297 (patch)
tree: f9c75823efb73e3ece9856d705a514d7a5afa1d3
parent: 1a0dbc9684ddd3f6227a09346c63c1c5e789bd4d (diff)
5 files changed, 427 insertions, 0 deletions
diff --git a/tests/filter/input_filter_cookie_max_array_depth.phpt b/tests/filter/input_filter_cookie_max_array_depth.phpt
new file mode 100644
index 0000000..10fc667
--- /dev/null
+++ b/tests/filter/input_filter_cookie_max_array_depth.phpt
@@ -0,0 +1,63 @@
+--TEST--
+suhosin input filter (suhosin.cookie.max_array_depth)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_depth=0
+suhosin.cookie.max_array_depth=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6;
+--GET--
+--POST--
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+ALERT - configured COOKIE variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured COOKIE variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (0 in GET, 0 in POST, 2 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_get_max_array_depth.phpt b/tests/filter/input_filter_get_max_array_depth.phpt
new file mode 100644
index 0000000..9a32f29
--- /dev/null
+++ b/tests/filter/input_filter_get_max_array_depth.phpt
@@ -0,0 +1,63 @@
+--TEST--
+suhosin input filter (suhosin.get.max_array_depth)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_depth=0
+suhosin.get.max_array_depth=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
+--POST--
+--FILE--
+<?php
+var_dump($_GET);
+?>
+--EXPECTF--
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+ALERT - configured GET variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured GET variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (2 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_post_max_array_depth.phpt b/tests/filter/input_filter_post_max_array_depth.phpt
new file mode 100644
index 0000000..97cd501
--- /dev/null
+++ b/tests/filter/input_filter_post_max_array_depth.phpt
@@ -0,0 +1,63 @@
+--TEST--
+suhosin input filter (suhosin.post.max_array_depth)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_depth=0
+suhosin.post.max_array_depth=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
+var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+ALERT - configured POST variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt b/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt
new file mode 100644
index 0000000..e8fd566
--- /dev/null
+++ b/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt
@@ -0,0 +1,88 @@
+--TEST--
+suhosin input filter (suhosin.post.max_array_depth - RFC1867 version)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_depth=0
+suhosin.post.max_array_depth=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var1[]"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var2[][]"
+2
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var3[][][]"
+3
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var4[][][][]"
+4
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var5[][][][][]"
+5
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var6[][][][][][]"
+6
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+ALERT - configured POST variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_request_max_array_depth.phpt b/tests/filter/input_filter_request_max_array_depth.phpt
new file mode 100644
index 0000000..ca67a39
--- /dev/null
+++ b/tests/filter/input_filter_request_max_array_depth.phpt
@@ -0,0 +1,150 @@
+--TEST--
+suhosin input filter (suhosin.request.max_array_depth)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_array_depth=4
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6;
+--GET--
+var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
+--POST--
+var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
+--FILE--
+<?php
+var_dump($_GET);
+var_dump($_POST);
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+array(4) {
+  ["var1"]=>
+  array(1) {
+    [0]=>
+    string(1) "1"
+  }
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      string(1) "2"
+    }
+  }
+  ["var3"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        string(1) "3"
+      }
+    }
+  }
+  ["var4"]=>
+  array(1) {
+    [0]=>
+    array(1) {
+      [0]=>
+      array(1) {
+        [0]=>
+        array(1) {
+          [0]=>
+          string(1) "4"
+        }
+      }
+    }
+  }
+}
+ALERT - configured request variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured request variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 6 request variables - (2 in GET, 2 in POST, 2 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
author	Stefan Esser	2014-02-13 11:08:59 +0100
committer	Stefan Esser	2014-02-13 11:08:59 +0100
commit	63519762d8131b9c6d3f15cca5b498c780523297 (patch)
tree	f9c75823efb73e3ece9856d705a514d7a5afa1d3
parent	1a0dbc9684ddd3f6227a09346c63c1c5e789bd4d (diff)

diff --git a/tests/filter/input_filter_cookie_max_array_depth.phpt b/tests/filter/input_filter_cookie_max_array_depth.phpt new file mode 100644 index 0000000..10fc667 --- /dev/null +++ b/tests/filter/input_filter_cookie_max_array_depth.phpt
@@ -0,0 +1,63 @@
	1	--TEST--
	2	suhosin input filter (suhosin.cookie.max_array_depth)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_depth=0
	9	suhosin.cookie.max_array_depth=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6;
	14	--GET--
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_COOKIE);
	19	?>
	20	--EXPECTF--
	21	array(4) {
	22	["var1"]=>
	23	array(1) {
	24	[0]=>
	25	string(1) "1"
	26	}
	27	["var2"]=>
	28	array(1) {
	29	[0]=>
	30	array(1) {
	31	[0]=>
	32	string(1) "2"
	33	}
	34	}
	35	["var3"]=>
	36	array(1) {
	37	[0]=>
	38	array(1) {
	39	[0]=>
	40	array(1) {
	41	[0]=>
	42	string(1) "3"
	43	}
	44	}
	45	}
	46	["var4"]=>
	47	array(1) {
	48	[0]=>
	49	array(1) {
	50	[0]=>
	51	array(1) {
	52	[0]=>
	53	array(1) {
	54	[0]=>
	55	string(1) "4"
	56	}
	57	}
	58	}
	59	}
	60	}
	61	ALERT - configured COOKIE variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	62	ALERT - configured COOKIE variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	63	ALERT - dropped 2 request variables - (0 in GET, 0 in POST, 2 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')


diff --git a/tests/filter/input_filter_get_max_array_depth.phpt b/tests/filter/input_filter_get_max_array_depth.phpt new file mode 100644 index 0000000..9a32f29 --- /dev/null +++ b/tests/filter/input_filter_get_max_array_depth.phpt
@@ -0,0 +1,63 @@
	1	--TEST--
	2	suhosin input filter (suhosin.get.max_array_depth)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_depth=0
	9	suhosin.get.max_array_depth=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_GET);
	19	?>
	20	--EXPECTF--
	21	array(4) {
	22	["var1"]=>
	23	array(1) {
	24	[0]=>
	25	string(1) "1"
	26	}
	27	["var2"]=>
	28	array(1) {
	29	[0]=>
	30	array(1) {
	31	[0]=>
	32	string(1) "2"
	33	}
	34	}
	35	["var3"]=>
	36	array(1) {
	37	[0]=>
	38	array(1) {
	39	[0]=>
	40	array(1) {
	41	[0]=>
	42	string(1) "3"
	43	}
	44	}
	45	}
	46	["var4"]=>
	47	array(1) {
	48	[0]=>
	49	array(1) {
	50	[0]=>
	51	array(1) {
	52	[0]=>
	53	array(1) {
	54	[0]=>
	55	string(1) "4"
	56	}
	57	}
	58	}
	59	}
	60	}
	61	ALERT - configured GET variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	62	ALERT - configured GET variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	63	ALERT - dropped 2 request variables - (2 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')


diff --git a/tests/filter/input_filter_post_max_array_depth.phpt b/tests/filter/input_filter_post_max_array_depth.phpt new file mode 100644 index 0000000..97cd501 --- /dev/null +++ b/tests/filter/input_filter_post_max_array_depth.phpt
@@ -0,0 +1,63 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_array_depth)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_depth=0
	9	suhosin.post.max_array_depth=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST--
	15	var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
	16	--FILE--
	17	<?php
	18	var_dump($_POST);
	19	?>
	20	--EXPECTF--
	21	array(4) {
	22	["var1"]=>
	23	array(1) {
	24	[0]=>
	25	string(1) "1"
	26	}
	27	["var2"]=>
	28	array(1) {
	29	[0]=>
	30	array(1) {
	31	[0]=>
	32	string(1) "2"
	33	}
	34	}
	35	["var3"]=>
	36	array(1) {
	37	[0]=>
	38	array(1) {
	39	[0]=>
	40	array(1) {
	41	[0]=>
	42	string(1) "3"
	43	}
	44	}
	45	}
	46	["var4"]=>
	47	array(1) {
	48	[0]=>
	49	array(1) {
	50	[0]=>
	51	array(1) {
	52	[0]=>
	53	array(1) {
	54	[0]=>
	55	string(1) "4"
	56	}
	57	}
	58	}
	59	}
	60	}
	61	ALERT - configured POST variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	62	ALERT - configured POST variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	63	ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')


diff --git a/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt b/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt new file mode 100644 index 0000000..e8fd566 --- /dev/null +++ b/tests/filter/input_filter_post_max_array_depth_rfc1867.phpt
@@ -0,0 +1,88 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_array_depth - RFC1867 version)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_depth=0
	9	suhosin.post.max_array_depth=4
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST_RAW--
	15	Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
	16	-----------------------------20896060251896012921717172737
	17	Content-Disposition: form-data; name="var1[]"
	18
	19	1
	20	-----------------------------20896060251896012921717172737
	21	Content-Disposition: form-data; name="var2[][]"
	22
	23	2
	24	-----------------------------20896060251896012921717172737
	25	Content-Disposition: form-data; name="var3[][][]"
	26
	27	3
	28	-----------------------------20896060251896012921717172737
	29	Content-Disposition: form-data; name="var4[][][][]"
	30
	31	4
	32	-----------------------------20896060251896012921717172737
	33	Content-Disposition: form-data; name="var5[][][][][]"
	34
	35	5
	36	-----------------------------20896060251896012921717172737
	37	Content-Disposition: form-data; name="var6[][][][][][]"
	38
	39	6
	40	-----------------------------20896060251896012921717172737--
	41	--FILE--
	42	<?php
	43	var_dump($_POST);
	44	?>
	45	--EXPECTF--
	46	array(4) {
	47	["var1"]=>
	48	array(1) {
	49	[0]=>
	50	string(1) "1"
	51	}
	52	["var2"]=>
	53	array(1) {
	54	[0]=>
	55	array(1) {
	56	[0]=>
	57	string(1) "2"
	58	}
	59	}
	60	["var3"]=>
	61	array(1) {
	62	[0]=>
	63	array(1) {
	64	[0]=>
	65	array(1) {
	66	[0]=>
	67	string(1) "3"
	68	}
	69	}
	70	}
	71	["var4"]=>
	72	array(1) {
	73	[0]=>
	74	array(1) {
	75	[0]=>
	76	array(1) {
	77	[0]=>
	78	array(1) {
	79	[0]=>
	80	string(1) "4"
	81	}
	82	}
	83	}
	84	}
	85	}
	86	ALERT - configured POST variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	87	ALERT - configured POST variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	88	ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')


diff --git a/tests/filter/input_filter_request_max_array_depth.phpt b/tests/filter/input_filter_request_max_array_depth.phpt new file mode 100644 index 0000000..ca67a39 --- /dev/null +++ b/tests/filter/input_filter_request_max_array_depth.phpt
@@ -0,0 +1,150 @@
	1	--TEST--
	2	suhosin input filter (suhosin.request.max_array_depth)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_array_depth=4
	9	--SKIPIF--
	10	<?php include('skipif.inc'); ?>
	11	--COOKIE--
	12	var1[]=1;var2[][]=2;var3[][][]=3;var4[][][][]=4;var5[][][][][]=5;var6[][][][][][]=6;
	13	--GET--
	14	var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
	15	--POST--
	16	var1[]=1&var2[][]=2&var3[][][]=3&var4[][][][]=4&var5[][][][][]=5&var6[][][][][][]=6&
	17	--FILE--
	18	<?php
	19	var_dump($_GET);
	20	var_dump($_POST);
	21	var_dump($_COOKIE);
	22	?>
	23	--EXPECTF--
	24	array(4) {
	25	["var1"]=>
	26	array(1) {
	27	[0]=>
	28	string(1) "1"
	29	}
	30	["var2"]=>
	31	array(1) {
	32	[0]=>
	33	array(1) {
	34	[0]=>
	35	string(1) "2"
	36	}
	37	}
	38	["var3"]=>
	39	array(1) {
	40	[0]=>
	41	array(1) {
	42	[0]=>
	43	array(1) {
	44	[0]=>
	45	string(1) "3"
	46	}
	47	}
	48	}
	49	["var4"]=>
	50	array(1) {
	51	[0]=>
	52	array(1) {
	53	[0]=>
	54	array(1) {
	55	[0]=>
	56	array(1) {
	57	[0]=>
	58	string(1) "4"
	59	}
	60	}
	61	}
	62	}
	63	}
	64	array(4) {
	65	["var1"]=>
	66	array(1) {
	67	[0]=>
	68	string(1) "1"
	69	}
	70	["var2"]=>
	71	array(1) {
	72	[0]=>
	73	array(1) {
	74	[0]=>
	75	string(1) "2"
	76	}
	77	}
	78	["var3"]=>
	79	array(1) {
	80	[0]=>
	81	array(1) {
	82	[0]=>
	83	array(1) {
	84	[0]=>
	85	string(1) "3"
	86	}
	87	}
	88	}
	89	["var4"]=>
	90	array(1) {
	91	[0]=>
	92	array(1) {
	93	[0]=>
	94	array(1) {
	95	[0]=>
	96	array(1) {
	97	[0]=>
	98	string(1) "4"
	99	}
	100	}
	101	}
	102	}
	103	}
	104	array(4) {
	105	["var1"]=>
	106	array(1) {
	107	[0]=>
	108	string(1) "1"
	109	}
	110	["var2"]=>
	111	array(1) {
	112	[0]=>
	113	array(1) {
	114	[0]=>
	115	string(1) "2"
	116	}
	117	}
	118	["var3"]=>
	119	array(1) {
	120	[0]=>
	121	array(1) {
	122	[0]=>
	123	array(1) {
	124	[0]=>
	125	string(1) "3"
	126	}
	127	}
	128	}
	129	["var4"]=>
	130	array(1) {
	131	[0]=>
	132	array(1) {
	133	[0]=>
	134	array(1) {
	135	[0]=>
	136	array(1) {
	137	[0]=>
	138	string(1) "4"
	139	}
	140	}
	141	}
	142	}
	143	}
	144	ALERT - configured request variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	145	ALERT - configured request variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	146	ALERT - configured request variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	147	ALERT - configured request variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	148	ALERT - configured request variable array depth limit exceeded - dropped variable 'var5[][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	149	ALERT - configured request variable array depth limit exceeded - dropped variable 'var6[][][][][][]' (attacker 'REMOTE_ADDR not set', file '%s')
	150	ALERT - dropped 6 request variables - (2 in GET, 2 in POST, 2 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')