20 files changed, 326 insertions, 0 deletions
diff --git a/src/tests/eval_blacklist/config/eval_backlist.ini b/src/tests/eval_blacklist/config/eval_backlist.ini
new file mode 100644
index 0000000..b181598
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_backlist.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strlen");
diff --git a/src/tests/eval_blacklist/config/eval_backlist_list.ini b/src/tests/eval_blacklist/config/eval_backlist_list.ini
new file mode 100644
index 0000000..b395d03
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_backlist_list.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strcmp,strlen");
diff --git a/src/tests/eval_blacklist/config/eval_backlist_simulation.ini b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini
new file mode 100644
index 0000000..2d8dc73
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strlen").simulation();
diff --git a/src/tests/eval_blacklist/config/eval_whitelist.ini b/src/tests/eval_blacklist/config/eval_whitelist.ini
new file mode 100644
index 0000000..7a8f6ef
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_whitelist.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos");
diff --git a/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini
new file mode 100644
index 0000000..4e7bc8e
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini
@@ -0,0 +1,2 @@
+sp.eval_blacklist.list("my_fun,cos,tan");
+sp.eval_whitelist.list("my_fun,tan");
diff --git a/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini
new file mode 100644
index 0000000..9d94db3
--- /dev/null
+++ b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos").simulation();
diff --git a/src/tests/eval_blacklist/eval_backlist.phpt b/src/tests/eval_blacklist/eval_backlist.phpt
new file mode 100644
index 0000000..f24af96
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Eval blacklist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist.php:1, dropping it. in %a/eval_backlist.php(4) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt
new file mode 100644
index 0000000..47e8d71
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Eval blacklist - with several calls in an eval.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+eval('
+        call_user_func("strlen", 2);
+')
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_call_user_func.php:%d, dropping it. in %s/eval_backlist_call_user_func.php(%d) : eval()'d code on line %d
diff --git a/src/tests/eval_blacklist/eval_backlist_chained.phpt b/src/tests/eval_blacklist/eval_backlist_chained.phpt
new file mode 100644
index 0000000..2360e06
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_chained.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Eval blacklist - with several calls in an eval.
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+eval('
+        cos(1);
+        strlen(2);
+        sin(3);
+')
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_chained.php:%d, dropping it. in %s/eval_backlist_chained.php(%d) : eval()'d code on line %d
diff --git a/src/tests/eval_blacklist/eval_backlist_list.phpt b/src/tests/eval_blacklist/eval_backlist_list.phpt
new file mode 100644
index 0000000..5bf0ea8
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_list.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Eval blacklist - with a list of functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist_list.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_list.php:1, dropping it. in %a/eval_backlist_list.php(4) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_simulation.phpt b/src/tests/eval_blacklist/eval_backlist_simulation.phpt
new file mode 100644
index 0000000..3089c2d
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_simulation.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Eval blacklist simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist_simulation.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Warning: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_simulation.php:1, logging it. in %a/eval_backlist_simulation.php(4) : eval()'d code on line 1
+After eval: 4
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt
new file mode 100644
index 0000000..e5650b2
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Eval whitelist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = cos(1234);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist.php(10) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt
new file mode 100644
index 0000000..2f8bc19
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Eval whitelist/blacklist, on builtin functions
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+$a = tan(1);
+echo "Outside of eval: $a\n";
+eval('$a = tan(1);');
+echo "After allowed eval: $a\n";
+eval('$a = cos(1234);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 1.5574077246549
+After allowed eval: 1.5574077246549
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist_builtin.php(10) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist.phpt b/src/tests/eval_blacklist/eval_whitelist.phpt
new file mode 100644
index 0000000..a602d0d
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Eval whitelist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+function my_other_fun($p) {
+        return "my_other_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist.php on line 7
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt
new file mode 100644
index 0000000..5ed383d
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt
@@ -0,0 +1,20 @@
+--TEST--
+Eval whitelist - builtin function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+$a = cos(1);
+echo "Outside of eval: $a\n";
+eval('$a = cos(5);');
+echo "After allowed eval: $a\n";
+eval('$a = sin(4);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 0.54030230586814
+After allowed eval: 0.28366218546323
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_builtin.php(6) : eval()'d code on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt
new file mode 100644
index 0000000..5ff3bff
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt
@@ -0,0 +1,30 @@
+--TEST--
+Eval whitelist - builtin function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+$b = 1337;
+$dir = __DIR__;
+file_put_contents($dir . '/test.bla', '<?php $b = sin(1) ?>');
+$a = cos(1);
+echo "Outside of eval: $a\n";
+eval('$a = cos(5);');
+echo "After allowed eval: $a\n";
+eval("include_once('$dir' . '/test.bla');");
+echo "After eval: $b\n";
+?>
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . '/test.bla');
+?>
+--EXPECTF--
+Outside of eval: 0.54030230586814
+After allowed eval: 0.28366218546323
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/test.bla on line 1
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_simulation.phpt b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt
new file mode 100644
index 0000000..c4a3efa
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Eval whitelist simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
+--FILE--
+<?php 
+function my_fun($p) {
+        return "my_fun: $p";
+}
+function my_other_fun($p) {
+        return "my_other_fun: $p";
+}
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+Warning: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, logging its call. in %a/eval_whitelist_simulation.php on line 7
+After eval: my_other_fun: 1234
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt
new file mode 100644
index 0000000..dbc7d93
--- /dev/null
+++ b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt
@@ -0,0 +1,24 @@
+--TEST--
+Eval whitelist - builtin function
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist.ini
+--FILE--
+<?php 
+function my_fun() {
+        return sin(10);
+}
+$a = my_fun(1);
+echo "Outside of eval: $a\n";
+eval('$a = my_fun(5);');
+echo "After allowed eval: $a\n";
+eval('$a = my_fun(4);');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: -0.54402111088937
+Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_user_then_builtin.php on line 4
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/nested_eval_blacklist.phpt b/src/tests/eval_blacklist/nested_eval_blacklist.phpt
new file mode 100644
index 0000000..9671a65
--- /dev/null
+++ b/src/tests/eval_blacklist/nested_eval_blacklist.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Eval blacklist - nested eval
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval(
+        "echo 'Inception lvl 1...\n';
+   eval(
+     'echo \"Inception lvl 2...\n\";
+      eval(
+                                 \"echo \'Inception lvl 3...\n\';
+          strlen(\'Limbo!\');
+       \");
+   ');
+");
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Inception lvl 1...
+Inception lvl 2...
+Inception lvl 3...
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code:3, dropping it. in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code(4) : eval()'d code on line 3
+\ No newline at end of file
diff --git a/src/tests/eval_blacklist/nested_eval_blacklist2.phpt b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt
new file mode 100644
index 0000000..aee41db
--- /dev/null
+++ b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt
@@ -0,0 +1,29 @@
+--TEST--
+Eval blacklist - nested eval, with a twist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval(
+        "echo 'Inception lvl 1...\n';
+   eval(
+     'echo \"Inception lvl 2...\n\";
+      eval(
+                                 \"echo \'Inception lvl 3...\n\';
+       \");
+                         strlen(\'Limbo!\');
+   ');
+");
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Inception lvl 1...
+Inception lvl 2...
+Inception lvl 3...
+Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it. in %a/nested_eval_blacklist2.php(5) : eval()'d code(4) : eval()'d code on line 7
+\ No newline at end of file

diff --git a/src/tests/eval_blacklist/config/eval_backlist.ini b/src/tests/eval_blacklist/config/eval_backlist.ini new file mode 100644 index 0000000..b181598 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_backlist.ini
@@ -0,0 +1 @@
		sp.eval_blacklist.list("strlen");


diff --git a/src/tests/eval_blacklist/config/eval_backlist_list.ini b/src/tests/eval_blacklist/config/eval_backlist_list.ini new file mode 100644 index 0000000..b395d03 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_backlist_list.ini
@@ -0,0 +1 @@
		sp.eval_blacklist.list("strcmp,strlen");


diff --git a/src/tests/eval_blacklist/config/eval_backlist_simulation.ini b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini new file mode 100644 index 0000000..2d8dc73 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_backlist_simulation.ini
@@ -0,0 +1 @@
		sp.eval_blacklist.list("strlen").simulation();


diff --git a/src/tests/eval_blacklist/config/eval_whitelist.ini b/src/tests/eval_blacklist/config/eval_whitelist.ini new file mode 100644 index 0000000..7a8f6ef --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_whitelist.ini
@@ -0,0 +1 @@
		sp.eval_whitelist.list("my_fun,cos");


diff --git a/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini new file mode 100644 index 0000000..4e7bc8e --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_whitelist_blacklist.ini
@@ -0,0 +1,2 @@
	1	sp.eval_blacklist.list("my_fun,cos,tan");
	2	sp.eval_whitelist.list("my_fun,tan");


diff --git a/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini new file mode 100644 index 0000000..9d94db3 --- /dev/null +++ b/src/tests/eval_blacklist/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
		sp.eval_whitelist.list("my_fun,cos").simulation();


diff --git a/src/tests/eval_blacklist/eval_backlist.phpt b/src/tests/eval_blacklist/eval_backlist.phpt new file mode 100644 index 0000000..f24af96 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist.phpt
@@ -0,0 +1,17 @@
	1	--TEST--
	2	Eval blacklist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval('$a = strlen("1234");');
	12	echo "After eval: $a\n";
	13	?>
	14	--EXPECTF--
	15	Outside of eval: 14
	16
	17	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist.php:1, dropping it. in %a/eval_backlist.php(4) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt new file mode 100644 index 0000000..47e8d71 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt
@@ -0,0 +1,14 @@
	1	--TEST--
	2	Eval blacklist - with several calls in an eval.
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	eval('
	10	call_user_func("strlen", 2);
	11	')
	12	?>
	13	--EXPECTF--
	14	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_call_user_func.php:%d, dropping it. in %s/eval_backlist_call_user_func.php(%d) : eval()'d code on line %d


diff --git a/src/tests/eval_blacklist/eval_backlist_chained.phpt b/src/tests/eval_blacklist/eval_backlist_chained.phpt new file mode 100644 index 0000000..2360e06 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_chained.phpt
@@ -0,0 +1,16 @@
	1	--TEST--
	2	Eval blacklist - with several calls in an eval.
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	eval('
	10	cos(1);
	11	strlen(2);
	12	sin(3);
	13	')
	14	?>
	15	--EXPECTF--
	16	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %s/eval_backlist_chained.php:%d, dropping it. in %s/eval_backlist_chained.php(%d) : eval()'d code on line %d


diff --git a/src/tests/eval_blacklist/eval_backlist_list.phpt b/src/tests/eval_blacklist/eval_backlist_list.phpt new file mode 100644 index 0000000..5bf0ea8 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_list.phpt
@@ -0,0 +1,17 @@
	1	--TEST--
	2	Eval blacklist - with a list of functions
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist_list.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval('$a = strlen("1234");');
	12	echo "After eval: $a\n";
	13	?>
	14	--EXPECTF--
	15	Outside of eval: 14
	16
	17	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_list.php:1, dropping it. in %a/eval_backlist_list.php(4) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_simulation.phpt b/src/tests/eval_blacklist/eval_backlist_simulation.phpt new file mode 100644 index 0000000..3089c2d --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_simulation.phpt
@@ -0,0 +1,18 @@
	1	--TEST--
	2	Eval blacklist simulation
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist_simulation.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval('$a = strlen("1234");');
	12	echo "After eval: $a\n";
	13	?>
	14	--EXPECTF--
	15	Outside of eval: 14
	16
	17	Warning: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/eval_backlist_simulation.php:1, logging it. in %a/eval_backlist_simulation.php(4) : eval()'d code on line 1
	18	After eval: 4 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt new file mode 100644 index 0000000..e5650b2 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_whitelist.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Eval whitelist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	$a = my_fun("1337 1337 1337");
	14	echo "Outside of eval: $a\n";
	15	eval('$a = my_fun("1234");');
	16	echo "After allowed eval: $a\n";
	17	eval('$a = cos(1234);');
	18	echo "After eval: $a\n";
	19	?>
	20	--EXPECTF--
	21	Outside of eval: my_fun: 1337 1337 1337
	22	After allowed eval: my_fun: 1234
	23
	24	Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist.php(10) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt new file mode 100644 index 0000000..2f8bc19 --- /dev/null +++ b/src/tests/eval_blacklist/eval_backlist_whitelist_builtin.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Eval whitelist/blacklist, on builtin functions
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist_blacklist.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	$a = tan(1);
	14	echo "Outside of eval: $a\n";
	15	eval('$a = tan(1);');
	16	echo "After allowed eval: $a\n";
	17	eval('$a = cos(1234);');
	18	echo "After eval: $a\n";
	19	?>
	20	--EXPECTF--
	21	Outside of eval: 1.5574077246549
	22	After allowed eval: 1.5574077246549
	23
	24	Fatal error: [snuffleupagus][Eval_whitelist] The function 'cos' isn't in the eval whitelist, dropping its call. in %a/eval_backlist_whitelist_builtin.php(10) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist.phpt b/src/tests/eval_blacklist/eval_whitelist.phpt new file mode 100644 index 0000000..a602d0d --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist.phpt
@@ -0,0 +1,28 @@
	1	--TEST--
	2	Eval whitelist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	function my_other_fun($p) {
	14	return "my_other_fun: $p";
	15	}
	16
	17	$a = my_fun("1337 1337 1337");
	18	echo "Outside of eval: $a\n";
	19	eval('$a = my_fun("1234");');
	20	echo "After allowed eval: $a\n";
	21	eval('$a = my_other_fun("1234");');
	22	echo "After eval: $a\n";
	23	?>
	24	--EXPECTF--
	25	Outside of eval: my_fun: 1337 1337 1337
	26	After allowed eval: my_fun: 1234
	27
	28	Fatal error: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist.php on line 7 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt new file mode 100644 index 0000000..5ed383d --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_builtin.phpt
@@ -0,0 +1,20 @@
	1	--TEST--
	2	Eval whitelist - builtin function
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9	$a = cos(1);
	10	echo "Outside of eval: $a\n";
	11	eval('$a = cos(5);');
	12	echo "After allowed eval: $a\n";
	13	eval('$a = sin(4);');
	14	echo "After eval: $a\n";
	15	?>
	16	--EXPECTF--
	17	Outside of eval: 0.54030230586814
	18	After allowed eval: 0.28366218546323
	19
	20	Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_builtin.php(6) : eval()'d code on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt new file mode 100644 index 0000000..5ff3bff --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_include_then_user.phpt
@@ -0,0 +1,30 @@
	1	--TEST--
	2	Eval whitelist - builtin function
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9	$b = 1337;
	10	$dir = __DIR__;
	11
	12	file_put_contents($dir . '/test.bla', '<?php $b = sin(1) ?>');
	13
	14	$a = cos(1);
	15	echo "Outside of eval: $a\n";
	16	eval('$a = cos(5);');
	17	echo "After allowed eval: $a\n";
	18	eval("include_once('$dir' . '/test.bla');");
	19	echo "After eval: $b\n";
	20	?>
	21	--CLEAN--
	22	<?php
	23	$dir = __DIR__;
	24	unlink($dir . '/test.bla');
	25	?>
	26	--EXPECTF--
	27	Outside of eval: 0.54030230586814
	28	After allowed eval: 0.28366218546323
	29
	30	Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/test.bla on line 1 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_simulation.phpt b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt new file mode 100644 index 0000000..c4a3efa --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_simulation.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	Eval whitelist simulation
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
	7	--FILE--
	8	<?php
	9	function my_fun($p) {
	10	return "my_fun: $p";
	11	}
	12
	13	function my_other_fun($p) {
	14	return "my_other_fun: $p";
	15	}
	16
	17	$a = my_fun("1337 1337 1337");
	18	echo "Outside of eval: $a\n";
	19	eval('$a = my_fun("1234");');
	20	echo "After allowed eval: $a\n";
	21	eval('$a = my_other_fun("1234");');
	22	echo "After eval: $a\n";
	23	?>
	24	--EXPECTF--
	25	Outside of eval: my_fun: 1337 1337 1337
	26	After allowed eval: my_fun: 1234
	27
	28	Warning: [snuffleupagus][Eval_whitelist] The function 'my_other_fun' isn't in the eval whitelist, logging its call. in %a/eval_whitelist_simulation.php on line 7
	29	After eval: my_other_fun: 1234 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt new file mode 100644 index 0000000..dbc7d93 --- /dev/null +++ b/src/tests/eval_blacklist/eval_whitelist_user_then_builtin.phpt
@@ -0,0 +1,24 @@
	1	--TEST--
	2	Eval whitelist - builtin function
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_whitelist.ini
	7	--FILE--
	8	<?php
	9
	10	function my_fun() {
	11	return sin(10);
	12	}
	13
	14	$a = my_fun(1);
	15	echo "Outside of eval: $a\n";
	16	eval('$a = my_fun(5);');
	17	echo "After allowed eval: $a\n";
	18	eval('$a = my_fun(4);');
	19	echo "After eval: $a\n";
	20	?>
	21	--EXPECTF--
	22	Outside of eval: -0.54402111088937
	23
	24	Fatal error: [snuffleupagus][Eval_whitelist] The function 'sin' isn't in the eval whitelist, dropping its call. in %a/eval_whitelist_user_then_builtin.php on line 4 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/nested_eval_blacklist.phpt b/src/tests/eval_blacklist/nested_eval_blacklist.phpt new file mode 100644 index 0000000..9671a65 --- /dev/null +++ b/src/tests/eval_blacklist/nested_eval_blacklist.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	Eval blacklist - nested eval
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval(
	12	"echo 'Inception lvl 1...\n';
	13	eval(
	14	'echo \"Inception lvl 2...\n\";
	15	eval(
	16	\"echo \'Inception lvl 3...\n\';
	17	strlen(\'Limbo!\');
	18	\");
	19	');
	20	");
	21	echo "After eval: $a\n";
	22	?>
	23	--EXPECTF--
	24	Outside of eval: 14
	25	Inception lvl 1...
	26	Inception lvl 2...
	27	Inception lvl 3...
	28
	29	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code:3, dropping it. in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code(4) : eval()'d code on line 3 \ No newline at end of file


diff --git a/src/tests/eval_blacklist/nested_eval_blacklist2.phpt b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt new file mode 100644 index 0000000..aee41db --- /dev/null +++ b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt
@@ -0,0 +1,29 @@
	1	--TEST--
	2	Eval blacklist - nested eval, with a twist
	3	--SKIPIF--
	4	<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
	5	--INI--
	6	sp.configuration_file={PWD}/config/eval_backlist.ini
	7	--FILE--
	8	<?php
	9	$a = strlen("1337 1337 1337");
	10	echo "Outside of eval: $a\n";
	11	eval(
	12	"echo 'Inception lvl 1...\n';
	13	eval(
	14	'echo \"Inception lvl 2...\n\";
	15	eval(
	16	\"echo \'Inception lvl 3...\n\';
	17	\");
	18	strlen(\'Limbo!\');
	19	');
	20	");
	21	echo "After eval: $a\n";
	22	?>
	23	--EXPECTF--
	24	Outside of eval: 14
	25	Inception lvl 1...
	26	Inception lvl 2...
	27	Inception lvl 3...
	28
	29	Fatal error: [snuffleupagus][eval] A call to strlen was tried in eval, in %a/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it. in %a/nested_eval_blacklist2.php(5) : eval()'d code(4) : eval()'d code on line 7 \ No newline at end of file