Tests suhosin.upload.disallow_elf

author: Stefan Esser 2014-02-15 21:26:45 +0100
committer: Stefan Esser 2014-02-15 21:26:45 +0100
commit: 7013b819e71e6dafe1fbed04ae0dee236d253234 (patch)
tree: fa21df050a8f6465ba58349e62da3dde3ca83967 /tests
parent: 7336a8080e8b1611795d8038e2b816340ce3e4e1 (diff)
2 files changed, 115 insertions, 0 deletions
diff --git a/tests/filter/suhosin_upload_disallow_elf.phpt b/tests/filter/suhosin_upload_disallow_elf.phpt
new file mode 100644
index 0000000..4ad2071
--- /dev/null
+++ b/tests/filter/suhosin_upload_disallow_elf.phpt
@@ -0,0 +1,58 @@
+--TEST--
+Testing: suhosin.upload.disallow_elf=On
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+file_uploads=1
+suhosin.upload.disallow_elf=On
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="A"; filename="A"
+ELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="B"; filename="B"
+XELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_FILES);
+?>
+--EXPECTF--
+array(2) {
+  ["A"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "A"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(0) ""
+    ["error"]=>
+    int(8)
+    ["size"]=>
+    int(0)
+  }
+  ["B"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "B"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(%d) "%s"
+    ["error"]=>
+    int(0)
+    ["size"]=>
+    int(18)
+  }
+}
+ALERT - uploaded file is an ELF executable - file dropped (attacker 'REMOTE_ADDR not set', file '%s')
+\ No newline at end of file
diff --git a/tests/filter/suhosin_upload_disallow_elf_off.phpt b/tests/filter/suhosin_upload_disallow_elf_off.phpt
new file mode 100644
index 0000000..8be8301
--- /dev/null
+++ b/tests/filter/suhosin_upload_disallow_elf_off.phpt
@@ -0,0 +1,57 @@
+--TEST--
+Testing: suhosin.upload.disallow_elf=Off
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+file_uploads=1
+suhosin.upload.disallow_elf=Off
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="A"; filename="A"
+ELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="B"; filename="B"
+XELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_FILES);
+?>
+--EXPECTF--
+array(2) {
+  ["A"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "A"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(%d) "%s"
+    ["error"]=>
+    int(0)
+    ["size"]=>
+    int(18)
+  }
+  ["B"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "B"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(%d) "%s"
+    ["error"]=>
+    int(0)
+    ["size"]=>
+    int(18)
+  }
+}
+\ No newline at end of file
author	Stefan Esser	2014-02-15 21:26:45 +0100
committer	Stefan Esser	2014-02-15 21:26:45 +0100
commit	7013b819e71e6dafe1fbed04ae0dee236d253234 (patch)
tree	fa21df050a8f6465ba58349e62da3dde3ca83967 /tests
parent	7336a8080e8b1611795d8038e2b816340ce3e4e1 (diff)

diff --git a/tests/filter/suhosin_upload_disallow_elf.phpt b/tests/filter/suhosin_upload_disallow_elf.phpt new file mode 100644 index 0000000..4ad2071 --- /dev/null +++ b/tests/filter/suhosin_upload_disallow_elf.phpt
@@ -0,0 +1,58 @@
	1	--TEST--
	2	Testing: suhosin.upload.disallow_elf=On
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	file_uploads=1
	9	suhosin.upload.disallow_elf=On
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST_RAW--
	15	Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
	16	-----------------------------20896060251896012921717172737
	17	Content-Disposition: form-data; name="A"; filename="A"
	18
	19	ELFABCDEFGHIJKLMN
	20	-----------------------------20896060251896012921717172737
	21	Content-Disposition: form-data; name="B"; filename="B"
	22
	23	XELFABCDEFGHIJKLMN
	24	-----------------------------20896060251896012921717172737--
	25	--FILE--
	26	<?php
	27	var_dump($_FILES);
	28	?>
	29	--EXPECTF--
	30	array(2) {
	31	["A"]=>
	32	array(5) {
	33	["name"]=>
	34	string(1) "A"
	35	["type"]=>
	36	string(0) ""
	37	["tmp_name"]=>
	38	string(0) ""
	39	["error"]=>
	40	int(8)
	41	["size"]=>
	42	int(0)
	43	}
	44	["B"]=>
	45	array(5) {
	46	["name"]=>
	47	string(1) "B"
	48	["type"]=>
	49	string(0) ""
	50	["tmp_name"]=>
	51	string(%d) "%s"
	52	["error"]=>
	53	int(0)
	54	["size"]=>
	55	int(18)
	56	}
	57	}
	58	ALERT - uploaded file is an ELF executable - file dropped (attacker 'REMOTE_ADDR not set', file '%s') \ No newline at end of file


diff --git a/tests/filter/suhosin_upload_disallow_elf_off.phpt b/tests/filter/suhosin_upload_disallow_elf_off.phpt new file mode 100644 index 0000000..8be8301 --- /dev/null +++ b/tests/filter/suhosin_upload_disallow_elf_off.phpt
@@ -0,0 +1,57 @@
	1	--TEST--
	2	Testing: suhosin.upload.disallow_elf=Off
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	file_uploads=1
	9	suhosin.upload.disallow_elf=Off
	10	--SKIPIF--
	11	<?php include('skipif.inc'); ?>
	12	--COOKIE--
	13	--GET--
	14	--POST_RAW--
	15	Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
	16	-----------------------------20896060251896012921717172737
	17	Content-Disposition: form-data; name="A"; filename="A"
	18
	19	ELFABCDEFGHIJKLMN
	20	-----------------------------20896060251896012921717172737
	21	Content-Disposition: form-data; name="B"; filename="B"
	22
	23	XELFABCDEFGHIJKLMN
	24	-----------------------------20896060251896012921717172737--
	25	--FILE--
	26	<?php
	27	var_dump($_FILES);
	28	?>
	29	--EXPECTF--
	30	array(2) {
	31	["A"]=>
	32	array(5) {
	33	["name"]=>
	34	string(1) "A"
	35	["type"]=>
	36	string(0) ""
	37	["tmp_name"]=>
	38	string(%d) "%s"
	39	["error"]=>
	40	int(0)
	41	["size"]=>
	42	int(18)
	43	}
	44	["B"]=>
	45	array(5) {
	46	["name"]=>
	47	string(1) "B"
	48	["type"]=>
	49	string(0) ""
	50	["tmp_name"]=>
	51	string(%d) "%s"
	52	["error"]=>
	53	int(0)
	54	["size"]=>
	55	int(18)
	56	}
	57	} \ No newline at end of file