tests for preg_replace

author: Ben Fuhrmannek 2016-02-24 23:37:25 +0100
committer: Ben Fuhrmannek 2016-02-24 23:37:25 +0100
commit: 09d9dfaaa94c69125ceb388c69bc18237837eec9 (patch)
tree: 034bcba1e0f8d5862c5feb0ed7795196ab1d3840
parent: 4e3331cca770dfba2eaecdedd3c8a9fa78210873 (diff)
2 files changed, 62 insertions, 0 deletions
diff --git a/tests/executor/preg_replace.phpt b/tests/executor/preg_replace.phpt
new file mode 100644
index 0000000..64d6671
--- /dev/null
+++ b/tests/executor/preg_replace.phpt
@@ -0,0 +1,30 @@
+--TEST--
+Testing protection against "\0" in preg_replace() first parameter
+--SKIPIF--
+<?php include "../skipif.inc"; ?>
+--INI--
+suhosin.log.sapi=0
+--FILE--
+<?php
+    
+    $text1 = "One little boy with two dogs, three cats and four birds";
+    $text2 = "The three cats eat the four birds";
+    $regex_array = array("/one/", "/two/", "/three/");
+    $regex_array0 = array("/one/\0", "/two/", "/three/");
+    $replace_array = array("1", "2", "3");
+    $regex = "/eat/";
+    $regex0 = "/ea\0t/";
+    $replace = "play with";
+    
+    var_dump(preg_replace($regex_array, $replace_array, $text1));
+    var_dump(preg_replace($regex_array0, $replace_array, $text1));
+    var_dump(preg_replace($regex, $replace, $text2));
+    var_dump(preg_replace($regex0, $replace, $text2));
+    
+?>
+--EXPECT--
+string(49) "One little boy with 2 dogs, 3 cats and four birds"
+NULL
+string(39) "The three cats play with the four birds"
+NULL
diff --git a/tests/executor/preg_replace_error.phpt b/tests/executor/preg_replace_error.phpt
new file mode 100644
index 0000000..3d8244e
--- /dev/null
+++ b/tests/executor/preg_replace_error.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Testing protection against "\0" in preg_replace() first parameter (INCL. SUHOSIN ERROR MESSAGES)
+--SKIPIF--
+<?php include "../skipifnotcli.inc"; ?>
+--INI--
+suhosin.log.sapi=64
+--FILE--
+<?php
+    
+    $text1 = "One little boy with two dogs, three cats and four birds";
+    $text2 = "The three cats eat the four birds";
+    $regex_array = array("/one/", "/two/", "/three/");
+    $regex_array0 = array("/one/\0", "/two/", "/three/");
+    $replace_array = array("1", "2", "3");
+    $regex = "/eat/";
+    $regex0 = "/ea\0t/";
+    $replace = "play with";
+    
+    var_dump(preg_replace($regex_array, $replace_array, $text1));
+    var_dump(preg_replace($regex_array0, $replace_array, $text1));
+    var_dump(preg_replace($regex, $replace, $text2));
+    var_dump(preg_replace($regex0, $replace, $text2));
+    
+?>
+--EXPECTF--
+string(49) "One little boy with 2 dogs, 3 cats and four birds"
+ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 14)
+NULL
+string(39) "The three cats play with the four birds"
+ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 16)
+NULL
author	Ben Fuhrmannek	2016-02-24 23:37:25 +0100
committer	Ben Fuhrmannek	2016-02-24 23:37:25 +0100
commit	09d9dfaaa94c69125ceb388c69bc18237837eec9 (patch)
tree	034bcba1e0f8d5862c5feb0ed7795196ab1d3840
parent	4e3331cca770dfba2eaecdedd3c8a9fa78210873 (diff)

diff --git a/tests/executor/preg_replace.phpt b/tests/executor/preg_replace.phpt new file mode 100644 index 0000000..64d6671 --- /dev/null +++ b/tests/executor/preg_replace.phpt
@@ -0,0 +1,30 @@
	1	--TEST--
	2	Testing protection against "\0" in preg_replace() first parameter
	3	--SKIPIF--
	4	<?php include "../skipif.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=0
	7	--FILE--
	8	<?php
	9
	10	$text1 = "One little boy with two dogs, three cats and four birds";
	11	$text2 = "The three cats eat the four birds";
	12
	13	$regex_array = array("/one/", "/two/", "/three/");
	14	$regex_array0 = array("/one/\0", "/two/", "/three/");
	15	$replace_array = array("1", "2", "3");
	16	$regex = "/eat/";
	17	$regex0 = "/ea\0t/";
	18	$replace = "play with";
	19
	20	var_dump(preg_replace($regex_array, $replace_array, $text1));
	21	var_dump(preg_replace($regex_array0, $replace_array, $text1));
	22	var_dump(preg_replace($regex, $replace, $text2));
	23	var_dump(preg_replace($regex0, $replace, $text2));
	24
	25	?>
	26	--EXPECT--
	27	string(49) "One little boy with 2 dogs, 3 cats and four birds"
	28	NULL
	29	string(39) "The three cats play with the four birds"
	30	NULL


diff --git a/tests/executor/preg_replace_error.phpt b/tests/executor/preg_replace_error.phpt new file mode 100644 index 0000000..3d8244e --- /dev/null +++ b/tests/executor/preg_replace_error.phpt
@@ -0,0 +1,32 @@
	1	--TEST--
	2	Testing protection against "\0" in preg_replace() first parameter (INCL. SUHOSIN ERROR MESSAGES)
	3	--SKIPIF--
	4	<?php include "../skipifnotcli.inc"; ?>
	5	--INI--
	6	suhosin.log.sapi=64
	7	--FILE--
	8	<?php
	9
	10	$text1 = "One little boy with two dogs, three cats and four birds";
	11	$text2 = "The three cats eat the four birds";
	12
	13	$regex_array = array("/one/", "/two/", "/three/");
	14	$regex_array0 = array("/one/\0", "/two/", "/three/");
	15	$replace_array = array("1", "2", "3");
	16	$regex = "/eat/";
	17	$regex0 = "/ea\0t/";
	18	$replace = "play with";
	19
	20	var_dump(preg_replace($regex_array, $replace_array, $text1));
	21	var_dump(preg_replace($regex_array0, $replace_array, $text1));
	22	var_dump(preg_replace($regex, $replace, $text2));
	23	var_dump(preg_replace($regex0, $replace, $text2));
	24
	25	?>
	26	--EXPECTF--
	27	string(49) "One little boy with 2 dogs, 3 cats and four birds"
	28	ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 14)
	29	NULL
	30	string(39) "The three cats play with the four birds"
	31	ALERT - string termination attack on first preg_replace parameter detected (attacker 'REMOTE_ADDR not set', file '%s', line 16)
	32	NULL