Reorganize the testsuite

Splitting the testsuite in several components makes it easier to manage and comprehend. This was also needed some some tests aren't passing on Alpine Linux, but we still want to run as many of them as we can on this platform.
author: jvoisin 2019-01-14 19:29:25 +0000
committer: GitHub 2019-01-14 19:29:25 +0000
commit: e79f7e3bd992c7f0915ef9afe7afb6d79740527a (patch)
tree: f881c25694eb00da2331a9ab280ec1c24a5662ab /src/tests/eval_blacklist
parent: c943db586ac46b686b49bdf61d8473e39dd93000 (diff)
20 files changed, 326 insertions, 0 deletions
diff --git a/src/tests/eval_blacklist/config/eval_backlist.ini b/src/tests/eval_blacklist/config/eval_backlist.ini
new file mode 100644
index 0000000..b181598
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_backlist.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strlen");
diff --git a/src/tests/eval_blacklist/config/eval_backlist_list.ini b/src/tests/eval_blacklist/config/eval_backlist_list.ini
new file mode 100644
index 0000000..b395d03
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_backlist_list.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strcmp,strlen");
diff --git a/src/tests/eval_blacklist/config/eval_backlist_simulation.ini b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini
new file mode 100644
index 0000000..2d8dc73
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strlen").simulation();
diff --git a/src/tests/eval_blacklist/config/eval_whitelist.ini b/src/tests/eval_blacklist/config/eval_whitelist.ini
new file mode 100644
index 0000000..7a8f6ef
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_whitelist.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos");
diff --git a/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini
new file mode 100644
index 0000000..4e7bc8e
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini
@@ -0,0 +1,2 @@
+sp.eval_blacklist.list("my_fun,cos,tan");
+sp.eval_whitelist.list("my_fun,tan");
diff --git a/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini
new file mode 100644
index 0000000..9d94db3
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos").simulation();
diff --git a/src/tests/eval_blacklist/eval_backlist.phpt b/src/tests/eval_blacklist/eval_backlist.phpt
new file mode 100644
index 0000000..f24af96
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Eval blacklist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist.php:1, dropping it. in %a/eval_backlist.php(4) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt
new file mode 100644
index 0000000..47e8d71
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Eval blacklist - with several calls in an eval.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+eval('
+        call_user_func("strlen", 2);
+')
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_call_user_func.php:%d, dropping it. in %s/eval_backlist_call_user_func.php(%d) : eval()'d code on line %d
diff --git a/src/tests/eval_blacklist/eval_backlist_chained.phpt b/src/tests/eval_blacklist/eval_backlist_chained.phpt
new file mode 100644
index 0000000..2360e06
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_chained.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Eval blacklist - with several calls in an eval.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+eval('
+        cos(1);
+        strlen(2);
+        sin(3);
+')
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_chained.php:%d, dropping it. in %s/eval_backlist_chained.php(%d) : eval()'d code on line %d
diff --git a/src/tests/eval_blacklist/eval_backlist_list.phpt b/src/tests/eval_blacklist/eval_backlist_list.phpt
new file mode 100644
index 0000000..5bf0ea8
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_list.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Eval blacklist - with a list of functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist_list.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_list.php:1, dropping it. in %a/eval_backlist_list.php(4) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_simulation.phpt b/src/tests/eval_blacklist/eval_backlist_simulation.phpt
new file mode 100644
index 0000000..3089c2d
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_simulation.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Eval blacklist simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist_simulation.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Warning: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_simulation.php:1, logging it. in %a/eval_backlist_simulation.php(4) : eval()'d code on line 1
+After eval: 4
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt
new file mode 100644
index 0000000..e5650b2
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Eval whitelist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = cos(1234);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist.php(10) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt
new file mode 100644
index 0000000..2f8bc19
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Eval whitelist/blacklist, on builtin functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+$a = tan(1);
+echo "Outside of eval: $a\n";
+eval('$a = tan(1);');
+echo "After allowed eval: $a\n";
+eval('$a = cos(1234);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 1.5574077246549
+After allowed eval: 1.5574077246549
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist_builtin.php(10) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist.phpt b/src/tests/eval_blacklist/eval_whitelist.phpt
new file mode 100644
index 0000000..a602d0d
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Eval whitelist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+function my_other_fun($p) {
+        return "my_other_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist.php on line 7
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt
new file mode 100644
index 0000000..5ed383d
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Eval whitelist - builtin function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+$a = cos(1);
+echo "Outside of eval: $a\n";
+eval('$a = cos(5);');
+echo "After allowed eval: $a\n";
+eval('$a = sin(4);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 0.54030230586814
+After allowed eval: 0.28366218546323
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_builtin.php(6) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt
new file mode 100644
index 0000000..5ff3bff
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt
@@ -0,0 +1,30 @@
+--TEST--
+Eval whitelist - builtin function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+$b = 1337;
+$dir = __DIR__;
+file_put_contents($dir . '/test.bla', '<?php $b = sin(1) ?>');
+$a = cos(1);
+echo "Outside of eval: $a\n";
+eval('$a = cos(5);');
+echo "After allowed eval: $a\n";
+eval("include_once('$dir' . '/test.bla');");
+echo "After eval: $b\n";
+?>
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . '/test.bla');
+?>
+--EXPECTF--
+Outside of eval: 0.54030230586814
+After allowed eval: 0.28366218546323
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/test.bla on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_simulation.phpt b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt
new file mode 100644
index 0000000..c4a3efa
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Eval whitelist simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+function my_other_fun($p) {
+        return "my_other_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+Warning: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, logging its call. in %a/eval_whitelist_simulation.php on line 7
+After eval: my_other_fun: 1234
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt
new file mode 100644
index 0000000..dbc7d93
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Eval whitelist - builtin function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+function my_fun() {
+        return sin(10);
+}
+$a = my_fun(1);
+echo "Outside of eval: $a\n";
+eval('$a = my_fun(5);');
+echo "After allowed eval: $a\n";
+eval('$a = my_fun(4);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: -0.54402111088937
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_user_then_builtin.php on line 4
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/nested_eval_blacklist.phpt b/src/tests/eval_blacklist/nested_eval_blacklist.phpt
new file mode 100644
index 0000000..9671a65
--- /dev/null
+++ b/src/tests/eval_blacklist/nested_eval_blacklist.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Eval blacklist - nested eval
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval(
+        "echo 'Inception lvl 1...\n';
+   eval(
+     'echo \"Inception lvl 2...\n\";
+      eval(
+                                 \"echo \'Inception lvl 3...\n\';
+          strlen(\'Limbo!\');
+       \");
+   ');
+");
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Inception lvl 1...
+Inception lvl 2...
+Inception lvl 3...
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code:3, dropping it. in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code(4) : eval()'d code on line 3
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/nested_eval_blacklist2.phpt b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt
new file mode 100644
index 0000000..aee41db
--- /dev/null
+++ b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Eval blacklist - nested eval, with a twist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval(
+        "echo 'Inception lvl 1...\n';
+   eval(
+     'echo \"Inception lvl 2...\n\";
+      eval(
+                                 \"echo \'Inception lvl 3...\n\';
+       \");
+                         strlen(\'Limbo!\');
+   ');
+");
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Inception lvl 1...
+Inception lvl 2...
+Inception lvl 3...
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it. in %a/nested_eval_blacklist2.php(5) : eval()'d code(4) : eval()'d code on line 7
+\ No newline at end of file
author	jvoisin	2019-01-14 19:29:25 +0000
committer	GitHub	2019-01-14 19:29:25 +0000
commit	e79f7e3bd992c7f0915ef9afe7afb6d79740527a (patch)
tree	f881c25694eb00da2331a9ab280ec1c24a5662ab /src/tests/eval_blacklist
parent	c943db586ac46b686b49bdf61d8473e39dd93000 (diff)

diff --git a/src/tests/eval_blacklist/config/eval_backlist.ini b/src/tests/eval_blacklist/config/eval_backlist.ini new file mode 100644 index 0000000..b181598 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_backlist.ini
@@ -0,0 +1 @@
		sp.eval_blacklist.list("strlen");


diff --git a/src/tests/eval_blacklist/config/eval_backlist_list.ini b/src/tests/eval_blacklist/config/eval_backlist_list.ini new file mode 100644 index 0000000..b395d03 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_backlist_list.ini
@@ -0,0 +1 @@
		sp.eval_blacklist.list("strcmp,strlen");


diff --git a/src/tests/eval_blacklist/config/eval_backlist_simulation.ini b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini new file mode 100644 index 0000000..2d8dc73 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini
@@ -0,0 +1 @@
		sp.eval_blacklist.list("strlen").simulation();


diff --git a/src/tests/eval_blacklist/config/eval_whitelist.ini b/src/tests/eval_blacklist/config/eval_whitelist.ini new file mode 100644 index 0000000..7a8f6ef --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_whitelist.ini
@@ -0,0 +1 @@
		sp.eval_whitelist.list("my_fun,cos");


diff --git a/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini new file mode 100644 index 0000000..4e7bc8e --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini
@@ -0,0 +1,2 @@
	1	sp.eval_blacklist.list("my_fun,cos,tan");
	2	sp.eval_whitelist.list("my_fun,tan");


diff --git a/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini new file mode 100644 index 0000000..9d94db3 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
		sp.eval_whitelist.list("my_fun,cos").simulation();


diff --git a/src/tests/eval_blacklist/eval_backlist.phpt b/src/tests/eval_blacklist/eval_backlist.phpt new file mode 100644 index 0000000..f24af96 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist.phpt
@@ -0,0 +1,17 @@
	1	--TEST--
	2	Eval blacklist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval('$a = strlen("1234");');
	12	echo "After eval: $a\n";
	13	?>
	14	--EXPECTF--
	15	Outside of eval: 14
	16
	17	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist.php:1, dropping it. in %a/eval_backlist.php(4) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt new file mode 100644 index 0000000..47e8d71 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt
@@ -0,0 +1,14 @@
	1	--TEST--
	2	Eval blacklist - with several calls in an eval.
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	eval('
	10	call_user_func("strlen", 2);
	11	')
	12	?>
	13	--EXPECTF--
	14	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_call_user_func.php:%d, dropping it. in %s/eval_backlist_call_user_func.php(%d) : eval()'d code on line %d


diff --git a/src/tests/eval_blacklist/eval_backlist_chained.phpt b/src/tests/eval_blacklist/eval_backlist_chained.phpt new file mode 100644 index 0000000..2360e06 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_chained.phpt
@@ -0,0 +1,16 @@
	1	--TEST--
	2	Eval blacklist - with several calls in an eval.
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	eval('
	10	cos(1);
	11	strlen(2);
	12	sin(3);
	13	')
	14	?>
	15	--EXPECTF--
	16	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_chained.php:%d, dropping it. in %s/eval_backlist_chained.php(%d) : eval()'d code on line %d


diff --git a/src/tests/eval_blacklist/eval_backlist_list.phpt b/src/tests/eval_blacklist/eval_backlist_list.phpt new file mode 100644 index 0000000..5bf0ea8 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_list.phpt
@@ -0,0 +1,17 @@
	1	--TEST--
	2	Eval blacklist - with a list of functions
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist_list.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval('$a = strlen("1234");');
	12	echo "After eval: $a\n";
	13	?>
	14	--EXPECTF--
	15	Outside of eval: 14
	16
	17	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_list.php:1, dropping it. in %a/eval_backlist_list.php(4) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_simulation.phpt b/src/tests/eval_blacklist/eval_backlist_simulation.phpt new file mode 100644 index 0000000..3089c2d --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_simulation.phpt
@@ -0,0 +1,18 @@
	1	--TEST--
	2	Eval blacklist simulation
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist_simulation.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval('$a = strlen("1234");');
	12	echo "After eval: $a\n";
	13	?>
	14	--EXPECTF--
	15	Outside of eval: 14
	16
	17	Warning: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_simulation.php:1, logging it. in %a/eval_backlist_simulation.php(4) : eval()'d code on line 1
	18	After eval: 4 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt new file mode 100644 index 0000000..e5650b2 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Eval whitelist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	$a = my_fun("1337 1337 1337");
	14	echo "Outside of eval: $a\n";
	15	eval('$a = my_fun("1234");');
	16	echo "After allowed eval: $a\n";
	17	eval('$a = cos(1234);');
	18	echo "After eval: $a\n";
	19	?>
	20	--EXPECTF--
	21	Outside of eval: my_fun: 1337 1337 1337
	22	After allowed eval: my_fun: 1234
	23
	24	Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist.php(10) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt new file mode 100644 index 0000000..2f8bc19 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Eval whitelist/blacklist, on builtin functions
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	$a = tan(1);
	14	echo "Outside of eval: $a\n";
	15	eval('$a = tan(1);');
	16	echo "After allowed eval: $a\n";
	17	eval('$a = cos(1234);');
	18	echo "After eval: $a\n";
	19	?>
	20	--EXPECTF--
	21	Outside of eval: 1.5574077246549
	22	After allowed eval: 1.5574077246549
	23
	24	Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist_builtin.php(10) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist.phpt b/src/tests/eval_blacklist/eval_whitelist.phpt new file mode 100644 index 0000000..a602d0d --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist.phpt
@@ -0,0 +1,28 @@
	1	--TEST--
	2	Eval whitelist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	function my_other_fun($p) {
	14	return "my_other_fun: $p";
	15	}
	16
	17	$a = my_fun("1337 1337 1337");
	18	echo "Outside of eval: $a\n";
	19	eval('$a = my_fun("1234");');
	20	echo "After allowed eval: $a\n";
	21	eval('$a = my_other_fun("1234");');
	22	echo "After eval: $a\n";
	23	?>
	24	--EXPECTF--
	25	Outside of eval: my_fun: 1337 1337 1337
	26	After allowed eval: my_fun: 1234
	27
	28	Fatal error: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist.php on line 7 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt new file mode 100644 index 0000000..5ed383d --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt
@@ -0,0 +1,20 @@
	1	--TEST--
	2	Eval whitelist - builtin function
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9	$a = cos(1);
	10	echo "Outside of eval: $a\n";
	11	eval('$a = cos(5);');
	12	echo "After allowed eval: $a\n";
	13	eval('$a = sin(4);');
	14	echo "After eval: $a\n";
	15	?>
	16	--EXPECTF--
	17	Outside of eval: 0.54030230586814
	18	After allowed eval: 0.28366218546323
	19
	20	Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_builtin.php(6) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt new file mode 100644 index 0000000..5ff3bff --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt
@@ -0,0 +1,30 @@
	1	--TEST--
	2	Eval whitelist - builtin function
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9	$b = 1337;
	10	$dir = __DIR__;
	11
	12	file_put_contents($dir . '/test.bla', '<?php $b = sin(1) ?>');
	13
	14	$a = cos(1);
	15	echo "Outside of eval: $a\n";
	16	eval('$a = cos(5);');
	17	echo "After allowed eval: $a\n";
	18	eval("include_once('$dir' . '/test.bla');");
	19	echo "After eval: $b\n";
	20	?>
	21	--CLEAN--
	22	<?php
	23	$dir = __DIR__;
	24	unlink($dir . '/test.bla');
	25	?>
	26	--EXPECTF--
	27	Outside of eval: 0.54030230586814
	28	After allowed eval: 0.28366218546323
	29
	30	Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/test.bla on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_simulation.phpt b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt new file mode 100644 index 0000000..c4a3efa --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	Eval whitelist simulation
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	function my_other_fun($p) {
	14	return "my_other_fun: $p";
	15	}
	16
	17	$a = my_fun("1337 1337 1337");
	18	echo "Outside of eval: $a\n";
	19	eval('$a = my_fun("1234");');
	20	echo "After allowed eval: $a\n";
	21	eval('$a = my_other_fun("1234");');
	22	echo "After eval: $a\n";
	23	?>
	24	--EXPECTF--
	25	Outside of eval: my_fun: 1337 1337 1337
	26	After allowed eval: my_fun: 1234
	27
	28	Warning: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, logging its call. in %a/eval_whitelist_simulation.php on line 7
	29	After eval: my_other_fun: 1234 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt new file mode 100644 index 0000000..dbc7d93 --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Eval whitelist - builtin function
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9
	10	function my_fun() {
	11	return sin(10);
	12	}
	13
	14	$a = my_fun(1);
	15	echo "Outside of eval: $a\n";
	16	eval('$a = my_fun(5);');
	17	echo "After allowed eval: $a\n";
	18	eval('$a = my_fun(4);');
	19	echo "After eval: $a\n";
	20	?>
	21	--EXPECTF--
	22	Outside of eval: -0.54402111088937
	23
	24	Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_user_then_builtin.php on line 4 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/nested_eval_blacklist.phpt b/src/tests/eval_blacklist/nested_eval_blacklist.phpt new file mode 100644 index 0000000..9671a65 --- /dev/null +++ b/src/tests/eval_blacklist/nested_eval_blacklist.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	Eval blacklist - nested eval
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval(
	12	"echo 'Inception lvl 1...\n';
	13	eval(
	14	'echo \"Inception lvl 2...\n\";
	15	eval(
	16	\"echo \'Inception lvl 3...\n\';
	17	strlen(\'Limbo!\');
	18	\");
	19	');
	20	");
	21	echo "After eval: $a\n";
	22	?>
	23	--EXPECTF--
	24	Outside of eval: 14
	25	Inception lvl 1...
	26	Inception lvl 2...
	27	Inception lvl 3...
	28
	29	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code:3, dropping it. in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code(4) : eval()'d code on line 3 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/nested_eval_blacklist2.phpt b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt new file mode 100644 index 0000000..aee41db --- /dev/null +++ b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	Eval blacklist - nested eval, with a twist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval(
	12	"echo 'Inception lvl 1...\n';
	13	eval(
	14	'echo \"Inception lvl 2...\n\";
	15	eval(
	16	\"echo \'Inception lvl 3...\n\';
	17	\");
	18	strlen(\'Limbo!\');
	19	');
	20	");
	21	echo "After eval: $a\n";
	22	?>
	23	--EXPECTF--
	24	Outside of eval: 14
	25	Inception lvl 1...
	26	Inception lvl 2...
	27	Inception lvl 3...
	28
	29	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it. in %a/nested_eval_blacklist2.php(5) : eval()'d code(4) : eval()'d code on line 7 \ No newline at end of file