Initial import

author: Sebastien Blot 2017-09-20 10:11:01 +0200
committer: Sebastien Blot 2017-09-20 10:11:01 +0200
commit: 868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree: c0de0af318bf77a8959164ef11aeeeb2b7bab294 /src/tests/disable_xxe_dom.phpt
1 files changed, 71 insertions, 0 deletions
diff --git a/src/tests/disable_xxe_dom.phpt b/src/tests/disable_xxe_dom.phpt
new file mode 100644
index 0000000..47f3db3
--- /dev/null
+++ b/src/tests/disable_xxe_dom.phpt
@@ -0,0 +1,71 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) die "skip";
+ if (!extension_loaded("dom")) die "skip";
+ ?>
+--INI--
+extension=`php-config --extension-dir`/dom.so 
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+?>
+--EXPECTF--
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Notice: Trying to get property of non-object in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to true: 
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+Notice: Trying to get property of non-object in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "content.xml");
+unlink($dir . "content.txt");
+?>
author	Sebastien Blot	2017-09-20 10:11:01 +0200
committer	Sebastien Blot	2017-09-20 10:11:01 +0200
commit	868f96c759b6650d88ff9f4fbc5c048302134248 (patch)
tree	c0de0af318bf77a8959164ef11aeeeb2b7bab294 /src/tests/disable_xxe_dom.phpt

diff --git a/src/tests/disable_xxe_dom.phpt b/src/tests/disable_xxe_dom.phpt new file mode 100644 index 0000000..47f3db3 --- /dev/null +++ b/src/tests/disable_xxe_dom.phpt
@@ -0,0 +1,71 @@
	1	--TEST--
	2	Disable XXE
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) die "skip";
	6	if (!extension_loaded("dom")) die "skip";
	7	?>
	8	--INI--
	9	extension=`php-config --extension-dir`/dom.so
	10	sp.configuration_file={PWD}/config/disable_xxe.ini
	11	--FILE--
	12	<?php
	13	$dir = __DIR__;
	14	$content = 'WARNING, external entity loaded!';
	15	file_put_contents('content.txt', $content);
	16
	17	$xml = <<<EOD
	18	<?xml version="1.0"?>
	19	<!DOCTYPE root
	20	[
	21	<!ENTITY foo SYSTEM "file://$dir/content.txt">
	22	]>
	23	<test><testing>&foo;</testing></test>
	24	EOD;
	25
	26	file_put_contents('content.xml', $xml);
	27
	28	libxml_disable_entity_loader(true);
	29	$dom = new DOMDocument('1.0');
	30	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	31	printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	32
	33	libxml_disable_entity_loader(false);
	34	$dom = new DOMDocument('1.0');
	35	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	36	printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	37
	38	$xml = "<test><testing>foo</testing></test>";
	39	file_put_contents('content.xml', $xml);
	40
	41	libxml_disable_entity_loader(false);
	42	$dom = new DOMDocument('1.0');
	43	$dom->loadXML($xml, LIBXML_DTDATTR\|LIBXML_DTDLOAD\|LIBXML_NOENT);
	44	printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
	45
	46	?>
	47	--EXPECTF--
	48	Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
	49
	50	Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	51
	52	Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	53
	54	Notice: Trying to get property of non-object in %a/disable_xxe_dom.php on line %d
	55	libxml_disable_entity to true:
	56
	57	Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
	58
	59	Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	60
	61	Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
	62
	63	Notice: Trying to get property of non-object in %a/disable_xxe_dom.php on line %d
	64	libxml_disable_entity to false:
	65	without xxe: foo
	66	--CLEAN--
	67	<?php
	68	$dir = __DIR__;
	69	unlink($dir . "content.xml");
	70	unlink($dir . "content.txt");
	71	?>