From e79f7e3bd992c7f0915ef9afe7afb6d79740527a Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Mon, 14 Jan 2019 19:29:25 +0000
Subject: Reorganize the testsuite

Splitting the testsuite in several components makes it easier to manage and comprehend.
This was also needed some some tests aren't passing on Alpine Linux, but we still want to run
as many of them as we can on this platform.---
 src/tests/xxe/config/disable_xxe.ini         |   1 +
 src/tests/xxe/config/disable_xxe_disable.ini |   1 +
 src/tests/xxe/disable_xxe_dom.phpt           |  73 ++++++++++++++++++
 src/tests/xxe/disable_xxe_dom_disabled.phpt  |  55 ++++++++++++++
 src/tests/xxe/disable_xxe_simplexml.phpt     |  51 +++++++++++++
 src/tests/xxe/disable_xxe_simplexml_oop.phpt |  51 +++++++++++++
 src/tests/xxe/disable_xxe_xml_parse.phpt     | 106 +++++++++++++++++++++++++++
 7 files changed, 338 insertions(+)
 create mode 100644 src/tests/xxe/config/disable_xxe.ini
 create mode 100644 src/tests/xxe/config/disable_xxe_disable.ini
 create mode 100644 src/tests/xxe/disable_xxe_dom.phpt
 create mode 100644 src/tests/xxe/disable_xxe_dom_disabled.phpt
 create mode 100644 src/tests/xxe/disable_xxe_simplexml.phpt
 create mode 100644 src/tests/xxe/disable_xxe_simplexml_oop.phpt
 create mode 100644 src/tests/xxe/disable_xxe_xml_parse.phpt

(limited to 'src/tests/xxe')

diff --git a/src/tests/xxe/config/disable_xxe.ini b/src/tests/xxe/config/disable_xxe.ini
new file mode 100644
index 0000000..bc9d1f2
--- /dev/null
+++ b/src/tests/xxe/config/disable_xxe.ini
@@ -0,0 +1 @@
+sp.disable_xxe.enable();
diff --git a/src/tests/xxe/config/disable_xxe_disable.ini b/src/tests/xxe/config/disable_xxe_disable.ini
new file mode 100644
index 0000000..bb1e432
--- /dev/null
+++ b/src/tests/xxe/config/disable_xxe_disable.ini
@@ -0,0 +1 @@
+sp.disable_xxe.disable();
diff --git a/src/tests/xxe/disable_xxe_dom.phpt b/src/tests/xxe/disable_xxe_dom.phpt
new file mode 100644
index 0000000..e1459e3
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_dom.phpt
@@ -0,0 +1,73 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) {
+  echo "skip"; 
+} elseif (!extension_loaded("dom")) {
+	echo "skip";
+}
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+?>
+--EXPECTF--
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to true: 
+
+Warning: DOMDocument::loadXML(): I/O warning : failed to load external entity "file://%a/content.txt" in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Failure to process entity foo in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Warning: DOMDocument::loadXML(): Entity 'foo' not defined in Entity, line: %d in %a/disable_xxe_dom.php on line %d
+
+Notice: Trying to get property %a in %a/disable_xxe_dom.php on line %d
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "content.xml");
+unlink($dir . "content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt
new file mode 100644
index 0000000..a791ebc
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt
@@ -0,0 +1,55 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) echo "skip";
+ if (!extension_loaded("dom")) echo "skip";
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe_disable.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = '<content>WARNING, external entity loaded!</content>';
+file_put_contents($dir . '/content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents($dir . '/content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to true: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("libxml_disable_entity to false: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(false);
+$dom = new DOMDocument('1.0');
+$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT);
+printf("without xxe: %s", $dom->getElementsByTagName('testing')->item(0)->nodeValue);
+
+?>
+--EXPECTF-- 
+libxml_disable_entity to true: WARNING, external entity loaded!
+libxml_disable_entity to false: WARNING, external entity loaded!
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt
new file mode 100644
index 0000000..88396c0
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_simplexml.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) echo "skip";
+ if (!extension_loaded("simplexml")) echo "skip";
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+
+libxml_disable_entity_loader(false);
+$doc = new SimpleXMLElement($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+$doc = new SimpleXMLElement($xml);
+printf("without xxe: %s", $doc->testing);
+
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
new file mode 100644
index 0000000..43c4fbf
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Disable XXE
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) echo "skip";
+ if (!extension_loaded("simplexml")) echo "skip";
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+libxml_disable_entity_loader(true);
+$doc = simplexml_load_string($xml);
+printf("libxml_disable_entity to true: %s\n", $doc->testing);
+
+libxml_disable_entity_loader(false);
+$doc = simplexml_load_string($xml);
+printf("libxml_disable_entity to false: %s\n", $doc->testing);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+
+$doc = simplexml_load_string($xml);
+printf("without xxe: %s", $doc->testing);
+
+?>
+--EXPECT--
+libxml_disable_entity to true: 
+libxml_disable_entity to false: 
+without xxe: foo
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt
new file mode 100644
index 0000000..ca77729
--- /dev/null
+++ b/src/tests/xxe/disable_xxe_xml_parse.phpt
@@ -0,0 +1,106 @@
+--TEST--
+Disable XXE in xml_parse
+--SKIPIF--
+<?php
+ if (!extension_loaded("snuffleupagus")) {
+  echo "skip because snuffleupagus isn't loaded";
+} elseif (!extension_loaded("xml")) {
+  echo "skip because the `xml` extension isn't loaded";
+}
+ ?>
+--INI--
+sp.configuration_file={PWD}/config/disable_xxe.ini
+--FILE--
+<?php 
+$dir = __DIR__;
+$content = 'WARNING, external entity loaded!';
+file_put_contents('content.txt', $content);
+
+$xml = <<<EOD
+<?xml version="1.0"?>
+<!DOCTYPE root
+[
+<!ENTITY foo SYSTEM "file://$dir/content.txt">
+]>
+<test><testing>&foo;</testing></test>
+EOD;
+
+file_put_contents('content.xml', $xml);
+
+function create_parser() {
+	$parser = xml_parser_create();
+	xml_set_element_handler(
+		$parser,
+		function($parser, $name, array $attributes) {
+			var_dump($name);
+			echo "\n";
+			var_dump($attributes);
+		},
+		function($parser, $name) {
+			var_dump($name);
+		}
+	);
+
+	xml_set_character_data_handler(
+		$parser,
+		function ($parser, $text){
+			echo 'text' . $text;
+		}
+	);
+
+	return $parser;
+}
+
+libxml_disable_entity_loader(true);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+
+libxml_disable_entity_loader(false);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+
+$xml = "<test><testing>foo</testing></test>";
+file_put_contents('content.xml', $xml);
+$parser = create_parser();
+$doc = xml_parse($parser, $xml, true);
+xml_parser_free($parser);
+
+--EXPECT--
+string(4) "TEST"
+
+array(0) {
+}
+string(7) "TESTING"
+
+array(0) {
+}
+string(7) "TESTING"
+string(4) "TEST"
+string(4) "TEST"
+
+array(0) {
+}
+string(7) "TESTING"
+
+array(0) {
+}
+string(7) "TESTING"
+string(4) "TEST"
+string(4) "TEST"
+
+array(0) {
+}
+string(7) "TESTING"
+
+array(0) {
+}
+textfoostring(7) "TESTING"
+string(4) "TEST"
+--CLEAN--
+<?php
+$dir = __DIR__;
+unlink($dir . "/content.xml");
+unlink($dir . "/content.txt");
+?>
-- 
cgit v1.3