Add tests for suhosin.get/post/cookie.max_totalname_length filter

author: Stefan Esser 2014-02-16 12:04:56 +0100
committer: Stefan Esser 2014-02-16 12:04:56 +0100
commit: 3777acec1612a1c380ed3124b26de0bc3febc88d (patch)
tree: 13556cbe78ecfa0d5dbda4f9f1e658756c11e2fc
parent: fb48d9f8eae679d5a79fd488bdac6a90e61a923a (diff)
4 files changed, 195 insertions, 0 deletions
diff --git a/tests/filter/input_filter_cookie_max_totalname_length.phpt b/tests/filter/input_filter_cookie_max_totalname_length.phpt
new file mode 100644
index 0000000..b356dc6
--- /dev/null
+++ b/tests/filter/input_filter_cookie_max_totalname_length.phpt
@@ -0,0 +1,42 @@
+--TEST--
+suhosin input filter (suhosin.cookie.max_totalname_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_totalname_length=0
+suhosin.cookie.max_totalname_length=7
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6;
+--GET--
+--POST--
+--FILE--
+<?php
+var_dump($_COOKIE);
+?>
+--EXPECTF--
+array(5) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var04"]=>
+  string(1) "4"
+  ["var05"]=>
+  array(1) {
+    [0]=>
+    string(1) "5"
+  }
+}
+ALERT - configured COOKIE variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured COOKIE variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (0 in GET, 0 in POST, 2 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_get_max_totalname_length.phpt b/tests/filter/input_filter_get_max_totalname_length.phpt
new file mode 100644
index 0000000..1353ee0
--- /dev/null
+++ b/tests/filter/input_filter_get_max_totalname_length.phpt
@@ -0,0 +1,42 @@
+--TEST--
+suhosin input filter (suhosin.get.max_totalname_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_totalname_length=0
+suhosin.get.max_totalname_length=7
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
+--POST--
+--FILE--
+<?php
+var_dump($_GET);
+?>
+--EXPECTF--
+array(5) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var04"]=>
+  string(1) "4"
+  ["var05"]=>
+  array(1) {
+    [0]=>
+    string(1) "5"
+  }
+}
+ALERT - configured GET variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured GET variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (2 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_post_max_totalname_length.phpt b/tests/filter/input_filter_post_max_totalname_length.phpt
new file mode 100644
index 0000000..b922302
--- /dev/null
+++ b/tests/filter/input_filter_post_max_totalname_length.phpt
@@ -0,0 +1,41 @@
+--TEST--
+suhosin input filter (suhosin.post.max_totalname_length)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_totalname_length=0
+suhosin.post.max_totalname_length=7
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST--
+var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(5) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var04"]=>
+  string(1) "4"
+  ["var05"]=>
+  array(1) {
+    [0]=>
+    string(1) "5"
+  }
+}
+ALERT - configured POST variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
diff --git a/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt b/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt
new file mode 100644
index 0000000..bbbcca4
--- /dev/null
+++ b/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt
@@ -0,0 +1,70 @@
+--TEST--
+suhosin input filter (suhosin.post.max_totalname_length - RFC1867 version)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+suhosin.request.max_totalname_length=0
+suhosin.post.max_totalname_length=7
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var"
+0
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var1"
+1
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var2[]"
+2
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var3[xxx]"
+3
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var04"
+4
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var05[]"
+5
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="var06[xxx]"
+6
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_POST);
+?>
+--EXPECTF--
+array(5) {
+  ["var"]=>
+  string(1) "0"
+  ["var1"]=>
+  string(1) "1"
+  ["var2"]=>
+  array(1) {
+    [0]=>
+    string(1) "2"
+  }
+  ["var04"]=>
+  string(1) "4"
+  ["var05"]=>
+  array(1) {
+    [0]=>
+    string(1) "5"
+  }
+}
+ALERT - configured POST variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - configured POST variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
author	Stefan Esser	2014-02-16 12:04:56 +0100
committer	Stefan Esser	2014-02-16 12:04:56 +0100
commit	3777acec1612a1c380ed3124b26de0bc3febc88d (patch)
tree	13556cbe78ecfa0d5dbda4f9f1e658756c11e2fc
parent	fb48d9f8eae679d5a79fd488bdac6a90e61a923a (diff)

diff --git a/tests/filter/input_filter_cookie_max_totalname_length.phpt b/tests/filter/input_filter_cookie_max_totalname_length.phpt new file mode 100644 index 0000000..b356dc6 --- /dev/null +++ b/tests/filter/input_filter_cookie_max_totalname_length.phpt
@@ -0,0 +1,42 @@
	1	--TEST--
	2	suhosin input filter (suhosin.cookie.max_totalname_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_totalname_length=0
	9	suhosin.cookie.max_totalname_length=7
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	var=0;var1=1;var2[]=2;var3[xxx]=3;var04=4;var05[]=5;var06[xxx]=6;
	14	--GET--
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_COOKIE);
	19	?>
	20	--EXPECTF--
	21	array(5) {
	22	["var"]=>
	23	string(1) "0"
	24	["var1"]=>
	25	string(1) "1"
	26	["var2"]=>
	27	array(1) {
	28	[0]=>
	29	string(1) "2"
	30	}
	31	["var04"]=>
	32	string(1) "4"
	33	["var05"]=>
	34	array(1) {
	35	[0]=>
	36	string(1) "5"
	37	}
	38	}
	39	ALERT - configured COOKIE variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - configured COOKIE variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	41	ALERT - dropped 2 request variables - (0 in GET, 0 in POST, 2 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	42


diff --git a/tests/filter/input_filter_get_max_totalname_length.phpt b/tests/filter/input_filter_get_max_totalname_length.phpt new file mode 100644 index 0000000..1353ee0 --- /dev/null +++ b/tests/filter/input_filter_get_max_totalname_length.phpt
@@ -0,0 +1,42 @@
	1	--TEST--
	2	suhosin input filter (suhosin.get.max_totalname_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_totalname_length=0
	9	suhosin.get.max_totalname_length=7
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
	15	--POST--
	16	--FILE--
	17	<?php
	18	var_dump($_GET);
	19	?>
	20	--EXPECTF--
	21	array(5) {
	22	["var"]=>
	23	string(1) "0"
	24	["var1"]=>
	25	string(1) "1"
	26	["var2"]=>
	27	array(1) {
	28	[0]=>
	29	string(1) "2"
	30	}
	31	["var04"]=>
	32	string(1) "4"
	33	["var05"]=>
	34	array(1) {
	35	[0]=>
	36	string(1) "5"
	37	}
	38	}
	39	ALERT - configured GET variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - configured GET variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	41	ALERT - dropped 2 request variables - (2 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	42


diff --git a/tests/filter/input_filter_post_max_totalname_length.phpt b/tests/filter/input_filter_post_max_totalname_length.phpt new file mode 100644 index 0000000..b922302 --- /dev/null +++ b/tests/filter/input_filter_post_max_totalname_length.phpt
@@ -0,0 +1,41 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_totalname_length)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_totalname_length=0
	9	suhosin.post.max_totalname_length=7
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST--
	15	var=0&var1=1&var2[]=2&var3[xxx]=3&var04=4&var05[]=5&var06[xxx]=6&
	16	--FILE--
	17	<?php
	18	var_dump($_POST);
	19	?>
	20	--EXPECTF--
	21	array(5) {
	22	["var"]=>
	23	string(1) "0"
	24	["var1"]=>
	25	string(1) "1"
	26	["var2"]=>
	27	array(1) {
	28	[0]=>
	29	string(1) "2"
	30	}
	31	["var04"]=>
	32	string(1) "4"
	33	["var05"]=>
	34	array(1) {
	35	[0]=>
	36	string(1) "5"
	37	}
	38	}
	39	ALERT - configured POST variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - configured POST variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	41	ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')


diff --git a/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt b/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt new file mode 100644 index 0000000..bbbcca4 --- /dev/null +++ b/tests/filter/input_filter_post_max_totalname_length_rfc1867.phpt
@@ -0,0 +1,70 @@
	1	--TEST--
	2	suhosin input filter (suhosin.post.max_totalname_length - RFC1867 version)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	suhosin.request.max_totalname_length=0
	9	suhosin.post.max_totalname_length=7
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST_RAW--
	15	Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
	16	-----------------------------20896060251896012921717172737
	17	Content-Disposition: form-data; name="var"
	18
	19	0
	20	-----------------------------20896060251896012921717172737
	21	Content-Disposition: form-data; name="var1"
	22
	23	1
	24	-----------------------------20896060251896012921717172737
	25	Content-Disposition: form-data; name="var2[]"
	26
	27	2
	28	-----------------------------20896060251896012921717172737
	29	Content-Disposition: form-data; name="var3[xxx]"
	30
	31	3
	32	-----------------------------20896060251896012921717172737
	33	Content-Disposition: form-data; name="var04"
	34
	35	4
	36	-----------------------------20896060251896012921717172737
	37	Content-Disposition: form-data; name="var05[]"
	38
	39	5
	40	-----------------------------20896060251896012921717172737
	41	Content-Disposition: form-data; name="var06[xxx]"
	42
	43	6
	44	-----------------------------20896060251896012921717172737--
	45	--FILE--
	46	<?php
	47	var_dump($_POST);
	48	?>
	49	--EXPECTF--
	50	array(5) {
	51	["var"]=>
	52	string(1) "0"
	53	["var1"]=>
	54	string(1) "1"
	55	["var2"]=>
	56	array(1) {
	57	[0]=>
	58	string(1) "2"
	59	}
	60	["var04"]=>
	61	string(1) "4"
	62	["var05"]=>
	63	array(1) {
	64	[0]=>
	65	string(1) "5"
	66	}
	67	}
	68	ALERT - configured POST variable total name length limit exceeded - dropped variable 'var3[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	69	ALERT - configured POST variable total name length limit exceeded - dropped variable 'var06[xxx]' (attacker 'REMOTE_ADDR not set', file '%s')
	70	ALERT - dropped 2 request variables - (0 in GET, 2 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')