Fix a bypass in our eval blacklist

author: jvoisin 2018-01-05 11:07:15 +0100
committer: jvoisin 2018-01-05 11:07:15 +0100
commit: c463edcee51dfab4358f1aff5a70c2f2f940a20b (patch)
tree: dd25db9755700294f4f15cb226a25e70df5b88d5 /src/tests
parent: 3b113be573cdbca20ce9ec9c0a6efb25ccf51db5 (diff)
1 files changed, 28 insertions, 0 deletions
diff --git a/src/tests/nested_eval_blacklist2.phpt b/src/tests/nested_eval_blacklist2.phpt
new file mode 100644
index 0000000..3b13e30
--- /dev/null
+++ b/src/tests/nested_eval_blacklist2.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Eval blacklist - nested eval, with a twist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval(
+        "echo 'Inception lvl 1...\n';
+   eval(
+     'echo \"Inception lvl 2...\n\";
+      eval(
+                                 \"echo \'Inception lvl 3...\n\';
+       \");
+                         strlen(\'Limbo!\');
+   ');
+");
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Inception lvl 1...
+Inception lvl 2...
+Inception lvl 3...
+[snuffleupagus][0.0.0.0][eval][drop] A call to strlen was tried in eval, in %a/tests/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it.
author	jvoisin	2018-01-05 11:07:15 +0100
committer	jvoisin	2018-01-05 11:07:15 +0100
commit	c463edcee51dfab4358f1aff5a70c2f2f940a20b (patch)
tree	dd25db9755700294f4f15cb226a25e70df5b88d5 /src/tests
parent	3b113be573cdbca20ce9ec9c0a6efb25ccf51db5 (diff)

diff --git a/src/tests/nested_eval_blacklist2.phpt b/src/tests/nested_eval_blacklist2.phpt new file mode 100644 index 0000000..3b13e30 --- /dev/null +++ b/src/tests/nested_eval_blacklist2.phpt
@@ -0,0 +1,28 @@
	1	--TEST--
	2	Eval blacklist - nested eval, with a twist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval(
	12	"echo 'Inception lvl 1...\n';
	13	eval(
	14	'echo \"Inception lvl 2...\n\";
	15	eval(
	16	\"echo \'Inception lvl 3...\n\';
	17	\");
	18	strlen(\'Limbo!\');
	19	');
	20	");
	21	echo "After eval: $a\n";
	22	?>
	23	--EXPECTF--
	24	Outside of eval: 14
	25	Inception lvl 1...
	26	Inception lvl 2...
	27	Inception lvl 3...
	28	[snuffleupagus][0.0.0.0][eval][drop] A call to strlen was tried in eval, in %a/tests/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it.