One more test

author: Stefan Esser 2014-02-12 13:30:34 +0100
committer: Stefan Esser 2014-02-12 13:30:34 +0100
commit: f0e22c0a4adc54a57264e1b212a5d5d8fee21b43 (patch)
tree: f876b265f60a82ecf93f42eb08c7ac9a5240dd0f /tests
parent: 25d32b98d7aa6477b78fdf595ae66cf903da3344 (diff)
1 files changed, 43 insertions, 0 deletions
diff --git a/tests/filter/get_filter_1.phpt b/tests/filter/get_filter_1.phpt
new file mode 100644
index 0000000..0ab079c
--- /dev/null
+++ b/tests/filter/get_filter_1.phpt
@@ -0,0 +1,43 @@
+--TEST--
+suhosin GET filter (disallowed variable names)
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+HTTP_RAW_POST_DATA=HTTP_RAW_POST_DATA&HTTP_SESSION_VARS=HTTP_SESSION_VARS&harmless1=harmless1&HTTP_SERVER_VARS=HTTP_SERVER_VARS&HTTP_COOKIE_VARS=HTTP_COOKIE_VARS&HTTP_POST_FILES=HTTP_POST_FILES&HTTP_POST_VARS=HTTP_POST_VARS&HTTP_GET_VARS=HTTP_GET_VARS&HTTP_ENV_VARS=HTTP_ENV_VARS&_SESSION=_SESSION&_REQUEST=_REQUEST&GLOBALS=GLOBALS&_COOKIE=_COOKIE&_SERVER=_SERVER&_FILES=_FILES&_POST=_POST&_ENV=_ENV&_GET=_GET&harmless2=harmless2&
+--POST--
+--FILE--
+<?php
+var_dump($_GET);
+?>
+--EXPECTF--
+array(2) {
+  ["harmless1"]=>
+  string(9) "harmless1"
+  ["harmless2"]=>
+  string(9) "harmless2"
+}
+ALERT - tried to register forbidden variable 'HTTP_RAW_POST_DATA' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_SESSION_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_SERVER_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_COOKIE_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_POST_FILES' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_POST_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_GET_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'HTTP_ENV_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_SESSION' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_REQUEST' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable 'GLOBALS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_COOKIE' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_SERVER' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_FILES' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_POST' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_ENV' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - tried to register forbidden variable '_GET' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
+ALERT - dropped 17 request variables - (17 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
author	Stefan Esser	2014-02-12 13:30:34 +0100
committer	Stefan Esser	2014-02-12 13:30:34 +0100
commit	f0e22c0a4adc54a57264e1b212a5d5d8fee21b43 (patch)
tree	f876b265f60a82ecf93f42eb08c7ac9a5240dd0f /tests
parent	25d32b98d7aa6477b78fdf595ae66cf903da3344 (diff)

diff --git a/tests/filter/get_filter_1.phpt b/tests/filter/get_filter_1.phpt new file mode 100644 index 0000000..0ab079c --- /dev/null +++ b/tests/filter/get_filter_1.phpt
@@ -0,0 +1,43 @@
	1	--TEST--
	2	suhosin GET filter (disallowed variable names)
	3	--INI--
	4	suhosin.log.syslog=0
	5	suhosin.log.sapi=0
	6	suhosin.log.stdout=255
	7	suhosin.log.script=0
	8	--SKIPIF--
	9	<?php include('skipif.inc'); ?>
	10	--COOKIE--
	11	--GET--
	12	HTTP_RAW_POST_DATA=HTTP_RAW_POST_DATA&HTTP_SESSION_VARS=HTTP_SESSION_VARS&harmless1=harmless1&HTTP_SERVER_VARS=HTTP_SERVER_VARS&HTTP_COOKIE_VARS=HTTP_COOKIE_VARS&HTTP_POST_FILES=HTTP_POST_FILES&HTTP_POST_VARS=HTTP_POST_VARS&HTTP_GET_VARS=HTTP_GET_VARS&HTTP_ENV_VARS=HTTP_ENV_VARS&_SESSION=_SESSION&_REQUEST=_REQUEST&GLOBALS=GLOBALS&_COOKIE=_COOKIE&_SERVER=_SERVER&_FILES=_FILES&_POST=_POST&_ENV=_ENV&_GET=_GET&harmless2=harmless2&
	13	--POST--
	14	--FILE--
	15	<?php
	16	var_dump($_GET);
	17	?>
	18	--EXPECTF--
	19	array(2) {
	20	["harmless1"]=>
	21	string(9) "harmless1"
	22	["harmless2"]=>
	23	string(9) "harmless2"
	24	}
	25	ALERT - tried to register forbidden variable 'HTTP_RAW_POST_DATA' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	26	ALERT - tried to register forbidden variable 'HTTP_SESSION_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	27	ALERT - tried to register forbidden variable 'HTTP_SERVER_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	28	ALERT - tried to register forbidden variable 'HTTP_COOKIE_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	29	ALERT - tried to register forbidden variable 'HTTP_POST_FILES' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	30	ALERT - tried to register forbidden variable 'HTTP_POST_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	31	ALERT - tried to register forbidden variable 'HTTP_GET_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	32	ALERT - tried to register forbidden variable 'HTTP_ENV_VARS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	33	ALERT - tried to register forbidden variable '_SESSION' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	34	ALERT - tried to register forbidden variable '_REQUEST' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	35	ALERT - tried to register forbidden variable 'GLOBALS' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	36	ALERT - tried to register forbidden variable '_COOKIE' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	37	ALERT - tried to register forbidden variable '_SERVER' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	38	ALERT - tried to register forbidden variable '_FILES' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	39	ALERT - tried to register forbidden variable '_POST' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	40	ALERT - tried to register forbidden variable '_ENV' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	41	ALERT - tried to register forbidden variable '_GET' through GET variables (attacker 'REMOTE_ADDR not set', file '%s')
	42	ALERT - dropped 17 request variables - (17 in GET, 0 in POST, 0 in COOKIE) (attacker 'REMOTE_ADDR not set', file '%s')
	43