diff options
| author | jvoisin | 2020-12-12 18:57:48 +0000 |
|---|---|---|
| committer | jvoisin | 2020-12-12 20:33:14 +0100 |
| commit | 5329a55bfd2b00d617a40d587cd37050d964ccbf (patch) | |
| tree | 81ba53c4f950442a904a437458228d1ab2859227 /src/tests/xxe | |
| parent | e34f5f5aaa4a40745bd652198d75b879aa09a53c (diff) | |
Mark the relevant php8 tests as broken (#359)
* Skip tests broken on php8
* Oops
* Fix some tests
* Add some XXE tests for php8
* Fix a test
Diffstat (limited to 'src/tests/xxe')
| -rw-r--r-- | src/tests/xxe/disable_xxe_dom.phpt | 38 | ||||
| -rw-r--r-- | src/tests/xxe/disable_xxe_dom_disabled.phpt | 1 | ||||
| -rw-r--r-- | src/tests/xxe/disable_xxe_dom_disabled_php8.phpt | 60 | ||||
| -rw-r--r-- | src/tests/xxe/disable_xxe_xml_parse.phpt | 1 | ||||
| -rw-r--r-- | src/tests/xxe/disable_xxe_xml_parse_php8.phpt | 106 |
5 files changed, 190 insertions, 16 deletions
diff --git a/src/tests/xxe/disable_xxe_dom.phpt b/src/tests/xxe/disable_xxe_dom.phpt index 58467f7..99ed572 100644 --- a/src/tests/xxe/disable_xxe_dom.phpt +++ b/src/tests/xxe/disable_xxe_dom.phpt | |||
| @@ -1,7 +1,8 @@ | |||
| 1 | --TEST-- | 1 | --TEST-- |
| 2 | Disable XXE | 2 | Disable XXE, in php8 |
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?> | 4 | <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?> |
| 5 | <?php if (PHP_VERSION_ID < 80000) print "skip"; ?> | ||
| 5 | --INI-- | 6 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/disable_xxe.ini | 7 | sp.configuration_file={PWD}/config/disable_xxe.ini |
| 7 | --EXTENSIONS-- | 8 | --EXTENSIONS-- |
| @@ -42,28 +43,33 @@ $dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); | |||
| 42 | printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue); | 43 | printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue); |
| 43 | 44 | ||
| 44 | ?> | 45 | ?> |
| 46 | --CLEAN-- | ||
| 47 | <?php | ||
| 48 | $dir = __DIR__; | ||
| 49 | unlink($dir . "content.xml"); | ||
| 50 | unlink($dir . "content.txt"); | ||
| 51 | ?> | ||
| 45 | --EXPECTF-- | 52 | --EXPECTF-- |
| 46 | Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d | 53 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 47 | 54 | ||
| 48 | Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d | 55 | Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%s/tests/xxe/content.txt" in /var/www/html/snuffleupagus/src/tests/xxe/disable_xxe_dom.php on line %d |
| 49 | 56 | ||
| 50 | Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d | 57 | Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 51 | 58 | ||
| 52 | Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d | 59 | Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 60 | |||
| 61 | Warning: Attempt to read property "nodeValue" on null in %s/tests/xxe/disable_xxe_dom.php on line %d | ||
| 53 | libxml_disable_entity to true: | 62 | libxml_disable_entity to true: |
| 54 | 63 | ||
| 55 | Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d | 64 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 65 | |||
| 66 | Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%s/tests/xxe/content.txt" in /var/www/html/snuffleupagus/src/tests/xxe/disable_xxe_dom.php on line %d | ||
| 56 | 67 | ||
| 57 | Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d | 68 | Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 58 | 69 | ||
| 59 | Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d | 70 | Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: 6 in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 60 | 71 | ||
| 61 | Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d | 72 | Warning: Attempt to read property "nodeValue" on null in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 62 | libxml_disable_entity to false: | 73 | libxml_disable_entity to false: |
| 63 | without xxe: foo | 74 | |
| 64 | --CLEAN-- | 75 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom.php on line %d |
| 65 | <?php | ||
| 66 | $dir = __DIR__; | ||
| 67 | unlink($dir . "content.xml"); | ||
| 68 | unlink($dir . "content.txt"); | ||
| 69 | ?> | ||
diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt index fe88d76..493f5a3 100644 --- a/src/tests/xxe/disable_xxe_dom_disabled.phpt +++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt | |||
| @@ -2,6 +2,7 @@ | |||
| 2 | Disable XXE | 2 | Disable XXE |
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?> | 4 | <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?> |
| 5 | <?php if (PHP_VERSION_ID >= 80000) print "skip"; ?> | ||
| 5 | --INI-- | 6 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/disable_xxe_disable.ini | 7 | sp.configuration_file={PWD}/config/disable_xxe_disable.ini |
| 7 | --EXTENSIONS-- | 8 | --EXTENSIONS-- |
diff --git a/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt new file mode 100644 index 0000000..c0db7fc --- /dev/null +++ b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt | |||
| @@ -0,0 +1,60 @@ | |||
| 1 | --TEST-- | ||
| 2 | Disable XXE in php8 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus") || !extension_loaded("dom")) print("skip"); ?> | ||
| 5 | <?php if (PHP_VERSION_ID < 80000) print "skip"; ?> | ||
| 6 | --INI-- | ||
| 7 | sp.configuration_file={PWD}/config/disable_xxe_disable.ini | ||
| 8 | --EXTENSIONS-- | ||
| 9 | dom | ||
| 10 | --FILE-- | ||
| 11 | <?php | ||
| 12 | $dir = __DIR__; | ||
| 13 | $content = '<content>WARNING, external entity loaded!</content>'; | ||
| 14 | file_put_contents($dir . '/content.txt', $content); | ||
| 15 | |||
| 16 | $xml = <<<EOD | ||
| 17 | <?xml version="1.0"?> | ||
| 18 | <!DOCTYPE root | ||
| 19 | [ | ||
| 20 | <!ENTITY foo SYSTEM "file://$dir/content.txt"> | ||
| 21 | ]> | ||
| 22 | <test><testing>&foo;</testing></test> | ||
| 23 | EOD; | ||
| 24 | |||
| 25 | file_put_contents($dir . '/content.xml', $xml); | ||
| 26 | |||
| 27 | libxml_disable_entity_loader(true); | ||
| 28 | $dom = new DOMDocument('1.0'); | ||
| 29 | $dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); | ||
| 30 | printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); | ||
| 31 | |||
| 32 | libxml_disable_entity_loader(false); | ||
| 33 | $dom = new DOMDocument('1.0'); | ||
| 34 | $dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); | ||
| 35 | printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); | ||
| 36 | |||
| 37 | $xml = "<test><testing>foo</testing></test>"; | ||
| 38 | file_put_contents('content.xml', $xml); | ||
| 39 | |||
| 40 | libxml_disable_entity_loader(false); | ||
| 41 | $dom = new DOMDocument('1.0'); | ||
| 42 | $dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); | ||
| 43 | printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue); | ||
| 44 | |||
| 45 | ?> | ||
| 46 | --CLEAN-- | ||
| 47 | <?php | ||
| 48 | $dir = __DIR__; | ||
| 49 | unlink($dir . "/content.xml"); | ||
| 50 | unlink($dir . "/content.txt"); | ||
| 51 | ?> | ||
| 52 | --EXPECTF-- | ||
| 53 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d | ||
| 54 | libxml_disable_entity to true: WARNING, external entity loaded! | ||
| 55 | |||
| 56 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d | ||
| 57 | libxml_disable_entity to false: WARNING, external entity loaded! | ||
| 58 | |||
| 59 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_dom_disabled.php on line %d | ||
| 60 | |||
diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt index b6dec2d..6b48bea 100644 --- a/src/tests/xxe/disable_xxe_xml_parse.phpt +++ b/src/tests/xxe/disable_xxe_xml_parse.phpt | |||
| @@ -8,6 +8,7 @@ Disable XXE in xml_parse | |||
| 8 | echo "skip because the `xml` extension isn't loaded"; | 8 | echo "skip because the `xml` extension isn't loaded"; |
| 9 | } | 9 | } |
| 10 | ?> | 10 | ?> |
| 11 | <?php if (PHP_VERSION_ID >= 80000) print "skip"; ?> | ||
| 11 | --EXTENSIONS-- | 12 | --EXTENSIONS-- |
| 12 | xml | 13 | xml |
| 13 | --INI-- | 14 | --INI-- |
diff --git a/src/tests/xxe/disable_xxe_xml_parse_php8.phpt b/src/tests/xxe/disable_xxe_xml_parse_php8.phpt new file mode 100644 index 0000000..4a8622a --- /dev/null +++ b/src/tests/xxe/disable_xxe_xml_parse_php8.phpt | |||
| @@ -0,0 +1,106 @@ | |||
| 1 | --TEST-- | ||
| 2 | Disable XXE in xml_parse, in php8 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php | ||
| 5 | if (!extension_loaded("snuffleupagus")) { | ||
| 6 | echo "skip because snuffleupagus isn't loaded"; | ||
| 7 | } elseif (!extension_loaded("xml")) { | ||
| 8 | echo "skip because the `xml` extension isn't loaded"; | ||
| 9 | } | ||
| 10 | ?> | ||
| 11 | <?php if (PHP_VERSION_ID < 80000) print "skip"; ?> | ||
| 12 | --EXTENSIONS-- | ||
| 13 | xml | ||
| 14 | --INI-- | ||
| 15 | sp.configuration_file={PWD}/config/disable_xxe.ini | ||
| 16 | --FILE-- | ||
| 17 | <?php | ||
| 18 | $dir = __DIR__; | ||
| 19 | $content = 'WARNING, external entity loaded!'; | ||
| 20 | file_put_contents('content.txt', $content); | ||
| 21 | |||
| 22 | $xml = <<<EOD | ||
| 23 | <?xml version="1.0"?> | ||
| 24 | <!DOCTYPE root | ||
| 25 | [ | ||
| 26 | <!ENTITY foo SYSTEM "file://$dir/content.txt"> | ||
| 27 | ]> | ||
| 28 | <test><testing>&foo;</testing></test> | ||
| 29 | EOD; | ||
| 30 | |||
| 31 | file_put_contents('content.xml', $xml); | ||
| 32 | |||
| 33 | function create_parser() { | ||
| 34 | $parser = xml_parser_create(); | ||
| 35 | xml_set_element_handler( | ||
| 36 | $parser, | ||
| 37 | function($parser, $name, array $attributes) { | ||
| 38 | var_dump($name); | ||
| 39 | echo "\n"; | ||
| 40 | var_dump($attributes); | ||
| 41 | }, | ||
| 42 | function($parser, $name) { | ||
| 43 | var_dump($name); | ||
| 44 | } | ||
| 45 | ); | ||
| 46 | |||
| 47 | xml_set_character_data_handler( | ||
| 48 | $parser, | ||
| 49 | function ($parser, $text){ | ||
| 50 | echo 'text' . $text; | ||
| 51 | } | ||
| 52 | ); | ||
| 53 | |||
| 54 | return $parser; | ||
| 55 | } | ||
| 56 | |||
| 57 | libxml_disable_entity_loader(true); | ||
| 58 | $parser = create_parser(); | ||
| 59 | $doc = xml_parse($parser, $xml, true); | ||
| 60 | xml_parser_free($parser); | ||
| 61 | |||
| 62 | libxml_disable_entity_loader(false); | ||
| 63 | $parser = create_parser(); | ||
| 64 | $doc = xml_parse($parser, $xml, true); | ||
| 65 | xml_parser_free($parser); | ||
| 66 | |||
| 67 | $xml = "<test><testing>foo</testing></test>"; | ||
| 68 | file_put_contents('content.xml', $xml); | ||
| 69 | $parser = create_parser(); | ||
| 70 | $doc = xml_parse($parser, $xml, true); | ||
| 71 | xml_parser_free($parser); | ||
| 72 | |||
| 73 | --EXPECTF-- | ||
| 74 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_xml_parse.php on line 41 | ||
| 75 | string(4) "TEST" | ||
| 76 | |||
| 77 | array(0) { | ||
| 78 | } | ||
| 79 | string(7) "TESTING" | ||
| 80 | |||
| 81 | array(0) { | ||
| 82 | } | ||
| 83 | string(7) "TESTING" | ||
| 84 | string(4) "TEST" | ||
| 85 | |||
| 86 | Deprecated: Function libxml_disable_entity_loader() is deprecated in %s/tests/xxe/disable_xxe_xml_parse.php on line 46 | ||
| 87 | string(4) "TEST" | ||
| 88 | |||
| 89 | array(0) { | ||
| 90 | } | ||
| 91 | string(7) "TESTING" | ||
| 92 | |||
| 93 | array(0) { | ||
| 94 | } | ||
| 95 | string(7) "TESTING" | ||
| 96 | string(4) "TEST" | ||
| 97 | string(4) "TEST" | ||
| 98 | |||
| 99 | array(0) { | ||
| 100 | } | ||
| 101 | string(7) "TESTING" | ||
| 102 | |||
| 103 | array(0) { | ||
| 104 | } | ||
| 105 | textfoostring(7) "TESTING" | ||
| 106 | |||
