16 files changed, 170 insertions, 0 deletions
diff --git a/src/tests/upload_validation/config/upload_validation.ini b/src/tests/upload_validation/config/upload_validation.ini
new file mode 100644
index 0000000..0646134
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation.ini
@@ -0,0 +1,2 @@
+sp.upload_validation.script("tests/upload_ko.sh");
+sp.upload_validation.enable();
diff --git a/src/tests/upload_validation/config/upload_validation_invalid.ini b/src/tests/upload_validation/config/upload_validation_invalid.ini
new file mode 100644
index 0000000..7a638a1
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_invalid.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_invalid.sh").enable();
diff --git a/src/tests/upload_validation/config/upload_validation_ko.ini b/src/tests/upload_validation/config/upload_validation_ko.ini
new file mode 100644
index 0000000..b15977f
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_ko.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_ko.sh").enable();
diff --git a/src/tests/upload_validation/config/upload_validation_ko_simulation.ini b/src/tests/upload_validation/config/upload_validation_ko_simulation.ini
new file mode 100644
index 0000000..da56439
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_ko_simulation.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_ko.sh").enable().simulation();
diff --git a/src/tests/upload_validation/config/upload_validation_no_exist.ini b/src/tests/upload_validation/config/upload_validation_no_exist.ini
new file mode 100644
index 0000000..24f81a5
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_no_exist.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("fufufufufu").enable();
diff --git a/src/tests/upload_validation/config/upload_validation_non_exec.ini b/src/tests/upload_validation/config/upload_validation_non_exec.ini
new file mode 100644
index 0000000..bdf0a57
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_non_exec.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("tests/data/upload_no_exec.sh").enable();
diff --git a/src/tests/upload_validation/config/upload_validation_ok.ini b/src/tests/upload_validation/config/upload_validation_ok.ini
new file mode 100644
index 0000000..5df8db8
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_ok.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("./tests/data/upload_ok.sh").enable();
diff --git a/src/tests/upload_validation/config/upload_validation_real.ini b/src/tests/upload_validation/config/upload_validation_real.ini
new file mode 100644
index 0000000..690e9bf
--- /dev/null
+++ b/src/tests/upload_validation/config/upload_validation_real.ini
@@ -0,0 +1 @@
+sp.upload_validation.script("../scripts/upload_validation.php").enable();
diff --git a/src/tests/upload_validation/upload_validation.phpt b/src/tests/upload_validation/upload_validation.phpt
new file mode 100644
index 0000000..1daebb6
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation.phpt
@@ -0,0 +1,18 @@
+--TEST--
+Upload a file, validation ok, no simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation.ini
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Fatal error: [snuffleupagus][config] A rule can't be enabled and disabled on line 1 in Unknown on line 0
diff --git a/src/tests/upload_validation/upload_validation_invalid.phpt b/src/tests/upload_validation/upload_validation_invalid.phpt
new file mode 100644
index 0000000..0dbdbbb
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_invalid.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Upload a file, invalid validation script
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_invalid.ini
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+Warning: [snuffleupagus][upload_validation] Could not call './tests/data/upload_invalid.sh' : Exec format error in Unknown on line 0
+X-Powered-By: PHP/%a
+Content-type: text/html; charset=UTF-8%a
+%a
+Fatal error: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0
diff --git a/src/tests/upload_validation/upload_validation_ko.phpt b/src/tests/upload_validation/upload_validation_ko.phpt
new file mode 100644
index 0000000..d632e60
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_ko.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Upload a file, validation ko, no simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ko.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+--EXPECTF--
+Fatal error: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0
+\ No newline at end of file
diff --git a/src/tests/upload_validation/upload_validation_ko_simulation.phpt b/src/tests/upload_validation/upload_validation_ko_simulation.phpt
new file mode 100644
index 0000000..b47c405
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_ko_simulation.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Upload a file, validation ko, simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ko_simulation.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php echo 1337; ?>
+--EXPECTF--
+Warning: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0
+1337
+\ No newline at end of file
diff --git a/src/tests/upload_validation/upload_validation_no_exec.phpt b/src/tests/upload_validation/upload_validation_no_exec.phpt
new file mode 100644
index 0000000..a6cde10
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_no_exec.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Upload a file, validation script not executable
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_non_exec.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+var_dump($_FILES);
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
+Fatal error: [snuffleupagus][config] The `script` (tests/data/upload_no_exec.sh) isn't executable on line 1 in Unknown on line 0
diff --git a/src/tests/upload_validation/upload_validation_nocrash.phpt b/src/tests/upload_validation/upload_validation_nocrash.phpt
new file mode 100644
index 0000000..6fa50d0
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_nocrash.phpt
@@ -0,0 +1,12 @@
+--TEST--
+Upload validation isn't crashing
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ok.ini
+output_buffering=off
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+1
diff --git a/src/tests/upload_validation/upload_validation_ok.phpt b/src/tests/upload_validation/upload_validation_ok.phpt
new file mode 100644
index 0000000..f9b5015
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_ok.phpt
@@ -0,0 +1,17 @@
+--TEST--
+Upload a file, validation ok, no simulation
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_ok.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+1
diff --git a/src/tests/upload_validation/upload_validation_real.phpt b/src/tests/upload_validation/upload_validation_real.phpt
new file mode 100644
index 0000000..a945c5f
--- /dev/null
+++ b/src/tests/upload_validation/upload_validation_real.phpt
@@ -0,0 +1,44 @@
+--TEST--
+Upload a file, validation ok, with our real script, using vld
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) {
+        print "skip";
+}
+if (PHP_VERSION_ID >= 70300) {
+  die("skip BROKEN with 7.3");
+}
+if (strpos(system(PHP_BINARY . " -d error_log=/dev/null -d extension=vld.so -m 2>/dev/null"), "vld") === FALSE) {
+        print "skip";
+}
+if (strpos(system(PHP_BINARY . " -d extension=vld.so -m 2>&1 | grep 'Unable to load'"), "Unable to load dynamic library 'vld.so'") !== FALSE) {
+        print "skip";
+}
+if (strpos(phpversion(), '-dev') !== FALSE) {
+        print 'skip';
+}
+?>
+--INI--
+file_uploads=1
+sp.configuration_file={PWD}/config/upload_validation_real.ini
+output_buffering=off
+--POST_RAW--
+Content-Type: multipart/form-data; boundary=blabla
+--blabla
+Content-Disposition: form-data; name="test"; filename="test.php"
+Content-Type: text/plain
+Some random text that is not PHP
+<?php echo system($_GET['ls']); ?>
+Some random text again
+--blabla--
+--FILE--
+<?php
+echo 1;
+?>
+--EXPECTF--
+Fatal error: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0

diff --git a/src/tests/upload_validation/config/upload_validation.ini b/src/tests/upload_validation/config/upload_validation.ini new file mode 100644 index 0000000..0646134 --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation.ini
@@ -0,0 +1,2 @@
	1	sp.upload_validation.script("tests/upload_ko.sh");
	2	sp.upload_validation.enable();


diff --git a/src/tests/upload_validation/config/upload_validation_invalid.ini b/src/tests/upload_validation/config/upload_validation_invalid.ini new file mode 100644 index 0000000..7a638a1 --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_invalid.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("./tests/data/upload_invalid.sh").enable();


diff --git a/src/tests/upload_validation/config/upload_validation_ko.ini b/src/tests/upload_validation/config/upload_validation_ko.ini new file mode 100644 index 0000000..b15977f --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_ko.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("./tests/data/upload_ko.sh").enable();


diff --git a/src/tests/upload_validation/config/upload_validation_ko_simulation.ini b/src/tests/upload_validation/config/upload_validation_ko_simulation.ini new file mode 100644 index 0000000..da56439 --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_ko_simulation.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("./tests/data/upload_ko.sh").enable().simulation();


diff --git a/src/tests/upload_validation/config/upload_validation_no_exist.ini b/src/tests/upload_validation/config/upload_validation_no_exist.ini new file mode 100644 index 0000000..24f81a5 --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_no_exist.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("fufufufufu").enable();


diff --git a/src/tests/upload_validation/config/upload_validation_non_exec.ini b/src/tests/upload_validation/config/upload_validation_non_exec.ini new file mode 100644 index 0000000..bdf0a57 --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_non_exec.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("tests/data/upload_no_exec.sh").enable();


diff --git a/src/tests/upload_validation/config/upload_validation_ok.ini b/src/tests/upload_validation/config/upload_validation_ok.ini new file mode 100644 index 0000000..5df8db8 --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_ok.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("./tests/data/upload_ok.sh").enable();


diff --git a/src/tests/upload_validation/config/upload_validation_real.ini b/src/tests/upload_validation/config/upload_validation_real.ini new file mode 100644 index 0000000..690e9bf --- /dev/null +++ b/src/tests/upload_validation/config/upload_validation_real.ini
@@ -0,0 +1 @@
		sp.upload_validation.script("../scripts/upload_validation.php").enable();


diff --git a/src/tests/upload_validation/upload_validation.phpt b/src/tests/upload_validation/upload_validation.phpt new file mode 100644 index 0000000..1daebb6 --- /dev/null +++ b/src/tests/upload_validation/upload_validation.phpt
@@ -0,0 +1,18 @@
	1	--TEST--
	2	Upload a file, validation ok, no simulation
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation.ini
	6	--POST_RAW--
	7	Content-Type: multipart/form-data; boundary=blabla
	8	--blabla
	9	Content-Disposition: form-data; name="test"; filename="test.php"
	10	--blabla--
	11	--FILE--
	12	<?php
	13	echo 1;
	14	?>
	15	--EXPECTF--
	16	Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
	17
	18	Fatal error: [snuffleupagus][config] A rule can't be enabled and disabled on line 1 in Unknown on line 0


diff --git a/src/tests/upload_validation/upload_validation_invalid.phpt b/src/tests/upload_validation/upload_validation_invalid.phpt new file mode 100644 index 0000000..0dbdbbb --- /dev/null +++ b/src/tests/upload_validation/upload_validation_invalid.phpt
@@ -0,0 +1,21 @@
	1	--TEST--
	2	Upload a file, invalid validation script
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation_invalid.ini
	6	--POST_RAW--
	7	Content-Type: multipart/form-data; boundary=blabla
	8	--blabla
	9	Content-Disposition: form-data; name="test"; filename="test.php"
	10	--blabla--
	11	--FILE--
	12	<?php
	13	echo 1;
	14	?>
	15	--EXPECTF--
	16	Warning: [snuffleupagus][upload_validation] Could not call './tests/data/upload_invalid.sh' : Exec format error in Unknown on line 0
	17	X-Powered-By: PHP/%a
	18	Content-type: text/html; charset=UTF-8%a
	19	%a
	20
	21	Fatal error: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0


diff --git a/src/tests/upload_validation/upload_validation_ko.phpt b/src/tests/upload_validation/upload_validation_ko.phpt new file mode 100644 index 0000000..d632e60 --- /dev/null +++ b/src/tests/upload_validation/upload_validation_ko.phpt
@@ -0,0 +1,14 @@
	1	--TEST--
	2	Upload a file, validation ko, no simulation
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation_ko.ini
	6	output_buffering=off
	7	--POST_RAW--
	8	Content-Type: multipart/form-data; boundary=blabla
	9	--blabla
	10	Content-Disposition: form-data; name="test"; filename="test.php"
	11	--blabla--
	12	--FILE--
	13	--EXPECTF--
	14	Fatal error: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0 \ No newline at end of file


diff --git a/src/tests/upload_validation/upload_validation_ko_simulation.phpt b/src/tests/upload_validation/upload_validation_ko_simulation.phpt new file mode 100644 index 0000000..b47c405 --- /dev/null +++ b/src/tests/upload_validation/upload_validation_ko_simulation.phpt
@@ -0,0 +1,16 @@
	1	--TEST--
	2	Upload a file, validation ko, simulation
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation_ko_simulation.ini
	6	output_buffering=off
	7	--POST_RAW--
	8	Content-Type: multipart/form-data; boundary=blabla
	9	--blabla
	10	Content-Disposition: form-data; name="test"; filename="test.php"
	11	--blabla--
	12	--FILE--
	13	<?php echo 1337; ?>
	14	--EXPECTF--
	15	Warning: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0
	16	1337 \ No newline at end of file


diff --git a/src/tests/upload_validation/upload_validation_no_exec.phpt b/src/tests/upload_validation/upload_validation_no_exec.phpt new file mode 100644 index 0000000..a6cde10 --- /dev/null +++ b/src/tests/upload_validation/upload_validation_no_exec.phpt
@@ -0,0 +1,19 @@
	1	--TEST--
	2	Upload a file, validation script not executable
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation_non_exec.ini
	6	output_buffering=off
	7	--POST_RAW--
	8	Content-Type: multipart/form-data; boundary=blabla
	9	--blabla
	10	Content-Disposition: form-data; name="test"; filename="test.php"
	11	--blabla--
	12	--FILE--
	13	<?php
	14	var_dump($_FILES);
	15	?>
	16	--EXPECTF--
	17	Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0
	18
	19	Fatal error: [snuffleupagus][config] The `script` (tests/data/upload_no_exec.sh) isn't executable on line 1 in Unknown on line 0


diff --git a/src/tests/upload_validation/upload_validation_nocrash.phpt b/src/tests/upload_validation/upload_validation_nocrash.phpt new file mode 100644 index 0000000..6fa50d0 --- /dev/null +++ b/src/tests/upload_validation/upload_validation_nocrash.phpt
@@ -0,0 +1,12 @@
	1	--TEST--
	2	Upload validation isn't crashing
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation_ok.ini
	6	output_buffering=off
	7	--FILE--
	8	<?php
	9	echo 1;
	10	?>
	11	--EXPECTF--
	12	1


diff --git a/src/tests/upload_validation/upload_validation_ok.phpt b/src/tests/upload_validation/upload_validation_ok.phpt new file mode 100644 index 0000000..f9b5015 --- /dev/null +++ b/src/tests/upload_validation/upload_validation_ok.phpt
@@ -0,0 +1,17 @@
	1	--TEST--
	2	Upload a file, validation ok, no simulation
	3	--INI--
	4	file_uploads=1
	5	sp.configuration_file={PWD}/config/upload_validation_ok.ini
	6	output_buffering=off
	7	--POST_RAW--
	8	Content-Type: multipart/form-data; boundary=blabla
	9	--blabla
	10	Content-Disposition: form-data; name="test"; filename="test.php"
	11	--blabla--
	12	--FILE--
	13	<?php
	14	echo 1;
	15	?>
	16	--EXPECTF--
	17	1


diff --git a/src/tests/upload_validation/upload_validation_real.phpt b/src/tests/upload_validation/upload_validation_real.phpt new file mode 100644 index 0000000..a945c5f --- /dev/null +++ b/src/tests/upload_validation/upload_validation_real.phpt
@@ -0,0 +1,44 @@
	1	--TEST--
	2	Upload a file, validation ok, with our real script, using vld
	3	--SKIPIF--
	4	<?php
	5	if (!extension_loaded("snuffleupagus")) {
	6	print "skip";
	7	}
	8
	9	if (PHP_VERSION_ID >= 70300) {
	10	die("skip BROKEN with 7.3");
	11	}
	12
	13	if (strpos(system(PHP_BINARY . " -d error_log=/dev/null -d extension=vld.so -m 2>/dev/null"), "vld") === FALSE) {
	14	print "skip";
	15	}
	16
	17	if (strpos(system(PHP_BINARY . " -d extension=vld.so -m 2>&1 \| grep 'Unable to load'"), "Unable to load dynamic library 'vld.so'") !== FALSE) {
	18	print "skip";
	19	}
	20
	21	if (strpos(phpversion(), '-dev') !== FALSE) {
	22	print 'skip';
	23	}
	24	?>
	25	--INI--
	26	file_uploads=1
	27	sp.configuration_file={PWD}/config/upload_validation_real.ini
	28	output_buffering=off
	29	--POST_RAW--
	30	Content-Type: multipart/form-data; boundary=blabla
	31	--blabla
	32	Content-Disposition: form-data; name="test"; filename="test.php"
	33	Content-Type: text/plain
	34
	35	Some random text that is not PHP
	36	<?php echo system($_GET['ls']); ?>
	37	Some random text again
	38	--blabla--
	39	--FILE--
	40	<?php
	41	echo 1;
	42	?>
	43	--EXPECTF--
	44	Fatal error: [snuffleupagus][upload_validation] The upload of test.php on ? was rejected. in Unknown on line 0