From 9e769944ff07e39f3890f192e9bb8c57a8cef54c Mon Sep 17 00:00:00 2001 From: kkadosh Date: Tue, 27 Feb 2018 16:40:00 +0000 Subject: Implements .dump() for unserialize and fix some related tests --- src/sp_config.h | 2 ++ src/sp_config_keywords.c | 29 ++++++++++++++++++++++--- src/sp_unserialize.c | 5 ++++- src/sp_utils.c | 8 +++---- src/tests/config/dump_request.ini | 2 +- src/tests/config/dump_unserialize.ini | 2 ++ src/tests/dump_request.phpt | 11 +++++----- src/tests/dump_request_too_big.phpt | 15 +++++++------ src/tests/dump_unserialize.phpt | 40 +++++++++++++++++++++++++++++++++++ 9 files changed, 93 insertions(+), 21 deletions(-) create mode 100644 src/tests/config/dump_unserialize.ini create mode 100644 src/tests/dump_unserialize.phpt diff --git a/src/sp_config.h b/src/sp_config.h index 75ee83d..ba1542c 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -66,6 +66,8 @@ typedef struct { typedef struct { bool enable; bool simulation; + char *dump; + char *textual_representation; } sp_config_unserialize; typedef struct { diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index d110749..c58a227 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -81,9 +81,32 @@ int parse_global_strict(char *line) { } int parse_unserialize(char *line) { - return parse_enable( - line, &(SNUFFLEUPAGUS_G(config).config_unserialize->enable), - &(SNUFFLEUPAGUS_G(config).config_unserialize->simulation)); + bool enable = false, disable = false; + sp_config_unserialize *unserialize = SNUFFLEUPAGUS_G(config).config_unserialize; + + sp_config_functions sp_config_funcs[] = { + {parse_empty, SP_TOKEN_ENABLE, &(enable)}, + {parse_empty, SP_TOKEN_DISABLE, &(disable)}, + {parse_empty, SP_TOKEN_SIMULATION, &(unserialize->simulation)}, + {parse_str, SP_TOKEN_DUMP, &(unserialize->dump)}, + {0}}; + + unserialize->textual_representation = estrdup(line); + + int ret = parse_keywords(sp_config_funcs, line); + if (0 != ret) { + return ret; + } + + if (!(enable ^ disable)) { + sp_log_err("config", "A rule can't be enabled and disabled on line %zu.", + sp_line_no); + return -1; + } + + SNUFFLEUPAGUS_G(config).config_unserialize->enable = enable; + + return ret; } int parse_readonly_exec(char *line) { diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index a1dbbee..b2875e2 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -95,6 +95,9 @@ PHP_FUNCTION(sp_unserialize) { serialized_str); } } + if (SNUFFLEUPAGUS_G(config).config_unserialize->dump) { + sp_log_request(SNUFFLEUPAGUS_G(config).config_unserialize->dump, SNUFFLEUPAGUS_G(config).config_unserialize->textual_representation, SP_TOKEN_UNSERIALIZE_HMAC); + } efree(serialized_str); return; } @@ -107,4 +110,4 @@ int hook_serialize(void) { PHP_FN(sp_unserialize)); return SUCCESS; -} +} \ No newline at end of file diff --git a/src/sp_utils.c b/src/sp_utils.c index 8dbd14e..1b707d0 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -79,7 +79,7 @@ static int construct_filename(char* filename, const char* folder, return 0; } -int sp_log_request(const char* folder, const char* text_repr) { +int sp_log_request(const char* folder, const char* text_repr, char* from) { FILE* file; const char* current_filename = zend_get_executed_filename(TSRMLS_C); const int current_line = zend_get_executed_lineno(TSRMLS_C); @@ -100,7 +100,7 @@ int sp_log_request(const char* folder, const char* text_repr) { return -1; } - fprintf(file, "RULE: sp.disable_function%s\n", text_repr); + fprintf(file, "RULE: sp%s%s\n", from, text_repr); fprintf(file, "FILE: %s:%d\n", current_filename, current_line); for (size_t i = 0; i < (sizeof(zones) / sizeof(zones[0])) - 1; i++) { @@ -225,7 +225,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, } } if (dump) { - sp_log_request(config_node->dump, config_node->textual_representation); + sp_log_request(config_node->dump, config_node->textual_representation, SP_TOKEN_DISABLE_FUNC); } } @@ -252,7 +252,7 @@ void sp_log_disable_ret(const char* restrict path, zend_get_executed_lineno(TSRMLS_C), ret_value ? ret_value : "?", path); } if (dump) { - sp_log_request(dump, config_node->textual_representation); + sp_log_request(dump, config_node->textual_representation, SP_TOKEN_DISABLE_FUNC); } } diff --git a/src/tests/config/dump_request.ini b/src/tests/config/dump_request.ini index 7e13007..974601d 100644 --- a/src/tests/config/dump_request.ini +++ b/src/tests/config/dump_request.ini @@ -1 +1 @@ -sp.disable_function.function("system").drop().dump("/tmp/dump_result/"); +sp.disable_function.function("system").drop().dump("/tmp/dump_result/").simulation(); diff --git a/src/tests/config/dump_unserialize.ini b/src/tests/config/dump_unserialize.ini new file mode 100644 index 0000000..4352a3e --- /dev/null +++ b/src/tests/config/dump_unserialize.ini @@ -0,0 +1,2 @@ +sp.global.secret_key("abcdef"); +sp.unserialize_hmac.enable().dump("/tmp/dump_result/"); diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt index 9798b7f..23cafdc 100644 --- a/src/tests/dump_request.phpt +++ b/src/tests/dump_request.phpt @@ -23,17 +23,18 @@ sp.configuration_file={PWD}/config/dump_request.ini --EXPECTF-- 1 -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/dump_request.php:%d has been disabled. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'system' in %a/dump_request.php:%d has been disabled. +1337 diff --git a/src/tests/dump_request_too_big.phpt b/src/tests/dump_request_too_big.phpt index 6029c61..795a5c2 100644 --- a/src/tests/dump_request_too_big.phpt +++ b/src/tests/dump_request_too_big.phpt @@ -9,7 +9,7 @@ if (!extension_loaded("snuffleupagus")) { foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) { @unlink($dump); } -@rmdir("/tmp/tests/dump_result/"); +@rmdir("/tmp/dump_result/"); ?> --POST-- post_a=data_post_a&post_b=data_post_b&post_c=c @@ -26,17 +26,18 @@ sp.configuration_file={PWD}/config/dump_request.ini --FILE-- --EXPECTF-- 1 -[snuffleupagus][127.0.0.1][disabled_function][drop] The call to the function 'system' in %a/dump_request_too_big.php:%d has been disabled. +[snuffleupagus][127.0.0.1][disabled_function][simulation] The call to the function 'system' in %a/dump_request_too_big.php:%d has been disabled. +1337 \ No newline at end of file diff --git a/src/tests/dump_unserialize.phpt b/src/tests/dump_unserialize.phpt new file mode 100644 index 0000000..9c3906d --- /dev/null +++ b/src/tests/dump_unserialize.phpt @@ -0,0 +1,40 @@ +--TEST-- +Dump unserialize +--SKIPIF-- + +--POST-- +post_a=data_post_a&post_b=data_post_b +--GET-- +get_a=data_get_a&get_b=data_get_b +--COOKIE-- +cookie_a=data_cookie_a&cookie_b=data_cookie_b +--INI-- +sp.configuration_file={PWD}/config/dump_unserialize.ini +--FILE-- + +--EXPECTF-- +1 +[snuffleupagus][0.0.0.0][unserialize][drop] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh +NULL -- cgit v1.3