From 17a09fafa2b569f0ce548220fd099cdf88e3a71e Mon Sep 17 00:00:00 2001
From: kkadosh
Date: Fri, 2 Mar 2018 13:31:56 +0000
Subject: Add .dump() for eval whitelist/blacklist + simulation mode for
 whitelist

---
 src/tests/config/dump_eval_blacklist.ini       |  1 +
 src/tests/config/dump_eval_whitelist.ini       |  1 +
 src/tests/config/eval_whitelist_simulation.ini |  1 +
 src/tests/dump_eval_blacklist.phpt             | 39 ++++++++++++++++++++
 src/tests/dump_eval_whitelist.phpt             | 51 ++++++++++++++++++++++++++
 src/tests/dump_request.phpt                    |  3 ++
 src/tests/dump_request_too_big.phpt            | 10 ++---
 src/tests/dump_unserialize.phpt                |  9 ++---
 src/tests/eval_backlist_simulation.phpt        |  4 +-
 src/tests/eval_whitelist_simulation.phpt       | 28 ++++++++++++++
 10 files changed, 135 insertions(+), 12 deletions(-)
 create mode 100644 src/tests/config/dump_eval_blacklist.ini
 create mode 100644 src/tests/config/dump_eval_whitelist.ini
 create mode 100644 src/tests/config/eval_whitelist_simulation.ini
 create mode 100644 src/tests/dump_eval_blacklist.phpt
 create mode 100644 src/tests/dump_eval_whitelist.phpt
 create mode 100644 src/tests/eval_whitelist_simulation.phpt

(limited to 'src/tests')

diff --git a/src/tests/config/dump_eval_blacklist.ini b/src/tests/config/dump_eval_blacklist.ini
new file mode 100644
index 0000000..503143a
--- /dev/null
+++ b/src/tests/config/dump_eval_blacklist.ini
@@ -0,0 +1 @@
+sp.eval_blacklist.list("strlen").dump("/tmp/dump_result/").simulation();
diff --git a/src/tests/config/dump_eval_whitelist.ini b/src/tests/config/dump_eval_whitelist.ini
new file mode 100644
index 0000000..2a6c909
--- /dev/null
+++ b/src/tests/config/dump_eval_whitelist.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos").simulation().dump("/tmp/dump_result/");
diff --git a/src/tests/config/eval_whitelist_simulation.ini b/src/tests/config/eval_whitelist_simulation.ini
new file mode 100644
index 0000000..9d94db3
--- /dev/null
+++ b/src/tests/config/eval_whitelist_simulation.ini
@@ -0,0 +1 @@
+sp.eval_whitelist.list("my_fun,cos").simulation();
diff --git a/src/tests/dump_eval_blacklist.phpt b/src/tests/dump_eval_blacklist.phpt
new file mode 100644
index 0000000..19da8cd
--- /dev/null
+++ b/src/tests/dump_eval_blacklist.phpt
@@ -0,0 +1,39 @@
+--TEST--
+Dump eval blacklist
+--SKIPIF--
+<?php 
+if (!extension_loaded("snuffleupagus")) die "skip";
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b
+--GET--
+get_a=data_get_a&get_b=data_get_b
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b
+--INI--
+sp.configuration_file={PWD}/config/dump_eval_blacklist.ini
+--FILE--
+<?php
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = strlen("1234");');
+echo "After eval: $a\n";
+$filename = glob('/tmp/dump_result/sp_dump.*')[0];
+$res = file($filename);
+if ($res[2] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
+    echo "1\n";
+} elseif ($res[3] != "POST:post_a='data_post_a' post_b='data_post_b' \n") {
+    echo "2\n";
+} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
+    echo "3\n";
+}
+?>
+--EXPECTF--
+Outside of eval: 14
+[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/dump_eval_blacklist.php:1, logging it.
+After eval: 4
diff --git a/src/tests/dump_eval_whitelist.phpt b/src/tests/dump_eval_whitelist.phpt
new file mode 100644
index 0000000..24ca1d1
--- /dev/null
+++ b/src/tests/dump_eval_whitelist.phpt
@@ -0,0 +1,51 @@
+--TEST--
+Dump eval whitelist
+--SKIPIF--
+<?php
+if (!extension_loaded("snuffleupagus")) die "skip";
+?>
+--POST--
+post_a=data_post_a&post_b=data_post_b
+--GET--
+get_a=data_get_a&get_b=data_get_b
+--COOKIE--
+cookie_a=data_cookie_a&cookie_b=data_cookie_b
+--INI--
+sp.configuration_file={PWD}/config/dump_eval_whitelist.ini
+--FILE--
+<?php
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+
+function my_fun($p) {
+	return "my_fun: $p";
+}
+
+function my_other_fun($p) {
+	return "my_other_fun: $p";
+}
+
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+$filename = glob('/tmp/dump_result/sp_dump.*')[0];
+$res = file($filename);
+if ($res[2] != "GET:get_a='data_get_a' get_b='data_get_b' \n") {
+    echo "1\n";
+} elseif ($res[3] != "POST:post_a='data_post_a' post_b='data_post_b' \n") {
+    echo "2\n";
+} elseif ($res[4] != "COOKIE:cookie_a='data_cookie_a&cookie_b=data_cookie_b' \n") {
+    echo "3\n";
+}
+
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+[snuffleupagus][0.0.0.0][Eval_whitelist][simulation] The function 'my_other_fun' isn't in the eval whitelist, logging its call.
+After eval: my_other_fun: 1234
diff --git a/src/tests/dump_request.phpt b/src/tests/dump_request.phpt
index 23cafdc..abff870 100644
--- a/src/tests/dump_request.phpt
+++ b/src/tests/dump_request.phpt
@@ -22,6 +22,9 @@ sp.configuration_file={PWD}/config/dump_request.ini
 --FILE--
 <?php
 @mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
 echo "1\n";
 system("echo 1337;");
 $filename = glob('/tmp/dump_result/sp_dump.*')[0];
diff --git a/src/tests/dump_request_too_big.phpt b/src/tests/dump_request_too_big.phpt
index 795a5c2..d67ce6f 100644
--- a/src/tests/dump_request_too_big.phpt
+++ b/src/tests/dump_request_too_big.phpt
@@ -4,12 +4,7 @@ Dump request -- to big, so it's truncated.
 <?php
 if (!extension_loaded("snuffleupagus")) {
     print "skip";
-} 
-
-foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
-    @unlink($dump);
 }
-@rmdir("/tmp/dump_result/");
 ?>
 --POST--
 post_a=data_post_a&post_b=data_post_b&post_c=c
@@ -25,6 +20,11 @@ END;
 sp.configuration_file={PWD}/config/dump_request.ini
 --FILE--
 <?php
+@mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+
 echo "1\n";
 system("echo 1337;");
 $filename = glob('/tmp/dump_result/*')[0];
diff --git a/src/tests/dump_unserialize.phpt b/src/tests/dump_unserialize.phpt
index 9c3906d..dfa8501 100644
--- a/src/tests/dump_unserialize.phpt
+++ b/src/tests/dump_unserialize.phpt
@@ -5,11 +5,6 @@ Dump unserialize
 if (!extension_loaded("snuffleupagus")) {
     print "skip";
 } 
-
-foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
-    @unlink($dump);
-}
-@rmdir("/tmp/dump_result/");
 ?>
 --POST--
 post_a=data_post_a&post_b=data_post_b
@@ -22,6 +17,10 @@ sp.configuration_file={PWD}/config/dump_unserialize.ini
 --FILE--
 <?php
 @mkdir("/tmp/dump_result/");
+foreach (glob("/tmp/dump_result/sp_dump.*") as $dump) {
+    @unlink($dump);
+}
+
 echo "1\n";
 var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdawkuerylksjdfhlkssjgdflaksjdhflkasjdf'));
 $filename = glob('/tmp/dump_result/sp_dump.*')[0];
diff --git a/src/tests/eval_backlist_simulation.phpt b/src/tests/eval_backlist_simulation.phpt
index ddeae60..bea5115 100644
--- a/src/tests/eval_backlist_simulation.phpt
+++ b/src/tests/eval_backlist_simulation.phpt
@@ -1,5 +1,5 @@
 --TEST--
-Eval blacklist
+Eval blacklist simulation
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--
@@ -13,5 +13,5 @@ echo "After eval: $a\n";
 ?>
 --EXPECTF--
 Outside of eval: 14
-[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/tests/eval_backlist_simulation.php:1, dropping it.
+[snuffleupagus][0.0.0.0][eval][simulation] A call to strlen was tried in eval, in %a/tests/eval_backlist_simulation.php:1, logging it.
 After eval: 4
diff --git a/src/tests/eval_whitelist_simulation.phpt b/src/tests/eval_whitelist_simulation.phpt
new file mode 100644
index 0000000..ff2f970
--- /dev/null
+++ b/src/tests/eval_whitelist_simulation.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Eval whitelist simulation
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_whitelist_simulation.ini
+--FILE--
+<?php 
+function my_fun($p) {
+	return "my_fun: $p";
+}
+
+function my_other_fun($p) {
+	return "my_other_fun: $p";
+}
+
+$a = my_fun("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval('$a = my_fun("1234");');
+echo "After allowed eval: $a\n";
+eval('$a = my_other_fun("1234");');
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: my_fun: 1337 1337 1337
+After allowed eval: my_fun: 1234
+[snuffleupagus][0.0.0.0][Eval_whitelist][simulation] The function 'my_other_fun' isn't in the eval whitelist, logging its call.
+After eval: my_other_fun: 1234
\ No newline at end of file
-- 
cgit v1.3