From 18711c04c9e6fc6056f79f05598719a112ecbba5 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Tue, 10 Oct 2017 12:12:10 +0200 Subject: Make the `simulation` mode logs more obvious --- src/sp_execute.c | 2 +- src/sp_unserialize.c | 2 +- src/sp_upload_validation.c | 2 +- src/sp_utils.c | 12 +++++----- src/sp_utils.h | 2 +- .../config/config_disabled_functions_require.ini | 3 ++- src/tests/deny_writable_execution_simulation.phpt | 4 ++-- src/tests/disabled_functions.phpt | 2 +- src/tests/disabled_functions_param.phpt | 4 ++-- src/tests/disabled_functions_param_alias.phpt | 2 +- .../disabled_functions_require_simulation.phpt | 26 ++++++++++++++++++++++ src/tests/disabled_functions_ret_simulation.phpt | 4 ++-- src/tests/disabled_functions_upper.phpt | 2 +- src/tests/unserialize_sim.phpt | 2 +- 14 files changed, 48 insertions(+), 21 deletions(-) create mode 100644 src/tests/disabled_functions_require_simulation.phpt (limited to 'src') diff --git a/src/sp_execute.c b/src/sp_execute.c index 014a049..419e56d 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -13,7 +13,7 @@ static int (*orig_zend_stream_open)(const char *filename, ZEND_COLD static inline void terminate_if_writable(const char *filename) { if (0 == access(filename, W_OK)) { if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->simulation) { - sp_log_msg("readonly_exec", SP_LOG_NOTICE, + sp_log_msg("readonly_exec", SP_LOG_SIMULATION, "Attempted execution of a writable file (%s).", filename); } else { sp_log_msg("readonly_exec", SP_LOG_DROP, diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index c8503de..b3dfad7 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -88,7 +88,7 @@ PHP_FUNCTION(sp_unserialize) { } } else { if ( true == SNUFFLEUPAGUS_G(config).config_unserialize->simulation) { - sp_log_msg("unserialize", SP_LOG_NOTICE, "Invalid HMAC for %s", serialized_str); + sp_log_msg("unserialize", SP_LOG_SIMULATION, "Invalid HMAC for %s", serialized_str); if ((orig_handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), "unserialize", 11))) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index 6655e11..3f0d788 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -79,7 +79,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { if (WEXITSTATUS(waitstatus) != 0) { // Nope char *uri = sp_getenv("REQUEST_URI"); int sim = SNUFFLEUPAGUS_G(config).config_upload_validation->simulation; - sp_log_msg("upload_valiation", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("upload_valiation", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The upload of %s on %s was rejected.", filename, uri?uri:"?"); if (!SNUFFLEUPAGUS_G(config).config_upload_validation->simulation) { zend_bailout(); diff --git a/src/sp_utils.c b/src/sp_utils.c index f696a55..0ddc024 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -231,14 +231,14 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, const int sim = config_node->simulation; if (arg_name) { if (alias) { - sp_log_msg("disabled_function", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The call to the function '%s' in %s:%d has been disabled, " "because its argument '%s' content (%s) matched the rule '%s'.", path, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), arg_name, arg_value?arg_value:"?", alias); } else { - sp_log_msg("disabled_function", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The call to the function '%s' in %s:%d has been disabled, " "because its argument '%s' content (%s) matched a rule.", path, zend_get_executed_filename(TSRMLS_C), @@ -247,13 +247,13 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, } } else { if (alias) { - sp_log_msg("disabled_function", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The call to the function '%s' in %s:%d has been disabled, " "because of the the rule '%s'.",path, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), alias); } else { - sp_log_msg("disabled_function", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The call to the function '%s' in %s:%d has been disabled.", path, zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C)); @@ -271,13 +271,13 @@ void sp_log_disable_ret(const char* restrict path, const char* alias = config_node->alias; const int sim = config_node->simulation; if (alias) { - sp_log_msg("disabled_function", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The execution has been aborted in %s:%d, " "because the function '%s' returned '%s', which matched the rule '%s'.", zend_get_executed_filename(TSRMLS_C), zend_get_executed_lineno(TSRMLS_C), path, ret_value?ret_value:"?", alias); } else { - sp_log_msg("disabled_function", sim?SP_LOG_NOTICE:SP_LOG_DROP, + sp_log_msg("disabled_function", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The execution has been aborted in %s:%d, " "because the return value (%s) of the function '%s' matched a rule.", zend_get_executed_filename(TSRMLS_C), diff --git a/src/sp_utils.h b/src/sp_utils.h index 3b14205..61a4c53 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -35,7 +35,7 @@ #define HOOK_FUNCTION_BY_REGEXP(regexp, hook_table, new_function, execution) \ hook_regexp(regexp, SNUFFLEUPAGUS_G(hook_table), new_function, execution) -#define SP_LOG_NOTICE "notice" +#define SP_LOG_SIMULATION "simulation" #define SP_LOG_DROP "drop" #define SP_LOG_DEBUG "debug" #define SP_LOG_ERROR "error" diff --git a/src/tests/config/config_disabled_functions_require.ini b/src/tests/config/config_disabled_functions_require.ini index 474fada..c23824d 100644 --- a/src/tests/config/config_disabled_functions_require.ini +++ b/src/tests/config/config_disabled_functions_require.ini @@ -1 +1,2 @@ -sp.disable_functions.function("require").param("").value_r("meh$").drop(); +sp.disable_functions.function("require").param("").value_r("sim$").drop().simulation(); +sp.disable_functions.function("require").param("").value_r("meh$").drop(); \ No newline at end of file diff --git a/src/tests/deny_writable_execution_simulation.phpt b/src/tests/deny_writable_execution_simulation.phpt index 3278be8..549fb81 100644 --- a/src/tests/deny_writable_execution_simulation.phpt +++ b/src/tests/deny_writable_execution_simulation.phpt @@ -32,7 +32,7 @@ include "$dir/writable_file.txt"; include "$dir/non_writable_file.txt"; ?> --EXPECTF-- -[snuffleupagus][0.0.0.0][readonly_exec][notice] Attempted execution of a writable file (%a/writable_file.txt). +[snuffleupagus][0.0.0.0][readonly_exec][simulation] Attempted execution of a writable file (%a/writable_file.txt). Code execution within a writable file. Code execution within a non-writable file. --CLEAN-- @@ -42,4 +42,4 @@ chmod("$dir/non_writable_file.txt", 0777); chmod("$dir/writable_file.txt", 0777); unlink("$dir/non_writable_file.txt"); unlink("$dir/writable_file.txt"); -?> \ No newline at end of file +?> diff --git a/src/tests/disabled_functions.phpt b/src/tests/disabled_functions.phpt index 37da911..1c66ede 100644 --- a/src/tests/disabled_functions.phpt +++ b/src/tests/disabled_functions.phpt @@ -14,7 +14,7 @@ echo strpos("pouet", "o"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions.php:%d has been disabled. -[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'printf' in %a/tests/disabled_functions.php:%d has been disabled. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'printf' in %a/tests/disabled_functions.php:%d has been disabled. printf in simulation mode print in disabled mode [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'var_dump' in %a/tests/disabled_functions.php:%d has been disabled. diff --git a/src/tests/disabled_functions_param.phpt b/src/tests/disabled_functions_param.phpt index 2309217..61521cd 100644 --- a/src/tests/disabled_functions_param.phpt +++ b/src/tests/disabled_functions_param.phpt @@ -20,5 +20,5 @@ win int(15) [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'shell_exec' in %a/disabled_functions_param.php:5 has been disabled, because its argument 'cmd' content (id) matched the rule '3'. 42 -[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'strcmp' in %a/tests/disabled_functions_param.php:7 has been disabled, because its argument 'str1' content (bla) matched the rule '5'. -[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'strncmp' in %a/tests/disabled_functions_param.php:8 has been disabled, because its argument 'str1' content (bla) matched a rule. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'strcmp' in %a/tests/disabled_functions_param.php:7 has been disabled, because its argument 'str1' content (bla) matched the rule '5'. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'strncmp' in %a/tests/disabled_functions_param.php:8 has been disabled, because its argument 'str1' content (bla) matched a rule. diff --git a/src/tests/disabled_functions_param_alias.phpt b/src/tests/disabled_functions_param_alias.phpt index fe3d1c1..b549d70 100644 --- a/src/tests/disabled_functions_param_alias.phpt +++ b/src/tests/disabled_functions_param_alias.phpt @@ -11,4 +11,4 @@ shell_exec("id"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_param_alias.php:2 has been disabled, because of the the rule '1'. -[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'shell_exec' in %a/tests/disabled_functions_param_alias.php:3 has been disabled, because of the the rule '2'. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'shell_exec' in %a/tests/disabled_functions_param_alias.php:3 has been disabled, because of the the rule '2'. diff --git a/src/tests/disabled_functions_require_simulation.phpt b/src/tests/disabled_functions_require_simulation.phpt new file mode 100644 index 0000000..2744c37 --- /dev/null +++ b/src/tests/disabled_functions_require_simulation.phpt @@ -0,0 +1,26 @@ +--TEST-- +Disable functions - Require (simulation) +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_require.ini +--FILE-- + +--EXPECTF-- +BLA +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'include' in %a/disabled_functions_require_simulation.php:%d has been disabled, because its argument 'inclusion path' content (%a/test.sim) matched a rule. +MEH +1337 +--CLEAN-- + diff --git a/src/tests/disabled_functions_ret_simulation.phpt b/src/tests/disabled_functions_ret_simulation.phpt index 58af3a9..1965030 100644 --- a/src/tests/disabled_functions_ret_simulation.phpt +++ b/src/tests/disabled_functions_ret_simulation.phpt @@ -11,8 +11,8 @@ echo stripos("pouet", "p") . "\n"; strcmp("p", "p") . "\n"; ?> --EXPECTF-- -[snuffleupagus][0.0.0.0][disabled_function][notice] The execution has been aborted in %a/disabled_functions_ret_simulation.php:2, because the return value (0) of the function 'strpos' matched a rule. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The execution has been aborted in %a/disabled_functions_ret_simulation.php:2, because the return value (0) of the function 'strpos' matched a rule. 0 -[snuffleupagus][0.0.0.0][disabled_function][notice] The execution has been aborted in %a/disabled_functions_ret_simulation.php:3, because the function 'stripos' returned '0', which matched the rule '1'. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The execution has been aborted in %a/disabled_functions_ret_simulation.php:3, because the function 'stripos' returned '0', which matched the rule '1'. 0 [snuffleupagus][0.0.0.0][disabled_function][drop] The execution has been aborted in %a/disabled_functions_ret_simulation.php:4, because the return value (0) of the function 'strcmp' matched a rule. diff --git a/src/tests/disabled_functions_upper.phpt b/src/tests/disabled_functions_upper.phpt index 4a7ed94..08c26c0 100644 --- a/src/tests/disabled_functions_upper.phpt +++ b/src/tests/disabled_functions_upper.phpt @@ -14,7 +14,7 @@ echo sTRPOs("pouet", "o"); ?> --EXPECTF-- [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_upper.php:%d has been disabled. -[snuffleupagus][0.0.0.0][disabled_function][notice] The call to the function 'printf' in %a/tests/disabled_functions_upper.php:%d has been disabled. +[snuffleupagus][0.0.0.0][disabled_function][simulation] The call to the function 'printf' in %a/tests/disabled_functions_upper.php:%d has been disabled. printf in simulation mode print in disabled mode [snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'var_dump' in %a/tests/disabled_functions_upper.php:%d has been disabled. diff --git a/src/tests/unserialize_sim.phpt b/src/tests/unserialize_sim.phpt index 8ebf64d..0d8280c 100644 --- a/src/tests/unserialize_sim.phpt +++ b/src/tests/unserialize_sim.phpt @@ -13,5 +13,5 @@ var_dump(unserialize('s:1:"a";alyualskdufyhalkdjsfhalkjdhflaksjdfhlkasdhflkahdaw ?> --EXPECT-- s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1string(1) "a" -[snuffleupagus][0.0.0.0][unserialize][notice] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh +[snuffleupagus][0.0.0.0][unserialize][simulation] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh string(1) "a" -- cgit v1.3