8 files changed, 196 insertions, 0 deletions
diff --git a/src/tests/deny_writable/config/config_disable_writable.ini b/src/tests/deny_writable/config/config_disable_writable.ini
new file mode 100644
index 0000000..9f90601
--- /dev/null
+++ b/src/tests/deny_writable/config/config_disable_writable.ini
@@ -0,0 +1 @@
+  sp.readonly_exec.enable();
diff --git a/src/tests/deny_writable/config/config_disable_writable_disabled.ini b/src/tests/deny_writable/config/config_disable_writable_disabled.ini
new file mode 100644
index 0000000..6a33437
--- /dev/null
+++ b/src/tests/deny_writable/config/config_disable_writable_disabled.ini
@@ -0,0 +1 @@
+  sp.readonly_exec.disable();
diff --git a/src/tests/deny_writable/config/config_disable_writable_simulation.ini b/src/tests/deny_writable/config/config_disable_writable_simulation.ini
new file mode 100644
index 0000000..52a43ba
--- /dev/null
+++ b/src/tests/deny_writable/config/config_disable_writable_simulation.ini
@@ -0,0 +1 @@
+  sp.readonly_exec.enable().simulation();
diff --git a/src/tests/deny_writable/config/dump_deny_writable_execution.ini b/src/tests/deny_writable/config/dump_deny_writable_execution.ini
new file mode 100644
index 0000000..c49f893
--- /dev/null
+++ b/src/tests/deny_writable/config/dump_deny_writable_execution.ini
@@ -0,0 +1 @@
+sp.readonly_exec.enable().simulation().dump("/tmp/dump_result/");
diff --git a/src/tests/deny_writable/deny_writable_execution.phpt b/src/tests/deny_writable/deny_writable_execution.phpt
new file mode 100644
index 0000000..916328e
--- /dev/null
+++ b/src/tests/deny_writable/deny_writable_execution.phpt
@@ -0,0 +1,43 @@
+--TEST--
+Readonly execution attempt
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) print "skip";
+$filename = __DIR__ . '/test.txt';
+@unlink($filename);
+file_put_contents($filename, 'a');
+chmod($filename, 0400);
+if (is_writable($filename)) print "skip";
+@unlink($filename);
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disable_writable.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+chmod("$dir/non_writable_file.txt", 0400);
+chmod("$dir/writable_file.txt", 0777);
+include "$dir/non_writable_file.txt";
+include "$dir/writable_file.txt";
+?>
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/deny_writable_execution.php). in %a/deny_writable_execution.php on line 2
diff --git a/src/tests/deny_writable/deny_writable_execution_disabled.phpt b/src/tests/deny_writable/deny_writable_execution_disabled.phpt
new file mode 100644
index 0000000..dd01f01
--- /dev/null
+++ b/src/tests/deny_writable/deny_writable_execution_disabled.phpt
@@ -0,0 +1,32 @@
+--TEST--
+Readonly execution attempt
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disable_writable_disabled.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+chmod("$dir/writable_file.txt", 0777);
+chmod("$dir/non_writable_file.txt", 0400);
+include "$dir/writable_file.txt";
+include "$dir/non_writable_file.txt";
+?>
+--EXPECT--
+Code execution within a writable file.
+Code execution within a non-writable file.
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>
diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
new file mode 100644
index 0000000..7fc0c63
--- /dev/null
+++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
@@ -0,0 +1,50 @@
+--TEST--
+Readonly execution attempt (simulation mode)
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) print "skip";
+// root has write privileges on any file
+if (TRUE == function_exists("posix_getuid")) {
+        if (0 == posix_getuid()) {
+                print "skip";
+        }
+} elseif (TRUE == function_exists("shell_exec")) {
+        if ("root" == trim(shell_exec("whoami"))) {
+                print "skip";
+        }
+}
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+chmod("$dir/writable_file.txt", 0777);
+chmod("$dir/non_writable_file.txt", 0400);
+include "$dir/writable_file.txt";
+include "$dir/non_writable_file.txt";
+?>
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>
+--EXPECTF--
+Warning: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php). in %a/deny_writable_execution_simulation.php on line 2
+Warning: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/writable_file.txt). in %a/deny_writable_execution_simulation.php on line 12
+Warning: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/writable_file.txt). in %a/writable_file.txt on line 1
+Code execution within a writable file.
+Code execution within a non-writable file.
diff --git a/src/tests/deny_writable/dump_deny_writable_execution.phpt b/src/tests/deny_writable/dump_deny_writable_execution.phpt
new file mode 100644
index 0000000..c6dd6cd
--- /dev/null
+++ b/src/tests/deny_writable/dump_deny_writable_execution.phpt
@@ -0,0 +1,67 @@
+--TEST--
+Readonly execution attempt (simulation mode)
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) print "skip";
+// root has write privileges on any file
+if (TRUE == function_exists("posix_getuid")) {
+        if (0 == posix_getuid()) {
+                print "skip";
+        }
+} elseif (TRUE == function_exists("shell_exec")) {
+        if ("root" == trim(shell_exec("whoami"))) {
+                print "skip";
+        }
+}
+?>
+--POST--
+post_a=data_post_a_readonly&post_b=data_post_b_readonly
+--GET--
+get_a=data_get_a_readonly&get_b=data_get_b_readonly
+--COOKIE--
+cookie_a=data_cookie_a_readonly&cookie_b=data_cookie_b_readonly
+--INI--
+sp.configuration_file={PWD}/config/dump_deny_writable_execution.ini
+--FILE--
+<?php 
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+$dir = __DIR__;
+// just in case
+@unlink("$dir/non_writable_file.txt");
+@unlink("$dir/writable_file.txt");
+file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
+file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
+chmod("$dir/writable_file.txt", 0777);
+chmod("$dir/non_writable_file.txt", 0400);
+include "$dir/writable_file.txt";
+include "$dir/non_writable_file.txt";
+$filename = glob('/tmp/dump_result/sp_dump.*')[0];
+$res = file($filename);
+if ($res[2] != "GET:get_a='data_get_a_readonly' get_b='data_get_b_readonly' \n") {
+    echo "1\n";
+} elseif ($res[3] != "POST:post_a='data_post_a_readonly' post_b='data_post_b_readonly' \n") {
+    echo "2\n";
+} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a_readonly&cookie_b=data_cookie_b_readonly' \n") {
+    echo "3\n";
+} else {
+        echo "WIN\n";
+}
+?>
+--EXPECTF--
+%a
+WIN
+--CLEAN--
+<?php
+$dir = __DIR__;
+chmod("$dir/non_writable_file.txt", 0777);
+chmod("$dir/writable_file.txt", 0777);
+unlink("$dir/non_writable_file.txt");
+unlink("$dir/writable_file.txt");
+?>

diff --git a/src/tests/deny_writable/config/config_disable_writable.ini b/src/tests/deny_writable/config/config_disable_writable.ini new file mode 100644 index 0000000..9f90601 --- /dev/null +++ b/src/tests/deny_writable/config/config_disable_writable.ini
@@ -0,0 +1 @@
		sp.readonly_exec.enable();


diff --git a/src/tests/deny_writable/config/config_disable_writable_disabled.ini b/src/tests/deny_writable/config/config_disable_writable_disabled.ini new file mode 100644 index 0000000..6a33437 --- /dev/null +++ b/src/tests/deny_writable/config/config_disable_writable_disabled.ini
@@ -0,0 +1 @@
		sp.readonly_exec.disable();


diff --git a/src/tests/deny_writable/config/config_disable_writable_simulation.ini b/src/tests/deny_writable/config/config_disable_writable_simulation.ini new file mode 100644 index 0000000..52a43ba --- /dev/null +++ b/src/tests/deny_writable/config/config_disable_writable_simulation.ini
@@ -0,0 +1 @@
		sp.readonly_exec.enable().simulation();


diff --git a/src/tests/deny_writable/config/dump_deny_writable_execution.ini b/src/tests/deny_writable/config/dump_deny_writable_execution.ini new file mode 100644 index 0000000..c49f893 --- /dev/null +++ b/src/tests/deny_writable/config/dump_deny_writable_execution.ini
@@ -0,0 +1 @@
		sp.readonly_exec.enable().simulation().dump("/tmp/dump_result/");


diff --git a/src/tests/deny_writable/deny_writable_execution.phpt b/src/tests/deny_writable/deny_writable_execution.phpt new file mode 100644 index 0000000..916328e --- /dev/null +++ b/src/tests/deny_writable/deny_writable_execution.phpt
@@ -0,0 +1,43 @@
	1	--TEST--
	2	Readonly execution attempt
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) print "skip";
	6
	7	$filename = __DIR__ . '/test.txt';
	8
	9	@unlink($filename);
	10
	11	file_put_contents($filename, 'a');
	12	chmod($filename, 0400);
	13
	14	if (is_writable($filename)) print "skip";
	15	@unlink($filename);
	16	?>
	17	--INI--
	18	sp.configuration_file={PWD}/config/config_disable_writable.ini
	19	--FILE--
	20	<?php
	21	$dir = __DIR__;
	22
	23	// just in case
	24	@unlink("$dir/non_writable_file.txt");
	25	@unlink("$dir/writable_file.txt");
	26
	27	file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
	28	file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
	29	chmod("$dir/non_writable_file.txt", 0400);
	30	chmod("$dir/writable_file.txt", 0777);
	31	include "$dir/non_writable_file.txt";
	32	include "$dir/writable_file.txt";
	33	?>
	34	--CLEAN--
	35	<?php
	36	$dir = __DIR__;
	37	chmod("$dir/non_writable_file.txt", 0777);
	38	chmod("$dir/writable_file.txt", 0777);
	39	unlink("$dir/non_writable_file.txt");
	40	unlink("$dir/writable_file.txt");
	41	?>
	42	--EXPECTF--
	43	Fatal error: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/deny_writable_execution.php). in %a/deny_writable_execution.php on line 2


diff --git a/src/tests/deny_writable/deny_writable_execution_disabled.phpt b/src/tests/deny_writable/deny_writable_execution_disabled.phpt new file mode 100644 index 0000000..dd01f01 --- /dev/null +++ b/src/tests/deny_writable/deny_writable_execution_disabled.phpt
@@ -0,0 +1,32 @@
	1	--TEST--
	2	Readonly execution attempt
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/config_disable_writable_disabled.ini
	7	--FILE--
	8	<?php
	9	$dir = __DIR__;
	10
	11	// just in case
	12	@unlink("$dir/non_writable_file.txt");
	13	@unlink("$dir/writable_file.txt");
	14
	15	file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
	16	file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
	17	chmod("$dir/writable_file.txt", 0777);
	18	chmod("$dir/non_writable_file.txt", 0400);
	19	include "$dir/writable_file.txt";
	20	include "$dir/non_writable_file.txt";
	21	?>
	22	--EXPECT--
	23	Code execution within a writable file.
	24	Code execution within a non-writable file.
	25	--CLEAN--
	26	<?php
	27	$dir = __DIR__;
	28	chmod("$dir/non_writable_file.txt", 0777);
	29	chmod("$dir/writable_file.txt", 0777);
	30	unlink("$dir/non_writable_file.txt");
	31	unlink("$dir/writable_file.txt");
	32	?>


diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt new file mode 100644 index 0000000..7fc0c63 --- /dev/null +++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt
@@ -0,0 +1,50 @@
	1	--TEST--
	2	Readonly execution attempt (simulation mode)
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) print "skip";
	6
	7	// root has write privileges on any file
	8	if (TRUE == function_exists("posix_getuid")) {
	9	if (0 == posix_getuid()) {
	10	print "skip";
	11	}
	12	} elseif (TRUE == function_exists("shell_exec")) {
	13	if ("root" == trim(shell_exec("whoami"))) {
	14	print "skip";
	15	}
	16	}
	17	?>
	18	--INI--
	19	sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini
	20	--FILE--
	21	<?php
	22	$dir = __DIR__;
	23
	24	// just in case
	25	@unlink("$dir/non_writable_file.txt");
	26	@unlink("$dir/writable_file.txt");
	27
	28	file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
	29	file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
	30	chmod("$dir/writable_file.txt", 0777);
	31	chmod("$dir/non_writable_file.txt", 0400);
	32	include "$dir/writable_file.txt";
	33	include "$dir/non_writable_file.txt";
	34	?>
	35	--CLEAN--
	36	<?php
	37	$dir = __DIR__;
	38	chmod("$dir/non_writable_file.txt", 0777);
	39	chmod("$dir/writable_file.txt", 0777);
	40	unlink("$dir/non_writable_file.txt");
	41	unlink("$dir/writable_file.txt");
	42	?>
	43	--EXPECTF--
	44	Warning: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/deny_writable_execution_simulation.php). in %a/deny_writable_execution_simulation.php on line 2
	45
	46	Warning: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/writable_file.txt). in %a/deny_writable_execution_simulation.php on line 12
	47
	48	Warning: [snuffleupagus][readonly_exec] Attempted execution of a writable file (%a/writable_file.txt). in %a/writable_file.txt on line 1
	49	Code execution within a writable file.
	50	Code execution within a non-writable file.


diff --git a/src/tests/deny_writable/dump_deny_writable_execution.phpt b/src/tests/deny_writable/dump_deny_writable_execution.phpt new file mode 100644 index 0000000..c6dd6cd --- /dev/null +++ b/src/tests/deny_writable/dump_deny_writable_execution.phpt
@@ -0,0 +1,67 @@
	1	--TEST--
	2	Readonly execution attempt (simulation mode)
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) print "skip";
	6
	7	// root has write privileges on any file
	8	if (TRUE == function_exists("posix_getuid")) {
	9	if (0 == posix_getuid()) {
	10	print "skip";
	11	}
	12	} elseif (TRUE == function_exists("shell_exec")) {
	13	if ("root" == trim(shell_exec("whoami"))) {
	14	print "skip";
	15	}
	16	}
	17	?>
	18	--POST--
	19	post_a=data_post_a_readonly&post_b=data_post_b_readonly
	20	--GET--
	21	get_a=data_get_a_readonly&get_b=data_get_b_readonly
	22	--COOKIE--
	23	cookie_a=data_cookie_a_readonly&cookie_b=data_cookie_b_readonly
	24	--INI--
	25	sp.configuration_file={PWD}/config/dump_deny_writable_execution.ini
	26	--FILE--
	27	<?php
	28	@mkdir("/tmp/dump_result/");
	29	foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
	30	@unlink($dump);
	31	}
	32	$dir = __DIR__;
	33
	34	// just in case
	35	@unlink("$dir/non_writable_file.txt");
	36	@unlink("$dir/writable_file.txt");
	37
	38	file_put_contents("$dir/writable_file.txt", '<?php echo "Code execution within a writable file.\n";');
	39	file_put_contents("$dir/non_writable_file.txt", '<?php echo "Code execution within a non-writable file.\n";');
	40	chmod("$dir/writable_file.txt", 0777);
	41	chmod("$dir/non_writable_file.txt", 0400);
	42	include "$dir/writable_file.txt";
	43	include "$dir/non_writable_file.txt";
	44
	45	$filename = glob('/tmp/dump_result/sp_dump.*')[0];
	46	$res = file($filename);
	47	if ($res[2] != "GET:get_a='data_get_a_readonly' get_b='data_get_b_readonly' \n") {
	48	echo "1\n";
	49	} elseif ($res[3] != "POST:post_a='data_post_a_readonly' post_b='data_post_b_readonly' \n") {
	50	echo "2\n";
	51	} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a_readonly&cookie_b=data_cookie_b_readonly' \n") {
	52	echo "3\n";
	53	} else {
	54	echo "WIN\n";
	55	}
	56	?>
	57	--EXPECTF--
	58	%a
	59	WIN
	60	--CLEAN--
	61	<?php
	62	$dir = __DIR__;
	63	chmod("$dir/non_writable_file.txt", 0777);
	64	chmod("$dir/writable_file.txt", 0777);
	65	unlink("$dir/non_writable_file.txt");
	66	unlink("$dir/writable_file.txt");
	67	?>