From e7f541396715ee2895abcf73044b91ae9b746201 Mon Sep 17 00:00:00 2001 From: xXx-caillou-xXx Date: Wed, 20 Dec 2017 18:09:53 +0100 Subject: Better parsing of the rules Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.--- src/tests/config/broken_conf_key_value.ini | 1 + src/tests/config/broken_conf_local_var_1.ini | 1 + src/tests/config/broken_conf_local_var_10.ini | 1 + src/tests/config/broken_conf_local_var_11.ini | 1 + src/tests/config/broken_conf_local_var_12.ini | 1 + src/tests/config/broken_conf_local_var_13.ini | 1 + src/tests/config/broken_conf_local_var_14.ini | 1 + src/tests/config/broken_conf_local_var_2.ini | 1 + src/tests/config/broken_conf_local_var_3.ini | 1 + src/tests/config/broken_conf_local_var_4.ini | 1 + src/tests/config/broken_conf_local_var_5.ini | 1 + src/tests/config/broken_conf_local_var_6.ini | 1 + src/tests/config/broken_conf_local_var_7.ini | 1 + src/tests/config/broken_conf_local_var_8.ini | 1 + src/tests/config/broken_conf_local_var_9.ini | 1 + .../config/config_disabled_functions_local_var_array.ini | 1 + .../config/config_disabled_functions_local_var_array_key.ini | 1 + src/tests/config/config_disabled_functions_name_type.ini | 2 +- src/tests/config/config_disabled_functions_nul_byte.ini | 2 +- src/tests/config/config_disabled_functions_param.ini | 12 ++++++------ src/tests/config/config_disabled_functions_param_allow.ini | 4 ++-- src/tests/config/config_disabled_functions_param_array.ini | 11 +++++++---- src/tests/config/config_disabled_functions_param_int.ini | 4 ++-- src/tests/config/config_disabled_functions_param_r_array.ini | 2 ++ src/tests/config/config_disabled_functions_param_runtime.ini | 2 +- src/tests/config/disabled_function_local_var.ini | 12 ++++++++++-- src/tests/config/disabled_function_local_var_2.ini | 1 + src/tests/config/disabled_function_local_var_obj.ini | 3 +++ src/tests/config/disabled_function_super_global_var.ini | 2 +- src/tests/config/disabled_functions_pos.ini | 1 + 30 files changed, 55 insertions(+), 20 deletions(-) create mode 100644 src/tests/config/broken_conf_key_value.ini create mode 100644 src/tests/config/broken_conf_local_var_1.ini create mode 100644 src/tests/config/broken_conf_local_var_10.ini create mode 100644 src/tests/config/broken_conf_local_var_11.ini create mode 100644 src/tests/config/broken_conf_local_var_12.ini create mode 100644 src/tests/config/broken_conf_local_var_13.ini create mode 100644 src/tests/config/broken_conf_local_var_14.ini create mode 100644 src/tests/config/broken_conf_local_var_2.ini create mode 100644 src/tests/config/broken_conf_local_var_3.ini create mode 100644 src/tests/config/broken_conf_local_var_4.ini create mode 100644 src/tests/config/broken_conf_local_var_5.ini create mode 100644 src/tests/config/broken_conf_local_var_6.ini create mode 100644 src/tests/config/broken_conf_local_var_7.ini create mode 100644 src/tests/config/broken_conf_local_var_8.ini create mode 100644 src/tests/config/broken_conf_local_var_9.ini create mode 100644 src/tests/config/config_disabled_functions_local_var_array.ini create mode 100644 src/tests/config/config_disabled_functions_local_var_array_key.ini create mode 100644 src/tests/config/config_disabled_functions_param_r_array.ini create mode 100644 src/tests/config/disabled_function_local_var_2.ini create mode 100644 src/tests/config/disabled_function_local_var_obj.ini (limited to 'src/tests/config') diff --git a/src/tests/config/broken_conf_key_value.ini b/src/tests/config/broken_conf_key_value.ini new file mode 100644 index 0000000..a0edaf2 --- /dev/null +++ b/src/tests/config/broken_conf_key_value.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("").value("").key("").drop(); diff --git a/src/tests/config/broken_conf_local_var_1.ini b/src/tests/config/broken_conf_local_var_1.ini new file mode 100644 index 0000000..ae5165c --- /dev/null +++ b/src/tests/config/broken_conf_local_var_1.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("]").drop(); diff --git a/src/tests/config/broken_conf_local_var_10.ini b/src/tests/config/broken_conf_local_var_10.ini new file mode 100644 index 0000000..93dd07f --- /dev/null +++ b/src/tests/config/broken_conf_local_var_10.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd[asd]asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_11.ini b/src/tests/config/broken_conf_local_var_11.ini new file mode 100644 index 0000000..028b1bd --- /dev/null +++ b/src/tests/config/broken_conf_local_var_11.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").param("asd::").drop(); diff --git a/src/tests/config/broken_conf_local_var_12.ini b/src/tests/config/broken_conf_local_var_12.ini new file mode 100644 index 0000000..a151960 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_12.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("").drop(); diff --git a/src/tests/config/broken_conf_local_var_13.ini b/src/tests/config/broken_conf_local_var_13.ini new file mode 100644 index 0000000..e7c9778 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_13.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd->asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_14.ini b/src/tests/config/broken_conf_local_var_14.ini new file mode 100644 index 0000000..6c98ec3 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_14.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("$i+valid var name ").drop(); diff --git a/src/tests/config/broken_conf_local_var_2.ini b/src/tests/config/broken_conf_local_var_2.ini new file mode 100644 index 0000000..145a3b5 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_2.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("\"\"asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_3.ini b/src/tests/config/broken_conf_local_var_3.ini new file mode 100644 index 0000000..5d89076 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_3.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("\$qwe->::").drop(); diff --git a/src/tests/config/broken_conf_local_var_4.ini b/src/tests/config/broken_conf_local_var_4.ini new file mode 100644 index 0000000..3ec073b --- /dev/null +++ b/src/tests/config/broken_conf_local_var_4.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("\"asd\"asd[]").drop(); diff --git a/src/tests/config/broken_conf_local_var_5.ini b/src/tests/config/broken_conf_local_var_5.ini new file mode 100644 index 0000000..cd350b6 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_5.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("'asd'asd[]").drop(); diff --git a/src/tests/config/broken_conf_local_var_6.ini b/src/tests/config/broken_conf_local_var_6.ini new file mode 100644 index 0000000..02f4f1a --- /dev/null +++ b/src/tests/config/broken_conf_local_var_6.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("''asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_7.ini b/src/tests/config/broken_conf_local_var_7.ini new file mode 100644 index 0000000..abbd223 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_7.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd-->").drop(); diff --git a/src/tests/config/broken_conf_local_var_8.ini b/src/tests/config/broken_conf_local_var_8.ini new file mode 100644 index 0000000..fd18487 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_8.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd[asd]\"asd\"").drop(); diff --git a/src/tests/config/broken_conf_local_var_9.ini b/src/tests/config/broken_conf_local_var_9.ini new file mode 100644 index 0000000..a311b86 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_9.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd[asd]\'asd\'").drop(); diff --git a/src/tests/config/config_disabled_functions_local_var_array.ini b/src/tests/config/config_disabled_functions_local_var_array.ini new file mode 100644 index 0000000..15dd5a1 --- /dev/null +++ b/src/tests/config/config_disabled_functions_local_var_array.ini @@ -0,0 +1 @@ +sp.disable_function.function("foo").var("$a[test2][foo]").value("aaa").drop(); diff --git a/src/tests/config/config_disabled_functions_local_var_array_key.ini b/src/tests/config/config_disabled_functions_local_var_array_key.ini new file mode 100644 index 0000000..75c840d --- /dev/null +++ b/src/tests/config/config_disabled_functions_local_var_array_key.ini @@ -0,0 +1 @@ +sp.disable_function.function("foo").var("$a[test2][foo]").key("aaa").drop(); diff --git a/src/tests/config/config_disabled_functions_name_type.ini b/src/tests/config/config_disabled_functions_name_type.ini index 25bdf98..c25b92c 100644 --- a/src/tests/config/config_disabled_functions_name_type.ini +++ b/src/tests/config/config_disabled_functions_name_type.ini @@ -1 +1 @@ -sp.disable_function.function_r("^strcmp$").param("str1").param_type("array").drop(); +sp.disable_function.function_r("^strcmp$").param("$str1").param_type("array").drop(); diff --git a/src/tests/config/config_disabled_functions_nul_byte.ini b/src/tests/config/config_disabled_functions_nul_byte.ini index d5eb847..e664cba 100644 --- a/src/tests/config/config_disabled_functions_nul_byte.ini +++ b/src/tests/config/config_disabled_functions_nul_byte.ini @@ -1 +1 @@ -sp.disable_function.function("system").param("command").value_r("id").drop(); \ No newline at end of file +sp.disable_function.function("system").param("$command").value_r("id").drop(); diff --git a/src/tests/config/config_disabled_functions_param.ini b/src/tests/config/config_disabled_functions_param.ini index 87f1b3c..dc1c949 100644 --- a/src/tests/config/config_disabled_functions_param.ini +++ b/src/tests/config/config_disabled_functions_param.ini @@ -1,6 +1,6 @@ -sp.disable_function.function("system").param("command").value_r("^id$").alias("1").drop(); -sp.disable_function.function("array_sum").param("array").value_r("^8$").alias("2").drop(); -sp.disable_function.function("shell_exec").param("cmd").value("id").alias("3").drop(); -sp.disable_function.function("shell_exec").param("cmd").value("bla").alias("4").drop(); -sp.disable_function.function("strcmp").param("str1").value("bla").alias("5").drop().simulation(); -sp.disable_function.function("strncmp").param("str1").value("bla").drop().simulation(); +sp.disable_function.function("system").param("$command").value_r("^id$").alias("1").drop(); +sp.disable_function.function("array_sum").param("$array").value_r("^8$").alias("2").drop(); +sp.disable_function.function("shell_exec").param("$cmd").value("id").alias("3").drop(); +sp.disable_function.function("shell_exec").param("$cmd").value("bla").alias("4").drop(); +sp.disable_function.function("strcmp").param("$str1").value("bla").alias("5").drop().simulation(); +sp.disable_function.function("strncmp").param("$str1").value("bla").drop().simulation(); diff --git a/src/tests/config/config_disabled_functions_param_allow.ini b/src/tests/config/config_disabled_functions_param_allow.ini index 8e139e4..27d919a 100644 --- a/src/tests/config/config_disabled_functions_param_allow.ini +++ b/src/tests/config/config_disabled_functions_param_allow.ini @@ -1,3 +1,3 @@ -sp.disable_function.function("system").param("command").value("echo win").filename("/test.php").drop(); -sp.disable_function.function("system").param("command").value("echo win").allow(); +sp.disable_function.function("system").param("$command").value("echo win").filename("/test.php").drop(); +sp.disable_function.function("system").param("$command").value("echo win").allow(); sp.disable_function.function("system").drop(); diff --git a/src/tests/config/config_disabled_functions_param_array.ini b/src/tests/config/config_disabled_functions_param_array.ini index 0589ad8..6fe0615 100644 --- a/src/tests/config/config_disabled_functions_param_array.ini +++ b/src/tests/config/config_disabled_functions_param_array.ini @@ -1,4 +1,7 @@ -sp.disable_function.function("foo").param("arr").value("abcd").alias("1").drop(); -sp.disable_function.function("foo").param("arr[bla]").value("abcdef").alias("2").drop(); -sp.disable_function.function("foo").param("arr[test]").alias("3").drop(); -sp.disable_function.function("foo").param("arr[test2][foo][lol]").value("aaa").alias("4").drop(); +sp.disable_function.function("foo").param("$arr[a]").value("abcd").alias("1").drop(); +sp.disable_function.function("foo").param("$arr[bla]").value("abcdef").alias("2").drop(); +sp.disable_function.function("foo").param("$arr[test]").alias("3").drop(); +sp.disable_function.function("foo").param("$arr[test2][foo]").value("aaa").alias("4").drop(); +sp.disable_function.function("foo").param("$arr[test2][bar]").key("lol").alias("5").drop(); +sp.disable_function.function("foo").param("$arr[test2][bar]").key("123").alias("6").drop(); +sp.disable_function.function("foo").param("$qwe[a]").value("abcd").alias("7").drop(); diff --git a/src/tests/config/config_disabled_functions_param_int.ini b/src/tests/config/config_disabled_functions_param_int.ini index 1c93c2f..2a7d962 100644 --- a/src/tests/config/config_disabled_functions_param_int.ini +++ b/src/tests/config/config_disabled_functions_param_int.ini @@ -1,2 +1,2 @@ -sp.disable_function.function("foobar").param("id").value("42").drop(); -sp.disable_function.function("foobar").param("id").value_r("^1337").drop(); +sp.disable_function.function("foobar").param("$id").value("42").drop(); +sp.disable_function.function("foobar").param("$id").value_r("^1337").drop(); diff --git a/src/tests/config/config_disabled_functions_param_r_array.ini b/src/tests/config/config_disabled_functions_param_r_array.ini new file mode 100644 index 0000000..fcac71d --- /dev/null +++ b/src/tests/config/config_disabled_functions_param_r_array.ini @@ -0,0 +1,2 @@ +sp.disable_function.function("foo").param_r("arr").value("abcd").alias("1").drop(); +sp.disable_function.function("foo").param_r("arr").key_r("abc").alias("2").drop(); diff --git a/src/tests/config/config_disabled_functions_param_runtime.ini b/src/tests/config/config_disabled_functions_param_runtime.ini index e7a011f..e9d44a2 100644 --- a/src/tests/config/config_disabled_functions_param_runtime.ini +++ b/src/tests/config/config_disabled_functions_param_runtime.ini @@ -1 +1 @@ -sp.disable_function.function("test").param("param").value_r("1337").drop(); +sp.disable_function.function("test").param("$param").value_r("1337").drop(); diff --git a/src/tests/config/disabled_function_local_var.ini b/src/tests/config/disabled_function_local_var.ini index cba2ae3..3d553c0 100644 --- a/src/tests/config/disabled_function_local_var.ini +++ b/src/tests/config/disabled_function_local_var.ini @@ -1,2 +1,10 @@ -sp.disable_function.function("phpinfo").var("b").value("1337").drop(); -sp.disable_function.function("strlen").var("a").value("1337").drop(); +sp.disable_function.function("phpinfo").var("$b").value("1337").drop(); +sp.disable_function.function("strlen").var("$a").value("1337").drop(); +sp.disable_function.function("strlen").var("$a['123']").value("block").drop(); +sp.disable_function.function("strlen").var("$a[$c]->prop").value("block").drop(); +sp.disable_function.function("strlen").var("$a->zxc").value("not a good value").drop(); +sp.disable_function.function("strlen").var("\\asd\\test_object::TEST_VALUE['constant']").value("no good").drop(); +sp.disable_function.function("strlen").var("\\asd\\test_object::TEST_VALUE").value("qwerty").drop(); +sp.disable_function.function("strlen").var("\\qwe\\ASD").value("qwerty").drop(); +sp.disable_function.function("strlen").var("\\qwe\\QWE['123']").value("asdfgh").drop(); +sp.disable_function.function("strlen").var("$qwe").value("block this").drop(); diff --git a/src/tests/config/disabled_function_local_var_2.ini b/src/tests/config/disabled_function_local_var_2.ini new file mode 100644 index 0000000..e3e9ae6 --- /dev/null +++ b/src/tests/config/disabled_function_local_var_2.ini @@ -0,0 +1 @@ +sp.disable_function.function("strlen").var("$b['_GET[obj->nop]'][$b[456][$d->$idk->qwe[\\qwe\\UNE_CONSTANTE]]][$a]->uio").value("valeur de apres").drop(); diff --git a/src/tests/config/disabled_function_local_var_obj.ini b/src/tests/config/disabled_function_local_var_obj.ini new file mode 100644 index 0000000..df6b617 --- /dev/null +++ b/src/tests/config/disabled_function_local_var_obj.ini @@ -0,0 +1,3 @@ +sp.disable_function.function("strlen").var("$test->$test_array").value("value").drop(); +sp.disable_function.function("strlen").var("$arg->$test_array").value("value").drop(); +sp.disable_function.function("strlen").var("$test->$arg").value("nop_object").drop(); diff --git a/src/tests/config/disabled_function_super_global_var.ini b/src/tests/config/disabled_function_super_global_var.ini index feac314..178a01a 100644 --- a/src/tests/config/disabled_function_super_global_var.ini +++ b/src/tests/config/disabled_function_super_global_var.ini @@ -1 +1 @@ -sp.disable_function.function("strlen").var("_GET[bla]").value("test2").drop(); +sp.disable_function.function("strlen").var("$_GET[bla]").value("test2").drop(); diff --git a/src/tests/config/disabled_functions_pos.ini b/src/tests/config/disabled_functions_pos.ini index e7d12a9..2b4650d 100644 --- a/src/tests/config/disabled_functions_pos.ini +++ b/src/tests/config/disabled_functions_pos.ini @@ -1,2 +1,3 @@ sp.disable_function.function("system").pos("1337").value("id").drop(); sp.disable_function.function("system").pos("0").value("id").drop(); +sp.disable_function.function("system").pos("1").param_type("ARRAY").alias("1").drop(); -- cgit v1.3