From 5fbb1733f67172e4111fa512961106f4733395db Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Sat, 7 Aug 2021 15:57:30 +0200
Subject: unit tests for ini protection feature

---
 src/tests/ini/config/sp-policy-drop.ini        |  3 +++
 src/tests/ini/config/sp-policy-silent-fail.ini |  3 +++
 src/tests/ini/config/sp.ini                    | 11 +++++++++
 src/tests/ini/ini_min_policy_drop.phpt         | 13 ++++++++++
 src/tests/ini/ini_min_policy_silent_fail.phpt  | 14 +++++++++++
 src/tests/ini/ini_minmax.phpt                  | 34 ++++++++++++++++++++++++++
 src/tests/ini/ini_null.phpt                    | 26 ++++++++++++++++++++
 src/tests/ini/ini_regexp.phpt                  | 19 ++++++++++++++
 src/tests/ini/ini_regexp_drop.phpt             | 13 ++++++++++
 src/tests/ini/ini_set.phpt                     | 12 +++++++++
 10 files changed, 148 insertions(+)
 create mode 100644 src/tests/ini/config/sp-policy-drop.ini
 create mode 100644 src/tests/ini/config/sp-policy-silent-fail.ini
 create mode 100644 src/tests/ini/config/sp.ini
 create mode 100644 src/tests/ini/ini_min_policy_drop.phpt
 create mode 100644 src/tests/ini/ini_min_policy_silent_fail.phpt
 create mode 100644 src/tests/ini/ini_minmax.phpt
 create mode 100644 src/tests/ini/ini_null.phpt
 create mode 100644 src/tests/ini/ini_regexp.phpt
 create mode 100644 src/tests/ini/ini_regexp_drop.phpt
 create mode 100644 src/tests/ini/ini_set.phpt

(limited to 'src/tests/ini')

diff --git a/src/tests/ini/config/sp-policy-drop.ini b/src/tests/ini/config/sp-policy-drop.ini
new file mode 100644
index 0000000..1c28030
--- /dev/null
+++ b/src/tests/ini/config/sp-policy-drop.ini
@@ -0,0 +1,3 @@
+sp.ini_protection.enable();
+sp.ini_protection.policy_drop();
+sp.ini.key("log_errors_max_len").min("200").max("2000");
diff --git a/src/tests/ini/config/sp-policy-silent-fail.ini b/src/tests/ini/config/sp-policy-silent-fail.ini
new file mode 100644
index 0000000..8236077
--- /dev/null
+++ b/src/tests/ini/config/sp-policy-silent-fail.ini
@@ -0,0 +1,3 @@
+sp.ini_protection.enable();
+sp.ini_protection.policy_silent_fail();
+sp.ini.key("log_errors_max_len").min("200").max("2000");
diff --git a/src/tests/ini/config/sp.ini b/src/tests/ini/config/sp.ini
new file mode 100644
index 0000000..3022e37
--- /dev/null
+++ b/src/tests/ini/config/sp.ini
@@ -0,0 +1,11 @@
+sp.ini_protection.enable();
+
+sp.ini.key("log_errors_max_len").min("200").max("2000");
+sp.ini.key("max_execution_time").min("30").max("600");
+sp.ini.key("highlight.comment").regexp("^#[0-9a-fA-F]{6}$");
+sp.ini.key("default_mimetype").set("text/plain").ro();
+
+sp.ini.key("sendmail_from").set("test@example.com").regexp(".*@example\\.com$").allow_null();
+sp.ini.key("unserialize_callback_func").set("def").regexp("^abc$");
+
+sp.ini.key("user_agent").regexp("^abc$").drop();
diff --git a/src/tests/ini/ini_min_policy_drop.phpt b/src/tests/ini/ini_min_policy_drop.phpt
new file mode 100644
index 0000000..9dddcc4
--- /dev/null
+++ b/src/tests/ini/ini_min_policy_drop.phpt
@@ -0,0 +1,13 @@
+--TEST--
+INI protection .min() + .policy_drop()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp-policy-drop.ini
+--FILE--
+<?php 
+var_dump(ini_set("log_errors_max_len", "199") === false);
+var_dump(ini_get("log_errors_max_len"));
+?>
+--EXPECTF-- 
+Fatal error: [snuffleupagus][0.0.0.0][ini_protection][drop] INI value out of range in %a/ini_min_policy_drop.php on line 2
diff --git a/src/tests/ini/ini_min_policy_silent_fail.phpt b/src/tests/ini/ini_min_policy_silent_fail.phpt
new file mode 100644
index 0000000..8ef780d
--- /dev/null
+++ b/src/tests/ini/ini_min_policy_silent_fail.phpt
@@ -0,0 +1,14 @@
+--TEST--
+INI protection .min() + .policy_silent_fail()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp-policy-silent-fail.ini
+--FILE--
+<?php 
+var_dump(ini_set("log_errors_max_len", "199") === false);
+var_dump(ini_get("log_errors_max_len"));
+?>
+--EXPECTF-- 
+bool(true)
+string(1) "0"
\ No newline at end of file
diff --git a/src/tests/ini/ini_minmax.phpt b/src/tests/ini/ini_minmax.phpt
new file mode 100644
index 0000000..fc93075
--- /dev/null
+++ b/src/tests/ini/ini_minmax.phpt
@@ -0,0 +1,34 @@
+--TEST--
+INI protection .min()/.max()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp.ini
+--FILE--
+<?php 
+var_dump(ini_set("log_errors_max_len", "200") === false);
+var_dump(ini_get("log_errors_max_len"));
+
+var_dump(ini_set("log_errors_max_len", "2000") === false);
+var_dump(ini_get("log_errors_max_len"));
+
+var_dump(ini_set("log_errors_max_len", "199") === false);
+var_dump(ini_get("log_errors_max_len"));
+
+var_dump(ini_set("log_errors_max_len", "2001") === false);
+var_dump(ini_get("log_errors_max_len"));
+
+?>
+--EXPECTF-- 
+bool(false)
+string(3) "200"
+bool(false)
+string(4) "2000"
+
+Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value out of range in %a/ini_minmax.php on line 8
+bool(true)
+string(4) "2000"
+
+Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value out of range in %a/ini_minmax.php on line 11
+bool(true)
+string(4) "2000"
\ No newline at end of file
diff --git a/src/tests/ini/ini_null.phpt b/src/tests/ini/ini_null.phpt
new file mode 100644
index 0000000..32a12c1
--- /dev/null
+++ b/src/tests/ini/ini_null.phpt
@@ -0,0 +1,26 @@
+--TEST--
+INI protection .allow_null()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp.ini
+--FILE--
+<?php 
+var_dump(ini_set("sendmail_from", "foo@example.com") === false);
+var_dump(ini_get("sendmail_from"));
+
+var_dump(ini_set("sendmail_from", NULL) === false);
+var_dump(ini_get("sendmail_from"));
+
+var_dump(ini_set("unserialize_callback_func", NULL) === false);
+var_dump(ini_get("unserialize_callback_func"));
+?>
+--EXPECTF-- 
+bool(false)
+string(15) "foo@example.com"
+bool(false)
+string(0) ""
+
+Warning: [snuffleupagus][0.0.0.0][ini_protection][log] new INI value must not be NULL or empty in %a/ini_null.php on line 8
+bool(true)
+string(3) "def"
\ No newline at end of file
diff --git a/src/tests/ini/ini_regexp.phpt b/src/tests/ini/ini_regexp.phpt
new file mode 100644
index 0000000..f6c5198
--- /dev/null
+++ b/src/tests/ini/ini_regexp.phpt
@@ -0,0 +1,19 @@
+--TEST--
+INI protection .regexp()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp.ini
+--FILE--
+<?php 
+ini_set("highlight.comment", "#000aBc");
+var_dump(ini_get("highlight.comment"));
+
+ini_set("highlight.comment", "xxx");
+var_dump(ini_get("highlight.comment"));
+?>
+--EXPECTF-- 
+string(7) "#000aBc"
+
+Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value does not match regex in %a/ini_regexp.php on line 5
+string(7) "#000aBc"
diff --git a/src/tests/ini/ini_regexp_drop.phpt b/src/tests/ini/ini_regexp_drop.phpt
new file mode 100644
index 0000000..9225470
--- /dev/null
+++ b/src/tests/ini/ini_regexp_drop.phpt
@@ -0,0 +1,13 @@
+--TEST--
+INI protection .min() + .drop()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp.ini
+--FILE--
+<?php 
+var_dump(ini_set("user_agent", "Foo") === false);
+var_dump(ini_get("user_agent"));
+?>
+--EXPECTF-- 
+Fatal error: [snuffleupagus][0.0.0.0][ini_protection][drop] INI value does not match regex in %a/ini_regexp_drop.php on line 2
diff --git a/src/tests/ini/ini_set.phpt b/src/tests/ini/ini_set.phpt
new file mode 100644
index 0000000..bfafbe8
--- /dev/null
+++ b/src/tests/ini/ini_set.phpt
@@ -0,0 +1,12 @@
+--TEST--
+INI protection .set()
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print("skip"); ?>
+--INI--
+sp.configuration_file={PWD}/config/sp.ini
+--FILE--
+<?php 
+var_dump(ini_get("default_mimetype"));
+?>
+--EXPECTF-- 
+string(10) "text/plain"
\ No newline at end of file
-- 
cgit v1.3