Add testcase for server variables filter

author: Stefan Esser 2014-02-12 17:42:37 +0100
committer: Stefan Esser 2014-02-12 17:42:37 +0100
commit: 7b3cfa84ff15cc0d4d84f33974c8120aaad0246f (patch)
tree: a80d703d01cc8b5100fa4665d1d52663ef38a5ba
parent: 9160beeceff38cd6e0725b0f6b215de1d5617ac3 (diff)
1 files changed, 33 insertions, 0 deletions
diff --git a/tests/filter/server_filter.phpt b/tests/filter/server_filter.phpt
new file mode 100644
index 0000000..b1271bd
--- /dev/null
+++ b/tests/filter/server_filter.phpt
@@ -0,0 +1,33 @@
+--TEST--
+suhosin SERVER filter
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--ENV--
+return <<<END
+HTTP_POST_VARS=HTTP_POST_VARS
+HTTP_MY_VARS=HTTP_MY_VARS
+HTTP_GET_VARS=HTTP_GET_VARS
+HTTP_ENV_VARS=HTTP_ENV_VARS
+HTTP_SERVER_VARS=HTTP_SERVER_VARS
+HTTP_SESSION_VARS=HTTP_SESSION_VARS
+HTTP_COOKIE_VARS=HTTP_COOKIE_VARS
+HTTP_RAW_POST_DATA=HTTP_RAW_POST_DATA
+HTTP_POST_FILES=HTTP_POST_FILES
+END;
+--COOKIE--
+--GET--
+--POST--
+--FILE--
+<?php
+foreach ($_SERVER as $k => $v) {
+        if (!strncmp($k, "HTTP_", 5)) echo "$k => $v\n";
+}
+?>
+--EXPECTF--
+HTTP_MY_VARS => HTTP_MY_VARS
+ALERT - Attacker tried to overwrite a superglobal through a HTTP header (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
author	Stefan Esser	2014-02-12 17:42:37 +0100
committer	Stefan Esser	2014-02-12 17:42:37 +0100
commit	7b3cfa84ff15cc0d4d84f33974c8120aaad0246f (patch)
tree	a80d703d01cc8b5100fa4665d1d52663ef38a5ba
parent	9160beeceff38cd6e0725b0f6b215de1d5617ac3 (diff)

diff --git a/tests/filter/server_filter.phpt b/tests/filter/server_filter.phpt new file mode 100644 index 0000000..b1271bd --- /dev/null +++ b/tests/filter/server_filter.phpt
@@ -0,0 +1,33 @@
	1	--TEST--
	2	suhosin SERVER filter
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	--SKIPIF--
	9	<?php include('skipif.inc'); ?>
	10	--ENV--
	11	return <<<END
	12	HTTP_POST_VARS=HTTP_POST_VARS
	13	HTTP_MY_VARS=HTTP_MY_VARS
	14	HTTP_GET_VARS=HTTP_GET_VARS
	15	HTTP_ENV_VARS=HTTP_ENV_VARS
	16	HTTP_SERVER_VARS=HTTP_SERVER_VARS
	17	HTTP_SESSION_VARS=HTTP_SESSION_VARS
	18	HTTP_COOKIE_VARS=HTTP_COOKIE_VARS
	19	HTTP_RAW_POST_DATA=HTTP_RAW_POST_DATA
	20	HTTP_POST_FILES=HTTP_POST_FILES
	21	END;
	22	--COOKIE--
	23	--GET--
	24	--POST--
	25	--FILE--
	26	<?php
	27	foreach ($_SERVER as $k => $v) {
	28	if (!strncmp($k, "HTTP_", 5)) echo "$k => $v\n";
	29	}
	30	?>
	31	--EXPECTF--
	32	HTTP_MY_VARS => HTTP_MY_VARS
	33	ALERT - Attacker tried to overwrite a superglobal through a HTTP header (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file