From 10437787b0e8ede80976de4a1c22775fc1282f36 Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Wed, 29 Nov 2017 11:36:57 +0100
Subject: Implement eval hooking

It's not possible to hook the `eval` builtin like other functions.---
 .../config/config_disabled_functions_eval_filename.ini    |  1 +
 src/tests/config/disabled_functions.ini                   |  1 +
 src/tests/config/disabled_functions_eval.ini              |  1 +
 src/tests/config/disabled_functions_eval_simulation.ini   |  1 +
 src/tests/deny_writable_execution.phpt                    |  5 ++---
 src/tests/disabled_functions_eval.phpt                    |  9 ++++-----
 src/tests/disabled_functions_eval_filename.phpt           | 14 ++++++++++++++
 src/tests/disabled_functions_eval_simulation.phpt         | 15 +++++++++++++++
 src/tests/disabled_functions_require.phpt                 |  2 +-
 src/tests/disabled_functions_require_simulation.phpt      |  2 +-
 10 files changed, 41 insertions(+), 10 deletions(-)
 create mode 100644 src/tests/config/config_disabled_functions_eval_filename.ini
 create mode 100644 src/tests/config/disabled_functions_eval.ini
 create mode 100644 src/tests/config/disabled_functions_eval_simulation.ini
 create mode 100644 src/tests/disabled_functions_eval_filename.phpt
 create mode 100644 src/tests/disabled_functions_eval_simulation.phpt

(limited to 'src/tests')

diff --git a/src/tests/config/config_disabled_functions_eval_filename.ini b/src/tests/config/config_disabled_functions_eval_filename.ini
new file mode 100644
index 0000000..f66cef3
--- /dev/null
+++ b/src/tests/config/config_disabled_functions_eval_filename.ini
@@ -0,0 +1 @@
+sp.disable_function.function("eval").filename_r("^.*tests/disabled_functions_eval_filename.php$").drop();
diff --git a/src/tests/config/disabled_functions.ini b/src/tests/config/disabled_functions.ini
index 226a107..df7013f 100644
--- a/src/tests/config/disabled_functions.ini
+++ b/src/tests/config/disabled_functions.ini
@@ -5,4 +5,5 @@ sp.disable_function.function("printf").simulation().drop();
 sp.disable_function.function("print").disable().drop();  # this is a comment
 sp.disable_function.function_r("^var_dump$").drop();
 sp.disable_function.function("sprintf").filename("/wrong file name").drop();
+sp.disable_function.function("sprintf").filename("/wrong file name").drop();
 sp.disable_function.function("eval").drop();
diff --git a/src/tests/config/disabled_functions_eval.ini b/src/tests/config/disabled_functions_eval.ini
new file mode 100644
index 0000000..f761259
--- /dev/null
+++ b/src/tests/config/disabled_functions_eval.ini
@@ -0,0 +1 @@
+sp.disable_function.function("eval").drop();
diff --git a/src/tests/config/disabled_functions_eval_simulation.ini b/src/tests/config/disabled_functions_eval_simulation.ini
new file mode 100644
index 0000000..f1dc58c
--- /dev/null
+++ b/src/tests/config/disabled_functions_eval_simulation.ini
@@ -0,0 +1 @@
+sp.disable_function.function("eval").drop().simulation();
diff --git a/src/tests/deny_writable_execution.phpt b/src/tests/deny_writable_execution.phpt
index 2870561..c399d35 100644
--- a/src/tests/deny_writable_execution.phpt
+++ b/src/tests/deny_writable_execution.phpt
@@ -32,8 +32,7 @@ include "$dir/non_writable_file.txt";
 include "$dir/writable_file.txt";
 ?>
 --EXPECTF--
-Code execution within a non-writable file.
-[snuffleupagus][0.0.0.0][readonly_exec][drop] Attempted execution of a writable file (%a/writable_file.txt).
+[snuffleupagus][0.0.0.0][readonly_exec][drop] Attempted execution of a writable file (%a/tests/deny_writable_execution.php).
 --CLEAN--
 <?php
 $dir = __DIR__;
@@ -41,4 +40,4 @@ chmod("$dir/non_writable_file.txt", 0777);
 chmod("$dir/writable_file.txt", 0777);
 unlink("$dir/non_writable_file.txt");
 unlink("$dir/writable_file.txt");
-?>
\ No newline at end of file
+?>
diff --git a/src/tests/disabled_functions_eval.phpt b/src/tests/disabled_functions_eval.phpt
index 0beaefe..7bd6b4b 100644
--- a/src/tests/disabled_functions_eval.phpt
+++ b/src/tests/disabled_functions_eval.phpt
@@ -3,13 +3,12 @@ Disable functions - eval
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/disabled_functions.ini
---XFAIL--
+sp.configuration_file={PWD}/config/disabled_functions_eval.ini
 --FILE--
 <?php 
-$var = 1234;
-eval('$var = 1337;');
+$var = 123456789;
+eval('$var = 1337 + 1337;');
 print("Variable: $var\n");
 ?>
 --EXPECTF--
-[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'eval' in %a/tests/disabled_functions_eval.php:%d has been disabled, because it matched a rule.
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'eval' in %a/tests/disabled_functions_eval.php(%d) : eval()'d code:%d has been disabled.
diff --git a/src/tests/disabled_functions_eval_filename.phpt b/src/tests/disabled_functions_eval_filename.phpt
new file mode 100644
index 0000000..5e64acc
--- /dev/null
+++ b/src/tests/disabled_functions_eval_filename.phpt
@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - eval
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_disabled_functions_eval_filename.ini
+--FILE--
+<?php 
+$var = 123456789;
+eval('$var = 1337 + 1337;');
+print("Variable: $var\n");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'eval' in %a/tests/disabled_functions_eval_filename.php(%d) : eval()'d code:%d has been disabled.
diff --git a/src/tests/disabled_functions_eval_simulation.phpt b/src/tests/disabled_functions_eval_simulation.phpt
new file mode 100644
index 0000000..06a006e
--- /dev/null
+++ b/src/tests/disabled_functions_eval_simulation.phpt
@@ -0,0 +1,15 @@
+--TEST--
+Disable functions - eval (simulation)
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_eval_simulation.ini
+--FILE--
+<?php 
+$var = 123456789;
+eval('$var = 1337 + 1337;');
+print("Variable: $var\n");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'eval' in %a/tests/disabled_functions_eval_simulation.php(%d) : eval()'d code:%d has been disabled.
+Variable: 2674
diff --git a/src/tests/disabled_functions_require.phpt b/src/tests/disabled_functions_require.phpt
index f848f8b..cc904f1 100644
--- a/src/tests/disabled_functions_require.phpt
+++ b/src/tests/disabled_functions_require.phpt
@@ -14,7 +14,7 @@ require $dir . '/test.meh';
 echo "1337";
 ?>
 --EXPECTF--
-BLA[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'include' in %a/disabled_functions_require.php:%d has been disabled, because its argument 'inclusion path' content (%a/test.meh) matched a rule.
+BLA[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'require' in %a/disabled_functions_require.php:%d has been disabled, because its argument 'inclusion path' content (%a/test.meh) matched a rule.
 --CLEAN--
 <?php
 $dir = __DIR__;
diff --git a/src/tests/disabled_functions_require_simulation.phpt b/src/tests/disabled_functions_require_simulation.phpt
index 2744c37..bd49268 100644
--- a/src/tests/disabled_functions_require_simulation.phpt
+++ b/src/tests/disabled_functions_require_simulation.phpt
@@ -15,7 +15,7 @@ echo "1337\n";
 ?>
 --EXPECTF--
 BLA
-[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'include' in %a/disabled_functions_require_simulation.php:%d has been disabled, because its argument 'inclusion path' content (%a/test.sim) matched a rule.
+[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'require' in %a/disabled_functions_require_simulation.php:%d has been disabled, because its argument 'inclusion path' content (%a/test.sim) matched a rule.
 MEH
 1337
 --CLEAN--
-- 
cgit v1.3