From 7013b819e71e6dafe1fbed04ae0dee236d253234 Mon Sep 17 00:00:00 2001
From: Stefan Esser
Date: Sat, 15 Feb 2014 21:26:45 +0100
Subject: Tests suhosin.upload.disallow_elf

---
 tests/filter/suhosin_upload_disallow_elf.phpt     | 58 +++++++++++++++++++++++
 tests/filter/suhosin_upload_disallow_elf_off.phpt | 57 ++++++++++++++++++++++
 2 files changed, 115 insertions(+)
 create mode 100644 tests/filter/suhosin_upload_disallow_elf.phpt
 create mode 100644 tests/filter/suhosin_upload_disallow_elf_off.phpt

(limited to 'tests')

diff --git a/tests/filter/suhosin_upload_disallow_elf.phpt b/tests/filter/suhosin_upload_disallow_elf.phpt
new file mode 100644
index 0000000..4ad2071
--- /dev/null
+++ b/tests/filter/suhosin_upload_disallow_elf.phpt
@@ -0,0 +1,58 @@
+--TEST--
+Testing: suhosin.upload.disallow_elf=On
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+file_uploads=1
+suhosin.upload.disallow_elf=On
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="A"; filename="A"
+
+ELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="B"; filename="B"
+
+XELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_FILES);
+?>
+--EXPECTF--
+array(2) {
+  ["A"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "A"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(0) ""
+    ["error"]=>
+    int(8)
+    ["size"]=>
+    int(0)
+  }
+  ["B"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "B"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(%d) "%s"
+    ["error"]=>
+    int(0)
+    ["size"]=>
+    int(18)
+  }
+}
+ALERT - uploaded file is an ELF executable - file dropped (attacker 'REMOTE_ADDR not set', file '%s')
\ No newline at end of file
diff --git a/tests/filter/suhosin_upload_disallow_elf_off.phpt b/tests/filter/suhosin_upload_disallow_elf_off.phpt
new file mode 100644
index 0000000..8be8301
--- /dev/null
+++ b/tests/filter/suhosin_upload_disallow_elf_off.phpt
@@ -0,0 +1,57 @@
+--TEST--
+Testing: suhosin.upload.disallow_elf=Off
+--INI--
+suhosin.log.syslog=0
+suhosin.log.sapi=0
+suhosin.log.stdout=255
+suhosin.log.script=0
+file_uploads=1
+suhosin.upload.disallow_elf=Off
+--SKIPIF--
+<?php include('skipif.inc'); ?>
+--COOKIE--
+--GET--
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=---------------------------20896060251896012921717172737
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="A"; filename="A"
+
+ELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737
+Content-Disposition: form-data; name="B"; filename="B"
+
+XELFABCDEFGHIJKLMN
+-----------------------------20896060251896012921717172737--
+--FILE--
+<?php
+var_dump($_FILES);
+?>
+--EXPECTF--
+array(2) {
+  ["A"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "A"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(%d) "%s"
+    ["error"]=>
+    int(0)
+    ["size"]=>
+    int(18)
+  }
+  ["B"]=>
+  array(5) {
+    ["name"]=>
+    string(1) "B"
+    ["type"]=>
+    string(0) ""
+    ["tmp_name"]=>
+    string(%d) "%s"
+    ["error"]=>
+    int(0)
+    ["size"]=>
+    int(18)
+  }
+}
\ No newline at end of file
-- 
cgit v1.3