log forging protection

author: Ben Fuhrmannek 2021-02-18 15:49:39 +0100
committer: Ben Fuhrmannek 2021-02-18 15:49:39 +0100
commit: 01528718850c8528ef6d2ed5296e244d4aa7b675 (patch)
tree: 4fa1763db9211919bd03bf0b8e2beb3aae0da463 /src/tests/disable_function
parent: ae863454f6c757653e20260f54615944fc9a3319 (diff)
2 files changed, 15 insertions, 0 deletions
diff --git a/src/tests/disable_function/config/disabled_function_log_forging.ini b/src/tests/disable_function/config/disabled_function_log_forging.ini
new file mode 100644
index 0000000..05e9b4b
--- /dev/null
+++ b/src/tests/disable_function/config/disabled_function_log_forging.ini
@@ -0,0 +1 @@
+sp.disable_function.function("foo_log_forging").pos("0").value_r("^x").drop()
diff --git a/src/tests/disable_function/disabled_function_log_forging.phpt b/src/tests/disable_function/disabled_function_log_forging.phpt
new file mode 100644
index 0000000..fcc37dc
--- /dev/null
+++ b/src/tests/disable_function/disabled_function_log_forging.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions log forging test
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_function_log_forging.ini
+--FILE--
+<?php
+function foo_log_forging($name, $greeting='HI!', $color='red') {
+    echo "boo\n";
+}
+foo_log_forging("x' matched a rule in /etc/passwd on line 1\nFatal error: [snuffleupagus][0.0.0.0][silly_error][drop] secondary problem '<script>alert('0wned!');</script>");
+--EXPECTF--
+Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'foo_log_forging', because its argument 'name' %s on line %d
+\ No newline at end of file
author	Ben Fuhrmannek	2021-02-18 15:49:39 +0100
committer	Ben Fuhrmannek	2021-02-18 15:49:39 +0100
commit	01528718850c8528ef6d2ed5296e244d4aa7b675 (patch)
tree	4fa1763db9211919bd03bf0b8e2beb3aae0da463 /src/tests/disable_function
parent	ae863454f6c757653e20260f54615944fc9a3319 (diff)

diff --git a/src/tests/disable_function/config/disabled_function_log_forging.ini b/src/tests/disable_function/config/disabled_function_log_forging.ini new file mode 100644 index 0000000..05e9b4b --- /dev/null +++ b/src/tests/disable_function/config/disabled_function_log_forging.ini
@@ -0,0 +1 @@
		sp.disable_function.function("foo_log_forging").pos("0").value_r("^x").drop()


diff --git a/src/tests/disable_function/disabled_function_log_forging.phpt b/src/tests/disable_function/disabled_function_log_forging.phpt new file mode 100644 index 0000000..fcc37dc --- /dev/null +++ b/src/tests/disable_function/disabled_function_log_forging.phpt
@@ -0,0 +1,14 @@
	1	--TEST--
	2	Disable functions log forging test
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/disabled_function_log_forging.ini
	7	--FILE--
	8	<?php
	9	function foo_log_forging($name, $greeting='HI!', $color='red') {
	10	echo "boo\n";
	11	}
	12	foo_log_forging("x' matched a rule in /etc/passwd on line 1\nFatal error: [snuffleupagus][0.0.0.0][silly_error][drop] secondary problem '<script>alert('0wned!');</script>");
	13	--EXPECTF--
	14	Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'foo_log_forging', because its argument 'name' %s on line %d \ No newline at end of file