Add .dump() for eval whitelist/blacklist + simulation mode for whitelist

author: kkadosh 2018-03-02 13:31:56 +0000
committer: jvoisin 2018-03-02 14:31:56 +0100
commit: 17a09fafa2b569f0ce548220fd099cdf88e3a71e (patch)
tree: 7d07f6ba92635959fbae9b1ec9fa6470d3bf6576 /src/tests
parent: bdd2cfc430d4b841c24a6c08e7934d667bdc6637 (diff)
10 files changed, 135 insertions, 12 deletions
diff --git a/src/tests/config/dump_eval_blacklist.ini b/src/tests/config/dump_eval_blacklist.ini
new file mode 100644
index 0000000..503143a
--- /dev/null
+++ b/src/tests/config/dump_eval_blacklist.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strlen").dump("/tmp/dump_result/").simulation();
diff --git a/src/tests/config/dump_eval_whitelist.ini b/src/tests/config/dump_eval_whitelist.ini
new file mode 100644
index 0000000..2a6c909
--- /dev/null
+++ b/src/tests/config/dump_eval_whitelist.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos").simulation().dump("/tmp/dump_result/");
diff --git a/src/tests/config/eval_whitelist_simulation.ini b/src/tests/config/eval_whitelist_simulation.ini
new file mode 100644
index 0000000..9d94db3
--- /dev/null
+++ b/src/tests/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos").simulation();
diff --git a/src/tests/dump_eval_blacklist.phpt b/src/tests/dump_eval_blacklist.phpt
new file mode 100644
index 0000000..19da8cd
--- /dev/null
+++ b/src/tests/dump_eval_blacklist.phpt
@@ -0,0 +1,39 @@
+--TEST--
+Dump eval blacklist
+--SKIPIF--
+<?php 
+if (!extension_loaded("snuffleupagus")) die "skip";
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b
+--GET--
+get_a=data_get_a&get_b=data_get_b
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b
+--INI--
+sp.configuration_file={PWD}/config/dump_eval_blacklist.ini
+--FILE--
+<?php
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+$filename = glob('/tmp/dump_result/sp_dump.*')[0];
+$res = file($filename);
+if ($res[2] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
+    echo "1\n";
+} elseif ($res[3] != "POST:post_a='data_post_a' post_b='data_post_b' \n") {
+    echo "2\n";
+} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
+    echo "3\n";
+}
+?>
+--EXPECTF--
+Outside of eval: 14
+[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/dump_eval_blacklist.php:1, logging it.
+After eval: 4
diff --git a/src/tests/dump_eval_whitelist.phpt b/src/tests/dump_eval_whitelist.phpt
new file mode 100644
index 0000000..24ca1d1
--- /dev/null
+++ b/src/tests/dump_eval_whitelist.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Dump eval whitelist
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) die "skip";
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b
+--GET--
+get_a=data_get_a&get_b=data_get_b
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b
+--INI--
+sp.configuration_file={PWD}/config/dump_eval_whitelist.ini
+--FILE--
+<?php
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+function my_fun($p) {
+        return "my_fun: $p";
+}
+function my_other_fun($p) {
+        return "my_other_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+$filename = glob('/tmp/dump_result/sp_dump.*')[0];
+$res = file($filename);
+if ($res[2] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
+    echo "1\n";
+} elseif ($res[3] != "POST:post_a='data_post_a' post_b='data_post_b' \n") {
+    echo "2\n";
+} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
+    echo "3\n";
+}
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+[snuffleupagus][0.0.0.0][Eval_whitelist][simulation] The function 'my_other_fun' isn't in the eval whitelist, logging its call.
+After eval: my_other_fun: 1234
diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt
index 23cafdc..abff870 100644
--- a/src/tests/dump_request.phpt
+++ b/src/tests/dump_request.phpt
@@ -22,6 +22,9 @@ sp.configuration_file={PWD}/config/dump_request.ini
 --FILE--
 <?php
 @mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
 echo "1\n";
 system("echo 1337;");
 $filename = glob('/tmp/dump_result/sp_dump.*')[0];
diff --git a/src/tests/dump_request_too_big.phpt b/src/tests/dump_request_too_big.phpt
index 795a5c2..d67ce6f 100644
--- a/src/tests/dump_request_too_big.phpt
+++ b/src/tests/dump_request_too_big.phpt
@@ -4,12 +4,7 @@ Dump request -- to big, so it's truncated.
 <?php
 if (!extension_loaded("snuffleupagus")) {
    print "skip";
-} 
-foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
-    @unlink($dump);
 }
-@rmdir("/tmp/dump_result/");
 ?>
 --POST--
 post_a=data_post_a&post_b=data_post_b&post_c=c
@@ -25,6 +20,11 @@ END;
 sp.configuration_file={PWD}/config/dump_request.ini
 --FILE--
 <?php
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
 echo "1\n";
 system("echo 1337;");
 $filename = glob('/tmp/dump_result/*')[0];
diff --git a/src/tests/dump_unserialize.phpt b/src/tests/dump_unserialize.phpt
index 9c3906d..dfa8501 100644
--- a/src/tests/dump_unserialize.phpt
+++ b/src/tests/dump_unserialize.phpt
@@ -5,11 +5,6 @@ Dump unserialize
 if (!extension_loaded("snuffleupagus")) {
    print "skip";
 } 
-foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
-    @unlink($dump);
-}
-@rmdir("/tmp/dump_result/");
 ?>
 --POST--
 post_a=data_post_a&post_b=data_post_b
@@ -22,6 +17,10 @@ sp.configuration_file={PWD}/config/dump_unserialize.ini
 --FILE--
 <?php
 @mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
 echo "1\n";
 var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdhflkasjdf'));
 $filename = glob('/tmp/dump_result/sp_dump.*')[0];
diff --git a/src/tests/eval_backlist_simulation.phpt b/src/tests/eval_backlist_simulation.phpt
index ddeae60..bea5115 100644
--- a/src/tests/eval_backlist_simulation.phpt
+++ b/src/tests/eval_backlist_simulation.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Eval blacklist
+Eval blacklist simulation
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--
@@ -13,5 +13,5 @@ echo "After eval: $a\n";
 ?>
 --EXPECTF--
 Outside of eval: 14
-[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/tests/eval_backlist_simulation.php:1, dropping it.
+[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/tests/eval_backlist_simulation.php:1, logging it.
 After eval: 4
diff --git a/src/tests/eval_whitelist_simulation.phpt b/src/tests/eval_whitelist_simulation.phpt
new file mode 100644
index 0000000..ff2f970
--- /dev/null
+++ b/src/tests/eval_whitelist_simulation.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Eval whitelist simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+function my_other_fun($p) {
+        return "my_other_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+[snuffleupagus][0.0.0.0][Eval_whitelist][simulation] The function 'my_other_fun' isn't in the eval whitelist, logging its call.
+After eval: my_other_fun: 1234
+\ No newline at end of file
author	kkadosh	2018-03-02 13:31:56 +0000
committer	jvoisin	2018-03-02 14:31:56 +0100
commit	17a09fafa2b569f0ce548220fd099cdf88e3a71e (patch)
tree	7d07f6ba92635959fbae9b1ec9fa6470d3bf6576 /src/tests
parent	bdd2cfc430d4b841c24a6c08e7934d667bdc6637 (diff)

diff --git a/src/tests/config/dump_eval_blacklist.ini b/src/tests/config/dump_eval_blacklist.ini new file mode 100644 index 0000000..503143a --- /dev/null +++ b/src/tests/config/dump_eval_blacklist.ini
@@ -0,0 +1 @@
			sp.eval_blacklist.list("strlen").dump("/tmp/dump_result/").simulation();


diff --git a/src/tests/config/dump_eval_whitelist.ini b/src/tests/config/dump_eval_whitelist.ini new file mode 100644 index 0000000..2a6c909 --- /dev/null +++ b/src/tests/config/dump_eval_whitelist.ini
@@ -0,0 +1 @@
			sp.eval_whitelist.list("my_fun,cos").simulation().dump("/tmp/dump_result/");


diff --git a/src/tests/config/eval_whitelist_simulation.ini b/src/tests/config/eval_whitelist_simulation.ini new file mode 100644 index 0000000..9d94db3 --- /dev/null +++ b/src/tests/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
			sp.eval_whitelist.list("my_fun,cos").simulation();


diff --git a/src/tests/dump_eval_blacklist.phpt b/src/tests/dump_eval_blacklist.phpt new file mode 100644 index 0000000..19da8cd --- /dev/null +++ b/src/tests/dump_eval_blacklist.phpt
@@ -0,0 +1,39 @@
		1	--TEST--
		2	Dump eval blacklist
		3	--SKIPIF--
		4	<?php
		5	if (!extension_loaded("snuffleupagus")) die "skip";
		6	?>
		7	--POST--
		8	post_a=data_post_a&post_b=data_post_b
		9	--GET--
		10	get_a=data_get_a&get_b=data_get_b
		11	--COOKIE--
		12	cookie_a=data_cookie_a&cookie_b=data_cookie_b
		13	--INI--
		14	sp.configuration_file={PWD}/config/dump_eval_blacklist.ini
		15	--FILE--
		16	<?php
		17	@mkdir("/tmp/dump_result/");
		18	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
		19	@unlink($dump);
		20	}
		21
		22	$a = strlen("1337 1337 1337");
		23	echo "Outside of eval: $a\n";
		24	eval('$a = strlen("1234");');
		25	echo "After eval: $a\n";
		26	$filename = glob('/tmp/dump_result/sp_dump.*')[0];
		27	$res = file($filename);
		28	if ($res[2] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
		29	echo "1\n";
		30	} elseif ($res[3] != "POST:post_a='data_post_a' post_b='data_post_b' \n") {
		31	echo "2\n";
		32	} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
		33	echo "3\n";
		34	}
		35	?>
		36	--EXPECTF--
		37	Outside of eval: 14
		38	[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/dump_eval_blacklist.php:1, logging it.
		39	After eval: 4


diff --git a/src/tests/dump_eval_whitelist.phpt b/src/tests/dump_eval_whitelist.phpt new file mode 100644 index 0000000..24ca1d1 --- /dev/null +++ b/src/tests/dump_eval_whitelist.phpt
@@ -0,0 +1,51 @@
		1	--TEST--
		2	Dump eval whitelist
		3	--SKIPIF--
		4	<?php
		5	if (!extension_loaded("snuffleupagus")) die "skip";
		6	?>
		7	--POST--
		8	post_a=data_post_a&post_b=data_post_b
		9	--GET--
		10	get_a=data_get_a&get_b=data_get_b
		11	--COOKIE--
		12	cookie_a=data_cookie_a&cookie_b=data_cookie_b
		13	--INI--
		14	sp.configuration_file={PWD}/config/dump_eval_whitelist.ini
		15	--FILE--
		16	<?php
		17	@mkdir("/tmp/dump_result/");
		18	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
		19	@unlink($dump);
		20	}
		21
		22	function my_fun($p) {
		23	return "my_fun: $p";
		24	}
		25
		26	function my_other_fun($p) {
		27	return "my_other_fun: $p";
		28	}
		29
		30	$a = my_fun("1337 1337 1337");
		31	echo "Outside of eval: $a\n";
		32	eval('$a = my_fun("1234");');
		33	echo "After allowed eval: $a\n";
		34	eval('$a = my_other_fun("1234");');
		35	echo "After eval: $a\n";
		36	$filename = glob('/tmp/dump_result/sp_dump.*')[0];
		37	$res = file($filename);
		38	if ($res[2] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
		39	echo "1\n";
		40	} elseif ($res[3] != "POST:post_a='data_post_a' post_b='data_post_b' \n") {
		41	echo "2\n";
		42	} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
		43	echo "3\n";
		44	}
		45
		46	?>
		47	--EXPECTF--
		48	Outside of eval: my_fun: 1337 1337 1337
		49	After allowed eval: my_fun: 1234
		50	[snuffleupagus][0.0.0.0][Eval_whitelist][simulation] The function 'my_other_fun' isn't in the eval whitelist, logging its call.
		51	After eval: my_other_fun: 1234


diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt index 23cafdc..abff870 100644 --- a/src/tests/dump_request.phpt +++ b/src/tests/dump_request.phpt
@@ -22,6 +22,9 @@ sp.configuration_file={PWD}/config/dump_request.ini
22	--FILE--	22	--FILE--
23	<?php	23	<?php
24	@mkdir("/tmp/dump_result/");	24	@mkdir("/tmp/dump_result/");
		25	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
		26	@unlink($dump);
		27	}
25	echo "1\n";	28	echo "1\n";
26	system("echo 1337;");	29	system("echo 1337;");
27	$filename = glob('/tmp/dump_result/sp_dump.*')[0];	30	$filename = glob('/tmp/dump_result/sp_dump.*')[0];


diff --git a/src/tests/dump_request_too_big.phpt b/src/tests/dump_request_too_big.phpt index 795a5c2..d67ce6f 100644 --- a/src/tests/dump_request_too_big.phpt +++ b/src/tests/dump_request_too_big.phpt
@@ -4,12 +4,7 @@ Dump request -- to big, so it's truncated.
4	<?php	4	<?php
5	if (!extension_loaded("snuffleupagus")) {	5	if (!extension_loaded("snuffleupagus")) {
6	print "skip";	6	print "skip";
7	}
8
9	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
10	@unlink($dump);
11	}	7	}
12	@rmdir("/tmp/dump_result/");
13	?>	8	?>
14	--POST--	9	--POST--
15	post_a=data_post_a&post_b=data_post_b&post_c=c	10	post_a=data_post_a&post_b=data_post_b&post_c=c
@@ -25,6 +20,11 @@ END;
25	sp.configuration_file={PWD}/config/dump_request.ini	20	sp.configuration_file={PWD}/config/dump_request.ini
26	--FILE--	21	--FILE--
27	<?php	22	<?php
		23	@mkdir("/tmp/dump_result/");
		24	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
		25	@unlink($dump);
		26	}
		27
28	echo "1\n";	28	echo "1\n";
29	system("echo 1337;");	29	system("echo 1337;");
30	$filename = glob('/tmp/dump_result/*')[0];	30	$filename = glob('/tmp/dump_result/*')[0];


diff --git a/src/tests/dump_unserialize.phpt b/src/tests/dump_unserialize.phpt index 9c3906d..dfa8501 100644 --- a/src/tests/dump_unserialize.phpt +++ b/src/tests/dump_unserialize.phpt
@@ -5,11 +5,6 @@ Dump unserialize
5	if (!extension_loaded("snuffleupagus")) {	5	if (!extension_loaded("snuffleupagus")) {
6	print "skip";	6	print "skip";
7	}	7	}
8
9	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
10	@unlink($dump);
11	}
12	@rmdir("/tmp/dump_result/");
13	?>	8	?>
14	--POST--	9	--POST--
15	post_a=data_post_a&post_b=data_post_b	10	post_a=data_post_a&post_b=data_post_b
@@ -22,6 +17,10 @@ sp.configuration_file={PWD}/config/dump_unserialize.ini
22	--FILE--	17	--FILE--
23	<?php	18	<?php
24	@mkdir("/tmp/dump_result/");	19	@mkdir("/tmp/dump_result/");
		20	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
		21	@unlink($dump);
		22	}
		23
25	echo "1\n";	24	echo "1\n";
26	var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdhflkasjdf'));	25	var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdhflkasjdf'));
27	$filename = glob('/tmp/dump_result/sp_dump.*')[0];	26	$filename = glob('/tmp/dump_result/sp_dump.*')[0];


diff --git a/src/tests/eval_backlist_simulation.phpt b/src/tests/eval_backlist_simulation.phpt index ddeae60..bea5115 100644 --- a/src/tests/eval_backlist_simulation.phpt +++ b/src/tests/eval_backlist_simulation.phpt
@@ -1,5 +1,5 @@
1	--TEST--	1	--TEST--
2	Eval blacklist	2	Eval blacklist simulation
3	--SKIPIF--	3	--SKIPIF--
4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
5	--INI--	5	--INI--
@@ -13,5 +13,5 @@ echo "After eval: $a\n";
13	?>	13	?>
14	--EXPECTF--	14	--EXPECTF--
15	Outside of eval: 14	15	Outside of eval: 14
16	[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/tests/eval_backlist_simulation.php:1, dropping it.	16	[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/tests/eval_backlist_simulation.php:1, logging it.
17	After eval: 4	17	After eval: 4


diff --git a/src/tests/eval_whitelist_simulation.phpt b/src/tests/eval_whitelist_simulation.phpt new file mode 100644 index 0000000..ff2f970 --- /dev/null +++ b/src/tests/eval_whitelist_simulation.phpt
@@ -0,0 +1,28 @@
		1	--TEST--
		2	Eval whitelist simulation
		3	--SKIPIF--
		4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
		5	--INI--
		6	sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
		7	--FILE--
		8	<?php
		9	function my_fun($p) {
		10	return "my_fun: $p";
		11	}
		12
		13	function my_other_fun($p) {
		14	return "my_other_fun: $p";
		15	}
		16
		17	$a = my_fun("1337 1337 1337");
		18	echo "Outside of eval: $a\n";
		19	eval('$a = my_fun("1234");');
		20	echo "After allowed eval: $a\n";
		21	eval('$a = my_other_fun("1234");');
		22	echo "After eval: $a\n";
		23	?>
		24	--EXPECTF--
		25	Outside of eval: my_fun: 1337 1337 1337
		26	After allowed eval: my_fun: 1234
		27	[snuffleupagus][0.0.0.0][Eval_whitelist][simulation] The function 'my_other_fun' isn't in the eval whitelist, logging its call.
		28	After eval: my_other_fun: 1234 \ No newline at end of file