From 8070f622122344ae52b55c3f80e43a1733ae59e2 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Mon, 6 Nov 2017 14:24:24 +0100 Subject: 53 absolute path (#62) * Add error for relative path--- src/sp_config_keywords.c | 9 +++++++-- src/tests/broken_conf_invalid_filename.phpt | 9 +++++++++ src/tests/config/broken_conf_invalid_filename.ini | 1 + src/tests/config/config_disabled_functions_param_allow.ini | 2 +- src/tests/config/disabled_functions.ini | 2 +- 5 files changed, 19 insertions(+), 4 deletions(-) create mode 100644 src/tests/broken_conf_invalid_filename.phpt create mode 100644 src/tests/config/broken_conf_invalid_filename.ini (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index b1b22b5..34b855a 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -197,7 +197,7 @@ int parse_disabled_functions(char *line) { MUTUALLY_EXCLUSIVE(df->ret, df->r_ret, "r_ret", "ret"); #undef MUTUALLY_EXCLUSIVE - if (1 < ((df->r_param?1:0) + (df->param?1:0) + ((-1 != df->pos)?1:0))) { + if (1 < ((df->r_param?1:0) + (df->param?1:0) + ((-1 != df->pos)?1:0))) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions%s':" "'.r_param', '.param' and '.pos' are mutually exclusive on line %zu.", @@ -215,6 +215,12 @@ int parse_disabled_functions(char *line) { " must take a function name on line %zu.", line, sp_line_no); return -1; + } else if (df->filename && *df->filename != '/') { + sp_log_err("config", + "Invalid configuration line: 'sp.disabled_functions%s':" + "'.filename' must be an absolute path on line %zu.", + line, sp_line_no); + return -1; } else if (!(allow ^ drop)) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions%s': The " @@ -244,7 +250,6 @@ int parse_disabled_functions(char *line) { return -1; } } - df->allow = allow; if (df->function) { diff --git a/src/tests/broken_conf_invalid_filename.phpt b/src/tests/broken_conf_invalid_filename.phpt new file mode 100644 index 0000000..61b967b --- /dev/null +++ b/src/tests/broken_conf_invalid_filename.phpt @@ -0,0 +1,9 @@ +--TEST-- +Broken configuration filename without absolute path +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_invalid_filename.ini +--FILE-- +--EXPECTF-- +[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("sprintf").filename("wrong file name").drop();':'.filename' must be an absolute path on line 1. diff --git a/src/tests/config/broken_conf_invalid_filename.ini b/src/tests/config/broken_conf_invalid_filename.ini new file mode 100644 index 0000000..1be3b51 --- /dev/null +++ b/src/tests/config/broken_conf_invalid_filename.ini @@ -0,0 +1 @@ +sp.disable_function.function("sprintf").filename("wrong file name").drop(); diff --git a/src/tests/config/config_disabled_functions_param_allow.ini b/src/tests/config/config_disabled_functions_param_allow.ini index aa86f52..8e139e4 100644 --- a/src/tests/config/config_disabled_functions_param_allow.ini +++ b/src/tests/config/config_disabled_functions_param_allow.ini @@ -1,3 +1,3 @@ -sp.disable_function.function("system").param("command").value("echo win").filename("test.php").drop(); +sp.disable_function.function("system").param("command").value("echo win").filename("/test.php").drop(); sp.disable_function.function("system").param("command").value("echo win").allow(); sp.disable_function.function("system").drop(); diff --git a/src/tests/config/disabled_functions.ini b/src/tests/config/disabled_functions.ini index 18aab27..226a107 100644 --- a/src/tests/config/disabled_functions.ini +++ b/src/tests/config/disabled_functions.ini @@ -4,5 +4,5 @@ sp.disable_function.function("printf").disable().drop(); sp.disable_function.function("printf").simulation().drop(); sp.disable_function.function("print").disable().drop(); # this is a comment sp.disable_function.function_r("^var_dump$").drop(); -sp.disable_function.function("sprintf").filename("wrong file name").drop(); +sp.disable_function.function("sprintf").filename("/wrong file name").drop(); sp.disable_function.function("eval").drop(); -- cgit v1.3