From c463edcee51dfab4358f1aff5a70c2f2f940a20b Mon Sep 17 00:00:00 2001
From: jvoisin
Date: Fri, 5 Jan 2018 11:07:15 +0100
Subject: Fix a bypass in our eval blacklist

---
 src/tests/nested_eval_blacklist2.phpt | 28 ++++++++++++++++++++++++++++
 1 file changed, 28 insertions(+)
 create mode 100644 src/tests/nested_eval_blacklist2.phpt

(limited to 'src/tests')

diff --git a/src/tests/nested_eval_blacklist2.phpt b/src/tests/nested_eval_blacklist2.phpt
new file mode 100644
index 0000000..3b13e30
--- /dev/null
+++ b/src/tests/nested_eval_blacklist2.phpt
@@ -0,0 +1,28 @@
+--TEST--
+Eval blacklist - nested eval, with a twist
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/eval_backlist.ini
+--FILE--
+<?php 
+$a = strlen("1337 1337 1337");
+echo "Outside of eval: $a\n";
+eval(
+	"echo 'Inception lvl 1...\n';
+   eval(
+     'echo \"Inception lvl 2...\n\";
+      eval(
+				 \"echo \'Inception lvl 3...\n\';
+       \");
+			 strlen(\'Limbo!\');
+   ');
+");
+echo "After eval: $a\n";
+?>
+--EXPECTF--
+Outside of eval: 14
+Inception lvl 1...
+Inception lvl 2...
+Inception lvl 3...
+[snuffleupagus][0.0.0.0][eval][drop] A call to strlen was tried in eval, in %a/tests/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it.
-- 
cgit v1.3