From 3ab467100883adedab71a28e1699799e45ab0b2d Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 19 Jun 2019 11:04:17 +0200 Subject: fix snufflepagus_globals linking issues and one mac compatibility issue --- src/php_snuffleupagus.h | 1 + src/sp_config.c | 2 -- src/sp_config_keywords.c | 2 -- src/sp_config_utils.c | 2 +- src/sp_cookie_encryption.c | 2 -- src/sp_crypt.c | 2 -- src/sp_disable_xxe.c | 2 -- src/sp_disabled_functions.c | 2 -- src/sp_execute.c | 2 -- src/sp_harden_rand.c | 2 -- src/sp_network_utils.c | 4 +--- src/sp_session.c | 2 -- src/sp_sloppy.c | 2 -- src/sp_unserialize.c | 1 - src/sp_upload_validation.c | 2 -- src/sp_utils.c | 2 -- src/sp_wrapper.c | 2 -- src/tweetnacl.c | 2 -- 18 files changed, 3 insertions(+), 33 deletions(-) (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index c9313f8..43131fe 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -99,6 +99,7 @@ HashTable *sp_internal_functions_hook; HashTable *sp_eval_blacklist_functions_hook; ZEND_END_MODULE_GLOBALS(snuffleupagus) +ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus) #define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v) #if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS) diff --git a/src/sp_config.c b/src/sp_config.c index 915c8a1..25223f2 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -4,8 +4,6 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - size_t sp_line_no; sp_config_tokens const sp_func[] = { diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index a13aed2..abb3110 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - static int parse_enable(char *line, bool *restrict retval, bool *restrict simulation) { bool enable = false, disable = false; diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index 71c9071..35cc062 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -1,6 +1,6 @@ #include "php_snuffleupagus.h" -size_t sp_line_no; +// size_t sp_line_no; int parse_keywords(sp_config_functions *funcs, char *line) { int value_len = 0; diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 249de2d..92a056b 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) { const sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies; diff --git a/src/sp_crypt.c b/src/sp_crypt.c index da0e2fe..42c1510 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - void generate_key(unsigned char *key) { PHP_SHA256_CTX ctx; const char *user_agent = getenv("HTTP_USER_AGENT"); diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c index df00dbd..53148c8 100644 --- a/src/sp_disable_xxe.c +++ b/src/sp_disable_xxe.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - PHP_FUNCTION(sp_libxml_disable_entity_loader) { RETURN_TRUE; } int hook_libxml_disable_entity_loader() { diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 8177ce1..c088f20 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - static void should_disable(zend_execute_data* execute_data, const char* complete_function_path, const zend_string* builtin_param, diff --git a/src/sp_execute.c b/src/sp_execute.c index b4f2595..4eae874 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL; static void (*orig_zend_execute_internal)(zend_execute_data *execute_data, zval *return_value) = NULL; diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c index 7ab798e..43c2a5b 100644 --- a/src/sp_harden_rand.c +++ b/src/sp_harden_rand.c @@ -2,8 +2,6 @@ extern ZEND_API zend_class_entry *zend_ce_error; -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - /* This function is needed because `rand` and `mt_rand` parameters * are optional, while the ones from `random_int` aren't. */ static void random_int_wrapper(INTERNAL_FUNCTION_PARAMETERS) { diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c index c444c1e..1811d98 100644 --- a/src/sp_network_utils.c +++ b/src/sp_network_utils.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - static inline bool cidr4_match(const struct in_addr addr, const struct in_addr net, uint8_t bits); static inline bool cidr6_match(const struct in6_addr address, @@ -19,7 +17,7 @@ static inline bool cidr4_match(const struct in_addr addr, static inline bool cidr6_match(const struct in6_addr address, const struct in6_addr network, uint8_t bits) { -#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) +#if defined(__FreeBSD__) || defined(__NetBSD__) || defined(__OpenBSD__) || defined(__APPLE__) const uint32_t *a = address.__u6_addr.__u6_addr32; const uint32_t *n = network.__u6_addr.__u6_addr32; #else diff --git a/src/sp_session.c b/src/sp_session.c index 596eae9..1064fe6 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - #if (HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION)) #ifdef ZTS diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c index d3678db..5837783 100644 --- a/src/sp_sloppy.c +++ b/src/sp_sloppy.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - ZEND_API zend_op_array* (*orig_zend_compile_file)(zend_file_handle* file_handle, int type) = NULL; ZEND_API zend_op_array* (*orig_zend_compile_string)(zval* source_string, diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 5e21d6a..f265ce6 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -1,6 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) PHP_FUNCTION(sp_serialize) { zif_handler orig_handler; diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index fe16a46..ee19df9 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - int (*sp_rfc1867_orig_callback)(unsigned int event, void *event_data, void **extra); int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra); diff --git a/src/sp_utils.c b/src/sp_utils.c index 475d552..7641808 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) { // We can't use `zend_string_equals` here because it doesn't work on // `const` zend_string. diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c index 1618a4f..277f23a 100644 --- a/src/sp_wrapper.c +++ b/src/sp_wrapper.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - static bool wrapper_is_whitelisted(const zend_string *zs) { const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist; diff --git a/src/tweetnacl.c b/src/tweetnacl.c index ad5dae5..9f66546 100644 --- a/src/tweetnacl.c +++ b/src/tweetnacl.c @@ -3,8 +3,6 @@ we're using the one from PHP.*/ #include "php_snuffleupagus.h" #include "ext/standard/php_random.h" -ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) - void randombytes(unsigned char *x, unsigned long long xlen) { assert(SIZE_MAX >= ULLONG_MAX); // max(size_t) > max(ull) ? php_random_bytes(x, xlen, 1); -- cgit v1.3 From 157241fc85dc5933364a6ac5040ed680e11ada1a Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 20 Jun 2019 10:20:10 +0200 Subject: removed comment --- src/sp_config_utils.c | 2 -- 1 file changed, 2 deletions(-) (limited to 'src') diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index 35cc062..dbe6793 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -// size_t sp_line_no; - int parse_keywords(sp_config_functions *funcs, char *line) { int value_len = 0; const char *original_line = line; -- cgit v1.3 From 8776410692bf336a104fa19442f0fb761ecf0b5d Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 15 Jun 2020 11:27:30 +0200 Subject: clobal config.h + better debug log --- src/php_snuffleupagus.h | 4 ++++ src/snuffleupagus.c | 4 ---- src/sp_utils.h | 2 +- 3 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 43131fe..dae2154 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -7,6 +7,10 @@ #define PHP_SNUFFLEUPAGUS_URL "https://github.com/nbs-system/snuffleupagus" #define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2" +#ifdef HAVE_CONFIG_H +#include "config.h" +#endif + #include #include #include diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index ff2d2b6..d62069c 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -4,10 +4,6 @@ #include #endif -#ifdef HAVE_CONFIG_H -#include "config.h" -#endif - #include "php_snuffleupagus.h" #ifndef ZEND_EXT_API diff --git a/src/sp_utils.h b/src/sp_utils.h index 200e82c..9df196c 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -37,7 +37,7 @@ #define sp_log_err(feature, ...) sp_log_msg(feature, SP_LOG_ERROR, __VA_ARGS__) #define sp_log_warn(feature, ...) sp_log_msg(feature, SP_LOG_WARN, __VA_ARGS__) #ifdef SP_DEBUG -#define sp_log_debug(...) sp_log_msg("DEBUG", SP_LOG_DEBUG, __VA_ARGS__) +#define sp_log_debug(fmt, ...) sp_log_msg("DEBUG", SP_LOG_DEBUG, "%s(): " fmt, __FUNCTION__, ##__VA_ARGS__) #else #define sp_log_debug(...) #endif -- cgit v1.3 From d8bf25aa20e93d366133b4550ac8304d06186ad3 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 15 Jun 2020 11:33:48 +0200 Subject: stricter config checks --- src/sp_config_keywords.c | 64 +++++++++++++++--------------------------------- 1 file changed, 20 insertions(+), 44 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index abb3110..5f6cc7b 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -356,65 +356,41 @@ int parse_disabled_functions(char *line) { "Invalid configuration line: 'sp.disabled_functions%s': " \ "'.%s' and '.%s' are mutually exclusive on line %zu", \ line, STR1, STR2, sp_line_no); \ - return 1; \ + return -1; \ } - MUTUALLY_EXCLUSIVE(df->value, df->r_value, "value", "regexp"); - MUTUALLY_EXCLUSIVE(df->r_function, df->function, "r_function", "function"); - MUTUALLY_EXCLUSIVE(df->filename, df->r_filename, "r_filename", "filename"); - MUTUALLY_EXCLUSIVE(df->ret, df->r_ret, "r_ret", "ret"); - MUTUALLY_EXCLUSIVE(df->key, df->r_key, "r_key", "key"); + MUTUALLY_EXCLUSIVE(df->value, df->r_value, "value", "value_r"); + MUTUALLY_EXCLUSIVE(df->r_function, df->function, "function", "function_r"); + MUTUALLY_EXCLUSIVE(df->filename, df->r_filename, "filename", "filename_r"); + MUTUALLY_EXCLUSIVE(df->ret, df->r_ret, "ret", "ret_r"); + MUTUALLY_EXCLUSIVE(df->key, df->r_key, "key", "key_r"); + MUTUALLY_EXCLUSIVE(pos, param, "pos", "param"); + MUTUALLY_EXCLUSIVE(pos, df->r_param, "pos", "param_r"); + MUTUALLY_EXCLUSIVE(param, df->r_param, "param", "param_r"); + MUTUALLY_EXCLUSIVE((df->r_key || df->key), (df->r_value || df->value), "key", "value"); + MUTUALLY_EXCLUSIVE((df->r_ret || df->ret || df->ret_type), (df->r_param || param), "ret", "param"); + MUTUALLY_EXCLUSIVE((df->r_ret || df->ret || df->ret_type), (var), "ret", "var"); + MUTUALLY_EXCLUSIVE((df->r_ret || df->ret || df->ret_type), (df->value || df->r_value), "ret", "value"); + #undef MUTUALLY_EXCLUSIVE - if (1 < - ((df->r_param ? 1 : 0) + (param ? 1 : 0) + ((-1 != df->pos) ? 1 : 0))) { - sp_log_err( - "config", - "Invalid configuration line: 'sp.disabled_functions%s':" - "'.r_param', '.param' and '.pos' are mutually exclusive on line %zu", - line, sp_line_no); - return -1; - } else if ((df->r_key || df->key) && (df->r_value || df->value)) { - sp_log_err("config", - "Invalid configuration line: 'sp.disabled_functions%s':" - "`key` and `value` are mutually exclusive on line %zu", - line, sp_line_no); - return -1; - } else if ((df->r_ret || df->ret || df->ret_type) && (df->r_param || param)) { - sp_log_err("config", - "Invalid configuration line: 'sp.disabled_functions%s':" - "`ret` and `param` are mutually exclusive on line %zu", - line, sp_line_no); - return -1; - } else if ((df->r_ret || df->ret || df->ret_type) && (var)) { - sp_log_err("config", - "Invalid configuration line: 'sp.disabled_functions%s':" - "`ret` and `var` are mutually exclusive on line %zu", - line, sp_line_no); - return -1; - } else if ((df->r_ret || df->ret || df->ret_type) && - (df->value || df->r_value)) { - sp_log_err("config", - "Invalid configuration line: 'sp.disabled_functions%s':" - "`ret` and `value` are mutually exclusive on line %zu", - line, sp_line_no); - return -1; - } else if (!(df->r_function || df->function)) { + if (!(df->r_function || df->function)) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions%s':" " must take a function name on line %zu", line, sp_line_no); return -1; - } else if (df->filename && (*ZSTR_VAL(df->filename) != '/') && - (0 != - strncmp(ZSTR_VAL(df->filename), "phar://", strlen("phar://")))) { + } + if (df->filename && (*ZSTR_VAL(df->filename) != '/') && + (0 != strncmp(ZSTR_VAL(df->filename), "phar://", strlen("phar://")))) { sp_log_err( "config", "Invalid configuration line: 'sp.disabled_functions%s':" "'.filename' must be an absolute path or a phar archive on line %zu", line, sp_line_no); return -1; - } else if (!(allow ^ drop)) { + } + if (!(allow ^ drop)) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions%s': The " "rule must either be a `drop` or `allow` one on line %zu", -- cgit v1.3 From f742d9f88bf788e38bbe832f1b75e39784f024bc Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 15 Jun 2020 11:50:13 +0200 Subject: fixed trigger logic to parameter matching --- src/sp_disabled_functions.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index c088f20..5daf068 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -102,8 +102,8 @@ static bool is_local_var_matching( static bool is_param_matching(zend_execute_data* execute_data, sp_disabled_function const* const config_node, const zend_string* builtin_param, - const char** arg_name, const char* builtin_param_name, + const char** arg_name, const zend_string** arg_value_str) { int nb_param = ZEND_CALL_NUM_ARGS(execute_data); int i = 0; @@ -313,11 +313,13 @@ static void should_disable(zend_execute_data* execute_data, goto next; } } + if (config_node->line) { if (config_node->line != zend_get_executed_lineno()) { goto next; } } + if (config_node->filename || config_node->r_filename) { zend_execute_data* ex = is_file_matching(execute_data, config_node, current_filename); @@ -332,6 +334,7 @@ static void should_disable(zend_execute_data* execute_data, goto next; } } + if (config_node->var) { if (false == is_local_var_matching(execute_data, config_node)) { goto next; @@ -350,7 +353,8 @@ static void should_disable(zend_execute_data* execute_data, /* Check if we filter on parameter value*/ if (config_node->param || config_node->r_param || - (config_node->pos != -1)) { + (config_node->pos != -1) || + ((config_node->r_value || config_node->value) && !config_node->var)) { if (!builtin_param && execute_data->func->op_array.arg_info->is_variadic) { sp_log_warn( @@ -359,24 +363,12 @@ static void should_disable(zend_execute_data* execute_data, "Check https://github.com/nbs-system/snuffleupagus/issues/164 for " "details."); } else if (false == is_param_matching( - execute_data, config_node, builtin_param, - &arg_name, builtin_param_name, &arg_value_str)) { + execute_data, config_node, builtin_param, builtin_param_name, + &arg_name, &arg_value_str)) { goto next; } } - if (config_node->r_value || config_node->value) { - if (check_is_builtin_name(config_node) && !config_node->var && - !config_node->key && !config_node->r_key && !config_node->param && - !config_node->r_param) { - if (false == is_param_matching(execute_data, config_node, builtin_param, - &arg_name, builtin_param_name, - &arg_value_str)) { - goto next; - } - } - } - /* Everything matched.*/ if (true == config_node->allow) { return; -- cgit v1.3 From 4d8a19aa0fe8a43996fcd482fa262ca14e6ac425 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 16 Feb 2021 11:33:13 +0100 Subject: fix debug log --- src/sp_utils.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_utils.h b/src/sp_utils.h index d2b88fb..7c287da 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -52,7 +52,7 @@ #define sp_log_warn(feature, ...) \ sp_log_msgf(feature, SP_LOG_WARN, SP_TYPE_LOG, __VA_ARGS__) #ifdef SP_DEBUG -#define sp_log_debug(...) \ +#define sp_log_debug(fmt, ...) \ sp_log_msgf("DEBUG", SP_LOG_DEBUG, SP_TYPE_LOG, "%s(): " fmt, __FUNCTION__, ##__VA_ARGS__) #else #define sp_log_debug(...) -- cgit v1.3 From ae863454f6c757653e20260f54615944fc9a3319 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 16 Feb 2021 11:33:27 +0100 Subject: fix broken tests --- src/tests/broken_configuration_php8/broken_conf_key_value.phpt | 2 +- src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive11.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive12.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive2.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive3.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive4.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive5.phpt | 2 +- .../broken_configuration_php8/broken_conf_mutually_exclusive6.phpt | 2 +- 9 files changed, 9 insertions(+), 9 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt index 1b51bd7..ceb9add 100644 --- a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_key_value.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();':`key` and `value` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt index 800cffa..e362893 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.r_value' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt index 6bdb959..39766e1 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt index 1855fca..ebca290 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt index 286ea04..52b36e0 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.r_function' and '.function' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt index b377179..cf65e7d 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.r_filename' and '.filename' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt index 5f22a47..41dc60e 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();':'.r_param', '.param' and '.pos' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt index 55d0eda..9cab6cd 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.r_ret' and '.ret' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt index 7dc6985..406f818 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();':`ret` and `param` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. -- cgit v1.3 From 01528718850c8528ef6d2ed5296e244d4aa7b675 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 18 Feb 2021 15:49:39 +0100 Subject: log forging protection --- src/sp_utils.c | 15 +++++++++++++++ .../config/disabled_function_log_forging.ini | 1 + .../disable_function/disabled_function_log_forging.phpt | 14 ++++++++++++++ 3 files changed, 30 insertions(+) create mode 100644 src/tests/disable_function/config/disabled_function_log_forging.ini create mode 100644 src/tests/disable_function/disabled_function_log_forging.phpt (limited to 'src') diff --git a/src/sp_utils.c b/src/sp_utils.c index a7a3d27..73c0546 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -229,6 +229,19 @@ static char* zend_string_to_char(const zend_string* zs) { return copy; } +static void sp_sanitize_charstring(char* c, size_t maxlen) +{ + for (size_t i = 0; *c; c++, i++) { + if (maxlen && i > maxlen - 1) { + *c = 0; + return; + } + if (*c < 32 || *c > 126) { + *c = '*'; + } + } +} + const zend_string* sp_zval_to_zend_string(const zval* zv) { switch (Z_TYPE_P(zv)) { case IS_LONG: { @@ -295,6 +308,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, char* char_repr = NULL; if (arg_value) { char_repr = zend_string_to_char(arg_value); + sp_sanitize_charstring(char_repr, 255); } if (alias) { sp_log_auto( @@ -336,6 +350,7 @@ void sp_log_disable_ret(const char* restrict path, } if (ret_value) { char_repr = zend_string_to_char(ret_value); + sp_sanitize_charstring(char_repr, 255); } if (alias) { sp_log_auto( diff --git a/src/tests/disable_function/config/disabled_function_log_forging.ini b/src/tests/disable_function/config/disabled_function_log_forging.ini new file mode 100644 index 0000000..05e9b4b --- /dev/null +++ b/src/tests/disable_function/config/disabled_function_log_forging.ini @@ -0,0 +1 @@ +sp.disable_function.function("foo_log_forging").pos("0").value_r("^x").drop() diff --git a/src/tests/disable_function/disabled_function_log_forging.phpt b/src/tests/disable_function/disabled_function_log_forging.phpt new file mode 100644 index 0000000..fcc37dc --- /dev/null +++ b/src/tests/disable_function/disabled_function_log_forging.phpt @@ -0,0 +1,14 @@ +--TEST-- +Disable functions log forging test +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_log_forging.ini +--FILE-- +alert('0wned!');"); +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'foo_log_forging', because its argument 'name' %s on line %d \ No newline at end of file -- cgit v1.3 From fb9b3787246dff3e9b76e75f698ff7131ea5403d Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 18 Feb 2021 15:59:41 +0100 Subject: rewrote parameter matching logic. breaks compatibility with previous versions. --- src/sp_disabled_functions.c | 157 +++++++++++---------- .../config/disabled_function_excess_args.ini | 1 + .../config/disabled_function_named_args.ini | 12 ++ .../config/disabled_functions_pos.ini | 2 +- .../disabled_function_excess_args.phpt | 14 ++ ...disabled_function_named_args_ooo_opt_param.phpt | 14 ++ .../disabled_function_named_args_ooo_opt_pos.phpt | 14 ++ .../disabled_function_named_args_ooo_param.phpt | 14 ++ .../disabled_function_named_args_ooo_pos.phpt | 14 ++ .../disabled_function_named_args_param.phpt | 14 ++ .../disabled_function_named_args_pos.phpt | 14 ++ .../disabled_function_named_args_skip_param.phpt | 14 ++ .../disabled_function_named_args_skip_pos.phpt | 14 ++ .../disabled_functions_name_type.phpt | 2 +- .../disabled_functions_param_pos.phpt | 2 - .../disabled_functions_pos_type.phpt | 4 - 16 files changed, 220 insertions(+), 86 deletions(-) create mode 100644 src/tests/disable_function/config/disabled_function_excess_args.ini create mode 100644 src/tests/disable_function/config/disabled_function_named_args.ini create mode 100644 src/tests/disable_function/disabled_function_excess_args.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_ooo_opt_param.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_ooo_opt_pos.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_ooo_param.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_ooo_pos.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_param.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_pos.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_skip_param.phpt create mode 100644 src/tests/disable_function/disabled_function_named_args_skip_pos.phpt (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index c47b5cb..84d8acf 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -33,6 +33,8 @@ char* get_complete_function_path(zend_execute_data const* const execute_data) { } else { complete_path_function = estrdup(function_name); } + sp_log_debug("%s", complete_path_function); + return complete_path_function; } @@ -98,107 +100,105 @@ static bool is_local_var_matching( return false; } +static inline const char* get_fn_arg_name(zend_function *fn, uint32_t i) { + if (fn->type == ZEND_USER_FUNCTION || (fn->common.fn_flags & ZEND_ACC_USER_ARG_INFO)) { + return ZSTR_VAL(fn->op_array.arg_info[i].name); + } else { + return fn->internal_function.arg_info[i].name; + } +} + static bool is_param_matching(zend_execute_data* execute_data, sp_disabled_function const* const config_node, const zend_string* builtin_param, const char* builtin_param_name, const char** arg_name, const zend_string** arg_value_str) { - int nb_param = ZEND_CALL_NUM_ARGS(execute_data); - int i = 0; - zval* arg_value; - - if (config_node->pos != -1) { - if (config_node->pos > nb_param - 1) { - char* complete_function_path = get_complete_function_path(execute_data); - sp_log_warn("config", - "It seems that you wrote a rule filtering on the " - "%d%s argument of the function '%s', but it takes only %d " - "arguments. " - "Matching on _all_ arguments instead.", - config_node->pos, GET_SUFFIX(config_node->pos), - complete_function_path, nb_param); - efree(complete_function_path); - } else { - i = config_node->pos; - nb_param = (config_node->pos) + 1; - } - } - + // builtin functions if (builtin_param) { /* We're matching on a language construct (here named "builtin"), - * and they can only take a single argument, but PHP considers them - * differently than functions arguments. */ + * and they can only take a single argument, but PHP considers them + * differently than functions arguments. */ *arg_name = builtin_param_name; *arg_value_str = builtin_param; return sp_match_value(builtin_param, config_node->value, config_node->r_value); - } else if (config_node->r_param || config_node->pos != -1) { - // We're matching on a function (and not a language construct) - for (; i < nb_param; i++) { - if (ZEND_USER_CODE(execute_data->func->type)) { // yay consistency - *arg_name = ZSTR_VAL(execute_data->func->common.arg_info[i].name); - } else { - *arg_name = execute_data->func->internal_function.arg_info[i].name; - } - const bool pcre_matching = - config_node->r_param && - (true == sp_is_regexp_matching(config_node->r_param, *arg_name)); + } - /* This is the parameter name we're looking for. */ - if (true == pcre_matching || config_node->pos != -1) { - arg_value = ZEND_CALL_ARG(execute_data, i + 1); + // safeguards + if (!execute_data || !execute_data->func) { + sp_log_debug("no execute data -> silently ignore parameter matching"); + return false; + } - if (config_node->param_type) { // Are we matching on the `type`? - if (config_node->param_type == Z_TYPE_P(arg_value)) { - return true; - } - } else if (Z_TYPE_P(arg_value) == IS_ARRAY) { - *arg_value_str = sp_zval_to_zend_string(arg_value); - if (config_node->key || config_node->r_key) { - if (sp_match_array_key(arg_value, config_node->key, - config_node->r_key)) { - return true; - } - } else if (sp_match_array_value(arg_value, config_node->value, - config_node->r_value)) { - return true; - } - } else { - *arg_value_str = sp_zval_to_zend_string(arg_value); - if (sp_match_value(*arg_value_str, config_node->value, - config_node->r_value)) { - return true; - } - } - } + *arg_name = NULL; + int call_num_args = EX_NUM_ARGS(); + zend_function *fn = execute_data->func; + int fn_num_args = fn->common.num_args; + + if (!call_num_args) { + sp_log_debug("no call arguments -> return"); + return false; // no arguments to check + } + + if (config_node->pos > call_num_args - 1 || config_node->pos > fn_num_args) { + // trying to match argument beyond last given argument OR beyond last declared argument. + // this is perfectly normal for functions with + // (a) optional arguments + // (b) excess arguments + // (c) variadic arguments which are not supported + return false; + } + + zval* arg_value = NULL; + + if (config_node->pos > -1) { + if (config_node->pos < fn_num_args) { + *arg_name = get_fn_arg_name(fn, config_node->pos); } + arg_value = ZEND_CALL_ARG(execute_data, config_node->pos + 1); } else if (config_node->param) { *arg_name = config_node->param->value; arg_value = sp_get_var_value(execute_data, config_node->param, true); + } else if (config_node->r_param) { + for (int i = 0; i < call_num_args; i++) { + *arg_name = get_fn_arg_name(fn, i); + if (true == sp_is_regexp_matching(config_node->r_param, *arg_name)) { + arg_value = ZEND_CALL_ARG(execute_data, i + 1); + } + } + } + + if (!arg_value) { + sp_log_debug("no argument match -> return"); + return false; + } - if (arg_value) { - *arg_value_str = sp_zval_to_zend_string(arg_value); - if (config_node->param_type) { // Are we matching on the `type`? - if (config_node->param_type == Z_TYPE_P(arg_value)) { - return true; - } - } else if (Z_TYPE_P(arg_value) == IS_ARRAY) { - if (config_node->key || config_node->r_key) { - if (sp_match_array_key(arg_value, config_node->key, - config_node->r_key)) { - return true; - } - } else if (sp_match_array_value(arg_value, config_node->value, - config_node->r_value)) { - return true; - } - } else if (sp_match_value(*arg_value_str, config_node->value, - config_node->r_value)) { + if (config_node->param_type) { + if (config_node->param_type == Z_TYPE_P(arg_value)) { + if (!(config_node->key || config_node->r_key || config_node->value || config_node->r_value)) { // Are we matching on the `type` only? + sp_log_debug("arg type match only."); return true; } + } else { + sp_log_debug("arg type mismatch -> return"); + return false; } } + + *arg_value_str = sp_zval_to_zend_string(arg_value); + if (Z_TYPE_P(arg_value) == IS_ARRAY) { + if (config_node->key || config_node->r_key) { + if (sp_match_array_key(arg_value, config_node->key, config_node->r_key)) { + return true; + } + } else if (sp_match_array_value(arg_value, config_node->value, config_node->r_value)) { + return true; + } + } else if (sp_match_value(*arg_value_str, config_node->value, config_node->r_value)) { + return true; + } + return false; } @@ -287,6 +287,7 @@ static void should_disable(zend_execute_data* execute_data, const sp_list_node* config, const zend_string* current_filename) { char current_file_hash[SHA256_SIZE * 2 + 1] = {0}; + // sp_log_debug("%s %s %s", complete_function_path, builtin_param, builtin_param_name); while (config) { sp_disabled_function const* const config_node = diff --git a/src/tests/disable_function/config/disabled_function_excess_args.ini b/src/tests/disable_function/config/disabled_function_excess_args.ini new file mode 100644 index 0000000..289dc33 --- /dev/null +++ b/src/tests/disable_function/config/disabled_function_excess_args.ini @@ -0,0 +1 @@ +sp.disable_function.function("foo_excess_args").pos("3").value("blubb").drop() diff --git a/src/tests/disable_function/config/disabled_function_named_args.ini b/src/tests/disable_function/config/disabled_function_named_args.ini new file mode 100644 index 0000000..094bc0d --- /dev/null +++ b/src/tests/disable_function/config/disabled_function_named_args.ini @@ -0,0 +1,12 @@ +sp.disable_function.function("foo_named_args_pos").pos("0").value("bob").drop() +sp.disable_function.function("foo_named_args_param").param("name").value("bob").drop() + +sp.disable_function.function("foo_named_args_ooo_pos").pos("0").value("bob").drop() +sp.disable_function.function("foo_named_args_ooo_param").param("name").value("bob").drop() + +sp.disable_function.function("foo_named_args_ooo_opt_pos").pos("2").value("green").drop() +sp.disable_function.function("foo_named_args_ooo_opt_param").param("color").value("green").drop() + +sp.disable_function.function("foo_named_args_skip_pos").pos("2").value("green").drop() +sp.disable_function.function("foo_named_args_skip_param").param("color").value("green").drop() + diff --git a/src/tests/disable_function/config/disabled_functions_pos.ini b/src/tests/disable_function/config/disabled_functions_pos.ini index f4c1e05..8b12fc6 100644 --- a/src/tests/disable_function/config/disabled_functions_pos.ini +++ b/src/tests/disable_function/config/disabled_functions_pos.ini @@ -1,4 +1,4 @@ sp.disable_function.function("system").pos("1337").value("id").drop(); sp.disable_function.function("system").pos("0").value("id").drop(); -sp.disable_function.function("system").pos("1").param_type("ARRAY").alias("1").drop(); +sp.disable_function.function("system").pos("0").param_type("ARRAY").alias("1").drop(); sp.disable_function.function("strtoupper").pos("0").value("id").alias("strlen array").drop(); diff --git a/src/tests/disable_function/disabled_function_excess_args.phpt b/src/tests/disable_function/disabled_function_excess_args.phpt new file mode 100644 index 0000000..31b3f33 --- /dev/null +++ b/src/tests/disable_function/disabled_function_excess_args.phpt @@ -0,0 +1,14 @@ +--TEST-- +Disable functions with excess arguments +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_excess_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_named_args.ini +--FILE-- + --EXPECTF-- -Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you wrote a rule filtering on the 1337th argument of the function 'system', but it takes only 1 arguments. Matching on _all_ arguments instead. in %a/disabled_functions_param_pos.php on line 2 - Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'system', because its argument 'command' content (id) matched a rule in %a/disabled_functions_param_pos.php on line %d diff --git a/src/tests/disable_function/disabled_functions_pos_type.phpt b/src/tests/disable_function/disabled_functions_pos_type.phpt index ba134ad..29944c0 100644 --- a/src/tests/disable_function/disabled_functions_pos_type.phpt +++ b/src/tests/disable_function/disabled_functions_pos_type.phpt @@ -9,8 +9,4 @@ sp.configuration_file={PWD}/config/disabled_functions_pos.ini system([123, 456]); ?> --EXPECTF-- -Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you wrote a rule filtering on the 1337th argument of the function 'system', but it takes only 1 arguments. Matching on _all_ arguments instead. in %a/disabled_functions_pos_type.php on line %d - -Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you wrote a rule filtering on the 1st argument of the function 'system', but it takes only 1 arguments. Matching on _all_ arguments instead. in %a/disabled_functions_pos_type.php on line %d - Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'system', because its argument 'command' content (?) matched the rule '1' in %a/disabled_functions_pos_type.php on line %d -- cgit v1.3 From 6c132e6a1d8d339a20282afb5a4af52eb6bce9db Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 18 Feb 2021 21:32:26 +0100 Subject: fix broken tests --- src/tests/broken_configuration/broken_conf_key_value.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt | 4 ++-- 9 files changed, 18 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf_key_value.phpt b/src/tests/broken_configuration/broken_conf_key_value.phpt index ec87d93..221129e 100644 --- a/src/tests/broken_configuration/broken_conf_key_value.phpt +++ b/src/tests/broken_configuration/broken_conf_key_value.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_key_value.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();':`key` and `value` are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();':`key` and `value` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt index a8036d2..f781bbd 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.r_value' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.r_value' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt index 62ae64e..49efee2 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt @@ -7,9 +7,9 @@ Broken configuration - ret and var are mutually exclusives sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt index 28b0564..867923a 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt @@ -7,9 +7,9 @@ Broken configuration - ret and value are mutually exclusive sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt index cc3a951..b4b57a4 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.r_function' and '.function' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.r_function' and '.function' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt index ab50266..6100a39 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.r_filename' and '.filename' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.r_filename' and '.filename' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt index b848d1a..388b742 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();':'.r_param', '.param' and '.pos' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();':'.r_param', '.param' and '.pos' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt index c668643..2816d13 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.r_ret' and '.ret' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.r_ret' and '.ret' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt index 94ed765..28bcabb 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();':`ret` and `param` are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();':`ret` and `param` are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. -- cgit v1.3 From ae4ac9f69de3120004557824e0d766fe8140b27d Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 2 Aug 2021 19:19:23 +0200 Subject: properly free memory on shutdown --- src/snuffleupagus.c | 77 ++++++++++++++++++++++++++++------------------------- src/sp_config.c | 74 ++++++++++++++++++++++++++++++-------------------- src/sp_config.h | 10 ++++--- src/sp_list.c | 16 ++++++++++- src/sp_list.h | 3 ++- src/sp_var_parser.c | 2 +- 6 files changed, 110 insertions(+), 72 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 7bf3649..d8a86b5 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -69,7 +69,7 @@ ZEND_DLEXPORT zend_extension zend_extension_entry = { NULL, /* op_array_dtor_func_t */ STANDARD_ZEND_EXTENSION_PROPERTIES}; -PHP_GINIT_FUNCTION(snuffleupagus) { +static PHP_GINIT_FUNCTION(snuffleupagus) { snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; snuffleupagus_globals->in_eval = 0; @@ -88,21 +88,21 @@ PHP_GINIT_FUNCTION(snuffleupagus) { #define SP_INIT(F) \ snuffleupagus_globals->config.F = \ pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1); - SP_INIT(config_unserialize); SP_INIT(config_random); SP_INIT(config_sloppy); + SP_INIT(config_unserialize); SP_INIT(config_readonly_exec); - SP_INIT(config_global_strict); - SP_INIT(config_auto_cookie_secure); - SP_INIT(config_snuffleupagus); - SP_INIT(config_disable_xxe); SP_INIT(config_upload_validation); - SP_INIT(config_disabled_functions_reg); - SP_INIT(config_disabled_functions_reg_ret); SP_INIT(config_cookie); - SP_INIT(config_session); + SP_INIT(config_snuffleupagus); + SP_INIT(config_auto_cookie_secure); + SP_INIT(config_global_strict); + SP_INIT(config_disable_xxe); SP_INIT(config_eval); SP_INIT(config_wrapper); + SP_INIT(config_session); + SP_INIT(config_disabled_functions_reg); + SP_INIT(config_disabled_functions_reg_ret); #undef SP_INIT #define SP_INIT_NULL(F) snuffleupagus_globals->config.F = NULL; @@ -121,21 +121,27 @@ PHP_MINIT_FUNCTION(snuffleupagus) { return SUCCESS; } -static void free_disabled_functions_hashtable(HashTable *const ht) { +PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { + UNREGISTER_INI_ENTRIES(); + + return SUCCESS; +} + +static inline void free_disabled_functions_hashtable(HashTable *const ht) { void *ptr = NULL; - ZEND_HASH_FOREACH_PTR(ht, ptr) { sp_list_free(ptr); } + ZEND_HASH_FOREACH_PTR(ht, ptr) { sp_list_free(ptr, sp_free_disabled_function); } ZEND_HASH_FOREACH_END(); } -PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { +static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { #define FREE_HT(F) \ - zend_hash_destroy(SNUFFLEUPAGUS_G(F)); \ - pefree(SNUFFLEUPAGUS_G(F), 1); + zend_hash_destroy(snuffleupagus_globals->F); \ + pefree(snuffleupagus_globals->F, 1); FREE_HT(disabled_functions_hook); FREE_HT(sp_eval_blacklist_functions_hook); #define FREE_HT_LIST(F) \ - free_disabled_functions_hashtable(SNUFFLEUPAGUS_G(config).F); \ + free_disabled_functions_hashtable(snuffleupagus_globals->config.F); \ FREE_HT(config.F); FREE_HT_LIST(config_disabled_functions); FREE_HT_LIST(config_disabled_functions_hooked); @@ -145,44 +151,43 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { #undef FREE_HT #define FREE_LST_DISABLE(L) \ - do { \ - sp_list_node *_n = SNUFFLEUPAGUS_G(config).L; \ - sp_disabled_function_list_free(_n); \ - sp_list_free(_n); \ - } while (0) + sp_list_free(snuffleupagus_globals->config.L, sp_free_disabled_function); FREE_LST_DISABLE(config_disabled_functions_reg->disabled_functions); FREE_LST_DISABLE(config_disabled_functions_reg_ret->disabled_functions); #undef FREE_LST_DISABLE - sp_list_node *_n = SNUFFLEUPAGUS_G(config).config_cookie->cookies; - sp_cookie_list_free(_n); - sp_list_free(_n); + sp_list_free(snuffleupagus_globals->config.config_cookie->cookies, sp_free_cookie); -#define FREE_LST(L) sp_list_free(SNUFFLEUPAGUS_G(config).L); +#define FREE_LST(L) sp_list_free(snuffleupagus_globals->config.L, sp_free_zstr); FREE_LST(config_eval->blacklist); FREE_LST(config_eval->whitelist); FREE_LST(config_wrapper->whitelist); #undef FREE_LST -#define FREE_CFG(C) pefree(SNUFFLEUPAGUS_G(config).C, 1); - FREE_CFG(config_unserialize); +#define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1); +#define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->config.C); FREE_CFG(config_random); + FREE_CFG(config_sloppy); + FREE_CFG_ZSTR(config_unserialize->dump); + FREE_CFG_ZSTR(config_unserialize->textual_representation); + FREE_CFG(config_unserialize); FREE_CFG(config_readonly_exec); - FREE_CFG(config_global_strict); - FREE_CFG(config_auto_cookie_secure); + FREE_CFG_ZSTR(config_upload_validation->script); + FREE_CFG(config_upload_validation); + FREE_CFG(config_cookie); FREE_CFG(config_snuffleupagus); + FREE_CFG(config_auto_cookie_secure); + FREE_CFG(config_global_strict); FREE_CFG(config_disable_xxe); - FREE_CFG(config_upload_validation); + FREE_CFG_ZSTR(config_eval->dump); + FREE_CFG_ZSTR(config_eval->textual_representation); + FREE_CFG(config_eval); + FREE_CFG(config_wrapper); FREE_CFG(config_session); FREE_CFG(config_disabled_functions_reg); FREE_CFG(config_disabled_functions_reg_ret); - FREE_CFG(config_cookie); - FREE_CFG(config_wrapper); #undef FREE_CFG - - UNREGISTER_INI_ENTRIES(); - - return SUCCESS; +#undef FREE_CFG_ZSTR } PHP_RINIT_FUNCTION(snuffleupagus) { @@ -358,7 +363,7 @@ zend_module_entry snuffleupagus_module_entry = { PHP_SNUFFLEUPAGUS_VERSION, PHP_MODULE_GLOBALS(snuffleupagus), PHP_GINIT(snuffleupagus), - NULL, + PHP_GSHUTDOWN(snuffleupagus), NULL, STANDARD_MODULE_PROPERTIES_EX}; diff --git a/src/sp_config.c b/src/sp_config.c index c12b435..72781c6 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -216,36 +216,52 @@ int sp_parse_config(const char *conf_file) { return SUCCESS; } -void sp_disabled_function_list_free(sp_list_node *list) { - sp_list_node *cursor = list; - while (cursor) { - sp_disabled_function *df = cursor->data; - if (df) { - sp_list_free(df->functions_list); - sp_list_free(df->param_array_keys); - sp_list_free(df->var_array_keys); - - sp_pcre_free(df->r_filename); - sp_pcre_free(df->r_function); - sp_pcre_free(df->r_param); - sp_pcre_free(df->r_ret); - sp_pcre_free(df->r_value); - sp_pcre_free(df->r_key); - - sp_tree_free(df->param); - sp_tree_free(df->var); - } - cursor = cursor->next; - } +void sp_free_disabled_function(void *data) { + sp_disabled_function *df = data; + + sp_free_zstr(df->textual_representation); + + sp_free_zstr(df->filename); + sp_pcre_free(df->r_filename); + + sp_free_zstr(df->function); + sp_pcre_free(df->r_function); + sp_list_free(df->functions_list, free); + + sp_free_zstr(df->hash); + + sp_tree_free(df->param); + sp_pcre_free(df->r_param); + + sp_pcre_free(df->r_ret); + sp_free_zstr(df->ret); + + sp_pcre_free(df->r_value); + sp_free_zstr(df->value); + + sp_pcre_free(df->r_key); + sp_free_zstr(df->key); + + sp_free_zstr(df->dump); + sp_free_zstr(df->alias); + + // sp_list_free(df->param_array_keys); + // sp_list_free(df->var_array_keys); + + sp_tree_free(df->var); + + pefree(df->cidr, 1); } -void sp_cookie_list_free(sp_list_node *list) { - sp_list_node *cursor = list; - while (cursor) { - sp_cookie *c = cursor->data; - if (c) { - sp_pcre_free(c->name_r); - } - cursor = cursor->next; +void sp_free_cookie(void *data) { + sp_cookie *c = data; + if (c->name) + zend_string_release_ex(c->name, 1); + sp_pcre_free(c->name_r); +} + +void sp_free_zstr(void *data) { + if (data) { + zend_string_release_ex((zend_string*)data, 1); } } diff --git a/src/sp_config.h b/src/sp_config.h index e7b1473..f3b64a6 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -130,8 +130,8 @@ typedef struct { zend_string *alias; bool param_is_array; bool var_is_array; - sp_list_node *param_array_keys; - sp_list_node *var_array_keys; + // sp_list_node *param_array_keys; + // sp_list_node *var_array_keys; bool allow; @@ -281,7 +281,9 @@ int parse_php_type(char *restrict, char *restrict, void *); int parse_list(char *restrict, char *restrict, void *); // cleanup -void sp_disabled_function_list_free(sp_list_node *); -void sp_cookie_list_free(sp_list_node *); +void sp_free_disabled_function(void *data); +void sp_free_cookie(void *data); +void sp_free_zstr(void *data); + #endif /* SP_CONFIG_H */ diff --git a/src/sp_list.c b/src/sp_list.c index 0f00371..92e628d 100644 --- a/src/sp_list.c +++ b/src/sp_list.c @@ -1,8 +1,22 @@ #include "php_snuffleupagus.h" -void sp_list_free(sp_list_node *node) { +void sp_list_free(sp_list_node *node, void (*free_data_func)(void *data)) { while (node) { sp_list_node *tmp = node->next; + if (free_data_func && node->data) { + free_data_func(node->data); + } + pefree(node, 1); + node = tmp; + } +} + +void sp_list_free2(sp_list_node *node) { + while (node) { + sp_list_node *tmp = node->next; + if (node->data) { + pefree(node->data, 1); + } pefree(node, 1); node = tmp; } diff --git a/src/sp_list.h b/src/sp_list.h index 2c91995..7ceee50 100644 --- a/src/sp_list.h +++ b/src/sp_list.h @@ -11,6 +11,7 @@ sp_list_node *sp_list_sort(sp_list_node *, int (*)(sp_list_node const *const, sp_list_node const *const)); sp_list_node *sp_list_insert(sp_list_node *, void *); sp_list_node *sp_list_prepend(sp_list_node *, void *); -void sp_list_free(sp_list_node *); +void sp_list_free(sp_list_node *, void (*free_data_func)(void *data)); +void sp_list_free2(sp_list_node *node); #endif diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c index bb5a5c0..eb57f70 100644 --- a/src/sp_var_parser.c +++ b/src/sp_var_parser.c @@ -249,7 +249,7 @@ sp_tree *sp_parse_var(const char *line) { } tokens_list = sp_list_sort(tokens_list, cmp_tokens); tree = parse_tokens(line, tokens_list); - sp_list_free(tokens_list); + sp_list_free2(tokens_list); // Check if tree is empty. if (tree && tree->next == NULL && tree->type == UNDEFINED) { tree->type = CONSTANT; -- cgit v1.3 From ab1b733ae6ea7bf023dd7404b86e8f92a8c42687 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:28:39 +0200 Subject: removed unused variable --- src/sp_network_utils.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c index dc92969..31e8426 100644 --- a/src/sp_network_utils.c +++ b/src/sp_network_utils.c @@ -82,7 +82,6 @@ bool cidr_match(const char *ip, const sp_cidr *cidr) { } int get_ip_and_cidr(char *ip, sp_cidr *cidr) { - errno = 0; char *mask = strchr(ip, '/'); if (NULL == mask) { -- cgit v1.3 From 9a26fff9a4ca132dd61184cc244d52695e347770 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:29:10 +0200 Subject: fixed null pointer dereference --- src/sp_session.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_session.c b/src/sp_session.c index 1064fe6..b2f4a43 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -117,7 +117,7 @@ static int sp_hook_session_RINIT(INIT_FUNC_ARGS) { zend_ini_entry *ini_entry; if ((ini_entry = zend_hash_str_find_ptr( EG(ini_directives), ZEND_STRL("session.save_handler")))) { - if (ini_entry->value) { + if (ini_entry && ini_entry->value) { sp_OnUpdateSaveHandler(NULL, ini_entry->value, NULL, NULL, NULL, 0); } } -- cgit v1.3 From 55e431217df5e45b8ea1b48dab1f4b3736aa5ee0 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:30:43 +0200 Subject: fixed mem leak in cidr parser and multiple mem leaks triggered by duplicate keywords --- src/sp_config.c | 102 ++++++++++++++++++++++++++++++++------------------------ 1 file changed, 59 insertions(+), 43 deletions(-) (limited to 'src') diff --git a/src/sp_config.c b/src/sp_config.c index 72781c6..db3f12d 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -56,12 +56,19 @@ static int parse_line(char *line) { } /* keyword parsing */ +#define CHECK_DUPLICATE_KEYWORD(retval) \ + if (*(void**)(retval)) { \ + sp_log_err("config", "duplicate %s) on line %zu near `%s`", keyword, sp_line_no, line); \ + return -1; } + + int parse_empty(char *restrict line, char *restrict keyword, void *retval) { *(bool *)retval = true; return 0; } int parse_list(char *restrict line, char *restrict keyword, void *list_ptr) { + CHECK_DUPLICATE_KEYWORD(list_ptr); zend_string *value = NULL; sp_list_node **list = list_ptr; char *token, *tmp; @@ -86,48 +93,50 @@ int parse_list(char *restrict line, char *restrict keyword, void *list_ptr) { } int parse_php_type(char *restrict line, char *restrict keyword, void *retval) { + CHECK_DUPLICATE_KEYWORD(retval); size_t consumed = 0; zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); - if (value) { - if (zend_string_equals_literal_ci(value, "undef")) { - *(sp_php_type *)retval = SP_PHP_TYPE_UNDEF; - } else if (zend_string_equals_literal_ci(value, "null")) { - *(sp_php_type *)retval = SP_PHP_TYPE_NULL; - } else if (zend_string_equals_literal_ci(value, "true")) { - *(sp_php_type *)retval = SP_PHP_TYPE_TRUE; - } else if (zend_string_equals_literal_ci(value, "false")) { - *(sp_php_type *)retval = SP_PHP_TYPE_FALSE; - } else if (zend_string_equals_literal_ci(value, "long")) { - *(sp_php_type *)retval = SP_PHP_TYPE_LONG; - } else if (zend_string_equals_literal_ci(value, "double")) { - *(sp_php_type *)retval = SP_PHP_TYPE_DOUBLE; - } else if (zend_string_equals_literal_ci(value, "string")) { - *(sp_php_type *)retval = SP_PHP_TYPE_STRING; - } else if (zend_string_equals_literal_ci(value, "array")) { - *(sp_php_type *)retval = SP_PHP_TYPE_ARRAY; - } else if (zend_string_equals_literal_ci(value, "object")) { - *(sp_php_type *)retval = SP_PHP_TYPE_OBJECT; - } else if (zend_string_equals_literal_ci(value, "resource")) { - *(sp_php_type *)retval = SP_PHP_TYPE_RESOURCE; - } else if (zend_string_equals_literal_ci(value, "reference")) { - *(sp_php_type *)retval = SP_PHP_TYPE_REFERENCE; - } else { - pefree(value, 1); - sp_log_err("error", - "%s) is expecting a valid php type ('false', 'true'," - " 'array'. 'object', 'long', 'double', 'null', 'resource', " - "'reference', 'undef') on line %zu", - keyword, sp_line_no); - return -1; - } - pefree(value, 1); - return consumed; + if (!value) { + return -1; + } + + if (zend_string_equals_literal_ci(value, "undef")) { + *(sp_php_type *)retval = SP_PHP_TYPE_UNDEF; + } else if (zend_string_equals_literal_ci(value, "null")) { + *(sp_php_type *)retval = SP_PHP_TYPE_NULL; + } else if (zend_string_equals_literal_ci(value, "true")) { + *(sp_php_type *)retval = SP_PHP_TYPE_TRUE; + } else if (zend_string_equals_literal_ci(value, "false")) { + *(sp_php_type *)retval = SP_PHP_TYPE_FALSE; + } else if (zend_string_equals_literal_ci(value, "long")) { + *(sp_php_type *)retval = SP_PHP_TYPE_LONG; + } else if (zend_string_equals_literal_ci(value, "double")) { + *(sp_php_type *)retval = SP_PHP_TYPE_DOUBLE; + } else if (zend_string_equals_literal_ci(value, "string")) { + *(sp_php_type *)retval = SP_PHP_TYPE_STRING; + } else if (zend_string_equals_literal_ci(value, "array")) { + *(sp_php_type *)retval = SP_PHP_TYPE_ARRAY; + } else if (zend_string_equals_literal_ci(value, "object")) { + *(sp_php_type *)retval = SP_PHP_TYPE_OBJECT; + } else if (zend_string_equals_literal_ci(value, "resource")) { + *(sp_php_type *)retval = SP_PHP_TYPE_RESOURCE; + } else if (zend_string_equals_literal_ci(value, "reference")) { + *(sp_php_type *)retval = SP_PHP_TYPE_REFERENCE; } else { + pefree(value, 1); + sp_log_err("error", + "%s) is expecting a valid php type ('false', 'true'," + " 'array'. 'object', 'long', 'double', 'null', 'resource', " + "'reference', 'undef') on line %zu", + keyword, sp_line_no); return -1; } + pefree(value, 1); + return consumed; } int parse_str(char *restrict line, char *restrict keyword, void *retval) { + CHECK_DUPLICATE_KEYWORD(retval); zend_string *value = NULL; size_t consumed = 0; @@ -140,27 +149,34 @@ int parse_str(char *restrict line, char *restrict keyword, void *retval) { } int parse_cidr(char *restrict line, char *restrict keyword, void *retval) { + CHECK_DUPLICATE_KEYWORD(retval); + size_t consumed = 0; zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); + + if (!value) { + sp_log_err("config", "%s doesn't contain a valid cidr on line %zu", line, sp_line_no); + return -1; + } + sp_cidr *cidr = pecalloc(sizeof(sp_cidr), 1, 1); - if (value) { - if (-1 == get_ip_and_cidr(ZSTR_VAL(value), cidr)) { - return -1; - } - *(sp_cidr **)retval = cidr; - return consumed; - } else { - sp_log_err("config", "%s doesn't contain a valid cidr on line %zu", line, - sp_line_no); + if (0 == get_ip_and_cidr(ZSTR_VAL(value), cidr)) { + pefree(cidr, 1); + *(sp_cidr **)retval = NULL; return -1; } + + *(sp_cidr **)retval = cidr; + return consumed; } int parse_regexp(char *restrict line, char *restrict keyword, void *retval) { /* TODO: Do we want to use pcre_study? * (http://www.pcre.org/original/doc/html/pcre_study.html) * maybe not: http://sljit.sourceforge.net/pcre.html*/ + CHECK_DUPLICATE_KEYWORD(retval); + size_t consumed = 0; zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); -- cgit v1.3 From d4993c7deaefadbc5675f39404a46e64006174b9 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:32:28 +0200 Subject: fixed mem leak in parse_disabled_functions --- src/sp_config_keywords.c | 27 +++++++++++++++------------ 1 file changed, 15 insertions(+), 12 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 64b5715..8080eec 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -366,7 +366,7 @@ int parse_disabled_functions(char *line) { ret = parse_keywords(sp_config_funcs_disabled_functions, line); if (0 != ret) { - return ret; + goto out; } #define MUTUALLY_EXCLUSIVE(X, Y, STR1, STR2) \ @@ -375,7 +375,7 @@ int parse_disabled_functions(char *line) { "Invalid configuration line: 'sp.disabled_functions%s': " \ "'.%s' and '.%s' are mutually exclusive on line %zu", \ line, STR1, STR2, sp_line_no); \ - return -1; \ + ret = -1; goto out; \ } MUTUALLY_EXCLUSIVE(df->value, df->r_value, "value", "value_r"); @@ -398,7 +398,7 @@ int parse_disabled_functions(char *line) { "Invalid configuration line: 'sp.disabled_functions%s':" " must take a function name on line %zu", line, sp_line_no); - return -1; + ret = -1; goto out; } if (df->filename && (*ZSTR_VAL(df->filename) != '/') && (0 != strncmp(ZSTR_VAL(df->filename), "phar://", strlen("phar://")))) { @@ -407,14 +407,14 @@ int parse_disabled_functions(char *line) { "Invalid configuration line: 'sp.disabled_functions%s':" "'.filename' must be an absolute path or a phar archive on line %zu", line, sp_line_no); - return -1; + ret = -1; goto out; } if (!(allow ^ drop)) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions%s': The " "rule must either be a `drop` or `allow` one on line %zu", line, sp_line_no); - return -1; + ret = -1; goto out; } if (pos) { @@ -424,7 +424,7 @@ int parse_disabled_functions(char *line) { if (errno != 0 || endptr == ZSTR_VAL(pos)) { sp_log_err("config", "Failed to parse arg '%s' of `pos` on line %zu", ZSTR_VAL(pos), sp_line_no); - return -1; + ret = -1; goto out; } } @@ -435,7 +435,7 @@ int parse_disabled_functions(char *line) { if (errno != 0 || endptr == ZSTR_VAL(line_number)) { sp_log_err("config", "Failed to parse arg '%s' of `line` on line %zu", ZSTR_VAL(line_number), sp_line_no); - return -1; + ret = -1; goto out; } } df->allow = allow; @@ -454,14 +454,14 @@ int parse_disabled_functions(char *line) { new[0] = '$'; memcpy(new + 1, ZSTR_VAL(param), ZSTR_LEN(param)); df->param = sp_parse_var(new); - free(new); + pefree(new, 1); } else { df->param = sp_parse_var(ZSTR_VAL(param)); } if (!df->param) { sp_log_err("config", "Invalid value '%s' for `param` on line %zu", ZSTR_VAL(param), sp_line_no); - return -1; + ret = -1; goto out; } } @@ -471,15 +471,18 @@ int parse_disabled_functions(char *line) { if (!df->var) { sp_log_err("config", "Invalid value '%s' for `var` on line %zu", ZSTR_VAL(var), sp_line_no); - return -1; + ret = -1; goto out; } } else { sp_log_err("config", "Empty value in `var` on line %zu", sp_line_no); - return -1; + ret = -1; goto out; } } - if (true == disable) { + if (true == disable || 0 != ret) { + out: + sp_free_disabled_function(df); + pefree(df, 1); return ret; } -- cgit v1.3 From 7cce9171be0c8bb19818e9f668626af41efe3aae Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:33:17 +0200 Subject: fixed memleaks in zval encryption/decryption routines --- src/sp_crypt.c | 55 +++++++++++++++++++++++++++++++++---------------------- 1 file changed, 33 insertions(+), 22 deletions(-) (limited to 'src') diff --git a/src/sp_crypt.c b/src/sp_crypt.c index c57ac0b..eeffe33 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -40,11 +40,10 @@ void generate_key(unsigned char *key) { // This function return 0 upon success , non-zero otherwise int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { unsigned char key[crypto_secretbox_KEYBYTES] = {0}; - unsigned char *decrypted; - zend_string *debase64; + unsigned char *decrypted = NULL, *backup = NULL; int ret = 0; - debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), + zend_string *debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), Z_STRLEN_P(pDest)); if (ZSTR_LEN(debase64) < crypto_secretbox_NONCEBYTES) { @@ -52,15 +51,15 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { sp_log_simulation( "cookie_encryption", "Buffer underflow tentative detected in cookie encryption handling " - "for %s. Using the cookie 'as it' instead of decrypting it", + "for %s. Using the cookie 'as is' instead of decrypting it", hash_key ? ZSTR_VAL(hash_key->key) : "the session"); - return ZEND_HASH_APPLY_KEEP; + ret = ZEND_HASH_APPLY_KEEP; goto out; } else { // LCOV_EXCL_START sp_log_drop( "cookie_encryption", - "Buffer underflow tentative detected in cookie encryption handling"); - return ZEND_HASH_APPLY_REMOVE; + "Buffer underflow (tentative) detected in cookie encryption handling"); + ret = ZEND_HASH_APPLY_REMOVE; goto out; // LCOV_EXCL_STOP } } @@ -71,15 +70,15 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { if (true == simulation) { sp_log_simulation( "cookie_encryption", - "Integer overflow tentative detected in cookie encryption handling " + "Integer overflow (tentative) detected in cookie encryption handling " "for %s. Using the cookie 'as it' instead of decrypting it.", hash_key ? ZSTR_VAL(hash_key->key) : "the session"); - return ZEND_HASH_APPLY_KEEP; + ret = ZEND_HASH_APPLY_KEEP; goto out; } else { sp_log_drop( "cookie_encryption", - "Integer overflow tentative detected in cookie encryption handling."); - return ZEND_HASH_APPLY_REMOVE; + "Integer overflow (tentative) detected in cookie encryption handling."); + ret = ZEND_HASH_APPLY_REMOVE; goto out; } } // LCOV_EXCL_STOP @@ -87,7 +86,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { generate_key(key); decrypted = ecalloc(ZSTR_LEN(debase64) + crypto_secretbox_ZEROBYTES, 1); - char *backup = ecalloc(ZSTR_LEN(debase64), 1); + backup = ecalloc(ZSTR_LEN(debase64), 1); memcpy(backup, ZSTR_VAL(debase64), ZSTR_LEN(debase64)); ret = crypto_secretbox_open( @@ -101,28 +100,31 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { sp_log_simulation( "cookie_encryption", "Something went wrong with the decryption of %s. Using the cookie " - "'as it' instead of decrypting it", + "'as is' instead of decrypting it", hash_key ? ZSTR_VAL(hash_key->key) : "the session"); memcpy(ZSTR_VAL(debase64), backup, ZSTR_LEN(debase64)); - efree(backup); - return ZEND_HASH_APPLY_KEEP; + ret = ZEND_HASH_APPLY_KEEP; goto out; } else { sp_log_warn("cookie_encryption", "Something went wrong with the decryption of %s", hash_key ? ZSTR_VAL(hash_key->key) : "the session"); - efree(backup); - return ZEND_HASH_APPLY_REMOVE; + ret = ZEND_HASH_APPLY_REMOVE; goto out; } } - efree(backup); ZVAL_STRINGL(pDest, (char *)(decrypted + crypto_secretbox_ZEROBYTES), ZSTR_LEN(debase64) - crypto_secretbox_NONCEBYTES - 1 - crypto_secretbox_ZEROBYTES); - efree(decrypted); + ret = ZEND_HASH_APPLY_KEEP; - return ZEND_HASH_APPLY_KEEP; +out: + + if (debase64) { zend_string_efree(debase64); } + if (decrypted) { efree(decrypted); } + if (backup) { efree(backup); } + + return ret; } /* @@ -156,10 +158,19 @@ zend_string *encrypt_zval(zend_string *data) { memcpy(encrypted_data, nonce, crypto_secretbox_NONCEBYTES); - crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES, + int err = crypto_secretbox(encrypted_data + crypto_secretbox_NONCEBYTES, data_to_encrypt, encrypted_msg_len, nonce, key); - zend_string *z = php_base64_encode(encrypted_data, emsg_and_nonce_len); + zend_string *z = NULL; + if (err) { + sp_log_err("cookie_encryption", "something went wrong during encryption"); + z = zend_string_init("", 21, 0); + } else { + z = php_base64_encode(encrypted_data, emsg_and_nonce_len); + } + + efree(data_to_encrypt); + efree(encrypted_data); return z; } -- cgit v1.3 From 1eb78b020b4be9321f2157be653c4e1dcab6d662 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:34:19 +0200 Subject: simplified string concat --- src/sp_unserialize.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) (limited to 'src') diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 8977dd9..06636ad 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -30,14 +30,9 @@ PHP_FUNCTION(sp_serialize) { zend_bailout(); // LCOV_EXCL_STOP } - zend_string *res = zend_string_alloc(len, 0); - - memcpy(ZSTR_VAL(res), Z_STRVAL_P(return_value), Z_STRLEN_P(return_value)); - memcpy(ZSTR_VAL(res) + Z_STRLEN_P(return_value), Z_STRVAL(hmac), - Z_STRLEN(hmac)); /* Append the computed HMAC to the serialized data. */ - return_value->value.str = res; + return_value->value.str = zend_string_concat2(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), Z_STRVAL(hmac), Z_STRLEN(hmac)); return; } -- cgit v1.3 From ef7072a631ad96def3299c92e5569658ac306b2c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:36:13 +0200 Subject: fixed mem leak in get_param --- src/sp_config_utils.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index dbe6793..18cdf03 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -98,6 +98,9 @@ err: original_line ? original_line : "NULL", sp_line_no); } line = NULL; + if (ret) { + zend_string_release(ret); + } return NULL; } -- cgit v1.3 From 238c363b48a9189ad3f1df80cc330e01aed09cb4 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:36:40 +0200 Subject: fixed incorrect use of free()/efree() --- src/sp_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_utils.c b/src/sp_utils.c index 5f25920..5483618 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -437,7 +437,7 @@ bool hook_function(const char* original_name, HashTable* hook_table, if (zend_hash_str_find(CG(function_table), VAR_AND_LEN(mb_name))) { return hook_function(mb_name, hook_table, new_function); } - free(mb_name); + efree(mb_name); // LCOV_EXCL_STOP } -- cgit v1.3 From 62f6d31d88e4536269b60471d7a4f7431442276a Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 3 Aug 2021 15:37:40 +0200 Subject: fixed mem leak in parser --- src/sp_var_parser.c | 23 +++++++++++++++++++---- 1 file changed, 19 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c index eb57f70..cc75d83 100644 --- a/src/sp_var_parser.c +++ b/src/sp_var_parser.c @@ -44,13 +44,15 @@ static int create_var(sp_tree *tree, const char *restrict value, size_t value_len, elem_type _type, const char *restrict idx) { sp_tree *var_node = NULL; - + bool free_node_on_error = false; + int err = 0; assert(tree); if (tree->next == NULL && tree->type == UNDEFINED) { var_node = tree; } else { var_node = pecalloc(sizeof(sp_tree), 1, 1); + free_node_on_error = true; } var_node->value = NULL; @@ -66,14 +68,15 @@ static int create_var(sp_tree *tree, const char *restrict value, if (!(var_node->value = pestrndup(value, value_len, 1))) { // LCOV_EXCL_START sp_log_err("config", "Can't allocate a strndup"); - return -1; + err = -1; goto err; // LCOV_EXCL_STOP } if (var_node->type != INTERPRETED_STRING && !is_var_name_valid(var_node->value)) { sp_log_err("config", "Invalid var name: %s.", var_node->value); - return -1; + err = -1; goto err; } + var_node->idx = sp_parse_var(idx); if (tree != var_node) { @@ -82,7 +85,19 @@ static int create_var(sp_tree *tree, const char *restrict value, } tree->next = var_node; } - return 0; + + if (err) { +err: + if (free_node_on_error) { + sp_tree_free(var_node); + } else { + var_node->next = var_node->idx = NULL; + var_node->value = NULL; + var_node->type = UNDEFINED; + } + } + + return err; } int cmp_tokens(sp_list_node const *const list1, -- cgit v1.3 From baecad40b5b8a977ce2a42f9ad1e31820254ae6e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 6 Aug 2021 16:39:03 +0200 Subject: debug log to dup'd stderr / php is closing stderr during shutdown --- src/snuffleupagus.c | 17 +++++++++++++++++ src/sp_utils.h | 9 +++++++++ 2 files changed, 26 insertions(+) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index d8a86b5..8c7ecbf 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -13,6 +13,10 @@ static PHP_INI_MH(OnUpdateConfiguration); static inline void sp_op_array_handler(zend_op_array *op); +#ifdef SP_DEBUG_STDERR +int sp_debug_stderr = STDERR_FILENO; +#endif + ZEND_EXTENSION(); // LCOV_EXCL_START @@ -70,6 +74,10 @@ ZEND_DLEXPORT zend_extension zend_extension_entry = { STANDARD_ZEND_EXTENSION_PROPERTIES}; static PHP_GINIT_FUNCTION(snuffleupagus) { +#ifdef SP_DEBUG_STDERR + sp_debug_stderr = dup(STDERR_FILENO); +#endif + sp_log_debug("(GINIT)"); snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; snuffleupagus_globals->in_eval = 0; @@ -116,6 +124,7 @@ static PHP_GINIT_FUNCTION(snuffleupagus) { } PHP_MINIT_FUNCTION(snuffleupagus) { + sp_log_debug("(MINIT)"); REGISTER_INI_ENTRIES(); return SUCCESS; @@ -134,6 +143,7 @@ static inline void free_disabled_functions_hashtable(HashTable *const ht) { } static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { + sp_log_debug("(GSHUTDOWN)"); #define FREE_HT(F) \ zend_hash_destroy(snuffleupagus_globals->F); \ pefree(snuffleupagus_globals->F, 1); @@ -188,6 +198,11 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { FREE_CFG(config_disabled_functions_reg_ret); #undef FREE_CFG #undef FREE_CFG_ZSTR + +#ifdef SP_DEBUG_STDERR + close(sp_debug_stderr); + sp_debug_stderr = STDERR_FILENO; +#endif } PHP_RINIT_FUNCTION(snuffleupagus) { @@ -249,6 +264,8 @@ PHP_MINFO_FUNCTION(snuffleupagus) { } static PHP_INI_MH(OnUpdateConfiguration) { + sp_log_debug("(OnUpdateConfiguration)"); + TSRMLS_FETCH(); if (!new_value || !new_value->len) { diff --git a/src/sp_utils.h b/src/sp_utils.h index 7c287da..5537a34 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -51,9 +51,18 @@ sp_log_msgf(feature, SP_LOG_ERROR, SP_TYPE_LOG, __VA_ARGS__) #define sp_log_warn(feature, ...) \ sp_log_msgf(feature, SP_LOG_WARN, SP_TYPE_LOG, __VA_ARGS__) + #ifdef SP_DEBUG + +#ifdef SP_DEBUG_STDERR +extern int sp_debug_stderr; +#define sp_log_debug(fmt, ...) \ + dprintf(sp_debug_stderr, "[snuffleupagus][DEBUG] %s(): " fmt "\n", __FUNCTION__, ##__VA_ARGS__); +#else #define sp_log_debug(fmt, ...) \ sp_log_msgf("DEBUG", SP_LOG_DEBUG, SP_TYPE_LOG, "%s(): " fmt, __FUNCTION__, ##__VA_ARGS__) +#endif + #else #define sp_log_debug(...) #endif -- cgit v1.3 From 11141456a4c3026b2bc9b2b7ba6141622e8fcf3a Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 6 Aug 2021 16:40:27 +0200 Subject: removed useless assignment --- src/sp_pcre_compat.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index 3bd00ca..2b9f08d 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -4,7 +4,6 @@ inline void sp_pcre_free(sp_pcre* regexp) { #ifdef SP_HAS_PCRE2 pcre2_code_free(regexp); #endif - regexp = NULL; } sp_pcre* sp_pcre_compile(const char* const pattern) { -- cgit v1.3 From 2b6086486be69533d0077585c7726b3efa175fe6 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 6 Aug 2021 16:40:57 +0200 Subject: fixed incorrect debug log invocation --- src/sp_cookie_encryption.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 92a056b..7bcedd2 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -33,7 +33,7 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, static zend_string *encrypt_data(zend_string *data) { zend_string *z = encrypt_zval(data); - sp_log_debug("cookie_encryption", "Cookie value:%s:", ZSTR_VAL(z)); + sp_log_debug("Cookie value:%s:", ZSTR_VAL(z)); return z; } -- cgit v1.3 From 260f17f112e2d081783c6dc102f81666ac2435d9 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 6 Aug 2021 20:17:38 +0200 Subject: restructured function hooks, implemented unhook --- src/sp_utils.c | 71 ++++++++++++++++++++++++++++++++++------------------------ src/sp_utils.h | 1 + 2 files changed, 43 insertions(+), 29 deletions(-) (limited to 'src') diff --git a/src/sp_utils.c b/src/sp_utils.c index 5483618..af78d20 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -391,41 +391,43 @@ bool sp_match_array_value(const zval* arr, const zend_string* to_match, return false; } +bool /* success */ _hook_function(const char* original_name, HashTable* hook_table, + zif_handler new_function) { + zend_function* func; + if ((func = zend_hash_str_find_ptr(CG(function_table), VAR_AND_LEN(original_name)))) { + if (func->type != ZEND_INTERNAL_FUNCTION) { + return false; + } + if (zend_hash_str_add_new_ptr((hook_table), VAR_AND_LEN(original_name), + func->internal_function.handler) == NULL) { + // LCOV_EXCL_START + sp_log_err("function_pointer_saving", + "Could not save function pointer for %s", original_name); + return false; + // LCOV_EXCL_STOP + } + func->internal_function.handler = new_function; + return true; + } + return false; +} + bool hook_function(const char* original_name, HashTable* hook_table, zif_handler new_function) { - zend_internal_function* func; - bool ret = false; + zend_function* func; - /* The `mb` module likes to hook functions, like strlen->mb_strlen, - * so we have to hook both of them. */ - if ((func = zend_hash_str_find_ptr(CG(function_table), - VAR_AND_LEN(original_name)))) { - if (func->handler == new_function) { - return SUCCESS; // the function is already hooked - } else { - if (zend_hash_str_add_new_ptr((hook_table), VAR_AND_LEN(original_name), - func->handler) == NULL) { - // LCOV_EXCL_START - sp_log_err("function_pointer_saving", - "Could not save function pointer for %s", original_name); - return FAILURE; - // LCOV_EXCL_STOP - } - func->handler = new_function; - ret = true; - } - } + bool ret = _hook_function(original_name, hook_table, new_function); #if PHP_VERSION_ID < 80000 CG(compiler_options) |= ZEND_COMPILE_NO_BUILTIN_STRLEN; #endif - if (0 == strncmp(original_name, "mb_", 3) && !CG(multibyte)) { - if (zend_hash_str_find(CG(function_table), - VAR_AND_LEN(original_name + 3))) { - return hook_function(original_name + 3, hook_table, new_function); - } + /* The `mb` module likes to hook functions, like strlen->mb_strlen, + * so we have to hook both of them. */ + + if (!CG(multibyte) && 0 == strncmp(original_name, "mb_", 3)) { + _hook_function(original_name + 3, hook_table, new_function); } else if (CG(multibyte)) { // LCOV_EXCL_START char* mb_name = ecalloc(strlen(original_name) + 3 + 1, 1); @@ -434,9 +436,7 @@ bool hook_function(const char* original_name, HashTable* hook_table, } memcpy(mb_name, "mb_", sizeof("mb_") - 1); memcpy(mb_name + 3, VAR_AND_LEN(original_name)); - if (zend_hash_str_find(CG(function_table), VAR_AND_LEN(mb_name))) { - return hook_function(mb_name, hook_table, new_function); - } + _hook_function(mb_name, hook_table, new_function); efree(mb_name); // LCOV_EXCL_STOP } @@ -459,6 +459,19 @@ int hook_regexp(const sp_pcre* regexp, HashTable* hook_table, return SUCCESS; } +void unhook_functions(HashTable *ht) { + zend_string *fname; + zif_handler orig_handler; + zend_ulong idx; + + ZEND_HASH_REVERSE_FOREACH_KEY_PTR(ht, idx, fname, orig_handler) + zend_function *func = zend_hash_find_ptr(CG(function_table), fname); + if (func && func->type == ZEND_INTERNAL_FUNCTION && orig_handler) { + func->internal_function.handler = orig_handler; + } + ZEND_HASH_FOREACH_END_DEL(); +} + bool check_is_in_eval_whitelist(const zend_string* const function_name) { const sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->whitelist; diff --git a/src/sp_utils.h b/src/sp_utils.h index 5537a34..ec79e8b 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -82,6 +82,7 @@ void sp_log_disable(const char *restrict, const char *restrict, void sp_log_disable_ret(const char *restrict, const zend_string *restrict, const sp_disabled_function *); bool hook_function(const char *, HashTable *, zif_handler); +void unhook_functions(HashTable *ht); int hook_regexp(const sp_pcre *, HashTable *, zif_handler); bool check_is_in_eval_whitelist(const zend_string *const function_name); int sp_log_request(const zend_string *restrict folder, -- cgit v1.3 From 2392c46836ceea520fa2a45369c8d638aadb943c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 6 Aug 2021 20:23:52 +0200 Subject: implemented ini settings protection --- src/config.m4 | 1 + src/php_snuffleupagus.h | 1 + src/snuffleupagus.c | 46 ++++++++++++----- src/sp_config.c | 13 +++++ src/sp_config.h | 26 +++++++++- src/sp_config_keywords.c | 77 +++++++++++++++++++++++++++++ src/sp_config_keywords.h | 2 + src/sp_ini.c | 126 +++++++++++++++++++++++++++++++++++++++++++++++ src/sp_ini.h | 2 + 9 files changed, 281 insertions(+), 13 deletions(-) create mode 100644 src/sp_ini.c create mode 100644 src/sp_ini.h (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index e4cc1f5..1410565 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -7,6 +7,7 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c" sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c" sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c" sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c" +sources="$sources sp_ini.c" PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support, [ --enable-snuffleupagus Enable snuffleupagus support]) diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 5b2b414..be4d306 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -85,6 +85,7 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); #include "sp_session.h" #include "sp_sloppy.h" #include "sp_wrapper.h" +#include "sp_ini.h" extern zend_module_entry snuffleupagus_module_entry; #define phpext_snuffleupagus_ptr &snuffleupagus_module_entry diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 8c7ecbf..2ee94a1 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -81,18 +81,6 @@ static PHP_GINIT_FUNCTION(snuffleupagus) { snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; snuffleupagus_globals->in_eval = 0; -#define SP_INIT_HT(F) \ - snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \ - zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); - SP_INIT_HT(disabled_functions_hook); - SP_INIT_HT(sp_internal_functions_hook); - SP_INIT_HT(sp_eval_blacklist_functions_hook); - SP_INIT_HT(config.config_disabled_functions); - SP_INIT_HT(config.config_disabled_functions_hooked); - SP_INIT_HT(config.config_disabled_functions_ret); - SP_INIT_HT(config.config_disabled_functions_ret_hooked); -#undef SP_INIT_HT - #define SP_INIT(F) \ snuffleupagus_globals->config.F = \ pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1); @@ -109,10 +97,24 @@ static PHP_GINIT_FUNCTION(snuffleupagus) { SP_INIT(config_eval); SP_INIT(config_wrapper); SP_INIT(config_session); + SP_INIT(config_ini); SP_INIT(config_disabled_functions_reg); SP_INIT(config_disabled_functions_reg_ret); #undef SP_INIT +#define SP_INIT_HT(F) \ + snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \ + zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); + SP_INIT_HT(disabled_functions_hook); + SP_INIT_HT(sp_internal_functions_hook); + SP_INIT_HT(sp_eval_blacklist_functions_hook); + SP_INIT_HT(config.config_disabled_functions); + SP_INIT_HT(config.config_disabled_functions_hooked); + SP_INIT_HT(config.config_disabled_functions_ret); + SP_INIT_HT(config.config_disabled_functions_ret_hooked); + SP_INIT_HT(config.config_ini->entries); +#undef SP_INIT_HT + #define SP_INIT_NULL(F) snuffleupagus_globals->config.F = NULL; SP_INIT_NULL(config_disabled_functions_reg->disabled_functions); SP_INIT_NULL(config_disabled_functions_reg_ret->disabled_functions); @@ -131,6 +133,11 @@ PHP_MINIT_FUNCTION(snuffleupagus) { } PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { + sp_log_debug("(MSHUTDOWN)"); + unhook_functions(SNUFFLEUPAGUS_G(sp_internal_functions_hook)); + unhook_functions(SNUFFLEUPAGUS_G(disabled_functions_hook)); + unhook_functions(SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook)); + if (SNUFFLEUPAGUS_G(config).config_ini->enable) { sp_unhook_ini(); } UNREGISTER_INI_ENTRIES(); return SUCCESS; @@ -142,6 +149,12 @@ static inline void free_disabled_functions_hashtable(HashTable *const ht) { ZEND_HASH_FOREACH_END(); } +static inline void free_config_ini_entries(HashTable *const ht) { + void *ptr = NULL; + ZEND_HASH_FOREACH_PTR(ht, ptr) { sp_free_ini_entry(ptr); pefree(ptr, 1); } + ZEND_HASH_FOREACH_END(); +} + static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { sp_log_debug("(GSHUTDOWN)"); #define FREE_HT(F) \ @@ -158,6 +171,9 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { FREE_HT_LIST(config_disabled_functions_ret); FREE_HT_LIST(config_disabled_functions_ret_hooked); #undef FREE_HT_LIST + + free_config_ini_entries(snuffleupagus_globals->config.config_ini->entries); + FREE_HT(config.config_ini->entries); #undef FREE_HT #define FREE_LST_DISABLE(L) \ @@ -174,6 +190,7 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { FREE_LST(config_wrapper->whitelist); #undef FREE_LST + #define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1); #define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->config.C); FREE_CFG(config_random); @@ -194,6 +211,7 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { FREE_CFG(config_eval); FREE_CFG(config_wrapper); FREE_CFG(config_session); + FREE_CFG(config_ini); FREE_CFG(config_disabled_functions_reg); FREE_CFG(config_disabled_functions_reg_ret); #undef FREE_CFG @@ -332,6 +350,10 @@ static PHP_INI_MH(OnUpdateConfiguration) { hook_execute(); hook_cookies(); + if (SNUFFLEUPAGUS_G(config).config_ini->enable) { + sp_hook_ini(); + } + if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) { zend_extension_entry.startup = NULL; diff --git a/src/sp_config.c b/src/sp_config.c index db3f12d..667867b 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -23,6 +23,8 @@ static sp_config_tokens const sp_func[] = { {.func = parse_session, .token = SP_TOKEN_SESSION_ENCRYPTION}, {.func = parse_sloppy_comparison, .token = SP_TOKEN_SLOPPY_COMPARISON}, {.func = parse_wrapper_whitelist, .token = SP_TOKEN_ALLOW_WRAPPERS}, + {.func = parse_ini_protection, .token = ".ini_protection"}, + {.func = parse_ini_entry, .token = ".ini"}, {NULL, NULL}}; /* Top level keyword parsing */ @@ -281,3 +283,14 @@ void sp_free_zstr(void *data) { zend_string_release_ex((zend_string*)data, 1); } } + +void sp_free_ini_entry(void *data) { + sp_ini_entry *entry = data; + + sp_free_zstr(entry->key); + sp_free_zstr(entry->min); + sp_free_zstr(entry->max); + sp_pcre_free(entry->regexp); + sp_free_zstr(entry->msg); + sp_free_zstr(entry->set); +} \ No newline at end of file diff --git a/src/sp_config.h b/src/sp_config.h index f3b64a6..bd2530a 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -30,6 +30,8 @@ typedef enum { typedef enum { SP_ZEND = 0, SP_SYSLOG = 1 } sp_log_media; +typedef enum { SP_UNSET = 0, SP_READONLY = 1, SP_READWRITE = -1 } sp_ini_permission; + typedef struct { int ip_version; union { @@ -162,6 +164,26 @@ typedef struct { bool enable; } sp_config_upload_validation; +typedef struct { + zend_string *key; + sp_ini_permission access; + zend_string *min; + zend_string *max; + sp_pcre *regexp; + bool simulation; + zend_string *msg; + zend_string *set; + PHP_INI_MH((*orig_onmodify)); +} sp_ini_entry; + +typedef struct { + bool enable; + bool simulation; + // sp_ini_permission access_policy; + bool policy_readonly; + HashTable *entries; // ht of sp_ini_entry +} sp_config_ini; + typedef struct { sp_config_random *config_random; sp_config_sloppy *config_sloppy; @@ -176,6 +198,7 @@ typedef struct { sp_config_eval *config_eval; sp_config_wrapper *config_wrapper; sp_config_session *config_session; + sp_config_ini *config_ini; bool hook_execute; char log_media; @@ -215,6 +238,7 @@ typedef struct { #define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist" #define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison" #define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist" +#define SP_TOKEN_INI ".ini" // common tokens #define SP_TOKEN_ENABLE ".enable(" @@ -284,6 +308,6 @@ int parse_list(char *restrict, char *restrict, void *); void sp_free_disabled_function(void *data); void sp_free_cookie(void *data); void sp_free_zstr(void *data); - +void sp_free_ini_entry(void *data); #endif /* SP_CONFIG_H */ diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 8080eec..e6eb05e 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -562,3 +562,80 @@ int parse_upload_validation(char *line) { return ret; } + +int parse_ini_protection(char *line) { + bool disable = false, enable = false; + bool rw = false, ro = false; // rw is ignored, but declaring .policy_rw is valid for readability + sp_config_functions sp_config_ini_protection[] = { + {parse_empty, SP_TOKEN_ENABLE, &(enable)}, + {parse_empty, SP_TOKEN_DISABLE, &(disable)}, + {parse_empty, SP_TOKEN_SIMULATION, &(SNUFFLEUPAGUS_G(config).config_ini->simulation)}, + {parse_empty, ".policy_readonly(", &ro}, + {parse_empty, ".policy_ro(", &ro}, + {parse_empty, ".policy_readwrite(", &rw}, + {parse_empty, ".policy_rw(", &rw}, + {0, 0, 0}}; + + int ret = parse_keywords(sp_config_ini_protection, line); + if (ret) { return ret; } + + if (enable && disable) { + sp_log_err("config", "A rule can't be enabled and disabled on line %zu", + sp_line_no); + return -1; + } + if (enable || disable) { + SNUFFLEUPAGUS_G(config).config_ini->enable = (enable || !disable); + } + + if (ro && rw) { + sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); + return -1; + } + SNUFFLEUPAGUS_G(config).config_ini->policy_readonly = ro; + + return ret; +} + +int parse_ini_entry(char *line) { + sp_ini_entry *entry = pecalloc(sizeof(sp_ini_entry), 1, 1); + bool rw = false, ro = false; + + sp_config_functions sp_config_ini_protection[] = { + {parse_empty, SP_TOKEN_SIMULATION, &entry->simulation}, + {parse_str, ".key(", &entry->key}, + {parse_str, ".msg(", &entry->msg}, + {parse_str, ".set(", &entry->set}, + {parse_str, ".min(", &entry->min}, + {parse_str, ".max(", &entry->max}, + {parse_regexp, ".regexp(", &entry->regexp}, + {parse_empty, ".readonly(", &ro}, + {parse_empty, ".ro(", &ro}, + {parse_empty, ".readwrite()", &rw}, + {parse_empty, ".rw()", &rw}, + {0, 0, 0}}; + + int ret = parse_keywords(sp_config_ini_protection, line); + if (ret) { goto err; } + + if (!entry->key) { + sp_log_err("config", "A .key() must be provided on line %zu", sp_line_no); + ret = -1; goto err; + } + + if (ro && rw) { + sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); + ret = -1; goto err; + } + entry->access = ro - rw; + + zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_ini->entries, entry->key, entry); + return ret; + +err: + if (entry) { + sp_free_ini_entry(entry); + pefree(entry, 1); + } + return ret; +} \ No newline at end of file diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h index a279cc9..b90c06c 100644 --- a/src/sp_config_keywords.h +++ b/src/sp_config_keywords.h @@ -18,5 +18,7 @@ int parse_session(char *line); int parse_sloppy_comparison(char *line); int parse_wrapper_whitelist(char *line); int parse_log_media(char *line); +int parse_ini_protection(char *line); +int parse_ini_entry(char *line); #endif // __SP_CONFIG_KEYWORDS_H diff --git a/src/sp_ini.c b/src/sp_ini.c new file mode 100644 index 0000000..05d7d99 --- /dev/null +++ b/src/sp_ini.c @@ -0,0 +1,126 @@ +#include "php_snuffleupagus.h" + +#define SP_INI_HAS_CHECKS_COND(entry) (entry->min || entry->max || entry->regexp) +#define SP_INI_ACCESS_READONLY_COND(entry, cfg) (entry->access == SP_READONLY || (!entry->access && cfg->policy_readonly)) + +static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_value, sp_ini_entry **sp_entry_p) { + if (!varname || ZSTR_LEN(varname) == 0) { + return false; + } + + sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; + sp_ini_entry *entry = zend_hash_find_ptr(cfg->entries, varname); + if (sp_entry_p) { + *sp_entry_p = entry; + } + bool simulation = (cfg->simulation || (entry && entry->simulation)); + + if (!entry) { + if (cfg->policy_readonly) { + sp_log_auto("ini_protection", simulation, "INI setting is read-only"); + if (simulation) { return true; } + return false; + } + return true; + } + + if (SP_INI_ACCESS_READONLY_COND(entry, cfg)) { + sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI setting is read-only")); + if (simulation) { return true; } + return false; + } + + if (!new_value && SP_INI_HAS_CHECKS_COND(entry)) { + sp_log_auto("ini_protection", simulation, "new INI value must not be NULL"); + if (simulation) { return true; } + return false; + } + + if (entry->min || entry->max) { + zend_long lvalue = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value)); + if ((entry->min && zend_atol(ZSTR_VAL(entry->min), ZSTR_LEN(entry->min)) > lvalue) || + (entry->max && zend_atol(ZSTR_VAL(entry->max), ZSTR_LEN(entry->max)) < lvalue)) { + sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value out of range")); + if (simulation) { return true; } + return false; + } + } + + if (entry->regexp) { + if (!sp_is_regexp_matching_len(entry->regexp, ZSTR_VAL(new_value), ZSTR_LEN(new_value))) { + sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value does not match regex")); + if (simulation) { return true; } + return false; + } + } + + return true; +} + +static PHP_INI_MH(sp_ini_onmodify) { + zend_ini_entry *ini_entry = entry; + sp_ini_entry *sp_entry = NULL; + + sp_log_debug("%s =? %s", ZSTR_VAL(ini_entry->name), ZSTR_VAL(new_value)); + if (!sp_ini_check(ini_entry->name, new_value, &sp_entry)) { + return FAILURE; + } + + if (sp_entry && sp_entry->orig_onmodify) { + return sp_entry->orig_onmodify(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); + } + + return SUCCESS; +} + +void sp_hook_ini() { + sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; + sp_ini_entry *sp_entry; + zend_ini_entry *ini_entry; + ZEND_HASH_FOREACH_PTR(cfg->entries, sp_entry) + sp_log_debug("hook entry `%s`", ZSTR_VAL(sp_entry->key)); + if ((ini_entry = zend_hash_find_ptr(EG(ini_directives), sp_entry->key)) == NULL) { + sp_log_warn("ini_protection", "Cannot hook INI var `%s`. Maybe a typo or the PHP extension providing this var is not loaded yet.", ZSTR_VAL(sp_entry->key)); + continue; + } + if (SP_INI_ACCESS_READONLY_COND(sp_entry, cfg)) { + ini_entry->modifiable = ini_entry->orig_modifiable = 0; + } + PHP_INI_MH((*orig_onmodify)) = ini_entry->on_modify; + + if (SP_INI_HAS_CHECKS_COND(sp_entry) || SP_INI_ACCESS_READONLY_COND(sp_entry, cfg)) { + // only hook on_modify if there is any check to perform + sp_entry->orig_onmodify = ini_entry->on_modify; + ini_entry->on_modify = sp_ini_onmodify; + } + + if (sp_entry->set) { + zend_string *duplicate = zend_string_copy(sp_entry->set); + + if (!orig_onmodify || orig_onmodify(ini_entry, duplicate, ini_entry->mh_arg1, ini_entry->mh_arg2, ini_entry->mh_arg3, ZEND_INI_STAGE_STARTUP) == SUCCESS) { + ini_entry->value = duplicate; + } else { + zend_string_release(duplicate); + sp_log_warn("ini_protection", "Failed to set INI var `%s`.", ZSTR_VAL(sp_entry->key)); + continue; + } + } + ZEND_HASH_FOREACH_END(); +} + +void sp_unhook_ini() { + sp_ini_entry *sp_entry; + zend_ini_entry *ini_entry; + ZEND_HASH_FOREACH_PTR(SNUFFLEUPAGUS_G(config).config_ini->entries, sp_entry) + if (!sp_entry->orig_onmodify) { + // not hooked or no original onmodify + continue; + } + if ((ini_entry = zend_hash_find_ptr(EG(ini_directives), sp_entry->key)) == NULL) { + // unusual. ini entry is missing. + continue; + } + ini_entry->on_modify = sp_entry->orig_onmodify; + sp_entry->orig_onmodify = NULL; + ZEND_HASH_FOREACH_END(); +} diff --git a/src/sp_ini.h b/src/sp_ini.h new file mode 100644 index 0000000..5869539 --- /dev/null +++ b/src/sp_ini.h @@ -0,0 +1,2 @@ +void sp_hook_ini(); +void sp_unhook_ini(); \ No newline at end of file -- cgit v1.3 From e8bb162220ac17cb9b8cc229666356e88f081887 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 15:55:48 +0200 Subject: prevent STDERR debug output based on SP_NODEBUG environment variable --- src/snuffleupagus.c | 12 +++++++++--- src/sp_utils.h | 2 +- 2 files changed, 10 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 2ee94a1..3ad47d5 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -75,7 +75,11 @@ ZEND_DLEXPORT zend_extension zend_extension_entry = { static PHP_GINIT_FUNCTION(snuffleupagus) { #ifdef SP_DEBUG_STDERR - sp_debug_stderr = dup(STDERR_FILENO); + if (getenv("SP_NODEBUG")) { + sp_debug_stderr = -1; + } else { + sp_debug_stderr = dup(STDERR_FILENO); + } #endif sp_log_debug("(GINIT)"); snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; @@ -218,8 +222,10 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { #undef FREE_CFG_ZSTR #ifdef SP_DEBUG_STDERR - close(sp_debug_stderr); - sp_debug_stderr = STDERR_FILENO; + if (sp_debug_stderr >= 0) { + close(sp_debug_stderr); + sp_debug_stderr = STDERR_FILENO; + } #endif } diff --git a/src/sp_utils.h b/src/sp_utils.h index ec79e8b..c0ddbe4 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -57,7 +57,7 @@ #ifdef SP_DEBUG_STDERR extern int sp_debug_stderr; #define sp_log_debug(fmt, ...) \ - dprintf(sp_debug_stderr, "[snuffleupagus][DEBUG] %s(): " fmt "\n", __FUNCTION__, ##__VA_ARGS__); + if (sp_debug_stderr > 0) dprintf(sp_debug_stderr, "[snuffleupagus][DEBUG] %s(): " fmt "\n", __FUNCTION__, ##__VA_ARGS__); #else #define sp_log_debug(fmt, ...) \ sp_log_msgf("DEBUG", SP_LOG_DEBUG, SP_TYPE_LOG, "%s(): " fmt, __FUNCTION__, ##__VA_ARGS__) -- cgit v1.3 From bd8b5bb241ca359b65c1a3717c9905d034b9703b Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 15:56:57 +0200 Subject: more ini protection features --- config/ini_protection.php8.rules | 20 +++++++++++++++- src/sp_config.h | 8 +++++-- src/sp_config_keywords.c | 21 ++++++++++++---- src/sp_ini.c | 52 +++++++++++++++++++++++++++------------- 4 files changed, 76 insertions(+), 25 deletions(-) (limited to 'src') diff --git a/config/ini_protection.php8.rules b/config/ini_protection.php8.rules index 081048f..b4ddb30 100644 --- a/config/ini_protection.php8.rules +++ b/config/ini_protection.php8.rules @@ -1,6 +1,20 @@ ## INI protection - prevent unwanted runtime ini changes made by ini_set() or other functions or by .htaccess sp.ini_protection.enable(); +## simulation mode: only log violations +#sp.ini_protection.simulation(); + +## drop policy: drop request on rule violation +#sp.ini_protection.policy_drop(); + +## do not log violations. +## this setting has no effect in simulation or drop mode +#sp.ini_protection.policy_silent_fail(); + +## do not log read-only violations +## this setting has no effect in simulation or drop mode +sp.ini_protection.policy_silent_ro(); + ## access policy can be one of ## .policy_readonly(): All entries are read-only by default. ## Individual entries can be set read-write using .readwrite() or .rw() @@ -10,13 +24,17 @@ sp.ini_protection.enable(); ## sp.ini entries can have the following attributes ## .key("..."): mandatory ini name. -## .set("..."): set the value. This overrides php.ini. +## .set("..."): set the initial value. This overrides php.ini. +## checks are not performed for this initial value. ## .min("...") / .max("..."): value must be an integer between .min and .max. ## shorthand notation (e.g. 1k = 1024) is allowed ## .regexp("..."): value must match the regular expression +## .allow_null(): allow setting a NULL-value ## .msg("..."): message is shown in logs on rule violation instead of default message ## .readonly() / .ro() / .readwrite() / .rw(): set entry to read-only or read-write respectively ## If no access keyword is provided, the entry inherits the default policy set by sp.ini_protection.policy_*-rules. +## .drop(): drop request on rule violation for this entry +## .simulation(): only log rule violation for this entry ## FOR PRODUCTION SYSTEMS: disable error messages and version numbers sp.ini.key("display_errors").set("0").ro(); diff --git a/src/sp_config.h b/src/sp_config.h index bd2530a..0ba2e7f 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -170,17 +170,21 @@ typedef struct { zend_string *min; zend_string *max; sp_pcre *regexp; - bool simulation; zend_string *msg; zend_string *set; + bool allow_null; + bool simulation; + bool drop; PHP_INI_MH((*orig_onmodify)); } sp_ini_entry; typedef struct { bool enable; bool simulation; - // sp_ini_permission access_policy; bool policy_readonly; + bool policy_silent_ro; + bool policy_silent_fail; + bool policy_drop; HashTable *entries; // ht of sp_ini_entry } sp_config_ini; diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index e6eb05e..c547f10 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -566,14 +566,19 @@ int parse_upload_validation(char *line) { int parse_ini_protection(char *line) { bool disable = false, enable = false; bool rw = false, ro = false; // rw is ignored, but declaring .policy_rw is valid for readability + sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; sp_config_functions sp_config_ini_protection[] = { {parse_empty, SP_TOKEN_ENABLE, &(enable)}, {parse_empty, SP_TOKEN_DISABLE, &(disable)}, - {parse_empty, SP_TOKEN_SIMULATION, &(SNUFFLEUPAGUS_G(config).config_ini->simulation)}, + {parse_empty, SP_TOKEN_SIMULATION, &cfg->simulation}, {parse_empty, ".policy_readonly(", &ro}, {parse_empty, ".policy_ro(", &ro}, {parse_empty, ".policy_readwrite(", &rw}, {parse_empty, ".policy_rw(", &rw}, + {parse_empty, ".policy_silent_ro(", &cfg->policy_silent_ro}, + {parse_empty, ".policy_silent_fail(", &cfg->policy_silent_fail}, + {parse_empty, ".policy_no_log(", &cfg->policy_silent_fail}, + {parse_empty, ".policy_drop(", &cfg->policy_drop}, {0, 0, 0}}; int ret = parse_keywords(sp_config_ini_protection, line); @@ -585,15 +590,19 @@ int parse_ini_protection(char *line) { return -1; } if (enable || disable) { - SNUFFLEUPAGUS_G(config).config_ini->enable = (enable || !disable); + cfg->enable = (enable || !disable); } if (ro && rw) { sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); return -1; } - SNUFFLEUPAGUS_G(config).config_ini->policy_readonly = ro; + cfg->policy_readonly = ro; + if (cfg->policy_silent_fail && cfg->policy_drop) { + sp_log_err("config", "policy cannot be drop and silent at the same time on line %zu", sp_line_no); + return -1; + } return ret; } @@ -611,8 +620,10 @@ int parse_ini_entry(char *line) { {parse_regexp, ".regexp(", &entry->regexp}, {parse_empty, ".readonly(", &ro}, {parse_empty, ".ro(", &ro}, - {parse_empty, ".readwrite()", &rw}, - {parse_empty, ".rw()", &rw}, + {parse_empty, ".readwrite(", &rw}, + {parse_empty, ".rw(", &rw}, + {parse_empty, ".drop(", &entry->drop}, + {parse_empty, ".allow_null(", &entry->allow_null}, {0, 0, 0}}; int ret = parse_keywords(sp_config_ini_protection, line); diff --git a/src/sp_ini.c b/src/sp_ini.c index 05d7d99..5777ca3 100644 --- a/src/sp_ini.c +++ b/src/sp_ini.c @@ -3,6 +3,15 @@ #define SP_INI_HAS_CHECKS_COND(entry) (entry->min || entry->max || entry->regexp) #define SP_INI_ACCESS_READONLY_COND(entry, cfg) (entry->access == SP_READONLY || (!entry->access && cfg->policy_readonly)) +#define sp_log_auto2(feature, is_simulation, drop, ...) \ + sp_log_msgf(feature, ((is_simulation || !drop) ? SP_LOG_WARN : SP_LOG_ERROR), \ + (is_simulation ? SP_TYPE_SIMULATION : (drop ? SP_TYPE_DROP : SP_TYPE_LOG)), \ + __VA_ARGS__) +#define sp_log_ini_check_violation(...) if (simulation || cfg->policy_drop || (entry && entry->drop) || !cfg->policy_silent_fail) { \ + sp_log_auto2("ini_protection", simulation, (cfg->policy_drop || (entry && entry->drop)), __VA_ARGS__); \ + } + + static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_value, sp_ini_entry **sp_entry_p) { if (!varname || ZSTR_LEN(varname) == 0) { return false; @@ -17,40 +26,49 @@ static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_va if (!entry) { if (cfg->policy_readonly) { - sp_log_auto("ini_protection", simulation, "INI setting is read-only"); - if (simulation) { return true; } - return false; + if (!cfg->policy_silent_ro) { + sp_log_ini_check_violation("INI setting is read-only"); + } + return simulation; } return true; } + // we have an entry. + if (SP_INI_ACCESS_READONLY_COND(entry, cfg)) { - sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI setting is read-only")); - if (simulation) { return true; } - return false; + if (!cfg->policy_silent_ro) { + sp_log_ini_check_violation("%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI setting is read-only")); + } + return simulation; } - if (!new_value && SP_INI_HAS_CHECKS_COND(entry)) { - sp_log_auto("ini_protection", simulation, "new INI value must not be NULL"); - if (simulation) { return true; } - return false; + if (!new_value || ZSTR_LEN(new_value) == 0) { + if (entry->allow_null) { + return true; // allow NULL value and skip other tests + } + if (SP_INI_HAS_CHECKS_COND(entry)) { + sp_log_ini_check_violation("new INI value must not be NULL or empty"); + return simulation; + } + return true; // no new_value, but no checks to perform } + // we have a new_value. + if (entry->min || entry->max) { zend_long lvalue = zend_atol(ZSTR_VAL(new_value), ZSTR_LEN(new_value)); if ((entry->min && zend_atol(ZSTR_VAL(entry->min), ZSTR_LEN(entry->min)) > lvalue) || (entry->max && zend_atol(ZSTR_VAL(entry->max), ZSTR_LEN(entry->max)) < lvalue)) { - sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value out of range")); - if (simulation) { return true; } - return false; + sp_log_ini_check_violation("%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value out of range")); + return simulation; } } if (entry->regexp) { if (!sp_is_regexp_matching_len(entry->regexp, ZSTR_VAL(new_value), ZSTR_LEN(new_value))) { - sp_log_auto("ini_protection", simulation, "%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value does not match regex")); - if (simulation) { return true; } - return false; + sp_log_ini_check_violation("%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value does not match regex")); + return simulation; } } @@ -83,7 +101,7 @@ void sp_hook_ini() { sp_log_warn("ini_protection", "Cannot hook INI var `%s`. Maybe a typo or the PHP extension providing this var is not loaded yet.", ZSTR_VAL(sp_entry->key)); continue; } - if (SP_INI_ACCESS_READONLY_COND(sp_entry, cfg)) { + if (SP_INI_ACCESS_READONLY_COND(sp_entry, cfg) && (cfg->policy_silent_ro || cfg->policy_silent_fail) && !sp_entry->drop && !(sp_entry->simulation || cfg->simulation)) { ini_entry->modifiable = ini_entry->orig_modifiable = 0; } PHP_INI_MH((*orig_onmodify)) = ini_entry->on_modify; -- cgit v1.3 From 5fbb1733f67172e4111fa512961106f4733395db Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 15:57:30 +0200 Subject: unit tests for ini protection feature --- src/tests/ini/config/sp-policy-drop.ini | 3 +++ src/tests/ini/config/sp-policy-silent-fail.ini | 3 +++ src/tests/ini/config/sp.ini | 11 +++++++++ src/tests/ini/ini_min_policy_drop.phpt | 13 ++++++++++ src/tests/ini/ini_min_policy_silent_fail.phpt | 14 +++++++++++ src/tests/ini/ini_minmax.phpt | 34 ++++++++++++++++++++++++++ src/tests/ini/ini_null.phpt | 26 ++++++++++++++++++++ src/tests/ini/ini_regexp.phpt | 19 ++++++++++++++ src/tests/ini/ini_regexp_drop.phpt | 13 ++++++++++ src/tests/ini/ini_set.phpt | 12 +++++++++ 10 files changed, 148 insertions(+) create mode 100644 src/tests/ini/config/sp-policy-drop.ini create mode 100644 src/tests/ini/config/sp-policy-silent-fail.ini create mode 100644 src/tests/ini/config/sp.ini create mode 100644 src/tests/ini/ini_min_policy_drop.phpt create mode 100644 src/tests/ini/ini_min_policy_silent_fail.phpt create mode 100644 src/tests/ini/ini_minmax.phpt create mode 100644 src/tests/ini/ini_null.phpt create mode 100644 src/tests/ini/ini_regexp.phpt create mode 100644 src/tests/ini/ini_regexp_drop.phpt create mode 100644 src/tests/ini/ini_set.phpt (limited to 'src') diff --git a/src/tests/ini/config/sp-policy-drop.ini b/src/tests/ini/config/sp-policy-drop.ini new file mode 100644 index 0000000..1c28030 --- /dev/null +++ b/src/tests/ini/config/sp-policy-drop.ini @@ -0,0 +1,3 @@ +sp.ini_protection.enable(); +sp.ini_protection.policy_drop(); +sp.ini.key("log_errors_max_len").min("200").max("2000"); diff --git a/src/tests/ini/config/sp-policy-silent-fail.ini b/src/tests/ini/config/sp-policy-silent-fail.ini new file mode 100644 index 0000000..8236077 --- /dev/null +++ b/src/tests/ini/config/sp-policy-silent-fail.ini @@ -0,0 +1,3 @@ +sp.ini_protection.enable(); +sp.ini_protection.policy_silent_fail(); +sp.ini.key("log_errors_max_len").min("200").max("2000"); diff --git a/src/tests/ini/config/sp.ini b/src/tests/ini/config/sp.ini new file mode 100644 index 0000000..3022e37 --- /dev/null +++ b/src/tests/ini/config/sp.ini @@ -0,0 +1,11 @@ +sp.ini_protection.enable(); + +sp.ini.key("log_errors_max_len").min("200").max("2000"); +sp.ini.key("max_execution_time").min("30").max("600"); +sp.ini.key("highlight.comment").regexp("^#[0-9a-fA-F]{6}$"); +sp.ini.key("default_mimetype").set("text/plain").ro(); + +sp.ini.key("sendmail_from").set("test@example.com").regexp(".*@example\\.com$").allow_null(); +sp.ini.key("unserialize_callback_func").set("def").regexp("^abc$"); + +sp.ini.key("user_agent").regexp("^abc$").drop(); diff --git a/src/tests/ini/ini_min_policy_drop.phpt b/src/tests/ini/ini_min_policy_drop.phpt new file mode 100644 index 0000000..9dddcc4 --- /dev/null +++ b/src/tests/ini/ini_min_policy_drop.phpt @@ -0,0 +1,13 @@ +--TEST-- +INI protection .min() + .policy_drop() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp-policy-drop.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][ini_protection][drop] INI value out of range in %a/ini_min_policy_drop.php on line 2 diff --git a/src/tests/ini/ini_min_policy_silent_fail.phpt b/src/tests/ini/ini_min_policy_silent_fail.phpt new file mode 100644 index 0000000..8ef780d --- /dev/null +++ b/src/tests/ini/ini_min_policy_silent_fail.phpt @@ -0,0 +1,14 @@ +--TEST-- +INI protection .min() + .policy_silent_fail() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp-policy-silent-fail.ini +--FILE-- + +--EXPECTF-- +bool(true) +string(1) "0" \ No newline at end of file diff --git a/src/tests/ini/ini_minmax.phpt b/src/tests/ini/ini_minmax.phpt new file mode 100644 index 0000000..fc93075 --- /dev/null +++ b/src/tests/ini/ini_minmax.phpt @@ -0,0 +1,34 @@ +--TEST-- +INI protection .min()/.max() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp.ini +--FILE-- + +--EXPECTF-- +bool(false) +string(3) "200" +bool(false) +string(4) "2000" + +Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value out of range in %a/ini_minmax.php on line 8 +bool(true) +string(4) "2000" + +Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value out of range in %a/ini_minmax.php on line 11 +bool(true) +string(4) "2000" \ No newline at end of file diff --git a/src/tests/ini/ini_null.phpt b/src/tests/ini/ini_null.phpt new file mode 100644 index 0000000..32a12c1 --- /dev/null +++ b/src/tests/ini/ini_null.phpt @@ -0,0 +1,26 @@ +--TEST-- +INI protection .allow_null() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp.ini +--FILE-- + +--EXPECTF-- +bool(false) +string(15) "foo@example.com" +bool(false) +string(0) "" + +Warning: [snuffleupagus][0.0.0.0][ini_protection][log] new INI value must not be NULL or empty in %a/ini_null.php on line 8 +bool(true) +string(3) "def" \ No newline at end of file diff --git a/src/tests/ini/ini_regexp.phpt b/src/tests/ini/ini_regexp.phpt new file mode 100644 index 0000000..f6c5198 --- /dev/null +++ b/src/tests/ini/ini_regexp.phpt @@ -0,0 +1,19 @@ +--TEST-- +INI protection .regexp() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp.ini +--FILE-- + +--EXPECTF-- +string(7) "#000aBc" + +Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value does not match regex in %a/ini_regexp.php on line 5 +string(7) "#000aBc" diff --git a/src/tests/ini/ini_regexp_drop.phpt b/src/tests/ini/ini_regexp_drop.phpt new file mode 100644 index 0000000..9225470 --- /dev/null +++ b/src/tests/ini/ini_regexp_drop.phpt @@ -0,0 +1,13 @@ +--TEST-- +INI protection .min() + .drop() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][ini_protection][drop] INI value does not match regex in %a/ini_regexp_drop.php on line 2 diff --git a/src/tests/ini/ini_set.phpt b/src/tests/ini/ini_set.phpt new file mode 100644 index 0000000..bfafbe8 --- /dev/null +++ b/src/tests/ini/ini_set.phpt @@ -0,0 +1,12 @@ +--TEST-- +INI protection .set() +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sp.ini +--FILE-- + +--EXPECTF-- +string(10) "text/plain" \ No newline at end of file -- cgit v1.3 From 0156cbf1d165a9df8e952cd09e23d2ecc29d3a6e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 18:45:03 +0200 Subject: fixed test case --- src/tests/broken_configuration_php8/broken_conf_key_value.phpt | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt index ceb9add..24c60bc 100644 --- a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt @@ -7,8 +7,7 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_key_value.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. -- cgit v1.3 From a997aac81cdda77028f74211cad2d07489854994 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 18:45:33 +0200 Subject: fixed cidr matching and test cases --- src/sp_config.c | 2 +- src/sp_network_utils.c | 10 +++++++++- .../broken_conf_invalid_cidr6_too_big.phpt | 4 ++++ .../broken_configuration_php8/broken_conf_invalid_cidr.phpt | 3 +-- .../broken_conf_invalid_cidr6_too_big.phpt | 4 ++++ 5 files changed, 19 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/sp_config.c b/src/sp_config.c index 667867b..0144b1a 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -163,7 +163,7 @@ int parse_cidr(char *restrict line, char *restrict keyword, void *retval) { sp_cidr *cidr = pecalloc(sizeof(sp_cidr), 1, 1); - if (0 == get_ip_and_cidr(ZSTR_VAL(value), cidr)) { + if (0 != get_ip_and_cidr(ZSTR_VAL(value), cidr)) { pefree(cidr, 1); *(sp_cidr **)retval = NULL; return -1; diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c index 31e8426..5b4fd95 100644 --- a/src/sp_network_utils.c +++ b/src/sp_network_utils.c @@ -91,10 +91,13 @@ int get_ip_and_cidr(char *ip, sp_cidr *cidr) { return -1; } - if (sscanf(mask + 1, "%hhu", &(cidr->mask)) != 1) { + int masklen = strlen(mask+1); + int imask = atoi(mask+1); + if (masklen < 1 || masklen > 3 || !isdigit(*(mask+1)) || (masklen >= 2 && !isdigit(*(mask+2))) || (masklen == 3 && !isdigit(*(mask+3))) || imask < 0 || imask > 128) { sp_log_err("config", "'%s' isn't a valid network mask.", mask + 1); return -1; } + cidr->mask = (uint8_t)imask; ip[mask - ip] = '\0'; // NULL the '/' char @@ -113,5 +116,10 @@ int get_ip_and_cidr(char *ip, sp_cidr *cidr) { } ip[mask - ip] = '/'; + if (cidr->ip_version < 0) { + sp_log_err("cidr_match", "Weird ip (%s) family", ip); + return -1; + } + return 0; } diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt index 47d4a5d..bc353c9 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt @@ -3,7 +3,11 @@ Broken configuration, cidr for ipv6 is too big, that will `mod` to 25. (13337%128 = 25) --SKIPIF-- += 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini --FILE-- --EXPECT-- + +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 +Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt index f66d8b6..7bbf132 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt @@ -7,8 +7,7 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_invalid_cidr.ini --FILE-- --EXPECT-- - Fatal error: [snuffleupagus][0.0.0.0][config][log] '42' isn't a valid ipv4 mask. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. +Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt index 47d4a5d..07acfb1 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt @@ -7,3 +7,7 @@ Broken configuration, cidr for ipv6 is too big, that will `mod` to 25. sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini --FILE-- --EXPECT-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] '13337' isn't a valid network mask. in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 +Could not startup. \ No newline at end of file -- cgit v1.3 From f275c866a42b333646a2736f904504f2561ec5c0 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 18:50:26 +0200 Subject: fixed tests due to output changes --- src/tests/cookies_encryption/encrypt_cookies_invalid_decryption2.phpt | 2 +- .../encrypt_cookies_invalid_decryption_short_cookie.phpt | 2 +- .../encrypt_cookies_invalid_decryption_simulation.phpt | 2 +- src/tests/cookies_encryption/encrypt_regexp_cookies_empty_env.phpt | 2 +- .../cookies_encryption/encrypt_regexp_cookies_invalid_decryption2.phpt | 2 +- 5 files changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption2.phpt b/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption2.phpt index 5ec6af5..0c8d024 100644 --- a/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption2.phpt +++ b/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption2.phpt @@ -16,4 +16,4 @@ EOF; --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][127.0.0.1][cookie_encryption][drop] Buffer underflow tentative detected in cookie encryption handling in Unknown on line 0 \ No newline at end of file +Fatal error: [snuffleupagus][127.0.0.1][cookie_encryption][drop] Buffer underflow (tentative) detected in cookie encryption handling in Unknown on line 0 \ No newline at end of file diff --git a/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_short_cookie.phpt b/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_short_cookie.phpt index 00a2cec..53f4f3f 100644 --- a/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_short_cookie.phpt +++ b/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_short_cookie.phpt @@ -16,7 +16,7 @@ EOF; --FILE-- --EXPECT-- -Warning: [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Buffer underflow tentative detected in cookie encryption handling for super_cookie. Using the cookie 'as it' instead of decrypting it in Unknown on line 0 +Warning: [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Buffer underflow tentative detected in cookie encryption handling for super_cookie. Using the cookie 'as is' instead of decrypting it in Unknown on line 0 array(2) { ["super_cookie"]=> string(3) "AAA" diff --git a/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_simulation.phpt b/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_simulation.phpt index 4d8e18d..eefa507 100644 --- a/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_simulation.phpt +++ b/src/tests/cookies_encryption/encrypt_cookies_invalid_decryption_simulation.phpt @@ -18,7 +18,7 @@ EOF; echo "1337\n"; var_dump($_COOKIE); ?> --EXPECT-- -Warning: [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Something went wrong with the decryption of super_cookie. Using the cookie 'as it' instead of decrypting it in Unknown on line 0 +Warning: [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Something went wrong with the decryption of super_cookie. Using the cookie 'as is' instead of decrypting it in Unknown on line 0 1337 array(2) { ["super_cookie"]=> diff --git a/src/tests/cookies_encryption/encrypt_regexp_cookies_empty_env.phpt b/src/tests/cookies_encryption/encrypt_regexp_cookies_empty_env.phpt index 53f2eba..1886cfc 100644 --- a/src/tests/cookies_encryption/encrypt_regexp_cookies_empty_env.phpt +++ b/src/tests/cookies_encryption/encrypt_regexp_cookies_empty_env.phpt @@ -16,4 +16,4 @@ EOF; --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][cookie_encryption][drop] Buffer underflow tentative detected in cookie encryption handling in Unknown on line 0 \ No newline at end of file +Fatal error: [snuffleupagus][0.0.0.0][cookie_encryption][drop] Buffer underflow (tentative) detected in cookie encryption handling in Unknown on line 0 \ No newline at end of file diff --git a/src/tests/cookies_encryption/encrypt_regexp_cookies_invalid_decryption2.phpt b/src/tests/cookies_encryption/encrypt_regexp_cookies_invalid_decryption2.phpt index 29444dc..d86433e 100644 --- a/src/tests/cookies_encryption/encrypt_regexp_cookies_invalid_decryption2.phpt +++ b/src/tests/cookies_encryption/encrypt_regexp_cookies_invalid_decryption2.phpt @@ -16,4 +16,4 @@ EOF; --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][127.0.0.1][cookie_encryption][drop] Buffer underflow tentative detected in cookie encryption handling in Unknown on line 0 \ No newline at end of file +Fatal error: [snuffleupagus][127.0.0.1][cookie_encryption][drop] Buffer underflow (tentative) detected in cookie encryption handling in Unknown on line 0 \ No newline at end of file -- cgit v1.3 From 5f0deb5a03ab26e2b1493244aa2beb4ca07f6a9f Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 19:57:17 +0200 Subject: removed incorrect duplicate check --- src/sp_config.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/sp_config.c b/src/sp_config.c index 0144b1a..37c749b 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -95,7 +95,6 @@ int parse_list(char *restrict line, char *restrict keyword, void *list_ptr) { } int parse_php_type(char *restrict line, char *restrict keyword, void *retval) { - CHECK_DUPLICATE_KEYWORD(retval); size_t consumed = 0; zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); if (!value) { -- cgit v1.3 From 26a33c19d6ac5322c69e825d623332c1d32e4af8 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 19:58:24 +0200 Subject: fixed doulbe hook --- src/sp_utils.c | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/sp_utils.c b/src/sp_utils.c index af78d20..7ec98cf 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -398,6 +398,9 @@ bool /* success */ _hook_function(const char* original_name, HashTable* hook_tab if (func->type != ZEND_INTERNAL_FUNCTION) { return false; } + if (func->internal_function.handler == new_function) { + return true; + } if (zend_hash_str_add_new_ptr((hook_table), VAR_AND_LEN(original_name), func->internal_function.handler) == NULL) { // LCOV_EXCL_START -- cgit v1.3 From 5746031cf78bdeab8d9ae30c8b8c8a8fb74340be Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 20:00:45 +0200 Subject: fixed disabled_functions tests --- src/tests/disable_function/config/disabled_functions_chmod.ini | 2 -- src/tests/disable_function/config/disabled_functions_chmod_php8.ini | 2 ++ src/tests/disable_function/disabled_functions_chmod_php8.phpt | 5 ++--- 3 files changed, 4 insertions(+), 5 deletions(-) create mode 100644 src/tests/disable_function/config/disabled_functions_chmod_php8.ini (limited to 'src') diff --git a/src/tests/disable_function/config/disabled_functions_chmod.ini b/src/tests/disable_function/config/disabled_functions_chmod.ini index e601900..22b0af2 100644 --- a/src/tests/disable_function/config/disabled_functions_chmod.ini +++ b/src/tests/disable_function/config/disabled_functions_chmod.ini @@ -1,4 +1,2 @@ # PHP7 and below sp.disable_function.function("chmod").param("mode").value("511").drop(); -# PHP8 -sp.disable_function.function("chmod").param("permissions").value("511").drop(); diff --git a/src/tests/disable_function/config/disabled_functions_chmod_php8.ini b/src/tests/disable_function/config/disabled_functions_chmod_php8.ini new file mode 100644 index 0000000..d07dd31 --- /dev/null +++ b/src/tests/disable_function/config/disabled_functions_chmod_php8.ini @@ -0,0 +1,2 @@ +# PHP8 +sp.disable_function.function("chmod").param("permissions").value("511").drop(); diff --git a/src/tests/disable_function/disabled_functions_chmod_php8.phpt b/src/tests/disable_function/disabled_functions_chmod_php8.phpt index 71bb034..c947ba7 100644 --- a/src/tests/disable_function/disabled_functions_chmod_php8.phpt +++ b/src/tests/disable_function/disabled_functions_chmod_php8.phpt @@ -4,11 +4,10 @@ Disable functions - chmod, in php8 --INI-- -sp.configuration_file={PWD}/config/disabled_functions_chmod.ini +sp.configuration_file={PWD}/config/disabled_functions_chmod_php8.ini --FILE-- ---XFAIL-- --EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'chmod', because its argument '$permissions' content (511) matched a rule in %a/disabled_function_chmod_php8.php on line %d +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'chmod', because its argument '$permissions' content (511) matched a rule in %a.php on line %d -- cgit v1.3 From 51c020904f25ac7400e4db2e5174edc8c49fcb43 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 22:31:55 +0200 Subject: fixed compiler warning --- src/sp_upload_validation.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index cebab3e..4d44011 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -53,7 +53,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { char *cmd[3] = {0}; char *env[5] = {0}; - sp_log_debug("Filename: %s\nTmpname: %s\nSize: %d\nError: %d\nScript: %s", + sp_log_debug("Filename: %s\nTmpname: %s\nSize: %zd\nError: %lld\nScript: %s", filename, tmp_name, filesize, Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), "error", 5)), ZSTR_VAL(config_upload->script)); -- cgit v1.3 From 26ee817a0e5a2bed4994fd4efc13e7f5106ca55c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 22:33:21 +0200 Subject: PHP7 compatibility --- src/config.m4 | 2 +- src/php_snuffleupagus.h | 1 + src/sp_php_compat.c | 22 ++++++++++++++++++++++ src/sp_php_compat.h | 12 ++++++++++++ 4 files changed, 36 insertions(+), 1 deletion(-) create mode 100644 src/sp_php_compat.c create mode 100644 src/sp_php_compat.h (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index 1410565..9778820 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -7,7 +7,7 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c" sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c" sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c" sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c" -sources="$sources sp_ini.c" +sources="$sources sp_ini.c sp_php_compat.c" PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support, [ --enable-snuffleupagus Enable snuffleupagus support]) diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index be4d306..928095d 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -65,6 +65,7 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); #define SP_CONFIG_INVALID 0 #define SP_CONFIG_NONE -1 +#include "sp_php_compat.h" #include "sp_pcre_compat.h" #include "sp_list.h" #include "sp_tree.h" diff --git a/src/sp_php_compat.c b/src/sp_php_compat.c new file mode 100644 index 0000000..933acd8 --- /dev/null +++ b/src/sp_php_compat.c @@ -0,0 +1,22 @@ +#include "php_snuffleupagus.h" + +#if PHP_VERSION_ID < 80000 + +// zend_string_concat2 taken from PHP 8.0.9 zend_string.c +// TODO: license clarification + +ZEND_API zend_string *zend_string_concat2( + const char *str1, size_t str1_len, + const char *str2, size_t str2_len) +{ + size_t len = str1_len + str2_len; + zend_string *res = zend_string_alloc(len, 0); + + memcpy(ZSTR_VAL(res), str1, str1_len); + memcpy(ZSTR_VAL(res) + str1_len, str2, str2_len); + ZSTR_VAL(res)[len] = '\0'; + + return res; +} + +#endif diff --git a/src/sp_php_compat.h b/src/sp_php_compat.h new file mode 100644 index 0000000..380abe4 --- /dev/null +++ b/src/sp_php_compat.h @@ -0,0 +1,12 @@ +#if PHP_VERSION_ID < 80000 +ZEND_API zend_string *zend_string_concat2( + const char *str1, size_t str1_len, + const char *str2, size_t str2_len); + +#define ZEND_HASH_REVERSE_FOREACH_KEY_PTR(ht, _h, _key, _ptr) \ + ZEND_HASH_REVERSE_FOREACH(ht, 0); \ + _h = _p->h; \ + _key = _p->key; \ + _ptr = Z_PTR_P(_z); + +#endif \ No newline at end of file -- cgit v1.3 From 1dfc52900e842c388dae28cc44fa08452b82c006 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 7 Aug 2021 22:34:06 +0200 Subject: fixed some PHP7 test cases --- src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt | 3 +++ .../broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt | 1 + src/tests/deny_writable/deny_writable_execution_simulation.phpt | 1 - 3 files changed, 4 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt index bc353c9..58065a4 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt @@ -8,6 +8,9 @@ Broken configuration, cidr for ipv6 is too big, that will `mod` to 25. sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini --FILE-- --EXPECT-- +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '13337' isn't a valid network mask. in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][config][log] '13337' isn't a valid network mask. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt index 07acfb1..c14e131 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt @@ -3,6 +3,7 @@ Broken configuration, cidr for ipv6 is too big, that will `mod` to 25. (13337%128 = 25) --SKIPIF-- + --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini --FILE-- diff --git a/src/tests/deny_writable/deny_writable_execution_simulation.phpt b/src/tests/deny_writable/deny_writable_execution_simulation.phpt index d4b8efc..1118dc0 100644 --- a/src/tests/deny_writable/deny_writable_execution_simulation.phpt +++ b/src/tests/deny_writable/deny_writable_execution_simulation.phpt @@ -18,7 +18,6 @@ if (TRUE == function_exists("posix_getuid")) { ?> --INI-- sp.configuration_file={PWD}/config/config_disable_writable_simulation.ini ---XFAIL-- --FILE-- --EXPECTF-- -Fatal error: [snuffleupagus][127.0.0.1][cookie_encryption][drop] Buffer underflow tentative detected in cookie encryption handling in %s/crypt_session_corrupted_session.php on line %s +Fatal error: [snuffleupagus][127.0.0.1][cookie_encryption][drop] Buffer underflow (tentative) detected in cookie encryption handling in %s/crypt_session_corrupted_session.php on line %s -- cgit v1.3 From f41303ebed6f5de3a264ba5c70851d4da215061c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sun, 8 Aug 2021 12:31:42 +0200 Subject: fixed test case. src in path is not mandatory --- src/tests/disable_function/disabled_functions_runtime.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/tests/disable_function/disabled_functions_runtime.phpt b/src/tests/disable_function/disabled_functions_runtime.phpt index 3d74b40..16ecfdb 100644 --- a/src/tests/disable_function/disabled_functions_runtime.phpt +++ b/src/tests/disable_function/disabled_functions_runtime.phpt @@ -29,4 +29,4 @@ unlink("file_to_include2.php"); --EXPECTF-- 1338 -Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'test', because its argument '$param' content (1337) matched a rule in %a/src/file_to_include%d.php on line 1 +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'test', because its argument '$param' content (1337) matched a rule in %a/file_to_include%d.php on line 1 -- cgit v1.3 From ecbc2bba7ba2d1c0c766dd16195ee88edbe550a8 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sun, 8 Aug 2021 12:44:13 +0200 Subject: more PHP 7 compatibility and license clarification --- PHP_LICENSE | 68 +++++++++++++++++++++++++++++++++++++++ doc/source/faq.rst | 6 ++++ src/sp_php_compat.c | 3 +- src/sp_php_compat.h | 93 +++++++++++++++++++++++++++++++++++++++++++++++++---- 4 files changed, 162 insertions(+), 8 deletions(-) create mode 100644 PHP_LICENSE (limited to 'src') diff --git a/PHP_LICENSE b/PHP_LICENSE new file mode 100644 index 0000000..4076fe9 --- /dev/null +++ b/PHP_LICENSE @@ -0,0 +1,68 @@ +-------------------------------------------------------------------- + The PHP License, version 3.01 +Copyright (c) 1999 - 2019 The PHP Group. All rights reserved. +-------------------------------------------------------------------- + +Redistribution and use in source and binary forms, with or without +modification, is permitted provided that the following conditions +are met: + + 1. Redistributions of source code must retain the above copyright + notice, this list of conditions and the following disclaimer. + + 2. Redistributions in binary form must reproduce the above copyright + notice, this list of conditions and the following disclaimer in + the documentation and/or other materials provided with the + distribution. + + 3. The name "PHP" must not be used to endorse or promote products + derived from this software without prior written permission. For + written permission, please contact group@php.net. + + 4. Products derived from this software may not be called "PHP", nor + may "PHP" appear in their name, without prior written permission + from group@php.net. You may indicate that your software works in + conjunction with PHP by saying "Foo for PHP" instead of calling + it "PHP Foo" or "phpfoo" + + 5. The PHP Group may publish revised and/or new versions of the + license from time to time. Each version will be given a + distinguishing version number. + Once covered code has been published under a particular version + of the license, you may always continue to use it under the terms + of that version. You may also choose to use such covered code + under the terms of any subsequent version of the license + published by the PHP Group. No one other than the PHP Group has + the right to modify the terms applicable to covered code created + under this License. + + 6. Redistributions of any form whatsoever must retain the following + acknowledgment: + "This product includes PHP software, freely available from + ". + +THIS SOFTWARE IS PROVIDED BY THE PHP DEVELOPMENT TEAM ``AS IS'' AND +ANY EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, +THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A +PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE PHP +DEVELOPMENT TEAM OR ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, +INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES +(INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR +SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) +HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, +STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) +ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED +OF THE POSSIBILITY OF SUCH DAMAGE. + +-------------------------------------------------------------------- + +This software consists of voluntary contributions made by many +individuals on behalf of the PHP Group. + +The PHP Group can be contacted via Email at group@php.net. + +For more information on the PHP Group and the PHP project, +please see . + +PHP includes the Zend Engine, freely available at +. diff --git a/doc/source/faq.rst b/doc/source/faq.rst index bdfc7c1..57b910d 100644 --- a/doc/source/faq.rst +++ b/doc/source/faq.rst @@ -79,6 +79,12 @@ We chose the LGPL because we don't care that much how you're using Snuffleupagus but we'd like to force people to make their improvements/contributions available to everyone. +The complete license text is shipped with the sources and can be found under ``LICENSE``. + +For compatibility with older PHP versions, some original PHP source code was copied or ported back to older versions. +This source code resides in ``src/sp_php_compat.c`` and ``src/sp_php_compat.h`` and retains its original license +`The PHP License, version 3.01 `, also included with the sources as ``PHP_LICENSE``. + What is the different between SNuffleupaugs and a (WAF) like ModSecurity? """"""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""""" diff --git a/src/sp_php_compat.c b/src/sp_php_compat.c index 933acd8..cd7c3e7 100644 --- a/src/sp_php_compat.c +++ b/src/sp_php_compat.c @@ -2,8 +2,7 @@ #if PHP_VERSION_ID < 80000 -// zend_string_concat2 taken from PHP 8.0.9 zend_string.c -// TODO: license clarification +// copied from PHP 8.0.9 sources ZEND_API zend_string *zend_string_concat2( const char *str1, size_t str1_len, diff --git a/src/sp_php_compat.h b/src/sp_php_compat.h index 380abe4..992c3e2 100644 --- a/src/sp_php_compat.h +++ b/src/sp_php_compat.h @@ -1,12 +1,93 @@ #if PHP_VERSION_ID < 80000 + +// copied from PHP 8.0.9 sources ZEND_API zend_string *zend_string_concat2( - const char *str1, size_t str1_len, - const char *str2, size_t str2_len); + const char *str1, size_t str1_len, + const char *str2, size_t str2_len); #define ZEND_HASH_REVERSE_FOREACH_KEY_PTR(ht, _h, _key, _ptr) \ - ZEND_HASH_REVERSE_FOREACH(ht, 0); \ - _h = _p->h; \ - _key = _p->key; \ - _ptr = Z_PTR_P(_z); + ZEND_HASH_REVERSE_FOREACH(ht, 0); \ + _h = _p->h; \ + _key = _p->key; \ + _ptr = Z_PTR_P(_z); + +#endif + +#if PHP_VERSION_ID < 70300 + +// copied from PHP 7.4.22 sources + +static zend_always_inline uint32_t zend_gc_delref(zend_refcounted_h *p) { + ZEND_ASSERT(p->refcount > 0); + // ZEND_RC_MOD_CHECK(p); + return --(p->refcount); +} +#define GC_DELREF(p) zend_gc_delref(&(p)->gc) + +static zend_always_inline void zend_string_release_ex(zend_string *s, int persistent) +{ + if (!ZSTR_IS_INTERNED(s)) { + if (GC_DELREF(s) == 0) { + if (persistent) { + ZEND_ASSERT(GC_FLAGS(s) & IS_STR_PERSISTENT); + free(s); + } else { + ZEND_ASSERT(!(GC_FLAGS(s) & IS_STR_PERSISTENT)); + efree(s); + } + } + } +} + +static zend_always_inline void zend_string_efree(zend_string *s) +{ + ZEND_ASSERT(!ZSTR_IS_INTERNED(s)); + ZEND_ASSERT(GC_REFCOUNT(s) <= 1); + ZEND_ASSERT(!(GC_FLAGS(s) & IS_STR_PERSISTENT)); + efree(s); +} + +#endif + +#if PHP_VERSION_ID < 70200 + +#undef ZEND_HASH_REVERSE_FOREACH + +// copied from PHP 7.4.22 sources + +#define ZEND_HASH_REVERSE_FOREACH(_ht, indirect) do { \ + HashTable *__ht = (_ht); \ + uint32_t _idx = __ht->nNumUsed; \ + Bucket *_p = __ht->arData + _idx; \ + zval *_z; \ + for (_idx = __ht->nNumUsed; _idx > 0; _idx--) { \ + _p--; \ + _z = &_p->val; \ + if (indirect && Z_TYPE_P(_z) == IS_INDIRECT) { \ + _z = Z_INDIRECT_P(_z); \ + } \ + if (UNEXPECTED(Z_TYPE_P(_z) == IS_UNDEF)) continue; + + +#define ZEND_HASH_FOREACH_END_DEL() \ + __ht->nNumOfElements--; \ + do { \ + uint32_t j = HT_IDX_TO_HASH(_idx - 1); \ + uint32_t nIndex = _p->h | __ht->nTableMask; \ + uint32_t i = HT_HASH(__ht, nIndex); \ + if (UNEXPECTED(j != i)) { \ + Bucket *prev = HT_HASH_TO_BUCKET(__ht, i); \ + while (Z_NEXT(prev->val) != j) { \ + i = Z_NEXT(prev->val); \ + prev = HT_HASH_TO_BUCKET(__ht, i); \ + } \ + Z_NEXT(prev->val) = Z_NEXT(_p->val); \ + } else { \ + HT_HASH(__ht, nIndex) = Z_NEXT(_p->val); \ + } \ + } while (0); \ + } \ + __ht->nNumUsed = _idx; \ + } while (0) #endif \ No newline at end of file -- cgit v1.3 From 5e99a900bb1eb3e0d7c4ad4575dee29798d27abb Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sun, 8 Aug 2021 15:42:01 +0200 Subject: removed invalid inline keyword --- src/sp_config_utils.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index 18cdf03..bc7b405 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -104,7 +104,7 @@ err: return NULL; } -zend_always_inline sp_list_node *parse_functions_list(char *value) { +sp_list_node *parse_functions_list(char *value) { static const char *sep = ">"; if (NULL == strchr(value, sep[0])) { -- cgit v1.3 From dce966ffec7dfdae2b701d581d71df6a5a542db9 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sun, 8 Aug 2021 15:55:06 +0200 Subject: fixed enable/disable logic --- src/sp_config_keywords.c | 49 +++++++--------------- src/tests/upload_validation/upload_validation.phpt | 2 +- 2 files changed, 15 insertions(+), 36 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index c547f10..b627122 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -1,5 +1,14 @@ #include "php_snuffleupagus.h" +#define SP_SET_ENABLE_DISABLE(enable, disable, varname) \ + if (enable && disable) { \ + sp_log_err("config", "A rule can't be enabled and disabled on line %zu", sp_line_no); \ + return -1; \ + } \ + if (enable || disable) { \ + (varname) = (enable || !disable); \ + } + static int parse_enable(char *line, bool *restrict retval, bool *restrict simulation) { bool enable = false, disable = false; @@ -15,13 +24,7 @@ static int parse_enable(char *line, bool *restrict retval, return ret; } - if (!(enable ^ disable)) { - sp_log_err("config", "A rule can't be enabled and disabled on line %zu", - sp_line_no); - return -1; - } - - *retval = enable; + SP_SET_ENABLE_DISABLE(enable, disable, *retval); return ret; } @@ -141,13 +144,7 @@ int parse_unserialize(char *line) { return ret; } - if (!(enable ^ disable)) { - sp_log_err("config", "A rule can't be enabled and disabled on line %zu", - sp_line_no); - return -1; - } - - SNUFFLEUPAGUS_G(config).config_unserialize->enable = enable; + SP_SET_ENABLE_DISABLE(enable, disable, SNUFFLEUPAGUS_G(config).config_unserialize->enable); return ret; } @@ -172,13 +169,7 @@ int parse_readonly_exec(char *line) { return ret; } - if (!(enable ^ disable)) { - sp_log_err("config", "A rule can't be enabled and disabled on line %zu", - sp_line_no); - return -1; - } - - SNUFFLEUPAGUS_G(config).config_readonly_exec->enable = enable; + SP_SET_ENABLE_DISABLE(enable, disable, SNUFFLEUPAGUS_G(config).config_readonly_exec->enable); return ret; } @@ -535,12 +526,7 @@ int parse_upload_validation(char *line) { return ret; } - if (!(enable ^ disable)) { - sp_log_err("config", "A rule can't be enabled and disabled on line %zu", - sp_line_no); - return -1; - } - SNUFFLEUPAGUS_G(config).config_upload_validation->enable = enable; + SP_SET_ENABLE_DISABLE(enable, disable, SNUFFLEUPAGUS_G(config).config_upload_validation->enable); zend_string const *script = SNUFFLEUPAGUS_G(config).config_upload_validation->script; @@ -584,14 +570,7 @@ int parse_ini_protection(char *line) { int ret = parse_keywords(sp_config_ini_protection, line); if (ret) { return ret; } - if (enable && disable) { - sp_log_err("config", "A rule can't be enabled and disabled on line %zu", - sp_line_no); - return -1; - } - if (enable || disable) { - cfg->enable = (enable || !disable); - } + SP_SET_ENABLE_DISABLE(enable, disable, cfg->enable); if (ro && rw) { sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); diff --git a/src/tests/upload_validation/upload_validation.phpt b/src/tests/upload_validation/upload_validation.phpt index 965d3aa..810c23d 100644 --- a/src/tests/upload_validation/upload_validation.phpt +++ b/src/tests/upload_validation/upload_validation.phpt @@ -15,4 +15,4 @@ echo 1; --EXPECTF-- Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` (tests/upload_ko.sh) doesn't exist on line 1 in Unknown on line 0 -- cgit v1.3 From f3d5d251875ee7f854a3df38709eedef4c6d1a31 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 10 Aug 2021 16:45:40 +0200 Subject: prevent option to be enabled and then disabled --- src/sp_config_keywords.c | 2 +- .../broken_configuration/broken_conf_enable_disable2.phpt | 15 +++++++++++++++ .../config/broken_conf_enable_disable2.ini | 2 ++ .../broken_conf_enable_disable2.phpt | 14 ++++++++++++++ 4 files changed, 32 insertions(+), 1 deletion(-) create mode 100644 src/tests/broken_configuration/broken_conf_enable_disable2.phpt create mode 100644 src/tests/broken_configuration/config/broken_conf_enable_disable2.ini create mode 100644 src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index b627122..a177a5e 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -1,7 +1,7 @@ #include "php_snuffleupagus.h" #define SP_SET_ENABLE_DISABLE(enable, disable, varname) \ - if (enable && disable) { \ + if (((varname) || enable) && disable) { \ sp_log_err("config", "A rule can't be enabled and disabled on line %zu", sp_line_no); \ return -1; \ } \ diff --git a/src/tests/broken_configuration/broken_conf_enable_disable2.phpt b/src/tests/broken_configuration/broken_conf_enable_disable2.phpt new file mode 100644 index 0000000..0d6fb8c --- /dev/null +++ b/src/tests/broken_configuration/broken_conf_enable_disable2.phpt @@ -0,0 +1,15 @@ +--TEST-- +Global strict mode +--SKIPIF-- + += 80000) print "skip"; ?> +--INI-- +sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable2.ini +--FILE-- +--EXPECTF-- +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 2 in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 2 in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini b/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini new file mode 100644 index 0000000..39d97cc --- /dev/null +++ b/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini @@ -0,0 +1,2 @@ +sp.global_strict.enable(); +sp.global_strict.disable(); diff --git a/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt b/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt new file mode 100644 index 0000000..efe5538 --- /dev/null +++ b/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt @@ -0,0 +1,14 @@ +--TEST-- +Global strict mode +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable2.ini +--FILE-- +--EXPECTF-- + +Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 2 in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 +Could not startup. -- cgit v1.3 From 06701d94ce1d043203abad603a4b7d0fc213e860 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 10 Aug 2021 16:58:12 +0200 Subject: filename typo --- src/tests/broken_configuration/broken_conf_enable_disable.phpt | 2 +- src/tests/broken_configuration/broken_conf_upload_validation.phpt | 2 +- src/tests/broken_configuration/config/borken_conf_enable_disable.ini | 1 - src/tests/broken_configuration/config/borken_conf_upload_validation.ini | 1 - src/tests/broken_configuration/config/broken_conf_enable_disable.ini | 1 + src/tests/broken_configuration/config/broken_conf_upload_validation.ini | 1 + src/tests/broken_configuration_php8/broken_conf_enable_disable.phpt | 2 +- src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt | 2 +- .../broken_configuration_php8/config/borken_conf_enable_disable.ini | 1 - .../broken_configuration_php8/config/borken_conf_upload_validation.ini | 1 - 10 files changed, 6 insertions(+), 8 deletions(-) delete mode 100644 src/tests/broken_configuration/config/borken_conf_enable_disable.ini delete mode 100644 src/tests/broken_configuration/config/borken_conf_upload_validation.ini create mode 100644 src/tests/broken_configuration/config/broken_conf_enable_disable.ini create mode 100644 src/tests/broken_configuration/config/broken_conf_upload_validation.ini delete mode 100644 src/tests/broken_configuration_php8/config/borken_conf_enable_disable.ini delete mode 100644 src/tests/broken_configuration_php8/config/borken_conf_upload_validation.ini (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf_enable_disable.phpt b/src/tests/broken_configuration/broken_conf_enable_disable.phpt index eeba04a..6ca95ea 100644 --- a/src/tests/broken_configuration/broken_conf_enable_disable.phpt +++ b/src/tests/broken_configuration/broken_conf_enable_disable.phpt @@ -4,7 +4,7 @@ Global strict mode = 80000) print "skip"; ?> --INI-- -sp.configuration_file={PWD}/config/borken_conf_enable_disable.ini +sp.configuration_file={PWD}/config/broken_conf_enable_disable.ini --FILE-- --EXPECTF-- PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_upload_validation.phpt b/src/tests/broken_configuration/broken_conf_upload_validation.phpt index 4b65339..9d36078 100644 --- a/src/tests/broken_configuration/broken_conf_upload_validation.phpt +++ b/src/tests/broken_configuration/broken_conf_upload_validation.phpt @@ -4,7 +4,7 @@ Invalid configuration file for upload validation = 80000) print "skip"; ?> --INI-- file_uploads=1 -sp.configuration_file={PWD}/config/borken_conf_upload_validation.ini +sp.configuration_file={PWD}/config/broken_conf_upload_validation.ini --FILE-- --INI-- -sp.configuration_file={PWD}/config/borken_conf_enable_disable.ini +sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable.ini --FILE-- --EXPECTF-- diff --git a/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt b/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt index 9edede6..d022e3e 100644 --- a/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt @@ -4,7 +4,7 @@ Invalid configuration file for upload validation --INI-- file_uploads=1 -sp.configuration_file={PWD}/config/borken_conf_upload_validation.ini +sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_upload_validation.ini --FILE-- enable)}, + {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, + {parse_disabled_functions, SP_TOKEN_DISABLE_FUNC, NULL}, + {parse_readonly_exec, SP_TOKEN_READONLY_EXEC, SNUFFLEUPAGUS_G(config).config_readonly_exec}, + {parse_enable, SP_TOKEN_GLOBAL_STRICT, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable)}, + {parse_upload_validation, SP_TOKEN_UPLOAD_VALIDATION, SNUFFLEUPAGUS_G(config).config_upload_validation}, + {parse_cookie, SP_TOKEN_COOKIE_ENCRYPTION, NULL}, + {parse_global, SP_TOKEN_GLOBAL, NULL}, + {parse_enable, SP_TOKEN_AUTO_COOKIE_SECURE, &(SNUFFLEUPAGUS_G(config).config_auto_cookie_secure->enable)}, + {parse_enable, SP_TOKEN_DISABLE_XXE, &(SNUFFLEUPAGUS_G(config).config_disable_xxe->enable)}, + {parse_eval_filter_conf, SP_TOKEN_EVAL_BLACKLIST, &(SNUFFLEUPAGUS_G(config).config_eval->blacklist)}, + {parse_eval_filter_conf, SP_TOKEN_EVAL_WHITELIST, &(SNUFFLEUPAGUS_G(config).config_eval->whitelist)}, + {parse_session, SP_TOKEN_SESSION_ENCRYPTION, SNUFFLEUPAGUS_G(config).config_session}, + {parse_enable, SP_TOKEN_SLOPPY_COMPARISON, &(SNUFFLEUPAGUS_G(config).config_sloppy->enable)}, + {parse_wrapper_whitelist, SP_TOKEN_ALLOW_WRAPPERS, SNUFFLEUPAGUS_G(config).config_wrapper}, + {parse_ini_protection, SP_TOKEN_INI_PROTECTION, SNUFFLEUPAGUS_G(config).config_ini}, + {parse_ini_entry, SP_TOKEN_INI, SNUFFLEUPAGUS_G(config).config_unserialize}, + {NULL, NULL, NULL}}; + return sp_process_rule(parsed_rule, sp_func); +} + +zend_result sp_parse_config(const char *filename) { + FILE *fd = fopen(filename, "rb"); + if (fd == NULL) { + sp_log_err("config", "Could not open configuration file %s : %s", filename, strerror(errno)); + return FAILURE; } - if (strncmp(ptr, SP_TOKEN_BASE, strlen(SP_TOKEN_BASE))) { - sp_log_err("config", "Invalid configuration prefix for '%s' on line %zu", - line, sp_line_no); - return -1; + size_t step = 8192; + size_t max_len = step, len = 0; + zend_string *data = zend_string_alloc(max_len, 0); + char *ptr = ZSTR_VAL(data); + + size_t bytes; + while ((bytes = fread(ptr, 1, max_len - len, fd))) { + len += bytes; + if (max_len - len <= 0) { + max_len += step; + data = zend_string_extend(data, max_len, 0); + ptr = ZSTR_VAL(data) + len; + } else { + ptr += bytes; + } } - ptr += strlen(SP_TOKEN_BASE); + fclose(fd); + + data = zend_string_truncate(data, len, 0); + ZSTR_VAL(data)[len] = 0; + + int ret = sp_config_scan(ZSTR_VAL(data), sp_process_config_root); + + zend_string_release_ex(data, 0); + + return ret; +} + - for (size_t i = 0; sp_func[i].func; i++) { - if (!strncmp(sp_func[i].token, ptr, strlen(sp_func[i].token))) { - return sp_func[i].func(ptr + strlen(sp_func[i].token)); +zend_result sp_process_rule(sp_parsed_keyword *parsed_rule, sp_config_keyword *config_keywords) { + for (sp_parsed_keyword *kw = parsed_rule; kw->kw; kw++) { + bool found_kw = false; + for (sp_config_keyword *ckw = config_keywords; ckw->func; ckw++) { + if (kw->kwlen == strlen(ckw->token) && !strncmp(kw->kw, ckw->token, kw->kwlen)) { + if (ckw->func) { + int ret = ckw->func(ckw->token, kw, ckw->retval); + switch (ret) { + case SP_PARSER_SUCCESS: + break; + case SP_PARSER_ERROR: + return FAILURE; + case SP_PARSER_STOP: + return SUCCESS; + } + } + found_kw = true; + break; + } + } + + if (!found_kw) { + zend_string *kwname = zend_string_init(kw->kw, kw->kwlen, 0); + sp_log_err("config", "Unexpected keyword '%s' on line %d", ZSTR_VAL(kwname), kw->lineno); + zend_string_release_ex(kwname, 0); + return FAILURE; } } - sp_log_err("config", "Invalid configuration section '%s' on line %zu", line, - sp_line_no); - return -1; + return SUCCESS; } -/* keyword parsing */ #define CHECK_DUPLICATE_KEYWORD(retval) \ if (*(void**)(retval)) { \ - sp_log_err("config", "duplicate %s) on line %zu near `%s`", keyword, sp_line_no, line); \ - return -1; } + sp_log_err("config", "duplicate keyword '%s' on line %zu", token, kw->lineno); \ + return SP_PARSER_ERROR; } -int parse_empty(char *restrict line, char *restrict keyword, void *retval) { +SP_PARSEKW_FN(parse_empty) { + if (kw->arglen) { + sp_log_err("config", "Unexpected argument for keyword '%s' - it should be '%s()' on line %zu", token, token, kw->lineno); + return SP_PARSER_ERROR; + } + if (kw->argtype != SP_ARGTYPE_EMPTY) { + sp_log_err("config", "Missing paranthesis for keyword '%s' - it should be '%s()' on line %zu", token, token, kw->lineno); + return SP_PARSER_ERROR; + } *(bool *)retval = true; - return 0; + return SP_PARSER_SUCCESS; } -int parse_list(char *restrict line, char *restrict keyword, void *list_ptr) { - CHECK_DUPLICATE_KEYWORD(list_ptr); - zend_string *value = NULL; - sp_list_node **list = list_ptr; - char *token, *tmp; +SP_PARSEKW_FN(parse_list) { + CHECK_DUPLICATE_KEYWORD(retval); - size_t consumed = 0; - value = get_param(&consumed, line, SP_TYPE_STR, keyword); - if (!value) { - return -1; - } + sp_list_node **list = retval; + char *tok, *tmp; + + SP_PARSE_ARG(value); tmp = ZSTR_VAL(value); while (1) { - token = strsep(&tmp, ","); - if (token == NULL) { + tok = strsep(&tmp, ","); + if (tok == NULL) { break; } - *list = sp_list_insert(*list, zend_string_init(token, strlen(token), 1)); + *list = sp_list_insert(*list, zend_string_init(tok, strlen(tok), 1)); } + zend_string_release(value); - pefree(value, 1); - return consumed; + return SP_PARSER_SUCCESS; } -int parse_php_type(char *restrict line, char *restrict keyword, void *retval) { - size_t consumed = 0; - zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); - if (!value) { - return -1; - } +SP_PARSEKW_FN(parse_php_type) { + SP_PARSE_ARG(value); if (zend_string_equals_literal_ci(value, "undef")) { *(sp_php_type *)retval = SP_PHP_TYPE_UNDEF; @@ -124,113 +162,88 @@ int parse_php_type(char *restrict line, char *restrict keyword, void *retval) { } else if (zend_string_equals_literal_ci(value, "reference")) { *(sp_php_type *)retval = SP_PHP_TYPE_REFERENCE; } else { - pefree(value, 1); - sp_log_err("error", - "%s) is expecting a valid php type ('false', 'true'," + zend_string_release(value); + sp_log_err("error", ".%s() is expecting a valid php type ('false', 'true'," " 'array'. 'object', 'long', 'double', 'null', 'resource', " - "'reference', 'undef') on line %zu", - keyword, sp_line_no); - return -1; + "'reference', 'undef') on line %zu", token, kw->lineno); + return SP_PARSER_ERROR; } - pefree(value, 1); - return consumed; + zend_string_release(value); + return SP_PARSER_SUCCESS; } -int parse_str(char *restrict line, char *restrict keyword, void *retval) { + +SP_PARSEKW_FN(parse_str) { CHECK_DUPLICATE_KEYWORD(retval); - zend_string *value = NULL; + SP_PARSE_ARG(value); - size_t consumed = 0; - value = get_param(&consumed, line, SP_TYPE_STR, keyword); - if (value) { - *(zend_string **)retval = value; - return consumed; - } - return -1; + *(zend_string **)retval = value; + + return SP_PARSER_SUCCESS; } -int parse_cidr(char *restrict line, char *restrict keyword, void *retval) { - CHECK_DUPLICATE_KEYWORD(retval); +SP_PARSEKW_FN(parse_int) { + int ret = SP_PARSER_SUCCESS; + SP_PARSE_ARG(value); - size_t consumed = 0; - zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); + char *endptr; + errno = 0; + *(int*)retval = (int)strtoimax(ZSTR_VAL(value), &endptr, 10); + if (errno != 0 || !endptr || endptr == ZSTR_VAL(value)) { + sp_log_err("config", "Failed to parse arg '%s' of `%s` on line %zu", ZSTR_VAL(value), token, kw->lineno); + ret = SP_PARSER_ERROR; + } + zend_string_release(value); + return ret; +} + +SP_PARSEKW_FN(parse_ulong) { + int ret = SP_PARSER_SUCCESS; + SP_PARSE_ARG(value); - if (!value) { - sp_log_err("config", "%s doesn't contain a valid cidr on line %zu", line, sp_line_no); - return -1; + char *endptr; + errno = 0; + *(u_long*)retval = (u_long)strtoul(ZSTR_VAL(value), &endptr, 10); + if (errno != 0 || !endptr || endptr == ZSTR_VAL(value)) { + sp_log_err("config", "Failed to parse arg '%s' of `%s` on line %zu", ZSTR_VAL(value), token, kw->lineno); + ret = SP_PARSER_ERROR; } + zend_string_release(value); + return ret; +} + +SP_PARSEKW_FN(parse_cidr) { + CHECK_DUPLICATE_KEYWORD(retval); + SP_PARSE_ARG(value); sp_cidr *cidr = pecalloc(sizeof(sp_cidr), 1, 1); if (0 != get_ip_and_cidr(ZSTR_VAL(value), cidr)) { pefree(cidr, 1); - *(sp_cidr **)retval = NULL; - return -1; + cidr = NULL; } *(sp_cidr **)retval = cidr; - return consumed; + return cidr ? SP_PARSER_SUCCESS : SP_PARSER_ERROR; } -int parse_regexp(char *restrict line, char *restrict keyword, void *retval) { +SP_PARSEKW_FN(parse_regexp) { /* TODO: Do we want to use pcre_study? * (http://www.pcre.org/original/doc/html/pcre_study.html) * maybe not: http://sljit.sourceforge.net/pcre.html*/ CHECK_DUPLICATE_KEYWORD(retval); + SP_PARSE_ARG(value); - size_t consumed = 0; - zend_string *value = get_param(&consumed, line, SP_TYPE_STR, keyword); - - if (value) { - sp_pcre *compiled_re = sp_pcre_compile(ZSTR_VAL(value)); - if (NULL != compiled_re) { - *(sp_pcre **)retval = compiled_re; - return consumed; - } - } - char *closing_paren = strchr(line, ')'); - if (NULL != closing_paren) { - closing_paren[0] = '\0'; + sp_pcre *compiled_re = sp_pcre_compile(ZSTR_VAL(value)); + if (!compiled_re) { + sp_log_err("config", "Invalid regexp '%s' for '.%s()' on line %zu", ZSTR_VAL(value), token, kw->lineno); + zend_string_release_ex(value, 1); + return SP_PARSER_ERROR; } - sp_log_err("config", - "'%s)' is expecting a valid regexp, and not '%s' on line %zu", - keyword, line, sp_line_no); - return -1; -} -int sp_parse_config(const char *conf_file) { - FILE *fd = fopen(conf_file, "r"); - char *lineptr = NULL; - size_t n = 0; - sp_line_no = 1; + *(sp_pcre **)retval = compiled_re; - if (fd == NULL) { - sp_log_err("config", "Could not open configuration file %s : %s", conf_file, - strerror(errno)); - return FAILURE; - } - - while (getline(&lineptr, &n, fd) > 0) { - /* We trash the terminal `\n`. This simplify the display of logs. */ - if (lineptr[strlen(lineptr) - 1] == '\n') { - if (strlen(lineptr) >= 2 && lineptr[strlen(lineptr) - 2] == '\r') { - lineptr[strlen(lineptr) - 2] = '\0'; - } else { - lineptr[strlen(lineptr) - 1] = '\0'; - } - } - if (parse_line(lineptr) == -1) { - fclose(fd); - free(lineptr); - return FAILURE; - } - free(lineptr); - lineptr = NULL; - n = 0; - sp_line_no++; - } - fclose(fd); - return SUCCESS; + return SP_PARSER_SUCCESS; } void sp_free_disabled_function(void *data) { @@ -292,4 +305,4 @@ void sp_free_ini_entry(void *data) { sp_pcre_free(entry->regexp); sp_free_zstr(entry->msg); sp_free_zstr(entry->set); -} \ No newline at end of file +} diff --git a/src/sp_config.h b/src/sp_config.h index 0ba2e7f..fd6dc15 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -5,15 +5,6 @@ #include #include -extern size_t sp_line_no; - -typedef enum { - SP_TYPE_STR = 0, - SP_TYPE_REGEXP, - SP_TYPE_INT, - SP_TYPE_EMPTY -} sp_type; - typedef enum { SP_PHP_TYPE_UNDEF = IS_UNDEF, SP_PHP_TYPE_NULL = IS_NULL, @@ -214,99 +205,115 @@ typedef struct { sp_config_disabled_functions *config_disabled_functions_reg_ret; } sp_config; -typedef struct { - int (*func)(char *, char *, void *); - char *token; - void *retval; -} sp_config_functions; +#define SP_PARSE_FN_(fname, kwvar) int fname(char *token, sp_parsed_keyword *kwvar, void *retval) +#define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule) +#define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw) typedef struct { - int (*func)(char *); + SP_PARSE_FN((*func)); char *token; -} sp_config_tokens; - -#define SP_TOKEN_BASE "sp" - -#define SP_TOKEN_AUTO_COOKIE_SECURE ".auto_cookie_secure" -#define SP_TOKEN_COOKIE_ENCRYPTION ".cookie" -#define SP_TOKEN_SESSION_ENCRYPTION ".session" -#define SP_TOKEN_DISABLE_FUNC ".disable_function" -#define SP_TOKEN_GLOBAL ".global" -#define SP_TOKEN_GLOBAL_STRICT ".global_strict" -#define SP_TOKEN_HARDEN_RANDOM ".harden_random" -#define SP_TOKEN_READONLY_EXEC ".readonly_exec" -#define SP_TOKEN_UNSERIALIZE_HMAC ".unserialize_hmac" -#define SP_TOKEN_UPLOAD_VALIDATION ".upload_validation" -#define SP_TOKEN_DISABLE_XXE ".disable_xxe" -#define SP_TOKEN_EVAL_BLACKLIST ".eval_blacklist" -#define SP_TOKEN_EVAL_WHITELIST ".eval_whitelist" -#define SP_TOKEN_SLOPPY_COMPARISON ".sloppy_comparison" -#define SP_TOKEN_ALLOW_WRAPPERS ".wrappers_whitelist" -#define SP_TOKEN_INI ".ini" + void *retval; +} sp_config_keyword; + +#define SP_PARSER_SUCCESS 0 +#define SP_PARSER_ERROR -1 +#define SP_PARSER_STOP 1 + +// #define SP_TOKEN_BASE "sp" + +#define SP_TOKEN_AUTO_COOKIE_SECURE "auto_cookie_secure" +#define SP_TOKEN_COOKIE_ENCRYPTION "cookie" +#define SP_TOKEN_SESSION_ENCRYPTION "session" +#define SP_TOKEN_DISABLE_FUNC "disable_function" +#define SP_TOKEN_GLOBAL "global" +#define SP_TOKEN_GLOBAL_STRICT "global_strict" +#define SP_TOKEN_HARDEN_RANDOM "harden_random" +#define SP_TOKEN_READONLY_EXEC "readonly_exec" +#define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac" +#define SP_TOKEN_UPLOAD_VALIDATION "upload_validation" +#define SP_TOKEN_DISABLE_XXE "disable_xxe" +#define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist" +#define SP_TOKEN_EVAL_WHITELIST "eval_whitelist" +#define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison" +#define SP_TOKEN_ALLOW_WRAPPERS "wrappers_whitelist" +#define SP_TOKEN_INI_PROTECTION "ini_protection" +#define SP_TOKEN_INI "ini" // common tokens -#define SP_TOKEN_ENABLE ".enable(" -#define SP_TOKEN_DISABLE ".disable(" -#define SP_TOKEN_SIMULATION ".simulation(" -#define SP_TOKEN_TRUE "1" -#define SP_TOKEN_FALSE "0" -#define SP_TOKEN_DUMP ".dump(" -#define SP_TOKEN_ALIAS ".alias(" -#define SP_TOKEN_ALLOW ".allow(" -#define SP_TOKEN_DROP ".drop(" - -#define SP_TOKEN_END_PARAM ')' +#define SP_TOKEN_ENABLE "enable" +#define SP_TOKEN_DISABLE "disable" +#define SP_TOKEN_SIMULATION "simulation" +#define SP_TOKEN_SIM "sim" +// #define SP_TOKEN_TRUE "1" +// #define SP_TOKEN_FALSE "0" +#define SP_TOKEN_DUMP "dump" +#define SP_TOKEN_ALIAS "alias" +#define SP_TOKEN_ALLOW "allow" +#define SP_TOKEN_DROP "drop" // disable_function -#define SP_TOKEN_CIDR ".cidr(" -#define SP_TOKEN_FILENAME ".filename(" -#define SP_TOKEN_FILENAME_REGEXP ".filename_r(" -#define SP_TOKEN_FUNCTION ".function(" -#define SP_TOKEN_FUNCTION_REGEXP ".function_r(" -#define SP_TOKEN_HASH ".hash(" -#define SP_TOKEN_LOCAL_VAR ".var(" -#define SP_TOKEN_PARAM ".param(" -#define SP_TOKEN_PARAM_REGEXP ".param_r(" -#define SP_TOKEN_PARAM_TYPE ".param_type(" -#define SP_TOKEN_RET ".ret(" -#define SP_TOKEN_RET_REGEXP ".ret_r(" -#define SP_TOKEN_RET_TYPE ".ret_type(" -#define SP_TOKEN_VALUE ".value(" -#define SP_TOKEN_VALUE_REGEXP ".value_r(" -#define SP_TOKEN_KEY ".key(" -#define SP_TOKEN_KEY_REGEXP ".key_r(" -#define SP_TOKEN_VALUE_ARG_POS ".pos(" -#define SP_TOKEN_LINE_NUMBER ".line(" +#define SP_TOKEN_CIDR "cidr" +#define SP_TOKEN_FILENAME "filename" +#define SP_TOKEN_FILENAME_REGEXP "filename_r" +#define SP_TOKEN_FUNCTION "function" +#define SP_TOKEN_FUNCTION_REGEXP "function_r" +#define SP_TOKEN_HASH "hash" +#define SP_TOKEN_LOCAL_VAR "var" +#define SP_TOKEN_PARAM "param" +#define SP_TOKEN_PARAM_REGEXP "param_r" +#define SP_TOKEN_PARAM_TYPE "param_type" +#define SP_TOKEN_RET "ret" +#define SP_TOKEN_RET_REGEXP "ret_r" +#define SP_TOKEN_RET_TYPE "ret_type" +#define SP_TOKEN_VALUE "value" +#define SP_TOKEN_VALUE_REGEXP "value_r" +#define SP_TOKEN_KEY "key" +#define SP_TOKEN_KEY_REGEXP "key_r" +#define SP_TOKEN_VALUE_ARG_POS "pos" +#define SP_TOKEN_LINE_NUMBER "line" // cookies encryption -#define SP_TOKEN_NAME ".name(" -#define SP_TOKEN_NAME_REGEXP ".name_r(" +#define SP_TOKEN_NAME "name" +#define SP_TOKEN_NAME_REGEXP "name_r" // cookies samesite -#define SP_TOKEN_SAMESITE ".samesite(" -#define SP_TOKEN_ENCRYPT ".encrypt(" +#define SP_TOKEN_SAMESITE "samesite" +#define SP_TOKEN_ENCRYPT "encrypt" #define SP_TOKEN_SAMESITE_LAX "Lax" #define SP_TOKEN_SAMESITE_STRICT "Strict" // Global configuration options -#define SP_TOKEN_ENCRYPTION_KEY ".secret_key(" -#define SP_TOKEN_ENV_VAR ".cookie_env_var(" -#define SP_TOKEN_LOG_MEDIA ".log_media(" +#define SP_TOKEN_ENCRYPTION_KEY "secret_key" +#define SP_TOKEN_ENV_VAR "cookie_env_var" +#define SP_TOKEN_LOG_MEDIA "log_media" // upload_validator -#define SP_TOKEN_UPLOAD_SCRIPT ".script(" +#define SP_TOKEN_UPLOAD_SCRIPT "script" + +#define SP_TOKEN_LIST "list" + +zend_result sp_process_rule(sp_parsed_keyword *parsed_rule, sp_config_keyword *config_keywords); + +zend_result sp_parse_config(const char *filename); -#define SP_TOKEN_LIST ".list(" +#define SP_PARSE_CHECK_ARG_EXISTS(value) \ +if (!value) { \ + sp_log_err("config", "Missing argument to keyword '%s' - it should be '%s(\"...\")' on line %zu", token, token, kw->lineno); \ + return SP_PARSER_ERROR; \ +} -int sp_parse_config(const char *); -int parse_array(sp_disabled_function *); +#define SP_PARSE_ARG(value) \ + zend_string *value = sp_get_arg_string(kw); \ + SP_PARSE_CHECK_ARG_EXISTS(value); -int parse_str(char *restrict, char *restrict, void *); -int parse_regexp(char *restrict, char *restrict, void *); -int parse_empty(char *restrict, char *restrict, void *); -int parse_cidr(char *restrict, char *restrict, void *); -int parse_php_type(char *restrict, char *restrict, void *); -int parse_list(char *restrict, char *restrict, void *); +SP_PARSEKW_FN(parse_str); +SP_PARSEKW_FN(parse_regexp); +SP_PARSEKW_FN(parse_empty); +SP_PARSEKW_FN(parse_int); +SP_PARSEKW_FN(parse_ulong); +SP_PARSEKW_FN(parse_php_type); +SP_PARSEKW_FN(parse_cidr); +SP_PARSEKW_FN(parse_list); // cleanup void sp_free_disabled_function(void *data); diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index a177a5e..8084698 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -2,311 +2,236 @@ #define SP_SET_ENABLE_DISABLE(enable, disable, varname) \ if (((varname) || enable) && disable) { \ - sp_log_err("config", "A rule can't be enabled and disabled on line %zu", sp_line_no); \ - return -1; \ + sp_log_err("config", "A rule can't be enabled and disabled on line %zu", parsed_rule->lineno); \ + return SP_PARSER_ERROR; \ } \ if (enable || disable) { \ (varname) = (enable || !disable); \ } -static int parse_enable(char *line, bool *restrict retval, - bool *restrict simulation) { +#define SP_PROCESS_CONFIG_KEYWORDS(CMD) if (sp_process_rule(&(parsed_rule[1]), config_keywords) != SUCCESS) { CMD; } +#define SP_PROCESS_CONFIG_KEYWORDS_ERR() SP_PROCESS_CONFIG_KEYWORDS(return SP_PARSER_ERROR) + +SP_PARSE_FN(parse_enable) { bool enable = false, disable = false; - sp_config_functions sp_config_funcs[] = { + sp_config_keyword config_keywords[] = { {parse_empty, SP_TOKEN_ENABLE, &(enable)}, {parse_empty, SP_TOKEN_DISABLE, &(disable)}, - {parse_empty, SP_TOKEN_SIMULATION, simulation}, {0, 0, 0}}; - int ret = parse_keywords(sp_config_funcs, line); - - if (0 != ret) { - return ret; - } + SP_PROCESS_CONFIG_KEYWORDS_ERR(); - SP_SET_ENABLE_DISABLE(enable, disable, *retval); + SP_SET_ENABLE_DISABLE(enable, disable, *(bool*)retval); - return ret; + return SP_PARSER_STOP; } -int parse_session(char *line) { - sp_config_session *session = pecalloc(sizeof(sp_config_session), 1, 0); +SP_PARSE_FN(parse_session) { + sp_config_session *cfg = retval; - sp_config_functions sp_config_funcs_session_encryption[] = { - {parse_empty, SP_TOKEN_ENCRYPT, &(session->encrypt)}, - {parse_empty, SP_TOKEN_SIMULATION, &(session->simulation)}, + sp_config_keyword config_keywords[] = { + {parse_empty, SP_TOKEN_ENCRYPT, &(cfg->encrypt)}, + {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, + {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, {0, 0, 0}}; - int ret = parse_keywords(sp_config_funcs_session_encryption, line); - if (0 != ret) { - return ret; - } + + SP_PROCESS_CONFIG_KEYWORDS_ERR(); #if (!HAVE_PHP_SESSION || defined(COMPILE_DL_SESSION)) - sp_log_err( - "config", + sp_log_err("config", "You're trying to use the session cookie encryption feature " "on line %zu without having session support statically built into PHP. " "This isn't supported, see " - "https://github.com/jvoisin/snuffleupagus/issues/278 for details.", - sp_line_no); - pefree(session, 0); - return -1; + "https://github.com/jvoisin/snuffleupagus/issues/278 for details.", parsed_rule->lineno); + return SP_PARSER_ERROR; #endif - if (session->encrypt) { - if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) { - sp_log_err( - "config", - "You're trying to use the session cookie encryption feature " - "on line %zu without having set the `.cookie_env_var` option in" - "`sp.global`: please set it first", - sp_line_no); - pefree(session, 0); - return -1; - } else if (0 == - (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) { - sp_log_err("config", - "You're trying to use the session cookie encryption feature " - "on line %zu without having set the `.secret_key` option in" - "`sp.global`: please set it first", - sp_line_no); - pefree(session, 0); - return -1; + if (cfg->encrypt) { + if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { + sp_log_err("config", "You're trying to use the session cookie encryption feature " + "on line %zu without having set the `.cookie_env_var` option in " + "`sp.global`: please set it first", parsed_rule->lineno); + return SP_PARSER_ERROR; + } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { + sp_log_err("config", "You're trying to use the session cookie encryption feature " + "on line %zu without having set the `.secret_key` option in " + "`sp.global`: please set it first", parsed_rule->lineno); + return SP_PARSER_ERROR; } } - SNUFFLEUPAGUS_G(config).config_session->encrypt = session->encrypt; - SNUFFLEUPAGUS_G(config).config_session->simulation = session->simulation; - pefree(session, 0); - return ret; -} - -int parse_random(char *line) { - return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_random->enable), - NULL); + return SP_PARSER_STOP; } -int parse_log_media(char *line) { - size_t consumed = 0; - zend_string *value = - get_param(&consumed, line, SP_TYPE_STR, SP_TOKEN_LOG_MEDIA); - - if (value) { - if (!strcmp(ZSTR_VAL(value), "php")) { - SNUFFLEUPAGUS_G(config).log_media = SP_ZEND; - return 0; - } else if (!strcmp(ZSTR_VAL(value), "syslog")) { - SNUFFLEUPAGUS_G(config).log_media = SP_SYSLOG; - return 0; - } +SP_PARSEKW_FN(parse_log_media) { + SP_PARSE_ARG(value); + + if (!strcmp(ZSTR_VAL(value), "php")) { + *(char*)retval = SP_ZEND; + zend_string_release_ex(value, 1); + return SP_PARSER_SUCCESS; + } else if (!strcmp(ZSTR_VAL(value), "syslog")) { + *(char*)retval = SP_SYSLOG; + zend_string_release_ex(value, 1); + return SP_PARSER_SUCCESS; } - sp_log_err("config", "%s) only supports 'syslog' or 'php', on line %zu", - SP_TOKEN_LOG_MEDIA, sp_line_no); - return -1; -} - -int parse_sloppy_comparison(char *line) { - return parse_enable(line, &(SNUFFLEUPAGUS_G(config).config_sloppy->enable), - NULL); -} -int parse_disable_xxe(char *line) { - return parse_enable( - line, &(SNUFFLEUPAGUS_G(config).config_disable_xxe->enable), NULL); -} - -int parse_auto_cookie_secure(char *line) { - return parse_enable( - line, &(SNUFFLEUPAGUS_G(config).config_auto_cookie_secure->enable), NULL); -} + sp_log_err("config", "." SP_TOKEN_LOG_MEDIA "() only supports 'syslog' or 'php' on line %zu", kw->lineno); -int parse_global_strict(char *line) { - return parse_enable( - line, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable), NULL); + return SP_PARSER_ERROR; } -int parse_unserialize(char *line) { +SP_PARSE_FN(parse_unserialize) { bool enable = false, disable = false; - sp_config_unserialize *unserialize = - SNUFFLEUPAGUS_G(config).config_unserialize; + sp_config_unserialize *cfg = (sp_config_unserialize*)retval; - sp_config_functions sp_config_funcs[] = { + sp_config_keyword config_keywords[] = { {parse_empty, SP_TOKEN_ENABLE, &(enable)}, {parse_empty, SP_TOKEN_DISABLE, &(disable)}, - {parse_empty, SP_TOKEN_SIMULATION, &(unserialize->simulation)}, - {parse_str, SP_TOKEN_DUMP, &(unserialize->dump)}, + {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, + {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, + {parse_str, SP_TOKEN_DUMP, &(cfg->dump)}, {0, 0, 0}}; - unserialize->textual_representation = zend_string_init(line, strlen(line), 1); + SP_PROCESS_CONFIG_KEYWORDS_ERR(); - int ret = parse_keywords(sp_config_funcs, line); - if (0 != ret) { - return ret; - } + SP_SET_ENABLE_DISABLE(enable, disable, cfg->enable); - SP_SET_ENABLE_DISABLE(enable, disable, SNUFFLEUPAGUS_G(config).config_unserialize->enable); + cfg->textual_representation = sp_get_textual_representation(parsed_rule); - return ret; + return SP_PARSER_STOP; } -int parse_readonly_exec(char *line) { +SP_PARSE_FN(parse_readonly_exec) { bool enable = false, disable = false; - sp_config_readonly_exec *readonly_exec = - SNUFFLEUPAGUS_G(config).config_readonly_exec; + sp_config_readonly_exec *cfg = (sp_config_readonly_exec*)retval; - sp_config_functions sp_config_funcs[] = { + sp_config_keyword config_keywords[] = { {parse_empty, SP_TOKEN_ENABLE, &(enable)}, {parse_empty, SP_TOKEN_DISABLE, &(disable)}, - {parse_empty, SP_TOKEN_SIMULATION, &(readonly_exec->simulation)}, - {parse_str, SP_TOKEN_DUMP, &(readonly_exec->dump)}, + {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, + {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, + {parse_str, SP_TOKEN_DUMP, &(cfg->dump)}, {0, 0, 0}}; - readonly_exec->textual_representation = - zend_string_init(line, strlen(line), 1); - int ret = parse_keywords(sp_config_funcs, line); + SP_PROCESS_CONFIG_KEYWORDS_ERR(); - if (0 != ret) { - return ret; - } + cfg->textual_representation = sp_get_textual_representation(parsed_rule); - SP_SET_ENABLE_DISABLE(enable, disable, SNUFFLEUPAGUS_G(config).config_readonly_exec->enable); + SP_SET_ENABLE_DISABLE(enable, disable, cfg->enable); - return ret; + return SP_PARSER_STOP; } -int parse_global(char *line) { - sp_config_functions sp_config_funcs_global[] = { - {parse_str, SP_TOKEN_ENCRYPTION_KEY, - &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, - {parse_str, SP_TOKEN_ENV_VAR, - &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, +SP_PARSE_FN(parse_global) { + sp_config_keyword config_keywords[] = { + {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, + {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, + {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, {0, 0, 0}}; - return parse_keywords(sp_config_funcs_global, line); + + SP_PROCESS_CONFIG_KEYWORDS_ERR(); + return SP_PARSER_STOP; } -static int parse_eval_filter_conf(char *line, sp_list_node **list) { - sp_config_eval *eval = SNUFFLEUPAGUS_G(config).config_eval; +SP_PARSE_FN(parse_eval_filter_conf) { + sp_config_eval *cfg = SNUFFLEUPAGUS_G(config).config_eval; - sp_config_functions sp_config_funcs[] = { - {parse_list, SP_TOKEN_LIST, list}, - {parse_empty, SP_TOKEN_SIMULATION, - &(SNUFFLEUPAGUS_G(config).config_eval->simulation)}, - {parse_str, SP_TOKEN_DUMP, &(SNUFFLEUPAGUS_G(config).config_eval->dump)}, + sp_config_keyword config_keywords[] = { + {parse_list, SP_TOKEN_LIST, retval}, + {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, + {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, + {parse_str, SP_TOKEN_DUMP, &(cfg->dump)}, {0, 0, 0}}; - eval->textual_representation = zend_string_init(line, strlen(line), 1); + SP_PROCESS_CONFIG_KEYWORDS_ERR(); - int ret = parse_keywords(sp_config_funcs, line); - if (0 != ret) { - return ret; - } + cfg->textual_representation = sp_get_textual_representation(parsed_rule); - return SUCCESS; + return SP_PARSER_STOP; } -int parse_wrapper_whitelist(char *line) { - SNUFFLEUPAGUS_G(config).config_wrapper->enabled = true; - sp_config_functions sp_config_funcs[] = { - {parse_list, SP_TOKEN_LIST, - &SNUFFLEUPAGUS_G(config).config_wrapper->whitelist}, +SP_PARSE_FN(parse_wrapper_whitelist) { + sp_config_wrapper *cfg = (sp_config_wrapper*)retval; + + sp_config_keyword config_keywords[] = { + {parse_list, SP_TOKEN_LIST, &cfg->whitelist}, {0, 0, 0}}; - int ret = parse_keywords(sp_config_funcs, line); - if (0 != ret) { - return ret; - } - return SUCCESS; -} -int parse_eval_blacklist(char *line) { - return parse_eval_filter_conf( - line, &SNUFFLEUPAGUS_G(config).config_eval->blacklist); -} + SP_PROCESS_CONFIG_KEYWORDS_ERR(); + + cfg->enabled = true; -int parse_eval_whitelist(char *line) { - return parse_eval_filter_conf( - line, &SNUFFLEUPAGUS_G(config).config_eval->whitelist); + return SP_PARSER_STOP; } -int parse_cookie(char *line) { +SP_PARSE_FN(parse_cookie) { int ret = 0; zend_string *samesite = NULL; sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1); - sp_config_functions sp_config_funcs_cookie_encryption[] = { + sp_config_keyword config_keywords[] = { {parse_str, SP_TOKEN_NAME, &(cookie->name)}, {parse_regexp, SP_TOKEN_NAME_REGEXP, &(cookie->name_r)}, {parse_str, SP_TOKEN_SAMESITE, &samesite}, {parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt}, {parse_empty, SP_TOKEN_SIMULATION, &cookie->simulation}, + {parse_empty, SP_TOKEN_SIM, &cookie->simulation}, {0, 0, 0}}; - ret = parse_keywords(sp_config_funcs_cookie_encryption, line); - if (0 != ret) { - return ret; - } + SP_PROCESS_CONFIG_KEYWORDS(goto err); if (cookie->encrypt) { - if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) { - sp_log_err( - "config", - "You're trying to use the cookie encryption feature" - "on line %zu without having set the `.cookie_env_var` option in" - "`sp.global`: please set it first", - sp_line_no); - return -1; - } else if (0 == - (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) { - sp_log_err( - "config", - "You're trying to use the cookie encryption feature" - "on line %zu without having set the `.encryption_key` option in" - "`sp.global`: please set it first", - sp_line_no); - return -1; + if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { + sp_log_err("config", "You're trying to use the cookie encryption feature on line %zu " + "without having set the `." SP_TOKEN_ENV_VAR "` option in`sp.global`: please set it first", parsed_rule->lineno); + goto err; + } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { + sp_log_err("config", "You're trying to use the cookie encryption feature " + "on line %zu without having set the `." SP_TOKEN_ENCRYPTION_KEY "` option in " + "`sp." SP_TOKEN_GLOBAL "`: please set it first", parsed_rule->lineno); + goto err; } } else if (!samesite) { - sp_log_err("config", - "You must specify a at least one action to a cookie on line " - "%zu", - sp_line_no); - return -1; + sp_log_err("config", "You must specify a at least one action to a cookie on line %zu", parsed_rule->lineno); + goto err; } if ((!cookie->name || 0 == ZSTR_LEN(cookie->name)) && !cookie->name_r) { - sp_log_err("config", - "You must specify a cookie name/regexp on line " - "%zu", - sp_line_no); - return -1; + sp_log_err("config", "You must specify a cookie name/regexp on line %zu", parsed_rule->lineno); + goto err; } if (cookie->name && cookie->name_r) { - sp_log_err("config", - "name and name_r are mutually exclusive on line " - "%zu", - sp_line_no); - return -1; + sp_log_err("config", "name and name_r are mutually exclusive on line %zu", parsed_rule->lineno); + goto err; } if (samesite) { if (zend_string_equals_literal_ci(samesite, SP_TOKEN_SAMESITE_LAX)) { cookie->samesite = lax; - } else if (zend_string_equals_literal_ci(samesite, - SP_TOKEN_SAMESITE_STRICT)) { + } else if (zend_string_equals_literal_ci(samesite, SP_TOKEN_SAMESITE_STRICT)) { cookie->samesite = strict; } else { - sp_log_err( - "config", - "%s is an invalid value to samesite (expected %s or %s) on line " - "%zu", - ZSTR_VAL(samesite), SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT, - sp_line_no); - return -1; + sp_log_err("config", "'%s' is an invalid value to samesite (expected " SP_TOKEN_SAMESITE_LAX " or " SP_TOKEN_SAMESITE_STRICT ") on line %zu", + ZSTR_VAL(samesite), parsed_rule->lineno); + goto err; } } - SNUFFLEUPAGUS_G(config).config_cookie->cookies = - sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, cookie); - return SUCCESS; + + SNUFFLEUPAGUS_G(config).config_cookie->cookies = sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, cookie); + + return SP_PARSER_STOP; + +err: + if (samesite) { + zend_string_release(samesite); + } + if (cookie) { + sp_free_cookie(cookie); + pefree(cookie, 1); + } + return SP_PARSER_ERROR; } -int add_df_to_hashtable(HashTable *ht, sp_disabled_function *df) { +static int add_df_to_hashtable(HashTable *ht, sp_disabled_function *df) { zval *list = zend_hash_find(ht, df->function); if (NULL == list) { @@ -317,19 +242,19 @@ int add_df_to_hashtable(HashTable *ht, sp_disabled_function *df) { return SUCCESS; } -int parse_disabled_functions(char *line) { - int ret = 0; - bool enable = true, disable = false, allow = false, drop = false; - zend_string *pos = NULL, *var = NULL, *param = NULL; - zend_string *line_number = NULL; +SP_PARSE_FN(parse_disabled_functions) { + int ret = SP_PARSER_ERROR; + bool enable = false, disable = false, allow = false, drop = false; + zend_string *var = NULL, *param = NULL; sp_disabled_function *df = pecalloc(sizeof(*df), 1, 1); df->pos = -1; - sp_config_functions sp_config_funcs_disabled_functions[] = { + sp_config_keyword config_keywords[] = { {parse_empty, SP_TOKEN_ENABLE, &(enable)}, {parse_empty, SP_TOKEN_DISABLE, &(disable)}, {parse_str, SP_TOKEN_ALIAS, &(df->alias)}, {parse_empty, SP_TOKEN_SIMULATION, &(df->simulation)}, + {parse_empty, SP_TOKEN_SIM, &(df->simulation)}, {parse_str, SP_TOKEN_FILENAME, &(df->filename)}, {parse_regexp, SP_TOKEN_FILENAME_REGEXP, &(df->r_filename)}, {parse_str, SP_TOKEN_FUNCTION, &(df->function)}, @@ -350,23 +275,21 @@ int parse_disabled_functions(char *line) { {parse_regexp, SP_TOKEN_RET_REGEXP, &(df->r_ret)}, {parse_php_type, SP_TOKEN_RET_TYPE, &(df->ret_type)}, {parse_str, SP_TOKEN_LOCAL_VAR, &(var)}, - {parse_str, SP_TOKEN_VALUE_ARG_POS, &(pos)}, - {parse_str, SP_TOKEN_LINE_NUMBER, &(line_number)}, + {parse_int, SP_TOKEN_VALUE_ARG_POS, &(df->pos)}, + {parse_ulong, SP_TOKEN_LINE_NUMBER, &(df->line)}, {0, 0, 0}}; - ret = parse_keywords(sp_config_funcs_disabled_functions, line); + SP_PROCESS_CONFIG_KEYWORDS(goto out); - if (0 != ret) { - goto out; + SP_SET_ENABLE_DISABLE(enable, disable, enable); + if (disable) { + ret = SP_PARSER_STOP; goto out; } #define MUTUALLY_EXCLUSIVE(X, Y, STR1, STR2) \ if (X && Y) { \ - sp_log_err("config", \ - "Invalid configuration line: 'sp.disabled_functions%s': " \ - "'.%s' and '.%s' are mutually exclusive on line %zu", \ - line, STR1, STR2, sp_line_no); \ - ret = -1; goto out; \ + sp_log_err("config", "Invalid configuration line for 'sp.disabled_functions': '.%s' and '.%s' are mutually exclusive on line %zu", STR1, STR2, parsed_rule->lineno); \ + goto out; \ } MUTUALLY_EXCLUSIVE(df->value, df->r_value, "value", "value_r"); @@ -374,8 +297,8 @@ int parse_disabled_functions(char *line) { MUTUALLY_EXCLUSIVE(df->filename, df->r_filename, "filename", "filename_r"); MUTUALLY_EXCLUSIVE(df->ret, df->r_ret, "ret", "ret_r"); MUTUALLY_EXCLUSIVE(df->key, df->r_key, "key", "key_r"); - MUTUALLY_EXCLUSIVE(pos, param, "pos", "param"); - MUTUALLY_EXCLUSIVE(pos, df->r_param, "pos", "param_r"); + MUTUALLY_EXCLUSIVE((df->pos >= 0), param, "pos", "param"); + MUTUALLY_EXCLUSIVE((df->pos >= 0), df->r_param, "pos", "param_r"); MUTUALLY_EXCLUSIVE(param, df->r_param, "param", "param_r"); MUTUALLY_EXCLUSIVE((df->r_key || df->key), (df->r_value || df->value), "key", "value"); MUTUALLY_EXCLUSIVE((df->r_ret || df->ret || df->ret_type), (df->r_param || param), "ret", "param"); @@ -385,52 +308,21 @@ int parse_disabled_functions(char *line) { #undef MUTUALLY_EXCLUSIVE if (!(df->r_function || df->function)) { - sp_log_err("config", - "Invalid configuration line: 'sp.disabled_functions%s':" - " must take a function name on line %zu", - line, sp_line_no); - ret = -1; goto out; + sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions': must take a function name on line %zu", parsed_rule->lineno); + goto out; } if (df->filename && (*ZSTR_VAL(df->filename) != '/') && (0 != strncmp(ZSTR_VAL(df->filename), "phar://", strlen("phar://")))) { - sp_log_err( - "config", - "Invalid configuration line: 'sp.disabled_functions%s':" - "'.filename' must be an absolute path or a phar archive on line %zu", - line, sp_line_no); - ret = -1; goto out; + sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line %zu", parsed_rule->lineno); + goto out; } if (!(allow ^ drop)) { - sp_log_err("config", - "Invalid configuration line: 'sp.disabled_functions%s': The " - "rule must either be a `drop` or `allow` one on line %zu", - line, sp_line_no); - ret = -1; goto out; - } - - if (pos) { - errno = 0; - char *endptr; - df->pos = (int)strtol(ZSTR_VAL(pos), &endptr, 10); - if (errno != 0 || endptr == ZSTR_VAL(pos)) { - sp_log_err("config", "Failed to parse arg '%s' of `pos` on line %zu", - ZSTR_VAL(pos), sp_line_no); - ret = -1; goto out; - } + sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions': The rule must either be a `drop` or `allow` one on line %zu", parsed_rule->lineno); + goto out; } - if (line_number) { - errno = 0; - char *endptr; - df->line = (unsigned int)strtoul(ZSTR_VAL(line_number), &endptr, 10); - if (errno != 0 || endptr == ZSTR_VAL(line_number)) { - sp_log_err("config", "Failed to parse arg '%s' of `line` on line %zu", - ZSTR_VAL(line_number), sp_line_no); - ret = -1; goto out; - } - } df->allow = allow; - df->textual_representation = zend_string_init(line, strlen(line), 1); + df->textual_representation = sp_get_textual_representation(parsed_rule); if (df->function) { df->functions_list = parse_functions_list(ZSTR_VAL(df->function)); @@ -450,33 +342,23 @@ int parse_disabled_functions(char *line) { df->param = sp_parse_var(ZSTR_VAL(param)); } if (!df->param) { - sp_log_err("config", "Invalid value '%s' for `param` on line %zu", - ZSTR_VAL(param), sp_line_no); - ret = -1; goto out; + sp_log_err("config", "Invalid value '%s' for `param` on line %zu", ZSTR_VAL(param), parsed_rule->lineno); + goto out; } } - if (var) { if (ZSTR_LEN(var)) { df->var = sp_parse_var(ZSTR_VAL(var)); if (!df->var) { - sp_log_err("config", "Invalid value '%s' for `var` on line %zu", - ZSTR_VAL(var), sp_line_no); - ret = -1; goto out; + sp_log_err("config", "Invalid value '%s' for `var` on line %zu", ZSTR_VAL(var), parsed_rule->lineno); + goto out; } } else { - sp_log_err("config", "Empty value in `var` on line %zu", sp_line_no); - ret = -1; goto out; + sp_log_err("config", "Empty value in `var` on line %zu", parsed_rule->lineno); + goto out; } } - if (true == disable || 0 != ret) { - out: - sp_free_disabled_function(df); - pefree(df, 1); - return ret; - } - if (df->function && zend_string_equals_literal(df->function, "print")) { zend_string_release(df->function); df->function = zend_string_init("echo", sizeof("echo") - 1, 1); @@ -484,148 +366,136 @@ int parse_disabled_functions(char *line) { if (df->function && !df->functions_list) { if (df->ret || df->r_ret || df->ret_type) { - add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, - df); + add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, df); } else { - add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions, - df); + add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions, df); } } else { if (df->ret || df->r_ret || df->ret_type) { - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions = - sp_list_insert( - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions, - df); + SNUFFLEUPAGUS_G(config).config_disabled_functions_reg_ret->disabled_functions = sp_list_insert(SNUFFLEUPAGUS_G(config).config_disabled_functions_reg_ret->disabled_functions, df); } else { - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg->disabled_functions = - sp_list_insert(SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg->disabled_functions, - df); + SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions = sp_list_insert(SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions, df); } } + return SP_PARSER_STOP; + +out: + if (df) { + sp_free_disabled_function(df); + pefree(df, 1); + } + if (param) { zend_string_release(param); } + if (var) { zend_string_release(var); } + return ret; } -int parse_upload_validation(char *line) { +SP_PARSE_FN(parse_upload_validation) { bool disable = false, enable = false; - sp_config_functions sp_config_funcs_upload_validation[] = { - {parse_str, SP_TOKEN_UPLOAD_SCRIPT, - &(SNUFFLEUPAGUS_G(config).config_upload_validation->script)}, - {parse_empty, SP_TOKEN_SIMULATION, - &(SNUFFLEUPAGUS_G(config).config_upload_validation->simulation)}, + sp_config_upload_validation *cfg = (sp_config_upload_validation*)retval; + + sp_config_keyword config_keywords[] = { {parse_empty, SP_TOKEN_ENABLE, &(enable)}, {parse_empty, SP_TOKEN_DISABLE, &(disable)}, + {parse_str, SP_TOKEN_UPLOAD_SCRIPT, &(cfg->script)}, + {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, + {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, {0, 0, 0}}; - int ret = parse_keywords(sp_config_funcs_upload_validation, line); - - if (0 != ret) { - return ret; - } + SP_PROCESS_CONFIG_KEYWORDS_ERR(); + SP_SET_ENABLE_DISABLE(enable, disable, cfg->enable); - SP_SET_ENABLE_DISABLE(enable, disable, SNUFFLEUPAGUS_G(config).config_upload_validation->enable); - - zend_string const *script = - SNUFFLEUPAGUS_G(config).config_upload_validation->script; - - if (!script) { - sp_log_err("config", - "The `script` directive is mandatory in '%s' on line %zu", line, - sp_line_no); - return -1; - } else if (-1 == access(ZSTR_VAL(script), F_OK)) { - sp_log_err("config", "The `script` (%s) doesn't exist on line %zu", - ZSTR_VAL(script), sp_line_no); - return -1; - } else if (-1 == access(ZSTR_VAL(script), X_OK)) { - sp_log_err("config", "The `script` (%s) isn't executable on line %zu", - ZSTR_VAL(script), sp_line_no); - return -1; + if (!cfg->script) { + sp_log_err("config", "The `script` directive is mandatory in '.%s' on line %zu", token, parsed_rule->lineno); + return SP_PARSER_ERROR; + } else if (-1 == access(ZSTR_VAL(cfg->script), F_OK)) { + sp_log_err("config", "The `script` (%s) doesn't exist on line %zu", ZSTR_VAL(cfg->script), parsed_rule->lineno); + return SP_PARSER_ERROR; + } else if (-1 == access(ZSTR_VAL(cfg->script), X_OK)) { + sp_log_err("config", "The `script` (%s) isn't executable on line %zu", ZSTR_VAL(cfg->script), parsed_rule->lineno); + return SP_PARSER_ERROR; } - return ret; + return SP_PARSER_STOP; } -int parse_ini_protection(char *line) { +SP_PARSE_FN(parse_ini_protection) { bool disable = false, enable = false; bool rw = false, ro = false; // rw is ignored, but declaring .policy_rw is valid for readability - sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; - sp_config_functions sp_config_ini_protection[] = { - {parse_empty, SP_TOKEN_ENABLE, &(enable)}, - {parse_empty, SP_TOKEN_DISABLE, &(disable)}, - {parse_empty, SP_TOKEN_SIMULATION, &cfg->simulation}, - {parse_empty, ".policy_readonly(", &ro}, - {parse_empty, ".policy_ro(", &ro}, - {parse_empty, ".policy_readwrite(", &rw}, - {parse_empty, ".policy_rw(", &rw}, - {parse_empty, ".policy_silent_ro(", &cfg->policy_silent_ro}, - {parse_empty, ".policy_silent_fail(", &cfg->policy_silent_fail}, - {parse_empty, ".policy_no_log(", &cfg->policy_silent_fail}, - {parse_empty, ".policy_drop(", &cfg->policy_drop}, + sp_config_ini *cfg = (sp_config_ini*)retval; + sp_config_keyword config_keywords[] = { + {parse_empty, "enable", &(enable)}, + {parse_empty, "disable", &(disable)}, + {parse_empty, "simulation", &cfg->simulation}, + {parse_empty, "sim", &cfg->simulation}, + {parse_empty, "policy_readonly", &ro}, + {parse_empty, "policy_ro", &ro}, + {parse_empty, "policy_readwrite", &rw}, + {parse_empty, "policy_rw", &rw}, + {parse_empty, "policy_silent_ro", &cfg->policy_silent_ro}, + {parse_empty, "policy_silent_fail", &cfg->policy_silent_fail}, + {parse_empty, "policy_no_log", &cfg->policy_silent_fail}, + {parse_empty, "policy_drop", &cfg->policy_drop}, {0, 0, 0}}; - int ret = parse_keywords(sp_config_ini_protection, line); - if (ret) { return ret; } + SP_PROCESS_CONFIG_KEYWORDS_ERR(); SP_SET_ENABLE_DISABLE(enable, disable, cfg->enable); if (ro && rw) { - sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); - return -1; + sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", parsed_rule->lineno); + return SP_PARSER_ERROR; } cfg->policy_readonly = ro; if (cfg->policy_silent_fail && cfg->policy_drop) { - sp_log_err("config", "policy cannot be drop and silent at the same time on line %zu", sp_line_no); - return -1; + sp_log_err("config", "policy cannot be drop and silent at the same time on line %zu", parsed_rule->lineno); + return SP_PARSER_ERROR; } - return ret; + return SP_PARSER_STOP; } -int parse_ini_entry(char *line) { +SP_PARSE_FN(parse_ini_entry) { sp_ini_entry *entry = pecalloc(sizeof(sp_ini_entry), 1, 1); bool rw = false, ro = false; - sp_config_functions sp_config_ini_protection[] = { - {parse_empty, SP_TOKEN_SIMULATION, &entry->simulation}, - {parse_str, ".key(", &entry->key}, - {parse_str, ".msg(", &entry->msg}, - {parse_str, ".set(", &entry->set}, - {parse_str, ".min(", &entry->min}, - {parse_str, ".max(", &entry->max}, - {parse_regexp, ".regexp(", &entry->regexp}, - {parse_empty, ".readonly(", &ro}, - {parse_empty, ".ro(", &ro}, - {parse_empty, ".readwrite(", &rw}, - {parse_empty, ".rw(", &rw}, - {parse_empty, ".drop(", &entry->drop}, - {parse_empty, ".allow_null(", &entry->allow_null}, + sp_config_keyword config_keywords[] = { + {parse_empty, "simulation", &entry->simulation}, + {parse_empty, "sim", &entry->simulation}, + {parse_str, "key", &entry->key}, + {parse_str, "msg", &entry->msg}, + {parse_str, "set", &entry->set}, + {parse_str, "min", &entry->min}, + {parse_str, "max", &entry->max}, + {parse_regexp, "regexp", &entry->regexp}, + {parse_empty, "readonly", &ro}, + {parse_empty, "ro", &ro}, + {parse_empty, "readwrite", &rw}, + {parse_empty, "rw", &rw}, + {parse_empty, "drop", &entry->drop}, + {parse_empty, "allow_null", &entry->allow_null}, {0, 0, 0}}; - int ret = parse_keywords(sp_config_ini_protection, line); - if (ret) { goto err; } + SP_PROCESS_CONFIG_KEYWORDS(goto err); - if (!entry->key) { - sp_log_err("config", "A .key() must be provided on line %zu", sp_line_no); - ret = -1; goto err; + if (!entry->key) { + sp_log_err("config", "A .key() must be provided on line %zu", parsed_rule->lineno); + goto err; } if (ro && rw) { - sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", sp_line_no); - ret = -1; goto err; + sp_log_err("config", "rule cannot be both read-write and read-only on line %zu", parsed_rule->lineno); + goto err; } entry->access = ro - rw; zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_ini->entries, entry->key, entry); - return ret; + return SP_PARSER_STOP; err: if (entry) { sp_free_ini_entry(entry); pefree(entry, 1); } - return ret; + return SP_PARSER_ERROR; } \ No newline at end of file diff --git a/src/sp_config_keywords.h b/src/sp_config_keywords.h index b90c06c..01eb0d1 100644 --- a/src/sp_config_keywords.h +++ b/src/sp_config_keywords.h @@ -2,23 +2,18 @@ #define SP_CONFIG_KEYWORDS_H #include "php_snuffleupagus.h" -int parse_random(char *line); -int parse_disable_xxe(char *line); -int parse_auto_cookie_secure(char *line); -int parse_global_strict(char *line); -int parse_global(char *line); -int parse_cookie(char *line); -int parse_unserialize(char *line); -int parse_readonly_exec(char *line); -int parse_disabled_functions(char *line); -int parse_upload_validation(char *line); -int parse_eval_blacklist(char *line); -int parse_eval_whitelist(char *line); -int parse_session(char *line); -int parse_sloppy_comparison(char *line); -int parse_wrapper_whitelist(char *line); -int parse_log_media(char *line); -int parse_ini_protection(char *line); -int parse_ini_entry(char *line); +SP_PARSE_FN(parse_enable); +SP_PARSE_FN(parse_global); +SP_PARSE_FN(parse_cookie); +SP_PARSE_FN(parse_unserialize); +SP_PARSE_FN(parse_readonly_exec); +SP_PARSE_FN(parse_disabled_functions); +SP_PARSE_FN(parse_upload_validation); +SP_PARSE_FN(parse_eval_filter_conf); +SP_PARSE_FN(parse_session); +SP_PARSE_FN(parse_wrapper_whitelist); +SP_PARSE_FN(parse_log_media); +SP_PARSE_FN(parse_ini_protection); +SP_PARSE_FN(parse_ini_entry); #endif // __SP_CONFIG_KEYWORDS_H diff --git a/src/sp_config_scanner.h b/src/sp_config_scanner.h new file mode 100644 index 0000000..3284713 --- /dev/null +++ b/src/sp_config_scanner.h @@ -0,0 +1,25 @@ + +#ifndef SP_CONFIG_SCANNER_H +#define SP_CONFIG_SCANNER_H + +typedef enum { + SP_ARGTYPE_UNKNOWN = 0, + SP_ARGTYPE_NONE, + SP_ARGTYPE_EMPTY, + SP_ARGTYPE_STR +} sp_argtype; + +typedef struct { + char *kw; // keyword points directly to the parsed input text and as such is not null-terminated + size_t kwlen; + char *arg; // optional argument / can be not null terminated + size_t arglen; + sp_argtype argtype; + long lineno; +} sp_parsed_keyword; + +zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)); +zend_string *sp_get_arg_string(sp_parsed_keyword *kw); +zend_string *sp_get_textual_representation(sp_parsed_keyword *parsed_rule); + +#endif \ No newline at end of file diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re new file mode 100644 index 0000000..075c343 --- /dev/null +++ b/src/sp_config_scanner.re @@ -0,0 +1,139 @@ +#include "php_snuffleupagus.h" + +/*!types:re2c*/ + +#define cs_error_log(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) + +zend_string *sp_get_arg_string(sp_parsed_keyword *kw) { + if (!kw || !kw->arg) { + return NULL; + } + zend_string *ret = zend_string_init(kw->arg, kw->arglen, 1); + char *pin, *pout; + pin = pout = ZSTR_VAL(ret); + char *pend = pin + ZSTR_LEN(ret); + + while (pin < pend) { + if (*pin == '\\') { + pin++; + } + *pout = *pin; + pin++; pout++; + } + + if (pin != pout) { + size_t len = pout - ZSTR_VAL(ret); + ret = zend_string_truncate(ret, len, 1); + ZSTR_VAL(ret)[len] = 0; + } + + return ret; +} + +zend_string *sp_get_textual_representation(sp_parsed_keyword *parsed_rule) { + // a rule is "sp.keyword...keyword(arg);\0" + size_t len = 3; // sp + ; + sp_parsed_keyword *kw; + for (kw = parsed_rule; kw->kw; kw++) { + len++; // . + len += kw->kwlen; + if (kw->argtype == SP_ARGTYPE_EMPTY) { + len += 2; // () + } else if (kw->argtype == SP_ARGTYPE_STR) { + len += 4; + len += kw->arglen; + } + } + zend_string *ret = zend_string_alloc(len, 1); + char *ptr = ZSTR_VAL(ret); + memcpy(ptr, "sp", 2); ptr += 2; + for (kw = parsed_rule; kw->kw; kw++) { + *ptr++ = '.'; + memcpy(ptr, kw->kw, kw->kwlen); ptr += kw->kwlen; + if (kw->argtype == SP_ARGTYPE_EMPTY || kw->argtype == SP_ARGTYPE_STR || kw->argtype == SP_ARGTYPE_UNKNOWN) { + *ptr++ = '('; + } + if (kw->argtype == SP_ARGTYPE_STR && kw->arg) { + *ptr++ = '"'; + memcpy(ptr, kw->arg, kw->arglen); ptr += kw->arglen; + *ptr++ = '"'; + } + if (kw->argtype == SP_ARGTYPE_EMPTY || kw->argtype == SP_ARGTYPE_STR || kw->argtype == SP_ARGTYPE_UNKNOWN) { + *ptr++ = ')'; + } + } + *ptr++ = ';'; + *ptr = 0; + return ret; +} + +zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) +{ + const char *YYCURSOR = data; + const char *YYMARKER, *t1, *t2, *t3, *t4; + /*!stags:re2c format = 'const char *@@;\n'; */ + + const int max_keywords = 16; + sp_parsed_keyword parsed_rule[max_keywords+1]; + int kw_i = 0; + + int cond = yycinit; + long lineno = 1; + + /*!re2c + re2c:define:YYCTYPE = char; + // re2c:define:YYCURSOR = data; + re2c:yyfill:enable = 0; + re2c:flags:tags = 1; + re2c:api:style = free-form; + re2c:define:YYGETCONDITION = "cond"; + re2c:define:YYSETCONDITION = "cond = @@;"; + + end = "\x00"; + nl = "\r"?"\n"; + ws = [ \t]; + keyword = [a-zA-Z_][a-zA-Z0-9_]*; + string = "\"" ("\\\"" | [^"\r\n])* "\""; + + * { cs_error_log("Parser error on line %d", lineno); return FAILURE; } + ws+ { goto yyc_init; } + [;#] .* { goto yyc_init; } + nl { lineno++; goto yyc_init; } + "sp" { kw_i = 0; goto yyc_rule; } + end { return SUCCESS; } + + ws+ { goto yyc_rule; } + nl / ( nl | ws )* "." { lineno++; goto yyc_rule; } + "." @t1 keyword @t2 ( "(" @t3 string? @t4 ")" )? { + if (kw_i == max_keywords) { + cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); + return FAILURE; + } + sp_parsed_keyword kw = {.kw = (char*)t1, .kwlen = t2-t1, .arg = (char*)t3, .arglen = t4-t3, .argtype = SP_ARGTYPE_UNKNOWN, .lineno = lineno}; + if (t3 && t4) { + if (t3 == t4) { + kw.argtype = SP_ARGTYPE_EMPTY; + } else if (t4-t2 >= 2) { + kw.arg = (char*)t3 + 1; + kw.arglen = t4 - t3 - 2; + kw.argtype = SP_ARGTYPE_STR; + } + } else { + kw.argtype = SP_ARGTYPE_NONE; + } + parsed_rule[kw_i++] = kw; + goto yyc_rule; + } + ";" { + end_of_rule: + parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; + if (process_rule && process_rule(parsed_rule) != SUCCESS) { + return FAILURE; + } + goto yyc_init; + } + * { goto end_of_rule; } + + */ + return FAILURE; +} \ No newline at end of file diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index bc7b405..e93ef31 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -1,108 +1,5 @@ #include "php_snuffleupagus.h" -int parse_keywords(sp_config_functions *funcs, char *line) { - int value_len = 0; - const char *original_line = line; - for (size_t i = 0; funcs[i].func; i++) { - if (!strncmp(funcs[i].token, line, strlen(funcs[i].token))) { - line += strlen(funcs[i].token); - value_len = funcs[i].func(line, funcs[i].token, funcs[i].retval) + 1; - if (value_len == 0) { // bad parameter - return -1; - } - line += value_len; - i = -1; // we start the loop again - } - } - while (*line == ';' || *line == '\t' || *line == ' ') { - line++; - } - - if (*line == '#') { - return 0; - } - - if (*line) { - sp_log_err("config", "Trailing chars '%s' at the end of '%s' on line %zu", - line, original_line, sp_line_no); - return -1; - } - return 0; -} - -zend_string *get_param(size_t *consumed, char *restrict line, sp_type type, - const char *restrict keyword) { - enum { IN_ESCAPE, NONE } state = NONE; - char *original_line = line; - size_t j = 0; - - zend_string *ret = NULL; - if (NULL == line || '\0' == *line) { - goto err; - } - - ret = zend_string_alloc(strlen(line) + 1, 1); - - /* The first char of a string is always '"', since they MUST be quoted. */ - if ('"' == *line) { - line++; - } else { - goto err; - } - - for (size_t i = 0; line[i] && j < strlen(original_line) - 2; i++) { - switch (line[i]) { - case '"': - /* A double quote at this point is either: - - at the very end of the string. - - escaped - */ - if ((state == NONE) && (line[i + 1] == SP_TOKEN_END_PARAM)) { - /* The `+2` if for - 1. the terminal double-quote - 2. the SP_TOKEN_END_PARAM - */ - *consumed = i + 2; - // Make sure that the string we return is the right size, - // as it can be smaller than strlen(line) - ret = zend_string_truncate(ret, j, 1); - // truncate does not add a \0 - ZSTR_VAL(ret)[ZSTR_LEN(ret)] = 0; - return ret; - } else if (state == IN_ESCAPE) { - break; // we're on an escped double quote - } else { - goto err; - } - case '\\': - if (state == NONE) { - state = IN_ESCAPE; - continue; - } - default: - break; - } - if (state == IN_ESCAPE) { - state = NONE; - } - ZSTR_VAL(ret)[j++] = line[i]; - } -err: - if (0 == j) { - sp_log_err("error", "A valid string as parameter is expected on line %zu", - sp_line_no); - } else { - sp_log_err("error", - "There is an issue with the parsing of '%s': it doesn't look " - "like a valid string on line %zu", - original_line ? original_line : "NULL", sp_line_no); - } - line = NULL; - if (ret) { - zend_string_release(ret); - } - return NULL; -} sp_list_node *parse_functions_list(char *value) { static const char *sep = ">"; diff --git a/src/sp_config_utils.h b/src/sp_config_utils.h index a63cadc..64817a0 100644 --- a/src/sp_config_utils.h +++ b/src/sp_config_utils.h @@ -1,9 +1,6 @@ #ifndef SP_CONFIG_UTILS #define SP_CONFIG_UTILS -int parse_keywords(sp_config_functions *, char *); -zend_string *get_param(size_t *, char *restrict, sp_type, const char *restrict); -int array_to_list(char **, sp_list_node **); sp_list_node *parse_functions_list(char *value); #endif /* SP_CONFIG_UTILS */ diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 84d8acf..ebb7d3f 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -69,28 +69,22 @@ static bool is_functions_list_matching(zend_execute_data* execute_data, return false; } -static bool is_local_var_matching( - zend_execute_data* execute_data, - const sp_disabled_function* const config_node) { +static bool is_local_var_matching(zend_execute_data* execute_data, const sp_disabled_function* const config_node) { zval* var_value = {0}; var_value = sp_get_var_value(execute_data, config_node->var, false); if (var_value) { if (Z_TYPE_P(var_value) == IS_ARRAY) { if (config_node->key || config_node->r_key) { - if (sp_match_array_key(var_value, config_node->key, - config_node->r_key)) { + if (sp_match_array_key(var_value, config_node->key, config_node->r_key)) { return true; } - } else if (sp_match_array_value(var_value, config_node->value, - config_node->r_value)) { + } else if (sp_match_array_value(var_value, config_node->value, config_node->r_value)) { return true; } } else { - zend_string const* const var_value_str = - sp_zval_to_zend_string(var_value); - bool match = sp_match_value(var_value_str, config_node->value, - config_node->r_value); + zend_string const* const var_value_str = sp_zval_to_zend_string(var_value); + bool match = sp_match_value(var_value_str, config_node->value, config_node->r_value); if (true == match) { return true; @@ -555,24 +549,19 @@ ZEND_FUNCTION(eval_blacklist_callback) { zend_string_release(tmp); if (SNUFFLEUPAGUS_G(in_eval) > 0) { - zend_string* filename = get_eval_filename(zend_get_executed_filename()); - const int line_number = zend_get_executed_lineno(TSRMLS_C); + // zend_string* filename = get_eval_filename(zend_get_executed_filename()); + // const int line_number = zend_get_executed_lineno(TSRMLS_C); const sp_config_eval* config_eval = SNUFFLEUPAGUS_G(config).config_eval; if (config_eval->dump) { - sp_log_request(config_eval->dump, config_eval->textual_representation, - SP_TOKEN_EVAL_BLACKLIST); + sp_log_request(config_eval->dump, config_eval->textual_representation); } if (config_eval->simulation) { - sp_log_simulation("eval", - "A call to %s was tried in eval, in %s:%d, logging it.", - current_function_name, ZSTR_VAL(filename), line_number); + sp_log_simulation("eval", "A call to '%s' was tried in eval. logging it.", current_function_name); } else { - sp_log_drop("eval", - "A call to %s was tried in eval, in %s:%d, dropping it.", - current_function_name, ZSTR_VAL(filename), line_number); + sp_log_drop("eval", "A call to '%s' was tried in eval. dropping it.", current_function_name); } - efree(filename); + // efree(filename); } whitelisted: diff --git a/src/sp_execute.c b/src/sp_execute.c index 7d078b0..8795e5f 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -14,8 +14,7 @@ ZEND_COLD static inline void terminate_if_writable(const char *filename) { if (0 == access(filename, W_OK)) { if (config_ro_exec->dump) { sp_log_request(config_ro_exec->dump, - config_ro_exec->textual_representation, - SP_TOKEN_READONLY_EXEC); + config_ro_exec->textual_representation); } if (true == config_ro_exec->simulation) { sp_log_simulation("readonly_exec", @@ -75,8 +74,7 @@ is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { if (EXPECTED(NULL != current_function)) { if (UNEXPECTED(false == check_is_in_eval_whitelist(current_function))) { if (config_eval->dump) { - sp_log_request(config_eval->dump, config_eval->textual_representation, - SP_TOKEN_EVAL_WHITELIST); + sp_log_request(config_eval->dump, config_eval->textual_representation); } if (config_eval->simulation) { sp_log_simulation( diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c index 5b4fd95..0a26254 100644 --- a/src/sp_network_utils.c +++ b/src/sp_network_utils.c @@ -85,9 +85,7 @@ int get_ip_and_cidr(char *ip, sp_cidr *cidr) { char *mask = strchr(ip, '/'); if (NULL == mask) { - sp_log_err( - "config", - "'%s' isn't a valid network mask, it seems that you forgot a '/'.", ip); + sp_log_err("config", "'%s' isn't a valid network mask, it seems that you forgot a '/'.", ip); return -1; } @@ -117,7 +115,7 @@ int get_ip_and_cidr(char *ip, sp_cidr *cidr) { ip[mask - ip] = '/'; if (cidr->ip_version < 0) { - sp_log_err("cidr_match", "Weird ip (%s) family", ip); + sp_log_err("config", "Weird ip (%s) family", ip); return -1; } diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index 2b9f08d..657e650 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -24,8 +24,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { #endif if (NULL == ret) { - sp_log_err("config", "Failed to compile '%s': %s on line %zu.", pattern, - pcre_error, sp_line_no); + sp_log_err("config", "Failed to compile '%s': %s.", pattern, pcre_error); } return ret; } diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 06636ad..82b2cef 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -89,8 +89,7 @@ PHP_FUNCTION(sp_unserialize) { } else { if (config_unserialize->dump) { sp_log_request(config_unserialize->dump, - config_unserialize->textual_representation, - SP_TOKEN_UNSERIALIZE_HMAC); + config_unserialize->textual_representation); } if (true == config_unserialize->simulation) { sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str); diff --git a/src/sp_utils.c b/src/sp_utils.c index 949d6ba..c4209de 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -123,9 +123,7 @@ static int construct_filename(char* filename, return 0; } -int sp_log_request(const zend_string* restrict folder, - const zend_string* restrict text_repr, - char const* const from) { +int sp_log_request(const zend_string* restrict folder, const zend_string* restrict text_repr) { FILE* file; const char* current_filename = zend_get_executed_filename(TSRMLS_C); const int current_line = zend_get_executed_lineno(TSRMLS_C); @@ -146,7 +144,7 @@ int sp_log_request(const zend_string* restrict folder, return -1; } - fprintf(file, "RULE: sp%s%s\n", from, ZSTR_VAL(text_repr)); + fprintf(file, "RULE: %s\n", ZSTR_VAL(text_repr)); fprintf(file, "FILE: %s:%d\n", current_filename, current_line); @@ -285,8 +283,7 @@ void sp_log_disable(const char* restrict path, const char* restrict arg_name, const int sim = config_node->simulation; if (dump) { - sp_log_request(config_node->dump, config_node->textual_representation, - SP_TOKEN_DISABLE_FUNC); + sp_log_request(config_node->dump, config_node->textual_representation); } if (arg_name) { char* char_repr = NULL; @@ -329,8 +326,7 @@ void sp_log_disable_ret(const char* restrict path, char* char_repr = NULL; if (dump) { - sp_log_request(dump, config_node->textual_representation, - SP_TOKEN_DISABLE_FUNC); + sp_log_request(dump, config_node->textual_representation); } if (ret_value) { char_repr = zend_string_to_char(ret_value); @@ -479,7 +475,6 @@ void unhook_functions(HashTable *ht) { bool check_is_in_eval_whitelist(const zend_string* const function_name) { const sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->whitelist; - if (!it) { return false; } diff --git a/src/sp_utils.h b/src/sp_utils.h index c0ddbe4..ef626a3 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -85,9 +85,7 @@ bool hook_function(const char *, HashTable *, zif_handler); void unhook_functions(HashTable *ht); int hook_regexp(const sp_pcre *, HashTable *, zif_handler); bool check_is_in_eval_whitelist(const zend_string *const function_name); -int sp_log_request(const zend_string *restrict folder, - const zend_string *restrict text_repr, - char const *const from); +int sp_log_request(const zend_string *restrict folder, const zend_string *restrict text_repr); bool sp_zend_string_equals(const zend_string *s1, const zend_string *s2); #endif /* SP_UTILS_H */ diff --git a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt index 7a8c909..5383df6 100644 --- a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt +++ b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt @@ -17,6 +17,6 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] Failed to compile '^super_co[a-z+$': missing terminating ] for character class on line 2. in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] Failed to compile '^super_co[a-z+$': missing terminating ] for character class. in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] '.name_r()' is expecting a valid regexp, and not '"^super_co[a-z+$"' on line 2 in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid regexp '^super_co[a-z+$' for '.name_r()' on line 2 in Unknown on line 0 diff --git a/src/tests/broken_configuration_php8/broken_conf.phpt b/src/tests/broken_configuration_php8/broken_conf.phpt index 7dde7d6..9a5a5ab 100644 --- a/src/tests/broken_configuration_php8/broken_conf.phpt +++ b/src/tests/broken_configuration_php8/broken_conf.phpt @@ -7,8 +7,7 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf2.phpt b/src/tests/broken_configuration_php8/broken_conf2.phpt index bf337b4..94ebc01 100644 --- a/src/tests/broken_configuration_php8/broken_conf2.phpt +++ b/src/tests/broken_configuration_php8/broken_conf2.phpt @@ -7,8 +7,7 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf2.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration section 'sp.wrong' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'wrong' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt b/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt index 9dd0c66..ad3aa08 100644 --- a/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt @@ -12,7 +12,7 @@ echo 1337; ?> --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt b/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt index eccc8a8..0f71408 100644 --- a/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt @@ -12,5 +12,5 @@ echo 1337; ?> --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 1337 diff --git a/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt b/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt index 76ef208..c4eec17 100644 --- a/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt @@ -7,10 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_config_regexp.ini --FILE-- --EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %s on line 1. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt b/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt index 5bdca06..2629ba5 100644 --- a/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt @@ -7,10 +7,7 @@ Broken configuration - regexp without a closing parenthesis sp.configuration_file={PWD}/config/broken_config_regexp_no_closing_paren.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"*."': it doesn't look like a valid string on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'filename_r' - it should be 'filename_r("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt index 0447320..6213041 100644 --- a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt @@ -7,8 +7,7 @@ Broken configuration - encrypted cookie without encryption key sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt index 204430d..25371dd 100644 --- a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt @@ -7,8 +7,7 @@ Broken configuration - encrypted cookie with without cookie env var sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_eval.phpt b/src/tests/broken_configuration_php8/broken_conf_eval.phpt index 1a6ad4d..f45aabf 100644 --- a/src/tests/broken_configuration_php8/broken_conf_eval.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_eval.phpt @@ -8,7 +8,7 @@ sp.configuration_file={PWD}/config/broken_conf_eval.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"cos,sin': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'list' - it should be 'list("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt b/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt index 682a4f5..419d687 100644 --- a/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt @@ -7,8 +7,7 @@ Bad boolean value in configuration sp.configuration_file={PWD}/config/broken_conf_expecting_bool.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '337);' at the end of '.enable(1337);' on line 5 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 5 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt index dbe5414..31140dc 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt @@ -8,10 +8,7 @@ Broken configuration, invalid cidr value sp.configuration_file={PWD}/config/broken_conf_invalid_cidr_value.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] " doesn't contain a valid cidr on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'cidr' - it should be 'cidr("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt index cb78f85..da40235 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt @@ -7,8 +7,7 @@ Broken configuration filename without absolute path sp.configuration_file={PWD}/config/broken_conf_invalid_filename.ini --FILE-- --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("sprintf").filename("wrong file name").drop();':'.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt index 68581b6..fda609d 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt @@ -7,8 +7,7 @@ Broken configuration filename with improper log media sp.configuration_file={PWD}/config/broken_conf_invalid_log_media.ini --FILE-- --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt index 188d610..9e35170 100644 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt @@ -7,8 +7,7 @@ Broken conf with wrong type sp.configuration_file={PWD}/config/broken_conf_invalid_type.ini --FILE-- --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"totally_wrong"_type")': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'ret_type' - it should be 'ret_type("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt index 24c60bc..909aae1 100644 --- a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt @@ -6,8 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_key_value.ini --FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt b/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt index 2d370ac..5702f43 100644 --- a/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt @@ -7,8 +7,7 @@ Configuration line with an empty string sp.configuration_file={PWD}/config/broken_conf_line_empty_string.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt b/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt index d3c826f..1a0a392 100644 --- a/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt @@ -7,8 +7,7 @@ Configuration line without closing parenthese sp.configuration_file={PWD}/config/broken_conf_line_no_closing.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"123"': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt b/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt index e599e62..27135ca 100644 --- a/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt @@ -7,8 +7,7 @@ Configuration line with too many quotes sp.configuration_file={PWD}/config/broken_conf_lots_of_quotes.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"this\"is a weird\"\"\"cookie\"name"");': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt b/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt index 2ddb70f..bb44f15 100644 --- a/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt @@ -10,8 +10,7 @@ sp.configuration_file={PWD}/config/broken_conf_missing_script.ini echo 1; ?> --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.enable();' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.upload_validation' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt index e362893..f331eee 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt @@ -6,9 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt index 39766e1..93fc581 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt @@ -6,9 +6,8 @@ Broken configuration - ret and var are mutually exclusives --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for '%a': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt index ebca290..24162df 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt @@ -6,9 +6,8 @@ Broken configuration - ret and value are mutually exclusive --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for '%a': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt index 52b36e0..35c4de1 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt @@ -6,9 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt index cf65e7d..fd6e0b4 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt @@ -6,9 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt index 41dc60e..80370f6 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt @@ -6,9 +6,9 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini --FILE-- ---EXPECT-- +--EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt index 9cab6cd..3087a17 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt @@ -6,9 +6,9 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini --FILE-- ---EXPECT-- +--EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt index 406f818..2099a4b 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt @@ -6,9 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for '%a': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt index ff7f415..f0b44da 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt @@ -6,9 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive7.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().allow();': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: '%a': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt index 6ccd508..8f6c246 100644 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt @@ -6,9 +6,8 @@ Broken configuration --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive8.ini --FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.ret("0").drop();': must take a function name on line 1 in Unknown on line 0 +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: '%a': must take a function name on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt b/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt index 7e74683..5107ede 100644 --- a/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt @@ -10,8 +10,7 @@ sp.configuration_file={PWD}/config/broken_conf_readonly_exec.ini echo 1; ?> --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '234);' at the end of '.enable(1234);' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_samesite.phpt b/src/tests/broken_configuration_php8/broken_conf_samesite.phpt index c905fd8..63075d0 100644 --- a/src/tests/broken_configuration_php8/broken_conf_samesite.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_samesite.phpt @@ -7,8 +7,7 @@ Bad config, invalid samesite type. sp.configuration_file={PWD}/config/broken_conf_cookie_samesite.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] nop is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] 'nop' is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt b/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt index 886eb13..cc7369a 100644 --- a/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt @@ -7,8 +7,7 @@ Broken config, session encryption sp.configuration_file={PWD}/config/broken_conf_session_encryption.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars 'nvalid value :/);' at the end of '.encrypt(invalid value :/);' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'encrypt' - it should be 'encrypt()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt b/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt index 2503943..23a8e53 100644 --- a/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt @@ -18,10 +18,9 @@ if (strstr($info, 'Valid config => no') !== FALSE) { } ?> --EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %s on line 1. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_truncated.phpt b/src/tests/broken_configuration_php8/broken_conf_truncated.phpt index 059dcac..ff821f4 100644 --- a/src/tests/broken_configuration_php8/broken_conf_truncated.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_truncated.phpt @@ -7,8 +7,7 @@ Bad boolean value in configuration sp.configuration_file={PWD}/config/config_broken_conf_truncated.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'param' - it should be 'param("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt b/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt index 327b622..5e6c28e 100644 --- a/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt @@ -9,9 +9,8 @@ sp.configuration_file={PWD}/config/broken_conf_unserialize.ini ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '234);' at the end of '.enable(1234);' on line 1 in Unknown on line 0 +--EXPECT-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt b/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt index d022e3e..31afff9 100644 --- a/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt @@ -10,8 +10,7 @@ sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_upload_va echo 1; ?> --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'script' - it should be 'script("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt b/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt index 75c2e0e..6082f42 100644 --- a/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt @@ -7,8 +7,7 @@ Bad config, unknown keyword sp.configuration_file={PWD}/config/broken_conf_weird_keyword.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '.not_a_valid_keyword("test");' at the end of '.enable().not_a_valid_keyword("test");' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'not_a_valid_keyword' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt index 0011a6e..1f2d9da 100644 --- a/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt @@ -11,8 +11,7 @@ sp.allow_broken_configuration=Off echo 1337; ?> --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'invalid_param' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt b/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt index b073369..d3cf9e0 100644 --- a/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt @@ -7,8 +7,7 @@ Configuration line with too many quotes sp.configuration_file={PWD}/config/broken_conf_wrong_quotes.ini --FILE-- --EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"\)': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_regexp.phpt b/src/tests/broken_configuration_php8/broken_regexp.phpt index 877f801..7461d57 100644 --- a/src/tests/broken_configuration_php8/broken_regexp.phpt +++ b/src/tests/broken_configuration_php8/broken_regexp.phpt @@ -7,10 +7,9 @@ Broken regexp sp.configuration_file={PWD}/config/broken_regexp.ini --FILE-- --EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class. in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class on line 1. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.value_r()' is expecting a valid regexp, and not '"^$["' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '^$[' for '.value_r()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt index 7a8c909..5383df6 100644 --- a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt +++ b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt @@ -17,6 +17,6 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] Failed to compile '^super_co[a-z+$': missing terminating ] for character class on line 2. in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] Failed to compile '^super_co[a-z+$': missing terminating ] for character class. in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] '.name_r()' is expecting a valid regexp, and not '"^super_co[a-z+$"' on line 2 in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid regexp '^super_co[a-z+$' for '.name_r()' on line 2 in Unknown on line 0 diff --git a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt index 015c159..a01c352 100644 --- a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt +++ b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt @@ -18,4 +18,4 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 diff --git a/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt b/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt index 42f5509..c47389c 100644 --- a/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt +++ b/src/tests/cookies_encryption_warning/encrypt_cookies_no_key.phpt @@ -18,4 +18,4 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 diff --git a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt index 163cb26..1fe4074 100644 --- a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt +++ b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt @@ -18,4 +18,4 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 diff --git a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt index df31f2e..0da0dbe 100644 --- a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt +++ b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_key.phpt @@ -18,4 +18,4 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 diff --git a/src/tests/dump_request/dump_eval_blacklist.phpt b/src/tests/dump_request/dump_eval_blacklist.phpt index 07c17f2..b8192a7 100644 --- a/src/tests/dump_request/dump_eval_blacklist.phpt +++ b/src/tests/dump_request/dump_eval_blacklist.phpt @@ -36,5 +36,5 @@ if ($res[3] != "GET:get_a='data_get_a' get_b='data_get_b' \n") { --EXPECTF-- Outside of eval: 1337 1337 1337 -Warning: [snuffleupagus][0.0.0.0][eval][simulation] A call to strtoupper was tried in eval, in %a/dump_eval_blacklist.php:1, logging it. in %a/dump_eval_blacklist.php(9) : eval()'d code on line 1 +Warning: [snuffleupagus][0.0.0.0][eval][simulation] A call to 'strtoupper' was tried in eval. logging it. in %a(9) : eval()'d code on line 1 After eval: 1234 diff --git a/src/tests/eval_blacklist/eval_backlist.phpt b/src/tests/eval_blacklist/eval_backlist.phpt index fa32b4b..2953efc 100644 --- a/src/tests/eval_blacklist/eval_backlist.phpt +++ b/src/tests/eval_blacklist/eval_backlist.phpt @@ -14,4 +14,4 @@ echo "After eval: $a\n"; --EXPECTF-- Outside of eval: 1337 1337 1337 -Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to strtoupper was tried in eval, in %a/eval_backlist.php:1, dropping it. in %a/eval_backlist.php(4) : eval()'d code on line 1 +Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to 'strtoupper' was tried in eval. dropping it. in %a/eval_backlist.php(4) : eval()'d code on line 1 diff --git a/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt index 4c37263..546a53a 100644 --- a/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt +++ b/src/tests/eval_blacklist/eval_backlist_call_user_func.phpt @@ -11,4 +11,4 @@ eval(' ') ?> --EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to strtoupper was tried in eval, in %s/eval_backlist_call_user_func.php:%d, dropping it. in %s/eval_backlist_call_user_func.php(%d) : eval()'d code on line %d +Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to 'strtoupper' was tried in eval. dropping it. in %s/eval_backlist_call_user_func.php(%d) : eval()'d code on line %d diff --git a/src/tests/eval_blacklist/eval_backlist_chained.phpt b/src/tests/eval_blacklist/eval_backlist_chained.phpt index 820ef1d..1afb860 100644 --- a/src/tests/eval_blacklist/eval_backlist_chained.phpt +++ b/src/tests/eval_blacklist/eval_backlist_chained.phpt @@ -13,4 +13,4 @@ eval(' ') ?> --EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to strtoupper was tried in eval, in %s/eval_backlist_chained.php:%d, dropping it. in %s/eval_backlist_chained.php(%d) : eval()'d code on line %d +Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to 'strtoupper' was tried in eval. dropping it. in %s/eval_backlist_chained.php(%d) : eval()'d code on line %d diff --git a/src/tests/eval_blacklist/eval_backlist_list.phpt b/src/tests/eval_blacklist/eval_backlist_list.phpt index 725a9bb..1efd453 100644 --- a/src/tests/eval_blacklist/eval_backlist_list.phpt +++ b/src/tests/eval_blacklist/eval_backlist_list.phpt @@ -14,4 +14,4 @@ echo "After eval: $a\n"; --EXPECTF-- Outside of eval: 1337 1337 1337 -Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to strtoupper was tried in eval, in %a/eval_backlist_list.php:1, dropping it. in %a/eval_backlist_list.php(4) : eval()'d code on line 1 +Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to 'strtoupper' was tried in eval. dropping it. in %a/eval_backlist_list.php(4) : eval()'d code on line 1 diff --git a/src/tests/eval_blacklist/eval_backlist_simulation.phpt b/src/tests/eval_blacklist/eval_backlist_simulation.phpt index f09370d..0cc02b2 100644 --- a/src/tests/eval_blacklist/eval_backlist_simulation.phpt +++ b/src/tests/eval_blacklist/eval_backlist_simulation.phpt @@ -14,5 +14,5 @@ echo "After eval: $a\n"; --EXPECTF-- Outside of eval: 1337 1337 1337 -Warning: [snuffleupagus][0.0.0.0][eval][simulation] A call to strtoupper was tried in eval, in %a/eval_backlist_simulation.php:1, logging it. in %a/eval_backlist_simulation.php(4) : eval()'d code on line 1 +Warning: [snuffleupagus][0.0.0.0][eval][simulation] A call to 'strtoupper' was tried in eval. logging it. in %a/eval_backlist_simulation.php(4) : eval()'d code on line 1 After eval: 1234 diff --git a/src/tests/eval_blacklist/nested_eval_blacklist.phpt b/src/tests/eval_blacklist/nested_eval_blacklist.phpt index 8ff0b6d..a06b66b 100644 --- a/src/tests/eval_blacklist/nested_eval_blacklist.phpt +++ b/src/tests/eval_blacklist/nested_eval_blacklist.phpt @@ -26,4 +26,4 @@ Inception lvl 1... Inception lvl 2... Inception lvl 3... -Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to strtoupper was tried in eval, in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code:3, dropping it. in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code(4) : eval()'d code on line 3 +Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to 'strtoupper' was tried in eval. dropping it. in %a/nested_eval_blacklist.php(5) : eval()'d code(4) : eval()'d code(4) : eval()'d code on line 3 diff --git a/src/tests/eval_blacklist/nested_eval_blacklist2.phpt b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt index 37f8967..63e56b1 100644 --- a/src/tests/eval_blacklist/nested_eval_blacklist2.phpt +++ b/src/tests/eval_blacklist/nested_eval_blacklist2.phpt @@ -26,4 +26,4 @@ Inception lvl 1... Inception lvl 2... Inception lvl 3... -Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to strtoupper was tried in eval, in %a/nested_eval_blacklist2.php(5) : eval()'d code:7, dropping it. in %a/nested_eval_blacklist2.php(5) : eval()'d code(4) : eval()'d code on line 7 +Fatal error: [snuffleupagus][0.0.0.0][eval][drop] A call to 'strtoupper' was tried in eval. dropping it. in %a/nested_eval_blacklist2.php(5) : eval()'d code(4) : eval()'d code on line 7 -- cgit v1.3 From 333984c636ac3318f35efc78529186e63d3ce59e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 16 Aug 2021 23:22:47 +0200 Subject: config supports variables now --- src/sp_config_scanner.re | 47 ++++++++++++++++++++++++++++++++++++++------- src/sp_disabled_functions.c | 1 - 2 files changed, 40 insertions(+), 8 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index 075c343..33362fc 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -67,16 +67,25 @@ zend_string *sp_get_textual_representation(sp_parsed_keyword *parsed_rule) { return ret; } +static void str_dtor(zval *zv) { + zend_string_release_ex(Z_STR_P(zv), 1); +} + zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { const char *YYCURSOR = data; const char *YYMARKER, *t1, *t2, *t3, *t4; /*!stags:re2c format = 'const char *@@;\n'; */ + int ret = FAILURE; + const int max_keywords = 16; sp_parsed_keyword parsed_rule[max_keywords+1]; int kw_i = 0; + HashTable vars; + zend_hash_init(&vars, 10, NULL, str_dtor, 1); + int cond = yycinit; long lineno = 1; @@ -92,31 +101,53 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key end = "\x00"; nl = "\r"?"\n"; ws = [ \t]; + wsnl = [ \t\r\n]; keyword = [a-zA-Z_][a-zA-Z0-9_]*; string = "\"" ("\\\"" | [^"\r\n])* "\""; - * { cs_error_log("Parser error on line %d", lineno); return FAILURE; } + * { cs_error_log("Parser error on line %d", lineno); goto out; } ws+ { goto yyc_init; } [;#] .* { goto yyc_init; } nl { lineno++; goto yyc_init; } "sp" { kw_i = 0; goto yyc_rule; } - end { return SUCCESS; } + end { ret = SUCCESS; goto out; } + "set" wsnl+ @t1 keyword @t2 wsnl+ @t3 string @t4 ";"? { + char *key = (char*)t1; + int keylen = t2-t1; + zend_string *tmp = zend_hash_str_find_ptr(&vars, key, keylen); + if (tmp) { + zend_hash_str_del(&vars, key, keylen); + } + tmp = zend_string_init(t3+1, t4-t3-2, 1); + zend_hash_str_add_ptr(&vars, key, keylen, tmp); + goto yyc_init; + } + ws+ { goto yyc_rule; } nl / ( nl | ws )* "." { lineno++; goto yyc_rule; } - "." @t1 keyword @t2 ( "(" @t3 string? @t4 ")" )? { + "." @t1 keyword @t2 ( "(" @t3 ( string? | keyword ) @t4 ")" )? { if (kw_i == max_keywords) { cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); - return FAILURE; + goto out; } sp_parsed_keyword kw = {.kw = (char*)t1, .kwlen = t2-t1, .arg = (char*)t3, .arglen = t4-t3, .argtype = SP_ARGTYPE_UNKNOWN, .lineno = lineno}; if (t3 && t4) { if (t3 == t4) { kw.argtype = SP_ARGTYPE_EMPTY; - } else if (t4-t2 >= 2) { + } else if (t4-t3 >= 2 && *t3 == '"') { kw.arg = (char*)t3 + 1; kw.arglen = t4 - t3 - 2; kw.argtype = SP_ARGTYPE_STR; + } else { + zend_string *tmp = zend_hash_str_find_ptr(&vars, t3, t4-t3); + if (!tmp) { + cs_error_log("unknown variable on line %d", lineno); + goto out; + } + kw.arg = ZSTR_VAL(tmp); + kw.arglen = ZSTR_LEN(tmp); + kw.argtype = SP_ARGTYPE_STR; } } else { kw.argtype = SP_ARGTYPE_NONE; @@ -128,12 +159,14 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key end_of_rule: parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; if (process_rule && process_rule(parsed_rule) != SUCCESS) { - return FAILURE; + goto out; } goto yyc_init; } * { goto end_of_rule; } */ - return FAILURE; +out: + zend_hash_destroy(&vars); + return ret; } \ No newline at end of file diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index ebb7d3f..6ff3915 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -33,7 +33,6 @@ char* get_complete_function_path(zend_execute_data const* const execute_data) { } else { complete_path_function = estrdup(function_name); } - sp_log_debug("%s", complete_path_function); return complete_path_function; } -- cgit v1.3 From 78527b1ef0834e8aa5490e2df4e21621f9256913 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 17 Aug 2021 10:21:23 +0200 Subject: php 7 compatibility --- src/sp_php_compat.h | 3 +++ 1 file changed, 3 insertions(+) (limited to 'src') diff --git a/src/sp_php_compat.h b/src/sp_php_compat.h index 992c3e2..09d9a1f 100644 --- a/src/sp_php_compat.h +++ b/src/sp_php_compat.h @@ -11,6 +11,9 @@ ZEND_API zend_string *zend_string_concat2( _key = _p->key; \ _ptr = Z_PTR_P(_z); +// zend_result was introduced to replace ZEND_RESULT_CODE with PHP8 +typedef ZEND_RESULT_CODE zend_result; + #endif #if PHP_VERSION_ID < 70300 -- cgit v1.3 From def7f6275073f2c0010324818903dead726c1e67 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 17 Aug 2021 10:41:50 +0200 Subject: require re2c >= 2.0 --- src/config.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index 6f462af..f825cea 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -41,5 +41,5 @@ if test "$PHP_SNUFFLEUPAGUS" = "yes"; then PHP_NEW_EXTENSION(snuffleupagus, $sources, $ext_shared,-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1) fi -PHP_PROG_RE2C() +PHP_PROG_RE2C([2.0]) PHP_ADD_MAKEFILE_FRAGMENT() -- cgit v1.3 From 60fad2a6b3b61a63e2e829d60b7b0bda51099b19 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 17 Aug 2021 13:06:39 +0200 Subject: added pregenerated scanner to relax re2c dependency --- .gitignore | 2 + src/Makefile.frag | 7 +- src/config.m4 | 2 +- src/sp_config_scanner.cached.c | 670 +++++++++++++++++++++++++++++++++++++++++ 4 files changed, 679 insertions(+), 2 deletions(-) create mode 100644 src/sp_config_scanner.cached.c (limited to 'src') diff --git a/.gitignore b/.gitignore index 721cd5f..8fcb297 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,8 @@ src/tests/*/*.log src/tests/*/*.out src/tests/*/*.sh src/tests/*/*.php +# generated by re2c or copied from cached version +src/sp_config_scanner.c # Files generated by phpize, configure and make src/autom4te.cache src/build diff --git a/src/Makefile.frag b/src/Makefile.frag index c8458ea..1236599 100644 --- a/src/Makefile.frag +++ b/src/Makefile.frag @@ -1,2 +1,7 @@ $(srcdir)/sp_config_scanner.c: $(srcdir)/sp_config_scanner.re - @$(RE2C) $(RE2C_FLAGS) --no-generation-date -bc -o $@ $< + if re2c -v |grep ' 2\.' 2>/dev/null; then \ + re2c -bc -o $@ $<; \ + re2c --no-generation-date --no-version -bci -o $(srcdir)/sp_config_scanner.cached.c $<; \ + else \ + cp $(srcdir)/sp_config_scanner.cached.c $@; \ + fi; diff --git a/src/config.m4 b/src/config.m4 index f825cea..a2301fd 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -41,5 +41,5 @@ if test "$PHP_SNUFFLEUPAGUS" = "yes"; then PHP_NEW_EXTENSION(snuffleupagus, $sources, $ext_shared,-DZEND_ENABLE_STATIC_TSRMLS_CACHE=1) fi -PHP_PROG_RE2C([2.0]) +# PHP_PROG_RE2C([2.0]) PHP_ADD_MAKEFILE_FRAGMENT() diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c new file mode 100644 index 0000000..8e05986 --- /dev/null +++ b/src/sp_config_scanner.cached.c @@ -0,0 +1,670 @@ +/* Generated by re2c */ +#include "php_snuffleupagus.h" + +enum YYCONDTYPE { + yycinit, + yycrule, +}; + + +#define cs_error_log(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) + +zend_string *sp_get_arg_string(sp_parsed_keyword *kw) { + if (!kw || !kw->arg) { + return NULL; + } + zend_string *ret = zend_string_init(kw->arg, kw->arglen, 1); + char *pin, *pout; + pin = pout = ZSTR_VAL(ret); + char *pend = pin + ZSTR_LEN(ret); + + while (pin < pend) { + if (*pin == '\\') { + pin++; + } + *pout = *pin; + pin++; pout++; + } + + if (pin != pout) { + size_t len = pout - ZSTR_VAL(ret); + ret = zend_string_truncate(ret, len, 1); + ZSTR_VAL(ret)[len] = 0; + } + + return ret; +} + +zend_string *sp_get_textual_representation(sp_parsed_keyword *parsed_rule) { + // a rule is "sp.keyword...keyword(arg);\0" + size_t len = 3; // sp + ; + sp_parsed_keyword *kw; + for (kw = parsed_rule; kw->kw; kw++) { + len++; // . + len += kw->kwlen; + if (kw->argtype == SP_ARGTYPE_EMPTY) { + len += 2; // () + } else if (kw->argtype == SP_ARGTYPE_STR) { + len += 4; + len += kw->arglen; + } + } + zend_string *ret = zend_string_alloc(len, 1); + char *ptr = ZSTR_VAL(ret); + memcpy(ptr, "sp", 2); ptr += 2; + for (kw = parsed_rule; kw->kw; kw++) { + *ptr++ = '.'; + memcpy(ptr, kw->kw, kw->kwlen); ptr += kw->kwlen; + if (kw->argtype == SP_ARGTYPE_EMPTY || kw->argtype == SP_ARGTYPE_STR || kw->argtype == SP_ARGTYPE_UNKNOWN) { + *ptr++ = '('; + } + if (kw->argtype == SP_ARGTYPE_STR && kw->arg) { + *ptr++ = '"'; + memcpy(ptr, kw->arg, kw->arglen); ptr += kw->arglen; + *ptr++ = '"'; + } + if (kw->argtype == SP_ARGTYPE_EMPTY || kw->argtype == SP_ARGTYPE_STR || kw->argtype == SP_ARGTYPE_UNKNOWN) { + *ptr++ = ')'; + } + } + *ptr++ = ';'; + *ptr = 0; + return ret; +} + +static void str_dtor(zval *zv) { + zend_string_release_ex(Z_STR_P(zv), 1); +} + +zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) +{ + const char *YYCURSOR = data; + const char *YYMARKER, *t1, *t2, *t3, *t4; + const char *yyt1; +const char *yyt2; +const char *yyt3; +const char *yyt4; + + + int ret = FAILURE; + + const int max_keywords = 16; + sp_parsed_keyword parsed_rule[max_keywords+1]; + int kw_i = 0; + + HashTable vars; + zend_hash_init(&vars, 10, NULL, str_dtor, 1); + + int cond = yycinit; + long lineno = 1; + + +{ + char yych; + unsigned int yyaccept = 0; + if (cond < 1) { + goto yyc_init; + } else { + goto yyc_rule; + } +/* *********************************** */ +yyc_init: + { + static const unsigned char yybm[] = { + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 92, 16, 72, 72, 24, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 92, 72, 8, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 72, 72, 72, 72, 72, 72, + 72, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 72, 136, 72, 72, 104, + 72, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 104, 104, 104, 104, 104, + 104, 104, 104, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + 72, 72, 72, 72, 72, 72, 72, 72, + }; + yych = *YYCURSOR; + if (yybm[0+yych] & 4) { + goto yy6; + } + if (yych <= '"') { + if (yych <= '\n') { + if (yych <= 0x00) goto yy2; + if (yych <= 0x08) goto yy4; + goto yy9; + } else { + if (yych == '\r') goto yy11; + goto yy4; + } + } else { + if (yych <= ';') { + if (yych <= '#') goto yy12; + if (yych <= ':') goto yy4; + goto yy12; + } else { + if (yych == 's') goto yy15; + goto yy4; + } + } +yy2: + ++YYCURSOR; + { ret = SUCCESS; goto out; } +yy4: + ++YYCURSOR; +yy5: + { cs_error_log("Parser error on line %d", lineno); goto out; } +yy6: + yych = *++YYCURSOR; + if (yybm[0+yych] & 4) { + goto yy6; + } + { goto yyc_init; } +yy9: + ++YYCURSOR; + { lineno++; goto yyc_init; } +yy11: + yych = *++YYCURSOR; + if (yych == '\n') goto yy9; + goto yy5; +yy12: + yych = *++YYCURSOR; + if (yybm[0+yych] & 8) { + goto yy12; + } + { goto yyc_init; } +yy15: + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'e') goto yy16; + if (yych == 'p') goto yy18; + goto yy5; +yy16: + yych = *++YYCURSOR; + if (yych == 't') goto yy20; +yy17: + YYCURSOR = YYMARKER; + if (yyaccept <= 1) { + if (yyaccept == 0) { + goto yy5; + } else { + yyt4 = YYCURSOR; + goto yy30; + } + } else { + goto yy30; + } +yy18: + ++YYCURSOR; + { kw_i = 0; goto yyc_rule; } +yy20: + yych = *++YYCURSOR; + if (yybm[0+yych] & 16) { + goto yy21; + } + goto yy17; +yy21: + yych = *++YYCURSOR; + if (yybm[0+yych] & 16) { + goto yy21; + } + if (yych <= '^') { + if (yych <= '@') goto yy17; + if (yych >= '[') goto yy17; + yyt1 = YYCURSOR; + } else { + if (yych == '`') goto yy17; + if (yych >= '{') goto yy17; + yyt1 = YYCURSOR; + } +yy23: + yych = *++YYCURSOR; + if (yybm[0+yych] & 32) { + goto yy23; + } + if (yych <= '\f') { + if (yych <= 0x08) goto yy17; + if (yych >= '\v') goto yy17; + yyt2 = YYCURSOR; + } else { + if (yych <= '\r') { + yyt2 = YYCURSOR; + goto yy25; + } + if (yych != ' ') goto yy17; + yyt2 = YYCURSOR; + } +yy25: + yych = *++YYCURSOR; + if (yych <= '\r') { + if (yych <= 0x08) goto yy17; + if (yych <= '\n') goto yy25; + if (yych <= '\f') goto yy17; + goto yy25; + } else { + if (yych <= ' ') { + if (yych <= 0x1F) goto yy17; + goto yy25; + } else { + if (yych != '"') goto yy17; + yyt3 = YYCURSOR; + } + } +yy27: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy27; + } + if (yych <= '\r') goto yy17; + if (yych >= '#') goto yy31; +yy29: + yych = *++YYCURSOR; + yyt4 = YYCURSOR; + if (yych == ';') goto yy33; +yy30: + t1 = yyt1; + t2 = yyt2; + t3 = yyt3; + t4 = yyt4; + { + char *key = (char*)t1; + int keylen = t2-t1; + zend_string *tmp = zend_hash_str_find_ptr(&vars, key, keylen); + if (tmp) { + zend_hash_str_del(&vars, key, keylen); + } + tmp = zend_string_init(t3+1, t4-t3-2, 1); + zend_hash_str_add_ptr(&vars, key, keylen, tmp); + goto yyc_init; + } +yy31: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy27; + } + if (yych <= '\r') goto yy17; + if (yych <= '"') goto yy34; + goto yy31; +yy33: + ++YYCURSOR; + goto yy30; +yy34: + yyaccept = 1; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy31; + } + if (yych <= '\r') { + if (yych == '\n') { + yyt4 = YYCURSOR; + goto yy30; + } + if (yych <= '\f') goto yy27; + yyt4 = YYCURSOR; + goto yy30; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy27; + goto yy29; + } else { + if (yych != ';') goto yy27; + yyt4 = YYCURSOR; + } + } + yyaccept = 2; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy27; + } + if (yych <= '\r') goto yy30; + if (yych <= '"') goto yy29; + goto yy31; + } +/* *********************************** */ +yyc_rule: + { + static const unsigned char yybm[] = { + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 88, 16, 64, 64, 0, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 88, 64, 0, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 64, 64, 64, 64, 64, 64, + 64, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 64, 128, 64, 64, 96, + 64, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + }; + yych = *YYCURSOR; + if (yybm[0+yych] & 8) { + goto yy40; + } + if (yych <= '\r') { + if (yych <= 0x08) goto yy38; + if (yych <= '\n') goto yy43; + if (yych >= '\r') goto yy44; + } else { + if (yych <= '.') { + if (yych >= '.') goto yy45; + } else { + if (yych == ';') goto yy46; + } + } +yy38: + ++YYCURSOR; +yy39: + { goto end_of_rule; } +yy40: + yych = *++YYCURSOR; + if (yybm[0+yych] & 8) { + goto yy40; + } + { goto yyc_rule; } +yy43: + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '\r') { + if (yych <= 0x08) goto yy39; + if (yych <= '\n') { + yyt1 = YYCURSOR; + goto yy48; + } + if (yych <= '\f') goto yy39; + yyt1 = YYCURSOR; + goto yy51; + } else { + if (yych <= ' ') { + if (yych <= 0x1F) goto yy39; + yyt1 = YYCURSOR; + goto yy48; + } else { + if (yych == '.') { + yyt1 = YYCURSOR; + goto yy52; + } + goto yy39; + } + } +yy44: + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == '\n') goto yy54; + goto yy39; +yy45: + yych = *++YYCURSOR; + if (yych <= '^') { + if (yych <= '@') goto yy39; + if (yych <= 'Z') { + yyt1 = YYCURSOR; + goto yy55; + } + goto yy39; + } else { + if (yych == '`') goto yy39; + if (yych <= 'z') { + yyt1 = YYCURSOR; + goto yy55; + } + goto yy39; + } +yy46: + ++YYCURSOR; + { + end_of_rule: + parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; + if (process_rule && process_rule(parsed_rule) != SUCCESS) { + goto out; + } + goto yyc_init; + } +yy48: + yych = *++YYCURSOR; + if (yybm[0+yych] & 16) { + goto yy48; + } + if (yych == '\r') goto yy51; + if (yych == '.') goto yy52; +yy50: + YYCURSOR = YYMARKER; + if (yyaccept <= 1) { + if (yyaccept == 0) { + goto yy39; + } else { + yyt3 = yyt4 = NULL; + yyt2 = YYCURSOR; + goto yy57; + } + } else { + goto yy57; + } +yy51: + yych = *++YYCURSOR; + if (yych == '\n') goto yy48; + goto yy50; +yy52: + ++YYCURSOR; + YYCURSOR = yyt1; + { lineno++; goto yyc_rule; } +yy54: + yych = *++YYCURSOR; + if (yych <= '\r') { + if (yych <= 0x08) goto yy50; + if (yych <= '\n') { + yyt1 = YYCURSOR; + goto yy48; + } + if (yych <= '\f') goto yy50; + yyt1 = YYCURSOR; + goto yy51; + } else { + if (yych <= ' ') { + if (yych <= 0x1F) goto yy50; + yyt1 = YYCURSOR; + goto yy48; + } else { + if (yych == '.') { + yyt1 = YYCURSOR; + goto yy52; + } + goto yy50; + } + } +yy55: + yyaccept = 1; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 32) { + goto yy55; + } + if (yych == '(') { + yyt2 = YYCURSOR; + goto yy58; + } + yyt3 = yyt4 = NULL; + yyt2 = YYCURSOR; +yy57: + t1 = yyt1; + t2 = yyt2; + t3 = yyt3; + t4 = yyt4; + { + if (kw_i == max_keywords) { + cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); + goto out; + } + sp_parsed_keyword kw = {.kw = (char*)t1, .kwlen = t2-t1, .arg = (char*)t3, .arglen = t4-t3, .argtype = SP_ARGTYPE_UNKNOWN, .lineno = lineno}; + if (t3 && t4) { + if (t3 == t4) { + kw.argtype = SP_ARGTYPE_EMPTY; + } else if (t4-t3 >= 2 && *t3 == '"') { + kw.arg = (char*)t3 + 1; + kw.arglen = t4 - t3 - 2; + kw.argtype = SP_ARGTYPE_STR; + } else { + zend_string *tmp = zend_hash_str_find_ptr(&vars, t3, t4-t3); + if (!tmp) { + cs_error_log("unknown variable on line %d", lineno); + goto out; + } + kw.arg = ZSTR_VAL(tmp); + kw.arglen = ZSTR_LEN(tmp); + kw.argtype = SP_ARGTYPE_STR; + } + } else { + kw.argtype = SP_ARGTYPE_NONE; + } + parsed_rule[kw_i++] = kw; + goto yyc_rule; + } +yy58: + yych = *++YYCURSOR; + if (yych <= '@') { + if (yych <= '"') { + if (yych <= '!') goto yy50; + yyt3 = YYCURSOR; + } else { + if (yych == ')') { + yyt3 = yyt4 = YYCURSOR; + goto yy61; + } + goto yy50; + } + } else { + if (yych <= '_') { + if (yych <= 'Z') { + yyt3 = YYCURSOR; + goto yy62; + } + if (yych <= '^') goto yy50; + yyt3 = YYCURSOR; + goto yy62; + } else { + if (yych <= '`') goto yy50; + if (yych <= 'z') { + yyt3 = YYCURSOR; + goto yy62; + } + goto yy50; + } + } +yy59: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy59; + } + if (yych <= '\r') goto yy50; + if (yych <= '"') goto yy64; + goto yy65; +yy61: + ++YYCURSOR; + goto yy57; +yy62: + yych = *++YYCURSOR; + if (yych <= '@') { + if (yych <= ')') { + if (yych <= '(') goto yy50; + yyt4 = YYCURSOR; + goto yy61; + } else { + if (yych <= '/') goto yy50; + if (yych <= '9') goto yy62; + goto yy50; + } + } else { + if (yych <= '_') { + if (yych <= 'Z') goto yy62; + if (yych <= '^') goto yy50; + goto yy62; + } else { + if (yych <= '`') goto yy50; + if (yych <= 'z') goto yy62; + goto yy50; + } + } +yy64: + yych = *++YYCURSOR; + if (yych == ')') { + yyt4 = YYCURSOR; + goto yy61; + } + goto yy50; +yy65: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy59; + } + if (yych <= '\r') goto yy50; + if (yych >= '#') goto yy65; + yych = *++YYCURSOR; + if (yybm[0+yych] & 128) { + goto yy65; + } + if (yych <= '\r') { + if (yych == '\n') goto yy50; + if (yych <= '\f') goto yy59; + goto yy50; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy59; + goto yy64; + } else { + if (yych != ')') goto yy59; + yyt4 = YYCURSOR; + } + } + yyaccept = 2; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy59; + } + if (yych <= '\r') goto yy57; + if (yych <= '"') goto yy64; + goto yy65; + } +} + +out: + zend_hash_destroy(&vars); + return ret; +} \ No newline at end of file -- cgit v1.3 From 71b0b92a6b9ac2834237c29a949ac1c7a7714395 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 17 Aug 2021 13:27:05 +0200 Subject: fixed broken tests for PHP7 after scanner/parser update --- src/tests/broken_configuration/broken_conf.phpt | 4 ++-- src/tests/broken_configuration/broken_conf2.phpt | 4 ++-- .../broken_configuration/broken_conf_allow_broken_disabled.phpt | 4 ++-- .../broken_configuration/broken_conf_allow_broken_enabled.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_config_regexp.phpt | 8 ++++---- .../broken_conf_config_regexp_no_closing_paren.phpt | 7 ++----- .../broken_conf_cookie_encryption_without_encryption_key.phpt | 4 ++-- .../broken_conf_cookie_encryption_without_env_var.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_eval.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_expecting_bool.phpt | 4 ++-- .../broken_configuration/broken_conf_invalid_cidr_value.phpt | 7 ++----- src/tests/broken_configuration/broken_conf_invalid_filename.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_invalid_log_media.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_invalid_type.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_key_value.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_line_empty_string.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_line_no_closing.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_missing_script.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive11.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive12.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive2.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive3.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive4.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive5.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive6.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive7.phpt | 4 ++-- .../broken_configuration/broken_conf_mutually_exclusive8.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_readonly_exec.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_samesite.phpt | 4 ++-- .../broken_configuration/broken_conf_session_encryption.phpt | 4 ++-- .../broken_conf_session_encryption_without_encryption_key.phpt | 4 ++-- .../broken_conf_session_encryption_without_env_var.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt | 8 ++++---- src/tests/broken_configuration/broken_conf_truncated.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_unserialize.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_upload_validation.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_weird_keyword.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_wrong_quotes.phpt | 4 ++-- src/tests/broken_configuration/broken_regexp.phpt | 8 ++++---- 42 files changed, 90 insertions(+), 96 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf.phpt b/src/tests/broken_configuration/broken_conf.phpt index 477ee64..59bfcaf 100644 --- a/src/tests/broken_configuration/broken_conf.phpt +++ b/src/tests/broken_configuration/broken_conf.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf2.phpt b/src/tests/broken_configuration/broken_conf2.phpt index 4e67b9f..9cc6264 100644 --- a/src/tests/broken_configuration/broken_conf2.phpt +++ b/src/tests/broken_configuration/broken_conf2.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf2.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration section 'sp.wrong' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'wrong' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration section 'sp.wrong' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'wrong' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt b/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt index e2ffab0..a88a751 100644 --- a/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt +++ b/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt @@ -11,9 +11,9 @@ sp.allow_broken_configuration=Off echo 1337; ?> --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt b/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt index 68938fe..f410431 100644 --- a/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt +++ b/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt @@ -11,7 +11,7 @@ sp.allow_broken_configuration=On echo 1337; ?> --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration prefix for 'this is a broken line' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 1337 diff --git a/src/tests/broken_configuration/broken_conf_config_regexp.phpt b/src/tests/broken_configuration/broken_conf_config_regexp.phpt index ff6280e..5bc907c 100644 --- a/src/tests/broken_configuration/broken_conf_config_regexp.phpt +++ b/src/tests/broken_configuration/broken_conf_config_regexp.phpt @@ -7,12 +7,12 @@ Broken configuration sp.configuration_file={PWD}/config/broken_config_regexp.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %s on line 1. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %s on line 1. in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt b/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt index 8644dfe..451d8f0 100644 --- a/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt +++ b/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt @@ -7,12 +7,9 @@ Broken configuration - regexp without a closing parenthesis sp.configuration_file={PWD}/config/broken_config_regexp_no_closing_paren.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"*."': it doesn't look like a valid string on line 1 in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'filename_r' - it should be 'filename_r("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"*."': it doesn't look like a valid string on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'filename_r' - it should be 'filename_r("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt index 857c803..1a1e97b 100644 --- a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt +++ b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt @@ -7,9 +7,9 @@ Broken configuration - encrypted cookie without encryption key sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt index de97a9d..497f0e9 100644 --- a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt @@ -7,9 +7,9 @@ Broken configuration - encrypted cookie with without cookie env var sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_eval.phpt b/src/tests/broken_configuration/broken_conf_eval.phpt index 791795a..0fd9a86 100644 --- a/src/tests/broken_configuration/broken_conf_eval.phpt +++ b/src/tests/broken_configuration/broken_conf_eval.phpt @@ -7,9 +7,9 @@ Broken configuration for eval sp.configuration_file={PWD}/config/broken_conf_eval.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"cos,sin': it doesn't look like a valid string on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'list' - it should be 'list("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"cos,sin': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'list' - it should be 'list("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_expecting_bool.phpt b/src/tests/broken_configuration/broken_conf_expecting_bool.phpt index 4857ebe..75c4977 100644 --- a/src/tests/broken_configuration/broken_conf_expecting_bool.phpt +++ b/src/tests/broken_configuration/broken_conf_expecting_bool.phpt @@ -7,9 +7,9 @@ Bad boolean value in configuration sp.configuration_file={PWD}/config/broken_conf_expecting_bool.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '337);' at the end of '.enable(1337);' on line 5 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 5 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '337);' at the end of '.enable(1337);' on line 5 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 5 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt index 1424853..1ec4d36 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt @@ -8,12 +8,9 @@ Broken configuration, invalid cidr value sp.configuration_file={PWD}/config/broken_conf_invalid_cidr_value.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] " doesn't contain a valid cidr on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'cidr' - it should be 'cidr("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] " doesn't contain a valid cidr on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'cidr' - it should be 'cidr("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_invalid_filename.phpt b/src/tests/broken_configuration/broken_conf_invalid_filename.phpt index b9a904c..da33d55 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_filename.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_filename.phpt @@ -7,9 +7,9 @@ Broken configuration filename without absolute path sp.configuration_file={PWD}/config/broken_conf_invalid_filename.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("sprintf").filename("wrong file name").drop();':'.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("sprintf").filename("wrong file name").drop();':'.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt index c1c2668..a6cab6f 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt @@ -7,9 +7,9 @@ Broken configuration filename with improper log media sp.configuration_file={PWD}/config/broken_conf_invalid_log_media.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php', on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_invalid_type.phpt b/src/tests/broken_configuration/broken_conf_invalid_type.phpt index aeb6b85..784ee11 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_type.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_type.phpt @@ -7,9 +7,9 @@ Broken conf with wrong type sp.configuration_file={PWD}/config/broken_conf_invalid_type.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"totally_wrong"_type")': it doesn't look like a valid string on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'ret_type' - it should be 'ret_type("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"totally_wrong"_type")': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'ret_type' - it should be 'ret_type("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_key_value.phpt b/src/tests/broken_configuration/broken_conf_key_value.phpt index 221129e..e5b8620 100644 --- a/src/tests/broken_configuration/broken_conf_key_value.phpt +++ b/src/tests/broken_configuration/broken_conf_key_value.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_key_value.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_line_empty_string.phpt b/src/tests/broken_configuration/broken_conf_line_empty_string.phpt index 3790d83..7d5bb49 100644 --- a/src/tests/broken_configuration/broken_conf_line_empty_string.phpt +++ b/src/tests/broken_configuration/broken_conf_line_empty_string.phpt @@ -7,9 +7,9 @@ Configuration line with an empty string sp.configuration_file={PWD}/config/broken_conf_line_empty_string.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_line_no_closing.phpt b/src/tests/broken_configuration/broken_conf_line_no_closing.phpt index 0f51dcf..5700962 100644 --- a/src/tests/broken_configuration/broken_conf_line_no_closing.phpt +++ b/src/tests/broken_configuration/broken_conf_line_no_closing.phpt @@ -7,9 +7,9 @@ Configuration line without closing parenthese sp.configuration_file={PWD}/config/broken_conf_line_no_closing.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"123"': it doesn't look like a valid string on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"123"': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt b/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt index bef62b9..22fa558 100644 --- a/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt +++ b/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt @@ -7,9 +7,9 @@ Configuration line with too many quotes sp.configuration_file={PWD}/config/broken_conf_lots_of_quotes.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"this\"is a weird\"\"\"cookie\"name"");': it doesn't look like a valid string on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"this\"is a weird\"\"\"cookie\"name"");': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_missing_script.phpt b/src/tests/broken_configuration/broken_conf_missing_script.phpt index 9deffc7..df4f717 100644 --- a/src/tests/broken_configuration/broken_conf_missing_script.phpt +++ b/src/tests/broken_configuration/broken_conf_missing_script.phpt @@ -10,9 +10,9 @@ sp.configuration_file={PWD}/config/broken_conf_missing_script.ini echo 1; ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.enable();' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.upload_validation' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.enable();' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.upload_validation' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt index f781bbd..a4a38aa 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").value_r("^id$").drop();': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt index 49efee2..eb4856f 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt @@ -7,9 +7,9 @@ Broken configuration - ret and var are mutually exclusives sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt index 867923a..186de9d 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt @@ -7,9 +7,9 @@ Broken configuration - ret and value are mutually exclusive sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt index b4b57a4..512cbe7 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").function_r("system").param("id").value("42").drop();': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt index 6100a39..fb91a4c 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop();': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt index 388b742..3c0faca 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").param_r("^id$").drop();': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt index 2816d13..b19a651 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().ret_r("^0$");': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt index 28bcabb..fe23788 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").param("id").value("42").ret_r("^0$").drop();': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt index 2a16d0c..cb12b44 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive7.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().allow();': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.function("system").ret("0").drop().allow();': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt index 129707d..bbb7d84 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt @@ -7,9 +7,9 @@ Broken configuration sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive8.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.ret("0").drop();': must take a function name on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': must take a function name on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions.ret("0").drop();': must take a function name on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': must take a function name on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_readonly_exec.phpt b/src/tests/broken_configuration/broken_conf_readonly_exec.phpt index 78b2b9a..0028394 100644 --- a/src/tests/broken_configuration/broken_conf_readonly_exec.phpt +++ b/src/tests/broken_configuration/broken_conf_readonly_exec.phpt @@ -10,9 +10,9 @@ sp.configuration_file={PWD}/config/broken_conf_readonly_exec.ini echo 1; ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '234);' at the end of '.enable(1234);' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '234);' at the end of '.enable(1234);' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_samesite.phpt b/src/tests/broken_configuration/broken_conf_samesite.phpt index e4940c9..6328ad8 100644 --- a/src/tests/broken_configuration/broken_conf_samesite.phpt +++ b/src/tests/broken_configuration/broken_conf_samesite.phpt @@ -7,9 +7,9 @@ Bad config, invalid samesite type. sp.configuration_file={PWD}/config/broken_conf_cookie_samesite.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] nop is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] 'nop' is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] nop is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] 'nop' is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_session_encryption.phpt b/src/tests/broken_configuration/broken_conf_session_encryption.phpt index 9dbedc1..c8fa30e 100644 --- a/src/tests/broken_configuration/broken_conf_session_encryption.phpt +++ b/src/tests/broken_configuration/broken_conf_session_encryption.phpt @@ -7,9 +7,9 @@ Broken config, session encryption sp.configuration_file={PWD}/config/broken_conf_session_encryption.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars 'nvalid value :/);' at the end of '.encrypt(invalid value :/);' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'encrypt' - it should be 'encrypt()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars 'nvalid value :/);' at the end of '.encrypt(invalid value :/);' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'encrypt' - it should be 'encrypt()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt b/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt index c638f80..e5632fa 100644 --- a/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt +++ b/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt @@ -7,9 +7,9 @@ Broken configuration - encrypted session without encryption key sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_encryption_key.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in`sp.global`: please set it first in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt b/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt index d503942..47f57d3 100644 --- a/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt @@ -7,9 +7,9 @@ Broken configuration - encrypted session without env var sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_env_var.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt b/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt index 1ad0afb..351071e 100644 --- a/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt +++ b/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt @@ -18,12 +18,12 @@ if (strstr($info, 'Valid config => no') !== FALSE) { } ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %s on line 1. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %s on line 1. in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.filename_r()' is expecting a valid regexp, and not '"*."' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_truncated.phpt b/src/tests/broken_configuration/broken_conf_truncated.phpt index 6deff87..3cb292b 100644 --- a/src/tests/broken_configuration/broken_conf_truncated.phpt +++ b/src/tests/broken_configuration/broken_conf_truncated.phpt @@ -7,9 +7,9 @@ Bad boolean value in configuration sp.configuration_file={PWD}/config/config_broken_conf_truncated.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'param' - it should be 'param("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'param' - it should be 'param("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_unserialize.phpt b/src/tests/broken_configuration/broken_conf_unserialize.phpt index a42d8a1..faf1032 100644 --- a/src/tests/broken_configuration/broken_conf_unserialize.phpt +++ b/src/tests/broken_configuration/broken_conf_unserialize.phpt @@ -10,9 +10,9 @@ sp.configuration_file={PWD}/config/broken_conf_unserialize.ini echo 1; ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '234);' at the end of '.enable(1234);' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '234);' at the end of '.enable(1234);' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_upload_validation.phpt b/src/tests/broken_configuration/broken_conf_upload_validation.phpt index 9d36078..7fe80a9 100644 --- a/src/tests/broken_configuration/broken_conf_upload_validation.phpt +++ b/src/tests/broken_configuration/broken_conf_upload_validation.phpt @@ -10,9 +10,9 @@ sp.configuration_file={PWD}/config/broken_conf_upload_validation.ini echo 1; ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'script' - it should be 'script("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] A valid string as parameter is expected on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'script' - it should be 'script("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_weird_keyword.phpt b/src/tests/broken_configuration/broken_conf_weird_keyword.phpt index ce568af..b0394fa 100644 --- a/src/tests/broken_configuration/broken_conf_weird_keyword.phpt +++ b/src/tests/broken_configuration/broken_conf_weird_keyword.phpt @@ -7,9 +7,9 @@ Bad config, unknown keyword sp.configuration_file={PWD}/config/broken_conf_weird_keyword.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '.not_a_valid_keyword("test");' at the end of '.enable().not_a_valid_keyword("test");' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'not_a_valid_keyword' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '.not_a_valid_keyword("test");' at the end of '.enable().not_a_valid_keyword("test");' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'not_a_valid_keyword' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt index 2d1feeb..668a3ef 100644 --- a/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt +++ b/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt @@ -11,9 +11,9 @@ sp.allow_broken_configuration=Off echo 1337; ?> --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'invalid_param' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'invalid_param' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt b/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt index 3753989..e49ef90 100644 --- a/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt +++ b/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt @@ -7,9 +7,9 @@ Configuration line with too many quotes sp.configuration_file={PWD}/config/broken_conf_wrong_quotes.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"\)': it doesn't look like a valid string on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][error][log] There is an issue with the parsing of '"\)': it doesn't look like a valid string on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration/broken_regexp.phpt b/src/tests/broken_configuration/broken_regexp.phpt index 83c7103..2d4259f 100644 --- a/src/tests/broken_configuration/broken_regexp.phpt +++ b/src/tests/broken_configuration/broken_regexp.phpt @@ -7,12 +7,12 @@ Broken regexp sp.configuration_file={PWD}/config/broken_regexp.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class on line 1. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '.value_r()' is expecting a valid regexp, and not '"^$["' on line 1 in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class. in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '^$[' for '.value_r()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class on line 1. in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class. in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] '.value_r()' is expecting a valid regexp, and not '"^$["' on line 1 in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '^$[' for '.value_r()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. -- cgit v1.3 From a67fd0af43e0cc786069bba4539e28eccdcb12b0 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 17 Aug 2021 13:47:14 +0200 Subject: removed unused variables --- src/sp_config_keywords.c | 1 - src/sp_utils.c | 3 --- 2 files changed, 4 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 8084698..fd90453 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -166,7 +166,6 @@ SP_PARSE_FN(parse_wrapper_whitelist) { } SP_PARSE_FN(parse_cookie) { - int ret = 0; zend_string *samesite = NULL; sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1); diff --git a/src/sp_utils.c b/src/sp_utils.c index c4209de..de19321 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -415,9 +415,6 @@ bool /* success */ _hook_function(const char* original_name, HashTable* hook_tab bool hook_function(const char* original_name, HashTable* hook_table, zif_handler new_function) { - zend_function* func; - - bool ret = _hook_function(original_name, hook_table, new_function); #if PHP_VERSION_ID < 80000 -- cgit v1.3 From 627932d1eb9cfa88c72df66e51f520e987d7655e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 18 Aug 2021 10:54:58 +0200 Subject: start SP as late as possible. this allows us to hook functions of extensions supposed to be loaded later --- src/snuffleupagus.c | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 3ad47d5..650e5e4 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -73,6 +73,26 @@ ZEND_DLEXPORT zend_extension zend_extension_entry = { NULL, /* op_array_dtor_func_t */ STANDARD_ZEND_EXTENSION_PROPERTIES}; +static void sp_load_other_modules() { + // try to load other modules before initializing Snuffleupagus + zend_module_entry *module; + bool should_start = false; + ZEND_HASH_FOREACH_PTR(&module_registry, module) { + if (should_start) { + sp_log_debug("attempting to start module '%s' early", module->name); + if (zend_startup_module_ex(module) != SUCCESS) { + // startup failed. let's try again later. + module->module_started = 0; + } + } + if (strcmp(module->name, PHP_SNUFFLEUPAGUS_EXTNAME) == 0) { + should_start = true; + } + } ZEND_HASH_FOREACH_END(); + + +} + static PHP_GINIT_FUNCTION(snuffleupagus) { #ifdef SP_DEBUG_STDERR if (getenv("SP_NODEBUG")) { @@ -82,6 +102,7 @@ static PHP_GINIT_FUNCTION(snuffleupagus) { } #endif sp_log_debug("(GINIT)"); + sp_load_other_modules(); snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; snuffleupagus_globals->in_eval = 0; -- cgit v1.3 From 5cdfa697666c0ed347aaa086953b7e9c7f8aa9f9 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 31 Aug 2021 21:14:57 +0200 Subject: basic condition suuport for rules files --- src/sp_config_scanner.cached.c | 939 +++++++++++++++++++++++++++++++---------- src/sp_config_scanner.re | 56 ++- 2 files changed, 770 insertions(+), 225 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index 8e05986..d053e5f 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -3,6 +3,8 @@ enum YYCONDTYPE { yycinit, + yyccond, + yyccond_op, yycrule, }; @@ -76,6 +78,21 @@ static void str_dtor(zval *zv) { zend_string_release_ex(Z_STR_P(zv), 1); } +static int apply_op(int v1, char op, int v2, int neg) { + if (neg) { v2 = !v2; } + switch (op) { + case 0: return v2; + case '&': return (v1 && v2); + case '|': return (v1 || v2); + case '<': return (v1 < v2); + case '>': return (v1 > v2); + case '=': return (v1 == v2); + } + return 0; +} + +#define APPLY_OP(v2) cond_res = apply_op(cond_res, cond_op, v2, cond_neg); cond_op = cond_neg = 0; + zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { const char *YYCURSOR = data; @@ -95,6 +112,10 @@ const char *yyt4; HashTable vars; zend_hash_init(&vars, 10, NULL, str_dtor, 1); + int cond_res = 1; + char cond_op = 0; + int cond_neg = 0; + int cond = yycinit; long lineno = 1; @@ -102,68 +123,77 @@ const char *yyt4; { char yych; unsigned int yyaccept = 0; - if (cond < 1) { - goto yyc_init; + if (cond < 2) { + if (cond < 1) { + goto yyc_init; + } else { + goto yyc_cond; + } } else { - goto yyc_rule; + if (cond < 3) { + goto yyc_cond_op; + } else { + goto yyc_rule; + } } /* *********************************** */ yyc_init: { static const unsigned char yybm[] = { - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 92, 16, 72, 72, 24, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 92, 72, 8, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 104, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 72, 72, 72, 72, 72, 72, - 72, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 104, 72, 136, 72, 72, 104, - 72, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 104, 104, 104, 104, 104, 104, - 104, 104, 104, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, - 72, 72, 72, 72, 72, 72, 72, 72, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 88, 0, 80, 80, 16, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 88, 80, 16, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 112, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 80, 80, 80, 80, 80, 80, + 80, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 112, 80, 144, 80, 80, 112, + 80, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 112, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, + 80, 80, 80, 80, 80, 80, 80, 80, }; yych = *YYCURSOR; - if (yybm[0+yych] & 4) { + if (yybm[0+yych] & 8) { goto yy6; } - if (yych <= '"') { + if (yych <= '#') { if (yych <= '\n') { if (yych <= 0x00) goto yy2; if (yych <= 0x08) goto yy4; goto yy9; } else { if (yych == '\r') goto yy11; - goto yy4; + if (yych <= '"') goto yy4; + goto yy12; } } else { - if (yych <= ';') { - if (yych <= '#') goto yy12; - if (yych <= ':') goto yy4; - goto yy12; + if (yych <= '?') { + if (yych == ';') goto yy12; + goto yy4; } else { - if (yych == 's') goto yy15; + if (yych <= '@') goto yy15; + if (yych == 's') goto yy16; goto yy4; } } @@ -176,7 +206,7 @@ yy5: { cs_error_log("Parser error on line %d", lineno); goto out; } yy6: yych = *++YYCURSOR; - if (yybm[0+yych] & 4) { + if (yybm[0+yych] & 8) { goto yy6; } { goto yyc_init; } @@ -189,99 +219,169 @@ yy11: goto yy5; yy12: yych = *++YYCURSOR; - if (yybm[0+yych] & 8) { + if (yybm[0+yych] & 16) { goto yy12; } { goto yyc_init; } yy15: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy16; - if (yych == 'p') goto yy18; + if (yych == 'c') goto yy17; + if (yych == 'e') goto yy19; goto yy5; yy16: - yych = *++YYCURSOR; - if (yych == 't') goto yy20; + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yych == 'e') goto yy20; + if (yych == 'p') goto yy21; + goto yy5; yy17: + yych = *++YYCURSOR; + if (yych == 'o') goto yy23; +yy18: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { goto yy5; } else { yyt4 = YYCURSOR; - goto yy30; + goto yy45; } } else { - goto yy30; + goto yy45; } -yy18: - ++YYCURSOR; - { kw_i = 0; goto yyc_rule; } +yy19: + yych = *++YYCURSOR; + if (yych == 'n') goto yy24; + goto yy18; yy20: yych = *++YYCURSOR; - if (yybm[0+yych] & 16) { - goto yy21; - } - goto yy17; + if (yych == 't') goto yy25; + goto yy18; yy21: + ++YYCURSOR; + { kw_i = 0; goto yyc_rule; } +yy23: yych = *++YYCURSOR; - if (yybm[0+yych] & 16) { - goto yy21; - } - if (yych <= '^') { - if (yych <= '@') goto yy17; - if (yych >= '[') goto yy17; - yyt1 = YYCURSOR; + if (yych == 'n') goto yy26; + goto yy18; +yy24: + yych = *++YYCURSOR; + if (yych == 'd') goto yy27; + goto yy18; +yy25: + yych = *++YYCURSOR; + if (yych == '\t') goto yy28; + if (yych == ' ') goto yy28; + goto yy18; +yy26: + yych = *++YYCURSOR; + if (yych == 'd') goto yy30; + goto yy18; +yy27: + yych = *++YYCURSOR; + if (yych == '_') goto yy31; + goto yy18; +yy28: + yych = *++YYCURSOR; + if (yych <= '@') { + if (yych <= '\t') { + if (yych <= 0x08) goto yy18; + goto yy28; + } else { + if (yych == ' ') goto yy28; + goto yy18; + } } else { - if (yych == '`') goto yy17; - if (yych >= '{') goto yy17; - yyt1 = YYCURSOR; + if (yych <= '_') { + if (yych <= 'Z') { + yyt1 = YYCURSOR; + goto yy32; + } + if (yych <= '^') goto yy18; + yyt1 = YYCURSOR; + goto yy32; + } else { + if (yych <= '`') goto yy18; + if (yych <= 'z') { + yyt1 = YYCURSOR; + goto yy32; + } + goto yy18; + } } -yy23: +yy30: + yych = *++YYCURSOR; + if (yych == 'i') goto yy34; + goto yy18; +yy31: + yych = *++YYCURSOR; + if (yych == 'c') goto yy35; + goto yy18; +yy32: yych = *++YYCURSOR; if (yybm[0+yych] & 32) { - goto yy23; + goto yy32; } - if (yych <= '\f') { - if (yych <= 0x08) goto yy17; - if (yych >= '\v') goto yy17; + if (yych == '\t') { yyt2 = YYCURSOR; - } else { - if (yych <= '\r') { - yyt2 = YYCURSOR; - goto yy25; - } - if (yych != ' ') goto yy17; + goto yy36; + } + if (yych == ' ') { yyt2 = YYCURSOR; + goto yy36; } -yy25: + goto yy18; +yy34: yych = *++YYCURSOR; - if (yych <= '\r') { - if (yych <= 0x08) goto yy17; - if (yych <= '\n') goto yy25; - if (yych <= '\f') goto yy17; - goto yy25; + if (yych == 't') goto yy38; + goto yy18; +yy35: + yych = *++YYCURSOR; + if (yych == 'o') goto yy39; + goto yy18; +yy36: + yych = *++YYCURSOR; + if (yych <= 0x1F) { + if (yych == '\t') goto yy36; + goto yy18; } else { - if (yych <= ' ') { - if (yych <= 0x1F) goto yy17; - goto yy25; - } else { - if (yych != '"') goto yy17; + if (yych <= ' ') goto yy36; + if (yych == '"') { yyt3 = YYCURSOR; + goto yy40; } + goto yy18; } -yy27: +yy38: + yych = *++YYCURSOR; + if (yych == 'i') goto yy42; + goto yy18; +yy39: + yych = *++YYCURSOR; + if (yych == 'n') goto yy43; + goto yy18; +yy40: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy27; + goto yy40; } - if (yych <= '\r') goto yy17; - if (yych >= '#') goto yy31; -yy29: + if (yych <= '\r') goto yy18; + if (yych <= '"') goto yy44; + goto yy46; +yy42: + yych = *++YYCURSOR; + if (yych == 'o') goto yy48; + goto yy18; +yy43: + yych = *++YYCURSOR; + if (yych == 'd') goto yy49; + goto yy18; +yy44: yych = *++YYCURSOR; yyt4 = YYCURSOR; - if (yych == ';') goto yy33; -yy30: + goto yy51; +yy45: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -297,48 +397,441 @@ yy30: zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } -yy31: +yy46: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy27; + goto yy40; + } + if (yych <= '\r') goto yy18; + if (yych <= '"') goto yy53; + goto yy46; +yy48: + yych = *++YYCURSOR; + if (yych == 'n') goto yy54; + goto yy18; +yy49: + yych = *++YYCURSOR; + if (yych == 'i') goto yy55; + goto yy18; +yy50: + yych = *++YYCURSOR; +yy51: + if (yych <= 0x1F) { + if (yych == '\t') goto yy50; + goto yy45; + } else { + if (yych <= ' ') goto yy50; + if (yych != ';') goto yy45; } - if (yych <= '\r') goto yy17; - if (yych <= '"') goto yy34; - goto yy31; -yy33: ++YYCURSOR; - goto yy30; -yy34: + goto yy45; +yy53: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 128) { - goto yy31; + goto yy46; } - if (yych <= '\r') { - if (yych == '\n') { + if (yych <= 0x1F) { + if (yych <= '\n') { + if (yych <= 0x08) goto yy40; + if (yych <= '\t') { + yyt4 = YYCURSOR; + goto yy56; + } yyt4 = YYCURSOR; - goto yy30; + goto yy45; + } else { + if (yych == '\r') { + yyt4 = YYCURSOR; + goto yy45; + } + goto yy40; } - if (yych <= '\f') goto yy27; - yyt4 = YYCURSOR; - goto yy30; } else { if (yych <= '"') { - if (yych <= '!') goto yy27; - goto yy29; + if (yych <= ' ') { + yyt4 = YYCURSOR; + goto yy56; + } + if (yych <= '!') goto yy40; + goto yy44; } else { - if (yych != ';') goto yy27; - yyt4 = YYCURSOR; + if (yych == ';') { + yyt4 = YYCURSOR; + goto yy58; + } + goto yy40; + } + } +yy54: + yych = *++YYCURSOR; + if (yych == '\t') goto yy59; + if (yych == ' ') goto yy59; + goto yy18; +yy55: + yych = *++YYCURSOR; + if (yych == 't') goto yy62; + goto yy18; +yy56: + yyaccept = 2; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 128) { + goto yy46; + } + if (yych <= 0x1F) { + if (yych <= '\n') { + if (yych <= 0x08) goto yy40; + if (yych <= '\t') goto yy56; + goto yy45; + } else { + if (yych == '\r') goto yy45; + goto yy40; + } + } else { + if (yych <= '"') { + if (yych <= ' ') goto yy56; + if (yych <= '!') goto yy40; + goto yy44; + } else { + if (yych != ';') goto yy40; } } +yy58: yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy27; + goto yy40; + } + if (yych <= '\r') goto yy45; + if (yych <= '"') goto yy44; + goto yy46; +yy59: + yych = *++YYCURSOR; + if (yych == '\t') goto yy59; + if (yych == ' ') goto yy59; + { goto yyc_cond; } +yy62: + yych = *++YYCURSOR; + if (yych != 'i') goto yy18; + yych = *++YYCURSOR; + if (yych != 'o') goto yy18; + yych = *++YYCURSOR; + if (yych != 'n') goto yy18; +yy65: + yych = *++YYCURSOR; + if (yych <= 0x1F) { + if (yych == '\t') goto yy65; + goto yy18; + } else { + if (yych <= ' ') goto yy65; + if (yych != ';') goto yy18; + } + ++YYCURSOR; + { cond_res = 1; goto yyc_init; } + } +/* *********************************** */ +yyc_cond: + { + static const unsigned char yybm[] = { + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 72, 0, 64, 64, 0, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 72, 64, 0, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 112, 112, 112, 112, 112, 112, 112, 112, + 112, 112, 64, 64, 64, 64, 64, 64, + 64, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 64, 128, 64, 64, 96, + 64, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 96, 96, 96, 96, 96, + 96, 96, 96, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + 64, 64, 64, 64, 64, 64, 64, 64, + }; + yych = *YYCURSOR; + if (yybm[0+yych] & 8) { + goto yy73; + } + if (yych <= '/') { + if (yych <= '\f') { + if (yych <= 0x08) goto yy71; + if (yych <= '\n') goto yy76; + } else { + if (yych <= '\r') goto yy78; + if (yych <= 0x1F) goto yy71; + if (yych <= '!') goto yy79; + } + } else { + if (yych <= '^') { + if (yych <= '9') { + yyt1 = YYCURSOR; + goto yy81; + } + if (yych <= '@') goto yy71; + if (yych <= 'Z') { + yyt1 = YYCURSOR; + goto yy84; + } + } else { + if (yych == '`') goto yy71; + if (yych <= 'z') { + yyt1 = YYCURSOR; + goto yy84; + } + } + } +yy71: + ++YYCURSOR; +yy72: + { cs_error_log("Syntax error in condition on line %d", lineno); return false; } +yy73: + yych = *++YYCURSOR; + if (yybm[0+yych] & 8) { + goto yy73; + } + { goto yyc_cond; } +yy76: + ++YYCURSOR; + { lineno++; goto yyc_cond; } +yy78: + yych = *++YYCURSOR; + if (yych == '\n') goto yy76; + goto yy72; +yy79: + ++YYCURSOR; + t1 = YYCURSOR - 1; + { cond_neg = (cond_neg + 1) % 2; goto yyc_cond; } +yy81: + yych = *++YYCURSOR; + if (yybm[0+yych] & 16) { + goto yy81; + } + t1 = yyt1; + t2 = YYCURSOR; + { APPLY_OP(atoi(t1)); goto yyc_cond_op; } +yy84: + yyaccept = 0; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 32) { + goto yy84; + } + if (yych == '(') goto yy87; +yy86: + t1 = yyt1; + t2 = YYCURSOR; + { + zend_string *tmp = zend_hash_str_find_ptr(&vars, t1, t2-t1); + if (!tmp) { + cs_error_log("unknown variable in condition on line %d", lineno); + goto out; + } + APPLY_OP(atoi(ZSTR_VAL(tmp))); + goto yyc_cond_op; + } +yy87: + yych = *++YYCURSOR; + if (yych == '"') { + yyt2 = YYCURSOR; + goto yy89; + } + if (yych == ')') { + yyt2 = YYCURSOR; + goto yy91; + } +yy88: + YYCURSOR = YYMARKER; + if (yyaccept == 0) { + goto yy86; + } else { + goto yy92; + } +yy89: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy89; + } + if (yych <= '\r') goto yy88; + if (yych <= '"') goto yy93; + goto yy94; +yy91: + ++YYCURSOR; +yy92: + t1 = yyt1; + t3 = yyt2; + t2 = yyt2 - 1; + t4 = YYCURSOR - 1; + { + if (t4-t3 >= 2 && strlen("extension_loaded") == t2-t1 && strncmp("extension_loaded", t1, t2-t1) == 0) { + int is_loaded = (zend_hash_str_find_ptr(&module_registry, t3+1, t4-t3-2) != NULL); + APPLY_OP(is_loaded); + } else { + cs_error_log("unknown function in condition on line %d", lineno); + goto out; + } + goto yyc_cond_op; + } +yy93: + yych = *++YYCURSOR; + if (yych == ')') goto yy91; + goto yy88; +yy94: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy89; + } + if (yych <= '\r') goto yy88; + if (yych >= '#') goto yy94; + yych = *++YYCURSOR; + if (yybm[0+yych] & 128) { + goto yy94; + } + if (yych <= '\r') { + if (yych == '\n') goto yy88; + if (yych <= '\f') goto yy89; + goto yy88; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy89; + goto yy93; + } else { + if (yych != ')') goto yy89; + } + } + yyaccept = 1; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy89; + } + if (yych <= '\r') goto yy92; + if (yych <= '"') goto yy93; + goto yy94; + } +/* *********************************** */ +yyc_cond_op: + { + static const unsigned char yybm[] = { + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 128, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 128, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, + }; + yych = *YYCURSOR; + if (yybm[0+yych] & 128) { + goto yy102; + } + if (yych <= ':') { + if (yych <= '\f') { + if (yych <= 0x08) goto yy100; + if (yych <= '\n') goto yy105; + } else { + if (yych <= '\r') goto yy107; + if (yych == '&') { + yyt1 = YYCURSOR; + goto yy108; + } + } + } else { + if (yych <= '=') { + if (yych <= ';') goto yy109; + if (yych <= '<') { + yyt1 = YYCURSOR; + goto yy111; + } + yyt1 = YYCURSOR; + goto yy113; + } else { + if (yych <= '>') { + yyt1 = YYCURSOR; + goto yy111; + } + if (yych == '|') { + yyt1 = YYCURSOR; + goto yy114; + } + } + } +yy100: + ++YYCURSOR; +yy101: + { cs_error_log("Syntax error in condition on line %d", lineno); return false; } +yy102: + yych = *++YYCURSOR; + if (yybm[0+yych] & 128) { + goto yy102; } - if (yych <= '\r') goto yy30; - if (yych <= '"') goto yy29; - goto yy31; + { goto yyc_cond_op; } +yy105: + ++YYCURSOR; + { lineno++; goto yyc_cond_op; } +yy107: + yych = *++YYCURSOR; + if (yych == '\n') goto yy105; + goto yy101; +yy108: + yych = *++YYCURSOR; + if (yych == '&') goto yy111; + goto yy101; +yy109: + ++YYCURSOR; + { goto yyc_init; } +yy111: + ++YYCURSOR; + t1 = yyt1; + { cond_op = *t1; goto yyc_cond; } +yy113: + yych = *++YYCURSOR; + if (yych == '=') goto yy111; + goto yy101; +yy114: + yych = *++YYCURSOR; + if (yych == '|') goto yy111; + goto yy101; } /* *********************************** */ yyc_rule: @@ -379,156 +872,158 @@ yyc_rule: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy40; + goto yy119; } if (yych <= '\r') { - if (yych <= 0x08) goto yy38; - if (yych <= '\n') goto yy43; - if (yych >= '\r') goto yy44; + if (yych <= 0x08) goto yy117; + if (yych <= '\n') goto yy122; + if (yych >= '\r') goto yy123; } else { if (yych <= '.') { - if (yych >= '.') goto yy45; + if (yych >= '.') goto yy124; } else { - if (yych == ';') goto yy46; + if (yych == ';') goto yy125; } } -yy38: +yy117: ++YYCURSOR; -yy39: +yy118: { goto end_of_rule; } -yy40: +yy119: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy40; + goto yy119; } { goto yyc_rule; } -yy43: +yy122: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych <= 0x08) goto yy39; + if (yych <= 0x08) goto yy118; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy48; + goto yy127; } - if (yych <= '\f') goto yy39; + if (yych <= '\f') goto yy118; yyt1 = YYCURSOR; - goto yy51; + goto yy130; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy39; + if (yych <= 0x1F) goto yy118; yyt1 = YYCURSOR; - goto yy48; + goto yy127; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy52; + goto yy131; } - goto yy39; + goto yy118; } } -yy44: +yy123: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '\n') goto yy54; - goto yy39; -yy45: + if (yych == '\n') goto yy133; + goto yy118; +yy124: yych = *++YYCURSOR; if (yych <= '^') { - if (yych <= '@') goto yy39; + if (yych <= '@') goto yy118; if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy55; + goto yy134; } - goto yy39; + goto yy118; } else { - if (yych == '`') goto yy39; + if (yych == '`') goto yy118; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy55; + goto yy134; } - goto yy39; + goto yy118; } -yy46: +yy125: ++YYCURSOR; { end_of_rule: + if (!cond_res) { goto yyc_init; } parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; if (process_rule && process_rule(parsed_rule) != SUCCESS) { goto out; } goto yyc_init; } -yy48: +yy127: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy48; + goto yy127; } - if (yych == '\r') goto yy51; - if (yych == '.') goto yy52; -yy50: + if (yych == '\r') goto yy130; + if (yych == '.') goto yy131; +yy129: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { - goto yy39; + goto yy118; } else { yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; - goto yy57; + goto yy136; } } else { - goto yy57; + goto yy136; } -yy51: +yy130: yych = *++YYCURSOR; - if (yych == '\n') goto yy48; - goto yy50; -yy52: + if (yych == '\n') goto yy127; + goto yy129; +yy131: ++YYCURSOR; YYCURSOR = yyt1; { lineno++; goto yyc_rule; } -yy54: +yy133: yych = *++YYCURSOR; if (yych <= '\r') { - if (yych <= 0x08) goto yy50; + if (yych <= 0x08) goto yy129; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy48; + goto yy127; } - if (yych <= '\f') goto yy50; + if (yych <= '\f') goto yy129; yyt1 = YYCURSOR; - goto yy51; + goto yy130; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy50; + if (yych <= 0x1F) goto yy129; yyt1 = YYCURSOR; - goto yy48; + goto yy127; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy52; + goto yy131; } - goto yy50; + goto yy129; } } -yy55: +yy134: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy55; + goto yy134; } if (yych == '(') { yyt2 = YYCURSOR; - goto yy58; + goto yy137; } yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; -yy57: +yy136: t1 = yyt1; t2 = yyt2; t3 = yyt3; t4 = yyt4; { + if (!cond_res) { goto yyc_rule; } if (kw_i == max_keywords) { cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); goto out; @@ -557,110 +1052,110 @@ yy57: parsed_rule[kw_i++] = kw; goto yyc_rule; } -yy58: +yy137: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '"') { - if (yych <= '!') goto yy50; + if (yych <= '!') goto yy129; yyt3 = YYCURSOR; } else { if (yych == ')') { yyt3 = yyt4 = YYCURSOR; - goto yy61; + goto yy140; } - goto yy50; + goto yy129; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt3 = YYCURSOR; - goto yy62; + goto yy141; } - if (yych <= '^') goto yy50; + if (yych <= '^') goto yy129; yyt3 = YYCURSOR; - goto yy62; + goto yy141; } else { - if (yych <= '`') goto yy50; + if (yych <= '`') goto yy129; if (yych <= 'z') { yyt3 = YYCURSOR; - goto yy62; + goto yy141; } - goto yy50; + goto yy129; } } -yy59: +yy138: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy59; + goto yy138; } - if (yych <= '\r') goto yy50; - if (yych <= '"') goto yy64; - goto yy65; -yy61: + if (yych <= '\r') goto yy129; + if (yych <= '"') goto yy143; + goto yy144; +yy140: ++YYCURSOR; - goto yy57; -yy62: + goto yy136; +yy141: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= ')') { - if (yych <= '(') goto yy50; + if (yych <= '(') goto yy129; yyt4 = YYCURSOR; - goto yy61; + goto yy140; } else { - if (yych <= '/') goto yy50; - if (yych <= '9') goto yy62; - goto yy50; + if (yych <= '/') goto yy129; + if (yych <= '9') goto yy141; + goto yy129; } } else { if (yych <= '_') { - if (yych <= 'Z') goto yy62; - if (yych <= '^') goto yy50; - goto yy62; + if (yych <= 'Z') goto yy141; + if (yych <= '^') goto yy129; + goto yy141; } else { - if (yych <= '`') goto yy50; - if (yych <= 'z') goto yy62; - goto yy50; + if (yych <= '`') goto yy129; + if (yych <= 'z') goto yy141; + goto yy129; } } -yy64: +yy143: yych = *++YYCURSOR; if (yych == ')') { yyt4 = YYCURSOR; - goto yy61; + goto yy140; } - goto yy50; -yy65: + goto yy129; +yy144: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy59; + goto yy138; } - if (yych <= '\r') goto yy50; - if (yych >= '#') goto yy65; + if (yych <= '\r') goto yy129; + if (yych >= '#') goto yy144; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy65; + goto yy144; } if (yych <= '\r') { - if (yych == '\n') goto yy50; - if (yych <= '\f') goto yy59; - goto yy50; + if (yych == '\n') goto yy129; + if (yych <= '\f') goto yy138; + goto yy129; } else { if (yych <= '"') { - if (yych <= '!') goto yy59; - goto yy64; + if (yych <= '!') goto yy138; + goto yy143; } else { - if (yych != ')') goto yy59; + if (yych != ')') goto yy138; yyt4 = YYCURSOR; } } yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy59; + goto yy138; } - if (yych <= '\r') goto yy57; - if (yych <= '"') goto yy64; - goto yy65; + if (yych <= '\r') goto yy136; + if (yych <= '"') goto yy143; + goto yy144; } } diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index 33362fc..b36423b 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -71,6 +71,21 @@ static void str_dtor(zval *zv) { zend_string_release_ex(Z_STR_P(zv), 1); } +static int apply_op(int v1, char op, int v2, int neg) { + if (neg) { v2 = !v2; } + switch (op) { + case 0: return v2; + case '&': return (v1 && v2); + case '|': return (v1 || v2); + case '<': return (v1 < v2); + case '>': return (v1 > v2); + case '=': return (v1 == v2); + } + return 0; +} + +#define APPLY_OP(v2) cond_res = apply_op(cond_res, cond_op, v2, cond_neg); cond_op = cond_neg = 0; + zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { const char *YYCURSOR = data; @@ -86,6 +101,10 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key HashTable vars; zend_hash_init(&vars, 10, NULL, str_dtor, 1); + int cond_res = 1; + char cond_op = 0; + int cond_neg = 0; + int cond = yycinit; long lineno = 1; @@ -101,7 +120,6 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key end = "\x00"; nl = "\r"?"\n"; ws = [ \t]; - wsnl = [ \t\r\n]; keyword = [a-zA-Z_][a-zA-Z0-9_]*; string = "\"" ("\\\"" | [^"\r\n])* "\""; @@ -111,7 +129,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key nl { lineno++; goto yyc_init; } "sp" { kw_i = 0; goto yyc_rule; } end { ret = SUCCESS; goto out; } - "set" wsnl+ @t1 keyword @t2 wsnl+ @t3 string @t4 ";"? { + "set" ws+ @t1 keyword @t2 ws+ @t3 string @t4 ws* ";"? { char *key = (char*)t1; int keylen = t2-t1; zend_string *tmp = zend_hash_str_find_ptr(&vars, key, keylen); @@ -122,11 +140,42 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } - + "@condition" ws+ { goto yyc_cond; } + "@end_condition" ws* ";" { cond_res = 1; goto yyc_init; } + + ws+ { goto yyc_cond; } + nl { lineno++; goto yyc_cond; } + @t1 keyword @t2 "(" @t3 string? @t4 ")" { + if (t4-t3 >= 2 && strlen("extension_loaded") == t2-t1 && strncmp("extension_loaded", t1, t2-t1) == 0) { + int is_loaded = (zend_hash_str_find_ptr(&module_registry, t3+1, t4-t3-2) != NULL); + APPLY_OP(is_loaded); + } else { + cs_error_log("unknown function in condition on line %d", lineno); + goto out; + } + goto yyc_cond_op; + } + @t1 keyword @t2 { + zend_string *tmp = zend_hash_str_find_ptr(&vars, t1, t2-t1); + if (!tmp) { + cs_error_log("unknown variable in condition on line %d", lineno); + goto out; + } + APPLY_OP(atoi(ZSTR_VAL(tmp))); + goto yyc_cond_op; + } + @t1 [0-9]+ @t2 { APPLY_OP(atoi(t1)); goto yyc_cond_op; } + @t1 "!" { cond_neg = (cond_neg + 1) % 2; goto yyc_cond; } + ws+ { goto yyc_cond_op; } + nl { lineno++; goto yyc_cond_op; } + @t1 ( "&&" | "||" | "<" | ">" | "==" ) { cond_op = *t1; goto yyc_cond; } + ";" { goto yyc_init; } + * { cs_error_log("Syntax error in condition on line %d", lineno); return false; } ws+ { goto yyc_rule; } nl / ( nl | ws )* "." { lineno++; goto yyc_rule; } "." @t1 keyword @t2 ( "(" @t3 ( string? | keyword ) @t4 ")" )? { + if (!cond_res) { goto yyc_rule; } if (kw_i == max_keywords) { cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); goto out; @@ -157,6 +206,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key } ";" { end_of_rule: + if (!cond_res) { goto yyc_init; } parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; if (process_rule && process_rule(parsed_rule) != SUCCESS) { goto out; -- cgit v1.3 From 782336d8f4b9c411d344c0e7752e87631952f268 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 1 Sep 2021 17:01:00 +0200 Subject: implemented proper operand precedence using the shunting yard algorithm --- src/sp_config_scanner.cached.c | 502 ++++++++++++++++++++++++----------------- src/sp_config_scanner.re | 118 ++++++++-- 2 files changed, 394 insertions(+), 226 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index d053e5f..26a6652 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -78,20 +78,60 @@ static void str_dtor(zval *zv) { zend_string_release_ex(Z_STR_P(zv), 1); } -static int apply_op(int v1, char op, int v2, int neg) { - if (neg) { v2 = !v2; } +// sy_ functions and macros are helpers for the shunting yard algorithm +#define sy_res_push(val) \ + if (cond_res_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + cond_res[cond_res_i++] = val; +#define sy_res_pop() cond_res[--cond_res_i] +#define sy_op_push(op) \ + if (cond_op_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + cond_op[cond_op_i++] = op; +#define sy_op_pop() cond_op[--cond_op_i] +#define sy_op_peek() cond_op[cond_op_i-1] + +static inline int sy_op_precedence(char op) { + switch (op) { + case '!': return 120; + case '<': + case '>': + case 'L': // <= + case 'G': // >= + return 90; + case '&': return 70; + case '|': return 60; + case '=': return 20; + } + return 0; +} +static inline int sy_op_is_left_assoc(char op) { + switch (op) { + case '!': return 0; + } + return 1; +} +static int sy_apply_op(char op, int a, int b) { switch (op) { - case 0: return v2; - case '&': return (v1 && v2); - case '|': return (v1 || v2); - case '<': return (v1 < v2); - case '>': return (v1 > v2); - case '=': return (v1 == v2); + case '!': return !a; + case '&': return (b && a); + case '|': return (b || a); + case '<': return (b < a); + case 'L': return (b <= a); + case 'G': return (b >= a); + case '>': return (b > a); + case '=': return (b == a); } return 0; } -#define APPLY_OP(v2) cond_res = apply_op(cond_res, cond_op, v2, cond_neg); cond_op = cond_neg = 0; +#define SY_APPLY_OP_FROM_STACK() \ + char op = sy_op_pop(); \ + int unary = (op == '!'); \ + if (cond_res_i < (2 - unary)) { cs_error_log("not enough input on line %d", lineno); goto out; } \ + int a = sy_res_pop(); \ + int b = unary ? 0 : sy_res_pop(); \ + int res = sy_apply_op(op, a, b); \ + sy_res_push(res); + zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { @@ -111,10 +151,13 @@ const char *yyt4; HashTable vars; zend_hash_init(&vars, 10, NULL, str_dtor, 1); + zend_hash_str_add_ptr(&vars, ZEND_STRL("PHP_VERSION_ID"), zend_string_init(ZEND_STRL(ZEND_TOSTR(PHP_VERSION_ID)), 1)); - int cond_res = 1; - char cond_op = 0; - int cond_neg = 0; + + int cond_res[100] = {0}; + int cond_res_i = 0; + char cond_op[100] = {0}; + int cond_op_i = 0; int cond = yycinit; long lineno = 1; @@ -527,7 +570,7 @@ yy65: if (yych != ';') goto yy18; } ++YYCURSOR; - { cond_res = 1; goto yyc_init; } + { cond_res[0] = 1; goto yyc_init; } } /* *********************************** */ yyc_cond: @@ -570,38 +613,46 @@ yyc_cond: if (yybm[0+yych] & 8) { goto yy73; } - if (yych <= '/') { - if (yych <= '\f') { + if (yych <= '(') { + if (yych <= '\r') { if (yych <= 0x08) goto yy71; if (yych <= '\n') goto yy76; + if (yych >= '\r') goto yy78; } else { - if (yych <= '\r') goto yy78; if (yych <= 0x1F) goto yy71; if (yych <= '!') goto yy79; + if (yych >= '(') goto yy81; } } else { - if (yych <= '^') { + if (yych <= 'Z') { + if (yych <= '/') goto yy71; if (yych <= '9') { yyt1 = YYCURSOR; - goto yy81; + goto yy83; } - if (yych <= '@') goto yy71; - if (yych <= 'Z') { + if (yych >= 'A') { yyt1 = YYCURSOR; - goto yy84; + goto yy86; } } else { - if (yych == '`') goto yy71; - if (yych <= 'z') { - yyt1 = YYCURSOR; - goto yy84; + if (yych <= '_') { + if (yych >= '_') { + yyt1 = YYCURSOR; + goto yy86; + } + } else { + if (yych <= '`') goto yy71; + if (yych <= 'z') { + yyt1 = YYCURSOR; + goto yy86; + } } } } yy71: ++YYCURSOR; yy72: - { cs_error_log("Syntax error in condition on line %d", lineno); return false; } + { cs_error_log("Syntax error in condition on line %d", lineno); goto out; } yy73: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { @@ -618,23 +669,27 @@ yy78: yy79: ++YYCURSOR; t1 = YYCURSOR - 1; - { cond_neg = (cond_neg + 1) % 2; goto yyc_cond; } + { sy_op_push(*t1); goto yyc_cond; } yy81: + ++YYCURSOR; + t1 = YYCURSOR - 1; + { sy_op_push(*t1); goto yyc_cond; } +yy83: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy81; + goto yy83; } t1 = yyt1; t2 = YYCURSOR; - { APPLY_OP(atoi(t1)); goto yyc_cond_op; } -yy84: + { sy_res_push(atoi(t1)); goto yyc_cond_op; } +yy86: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy84; + goto yy86; } - if (yych == '(') goto yy87; -yy86: + if (yych == '(') goto yy89; +yy88: t1 = yyt1; t2 = YYCURSOR; { @@ -643,37 +698,37 @@ yy86: cs_error_log("unknown variable in condition on line %d", lineno); goto out; } - APPLY_OP(atoi(ZSTR_VAL(tmp))); + sy_res_push(atoi(ZSTR_VAL(tmp))); goto yyc_cond_op; } -yy87: +yy89: yych = *++YYCURSOR; if (yych == '"') { yyt2 = YYCURSOR; - goto yy89; + goto yy91; } if (yych == ')') { yyt2 = YYCURSOR; - goto yy91; + goto yy93; } -yy88: +yy90: YYCURSOR = YYMARKER; if (yyaccept == 0) { - goto yy86; + goto yy88; } else { - goto yy92; + goto yy94; } -yy89: +yy91: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy89; + goto yy91; } - if (yych <= '\r') goto yy88; - if (yych <= '"') goto yy93; - goto yy94; -yy91: + if (yych <= '\r') goto yy90; + if (yych <= '"') goto yy95; + goto yy96; +yy93: ++YYCURSOR; -yy92: +yy94: t1 = yyt1; t3 = yyt2; t2 = yyt2 - 1; @@ -681,48 +736,48 @@ yy92: { if (t4-t3 >= 2 && strlen("extension_loaded") == t2-t1 && strncmp("extension_loaded", t1, t2-t1) == 0) { int is_loaded = (zend_hash_str_find_ptr(&module_registry, t3+1, t4-t3-2) != NULL); - APPLY_OP(is_loaded); + sy_res_push(is_loaded); } else { cs_error_log("unknown function in condition on line %d", lineno); goto out; } goto yyc_cond_op; } -yy93: +yy95: yych = *++YYCURSOR; - if (yych == ')') goto yy91; - goto yy88; -yy94: + if (yych == ')') goto yy93; + goto yy90; +yy96: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy89; + goto yy91; } - if (yych <= '\r') goto yy88; - if (yych >= '#') goto yy94; + if (yych <= '\r') goto yy90; + if (yych >= '#') goto yy96; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy94; + goto yy96; } if (yych <= '\r') { - if (yych == '\n') goto yy88; - if (yych <= '\f') goto yy89; - goto yy88; + if (yych == '\n') goto yy90; + if (yych <= '\f') goto yy91; + goto yy90; } else { if (yych <= '"') { - if (yych <= '!') goto yy89; - goto yy93; + if (yych <= '!') goto yy91; + goto yy95; } else { - if (yych != ')') goto yy89; + if (yych != ')') goto yy91; } } yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy89; + goto yy91; } - if (yych <= '\r') goto yy92; - if (yych <= '"') goto yy93; - goto yy94; + if (yych <= '\r') goto yy94; + if (yych <= '"') goto yy95; + goto yy96; } /* *********************************** */ yyc_cond_op: @@ -763,75 +818,114 @@ yyc_cond_op: }; yych = *YYCURSOR; if (yybm[0+yych] & 128) { - goto yy102; + goto yy104; } - if (yych <= ':') { - if (yych <= '\f') { - if (yych <= 0x08) goto yy100; - if (yych <= '\n') goto yy105; + if (yych <= ')') { + if (yych <= '\r') { + if (yych <= 0x08) goto yy102; + if (yych <= '\n') goto yy107; + if (yych >= '\r') goto yy109; } else { - if (yych <= '\r') goto yy107; if (yych == '&') { yyt1 = YYCURSOR; - goto yy108; + goto yy110; } + if (yych >= ')') goto yy111; } } else { if (yych <= '=') { - if (yych <= ';') goto yy109; + if (yych <= ':') goto yy102; + if (yych <= ';') goto yy113; if (yych <= '<') { yyt1 = YYCURSOR; - goto yy111; + goto yy115; } yyt1 = YYCURSOR; - goto yy113; + goto yy117; } else { if (yych <= '>') { yyt1 = YYCURSOR; - goto yy111; + goto yy115; } if (yych == '|') { yyt1 = YYCURSOR; - goto yy114; + goto yy118; } } } -yy100: - ++YYCURSOR; -yy101: - { cs_error_log("Syntax error in condition on line %d", lineno); return false; } yy102: + ++YYCURSOR; +yy103: + { cs_error_log("Syntax error in condition on line %d", lineno); goto out; } +yy104: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy102; + goto yy104; } { goto yyc_cond_op; } -yy105: +yy107: ++YYCURSOR; { lineno++; goto yyc_cond_op; } -yy107: +yy109: yych = *++YYCURSOR; - if (yych == '\n') goto yy105; - goto yy101; -yy108: + if (yych == '\n') goto yy107; + goto yy103; +yy110: yych = *++YYCURSOR; - if (yych == '&') goto yy111; - goto yy101; -yy109: - ++YYCURSOR; - { goto yyc_init; } + if (yych == '&') goto yy119; + goto yy103; yy111: ++YYCURSOR; - t1 = yyt1; - { cond_op = *t1; goto yyc_cond; } + { + while (cond_op_i && sy_op_peek() != '(') { + SY_APPLY_OP_FROM_STACK(); + } + if (cond_op_i == 0 || sy_op_peek() != '(') { + cs_error_log("unbalanced parathesis on line %d", lineno); goto out; + } + sy_op_pop(); + goto yyc_cond_op; + } yy113: + ++YYCURSOR; + { + while (cond_op_i) { + if (sy_op_peek() == '(') { cs_error_log("unbalanced parathesis on line %d", lineno); goto out; } + SY_APPLY_OP_FROM_STACK(); + } + if (cond_res_i > 1) { cs_error_log("invalid condition on line %d", lineno); goto out; } + goto yyc_init; + } +yy115: + yych = *++YYCURSOR; + if (yych == '=') goto yy119; +yy116: + t1 = yyt1; + t2 = YYCURSOR; + { + char op1 = *t1; + if (t2-t1 == 2) { + switch (op1) { + case '<': op1 = 'L'; break; // <= + case '>': op1 = 'G'; break; // >= + } + } + while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1)) && sy_op_is_left_assoc(*t1))) { + SY_APPLY_OP_FROM_STACK(); + } + sy_op_push(*t1); + goto yyc_cond; + } +yy117: yych = *++YYCURSOR; - if (yych == '=') goto yy111; - goto yy101; -yy114: + if (yych == '=') goto yy119; + goto yy103; +yy118: yych = *++YYCURSOR; - if (yych == '|') goto yy111; - goto yy101; + if (yych != '|') goto yy103; +yy119: + ++YYCURSOR; + goto yy116; } /* *********************************** */ yyc_rule: @@ -872,158 +966,158 @@ yyc_rule: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy119; + goto yy124; } if (yych <= '\r') { - if (yych <= 0x08) goto yy117; - if (yych <= '\n') goto yy122; - if (yych >= '\r') goto yy123; + if (yych <= 0x08) goto yy122; + if (yych <= '\n') goto yy127; + if (yych >= '\r') goto yy128; } else { if (yych <= '.') { - if (yych >= '.') goto yy124; + if (yych >= '.') goto yy129; } else { - if (yych == ';') goto yy125; + if (yych == ';') goto yy130; } } -yy117: +yy122: ++YYCURSOR; -yy118: +yy123: { goto end_of_rule; } -yy119: +yy124: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy119; + goto yy124; } { goto yyc_rule; } -yy122: +yy127: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych <= 0x08) goto yy118; + if (yych <= 0x08) goto yy123; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy127; + goto yy132; } - if (yych <= '\f') goto yy118; + if (yych <= '\f') goto yy123; yyt1 = YYCURSOR; - goto yy130; + goto yy135; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy118; + if (yych <= 0x1F) goto yy123; yyt1 = YYCURSOR; - goto yy127; + goto yy132; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy131; + goto yy136; } - goto yy118; + goto yy123; } } -yy123: +yy128: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '\n') goto yy133; - goto yy118; -yy124: + if (yych == '\n') goto yy138; + goto yy123; +yy129: yych = *++YYCURSOR; if (yych <= '^') { - if (yych <= '@') goto yy118; + if (yych <= '@') goto yy123; if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy134; + goto yy139; } - goto yy118; + goto yy123; } else { - if (yych == '`') goto yy118; + if (yych == '`') goto yy123; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy134; + goto yy139; } - goto yy118; + goto yy123; } -yy125: +yy130: ++YYCURSOR; { end_of_rule: - if (!cond_res) { goto yyc_init; } + if (!cond_res[0]) { goto yyc_init; } parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; if (process_rule && process_rule(parsed_rule) != SUCCESS) { goto out; } goto yyc_init; } -yy127: +yy132: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy127; + goto yy132; } - if (yych == '\r') goto yy130; - if (yych == '.') goto yy131; -yy129: + if (yych == '\r') goto yy135; + if (yych == '.') goto yy136; +yy134: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { - goto yy118; + goto yy123; } else { yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; - goto yy136; + goto yy141; } } else { - goto yy136; + goto yy141; } -yy130: +yy135: yych = *++YYCURSOR; - if (yych == '\n') goto yy127; - goto yy129; -yy131: + if (yych == '\n') goto yy132; + goto yy134; +yy136: ++YYCURSOR; YYCURSOR = yyt1; { lineno++; goto yyc_rule; } -yy133: +yy138: yych = *++YYCURSOR; if (yych <= '\r') { - if (yych <= 0x08) goto yy129; + if (yych <= 0x08) goto yy134; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy127; + goto yy132; } - if (yych <= '\f') goto yy129; + if (yych <= '\f') goto yy134; yyt1 = YYCURSOR; - goto yy130; + goto yy135; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy129; + if (yych <= 0x1F) goto yy134; yyt1 = YYCURSOR; - goto yy127; + goto yy132; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy131; + goto yy136; } - goto yy129; + goto yy134; } } -yy134: +yy139: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy134; + goto yy139; } if (yych == '(') { yyt2 = YYCURSOR; - goto yy137; + goto yy142; } yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; -yy136: +yy141: t1 = yyt1; t2 = yyt2; t3 = yyt3; t4 = yyt4; { - if (!cond_res) { goto yyc_rule; } + if (!cond_res[0]) { goto yyc_rule; } if (kw_i == max_keywords) { cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); goto out; @@ -1052,110 +1146,110 @@ yy136: parsed_rule[kw_i++] = kw; goto yyc_rule; } -yy137: +yy142: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '"') { - if (yych <= '!') goto yy129; + if (yych <= '!') goto yy134; yyt3 = YYCURSOR; } else { if (yych == ')') { yyt3 = yyt4 = YYCURSOR; - goto yy140; + goto yy145; } - goto yy129; + goto yy134; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt3 = YYCURSOR; - goto yy141; + goto yy146; } - if (yych <= '^') goto yy129; + if (yych <= '^') goto yy134; yyt3 = YYCURSOR; - goto yy141; + goto yy146; } else { - if (yych <= '`') goto yy129; + if (yych <= '`') goto yy134; if (yych <= 'z') { yyt3 = YYCURSOR; - goto yy141; + goto yy146; } - goto yy129; + goto yy134; } } -yy138: +yy143: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy138; + goto yy143; } - if (yych <= '\r') goto yy129; - if (yych <= '"') goto yy143; - goto yy144; -yy140: + if (yych <= '\r') goto yy134; + if (yych <= '"') goto yy148; + goto yy149; +yy145: ++YYCURSOR; - goto yy136; -yy141: + goto yy141; +yy146: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= ')') { - if (yych <= '(') goto yy129; + if (yych <= '(') goto yy134; yyt4 = YYCURSOR; - goto yy140; + goto yy145; } else { - if (yych <= '/') goto yy129; - if (yych <= '9') goto yy141; - goto yy129; + if (yych <= '/') goto yy134; + if (yych <= '9') goto yy146; + goto yy134; } } else { if (yych <= '_') { - if (yych <= 'Z') goto yy141; - if (yych <= '^') goto yy129; - goto yy141; + if (yych <= 'Z') goto yy146; + if (yych <= '^') goto yy134; + goto yy146; } else { - if (yych <= '`') goto yy129; - if (yych <= 'z') goto yy141; - goto yy129; + if (yych <= '`') goto yy134; + if (yych <= 'z') goto yy146; + goto yy134; } } -yy143: +yy148: yych = *++YYCURSOR; if (yych == ')') { yyt4 = YYCURSOR; - goto yy140; + goto yy145; } - goto yy129; -yy144: + goto yy134; +yy149: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy138; + goto yy143; } - if (yych <= '\r') goto yy129; - if (yych >= '#') goto yy144; + if (yych <= '\r') goto yy134; + if (yych >= '#') goto yy149; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy144; + goto yy149; } if (yych <= '\r') { - if (yych == '\n') goto yy129; - if (yych <= '\f') goto yy138; - goto yy129; + if (yych == '\n') goto yy134; + if (yych <= '\f') goto yy143; + goto yy134; } else { if (yych <= '"') { - if (yych <= '!') goto yy138; - goto yy143; + if (yych <= '!') goto yy143; + goto yy148; } else { - if (yych != ')') goto yy138; + if (yych != ')') goto yy143; yyt4 = YYCURSOR; } } yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy138; + goto yy143; } - if (yych <= '\r') goto yy136; - if (yych <= '"') goto yy143; - goto yy144; + if (yych <= '\r') goto yy141; + if (yych <= '"') goto yy148; + goto yy149; } } diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index b36423b..f911df3 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -71,20 +71,60 @@ static void str_dtor(zval *zv) { zend_string_release_ex(Z_STR_P(zv), 1); } -static int apply_op(int v1, char op, int v2, int neg) { - if (neg) { v2 = !v2; } +// sy_ functions and macros are helpers for the shunting yard algorithm +#define sy_res_push(val) \ + if (cond_res_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + cond_res[cond_res_i++] = val; +#define sy_res_pop() cond_res[--cond_res_i] +#define sy_op_push(op) \ + if (cond_op_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + cond_op[cond_op_i++] = op; +#define sy_op_pop() cond_op[--cond_op_i] +#define sy_op_peek() cond_op[cond_op_i-1] + +static inline int sy_op_precedence(char op) { switch (op) { - case 0: return v2; - case '&': return (v1 && v2); - case '|': return (v1 || v2); - case '<': return (v1 < v2); - case '>': return (v1 > v2); - case '=': return (v1 == v2); + case '!': return 120; + case '<': + case '>': + case 'L': // <= + case 'G': // >= + return 90; + case '&': return 70; + case '|': return 60; + case '=': return 20; } return 0; } +static inline int sy_op_is_left_assoc(char op) { + switch (op) { + case '!': return 0; + } + return 1; +} +static int sy_apply_op(char op, int a, int b) { + switch (op) { + case '!': return !a; + case '&': return (b && a); + case '|': return (b || a); + case '<': return (b < a); + case 'L': return (b <= a); + case 'G': return (b >= a); + case '>': return (b > a); + case '=': return (b == a); + } + return 0; +} + +#define SY_APPLY_OP_FROM_STACK() \ + char op = sy_op_pop(); \ + int unary = (op == '!'); \ + if (cond_res_i < (2 - unary)) { cs_error_log("not enough input on line %d", lineno); goto out; } \ + int a = sy_res_pop(); \ + int b = unary ? 0 : sy_res_pop(); \ + int res = sy_apply_op(op, a, b); \ + sy_res_push(res); -#define APPLY_OP(v2) cond_res = apply_op(cond_res, cond_op, v2, cond_neg); cond_op = cond_neg = 0; zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { @@ -100,10 +140,13 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key HashTable vars; zend_hash_init(&vars, 10, NULL, str_dtor, 1); + zend_hash_str_add_ptr(&vars, ZEND_STRL("PHP_VERSION_ID"), zend_string_init(ZEND_STRL(ZEND_TOSTR(PHP_VERSION_ID)), 1)); - int cond_res = 1; - char cond_op = 0; - int cond_neg = 0; + + int cond_res[100] = {0}; + int cond_res_i = 0; + char cond_op[100] = {0}; + int cond_op_i = 0; int cond = yycinit; long lineno = 1; @@ -141,14 +184,14 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key goto yyc_init; } "@condition" ws+ { goto yyc_cond; } - "@end_condition" ws* ";" { cond_res = 1; goto yyc_init; } + "@end_condition" ws* ";" { cond_res[0] = 1; goto yyc_init; } ws+ { goto yyc_cond; } nl { lineno++; goto yyc_cond; } @t1 keyword @t2 "(" @t3 string? @t4 ")" { if (t4-t3 >= 2 && strlen("extension_loaded") == t2-t1 && strncmp("extension_loaded", t1, t2-t1) == 0) { int is_loaded = (zend_hash_str_find_ptr(&module_registry, t3+1, t4-t3-2) != NULL); - APPLY_OP(is_loaded); + sy_res_push(is_loaded); } else { cs_error_log("unknown function in condition on line %d", lineno); goto out; @@ -161,21 +204,52 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key cs_error_log("unknown variable in condition on line %d", lineno); goto out; } - APPLY_OP(atoi(ZSTR_VAL(tmp))); + sy_res_push(atoi(ZSTR_VAL(tmp))); goto yyc_cond_op; } - @t1 [0-9]+ @t2 { APPLY_OP(atoi(t1)); goto yyc_cond_op; } - @t1 "!" { cond_neg = (cond_neg + 1) % 2; goto yyc_cond; } + @t1 [0-9]+ @t2 { sy_res_push(atoi(t1)); goto yyc_cond_op; } + @t1 "!" { sy_op_push(*t1); goto yyc_cond; } + @t1 "(" { sy_op_push(*t1); goto yyc_cond; } ws+ { goto yyc_cond_op; } nl { lineno++; goto yyc_cond_op; } - @t1 ( "&&" | "||" | "<" | ">" | "==" ) { cond_op = *t1; goto yyc_cond; } - ";" { goto yyc_init; } - * { cs_error_log("Syntax error in condition on line %d", lineno); return false; } + @t1 ( "&&" | "||" | "<" | ">" | "==" | "<=" | ">=") @t2 { + char op1 = *t1; + if (t2-t1 == 2) { + switch (op1) { + case '<': op1 = 'L'; break; // <= + case '>': op1 = 'G'; break; // >= + } + } + while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1)) && sy_op_is_left_assoc(*t1))) { + SY_APPLY_OP_FROM_STACK(); + } + sy_op_push(*t1); + goto yyc_cond; + } + ")" { + while (cond_op_i && sy_op_peek() != '(') { + SY_APPLY_OP_FROM_STACK(); + } + if (cond_op_i == 0 || sy_op_peek() != '(') { + cs_error_log("unbalanced parathesis on line %d", lineno); goto out; + } + sy_op_pop(); + goto yyc_cond_op; + } + ";" { + while (cond_op_i) { + if (sy_op_peek() == '(') { cs_error_log("unbalanced parathesis on line %d", lineno); goto out; } + SY_APPLY_OP_FROM_STACK(); + } + if (cond_res_i > 1) { cs_error_log("invalid condition on line %d", lineno); goto out; } + goto yyc_init; + } + * { cs_error_log("Syntax error in condition on line %d", lineno); goto out; } ws+ { goto yyc_rule; } nl / ( nl | ws )* "." { lineno++; goto yyc_rule; } "." @t1 keyword @t2 ( "(" @t3 ( string? | keyword ) @t4 ")" )? { - if (!cond_res) { goto yyc_rule; } + if (!cond_res[0]) { goto yyc_rule; } if (kw_i == max_keywords) { cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); goto out; @@ -206,7 +280,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key } ";" { end_of_rule: - if (!cond_res) { goto yyc_init; } + if (!cond_res[0]) { goto yyc_init; } parsed_rule[kw_i++] = (sp_parsed_keyword){0, 0, 0, 0, 0, 0}; if (process_rule && process_rule(parsed_rule) != SUCCESS) { goto out; -- cgit v1.3 From b4dcbe2dd11efda09adc934fa2563eafc12e9b55 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 2 Sep 2021 13:58:01 +0200 Subject: fixed compiler warnings + test cases --- src/sp_config_keywords.c | 2 +- src/sp_config_scanner.cached.c | 14 +++++++------- src/sp_config_scanner.re | 14 +++++++------- .../broken_conf_cookie_encryption_without_env_var.phpt | 2 +- .../cookies_encryption_warning/encrypt_cookies_no_env.phpt | 2 +- .../encrypt_regexp_cookies_no_env.phpt | 2 +- 6 files changed, 18 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index fd90453..3b6bc0b 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -183,7 +183,7 @@ SP_PARSE_FN(parse_cookie) { if (cookie->encrypt) { if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { sp_log_err("config", "You're trying to use the cookie encryption feature on line %zu " - "without having set the `." SP_TOKEN_ENV_VAR "` option in`sp.global`: please set it first", parsed_rule->lineno); + "without having set the `." SP_TOKEN_ENV_VAR "` option in `sp.global`: please set it first", parsed_rule->lineno); goto err; } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { sp_log_err("config", "You're trying to use the cookie encryption feature " diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index 26a6652..868d271 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -154,7 +154,7 @@ const char *yyt4; zend_hash_str_add_ptr(&vars, ZEND_STRL("PHP_VERSION_ID"), zend_string_init(ZEND_STRL(ZEND_TOSTR(PHP_VERSION_ID)), 1)); - int cond_res[100] = {0}; + int cond_res[100] = {1}; int cond_res_i = 0; char cond_op[100] = {0}; int cond_op_i = 0; @@ -883,7 +883,7 @@ yy111: if (cond_op_i == 0 || sy_op_peek() != '(') { cs_error_log("unbalanced parathesis on line %d", lineno); goto out; } - sy_op_pop(); + cond_op_i--; goto yyc_cond_op; } yy113: @@ -910,12 +910,12 @@ yy116: case '>': op1 = 'G'; break; // >= } } - while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1)) && sy_op_is_left_assoc(*t1))) { - SY_APPLY_OP_FROM_STACK(); - } - sy_op_push(*t1); - goto yyc_cond; + while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1) && sy_op_is_left_assoc(*t1)))) { + SY_APPLY_OP_FROM_STACK(); } + sy_op_push(*t1); + goto yyc_cond; + } yy117: yych = *++YYCURSOR; if (yych == '=') goto yy119; diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index f911df3..5fd1928 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -143,7 +143,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key zend_hash_str_add_ptr(&vars, ZEND_STRL("PHP_VERSION_ID"), zend_string_init(ZEND_STRL(ZEND_TOSTR(PHP_VERSION_ID)), 1)); - int cond_res[100] = {0}; + int cond_res[100] = {1}; int cond_res_i = 0; char cond_op[100] = {0}; int cond_op_i = 0; @@ -220,12 +220,12 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key case '>': op1 = 'G'; break; // >= } } - while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1)) && sy_op_is_left_assoc(*t1))) { - SY_APPLY_OP_FROM_STACK(); - } - sy_op_push(*t1); - goto yyc_cond; + while (cond_op_i && sy_op_peek() != '(' && ((sy_op_precedence(sy_op_peek()) > sy_op_precedence(*t1)) || (sy_op_precedence(sy_op_peek()) == sy_op_precedence(*t1) && sy_op_is_left_assoc(*t1)))) { + SY_APPLY_OP_FROM_STACK(); } + sy_op_push(*t1); + goto yyc_cond; + } ")" { while (cond_op_i && sy_op_peek() != '(') { SY_APPLY_OP_FROM_STACK(); @@ -233,7 +233,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key if (cond_op_i == 0 || sy_op_peek() != '(') { cs_error_log("unbalanced parathesis on line %d", lineno); goto out; } - sy_op_pop(); + cond_op_i--; goto yyc_cond_op; } ";" { diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt index 25371dd..99e391e 100644 --- a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt @@ -7,7 +7,7 @@ Broken configuration - encrypted cookie with without cookie env var sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt index a01c352..b31bf78 100644 --- a/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt +++ b/src/tests/cookies_encryption_warning/encrypt_cookies_no_env.phpt @@ -18,4 +18,4 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 diff --git a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt index 1fe4074..d4b7e6a 100644 --- a/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt +++ b/src/tests/cookies_encryption_warning/encrypt_regexp_cookies_no_env.phpt @@ -18,4 +18,4 @@ EOF; --EXPECT-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 -Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][127.0.0.1][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 -- cgit v1.3 From c04de95e092282dbd2790cf5e0afdb4975bdf4e1 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 2 Sep 2021 13:58:49 +0200 Subject: fixed more test cases --- .../broken_conf_cookie_encryption_without_env_var.phpt | 4 ++-- .../broken_conf_session_encryption_without_encryption_key.phpt | 2 +- .../broken_conf_session_encryption_without_env_var.phpt | 2 +- 3 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt index 497f0e9..a7686aa 100644 --- a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt @@ -7,9 +7,9 @@ Broken configuration - encrypted cookie with without cookie env var sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt b/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt index 62ee41e..b2d6ee0 100644 --- a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt @@ -9,7 +9,7 @@ sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_encryp --XFAIL-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt b/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt index 5acc1cd..1753802 100644 --- a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt @@ -9,7 +9,7 @@ sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_env_va --XFAIL-- --EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 Could not startup. -- cgit v1.3 From 6900dbd5573d7ddb04c2ccb59a4aefca841e124b Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 2 Sep 2021 15:17:24 +0200 Subject: fixed test cases where pcre error output changed --- src/tests/broken_configuration/broken_conf_config_regexp.phpt | 4 ++-- src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf_config_regexp.phpt b/src/tests/broken_configuration/broken_conf_config_regexp.phpt index 5bc907c..6428c4a 100644 --- a/src/tests/broken_configuration/broken_conf_config_regexp.phpt +++ b/src/tests/broken_configuration/broken_conf_config_regexp.phpt @@ -7,10 +7,10 @@ Broken configuration sp.configuration_file={PWD}/config/broken_config_regexp.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt b/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt index 351071e..cb93a25 100644 --- a/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt +++ b/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt @@ -18,10 +18,10 @@ if (strstr($info, 'Valid config => no') !== FALSE) { } ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 +PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 +Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 -- cgit v1.3 From 2e4fda2c67ce98c9be9092effe2522c1de9f7efc Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 3 Sep 2021 13:25:33 +0200 Subject: fixed session encryption in php8 + related test cases --- src/sp_crypt.c | 3 +- src/sp_session.c | 13 ++------- .../crypt_session_corrupted_session.phpt | 2 +- .../crypt_session_invalid_simul.phpt | 15 +++++++--- .../crypt_session_invalid_simul_php73.phpt | 33 ++++++++++++++++++++++ .../crypt_session_read_uncrypt.phpt | 16 +++++++---- .../set_custom_session_handler.phpt | 2 +- .../set_custom_session_handler2.phpt | 2 +- 8 files changed, 61 insertions(+), 25 deletions(-) create mode 100644 src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt (limited to 'src') diff --git a/src/sp_crypt.c b/src/sp_crypt.c index eeffe33..ff8f65e 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -43,8 +43,7 @@ int decrypt_zval(zval *pDest, bool simulation, zend_hash_key *hash_key) { unsigned char *decrypted = NULL, *backup = NULL; int ret = 0; - zend_string *debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), - Z_STRLEN_P(pDest)); + zend_string *debase64 = php_base64_decode((unsigned char *)(Z_STRVAL_P(pDest)), Z_STRLEN_P(pDest)); if (ZSTR_LEN(debase64) < crypto_secretbox_NONCEBYTES) { if (true == simulation) { diff --git a/src/sp_session.c b/src/sp_session.c index b2f4a43..7fa4937 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -113,16 +113,9 @@ static PHP_INI_MH(sp_OnUpdateSaveHandler) { } static int sp_hook_session_RINIT(INIT_FUNC_ARGS) { - if (SESSION_G(mod) == NULL) { - zend_ini_entry *ini_entry; - if ((ini_entry = zend_hash_str_find_ptr( - EG(ini_directives), ZEND_STRL("session.save_handler")))) { - if (ini_entry && ini_entry->value) { - sp_OnUpdateSaveHandler(NULL, ini_entry->value, NULL, NULL, NULL, 0); - } - } - } - return previous_sessionRINIT(INIT_FUNC_ARGS_PASSTHRU); + int ret = previous_sessionRINIT(INIT_FUNC_ARGS_PASSTHRU); + sp_hook_session_module(); + return ret; } void hook_session() { diff --git a/src/tests/session_encryption/crypt_session_corrupted_session.phpt b/src/tests/session_encryption/crypt_session_corrupted_session.phpt index 6f9c287..db3f949 100644 --- a/src/tests/session_encryption/crypt_session_corrupted_session.phpt +++ b/src/tests/session_encryption/crypt_session_corrupted_session.phpt @@ -6,7 +6,7 @@ Set a custom session handler = 70400) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini -session.save_path = "/tmp" +session.save_path="/tmp" --ENV-- return << + --INI-- sp.configuration_file={PWD}/config/config_crypt_session_simul.ini +display_errors=0 +log_errors=1 +error_log="{PWD}"/crypt_session_invalid_simul.tmp --ENV-- return << --EXPECTF-- -array(1) { - ["toto"]=> - string(4) "tata" +array(0) { } +%aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul.php on line 9 +%aPHP Warning: session_start(): Failed to decode session object. Session has been destroyed in %a/crypt_session_invalid_simul.php on line 9 diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt new file mode 100644 index 0000000..4d1f747 --- /dev/null +++ b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt @@ -0,0 +1,33 @@ +--TEST-- +SESSION crypt and bad decrypt +--SKIPIF-- += 70400) print "skip"; ?> +--INI-- +sp.configuration_file={PWD}/config/config_crypt_session_simul.ini +display_errors=0 +log_errors=1 +error_log="{PWD}"/crypt_session_invalid_simul.tmp +--ENV-- +return << +--EXPECTF-- +array(0) { +} +%aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9 diff --git a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt index 5e81b52..e2e1737 100644 --- a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt +++ b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt @@ -4,25 +4,28 @@ SESSION crypt/decrypt valid --INI-- sp.configuration_file={PWD}/config/config_crypt_session_simul.ini +session.save_path="{PWD}" +display_errors=0 +log_errors=1 +error_log="{PWD}"/crypt_session_read_uncrypt.tmp --ENV-- return << --EXPECTF-- @@ -31,3 +34,4 @@ array(1) { string(4) "tata" } OK +%aPHP Warning: [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Buffer underflow tentative detected in cookie encryption handling for the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_read_uncrypt.php on line 9 diff --git a/src/tests/session_encryption/set_custom_session_handler.phpt b/src/tests/session_encryption/set_custom_session_handler.phpt index 725ee43..1b81a04 100644 --- a/src/tests/session_encryption/set_custom_session_handler.phpt +++ b/src/tests/session_encryption/set_custom_session_handler.phpt @@ -4,7 +4,7 @@ Set a custom session handler --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini -session.save_path = "/tmp" +session.save_path="/tmp" --ENV-- return << --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini -session.save_path = "/tmp" +session.save_path="/tmp" --ENV-- return << + --INI-- sp.configuration_file={PWD}/config/config_crypt_session_simul.ini display_errors=0 diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt deleted file mode 100644 index 4d1f747..0000000 --- a/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt +++ /dev/null @@ -1,33 +0,0 @@ ---TEST-- -SESSION crypt and bad decrypt ---SKIPIF-- -= 70400) print "skip"; ?> ---INI-- -sp.configuration_file={PWD}/config/config_crypt_session_simul.ini -display_errors=0 -log_errors=1 -error_log="{PWD}"/crypt_session_invalid_simul.tmp ---ENV-- -return << ---EXPECTF-- -array(0) { -} -%aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9 diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt new file mode 100644 index 0000000..a05b828 --- /dev/null +++ b/src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt @@ -0,0 +1,33 @@ +--TEST-- +SESSION crypt and bad decrypt +--SKIPIF-- += 80000) print "skip"; ?> +--INI-- +sp.configuration_file={PWD}/config/config_crypt_session_simul.ini +display_errors=0 +log_errors=1 +error_log="{PWD}"/crypt_session_invalid_simul.tmp +--ENV-- +return << +--EXPECTF-- +array(0) { +} +%aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9 -- cgit v1.3 From 8e42064026906f0f25caca237e4624b5b3c5087e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 15 Sep 2021 20:25:33 +0200 Subject: changed version and version output in phpinfo --- src/php_snuffleupagus.h | 6 +++--- src/snuffleupagus.c | 2 +- 2 files changed, 4 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 91ee8a6..e11f976 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -1,10 +1,10 @@ #ifndef PHP_SNUFFLEUPAGUS_H #define PHP_SNUFFLEUPAGUS_H -#define PHP_SNUFFLEUPAGUS_VERSION "0.7.0" +#define PHP_SNUFFLEUPAGUS_VERSION "0.8.0" #define PHP_SNUFFLEUPAGUS_EXTNAME "snuffleupagus" -#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin" -#define PHP_SNUFFLEUPAGUS_URL "https://github.com/jvoisin/snuffleupagus" +#define PHP_SNUFFLEUPAGUS_AUTHOR "NBS System & Julien (jvoisin) Voisin | Suhosin-NG patches by SektionEins GmbH" +#define PHP_SNUFFLEUPAGUS_URL "https://github.com/sektioneins/snuffleupagus" #define PHP_SNUFFLEUPAGUS_COPYRIGHT "LGPLv2" #ifdef HAVE_CONFIG_H diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 650e5e4..dab5dca 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -302,7 +302,7 @@ PHP_MINFO_FUNCTION(snuffleupagus) { php_info_print_table_row( 2, "snuffleupagus support", SNUFFLEUPAGUS_G(is_config_valid) ? "enabled" : "disabled"); - php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION); + php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION "-sng (with Suhosin-NG patches)"); php_info_print_table_row(2, "Valid config", valid_config); php_info_print_table_end(); DISPLAY_INI_ENTRIES(); -- cgit v1.3 From 31d6a3cddd18cef447698ba2beaa7b5d9ab9dd94 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 15 Sep 2021 20:26:02 +0200 Subject: implemented execution depth limit --- src/php_snuffleupagus.h | 1 + src/snuffleupagus.c | 2 ++ src/sp_config.h | 2 ++ src/sp_config_keywords.c | 1 + src/sp_execute.c | 17 +++++++++++++---- 5 files changed, 19 insertions(+), 4 deletions(-) (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index e11f976..0c7dc4b 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -108,6 +108,7 @@ ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus) size_t in_eval; sp_config config; int is_config_valid; // 1 = valid, 0 = invalid, -1 = none +u_long execution_depth; bool allow_broken_configuration; HashTable *disabled_functions_hook; HashTable *sp_internal_functions_hook; diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index dab5dca..d2f81ff 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -251,6 +251,8 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { } PHP_RINIT_FUNCTION(snuffleupagus) { + SNUFFLEUPAGUS_G(execution_depth) = 0; + const sp_config_wrapper *const config_wrapper = SNUFFLEUPAGUS_G(config).config_wrapper; #if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) diff --git a/src/sp_config.h b/src/sp_config.h index fd6dc15..ccf2318 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -196,6 +196,7 @@ typedef struct { sp_config_ini *config_ini; bool hook_execute; char log_media; + u_long max_execution_depth; HashTable *config_disabled_functions; HashTable *config_disabled_functions_hooked; @@ -286,6 +287,7 @@ typedef struct { #define SP_TOKEN_ENCRYPTION_KEY "secret_key" #define SP_TOKEN_ENV_VAR "cookie_env_var" #define SP_TOKEN_LOG_MEDIA "log_media" +#define SP_TOKEN_MAX_EXECUTION_DEPTH "max_execution_depth" // upload_validator #define SP_TOKEN_UPLOAD_SCRIPT "script" diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 3b6bc0b..632f9bd 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -128,6 +128,7 @@ SP_PARSE_FN(parse_global) { {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, + {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SNUFFLEUPAGUS_G(config).max_execution_depth)}, {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); diff --git a/src/sp_execute.c b/src/sp_execute.c index 8795e5f..41257ad 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -112,6 +112,15 @@ zend_string *get_eval_filename(const char *const filename) { return clean_filename; } +static inline void sp_orig_execute(zend_execute_data *execute_data) { + SNUFFLEUPAGUS_G(execution_depth)++; + if (SNUFFLEUPAGUS_G(execution_depth) > SNUFFLEUPAGUS_G(config).max_execution_depth && SNUFFLEUPAGUS_G(config).max_execution_depth > 0) { + sp_log_drop("execute", "Maximum recursion limit reached. Script terminated."); + } + orig_execute_ex(execute_data); + SNUFFLEUPAGUS_G(execution_depth)--; +} + static void sp_execute_ex(zend_execute_data *execute_data) { is_in_eval_and_whitelisted(execute_data); const HashTable *config_disabled_functions = @@ -131,7 +140,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { zend_string_release(filename); SNUFFLEUPAGUS_G(in_eval)++; - orig_execute_ex(execute_data); + sp_orig_execute(execute_data); SNUFFLEUPAGUS_G(in_eval)--; return; } @@ -150,7 +159,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { .config_disabled_functions_reg->disabled_functions; if (!function_name) { - orig_execute_ex(execute_data); + sp_orig_execute(execute_data); return; } @@ -184,7 +193,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { EX(return_value) = &ret_val; } - orig_execute_ex(execute_data); + sp_orig_execute(execute_data); should_drop_on_ret_ht( EX(return_value), function_name, @@ -197,7 +206,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { EX(return_value) = NULL; } } else { - orig_execute_ex(execute_data); + sp_orig_execute(execute_data); } } -- cgit v1.3 From 6e07cdb870513270a3c08abc7ecdca64ad2af400 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 16 Sep 2021 11:32:41 +0200 Subject: ported server.strip and server.encode features from suhosin --- src/config.m4 | 2 +- src/php_snuffleupagus.h | 1 + src/snuffleupagus.c | 2 + src/sp_config.h | 4 ++ src/sp_config_keywords.c | 2 + src/sp_ifilter.c | 103 ++++++++++++++++++++++++++++++++++++ src/sp_ifilter.h | 3 ++ src/tests/filter/config/filter.ini | 3 ++ src/tests/filter/server_encode.phpt | 25 +++++++++ src/tests/filter/server_strip.phpt | 21 ++++++++ 10 files changed, 165 insertions(+), 1 deletion(-) create mode 100644 src/sp_ifilter.c create mode 100644 src/sp_ifilter.h create mode 100644 src/tests/filter/config/filter.ini create mode 100644 src/tests/filter/server_encode.phpt create mode 100644 src/tests/filter/server_strip.phpt (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index a2301fd..ddbd7a1 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -7,7 +7,7 @@ sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c" sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c" sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c" sources="$sources sp_pcre_compat.c sp_crypt.c sp_session.c sp_sloppy.c sp_wrapper.c" -sources="$sources sp_ini.c sp_php_compat.c sp_config_scanner.c" +sources="$sources sp_ini.c sp_php_compat.c sp_config_scanner.c sp_ifilter.c" PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support, [ --enable-snuffleupagus Enable snuffleupagus support]) diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 0c7dc4b..bcb613c 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -88,6 +88,7 @@ typedef void (*zif_handler)(INTERNAL_FUNCTION_PARAMETERS); #include "sp_sloppy.h" #include "sp_wrapper.h" #include "sp_ini.h" +#include "sp_ifilter.h" extern zend_module_entry snuffleupagus_module_entry; #define phpext_snuffleupagus_ptr &snuffleupagus_module_entry diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index d2f81ff..50711f0 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -383,6 +383,8 @@ static PHP_INI_MH(OnUpdateConfiguration) { sp_hook_ini(); } + sp_hook_register_server_variables(); + if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) { zend_extension_entry.startup = NULL; diff --git a/src/sp_config.h b/src/sp_config.h index ccf2318..af9b905 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -197,6 +197,8 @@ typedef struct { bool hook_execute; char log_media; u_long max_execution_depth; + bool server_encode; + bool server_strip; HashTable *config_disabled_functions; HashTable *config_disabled_functions_hooked; @@ -288,6 +290,8 @@ typedef struct { #define SP_TOKEN_ENV_VAR "cookie_env_var" #define SP_TOKEN_LOG_MEDIA "log_media" #define SP_TOKEN_MAX_EXECUTION_DEPTH "max_execution_depth" +#define SP_TOKEN_SERVER_ENCODE "server_encode" +#define SP_TOKEN_SERVER_STRIP "server_strip" // upload_validator #define SP_TOKEN_UPLOAD_SCRIPT "script" diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 632f9bd..38b8526 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -129,6 +129,8 @@ SP_PARSE_FN(parse_global) { {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SNUFFLEUPAGUS_G(config).max_execution_depth)}, + {parse_enable, SP_TOKEN_SERVER_ENCODE, &(SNUFFLEUPAGUS_G(config).server_encode)}, + {parse_enable, SP_TOKEN_SERVER_STRIP, &(SNUFFLEUPAGUS_G(config).server_strip)}, {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); diff --git a/src/sp_ifilter.c b/src/sp_ifilter.c new file mode 100644 index 0000000..171138f --- /dev/null +++ b/src/sp_ifilter.c @@ -0,0 +1,103 @@ +#include "php_snuffleupagus.h" + +static void (*orig_register_server_variables)(zval *track_vars_array) = NULL; + +static const unsigned char sp_hexchars[] = "0123456789ABCDEF"; + +static const char sp_is_dangerous_char[256] = { + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, + 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +}; + +static void sp_server_strip(HashTable *svars, char *key, int keylen) { + zval *value = zend_hash_str_find(svars, key, keylen); + if (!value || Z_TYPE_P(value) != IS_STRING) { return; } + + zend_string *tmp_zstr = Z_STR_P(value); + char *tmp = ZSTR_VAL(tmp_zstr); + char *tmpend = tmp + ZSTR_LEN(tmp_zstr); + + for (char *p = tmp; p < tmpend; p++) { + if (sp_is_dangerous_char[(int)*p]) { + *p = '_'; + } + } +} + +static void sp_server_encode(HashTable *svars, char *key, int keylen) { + zval *value = zend_hash_str_find(svars, key, keylen); + if (!value || Z_TYPE_P(value) != IS_STRING) { return; } + + zend_string *tmp_zstr = Z_STR_P(value); + char *tmp = ZSTR_VAL(tmp_zstr); + char *tmpend = tmp + ZSTR_LEN(tmp_zstr); + int extra = 0; + + for (char *p = tmp; p < tmpend; p++) { + extra += sp_is_dangerous_char[(int)*p] * 2; + } + if (!extra) { return; } + + zend_string *new_zstr = zend_string_alloc(ZSTR_LEN(tmp_zstr) + extra, 0); + char *n = ZSTR_VAL(new_zstr); + for (char *p = tmp; p < tmpend; p++, n++) { + if (sp_is_dangerous_char[(int)*p]) { + *n++ = '%'; + *n++ = sp_hexchars[*p >> 4]; + *n = sp_hexchars[*p & 15]; + } else { + *n = *p; + } + } + ZSTR_VAL(new_zstr)[ZSTR_LEN(new_zstr)] = 0; + Z_STR_P(value) = new_zstr; + + zend_string_release_ex(tmp_zstr, 0); +} + +static void sp_register_server_variables(zval *track_vars_array) { + orig_register_server_variables(track_vars_array); + + HashTable *svars; + svars = Z_ARRVAL_P(track_vars_array); + + + if (SNUFFLEUPAGUS_G(config).server_encode) { + sp_server_encode(svars, ZEND_STRL("REQUEST_URI")); + sp_server_encode(svars, ZEND_STRL("QUERY_STRING")); + } + + if (SNUFFLEUPAGUS_G(config).server_strip) { + sp_server_strip(svars, ZEND_STRL("PHP_SELF")); + sp_server_strip(svars, ZEND_STRL("HTTP_HOST")); + sp_server_strip(svars, ZEND_STRL("HTTP_USER_AGENT")); + + // for cgi + fpm + sp_server_strip(svars, ZEND_STRL("PATH_INFO")); + sp_server_strip(svars, ZEND_STRL("PATH_TRANSLATED")); + sp_server_strip(svars, ZEND_STRL("ORIG_PATH_TRANSLATED")); + sp_server_strip(svars, ZEND_STRL("ORIG_PATH_INFO")); + } +} + +void sp_hook_register_server_variables() +{ + if (sapi_module.register_server_variables) { + orig_register_server_variables = sapi_module.register_server_variables; + sapi_module.register_server_variables = sp_register_server_variables; + } +} diff --git a/src/sp_ifilter.h b/src/sp_ifilter.h new file mode 100644 index 0000000..527c41d --- /dev/null +++ b/src/sp_ifilter.h @@ -0,0 +1,3 @@ +#pragma once + +void sp_hook_register_server_variables(); diff --git a/src/tests/filter/config/filter.ini b/src/tests/filter/config/filter.ini new file mode 100644 index 0000000..5ebee61 --- /dev/null +++ b/src/tests/filter/config/filter.ini @@ -0,0 +1,3 @@ +sp.global.server_encode.enable(); +sp.global.server_strip.enable(); + diff --git a/src/tests/filter/server_encode.phpt b/src/tests/filter/server_encode.phpt new file mode 100644 index 0000000..f7cc233 --- /dev/null +++ b/src/tests/filter/server_encode.phpt @@ -0,0 +1,25 @@ +--TEST-- +input filter: server_encode +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/filter.ini +display_errors=1 +display_startup_errors=1 +error_reporting=E_ALL +--ENV-- +return <<"'`!AAA +EOF; +--COOKIE-- +--GET-- +BBB<>"'`!BBB +--POST-- +--FILE-- + +--INI-- +sp.configuration_file={PWD}/config/filter.ini +display_errors=1 +display_startup_errors=1 +error_reporting=E_ALL +--ENV-- +return <<alert('123');Gecko/20100101 Firefox/29.0 +EOF; +--COOKIE-- +--GET-- +--POST-- +--FILE-- +encrypt) { + if (SNUFFLEUPAGUS_G(config).config_session->encrypt || SNUFFLEUPAGUS_G(config).config_session->sid_min_length || SNUFFLEUPAGUS_G(config).config_session->sid_max_length) { hook_session(); } diff --git a/src/sp_config.h b/src/sp_config.h index af9b905..df36976 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -81,6 +81,8 @@ typedef struct { typedef struct { bool encrypt; bool simulation; + u_long sid_min_length; + u_long sid_max_length; } sp_config_session; typedef struct { @@ -292,6 +294,8 @@ typedef struct { #define SP_TOKEN_MAX_EXECUTION_DEPTH "max_execution_depth" #define SP_TOKEN_SERVER_ENCODE "server_encode" #define SP_TOKEN_SERVER_STRIP "server_strip" +#define SP_TOKEN_SID_MIN_LENGTH "sid_min_length" +#define SP_TOKEN_SID_MAX_LENGTH "sid_max_length" // upload_validator #define SP_TOKEN_UPLOAD_SCRIPT "script" diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 38b8526..bd8a9a1 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -33,6 +33,8 @@ SP_PARSE_FN(parse_session) { {parse_empty, SP_TOKEN_ENCRYPT, &(cfg->encrypt)}, {parse_empty, SP_TOKEN_SIMULATION, &(cfg->simulation)}, {parse_empty, SP_TOKEN_SIM, &(cfg->simulation)}, + {parse_ulong, SP_TOKEN_SID_MIN_LENGTH, &(cfg->sid_min_length)}, + {parse_ulong, SP_TOKEN_SID_MAX_LENGTH, &(cfg->sid_max_length)}, {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); diff --git a/src/sp_session.c b/src/sp_session.c index 7fa4937..64233d1 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -24,21 +24,35 @@ static int (*old_s_write)(PS_WRITE_ARGS); static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL; static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; +static void check_sid_length(zend_string *sid) { + const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; + + if (sid) { + if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) { + sp_log_auto("session", cfg->simulation, "Session ID is too short"); + } + if (cfg->sid_max_length && ZSTR_LEN(sid) > cfg->sid_max_length) { + sp_log_auto("session", cfg->simulation, "Session ID is too long"); + } + } +} + static int sp_hook_s_read(PS_READ_ARGS) { + const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; + check_sid_length(key); + int r = old_s_read(mod_data, key, val, maxlifetime); - const sp_config_session *config_session = - SNUFFLEUPAGUS_G(config).config_session; if ((NULL == val) || (NULL == *val) || (0 == ZSTR_LEN(*val))) { return r; } - if (r == SUCCESS && config_session->encrypt) { + if (r == SUCCESS && cfg->encrypt) { zend_string *orig_val = *val; zval val_zval; ZVAL_PSTRINGL(&val_zval, ZSTR_VAL(*val), ZSTR_LEN(*val)); - int ret = decrypt_zval(&val_zval, config_session->simulation, NULL); + int ret = decrypt_zval(&val_zval, cfg->simulation, NULL); if (ZEND_HASH_APPLY_KEEP != ret) { zend_bailout(); } @@ -51,7 +65,10 @@ static int sp_hook_s_read(PS_READ_ARGS) { } static int sp_hook_s_write(PS_WRITE_ARGS) { - if (ZSTR_LEN(val) > 0 && SNUFFLEUPAGUS_G(config).config_session->encrypt) { + const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; + check_sid_length(key); + + if (ZSTR_LEN(val) > 0 && cfg->encrypt) { zend_string *new_val = encrypt_zval(val); return old_s_write(mod_data, key, new_val, maxlifetime); } diff --git a/src/tests/sid_too_long.phpt b/src/tests/sid_too_long.phpt new file mode 100644 index 0000000..235b166 --- /dev/null +++ b/src/tests/sid_too_long.phpt @@ -0,0 +1,16 @@ +--TEST-- +SESSION ID too long +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sid_length_limit.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long in %a.php on line %d + +Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too long in Unknown on line 0 \ No newline at end of file diff --git a/src/tests/sid_too_short.phpt b/src/tests/sid_too_short.phpt new file mode 100644 index 0000000..0d9d514 --- /dev/null +++ b/src/tests/sid_too_short.phpt @@ -0,0 +1,16 @@ +--TEST-- +SESSION ID too short +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/sid_length_limit.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short in %a.php on line %d + +Fatal error: [snuffleupagus][0.0.0.0][session][drop] Session ID is too short in Unknown on line 0 \ No newline at end of file -- cgit v1.3 From 887e1c9d44fbcf5f23a928269034593b8521aaba Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 23 Sep 2021 10:40:01 +0200 Subject: comments on lookup table --- src/sp_ifilter.c | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/sp_ifilter.c b/src/sp_ifilter.c index 171138f..a475c1e 100644 --- a/src/sp_ifilter.c +++ b/src/sp_ifilter.c @@ -5,22 +5,23 @@ static void (*orig_register_server_variables)(zval *track_vars_array) = NULL; static const unsigned char sp_hexchars[] = "0123456789ABCDEF"; static const char sp_is_dangerous_char[256] = { - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, - 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 +/* |-> 0 1 2 3 4 5 6 7 8 9 a b c d e f */ +/* 0x00 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 0, 1, 0, 0, +/* 0x10 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x20 */ 0, 0, 1, 0, 0, 0, 0, 1, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x30 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 1, 0, 1, 0, +/* 0x40 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x50 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x60 */ 1, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x70 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x80 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0x90 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0xa0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0xb0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0xc0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0xd0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0xe0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, +/* 0xf0 */ 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0, 0 }; static void sp_server_strip(HashTable *svars, char *key, int keylen) { -- cgit v1.3 From 54c352c1b5aa08b187dd1e52e544709cad2b0fee Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 23 Sep 2021 12:23:40 +0200 Subject: config is stack allocated now + some code improvements (see details) * for easier memory manegement, the entire sp_config struct was merged into snuffleupagus_globals and allocated on stack where possible * SNUFFLEUPAGUS_G() can be written as SPG(), which is faster to type and easier to read * execution_depth is re-initialized to 0 for each request * function calls with inline string and length parameters consistently use ZEND_STRL instead of sizeof()-1 * execution is actually hooked if recursion protection is enabled * some line breaks were removed to make the code more readable --- src/php_snuffleupagus.h | 41 ++++++++- src/snuffleupagus.c | 201 +++++++++++++++++--------------------------- src/sp_config.c | 30 +++---- src/sp_config.h | 34 -------- src/sp_config_keywords.c | 38 ++++----- src/sp_cookie_encryption.c | 6 +- src/sp_crypt.c | 9 +- src/sp_disabled_functions.c | 46 +++------- src/sp_execute.c | 64 +++++--------- src/sp_harden_rand.c | 6 +- src/sp_ifilter.c | 4 +- src/sp_ini.c | 6 +- src/sp_session.c | 6 +- src/sp_sloppy.c | 2 +- src/sp_unserialize.c | 23 ++--- src/sp_upload_validation.c | 12 +-- src/sp_utils.c | 18 ++-- src/sp_utils.h | 4 +- src/sp_wrapper.c | 9 +- 19 files changed, 228 insertions(+), 331 deletions(-) (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index bcb613c..308031b 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -106,11 +106,44 @@ extern zend_module_entry snuffleupagus_module_entry; #endif ZEND_BEGIN_MODULE_GLOBALS(snuffleupagus) -size_t in_eval; -sp_config config; +// sp_config config; +// --- snuffleupagus config +sp_config_random config_random; +sp_config_sloppy config_sloppy; +sp_config_unserialize config_unserialize; +sp_config_readonly_exec config_readonly_exec; +sp_config_upload_validation config_upload_validation; +sp_config_cookie config_cookie; +sp_config_auto_cookie_secure config_auto_cookie_secure; +sp_config_global_strict config_global_strict; +sp_config_disable_xxe config_disable_xxe; +sp_config_eval config_eval; +sp_config_wrapper config_wrapper; +sp_config_session config_session; +sp_config_ini config_ini; +char config_log_media; +u_long config_max_execution_depth; +bool config_server_encode; +bool config_server_strip; +zend_string *config_encryption_key; +zend_string *config_cookies_env_var; + +HashTable *config_disabled_functions; +HashTable *config_disabled_functions_hooked; +HashTable *config_disabled_functions_ret; +HashTable *config_disabled_functions_ret_hooked; +sp_config_disabled_functions config_disabled_functions_reg; +sp_config_disabled_functions config_disabled_functions_reg_ret; + +bool hook_execute; + +// --- ini options +bool allow_broken_configuration; + +// --- runtime/state variables int is_config_valid; // 1 = valid, 0 = invalid, -1 = none +size_t in_eval; u_long execution_depth; -bool allow_broken_configuration; HashTable *disabled_functions_hook; HashTable *sp_internal_functions_hook; HashTable *sp_eval_blacklist_functions_hook; @@ -118,6 +151,8 @@ ZEND_END_MODULE_GLOBALS(snuffleupagus) ZEND_EXTERN_MODULE_GLOBALS(snuffleupagus) #define SNUFFLEUPAGUS_G(v) ZEND_MODULE_GLOBALS_ACCESSOR(snuffleupagus, v) +#define SPG(v) SNUFFLEUPAGUS_G(v) +#define SPCFG(v) SPG(config_##v) #if defined(ZTS) && defined(COMPILE_DL_SNUFFLEUPAGUS) ZEND_TSRMLS_CACHE_EXTERN() diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 84ab171..6fd6f25 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -30,7 +30,7 @@ static inline void sp_op_array_handler(zend_op_array *const op) { if (NULL == op->filename || op->fn_flags & ZEND_ACC_STRICT_TYPES) { return; } else { - if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { + if (SPCFG(global_strict).enable) { op->fn_flags |= ZEND_ACC_STRICT_TYPES; } } @@ -41,16 +41,15 @@ ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) static PHP_INI_MH(StrictMode) { TSRMLS_FETCH(); - SNUFFLEUPAGUS_G(allow_broken_configuration) = false; + SPG(allow_broken_configuration) = false; if (new_value && zend_string_equals_literal(new_value, "1")) { - SNUFFLEUPAGUS_G(allow_broken_configuration) = true; + SPG(allow_broken_configuration) = true; } return SUCCESS; } PHP_INI_BEGIN() -PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, - OnUpdateConfiguration) +PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, OnUpdateConfiguration) PHP_INI_ENTRY("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, StrictMode) PHP_INI_END() @@ -106,47 +105,28 @@ static PHP_GINIT_FUNCTION(snuffleupagus) { snuffleupagus_globals->is_config_valid = SP_CONFIG_NONE; snuffleupagus_globals->in_eval = 0; -#define SP_INIT(F) \ - snuffleupagus_globals->config.F = \ - pecalloc(sizeof(*(snuffleupagus_globals->config.F)), 1, 1); - SP_INIT(config_random); - SP_INIT(config_sloppy); - SP_INIT(config_unserialize); - SP_INIT(config_readonly_exec); - SP_INIT(config_upload_validation); - SP_INIT(config_cookie); - SP_INIT(config_snuffleupagus); - SP_INIT(config_auto_cookie_secure); - SP_INIT(config_global_strict); - SP_INIT(config_disable_xxe); - SP_INIT(config_eval); - SP_INIT(config_wrapper); - SP_INIT(config_session); - SP_INIT(config_ini); - SP_INIT(config_disabled_functions_reg); - SP_INIT(config_disabled_functions_reg_ret); -#undef SP_INIT - #define SP_INIT_HT(F) \ snuffleupagus_globals->F = pemalloc(sizeof(*(snuffleupagus_globals->F)), 1); \ - zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); + zend_hash_init(snuffleupagus_globals->F, 10, NULL, NULL, 1); SP_INIT_HT(disabled_functions_hook); SP_INIT_HT(sp_internal_functions_hook); SP_INIT_HT(sp_eval_blacklist_functions_hook); - SP_INIT_HT(config.config_disabled_functions); - SP_INIT_HT(config.config_disabled_functions_hooked); - SP_INIT_HT(config.config_disabled_functions_ret); - SP_INIT_HT(config.config_disabled_functions_ret_hooked); - SP_INIT_HT(config.config_ini->entries); + SP_INIT_HT(config_disabled_functions); + SP_INIT_HT(config_disabled_functions_hooked); + SP_INIT_HT(config_disabled_functions_ret); + SP_INIT_HT(config_disabled_functions_ret_hooked); + SP_INIT_HT(config_ini.entries); #undef SP_INIT_HT -#define SP_INIT_NULL(F) snuffleupagus_globals->config.F = NULL; - SP_INIT_NULL(config_disabled_functions_reg->disabled_functions); - SP_INIT_NULL(config_disabled_functions_reg_ret->disabled_functions); - SP_INIT_NULL(config_cookie->cookies); - SP_INIT_NULL(config_eval->blacklist); - SP_INIT_NULL(config_eval->whitelist); - SP_INIT_NULL(config_wrapper->whitelist); +#define SP_INIT_NULL(F) snuffleupagus_globals->F = NULL; + SP_INIT_NULL(config_encryption_key); + SP_INIT_NULL(config_cookies_env_var); + SP_INIT_NULL(config_disabled_functions_reg.disabled_functions); + SP_INIT_NULL(config_disabled_functions_reg_ret.disabled_functions); + SP_INIT_NULL(config_cookie.cookies); + SP_INIT_NULL(config_eval.blacklist); + SP_INIT_NULL(config_eval.whitelist); + SP_INIT_NULL(config_wrapper.whitelist); #undef SP_INIT_NULL } @@ -159,10 +139,10 @@ PHP_MINIT_FUNCTION(snuffleupagus) { PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { sp_log_debug("(MSHUTDOWN)"); - unhook_functions(SNUFFLEUPAGUS_G(sp_internal_functions_hook)); - unhook_functions(SNUFFLEUPAGUS_G(disabled_functions_hook)); - unhook_functions(SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook)); - if (SNUFFLEUPAGUS_G(config).config_ini->enable) { sp_unhook_ini(); } + unhook_functions(SPG(sp_internal_functions_hook)); + unhook_functions(SPG(disabled_functions_hook)); + unhook_functions(SPG(sp_eval_blacklist_functions_hook)); + if (SPCFG(ini).enable) { sp_unhook_ini(); } UNREGISTER_INI_ENTRIES(); return SUCCESS; @@ -189,57 +169,37 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { FREE_HT(sp_eval_blacklist_functions_hook); #define FREE_HT_LIST(F) \ - free_disabled_functions_hashtable(snuffleupagus_globals->config.F); \ - FREE_HT(config.F); + free_disabled_functions_hashtable(snuffleupagus_globals->F); \ + FREE_HT(F); FREE_HT_LIST(config_disabled_functions); FREE_HT_LIST(config_disabled_functions_hooked); FREE_HT_LIST(config_disabled_functions_ret); FREE_HT_LIST(config_disabled_functions_ret_hooked); #undef FREE_HT_LIST - free_config_ini_entries(snuffleupagus_globals->config.config_ini->entries); - FREE_HT(config.config_ini->entries); + free_config_ini_entries(snuffleupagus_globals->config_ini.entries); + FREE_HT(config_ini.entries); #undef FREE_HT -#define FREE_LST_DISABLE(L) \ - sp_list_free(snuffleupagus_globals->config.L, sp_free_disabled_function); - FREE_LST_DISABLE(config_disabled_functions_reg->disabled_functions); - FREE_LST_DISABLE(config_disabled_functions_reg_ret->disabled_functions); -#undef FREE_LST_DISABLE - - sp_list_free(snuffleupagus_globals->config.config_cookie->cookies, sp_free_cookie); + sp_list_free(snuffleupagus_globals->config_disabled_functions_reg.disabled_functions, sp_free_disabled_function); + sp_list_free(snuffleupagus_globals->config_disabled_functions_reg_ret.disabled_functions, sp_free_disabled_function); + sp_list_free(snuffleupagus_globals->config_cookie.cookies, sp_free_cookie); -#define FREE_LST(L) sp_list_free(snuffleupagus_globals->config.L, sp_free_zstr); - FREE_LST(config_eval->blacklist); - FREE_LST(config_eval->whitelist); - FREE_LST(config_wrapper->whitelist); +#define FREE_LST(L) sp_list_free(snuffleupagus_globals->L, sp_free_zstr); + FREE_LST(config_eval.blacklist); + FREE_LST(config_eval.whitelist); + FREE_LST(config_wrapper.whitelist); #undef FREE_LST -#define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1); -#define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->config.C); - FREE_CFG(config_random); - FREE_CFG(config_sloppy); - FREE_CFG_ZSTR(config_unserialize->dump); - FREE_CFG_ZSTR(config_unserialize->textual_representation); - FREE_CFG(config_unserialize); - FREE_CFG(config_readonly_exec); - FREE_CFG_ZSTR(config_upload_validation->script); - FREE_CFG(config_upload_validation); - FREE_CFG(config_cookie); - FREE_CFG(config_snuffleupagus); - FREE_CFG(config_auto_cookie_secure); - FREE_CFG(config_global_strict); - FREE_CFG(config_disable_xxe); - FREE_CFG_ZSTR(config_eval->dump); - FREE_CFG_ZSTR(config_eval->textual_representation); - FREE_CFG(config_eval); - FREE_CFG(config_wrapper); - FREE_CFG(config_session); - FREE_CFG(config_ini); - FREE_CFG(config_disabled_functions_reg); - FREE_CFG(config_disabled_functions_reg_ret); -#undef FREE_CFG +// #define FREE_CFG(C) pefree(snuffleupagus_globals->config.C, 1); +#define FREE_CFG_ZSTR(C) sp_free_zstr(snuffleupagus_globals->C); + FREE_CFG_ZSTR(config_unserialize.dump); + FREE_CFG_ZSTR(config_unserialize.textual_representation); + FREE_CFG_ZSTR(config_upload_validation.script); + FREE_CFG_ZSTR(config_eval.dump); + FREE_CFG_ZSTR(config_eval.textual_representation); +// #undef FREE_CFG #undef FREE_CFG_ZSTR #ifdef SP_DEBUG_STDERR @@ -251,35 +211,32 @@ static PHP_GSHUTDOWN_FUNCTION(snuffleupagus) { } PHP_RINIT_FUNCTION(snuffleupagus) { - SNUFFLEUPAGUS_G(execution_depth) = 0; + SPG(execution_depth) = 0; + SPG(in_eval) = 0; - const sp_config_wrapper *const config_wrapper = - SNUFFLEUPAGUS_G(config).config_wrapper; + const sp_config_wrapper *const config_wrapper = &(SPCFG(wrapper)); #if defined(COMPILE_DL_SNUFFLEUPAGUS) && defined(ZTS) ZEND_TSRMLS_CACHE_UPDATE(); #endif - if (!SNUFFLEUPAGUS_G(allow_broken_configuration)) { - if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_INVALID) { + if (!SPG(allow_broken_configuration)) { + if (SPG(is_config_valid) == SP_CONFIG_INVALID) { sp_log_err("config", "Invalid configuration file"); - } else if (SNUFFLEUPAGUS_G(is_config_valid) == SP_CONFIG_NONE) { + } else if (SPG(is_config_valid) == SP_CONFIG_NONE) { sp_log_warn("config", "No configuration specificed via sp.configuration_file"); } } - // We need to disable wrappers loaded by extensions loaded after - // SNUFFLEUPAGUS. + // We need to disable wrappers loaded by extensions loaded after SNUFFLEUPAGUS. if (config_wrapper->enabled && - zend_hash_num_elements(php_stream_get_url_stream_wrappers_hash()) != - config_wrapper->num_wrapper) { + zend_hash_num_elements(php_stream_get_url_stream_wrappers_hash()) != config_wrapper->num_wrapper) { sp_disable_wrapper(); } - if (NULL != SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { - if (NULL != SNUFFLEUPAGUS_G(config).config_cookie->cookies) { - zend_hash_apply_with_arguments( - Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]), decrypt_cookie, 0); + if (NULL != SPCFG(encryption_key)) { + if (NULL != SPCFG(cookie).cookies) { + zend_hash_apply_with_arguments(Z_ARRVAL(PG(http_globals)[TRACK_VARS_COOKIE]), decrypt_cookie, 0); } } return SUCCESS; @@ -289,7 +246,7 @@ PHP_RSHUTDOWN_FUNCTION(snuffleupagus) { return SUCCESS; } PHP_MINFO_FUNCTION(snuffleupagus) { const char *valid_config; - switch (SNUFFLEUPAGUS_G(is_config_valid)) { + switch (SPG(is_config_valid)) { case SP_CONFIG_VALID: valid_config = "yes"; break; @@ -303,7 +260,7 @@ PHP_MINFO_FUNCTION(snuffleupagus) { php_info_print_table_start(); php_info_print_table_row( 2, "snuffleupagus support", - SNUFFLEUPAGUS_G(is_config_valid) ? "enabled" : "disabled"); + SPG(is_config_valid) ? "enabled" : "disabled"); php_info_print_table_row(2, "Version", PHP_SNUFFLEUPAGUS_VERSION "-sng (with Suhosin-NG patches)"); php_info_print_table_row(2, "Valid config", valid_config); php_info_print_table_end(); @@ -328,14 +285,14 @@ static PHP_INI_MH(OnUpdateConfiguration) { glob_t globbuf; if (0 != glob(config_file, GLOB_NOCHECK, NULL, &globbuf)) { - SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_INVALID; + SPG(is_config_valid) = SP_CONFIG_INVALID; globfree(&globbuf); return FAILURE; } for (size_t i = 0; globbuf.gl_pathv[i]; i++) { if (sp_parse_config(globbuf.gl_pathv[i]) != SUCCESS) { - SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_INVALID; + SPG(is_config_valid) = SP_CONFIG_INVALID; globfree(&globbuf); return FAILURE; } @@ -343,34 +300,34 @@ static PHP_INI_MH(OnUpdateConfiguration) { globfree(&globbuf); } - SNUFFLEUPAGUS_G(is_config_valid) = SP_CONFIG_VALID; + SPG(is_config_valid) = SP_CONFIG_VALID; - if ((SNUFFLEUPAGUS_G(config).config_sloppy->enable)) { + if (SPCFG(sloppy).enable) { hook_sloppy(); } - if (SNUFFLEUPAGUS_G(config).config_random->enable) { + if (SPCFG(random).enable) { hook_rand(); } - if (SNUFFLEUPAGUS_G(config).config_upload_validation->enable) { + if (SPCFG(upload_validation).enable) { hook_upload(); } - if (SNUFFLEUPAGUS_G(config).config_disable_xxe->enable == 0) { + if (SPCFG(disable_xxe).enable == 0) { hook_libxml_disable_entity_loader(); } - if (SNUFFLEUPAGUS_G(config).config_wrapper->enabled) { + if (SPCFG(wrapper).enabled) { hook_stream_wrappers(); } - if (SNUFFLEUPAGUS_G(config).config_session->encrypt || SNUFFLEUPAGUS_G(config).config_session->sid_min_length || SNUFFLEUPAGUS_G(config).config_session->sid_max_length) { + if (SPCFG(session).encrypt || SPCFG(session).sid_min_length || SPCFG(session).sid_max_length) { hook_session(); } - if (NULL != SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { - if (SNUFFLEUPAGUS_G(config).config_unserialize->enable) { + if (NULL != SPCFG(encryption_key)) { + if (SPCFG(unserialize).enable) { hook_serialize(); } } @@ -379,13 +336,13 @@ static PHP_INI_MH(OnUpdateConfiguration) { hook_execute(); hook_cookies(); - if (SNUFFLEUPAGUS_G(config).config_ini->enable) { + if (SPCFG(ini).enable) { sp_hook_ini(); } sp_hook_register_server_variables(); - if (true == SNUFFLEUPAGUS_G(config).config_global_strict->enable) { + if (SPCFG(global_strict).enable) { if (!zend_get_extension(PHP_SNUFFLEUPAGUS_EXTNAME)) { zend_extension_entry.startup = NULL; zend_register_extension(&zend_extension_entry, NULL); @@ -395,26 +352,18 @@ static PHP_INI_MH(OnUpdateConfiguration) { } // If `zend_write_default` is not NULL it is already hooked. - if ((zend_hash_str_find( - SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked, "echo", - sizeof("echo") - 1) || - zend_hash_str_find( - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, "echo", - sizeof("echo") - 1)) && + if ((zend_hash_str_find(SPCFG(disabled_functions_hooked), ZEND_STRL("echo")) || + zend_hash_str_find(SPCFG(disabled_functions_ret_hooked), ZEND_STRL("echo"))) && NULL == zend_write_default && zend_write != hook_echo) { zend_write_default = zend_write; zend_write = hook_echo; } - SNUFFLEUPAGUS_G(config).hook_execute = - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg->disabled_functions || - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions || - zend_hash_num_elements( - SNUFFLEUPAGUS_G(config).config_disabled_functions) || - zend_hash_num_elements( - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret); + SPG(hook_execute) = SPCFG(max_execution_depth) > 0 || + SPCFG(disabled_functions_reg).disabled_functions || + SPCFG(disabled_functions_reg_ret).disabled_functions || + (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions))) || + (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions_ret))); return SUCCESS; } diff --git a/src/sp_config.c b/src/sp_config.c index 4d96bbe..ec6c5a8 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -7,24 +7,24 @@ static zend_result sp_process_config_root(sp_parsed_keyword *parsed_rule) { sp_config_keyword sp_func[] = { - {parse_unserialize, SP_TOKEN_UNSERIALIZE_HMAC, SNUFFLEUPAGUS_G(config).config_unserialize}, - {parse_enable, SP_TOKEN_HARDEN_RANDOM, &(SNUFFLEUPAGUS_G(config).config_random->enable)}, - {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, + {parse_unserialize, SP_TOKEN_UNSERIALIZE_HMAC, &(SPCFG(unserialize))}, + {parse_enable, SP_TOKEN_HARDEN_RANDOM, &(SPCFG(random).enable)}, + {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SPCFG(log_media))}, {parse_disabled_functions, SP_TOKEN_DISABLE_FUNC, NULL}, - {parse_readonly_exec, SP_TOKEN_READONLY_EXEC, SNUFFLEUPAGUS_G(config).config_readonly_exec}, - {parse_enable, SP_TOKEN_GLOBAL_STRICT, &(SNUFFLEUPAGUS_G(config).config_global_strict->enable)}, - {parse_upload_validation, SP_TOKEN_UPLOAD_VALIDATION, SNUFFLEUPAGUS_G(config).config_upload_validation}, + {parse_readonly_exec, SP_TOKEN_READONLY_EXEC, &(SPCFG(readonly_exec))}, + {parse_enable, SP_TOKEN_GLOBAL_STRICT, &(SPCFG(global_strict).enable)}, + {parse_upload_validation, SP_TOKEN_UPLOAD_VALIDATION, &(SPCFG(upload_validation))}, {parse_cookie, SP_TOKEN_COOKIE_ENCRYPTION, NULL}, {parse_global, SP_TOKEN_GLOBAL, NULL}, - {parse_enable, SP_TOKEN_AUTO_COOKIE_SECURE, &(SNUFFLEUPAGUS_G(config).config_auto_cookie_secure->enable)}, - {parse_enable, SP_TOKEN_DISABLE_XXE, &(SNUFFLEUPAGUS_G(config).config_disable_xxe->enable)}, - {parse_eval_filter_conf, SP_TOKEN_EVAL_BLACKLIST, &(SNUFFLEUPAGUS_G(config).config_eval->blacklist)}, - {parse_eval_filter_conf, SP_TOKEN_EVAL_WHITELIST, &(SNUFFLEUPAGUS_G(config).config_eval->whitelist)}, - {parse_session, SP_TOKEN_SESSION_ENCRYPTION, SNUFFLEUPAGUS_G(config).config_session}, - {parse_enable, SP_TOKEN_SLOPPY_COMPARISON, &(SNUFFLEUPAGUS_G(config).config_sloppy->enable)}, - {parse_wrapper_whitelist, SP_TOKEN_ALLOW_WRAPPERS, SNUFFLEUPAGUS_G(config).config_wrapper}, - {parse_ini_protection, SP_TOKEN_INI_PROTECTION, SNUFFLEUPAGUS_G(config).config_ini}, - {parse_ini_entry, SP_TOKEN_INI, SNUFFLEUPAGUS_G(config).config_unserialize}, + {parse_enable, SP_TOKEN_AUTO_COOKIE_SECURE, &(SPCFG(auto_cookie_secure).enable)}, + {parse_enable, SP_TOKEN_DISABLE_XXE, &(SPCFG(disable_xxe).enable)}, + {parse_eval_filter_conf, SP_TOKEN_EVAL_BLACKLIST, &(SPCFG(eval).blacklist)}, + {parse_eval_filter_conf, SP_TOKEN_EVAL_WHITELIST, &(SPCFG(eval).whitelist)}, + {parse_session, SP_TOKEN_SESSION_ENCRYPTION, &(SPCFG(session))}, + {parse_enable, SP_TOKEN_SLOPPY_COMPARISON, &(SPCFG(sloppy).enable)}, + {parse_wrapper_whitelist, SP_TOKEN_ALLOW_WRAPPERS, &(SPCFG(wrapper))}, + {parse_ini_protection, SP_TOKEN_INI_PROTECTION, &(SPCFG(ini))}, + {parse_ini_entry, SP_TOKEN_INI, NULL}, {NULL, NULL, NULL}}; return sp_process_rule(parsed_rule, sp_func); } diff --git a/src/sp_config.h b/src/sp_config.h index df36976..262050b 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -32,11 +32,6 @@ typedef struct { uint8_t mask; } sp_cidr; -typedef struct { - zend_string *encryption_key; - zend_string *cookies_env_var; -} sp_config_global; - typedef struct { bool enable; bool simulation; @@ -181,35 +176,6 @@ typedef struct { HashTable *entries; // ht of sp_ini_entry } sp_config_ini; -typedef struct { - sp_config_random *config_random; - sp_config_sloppy *config_sloppy; - sp_config_unserialize *config_unserialize; - sp_config_readonly_exec *config_readonly_exec; - sp_config_upload_validation *config_upload_validation; - sp_config_cookie *config_cookie; - sp_config_global *config_snuffleupagus; - sp_config_auto_cookie_secure *config_auto_cookie_secure; - sp_config_global_strict *config_global_strict; - sp_config_disable_xxe *config_disable_xxe; - sp_config_eval *config_eval; - sp_config_wrapper *config_wrapper; - sp_config_session *config_session; - sp_config_ini *config_ini; - bool hook_execute; - char log_media; - u_long max_execution_depth; - bool server_encode; - bool server_strip; - - HashTable *config_disabled_functions; - HashTable *config_disabled_functions_hooked; - HashTable *config_disabled_functions_ret; - HashTable *config_disabled_functions_ret_hooked; - sp_config_disabled_functions *config_disabled_functions_reg; - sp_config_disabled_functions *config_disabled_functions_reg_ret; -} sp_config; - #define SP_PARSE_FN_(fname, kwvar) int fname(char *token, sp_parsed_keyword *kwvar, void *retval) #define SP_PARSE_FN(fname) SP_PARSE_FN_(fname, parsed_rule) #define SP_PARSEKW_FN(fname) SP_PARSE_FN_(fname, kw) diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index bd8a9a1..f6af86b 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -49,12 +49,12 @@ SP_PARSE_FN(parse_session) { #endif if (cfg->encrypt) { - if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { + if (!SPCFG(cookies_env_var)) { sp_log_err("config", "You're trying to use the session cookie encryption feature " "on line %zu without having set the `.cookie_env_var` option in " "`sp.global`: please set it first", parsed_rule->lineno); return SP_PARSER_ERROR; - } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { + } else if (!SPCFG(encryption_key)) { sp_log_err("config", "You're trying to use the session cookie encryption feature " "on line %zu without having set the `.secret_key` option in " "`sp.global`: please set it first", parsed_rule->lineno); @@ -127,12 +127,12 @@ SP_PARSE_FN(parse_readonly_exec) { SP_PARSE_FN(parse_global) { sp_config_keyword config_keywords[] = { - {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)}, - {parse_str, SP_TOKEN_ENV_VAR, &(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)}, - {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SNUFFLEUPAGUS_G(config).log_media)}, - {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SNUFFLEUPAGUS_G(config).max_execution_depth)}, - {parse_enable, SP_TOKEN_SERVER_ENCODE, &(SNUFFLEUPAGUS_G(config).server_encode)}, - {parse_enable, SP_TOKEN_SERVER_STRIP, &(SNUFFLEUPAGUS_G(config).server_strip)}, + {parse_str, SP_TOKEN_ENCRYPTION_KEY, &(SPCFG(encryption_key))}, + {parse_str, SP_TOKEN_ENV_VAR, &(SPCFG(cookies_env_var))}, + {parse_log_media, SP_TOKEN_LOG_MEDIA, &(SPCFG(log_media))}, + {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SPCFG(max_execution_depth))}, + {parse_enable, SP_TOKEN_SERVER_ENCODE, &(SPCFG(server_encode))}, + {parse_enable, SP_TOKEN_SERVER_STRIP, &(SPCFG(server_strip))}, {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); @@ -140,7 +140,7 @@ SP_PARSE_FN(parse_global) { } SP_PARSE_FN(parse_eval_filter_conf) { - sp_config_eval *cfg = SNUFFLEUPAGUS_G(config).config_eval; + sp_config_eval *cfg = &(SPCFG(eval)); sp_config_keyword config_keywords[] = { {parse_list, SP_TOKEN_LIST, retval}, @@ -186,11 +186,11 @@ SP_PARSE_FN(parse_cookie) { SP_PROCESS_CONFIG_KEYWORDS(goto err); if (cookie->encrypt) { - if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var) { + if (!SPCFG(cookies_env_var)) { sp_log_err("config", "You're trying to use the cookie encryption feature on line %zu " "without having set the `." SP_TOKEN_ENV_VAR "` option in `sp.global`: please set it first", parsed_rule->lineno); goto err; - } else if (!SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key) { + } else if (!SPCFG(encryption_key)) { sp_log_err("config", "You're trying to use the cookie encryption feature " "on line %zu without having set the `." SP_TOKEN_ENCRYPTION_KEY "` option in " "`sp." SP_TOKEN_GLOBAL "`: please set it first", parsed_rule->lineno); @@ -220,7 +220,7 @@ SP_PARSE_FN(parse_cookie) { } } - SNUFFLEUPAGUS_G(config).config_cookie->cookies = sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, cookie); + SPCFG(cookie).cookies = sp_list_insert(SPCFG(cookie).cookies, cookie); return SP_PARSER_STOP; @@ -316,7 +316,7 @@ SP_PARSE_FN(parse_disabled_functions) { goto out; } if (df->filename && (*ZSTR_VAL(df->filename) != '/') && - (0 != strncmp(ZSTR_VAL(df->filename), "phar://", strlen("phar://")))) { + (0 != strncmp(ZSTR_VAL(df->filename), ZEND_STRL("phar://")))) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line %zu", parsed_rule->lineno); goto out; } @@ -365,20 +365,20 @@ SP_PARSE_FN(parse_disabled_functions) { if (df->function && zend_string_equals_literal(df->function, "print")) { zend_string_release(df->function); - df->function = zend_string_init("echo", sizeof("echo") - 1, 1); + df->function = zend_string_init(ZEND_STRL("echo"), 1); } if (df->function && !df->functions_list) { if (df->ret || df->r_ret || df->ret_type) { - add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, df); + add_df_to_hashtable(SPCFG(disabled_functions_ret), df); } else { - add_df_to_hashtable(SNUFFLEUPAGUS_G(config).config_disabled_functions, df); + add_df_to_hashtable(SPCFG(disabled_functions), df); } } else { if (df->ret || df->r_ret || df->ret_type) { - SNUFFLEUPAGUS_G(config).config_disabled_functions_reg_ret->disabled_functions = sp_list_insert(SNUFFLEUPAGUS_G(config).config_disabled_functions_reg_ret->disabled_functions, df); + SPCFG(disabled_functions_reg_ret).disabled_functions = sp_list_insert(SPCFG(disabled_functions_reg_ret).disabled_functions, df); } else { - SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions = sp_list_insert(SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions, df); + SPCFG(disabled_functions_reg).disabled_functions = sp_list_insert(SPCFG(disabled_functions_reg).disabled_functions, df); } } return SP_PARSER_STOP; @@ -493,7 +493,7 @@ SP_PARSE_FN(parse_ini_entry) { } entry->access = ro - rw; - zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_ini->entries, entry->key, entry); + zend_hash_add_ptr(SPCFG(ini).entries, entry->key, entry); return SP_PARSER_STOP; err: diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 7bcedd2..b2cff66 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -1,7 +1,7 @@ #include "php_snuffleupagus.h" static inline const sp_cookie *sp_lookup_cookie_config(const zend_string *key) { - const sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies; + const sp_list_node *it = SPCFG(cookie).cookies; while (it) { const sp_cookie *config = it->data; @@ -133,11 +133,11 @@ PHP_FUNCTION(sp_setcookie) { } /* If the request was issued over HTTPS, the cookie should be "secure" */ - if (SNUFFLEUPAGUS_G(config).config_auto_cookie_secure) { + if (SPCFG(auto_cookie_secure).enable) { const zval server_vars = PG(http_globals)[TRACK_VARS_SERVER]; if (Z_TYPE(server_vars) == IS_ARRAY) { const zval *is_https = - zend_hash_str_find(Z_ARRVAL(server_vars), "HTTPS", strlen("HTTPS")); + zend_hash_str_find(Z_ARRVAL(server_vars), ZEND_STRL("HTTPS")); if (NULL != is_https) { secure = 1; } diff --git a/src/sp_crypt.c b/src/sp_crypt.c index ff8f65e..c1d9403 100644 --- a/src/sp_crypt.c +++ b/src/sp_crypt.c @@ -3,13 +3,10 @@ void generate_key(unsigned char *key) { PHP_SHA256_CTX ctx; const char *user_agent = getenv("HTTP_USER_AGENT"); - const zend_string *env_var_zend = - SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var; - const zend_string *encryption_key_zend = - SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; + const zend_string *env_var_zend = SPCFG(cookies_env_var); + const zend_string *encryption_key_zend = SPCFG(encryption_key); const char *env_var = (env_var_zend ? getenv(ZSTR_VAL(env_var_zend)) : NULL); - const char *encryption_key = - (encryption_key_zend ? ZSTR_VAL(encryption_key_zend) : NULL); + const char *encryption_key = (encryption_key_zend ? ZSTR_VAL(encryption_key_zend) : NULL); assert(32 == crypto_secretbox_KEYBYTES); // 32 is the size of a SHA256. assert(encryption_key); // Encryption key can't be NULL diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 6ff3915..4ef72bf 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -479,21 +479,13 @@ ZEND_FUNCTION(check_disabled_function) { zif_handler orig_handler; const char* current_function_name = get_active_function_name(TSRMLS_C); - should_disable_ht( - execute_data, current_function_name, NULL, NULL, - SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked); + should_disable_ht(execute_data, current_function_name, NULL, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions_hooked)); orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(disabled_functions_hook), current_function_name, + SPG(disabled_functions_hook), current_function_name, strlen(current_function_name)); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); - should_drop_on_ret_ht( - return_value, current_function_name, - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked, - execute_data); + should_drop_on_ret_ht(return_value, current_function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret_hooked), execute_data); } static int hook_functions_regexp(const sp_list_node* config) { @@ -547,10 +539,10 @@ ZEND_FUNCTION(eval_blacklist_callback) { } zend_string_release(tmp); - if (SNUFFLEUPAGUS_G(in_eval) > 0) { + if (SPG(in_eval) > 0) { // zend_string* filename = get_eval_filename(zend_get_executed_filename()); // const int line_number = zend_get_executed_lineno(TSRMLS_C); - const sp_config_eval* config_eval = SNUFFLEUPAGUS_G(config).config_eval; + const sp_config_eval* config_eval = &(SPCFG(eval)); if (config_eval->dump) { sp_log_request(config_eval->dump, config_eval->textual_representation); @@ -565,7 +557,7 @@ ZEND_FUNCTION(eval_blacklist_callback) { whitelisted: orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook), current_function_name, + SPG(sp_eval_blacklist_functions_hook), current_function_name, strlen(current_function_name)); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } @@ -575,26 +567,19 @@ int hook_disabled_functions(void) { int ret = SUCCESS; - hook_functions(SNUFFLEUPAGUS_G(config).config_disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked); + hook_functions(SPCFG(disabled_functions), SPCFG(disabled_functions_hooked)); + hook_functions(SPCFG(disabled_functions_ret), SPCFG(disabled_functions_ret_hooked)); - hook_functions(SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret_hooked); + ret |= hook_functions_regexp(SPCFG(disabled_functions_reg).disabled_functions); - ret |= hook_functions_regexp( - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg->disabled_functions); + ret |= hook_functions_regexp(SPCFG(disabled_functions_reg_ret).disabled_functions); - ret |= hook_functions_regexp( - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions); - - if (NULL != SNUFFLEUPAGUS_G(config).config_eval->blacklist) { - sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->blacklist; + if (NULL != SPCFG(eval).blacklist) { + sp_list_node* it = SPCFG(eval).blacklist; while (it) { hook_function(ZSTR_VAL((zend_string*)it->data), - SNUFFLEUPAGUS_G(sp_eval_blacklist_functions_hook), + SPG(sp_eval_blacklist_functions_hook), PHP_FN(eval_blacklist_callback)); it = it->next; } @@ -611,10 +596,7 @@ int hook_echo(const char* str, size_t str_length) { #endif zend_string* zs = zend_string_init(str, str_length, 0); - should_disable_ht( - EG(current_execute_data), "echo", zs, NULL, - SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked); + should_disable_ht(EG(current_execute_data), "echo", zs, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions_hooked)); zend_string_release(zs); diff --git a/src/sp_execute.c b/src/sp_execute.c index 41257ad..ccb7508 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -8,8 +8,7 @@ static int (*orig_zend_stream_open)(const char *filename, // FIXME handle symlink ZEND_COLD static inline void terminate_if_writable(const char *filename) { - const sp_config_readonly_exec *config_ro_exec = - SNUFFLEUPAGUS_G(config).config_readonly_exec; + const sp_config_readonly_exec *config_ro_exec = &(SPCFG(readonly_exec)); if (0 == access(filename, W_OK)) { if (config_ro_exec->dump) { @@ -43,21 +42,18 @@ inline static void is_builtin_matching( return; } - should_disable_ht( - EG(current_execute_data), function_name, param_value, param_name, - SNUFFLEUPAGUS_G(config).config_disabled_functions_reg->disabled_functions, - ht); + should_disable_ht(EG(current_execute_data), function_name, param_value, param_name, SPCFG(disabled_functions_reg).disabled_functions, ht); } static void ZEND_HOT is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { - const sp_config_eval *config_eval = SNUFFLEUPAGUS_G(config).config_eval; + const sp_config_eval *config_eval = &(SPCFG(eval)); - if (EXPECTED(0 == SNUFFLEUPAGUS_G(in_eval))) { + if (EXPECTED(0 == SPG(in_eval))) { return; } - if (EXPECTED(NULL == SNUFFLEUPAGUS_G(config).config_eval->whitelist)) { + if (EXPECTED(NULL == config_eval->whitelist)) { return; } @@ -113,50 +109,45 @@ zend_string *get_eval_filename(const char *const filename) { } static inline void sp_orig_execute(zend_execute_data *execute_data) { - SNUFFLEUPAGUS_G(execution_depth)++; - if (SNUFFLEUPAGUS_G(execution_depth) > SNUFFLEUPAGUS_G(config).max_execution_depth && SNUFFLEUPAGUS_G(config).max_execution_depth > 0) { + SPG(execution_depth)++; + if (SPCFG(max_execution_depth) > 0 && SPG(execution_depth) > SPCFG(max_execution_depth)) { sp_log_drop("execute", "Maximum recursion limit reached. Script terminated."); } orig_execute_ex(execute_data); - SNUFFLEUPAGUS_G(execution_depth)--; + SPG(execution_depth)--; } static void sp_execute_ex(zend_execute_data *execute_data) { is_in_eval_and_whitelisted(execute_data); - const HashTable *config_disabled_functions = - SNUFFLEUPAGUS_G(config).config_disabled_functions; + const HashTable *config_disabled_functions = SPCFG(disabled_functions); if (!execute_data) { return; // LCOV_EXCL_LINE } if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) { - const sp_list_node *config = zend_hash_str_find_ptr( - config_disabled_functions, "eval", sizeof("eval") - 1); + const sp_list_node *config = zend_hash_str_find_ptr(config_disabled_functions, ZEND_STRL("eval")); zend_string *filename = get_eval_filename(zend_get_executed_filename()); - is_builtin_matching(filename, "eval", NULL, config, - config_disabled_functions); + is_builtin_matching(filename, "eval", NULL, config, config_disabled_functions); zend_string_release(filename); - SNUFFLEUPAGUS_G(in_eval)++; + SPG(in_eval)++; sp_orig_execute(execute_data); - SNUFFLEUPAGUS_G(in_eval)--; + SPG(in_eval)--; return; } if (NULL != EX(func)->op_array.filename) { - if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { + if (SPCFG(readonly_exec).enable) { terminate_if_writable(ZSTR_VAL(EX(func)->op_array.filename)); } } - if (SNUFFLEUPAGUS_G(config).hook_execute) { + if (SPG(hook_execute)) { char *function_name = get_complete_function_path(execute_data); zval ret_val; - const sp_list_node *config_disabled_functions_reg = - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg->disabled_functions; + const sp_list_node *config_disabled_functions_reg = SPCFG(disabled_functions_reg).disabled_functions; if (!function_name) { sp_orig_execute(execute_data); @@ -195,11 +186,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { sp_orig_execute(execute_data); - should_drop_on_ret_ht( - EX(return_value), function_name, - SNUFFLEUPAGUS_G(config) - .config_disabled_functions_reg_ret->disabled_functions, - SNUFFLEUPAGUS_G(config).config_disabled_functions_ret, execute_data); + should_drop_on_ret_ht(EX(return_value), function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret), execute_data); efree(function_name); if (EX(return_value) == &ret_val) { @@ -231,41 +218,36 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) { } zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0); - const HashTable *disabled_functions_hooked = - SNUFFLEUPAGUS_G(config).config_disabled_functions_hooked; + const HashTable *disabled_functions_hooked = SPCFG(disabled_functions_hooked); switch (data->opline->opcode) { case ZEND_INCLUDE_OR_EVAL: - if (true == SNUFFLEUPAGUS_G(config).config_readonly_exec->enable) { + if (SPCFG(readonly_exec).enable) { terminate_if_writable(filename); } switch (data->opline->extended_value) { case ZEND_INCLUDE: is_builtin_matching( zend_filename, "include", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, "include", - sizeof("include") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("include")), disabled_functions_hooked); break; case ZEND_REQUIRE: is_builtin_matching( zend_filename, "require", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, "require", - sizeof("require") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("require")), disabled_functions_hooked); break; case ZEND_REQUIRE_ONCE: is_builtin_matching( zend_filename, "require_once", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, "require_once", - sizeof("require_once") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("require_once")), disabled_functions_hooked); break; case ZEND_INCLUDE_ONCE: is_builtin_matching( zend_filename, "include_once", "inclusion path", - zend_hash_str_find_ptr(disabled_functions_hooked, "include_once", - sizeof("include_once") - 1), + zend_hash_str_find_ptr(disabled_functions_hooked, ZEND_STRL("include_once")), disabled_functions_hooked); break; EMPTY_SWITCH_DEFAULT_CASE(); // LCOV_EXCL_LINE diff --git a/src/sp_harden_rand.c b/src/sp_harden_rand.c index 43c2a5b..3e9bcb3 100644 --- a/src/sp_harden_rand.c +++ b/src/sp_harden_rand.c @@ -54,8 +54,7 @@ PHP_FUNCTION(sp_rand) { /* call the original `rand` function, * since we might no be the only ones to hook it*/ - orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_internal_functions_hook), "rand", sizeof("rand") - 1); + orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("rand")); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU); @@ -67,8 +66,7 @@ PHP_FUNCTION(sp_mt_rand) { /* call the original `mt_rand` function, * since we might no be the only ones to hook it*/ orig_handler = - zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), - "mt_rand", sizeof("mt_rand") - 1); + zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("mt_rand")); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); random_int_wrapper(INTERNAL_FUNCTION_PARAM_PASSTHRU); diff --git a/src/sp_ifilter.c b/src/sp_ifilter.c index a475c1e..8099882 100644 --- a/src/sp_ifilter.c +++ b/src/sp_ifilter.c @@ -77,12 +77,12 @@ static void sp_register_server_variables(zval *track_vars_array) { svars = Z_ARRVAL_P(track_vars_array); - if (SNUFFLEUPAGUS_G(config).server_encode) { + if (SPCFG(server_encode)) { sp_server_encode(svars, ZEND_STRL("REQUEST_URI")); sp_server_encode(svars, ZEND_STRL("QUERY_STRING")); } - if (SNUFFLEUPAGUS_G(config).server_strip) { + if (SPCFG(server_strip)) { sp_server_strip(svars, ZEND_STRL("PHP_SELF")); sp_server_strip(svars, ZEND_STRL("HTTP_HOST")); sp_server_strip(svars, ZEND_STRL("HTTP_USER_AGENT")); diff --git a/src/sp_ini.c b/src/sp_ini.c index 5777ca3..2238e3a 100644 --- a/src/sp_ini.c +++ b/src/sp_ini.c @@ -17,7 +17,7 @@ static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_va return false; } - sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; + sp_config_ini *cfg = &(SPCFG(ini)); sp_ini_entry *entry = zend_hash_find_ptr(cfg->entries, varname); if (sp_entry_p) { *sp_entry_p = entry; @@ -92,7 +92,7 @@ static PHP_INI_MH(sp_ini_onmodify) { } void sp_hook_ini() { - sp_config_ini *cfg = SNUFFLEUPAGUS_G(config).config_ini; + sp_config_ini *cfg = &(SPCFG(ini)); sp_ini_entry *sp_entry; zend_ini_entry *ini_entry; ZEND_HASH_FOREACH_PTR(cfg->entries, sp_entry) @@ -129,7 +129,7 @@ void sp_hook_ini() { void sp_unhook_ini() { sp_ini_entry *sp_entry; zend_ini_entry *ini_entry; - ZEND_HASH_FOREACH_PTR(SNUFFLEUPAGUS_G(config).config_ini->entries, sp_entry) + ZEND_HASH_FOREACH_PTR(SPCFG(ini).entries, sp_entry) if (!sp_entry->orig_onmodify) { // not hooked or no original onmodify continue; diff --git a/src/sp_session.c b/src/sp_session.c index 64233d1..b54849e 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -25,7 +25,7 @@ static int (*previous_sessionRINIT)(INIT_FUNC_ARGS) = NULL; static ZEND_INI_MH((*old_OnUpdateSaveHandler)) = NULL; static void check_sid_length(zend_string *sid) { - const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; + const sp_config_session *cfg = &(SPCFG(session)); if (sid) { if (cfg->sid_min_length && ZSTR_LEN(sid) < cfg->sid_min_length) { @@ -38,7 +38,7 @@ static void check_sid_length(zend_string *sid) { } static int sp_hook_s_read(PS_READ_ARGS) { - const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; + const sp_config_session *cfg = &(SPCFG(session)); check_sid_length(key); int r = old_s_read(mod_data, key, val, maxlifetime); @@ -65,7 +65,7 @@ static int sp_hook_s_read(PS_READ_ARGS) { } static int sp_hook_s_write(PS_WRITE_ARGS) { - const sp_config_session *cfg = SNUFFLEUPAGUS_G(config).config_session; + const sp_config_session *cfg = &(SPCFG(session)); check_sid_length(key); if (ZSTR_LEN(val) > 0 && cfg->encrypt) { diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c index ff2d644..8afddc9 100644 --- a/src/sp_sloppy.c +++ b/src/sp_sloppy.c @@ -69,7 +69,7 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name, ZVAL_STRING(&func_name, name); - handler = zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), + handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), name, size); zend_internal_function* func = zend_hash_str_find_ptr(CG(function_table), name, size); diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 82b2cef..1c9f731 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -4,10 +4,10 @@ PHP_FUNCTION(sp_serialize) { zif_handler orig_handler; /* Call the original `serialize` function. */ - orig_handler = - zend_hash_str_find_ptr(SNUFFLEUPAGUS_G(sp_internal_functions_hook), - "serialize", sizeof("serialize") - 1); - orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); + orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("serialize")); + if (orig_handler) { + orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); + } /* Compute the HMAC of the textual representation of the serialized data*/ zval func_name; @@ -19,7 +19,7 @@ PHP_FUNCTION(sp_serialize) { params[1] = *return_value; ZVAL_STRING( ¶ms[2], - ZSTR_VAL(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)); + ZSTR_VAL(SPCFG(encryption_key))); call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params); size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); @@ -46,8 +46,7 @@ PHP_FUNCTION(sp_unserialize) { size_t buf_len = 0; zval *opts = NULL; - const sp_config_unserialize *config_unserialize = - SNUFFLEUPAGUS_G(config).config_unserialize; + const sp_config_unserialize *config_unserialize = &(SPCFG(unserialize)); if (zend_parse_parameters(ZEND_NUM_ARGS(), "s|a", &buf, &buf_len, &opts) == FAILURE) { @@ -71,7 +70,7 @@ PHP_FUNCTION(sp_unserialize) { ZVAL_STRING(¶ms[1], serialized_str); ZVAL_STRING( ¶ms[2], - ZSTR_VAL(SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)); + ZSTR_VAL(SPCFG(encryption_key))); call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3, params); @@ -81,9 +80,7 @@ PHP_FUNCTION(sp_unserialize) { } if (0 == status) { - if ((orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_internal_functions_hook), "unserialize", - sizeof("unserialize") - 1))) { + if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } } else { @@ -93,9 +90,7 @@ PHP_FUNCTION(sp_unserialize) { } if (true == config_unserialize->simulation) { sp_log_simulation("unserialize", "Invalid HMAC for %s", serialized_str); - if ((orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_internal_functions_hook), "unserialize", - sizeof("unserialize") - 1))) { + if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } } else { diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index 4d44011..bff7e43 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -32,8 +32,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { if (event == MULTIPART_EVENT_END) { zend_string *file_key __attribute__((unused)) = NULL; - const sp_config_upload_validation *config_upload = - SNUFFLEUPAGUS_G(config).config_upload_validation; + const sp_config_upload_validation *config_upload = &(SPCFG(upload_validation)); zval *file; pid_t pid; @@ -44,12 +43,9 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]), file_key, file) { // for each uploaded file - char *filename = Z_STRVAL_P( - zend_hash_str_find(Z_ARRVAL_P(file), "name", sizeof("name") - 1)); - char *tmp_name = Z_STRVAL_P(zend_hash_str_find( - Z_ARRVAL_P(file), "tmp_name", sizeof("tmp_name") - 1)); - size_t filesize = Z_LVAL_P( - zend_hash_str_find(Z_ARRVAL_P(file), "size", sizeof("size") - 1)); + char *filename = Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("name"))); + char *tmp_name = Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("tmp_name"))); + size_t filesize = Z_LVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("size"))); char *cmd[3] = {0}; char *env[5] = {0}; diff --git a/src/sp_utils.c b/src/sp_utils.c index de19321..ff85494 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -46,7 +46,7 @@ void sp_log_msgf(char const* restrict feature, int level, int type, break; } - switch (SNUFFLEUPAGUS_G(config).log_media) { + switch (SPCFG(log_media)) { case SP_SYSLOG: { const char* error_filename = zend_get_executed_filename(); int syslog_level = (level == E_ERROR) ? LOG_ERR : LOG_INFO; @@ -244,17 +244,17 @@ const zend_string* sp_zval_to_zend_string(const zval* zv) { return Z_STR_P(zv); } case IS_FALSE: - return zend_string_init("FALSE", sizeof("FALSE") - 1, 0); + return zend_string_init(ZEND_STRL("FALSE"), 0); case IS_TRUE: - return zend_string_init("TRUE", sizeof("TRUE") - 1, 0); + return zend_string_init(ZEND_STRL("TRUE"), 0); case IS_NULL: - return zend_string_init("NULL", sizeof("NULL") - 1, 0); + return zend_string_init(ZEND_STRL("NULL"), 0); case IS_OBJECT: - return zend_string_init("OBJECT", sizeof("OBJECT") - 1, 0); + return zend_string_init(ZEND_STRL("OBJECT"), 0); case IS_ARRAY: - return zend_string_init("ARRAY", sizeof("ARRAY") - 1, 0); + return zend_string_init(ZEND_STRL("ARRAY"), 0); case IS_RESOURCE: - return zend_string_init("RESOURCE", sizeof("RESOURCE") - 1, 0); + return zend_string_init(ZEND_STRL("RESOURCE"), 0); default: // LCOV_EXCL_LINE return zend_string_init("", 0, 0); // LCOV_EXCL_LINE } @@ -432,7 +432,7 @@ bool hook_function(const char* original_name, HashTable* hook_table, if (NULL == mb_name) { return FAILURE; } - memcpy(mb_name, "mb_", sizeof("mb_") - 1); + memcpy(mb_name, ZEND_STRL("mb_")); memcpy(mb_name + 3, VAR_AND_LEN(original_name)); _hook_function(mb_name, hook_table, new_function); efree(mb_name); @@ -471,7 +471,7 @@ void unhook_functions(HashTable *ht) { } bool check_is_in_eval_whitelist(const zend_string* const function_name) { - const sp_list_node* it = SNUFFLEUPAGUS_G(config).config_eval->whitelist; + const sp_list_node* it = SPCFG(eval).whitelist; if (!it) { return false; } diff --git a/src/sp_utils.h b/src/sp_utils.h index ef626a3..27c8bfa 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -23,10 +23,10 @@ #define SHA256_SIZE 32 #define HOOK_FUNCTION(original_name, hook_table, new_function) \ - hook_function(original_name, SNUFFLEUPAGUS_G(hook_table), new_function) + hook_function(original_name, SPG(hook_table), new_function) #define HOOK_FUNCTION_BY_REGEXP(regexp, hook_table, new_function) \ - hook_regexp(regexp, SNUFFLEUPAGUS_G(hook_table), new_function) + hook_regexp(regexp, SPG(hook_table), new_function) #define SP_TYPE_LOG (0) #define SP_TYPE_DROP (1) diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c index 7610114..1538e33 100644 --- a/src/sp_wrapper.c +++ b/src/sp_wrapper.c @@ -1,7 +1,7 @@ #include "php_snuffleupagus.h" static bool wrapper_is_whitelisted(const zend_string *const zs) { - const sp_list_node *list = SNUFFLEUPAGUS_G(config).config_wrapper->whitelist; + const sp_list_node *list = SPCFG(wrapper).whitelist; if (!zs) { return false; // LCOV_EXCL_LINE @@ -38,8 +38,7 @@ void sp_disable_wrapper() { zend_hash_destroy(orig_complete); pefree(orig_complete, 1); - SNUFFLEUPAGUS_G(config).config_wrapper->num_wrapper = - zend_hash_num_elements(orig); + SPCFG(wrapper).num_wrapper = zend_hash_num_elements(orig); } PHP_FUNCTION(sp_stream_wrapper_register) { @@ -53,9 +52,7 @@ PHP_FUNCTION(sp_stream_wrapper_register) { // LCOV_EXCL_BR_END if (wrapper_is_whitelisted(protocol_name)) { - orig_handler = zend_hash_str_find_ptr( - SNUFFLEUPAGUS_G(sp_internal_functions_hook), "stream_wrapper_register", - sizeof("stream_wrapper_register") - 1); + orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("stream_wrapper_register")); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } } -- cgit v1.3 From 7a465ca2d44836fb3c0437dbd5ed9fdf39a33e82 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 18 Oct 2021 19:03:28 +0200 Subject: stronger stack protector via compile flag --- src/config.m4 | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index ddbd7a1..e6eed84 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -23,7 +23,7 @@ AC_PROG_CC_STDC() CFLAGS="$CFLAGS" CFLAGS="$CFLAGS -Wall -Wextra -Wno-unused-parameter" CFLAGS="$CFLAGS -Wformat=2 -Wformat-security -D_FORTIFY_SOURCE=2" -CFLAGS="$CFLAGS -fstack-protector" +CFLAGS="$CFLAGS -fstack-protector-strong" LDFLAGS="$LDFLAGS `pcre2-config --libs8`" -- cgit v1.3 From 2ffe94c9366f96700ec5f747385ac07307a012a5 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 21 Oct 2021 18:54:06 +0200 Subject: fix oob memory access --- src/sp_config_scanner.cached.c | 2 +- src/sp_config_scanner.re | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index 868d271..90bcdbe 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -164,7 +164,7 @@ const char *yyt4; { - char yych; + unsigned char yych; unsigned int yyaccept = 0; if (cond < 2) { if (cond < 1) { diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index 5fd1928..75e0424 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -152,7 +152,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key long lineno = 1; /*!re2c - re2c:define:YYCTYPE = char; + re2c:define:YYCTYPE = "unsigned char"; // re2c:define:YYCURSOR = data; re2c:yyfill:enable = 0; re2c:flags:tags = 1; -- cgit v1.3 From 8e95c5d30f197716ba132e3f2494c5e220f3e5cd Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 21 Oct 2021 18:55:48 +0200 Subject: added some array initialization, just in case. --- src/sp_disable_xxe.c | 2 +- src/sp_pcre_compat.c | 2 +- src/sp_sloppy.c | 2 +- src/sp_unserialize.c | 4 ++-- src/sp_utils.c | 4 ++-- 5 files changed, 7 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c index f9712b5..7db2451 100644 --- a/src/sp_disable_xxe.c +++ b/src/sp_disable_xxe.c @@ -18,7 +18,7 @@ int hook_libxml_disable_entity_loader() { zval func_name; zval retval; - zval params[1]; + zval params[1] = {0}; #if PHP_VERSION_ID < 80000 // This function is deprecated in PHP8, but better safe than sorry for php7. diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index 657e650..e994123 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -45,7 +45,7 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL); pcre2_match_data_free(match_data); #else - int vec[30]; + int vec[30] = {0}; ret = pcre_exec(regexp, NULL, str, len, 0, 0, vec, sizeof(vec) / sizeof(int)); #endif diff --git a/src/sp_sloppy.c b/src/sp_sloppy.c index 8afddc9..fca4be5 100644 --- a/src/sp_sloppy.c +++ b/src/sp_sloppy.c @@ -48,7 +48,7 @@ static void array_handler(INTERNAL_FUNCTION_PARAMETERS, const char* name, const char* spec) { zif_handler handler; zval func_name; - zval params[3]; + zval params[3] = {0}; zval *value, *array = NULL; zend_bool strict = 0; uint32_t nb_params = ZEND_NUM_ARGS(); diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 1c9f731..5ede015 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -12,7 +12,7 @@ PHP_FUNCTION(sp_serialize) { /* Compute the HMAC of the textual representation of the serialized data*/ zval func_name; zval hmac; - zval params[3]; + zval params[3] = {0}; ZVAL_STRING(&func_name, "hash_hmac"); ZVAL_STRING(¶ms[0], "sha256"); @@ -65,7 +65,7 @@ PHP_FUNCTION(sp_unserialize) { zval func_name; ZVAL_STRING(&func_name, "hash_hmac"); - zval params[3]; + zval params[3] = {0}; ZVAL_STRING(¶ms[0], "sha256"); ZVAL_STRING(¶ms[1], serialized_str); ZVAL_STRING( diff --git a/src/sp_utils.c b/src/sp_utils.c index ff85494..2f0f565 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -72,8 +72,8 @@ void sp_log_msgf(char const* restrict feature, int level, int type, int compute_hash(const char* const restrict filename, char* restrict file_hash) { - unsigned char buf[1024]; - unsigned char digest[SHA256_SIZE]; + unsigned char buf[1024] = {0}; + unsigned char digest[SHA256_SIZE] = {0}; PHP_SHA256_CTX context; size_t n; -- cgit v1.3 From 9111fdf5e6332923a5faf9f8a7e6b428eb91795a Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 11 Nov 2021 12:02:07 +0100 Subject: detect dummy or short encryption key --- src/sp_config_keywords.c | 13 ++++++++++++ .../config/broken_conf_cookie_name_and_regexp.ini | 2 +- .../config/config_encrypted_cookies_noname.ini | 2 +- .../config_encrypted_regexp_cookies_bad_regexp.ini | 2 +- .../config/config_encryption_key_short.ini | 1 + .../encrypt_key_too_short.phpt | 23 ++++++++++++++++++++++ .../encrypt_regexp_cookies_bad_regexp.phpt | 3 ++- .../broken_conf_cookie_name_and_regexp.phpt | 2 +- .../config/broken_conf_cookie_name_and_regexp.ini | 2 +- .../config/config_encrypted_cookies_noname.ini | 2 +- .../config_encrypted_regexp_cookies_bad_regexp.ini | 2 +- .../encrypt_key_too_short.phpt | 22 +++++++++++++++++++++ .../encrypt_regexp_cookies_bad_regexp.phpt | 2 +- src/tests/config/config_samesite_cookies.ini | 2 +- src/tests/config/phplog.ini | 2 +- src/tests/config/sid_length_limit.ini | 1 + src/tests/config/syslog.ini | 2 +- src/tests/config/syslog_simulation.ini | 2 +- .../config/config_encrypted_cookies.ini | 2 +- .../config/config_encrypted_cookies_empty_env.ini | 2 +- .../config/config_encrypted_cookies_simulation.ini | 2 +- .../config/config_encrypted_regexp_cookies.ini | 2 +- .../config_encrypted_regexp_cookies_empty_env.ini | 2 +- .../config/encryption_key_only.ini | 2 +- src/tests/cookies_encryption/encrypt_cookies.phpt | 2 +- src/tests/cookies_encryption/encrypt_cookies3.phpt | 2 +- .../cookies_encryption/encrypt_regexp_cookies.phpt | 2 +- .../encrypt_regexp_cookies3.phpt | 2 +- .../config/encrypt_cookies_no_env.ini | 2 +- .../config/encrypt_regexp_cookies_no_env.ini | 2 +- .../config/config_encrypted_cookies.ini | 2 +- .../config/config_crypt_session.ini | 2 +- .../config/config_crypt_session_simul.ini | 2 +- src/tests/unserialize/config/config_serialize.ini | 2 +- .../unserialize/config/config_serialize_sim.ini | 2 +- src/tests/unserialize/config/dump_unserialize.ini | 2 +- src/tests/unserialize/serialize.phpt | 2 +- src/tests/unserialize/unserialize_sim.phpt | 5 +++-- .../unserialize_php8/config/config_serialize.ini | 2 +- 39 files changed, 97 insertions(+), 35 deletions(-) create mode 100644 src/tests/broken_configuration/config/config_encryption_key_short.ini create mode 100644 src/tests/broken_configuration/encrypt_key_too_short.phpt create mode 100644 src/tests/broken_configuration_php8/encrypt_key_too_short.phpt create mode 100644 src/tests/config/sid_length_limit.ini (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index f6af86b..cf44ed9 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -136,6 +136,19 @@ SP_PARSE_FN(parse_global) { {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); + + if (SPCFG(encryption_key)) { + if (ZSTR_LEN(SPCFG(encryption_key)) < 10) { + sp_log_err("config", "The encryption key set on line %zu is too short. please use at least 10 bytes", parsed_rule->lineno); + return SP_PARSER_ERROR; + } + if (zend_string_equals_literal(SPCFG(encryption_key), "YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.") || + zend_string_equals_literal(SPCFG(encryption_key), "c6a0e02b3b818f7559d5f85303d8fe44")) { + sp_log_err("config", "The encryption key set on line %zu is an unchanged dummy value. please use a unique secret.", parsed_rule->lineno); + return SP_PARSER_ERROR; + } + } + return SP_PARSER_STOP; } diff --git a/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini index 503889b..6b43b71 100644 --- a/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini +++ b/src/tests/broken_configuration/config/broken_conf_cookie_name_and_regexp.ini @@ -1,2 +1,2 @@ -sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt(); diff --git a/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini index 048e404..43a4284 100644 --- a/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini +++ b/src/tests/broken_configuration/config/config_encrypted_cookies_noname.ini @@ -1,3 +1,3 @@ -sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); sp.cookie.name("").encrypt(); sp.auto_cookie_secure.enable(); diff --git a/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini index 4fe92fd..817de14 100644 --- a/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini +++ b/src/tests/broken_configuration/config/config_encrypted_regexp_cookies_bad_regexp.ini @@ -1,3 +1,3 @@ -sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); sp.cookie.name_r("^super_co[a-z+$").encrypt(); sp.auto_cookie_secure.enable(); diff --git a/src/tests/broken_configuration/config/config_encryption_key_short.ini b/src/tests/broken_configuration/config/config_encryption_key_short.ini new file mode 100644 index 0000000..7de4438 --- /dev/null +++ b/src/tests/broken_configuration/config/config_encryption_key_short.ini @@ -0,0 +1 @@ +sp.global.secret_key("abcdef"); diff --git a/src/tests/broken_configuration/encrypt_key_too_short.phpt b/src/tests/broken_configuration/encrypt_key_too_short.phpt new file mode 100644 index 0000000..fe80be1 --- /dev/null +++ b/src/tests/broken_configuration/encrypt_key_too_short.phpt @@ -0,0 +1,23 @@ +--TEST-- +Cookie encryption key too short +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_encryption_key_short.ini +--COOKIE-- +--ENV-- +return << +--EXPECT-- +PHP Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0 + +Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0 + +Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0 +Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt index 5383df6..ef83154 100644 --- a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt +++ b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt @@ -2,11 +2,12 @@ Cookie decryption in ipv4 --SKIPIF-- += 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini error_reporting=1 --COOKIE-- -super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value; +super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value; --ENV-- return << --INI-- -sp.configuration_file={PWD}/config/broken_conf_cookie_name_and_regexp.ini +sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_cookie_name_and_regexp.ini --FILE-- --EXPECT-- diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini index 503889b..6b43b71 100644 --- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini +++ b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini @@ -1,2 +1,2 @@ -sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt(); diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini index 048e404..43a4284 100644 --- a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini +++ b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini @@ -1,3 +1,3 @@ -sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); sp.cookie.name("").encrypt(); sp.auto_cookie_secure.enable(); diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini index 4fe92fd..817de14 100644 --- a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini +++ b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini @@ -1,3 +1,3 @@ -sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); +sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); sp.cookie.name_r("^super_co[a-z+$").encrypt(); sp.auto_cookie_secure.enable(); diff --git a/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt new file mode 100644 index 0000000..c14785e --- /dev/null +++ b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt @@ -0,0 +1,22 @@ +--TEST-- +Cookie encryption key too short +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/../broken_configuration/config/config_encryption_key_short.ini +--COOKIE-- +--ENV-- +return << +--EXPECT-- +Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0 + +Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0 +Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt index 5383df6..6796c5b 100644 --- a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt +++ b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt @@ -6,7 +6,7 @@ Cookie decryption in ipv4 sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini error_reporting=1 --COOKIE-- -super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value; +super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value; --ENV-- return << --EXPECT-- -s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1 +s:1:"a";cdbc93e593656164d448db33e4668a3f30fa794d6658016365f7eb453d48b022 diff --git a/src/tests/unserialize/unserialize_sim.phpt b/src/tests/unserialize/unserialize_sim.phpt index 9bff2c1..1256c23 100644 --- a/src/tests/unserialize/unserialize_sim.phpt +++ b/src/tests/unserialize/unserialize_sim.phpt @@ -7,12 +7,13 @@ sp.configuration_file={PWD}/config/config_serialize_sim.ini --FILE-- --EXPECTF-- -s:1:"a";650609b417904d0d9bbf1fc44a975d13ecdf6b02b715c1a06271fb3b673f25b1string(1) "a" +s:1:"a";cdbc93e593656164d448db33e4668a3f30fa794d6658016365f7eb453d48b022 +string(1) "a" Warning: [snuffleupagus][0.0.0.0][unserialize][simulation] Invalid HMAC for s:1:"a";alyualskdufyhalkdjsfh in %a/unserialize_sim.php on line 5 string(1) "a" diff --git a/src/tests/unserialize_php8/config/config_serialize.ini b/src/tests/unserialize_php8/config/config_serialize.ini index 7de4438..e107f15 100644 --- a/src/tests/unserialize_php8/config/config_serialize.ini +++ b/src/tests/unserialize_php8/config/config_serialize.ini @@ -1 +1 @@ -sp.global.secret_key("abcdef"); +sp.global.secret_key("abcdefGHIJ"); -- cgit v1.3 From 713cb08b58d4e5dd5e7e80b1f82e27cbe52d4381 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 11 Nov 2021 13:15:52 +0100 Subject: inverted logic. set xxe_protection.enable() instead of disable_xxe.disable() --- config/default.rules | 2 +- config/default_php8.rules | 2 +- config/suhosin.rules | 2 +- doc/source/config.rst | 7 ++++--- src/php_snuffleupagus.h | 2 +- src/snuffleupagus.c | 2 +- src/sp_config.c | 2 +- src/sp_config.h | 4 ++-- src/tests/xxe/config/disable_xxe.ini | 2 +- src/tests/xxe/config/disable_xxe_disable.ini | 2 +- src/tests/xxe/disable_xxe_dom_disabled.phpt | 4 ++-- src/tests/xxe/disable_xxe_simplexml.phpt | 3 ++- src/tests/xxe/disable_xxe_simplexml_oop.phpt | 3 ++- src/tests/xxe/disable_xxe_xml_parse.phpt | 5 ++++- 14 files changed, 24 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/config/default.rules b/config/default.rules index b964073..2de703b 100644 --- a/config/default.rules +++ b/config/default.rules @@ -7,7 +7,7 @@ sp.harden_random.enable(); # Disabled XXE -sp.disable_xxe.enable(); +sp.xxe_protection.enable(); # Global configuration variables # sp.global.secret_key("YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS."); diff --git a/config/default_php8.rules b/config/default_php8.rules index de2da5c..1d16191 100644 --- a/config/default_php8.rules +++ b/config/default_php8.rules @@ -8,7 +8,7 @@ sp.harden_random.enable(); # Disabled XXE -sp.disable_xxe.enable(); +sp.xxe_protection.enable(); # Global configuration variables # sp.global.secret_key("YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS."); diff --git a/config/suhosin.rules b/config/suhosin.rules index 4beb4c8..0bdc453 100644 --- a/config/suhosin.rules +++ b/config/suhosin.rules @@ -276,6 +276,6 @@ sp.harden_random.enable(); sp.auto_cookie_secure.enable(); #sp.cookie.name("cookie1").samesite("lax"); #sp.cookie.name("cookie2").samesite("strict");; -sp.disable_xxe.enable(); +sp.xxe_protection.enable(); #sp.sloppy_comparison.enable(); diff --git a/doc/source/config.rst b/doc/source/config.rst index 10b0afd..63ddf7b 100644 --- a/doc/source/config.rst +++ b/doc/source/config.rst @@ -293,14 +293,15 @@ It can either be ``enabled`` or ``disabled`` and can be used in ``simulation`` m sp.upload_validation.script("/var/www/is_valid_php.py").enable(); -disable_xxe +xxe_protection ^^^^^^^^^^^ -:ref:`disable_xxe `, enabled by default, will prevent XXE attacks by disabling the loading of external entities (``libxml_disable_entity_loader``) in the XML parser. +:ref:`xxe_protection `, disabled by default, will prevent XXE attacks by disabling the loading of external entities (``libxml_disable_entity_loader``) in the XML parser. :: - sp.disable_xxe.enable(); + sp.xxe_protection.enable(); + sp.xxe_protection.disable(); Whitelist of stream-wrappers diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 308031b..03c9bb6 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -116,7 +116,7 @@ sp_config_upload_validation config_upload_validation; sp_config_cookie config_cookie; sp_config_auto_cookie_secure config_auto_cookie_secure; sp_config_global_strict config_global_strict; -sp_config_disable_xxe config_disable_xxe; +sp_config_xxe_protection config_xxe_protection; sp_config_eval config_eval; sp_config_wrapper config_wrapper; sp_config_session config_session; diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 6fd6f25..c96a911 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -314,7 +314,7 @@ static PHP_INI_MH(OnUpdateConfiguration) { hook_upload(); } - if (SPCFG(disable_xxe).enable == 0) { + if (SPCFG(xxe_protection).enable) { hook_libxml_disable_entity_loader(); } diff --git a/src/sp_config.c b/src/sp_config.c index ec6c5a8..bc9aa0d 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -17,7 +17,7 @@ static zend_result sp_process_config_root(sp_parsed_keyword *parsed_rule) { {parse_cookie, SP_TOKEN_COOKIE_ENCRYPTION, NULL}, {parse_global, SP_TOKEN_GLOBAL, NULL}, {parse_enable, SP_TOKEN_AUTO_COOKIE_SECURE, &(SPCFG(auto_cookie_secure).enable)}, - {parse_enable, SP_TOKEN_DISABLE_XXE, &(SPCFG(disable_xxe).enable)}, + {parse_enable, SP_TOKEN_XXE_PROTECTION, &(SPCFG(xxe_protection).enable)}, {parse_eval_filter_conf, SP_TOKEN_EVAL_BLACKLIST, &(SPCFG(eval).blacklist)}, {parse_eval_filter_conf, SP_TOKEN_EVAL_WHITELIST, &(SPCFG(eval).whitelist)}, {parse_session, SP_TOKEN_SESSION_ENCRYPTION, &(SPCFG(session))}, diff --git a/src/sp_config.h b/src/sp_config.h index 262050b..a557105 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -57,7 +57,7 @@ typedef struct { typedef struct { bool enable; -} sp_config_disable_xxe; +} sp_config_xxe_protection; typedef struct { enum samesite_type { strict = 1, lax = 2 } samesite; @@ -202,7 +202,7 @@ typedef struct { #define SP_TOKEN_READONLY_EXEC "readonly_exec" #define SP_TOKEN_UNSERIALIZE_HMAC "unserialize_hmac" #define SP_TOKEN_UPLOAD_VALIDATION "upload_validation" -#define SP_TOKEN_DISABLE_XXE "disable_xxe" +#define SP_TOKEN_XXE_PROTECTION "xxe_protection" #define SP_TOKEN_EVAL_BLACKLIST "eval_blacklist" #define SP_TOKEN_EVAL_WHITELIST "eval_whitelist" #define SP_TOKEN_SLOPPY_COMPARISON "sloppy_comparison" diff --git a/src/tests/xxe/config/disable_xxe.ini b/src/tests/xxe/config/disable_xxe.ini index bc9d1f2..a50a3b9 100644 --- a/src/tests/xxe/config/disable_xxe.ini +++ b/src/tests/xxe/config/disable_xxe.ini @@ -1 +1 @@ -sp.disable_xxe.enable(); +sp.xxe_protection.enable(); diff --git a/src/tests/xxe/config/disable_xxe_disable.ini b/src/tests/xxe/config/disable_xxe_disable.ini index bb1e432..eaf5755 100644 --- a/src/tests/xxe/config/disable_xxe_disable.ini +++ b/src/tests/xxe/config/disable_xxe_disable.ini @@ -1 +1 @@ -sp.disable_xxe.disable(); +sp.xxe_protection.disable(); diff --git a/src/tests/xxe/disable_xxe_dom_disabled.phpt b/src/tests/xxe/disable_xxe_dom_disabled.phpt index a49e094..107171c 100644 --- a/src/tests/xxe/disable_xxe_dom_disabled.phpt +++ b/src/tests/xxe/disable_xxe_dom_disabled.phpt @@ -1,10 +1,10 @@ --TEST-- -Disable XXE +Disable XXE (feature enabled) --SKIPIF-- = 80000) print "skip"; ?> --INI-- -sp.configuration_file={PWD}/config/disable_xxe_disable.ini +sp.configuration_file={PWD}/config/disable_xxe.ini --EXTENSIONS-- dom --FILE-- diff --git a/src/tests/xxe/disable_xxe_simplexml.phpt b/src/tests/xxe/disable_xxe_simplexml.phpt index 1d3ef4c..9560156 100644 --- a/src/tests/xxe/disable_xxe_simplexml.phpt +++ b/src/tests/xxe/disable_xxe_simplexml.phpt @@ -2,8 +2,9 @@ Disable XXE --SKIPIF-- += 80000) print "skip"; ?> --INI-- -sp.configuration_file={PWD}/config/disable_xxe.ini +sp.configuration_file={PWD}/config/disable_xxe_disable.ini --EXTENSIONS-- simplexml --XFAIL-- diff --git a/src/tests/xxe/disable_xxe_simplexml_oop.phpt b/src/tests/xxe/disable_xxe_simplexml_oop.phpt index e101337..1b2c4ca 100644 --- a/src/tests/xxe/disable_xxe_simplexml_oop.phpt +++ b/src/tests/xxe/disable_xxe_simplexml_oop.phpt @@ -2,8 +2,9 @@ Disable XXE --SKIPIF-- += 80000) print "skip"; ?> --INI-- -sp.configuration_file={PWD}/config/disable_xxe.ini +sp.configuration_file={PWD}/config/disable_xxe_disable.ini --EXTENSIONS-- simplexml --XFAIL-- diff --git a/src/tests/xxe/disable_xxe_xml_parse.phpt b/src/tests/xxe/disable_xxe_xml_parse.phpt index 6b48bea..bc7e338 100644 --- a/src/tests/xxe/disable_xxe_xml_parse.phpt +++ b/src/tests/xxe/disable_xxe_xml_parse.phpt @@ -70,7 +70,8 @@ $parser = create_parser(); $doc = xml_parse($parser, $xml, true); xml_parser_free($parser); ---EXPECT-- +--EXPECTF-- +Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 41 string(4) "TEST" array(0) { @@ -81,6 +82,8 @@ array(0) { } string(7) "TESTING" string(4) "TEST" + +Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_disable_entity_loader was tried and nopped in %a.php on line 46 string(4) "TEST" array(0) { -- cgit v1.3 From 0be11fcc6e73f7e35bf2f3b884676413f5522cf1 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 11 Nov 2021 13:32:07 +0100 Subject: more tests for xxe + optional xml support --- src/sp_disable_xxe.c | 7 +++ src/tests/xxe/disable_xxe_dom_disabled_php8.phpt | 57 +++++++++++++++++++++++ src/tests/xxe/disable_xxe_dom_php8.phpt | 59 ++++++++++++++++++++++++ 3 files changed, 123 insertions(+) create mode 100644 src/tests/xxe/disable_xxe_dom_disabled_php8.phpt create mode 100644 src/tests/xxe/disable_xxe_dom_php8.phpt (limited to 'src') diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c index 7db2451..b6030c6 100644 --- a/src/sp_disable_xxe.c +++ b/src/sp_disable_xxe.c @@ -1,5 +1,7 @@ #include "php_snuffleupagus.h" +#ifdef HAVE_XML + PHP_FUNCTION(sp_libxml_disable_entity_loader) { sp_log_warn("xxe", "A call to libxml_disable_entity_loader was tried and nopped"); @@ -39,3 +41,8 @@ int hook_libxml_disable_entity_loader() { return SUCCESS; } +#else +int hook_libxml_disable_entity_loader() { + sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP."); +} +#endif \ No newline at end of file diff --git a/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt new file mode 100644 index 0000000..01e3349 --- /dev/null +++ b/src/tests/xxe/disable_xxe_dom_disabled_php8.phpt @@ -0,0 +1,57 @@ +--TEST-- +Disable XXE (feature disabled) +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/config/disable_xxe_disable.ini +--EXTENSIONS-- +dom +--FILE-- +WARNING, external entity loaded!'; +file_put_contents($dir . '/content.txt', $content); + +$xml = << + +]> +&foo; +EOD; + +file_put_contents($dir . '/content.xml', $xml); + + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); +printf("default setting with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD); +printf("default setting without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +libxml_set_external_entity_loader(null); + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); +printf("disabled entity loader with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD); +printf("disabled entity loader without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +?> +--EXPECTF-- +default setting with LIBXML_NOENT: WARNING, external entity loaded! +default setting without LIBXML_NOENT: +disabled entity loader with LIBXML_NOENT: WARNING, external entity loaded! +disabled entity loader without LIBXML_NOENT: +--CLEAN-- + diff --git a/src/tests/xxe/disable_xxe_dom_php8.phpt b/src/tests/xxe/disable_xxe_dom_php8.phpt new file mode 100644 index 0000000..485828f --- /dev/null +++ b/src/tests/xxe/disable_xxe_dom_php8.phpt @@ -0,0 +1,59 @@ +--TEST-- +Disable XXE (feature enabled) +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/config/disable_xxe.ini +--EXTENSIONS-- +dom +--FILE-- +WARNING, external entity loaded!'; +file_put_contents($dir . '/content.txt', $content); + +$xml = << + +]> +&foo; +EOD; + +file_put_contents($dir . '/content.xml', $xml); + + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); +printf("default setting with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD); +printf("default setting without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +libxml_set_external_entity_loader(null); + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD|LIBXML_NOENT); +printf("disabled entity loader with LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +$dom = new DOMDocument('1.0'); +$dom->loadXML($xml, LIBXML_DTDATTR|LIBXML_DTDLOAD); +printf("disabled entity loader without LIBXML_NOENT: %s\n", $dom->getElementsByTagName('testing')->item(0)->nodeValue); + +?> +--EXPECTF-- +default setting with LIBXML_NOENT: WARNING, external entity loaded! +default setting without LIBXML_NOENT: + +Warning: [snuffleupagus][0.0.0.0][xxe][log] A call to libxml_set_external_entity_loader was tried and nopped in %a.php on line 26 +disabled entity loader with LIBXML_NOENT: WARNING, external entity loaded! +disabled entity loader without LIBXML_NOENT: +--CLEAN-- + -- cgit v1.3 From a34055a8fb6aa421a13da698ea0fe514bb27952e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 19 Nov 2021 14:56:05 +0100 Subject: fixed test skip condition --- src/tests/broken_configuration/encrypt_key_too_short.phpt | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/tests/broken_configuration/encrypt_key_too_short.phpt b/src/tests/broken_configuration/encrypt_key_too_short.phpt index fe80be1..9b1828c 100644 --- a/src/tests/broken_configuration/encrypt_key_too_short.phpt +++ b/src/tests/broken_configuration/encrypt_key_too_short.phpt @@ -2,6 +2,7 @@ Cookie encryption key too short --SKIPIF-- += 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_encryption_key_short.ini --COOKIE-- -- cgit v1.3 From c447df6ce8964b2863a50f0f8027d9b234b7507f Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 19 Nov 2021 14:57:01 +0100 Subject: replaced call_user_func with C level call --- src/sp_php_compat.c | 4 +++ src/sp_php_compat.h | 36 ++++++++++++++++++++++- src/sp_unserialize.c | 81 +++++++++++++++++++++++++++++++++------------------- 3 files changed, 90 insertions(+), 31 deletions(-) (limited to 'src') diff --git a/src/sp_php_compat.c b/src/sp_php_compat.c index cd7c3e7..a0693c3 100644 --- a/src/sp_php_compat.c +++ b/src/sp_php_compat.c @@ -1,5 +1,9 @@ #include "php_snuffleupagus.h" +/* code in this file is licensed under its original license + The PHP License, version 3.01 (https://www.php.net/license/3_01.txt) + which is also included with these sources in the file `PHP_LICENSE` */ + #if PHP_VERSION_ID < 80000 // copied from PHP 8.0.9 sources diff --git a/src/sp_php_compat.h b/src/sp_php_compat.h index 09d9a1f..d1102a8 100644 --- a/src/sp_php_compat.h +++ b/src/sp_php_compat.h @@ -1,3 +1,7 @@ +/* code in this file is licensed under its original license +The PHP License, version 3.01 (https://www.php.net/license/3_01.txt) +which is also included with these sources in the file `PHP_LICENSE` */ + #if PHP_VERSION_ID < 80000 // copied from PHP 8.0.9 sources @@ -93,4 +97,34 @@ static zend_always_inline void zend_string_efree(zend_string *s) __ht->nNumUsed = _idx; \ } while (0) -#endif \ No newline at end of file +#endif + +// copied from PHP 8.0.11 sources, ext/hash/hash.c + +static inline void php_hash_string_xor_char(unsigned char *out, const unsigned char *in, const unsigned char xor_with, const size_t length) { + size_t i; + for (i=0; i < length; i++) { + out[i] = in[i] ^ xor_with; + } +} + +static inline void php_hash_hmac_prep_key(unsigned char *K, const php_hash_ops *ops, void *context, const unsigned char *key, const size_t key_len) { + memset(K, 0, ops->block_size); + if (key_len > ops->block_size) { + /* Reduce the key first */ + ops->hash_init(context); + ops->hash_update(context, key, key_len); + ops->hash_final(K, context); + } else { + memcpy(K, key, key_len); + } + /* XOR the key with 0x36 to get the ipad) */ + php_hash_string_xor_char(K, K, 0x36, ops->block_size); +} + +static inline void php_hash_hmac_round(unsigned char *final, const php_hash_ops *ops, void *context, const unsigned char *key, const unsigned char *data, const zend_long data_size) { + ops->hash_init(context); + ops->hash_update(context, key, ops->block_size); + ops->hash_update(context, data, data_size); + ops->hash_final(final, context); +} diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 5ede015..4a9f565 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -1,5 +1,40 @@ #include "php_snuffleupagus.h" +// condensed version of PHP's php_hash_do_hash_hmac() in ext/hash/hash.c +static zend_string *sp_do_hash_hmac_sha256(char *data, size_t data_len, char *key, size_t key_len) +{ + zend_string *algo = zend_string_init(ZEND_STRL("sha256"), 0); + const php_hash_ops *ops = php_hash_fetch_ops(algo); + zend_string_release_ex(algo, 0); + + if (!ops || !ops->is_crypto) { + sp_log_err("unsupported hash algorithm for hmac: %s", ZSTR_VAL(algo)); + return NULL; + } + + void *context = php_hash_alloc_context(ops); + + unsigned char *K = emalloc(ops->block_size); + zend_string *digest = zend_string_alloc(ops->digest_size, 0); + + php_hash_hmac_prep_key(K, ops, context, (unsigned char *) key, key_len); + php_hash_hmac_round((unsigned char *) ZSTR_VAL(digest), ops, context, K, (unsigned char *) data, data_len); + php_hash_string_xor_char(K, K, 0x6A, ops->block_size); + php_hash_hmac_round((unsigned char *) ZSTR_VAL(digest), ops, context, K, (unsigned char *) ZSTR_VAL(digest), ops->digest_size); + + /* Zero the key */ + ZEND_SECURE_ZERO(K, ops->block_size); + efree(K); + efree(context); + + zend_string *hex_digest = zend_string_safe_alloc(ops->digest_size, 2, 0, 0); + + php_hash_bin2hex(ZSTR_VAL(hex_digest), (unsigned char *) ZSTR_VAL(digest), ops->digest_size); + ZSTR_VAL(hex_digest)[2 * ops->digest_size] = 0; + zend_string_release_ex(digest, 0); + return hex_digest; +} + PHP_FUNCTION(sp_serialize) { zif_handler orig_handler; @@ -10,19 +45,13 @@ PHP_FUNCTION(sp_serialize) { } /* Compute the HMAC of the textual representation of the serialized data*/ - zval func_name; - zval hmac; - zval params[3] = {0}; - - ZVAL_STRING(&func_name, "hash_hmac"); - ZVAL_STRING(¶ms[0], "sha256"); - params[1] = *return_value; - ZVAL_STRING( - ¶ms[2], - ZSTR_VAL(SPCFG(encryption_key))); - call_user_function(CG(function_table), NULL, &func_name, &hmac, 3, params); - - size_t len = Z_STRLEN_P(return_value) + Z_STRLEN(hmac); + zend_string *hmac = sp_do_hash_hmac_sha256(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), ZSTR_VAL(SPCFG(encryption_key)), ZSTR_LEN(SPCFG(encryption_key))); + + if (!hmac) { + zend_bailout(); + } + + size_t len = Z_STRLEN_P(return_value) + ZSTR_LEN(hmac); if (len < Z_STRLEN_P(return_value)) { // LCOV_EXCL_START sp_log_err("overflow_error", @@ -32,8 +61,9 @@ PHP_FUNCTION(sp_serialize) { } /* Append the computed HMAC to the serialized data. */ - return_value->value.str = zend_string_concat2(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), Z_STRVAL(hmac), Z_STRLEN(hmac)); - return; + zend_string *orig_ret_str = return_value->value.str; + RETVAL_NEW_STR(zend_string_concat2(Z_STRVAL_P(return_value), Z_STRLEN_P(return_value), ZSTR_VAL(hmac), ZSTR_LEN(hmac))); + zend_string_free(orig_ret_str); } PHP_FUNCTION(sp_unserialize) { @@ -42,7 +72,6 @@ PHP_FUNCTION(sp_unserialize) { char *buf = NULL; char *serialized_str = NULL; char *hmac = NULL; - zval expected_hmac; size_t buf_len = 0; zval *opts = NULL; @@ -62,22 +91,14 @@ PHP_FUNCTION(sp_unserialize) { serialized_str = ecalloc(buf_len - 64 + 1, 1); memcpy(serialized_str, buf, buf_len - 64); - zval func_name; - ZVAL_STRING(&func_name, "hash_hmac"); - - zval params[3] = {0}; - ZVAL_STRING(¶ms[0], "sha256"); - ZVAL_STRING(¶ms[1], serialized_str); - ZVAL_STRING( - ¶ms[2], - ZSTR_VAL(SPCFG(encryption_key))); - call_user_function(CG(function_table), NULL, &func_name, &expected_hmac, 3, - params); + zend_string *expected_hmac = sp_do_hash_hmac_sha256(serialized_str, strlen(serialized_str), ZSTR_VAL(SPCFG(encryption_key)), ZSTR_LEN(SPCFG(encryption_key))); unsigned int status = 0; - for (uint8_t i = 0; i < 64; i++) { - status |= (hmac[i] ^ (Z_STRVAL(expected_hmac))[i]); - } + if (expected_hmac) { + for (uint8_t i = 0; i < 64; i++) { + status |= (hmac[i] ^ (ZSTR_VAL(expected_hmac))[i]); + } + } else { status = 1; } if (0 == status) { if ((orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("unserialize")))) { -- cgit v1.3 From 0462573a7678468b19bc4865c75f7b82dbedbe03 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 19 Nov 2021 16:47:08 +0100 Subject: added old php version check --- src/php_snuffleupagus.h | 1 + src/snuffleupagus.c | 13 +++++++++++++ src/sp_config.h | 1 + src/sp_config_keywords.c | 3 ++- .../config/broken_conf_enable_disable2.ini | 1 + .../broken_conf_enable_disable2.phpt | 5 ----- 6 files changed, 18 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 03c9bb6..8fcbd58 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -127,6 +127,7 @@ bool config_server_encode; bool config_server_strip; zend_string *config_encryption_key; zend_string *config_cookies_env_var; +bool config_show_old_php_warning; HashTable *config_disabled_functions; HashTable *config_disabled_functions_hooked; diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index c96a911..e3ecd72 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -276,6 +276,9 @@ static PHP_INI_MH(OnUpdateConfiguration) { return FAILURE; } + // set some defaults + SPCFG(show_old_php_warning) = true; + char *str = new_value->val; while (1) { @@ -365,6 +368,16 @@ static PHP_INI_MH(OnUpdateConfiguration) { (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions))) || (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions_ret))); + if (SPCFG(show_old_php_warning)) { + time_t ts = time(NULL); + sp_log_debug("foo"); + if (PHP_VERSION_ID < 70300 || + PHP_VERSION_ID < 70400 && ts >= (time_t)1638745200L || + PHP_VERSION_ID < 80000 && ts >= (time_t)1669590000L || + PHP_VERSION_ID < 80100 && ts >= (time_t)1700953200L) { + sp_log_warn("End-of-Life Check", "Your PHP version '" PHP_VERSION "' is not officially mainained anymore. Please upgrade as soon as possible."); + } + } return SUCCESS; } diff --git a/src/sp_config.h b/src/sp_config.h index a557105..1a891c1 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -262,6 +262,7 @@ typedef struct { #define SP_TOKEN_SERVER_STRIP "server_strip" #define SP_TOKEN_SID_MIN_LENGTH "sid_min_length" #define SP_TOKEN_SID_MAX_LENGTH "sid_max_length" +#define SP_TOKEN_SHOW_OLD_PHP_WARNING "show_old_php_warning" // upload_validator #define SP_TOKEN_UPLOAD_SCRIPT "script" diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index cf44ed9..cbe4966 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -1,7 +1,7 @@ #include "php_snuffleupagus.h" #define SP_SET_ENABLE_DISABLE(enable, disable, varname) \ - if (((varname) || enable) && disable) { \ + if (enable && disable) { \ sp_log_err("config", "A rule can't be enabled and disabled on line %zu", parsed_rule->lineno); \ return SP_PARSER_ERROR; \ } \ @@ -133,6 +133,7 @@ SP_PARSE_FN(parse_global) { {parse_ulong, SP_TOKEN_MAX_EXECUTION_DEPTH, &(SPCFG(max_execution_depth))}, {parse_enable, SP_TOKEN_SERVER_ENCODE, &(SPCFG(server_encode))}, {parse_enable, SP_TOKEN_SERVER_STRIP, &(SPCFG(server_strip))}, + {parse_enable, SP_TOKEN_SHOW_OLD_PHP_WARNING, &(SPCFG(show_old_php_warning))}, {0, 0, 0}}; SP_PROCESS_CONFIG_KEYWORDS_ERR(); diff --git a/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini b/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini index 39d97cc..7ed0c16 100644 --- a/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini +++ b/src/tests/broken_configuration/config/broken_conf_enable_disable2.ini @@ -1,2 +1,3 @@ sp.global_strict.enable(); sp.global_strict.disable(); +;; this is actually not recognised as broken, as there is no internal third state for 'unset' diff --git a/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt b/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt index efe5538..2446663 100644 --- a/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt +++ b/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt @@ -7,8 +7,3 @@ Global strict mode sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable2.ini --FILE-- --EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 2 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. -- cgit v1.3 From e22065c7ba31d000e93f57dce8a2caae50375d5e Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 30 Nov 2021 12:57:06 +0100 Subject: php 8.1 compatibility --- .gitignore | 5 +++++ src/sp_php_compat.h | 9 +++++++++ 2 files changed, 14 insertions(+) (limited to 'src') diff --git a/.gitignore b/.gitignore index 8fcb297..e4986e9 100644 --- a/.gitignore +++ b/.gitignore @@ -19,6 +19,10 @@ src/tests/*/*.log src/tests/*/*.out src/tests/*/*.sh src/tests/*/*.php +src/tests/*/phpt.* + +.vscode/ + # generated by re2c or copied from cached version src/sp_config_scanner.c # Files generated by phpize, configure and make @@ -47,4 +51,5 @@ src/Makefile.objects src/missing src/mkinstalldirs src/run-tests.php +src/*.dep doc/build/ diff --git a/src/sp_php_compat.h b/src/sp_php_compat.h index d1102a8..04914b4 100644 --- a/src/sp_php_compat.h +++ b/src/sp_php_compat.h @@ -100,6 +100,7 @@ static zend_always_inline void zend_string_efree(zend_string *s) #endif // copied from PHP 8.0.11 sources, ext/hash/hash.c +// slightly modified for PHP 8.1 compatibility static inline void php_hash_string_xor_char(unsigned char *out, const unsigned char *in, const unsigned char xor_with, const size_t length) { size_t i; @@ -112,7 +113,11 @@ static inline void php_hash_hmac_prep_key(unsigned char *K, const php_hash_ops * memset(K, 0, ops->block_size); if (key_len > ops->block_size) { /* Reduce the key first */ +#if PHP_VERSION_ID < 80100 ops->hash_init(context); +#else + ops->hash_init(context, NULL); +#endif ops->hash_update(context, key, key_len); ops->hash_final(K, context); } else { @@ -123,7 +128,11 @@ static inline void php_hash_hmac_prep_key(unsigned char *K, const php_hash_ops * } static inline void php_hash_hmac_round(unsigned char *final, const php_hash_ops *ops, void *context, const unsigned char *key, const unsigned char *data, const zend_long data_size) { +#if PHP_VERSION_ID < 80100 ops->hash_init(context); +#else + ops->hash_init(context, NULL); +#endif ops->hash_update(context, key, ops->block_size); ops->hash_update(context, data, data_size); ops->hash_final(final, context); -- cgit v1.3 From aa099cd7a4aa5e3296d39158184e301af9ef2f78 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 30 Nov 2021 13:06:53 +0100 Subject: added @log logging feature to config parser --- src/sp_config_scanner.cached.c | 783 +++++++++++++++++++++++------------------ src/sp_config_scanner.re | 35 +- src/sp_utils.h | 1 + 3 files changed, 463 insertions(+), 356 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index 90bcdbe..91144c7 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -9,7 +9,8 @@ enum YYCONDTYPE { }; -#define cs_error_log(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) +#define cs_log_error(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) +#define cs_log_info(fmt, ...) sp_log_msg("config", SP_LOG_INFO, fmt, ##__VA_ARGS__) zend_string *sp_get_arg_string(sp_parsed_keyword *kw) { if (!kw || !kw->arg) { @@ -80,11 +81,11 @@ static void str_dtor(zval *zv) { // sy_ functions and macros are helpers for the shunting yard algorithm #define sy_res_push(val) \ - if (cond_res_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + if (cond_res_i >= 100) { cs_log_error("condition too complex on line %d", lineno); goto out; } \ cond_res[cond_res_i++] = val; #define sy_res_pop() cond_res[--cond_res_i] #define sy_op_push(op) \ - if (cond_op_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + if (cond_op_i >= 100) { cs_log_error("condition too complex on line %d", lineno); goto out; } \ cond_op[cond_op_i++] = op; #define sy_op_pop() cond_op[--cond_op_i] #define sy_op_peek() cond_op[cond_op_i-1] @@ -126,7 +127,7 @@ static int sy_apply_op(char op, int a, int b) { #define SY_APPLY_OP_FROM_STACK() \ char op = sy_op_pop(); \ int unary = (op == '!'); \ - if (cond_res_i < (2 - unary)) { cs_error_log("not enough input on line %d", lineno); goto out; } \ + if (cond_res_i < (2 - unary)) { cs_log_error("not enough input on line %d", lineno); goto out; } \ int a = sy_res_pop(); \ int b = unary ? 0 : sy_res_pop(); \ int res = sy_apply_op(op, a, b); \ @@ -246,7 +247,7 @@ yy2: yy4: ++YYCURSOR; yy5: - { cs_error_log("Parser error on line %d", lineno); goto out; } + { cs_log_error("Parser error on line %d", lineno); goto out; } yy6: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { @@ -269,162 +270,249 @@ yy12: yy15: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'c') goto yy17; - if (yych == 'e') goto yy19; - goto yy5; + if (yych <= 'd') { + if (yych == 'c') goto yy17; + goto yy5; + } else { + if (yych <= 'e') goto yy19; + if (yych == 'l') goto yy20; + goto yy5; + } yy16: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy20; - if (yych == 'p') goto yy21; + if (yych == 'e') goto yy21; + if (yych == 'p') goto yy22; goto yy5; yy17: yych = *++YYCURSOR; - if (yych == 'o') goto yy23; + if (yych == 'o') goto yy24; yy18: YYCURSOR = YYMARKER; - if (yyaccept <= 1) { - if (yyaccept == 0) { - goto yy5; + if (yyaccept <= 2) { + if (yyaccept <= 1) { + if (yyaccept == 0) { + goto yy5; + } else { + yyt1 = YYCURSOR; + goto yy37; + } } else { - yyt4 = YYCURSOR; - goto yy45; + goto yy37; } } else { - goto yy45; + if (yyaccept == 3) { + yyt4 = YYCURSOR; + goto yy57; + } else { + goto yy57; + } } yy19: yych = *++YYCURSOR; - if (yych == 'n') goto yy24; + if (yych == 'n') goto yy25; goto yy18; yy20: yych = *++YYCURSOR; - if (yych == 't') goto yy25; + if (yych == 'o') goto yy26; goto yy18; yy21: - ++YYCURSOR; - { kw_i = 0; goto yyc_rule; } -yy23: yych = *++YYCURSOR; - if (yych == 'n') goto yy26; + if (yych == 't') goto yy27; goto yy18; +yy22: + ++YYCURSOR; + { kw_i = 0; goto yyc_rule; } yy24: yych = *++YYCURSOR; - if (yych == 'd') goto yy27; + if (yych == 'n') goto yy28; goto yy18; yy25: yych = *++YYCURSOR; - if (yych == '\t') goto yy28; - if (yych == ' ') goto yy28; + if (yych == 'd') goto yy29; goto yy18; yy26: yych = *++YYCURSOR; - if (yych == 'd') goto yy30; + if (yych == 'g') goto yy30; goto yy18; yy27: yych = *++YYCURSOR; - if (yych == '_') goto yy31; + if (yych == '\t') goto yy31; + if (yych == ' ') goto yy31; goto yy18; yy28: + yych = *++YYCURSOR; + if (yych == 'd') goto yy33; + goto yy18; +yy29: + yych = *++YYCURSOR; + if (yych == '_') goto yy34; + goto yy18; +yy30: + yych = *++YYCURSOR; + if (yych == '\t') goto yy35; + if (yych == ' ') goto yy35; + goto yy18; +yy31: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '\t') { if (yych <= 0x08) goto yy18; - goto yy28; + goto yy31; } else { - if (yych == ' ') goto yy28; + if (yych == ' ') goto yy31; goto yy18; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy32; + goto yy38; } if (yych <= '^') goto yy18; yyt1 = YYCURSOR; - goto yy32; + goto yy38; } else { if (yych <= '`') goto yy18; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy32; + goto yy38; } goto yy18; } } -yy30: +yy33: yych = *++YYCURSOR; - if (yych == 'i') goto yy34; + if (yych == 'i') goto yy40; goto yy18; -yy31: +yy34: yych = *++YYCURSOR; - if (yych == 'c') goto yy35; + if (yych == 'c') goto yy41; goto yy18; -yy32: +yy35: + yyaccept = 1; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= 0x1F) { + if (yych == '\t') goto yy35; + yyt1 = YYCURSOR; + } else { + if (yych <= ' ') goto yy35; + if (yych == '"') { + yyt1 = YYCURSOR; + goto yy42; + } + yyt1 = YYCURSOR; + } +yy37: + t1 = yyt1; + t2 = YYCURSOR; + { + char tmpstr[1024]; + size_t tmplen = MIN(t2-t1-2, 1023); + strncpy(tmpstr, t1+1, tmplen); + tmpstr[tmplen] = 0; + cs_log_info("[line %d]: %s", lineno, tmpstr); + goto yyc_init; + } +yy38: yych = *++YYCURSOR; if (yybm[0+yych] & 32) { - goto yy32; + goto yy38; } if (yych == '\t') { yyt2 = YYCURSOR; - goto yy36; + goto yy44; } if (yych == ' ') { yyt2 = YYCURSOR; - goto yy36; + goto yy44; } goto yy18; -yy34: +yy40: yych = *++YYCURSOR; - if (yych == 't') goto yy38; + if (yych == 't') goto yy46; goto yy18; -yy35: +yy41: yych = *++YYCURSOR; - if (yych == 'o') goto yy39; + if (yych == 'o') goto yy47; goto yy18; -yy36: +yy42: + yych = *++YYCURSOR; + if (yybm[0+yych] & 64) { + goto yy42; + } + if (yych <= '\r') goto yy18; + if (yych <= '"') goto yy48; + goto yy49; +yy44: yych = *++YYCURSOR; if (yych <= 0x1F) { - if (yych == '\t') goto yy36; + if (yych == '\t') goto yy44; goto yy18; } else { - if (yych <= ' ') goto yy36; + if (yych <= ' ') goto yy44; if (yych == '"') { yyt3 = YYCURSOR; - goto yy40; + goto yy51; } goto yy18; } -yy38: +yy46: yych = *++YYCURSOR; - if (yych == 'i') goto yy42; + if (yych == 'i') goto yy53; goto yy18; -yy39: +yy47: yych = *++YYCURSOR; - if (yych == 'n') goto yy43; + if (yych == 'n') goto yy54; goto yy18; -yy40: +yy48: + ++YYCURSOR; + goto yy37; +yy49: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy40; + goto yy42; } if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy44; - goto yy46; -yy42: + if (yych <= '"') goto yy55; + goto yy49; +yy51: + yych = *++YYCURSOR; + if (yych <= '\r') { + if (yych == '\n') goto yy18; + if (yych <= '\f') goto yy51; + goto yy18; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy51; + goto yy56; + } else { + if (yych == '\\') goto yy58; + goto yy51; + } + } +yy53: yych = *++YYCURSOR; - if (yych == 'o') goto yy48; + if (yych == 'o') goto yy60; goto yy18; -yy43: +yy54: yych = *++YYCURSOR; - if (yych == 'd') goto yy49; + if (yych == 'd') goto yy61; goto yy18; -yy44: +yy55: + yyaccept = 2; + yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy42; + } + if (yych <= '\r') goto yy37; + if (yych <= '"') goto yy48; + goto yy49; +yy56: yych = *++YYCURSOR; yyt4 = YYCURSOR; - goto yy51; -yy45: + goto yy63; +yy57: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -440,133 +528,142 @@ yy45: zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } -yy46: +yy58: yych = *++YYCURSOR; - if (yybm[0+yych] & 64) { - goto yy40; + if (yych <= '\r') { + if (yych == '\n') goto yy18; + if (yych <= '\f') goto yy51; + goto yy18; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy51; + goto yy65; + } else { + if (yych == '\\') goto yy58; + goto yy51; + } } - if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy53; - goto yy46; -yy48: +yy60: yych = *++YYCURSOR; - if (yych == 'n') goto yy54; + if (yych == 'n') goto yy66; goto yy18; -yy49: +yy61: yych = *++YYCURSOR; - if (yych == 'i') goto yy55; + if (yych == 'i') goto yy67; goto yy18; -yy50: +yy62: yych = *++YYCURSOR; -yy51: +yy63: if (yych <= 0x1F) { - if (yych == '\t') goto yy50; - goto yy45; + if (yych == '\t') goto yy62; + goto yy57; } else { - if (yych <= ' ') goto yy50; - if (yych != ';') goto yy45; + if (yych <= ' ') goto yy62; + if (yych != ';') goto yy57; } ++YYCURSOR; - goto yy45; -yy53: - yyaccept = 1; + goto yy57; +yy65: + yyaccept = 3; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 128) { - goto yy46; - } - if (yych <= 0x1F) { + if (yych <= ' ') { if (yych <= '\n') { - if (yych <= 0x08) goto yy40; + if (yych <= 0x08) goto yy51; if (yych <= '\t') { yyt4 = YYCURSOR; - goto yy56; + goto yy68; } yyt4 = YYCURSOR; - goto yy45; + goto yy57; } else { if (yych == '\r') { yyt4 = YYCURSOR; - goto yy45; + goto yy57; } - goto yy40; + if (yych <= 0x1F) goto yy51; + yyt4 = YYCURSOR; + goto yy68; } } else { - if (yych <= '"') { - if (yych <= ' ') { - yyt4 = YYCURSOR; - goto yy56; - } - if (yych <= '!') goto yy40; - goto yy44; + if (yych <= ':') { + if (yych == '"') goto yy56; + goto yy51; } else { - if (yych == ';') { + if (yych <= ';') { yyt4 = YYCURSOR; - goto yy58; + goto yy70; } - goto yy40; + if (yych == '\\') goto yy58; + goto yy51; } } -yy54: +yy66: yych = *++YYCURSOR; - if (yych == '\t') goto yy59; - if (yych == ' ') goto yy59; + if (yych == '\t') goto yy71; + if (yych == ' ') goto yy71; goto yy18; -yy55: +yy67: yych = *++YYCURSOR; - if (yych == 't') goto yy62; + if (yych == 't') goto yy74; goto yy18; -yy56: - yyaccept = 2; +yy68: + yyaccept = 4; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 128) { - goto yy46; - } - if (yych <= 0x1F) { + if (yych <= ' ') { if (yych <= '\n') { - if (yych <= 0x08) goto yy40; - if (yych <= '\t') goto yy56; - goto yy45; + if (yych <= 0x08) goto yy51; + if (yych <= '\t') goto yy68; + goto yy57; } else { - if (yych == '\r') goto yy45; - goto yy40; + if (yych == '\r') goto yy57; + if (yych <= 0x1F) goto yy51; + goto yy68; } } else { - if (yych <= '"') { - if (yych <= ' ') goto yy56; - if (yych <= '!') goto yy40; - goto yy44; + if (yych <= ':') { + if (yych == '"') goto yy56; + goto yy51; } else { - if (yych != ';') goto yy40; + if (yych <= ';') goto yy70; + if (yych == '\\') goto yy58; + goto yy51; } } -yy58: - yyaccept = 2; +yy70: + yyaccept = 4; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 64) { - goto yy40; + if (yych <= '\r') { + if (yych == '\n') goto yy57; + if (yych <= '\f') goto yy51; + goto yy57; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy51; + goto yy56; + } else { + if (yych == '\\') goto yy58; + goto yy51; + } } - if (yych <= '\r') goto yy45; - if (yych <= '"') goto yy44; - goto yy46; -yy59: +yy71: yych = *++YYCURSOR; - if (yych == '\t') goto yy59; - if (yych == ' ') goto yy59; + if (yych == '\t') goto yy71; + if (yych == ' ') goto yy71; { goto yyc_cond; } -yy62: +yy74: yych = *++YYCURSOR; if (yych != 'i') goto yy18; yych = *++YYCURSOR; if (yych != 'o') goto yy18; yych = *++YYCURSOR; if (yych != 'n') goto yy18; -yy65: +yy77: yych = *++YYCURSOR; if (yych <= 0x1F) { - if (yych == '\t') goto yy65; + if (yych == '\t') goto yy77; goto yy18; } else { - if (yych <= ' ') goto yy65; + if (yych <= ' ') goto yy77; if (yych != ';') goto yy18; } ++YYCURSOR; @@ -611,124 +708,124 @@ yyc_cond: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy73; + goto yy85; } if (yych <= '(') { if (yych <= '\r') { - if (yych <= 0x08) goto yy71; - if (yych <= '\n') goto yy76; - if (yych >= '\r') goto yy78; + if (yych <= 0x08) goto yy83; + if (yych <= '\n') goto yy88; + if (yych >= '\r') goto yy90; } else { - if (yych <= 0x1F) goto yy71; - if (yych <= '!') goto yy79; - if (yych >= '(') goto yy81; + if (yych <= 0x1F) goto yy83; + if (yych <= '!') goto yy91; + if (yych >= '(') goto yy93; } } else { if (yych <= 'Z') { - if (yych <= '/') goto yy71; + if (yych <= '/') goto yy83; if (yych <= '9') { yyt1 = YYCURSOR; - goto yy83; + goto yy95; } if (yych >= 'A') { yyt1 = YYCURSOR; - goto yy86; + goto yy98; } } else { if (yych <= '_') { if (yych >= '_') { yyt1 = YYCURSOR; - goto yy86; + goto yy98; } } else { - if (yych <= '`') goto yy71; + if (yych <= '`') goto yy83; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy86; + goto yy98; } } } } -yy71: +yy83: ++YYCURSOR; -yy72: - { cs_error_log("Syntax error in condition on line %d", lineno); goto out; } -yy73: +yy84: + { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } +yy85: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy73; + goto yy85; } { goto yyc_cond; } -yy76: +yy88: ++YYCURSOR; { lineno++; goto yyc_cond; } -yy78: +yy90: yych = *++YYCURSOR; - if (yych == '\n') goto yy76; - goto yy72; -yy79: + if (yych == '\n') goto yy88; + goto yy84; +yy91: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy81: +yy93: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy83: +yy95: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy83; + goto yy95; } t1 = yyt1; t2 = YYCURSOR; { sy_res_push(atoi(t1)); goto yyc_cond_op; } -yy86: +yy98: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy86; + goto yy98; } - if (yych == '(') goto yy89; -yy88: + if (yych == '(') goto yy101; +yy100: t1 = yyt1; t2 = YYCURSOR; { zend_string *tmp = zend_hash_str_find_ptr(&vars, t1, t2-t1); if (!tmp) { - cs_error_log("unknown variable in condition on line %d", lineno); + cs_log_error("unknown variable in condition on line %d", lineno); goto out; } sy_res_push(atoi(ZSTR_VAL(tmp))); goto yyc_cond_op; } -yy89: +yy101: yych = *++YYCURSOR; if (yych == '"') { yyt2 = YYCURSOR; - goto yy91; + goto yy103; } if (yych == ')') { yyt2 = YYCURSOR; - goto yy93; + goto yy105; } -yy90: +yy102: YYCURSOR = YYMARKER; if (yyaccept == 0) { - goto yy88; + goto yy100; } else { - goto yy94; + goto yy106; } -yy91: +yy103: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy91; + goto yy103; } - if (yych <= '\r') goto yy90; - if (yych <= '"') goto yy95; - goto yy96; -yy93: + if (yych <= '\r') goto yy102; + if (yych <= '"') goto yy107; + goto yy108; +yy105: ++YYCURSOR; -yy94: +yy106: t1 = yyt1; t3 = yyt2; t2 = yyt2 - 1; @@ -738,46 +835,46 @@ yy94: int is_loaded = (zend_hash_str_find_ptr(&module_registry, t3+1, t4-t3-2) != NULL); sy_res_push(is_loaded); } else { - cs_error_log("unknown function in condition on line %d", lineno); + cs_log_error("unknown function in condition on line %d", lineno); goto out; } goto yyc_cond_op; } -yy95: +yy107: yych = *++YYCURSOR; - if (yych == ')') goto yy93; - goto yy90; -yy96: + if (yych == ')') goto yy105; + goto yy102; +yy108: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy91; + goto yy103; } - if (yych <= '\r') goto yy90; - if (yych >= '#') goto yy96; + if (yych <= '\r') goto yy102; + if (yych >= '#') goto yy108; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy96; + goto yy108; } if (yych <= '\r') { - if (yych == '\n') goto yy90; - if (yych <= '\f') goto yy91; - goto yy90; + if (yych == '\n') goto yy102; + if (yych <= '\f') goto yy103; + goto yy102; } else { if (yych <= '"') { - if (yych <= '!') goto yy91; - goto yy95; + if (yych <= '!') goto yy103; + goto yy107; } else { - if (yych != ')') goto yy91; + if (yych != ')') goto yy103; } } yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy91; + goto yy103; } - if (yych <= '\r') goto yy94; - if (yych <= '"') goto yy95; - goto yy96; + if (yych <= '\r') goto yy106; + if (yych <= '"') goto yy107; + goto yy108; } /* *********************************** */ yyc_cond_op: @@ -818,88 +915,88 @@ yyc_cond_op: }; yych = *YYCURSOR; if (yybm[0+yych] & 128) { - goto yy104; + goto yy116; } if (yych <= ')') { if (yych <= '\r') { - if (yych <= 0x08) goto yy102; - if (yych <= '\n') goto yy107; - if (yych >= '\r') goto yy109; + if (yych <= 0x08) goto yy114; + if (yych <= '\n') goto yy119; + if (yych >= '\r') goto yy121; } else { if (yych == '&') { yyt1 = YYCURSOR; - goto yy110; + goto yy122; } - if (yych >= ')') goto yy111; + if (yych >= ')') goto yy123; } } else { if (yych <= '=') { - if (yych <= ':') goto yy102; - if (yych <= ';') goto yy113; + if (yych <= ':') goto yy114; + if (yych <= ';') goto yy125; if (yych <= '<') { yyt1 = YYCURSOR; - goto yy115; + goto yy127; } yyt1 = YYCURSOR; - goto yy117; + goto yy129; } else { if (yych <= '>') { yyt1 = YYCURSOR; - goto yy115; + goto yy127; } if (yych == '|') { yyt1 = YYCURSOR; - goto yy118; + goto yy130; } } } -yy102: +yy114: ++YYCURSOR; -yy103: - { cs_error_log("Syntax error in condition on line %d", lineno); goto out; } -yy104: +yy115: + { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } +yy116: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy104; + goto yy116; } { goto yyc_cond_op; } -yy107: +yy119: ++YYCURSOR; { lineno++; goto yyc_cond_op; } -yy109: +yy121: yych = *++YYCURSOR; - if (yych == '\n') goto yy107; - goto yy103; -yy110: + if (yych == '\n') goto yy119; + goto yy115; +yy122: yych = *++YYCURSOR; - if (yych == '&') goto yy119; - goto yy103; -yy111: + if (yych == '&') goto yy131; + goto yy115; +yy123: ++YYCURSOR; { while (cond_op_i && sy_op_peek() != '(') { SY_APPLY_OP_FROM_STACK(); } if (cond_op_i == 0 || sy_op_peek() != '(') { - cs_error_log("unbalanced parathesis on line %d", lineno); goto out; + cs_log_error("unbalanced parathesis on line %d", lineno); goto out; } cond_op_i--; goto yyc_cond_op; } -yy113: +yy125: ++YYCURSOR; { while (cond_op_i) { - if (sy_op_peek() == '(') { cs_error_log("unbalanced parathesis on line %d", lineno); goto out; } + if (sy_op_peek() == '(') { cs_log_error("unbalanced parathesis on line %d", lineno); goto out; } SY_APPLY_OP_FROM_STACK(); } - if (cond_res_i > 1) { cs_error_log("invalid condition on line %d", lineno); goto out; } + if (cond_res_i > 1) { cs_log_error("invalid condition on line %d", lineno); goto out; } goto yyc_init; } -yy115: +yy127: yych = *++YYCURSOR; - if (yych == '=') goto yy119; -yy116: + if (yych == '=') goto yy131; +yy128: t1 = yyt1; t2 = YYCURSOR; { @@ -916,16 +1013,16 @@ yy116: sy_op_push(*t1); goto yyc_cond; } -yy117: +yy129: yych = *++YYCURSOR; - if (yych == '=') goto yy119; - goto yy103; -yy118: + if (yych == '=') goto yy131; + goto yy115; +yy130: yych = *++YYCURSOR; - if (yych != '|') goto yy103; -yy119: + if (yych != '|') goto yy115; +yy131: ++YYCURSOR; - goto yy116; + goto yy128; } /* *********************************** */ yyc_rule: @@ -966,77 +1063,77 @@ yyc_rule: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy124; + goto yy136; } if (yych <= '\r') { - if (yych <= 0x08) goto yy122; - if (yych <= '\n') goto yy127; - if (yych >= '\r') goto yy128; + if (yych <= 0x08) goto yy134; + if (yych <= '\n') goto yy139; + if (yych >= '\r') goto yy140; } else { if (yych <= '.') { - if (yych >= '.') goto yy129; + if (yych >= '.') goto yy141; } else { - if (yych == ';') goto yy130; + if (yych == ';') goto yy142; } } -yy122: +yy134: ++YYCURSOR; -yy123: +yy135: { goto end_of_rule; } -yy124: +yy136: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy124; + goto yy136; } { goto yyc_rule; } -yy127: +yy139: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych <= 0x08) goto yy123; + if (yych <= 0x08) goto yy135; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy132; + goto yy144; } - if (yych <= '\f') goto yy123; + if (yych <= '\f') goto yy135; yyt1 = YYCURSOR; - goto yy135; + goto yy147; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy123; + if (yych <= 0x1F) goto yy135; yyt1 = YYCURSOR; - goto yy132; + goto yy144; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy136; + goto yy148; } - goto yy123; + goto yy135; } } -yy128: +yy140: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '\n') goto yy138; - goto yy123; -yy129: + if (yych == '\n') goto yy150; + goto yy135; +yy141: yych = *++YYCURSOR; if (yych <= '^') { - if (yych <= '@') goto yy123; + if (yych <= '@') goto yy135; if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy139; + goto yy151; } - goto yy123; + goto yy135; } else { - if (yych == '`') goto yy123; + if (yych == '`') goto yy135; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy139; + goto yy151; } - goto yy123; + goto yy135; } -yy130: +yy142: ++YYCURSOR; { end_of_rule: @@ -1047,71 +1144,71 @@ yy130: } goto yyc_init; } -yy132: +yy144: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy132; + goto yy144; } - if (yych == '\r') goto yy135; - if (yych == '.') goto yy136; -yy134: + if (yych == '\r') goto yy147; + if (yych == '.') goto yy148; +yy146: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { - goto yy123; + goto yy135; } else { yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; - goto yy141; + goto yy153; } } else { - goto yy141; + goto yy153; } -yy135: +yy147: yych = *++YYCURSOR; - if (yych == '\n') goto yy132; - goto yy134; -yy136: + if (yych == '\n') goto yy144; + goto yy146; +yy148: ++YYCURSOR; YYCURSOR = yyt1; { lineno++; goto yyc_rule; } -yy138: +yy150: yych = *++YYCURSOR; if (yych <= '\r') { - if (yych <= 0x08) goto yy134; + if (yych <= 0x08) goto yy146; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy132; + goto yy144; } - if (yych <= '\f') goto yy134; + if (yych <= '\f') goto yy146; yyt1 = YYCURSOR; - goto yy135; + goto yy147; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy134; + if (yych <= 0x1F) goto yy146; yyt1 = YYCURSOR; - goto yy132; + goto yy144; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy136; + goto yy148; } - goto yy134; + goto yy146; } } -yy139: +yy151: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy139; + goto yy151; } if (yych == '(') { yyt2 = YYCURSOR; - goto yy142; + goto yy154; } yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; -yy141: +yy153: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -1119,7 +1216,7 @@ yy141: { if (!cond_res[0]) { goto yyc_rule; } if (kw_i == max_keywords) { - cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); + cs_log_error("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); goto out; } sp_parsed_keyword kw = {.kw = (char*)t1, .kwlen = t2-t1, .arg = (char*)t3, .arglen = t4-t3, .argtype = SP_ARGTYPE_UNKNOWN, .lineno = lineno}; @@ -1133,7 +1230,7 @@ yy141: } else { zend_string *tmp = zend_hash_str_find_ptr(&vars, t3, t4-t3); if (!tmp) { - cs_error_log("unknown variable on line %d", lineno); + cs_log_error("unknown variable on line %d", lineno); goto out; } kw.arg = ZSTR_VAL(tmp); @@ -1146,110 +1243,110 @@ yy141: parsed_rule[kw_i++] = kw; goto yyc_rule; } -yy142: +yy154: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '"') { - if (yych <= '!') goto yy134; + if (yych <= '!') goto yy146; yyt3 = YYCURSOR; } else { if (yych == ')') { yyt3 = yyt4 = YYCURSOR; - goto yy145; + goto yy157; } - goto yy134; + goto yy146; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt3 = YYCURSOR; - goto yy146; + goto yy158; } - if (yych <= '^') goto yy134; + if (yych <= '^') goto yy146; yyt3 = YYCURSOR; - goto yy146; + goto yy158; } else { - if (yych <= '`') goto yy134; + if (yych <= '`') goto yy146; if (yych <= 'z') { yyt3 = YYCURSOR; - goto yy146; + goto yy158; } - goto yy134; + goto yy146; } } -yy143: +yy155: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy143; + goto yy155; } - if (yych <= '\r') goto yy134; - if (yych <= '"') goto yy148; - goto yy149; -yy145: + if (yych <= '\r') goto yy146; + if (yych <= '"') goto yy160; + goto yy161; +yy157: ++YYCURSOR; - goto yy141; -yy146: + goto yy153; +yy158: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= ')') { - if (yych <= '(') goto yy134; + if (yych <= '(') goto yy146; yyt4 = YYCURSOR; - goto yy145; + goto yy157; } else { - if (yych <= '/') goto yy134; - if (yych <= '9') goto yy146; - goto yy134; + if (yych <= '/') goto yy146; + if (yych <= '9') goto yy158; + goto yy146; } } else { if (yych <= '_') { - if (yych <= 'Z') goto yy146; - if (yych <= '^') goto yy134; - goto yy146; + if (yych <= 'Z') goto yy158; + if (yych <= '^') goto yy146; + goto yy158; } else { - if (yych <= '`') goto yy134; - if (yych <= 'z') goto yy146; - goto yy134; + if (yych <= '`') goto yy146; + if (yych <= 'z') goto yy158; + goto yy146; } } -yy148: +yy160: yych = *++YYCURSOR; if (yych == ')') { yyt4 = YYCURSOR; - goto yy145; + goto yy157; } - goto yy134; -yy149: + goto yy146; +yy161: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy143; + goto yy155; } - if (yych <= '\r') goto yy134; - if (yych >= '#') goto yy149; + if (yych <= '\r') goto yy146; + if (yych >= '#') goto yy161; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy149; + goto yy161; } if (yych <= '\r') { - if (yych == '\n') goto yy134; - if (yych <= '\f') goto yy143; - goto yy134; + if (yych == '\n') goto yy146; + if (yych <= '\f') goto yy155; + goto yy146; } else { if (yych <= '"') { - if (yych <= '!') goto yy143; - goto yy148; + if (yych <= '!') goto yy155; + goto yy160; } else { - if (yych != ')') goto yy143; + if (yych != ')') goto yy155; yyt4 = YYCURSOR; } } yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy143; + goto yy155; } - if (yych <= '\r') goto yy141; - if (yych <= '"') goto yy148; - goto yy149; + if (yych <= '\r') goto yy153; + if (yych <= '"') goto yy160; + goto yy161; } } diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index 75e0424..063d332 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -2,7 +2,8 @@ /*!types:re2c*/ -#define cs_error_log(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) +#define cs_log_error(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) +#define cs_log_info(fmt, ...) sp_log_msg("config", SP_LOG_INFO, fmt, ##__VA_ARGS__) zend_string *sp_get_arg_string(sp_parsed_keyword *kw) { if (!kw || !kw->arg) { @@ -73,11 +74,11 @@ static void str_dtor(zval *zv) { // sy_ functions and macros are helpers for the shunting yard algorithm #define sy_res_push(val) \ - if (cond_res_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + if (cond_res_i >= 100) { cs_log_error("condition too complex on line %d", lineno); goto out; } \ cond_res[cond_res_i++] = val; #define sy_res_pop() cond_res[--cond_res_i] #define sy_op_push(op) \ - if (cond_op_i >= 100) { cs_error_log("condition too complex on line %d", lineno); goto out; } \ + if (cond_op_i >= 100) { cs_log_error("condition too complex on line %d", lineno); goto out; } \ cond_op[cond_op_i++] = op; #define sy_op_pop() cond_op[--cond_op_i] #define sy_op_peek() cond_op[cond_op_i-1] @@ -119,7 +120,7 @@ static int sy_apply_op(char op, int a, int b) { #define SY_APPLY_OP_FROM_STACK() \ char op = sy_op_pop(); \ int unary = (op == '!'); \ - if (cond_res_i < (2 - unary)) { cs_error_log("not enough input on line %d", lineno); goto out; } \ + if (cond_res_i < (2 - unary)) { cs_log_error("not enough input on line %d", lineno); goto out; } \ int a = sy_res_pop(); \ int b = unary ? 0 : sy_res_pop(); \ int res = sy_apply_op(op, a, b); \ @@ -166,7 +167,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key keyword = [a-zA-Z_][a-zA-Z0-9_]*; string = "\"" ("\\\"" | [^"\r\n])* "\""; - * { cs_error_log("Parser error on line %d", lineno); goto out; } + * { cs_log_error("Parser error on line %d", lineno); goto out; } ws+ { goto yyc_init; } [;#] .* { goto yyc_init; } nl { lineno++; goto yyc_init; } @@ -185,6 +186,14 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key } "@condition" ws+ { goto yyc_cond; } "@end_condition" ws* ";" { cond_res[0] = 1; goto yyc_init; } + "@log" ws+ @t1 string? @t2 { + char tmpstr[1024]; + size_t tmplen = MIN(t2-t1-2, 1023); + strncpy(tmpstr, t1+1, tmplen); + tmpstr[tmplen] = 0; + cs_log_info("[line %d]: %s", lineno, tmpstr); + goto yyc_init; + } ws+ { goto yyc_cond; } nl { lineno++; goto yyc_cond; } @@ -193,7 +202,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key int is_loaded = (zend_hash_str_find_ptr(&module_registry, t3+1, t4-t3-2) != NULL); sy_res_push(is_loaded); } else { - cs_error_log("unknown function in condition on line %d", lineno); + cs_log_error("unknown function in condition on line %d", lineno); goto out; } goto yyc_cond_op; @@ -201,7 +210,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key @t1 keyword @t2 { zend_string *tmp = zend_hash_str_find_ptr(&vars, t1, t2-t1); if (!tmp) { - cs_error_log("unknown variable in condition on line %d", lineno); + cs_log_error("unknown variable in condition on line %d", lineno); goto out; } sy_res_push(atoi(ZSTR_VAL(tmp))); @@ -231,27 +240,27 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key SY_APPLY_OP_FROM_STACK(); } if (cond_op_i == 0 || sy_op_peek() != '(') { - cs_error_log("unbalanced parathesis on line %d", lineno); goto out; + cs_log_error("unbalanced parathesis on line %d", lineno); goto out; } cond_op_i--; goto yyc_cond_op; } ";" { while (cond_op_i) { - if (sy_op_peek() == '(') { cs_error_log("unbalanced parathesis on line %d", lineno); goto out; } + if (sy_op_peek() == '(') { cs_log_error("unbalanced parathesis on line %d", lineno); goto out; } SY_APPLY_OP_FROM_STACK(); } - if (cond_res_i > 1) { cs_error_log("invalid condition on line %d", lineno); goto out; } + if (cond_res_i > 1) { cs_log_error("invalid condition on line %d", lineno); goto out; } goto yyc_init; } - * { cs_error_log("Syntax error in condition on line %d", lineno); goto out; } + * { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } ws+ { goto yyc_rule; } nl / ( nl | ws )* "." { lineno++; goto yyc_rule; } "." @t1 keyword @t2 ( "(" @t3 ( string? | keyword ) @t4 ")" )? { if (!cond_res[0]) { goto yyc_rule; } if (kw_i == max_keywords) { - cs_error_log("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); + cs_log_error("Too many keywords in rule (more than %d) on line %d", max_keywords, lineno); goto out; } sp_parsed_keyword kw = {.kw = (char*)t1, .kwlen = t2-t1, .arg = (char*)t3, .arglen = t4-t3, .argtype = SP_ARGTYPE_UNKNOWN, .lineno = lineno}; @@ -265,7 +274,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key } else { zend_string *tmp = zend_hash_str_find_ptr(&vars, t3, t4-t3); if (!tmp) { - cs_error_log("unknown variable on line %d", lineno); + cs_log_error("unknown variable on line %d", lineno); goto out; } kw.arg = ZSTR_VAL(tmp); diff --git a/src/sp_utils.h b/src/sp_utils.h index 27c8bfa..a4694f2 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -33,6 +33,7 @@ #define SP_TYPE_SIMULATION (2) #define SP_LOG_DEBUG E_NOTICE +#define SP_LOG_INFO E_NOTICE #define SP_LOG_ERROR E_ERROR #define SP_LOG_WARN E_WARNING -- cgit v1.3 From 49bc961d012c26ea7a26e6a3a2a6a989a8870a99 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 30 Nov 2021 19:35:40 +0100 Subject: fixed crash when parsing arguments with PHP 8.1 --- src/sp_wrapper.c | 12 +++++------- 1 file changed, 5 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/sp_wrapper.c b/src/sp_wrapper.c index 1538e33..9eb5cbc 100644 --- a/src/sp_wrapper.c +++ b/src/sp_wrapper.c @@ -44,14 +44,12 @@ void sp_disable_wrapper() { PHP_FUNCTION(sp_stream_wrapper_register) { zif_handler orig_handler; zend_string *protocol_name = NULL; + zval *params = NULL; + uint32_t param_count = 0; - // LCOV_EXCL_BR_START - ZEND_PARSE_PARAMETERS_START_EX(ZEND_PARSE_PARAMS_QUIET, 2, EX_NUM_ARGS()); - Z_PARAM_STR(protocol_name); - ZEND_PARSE_PARAMETERS_END_EX((void)0); - // LCOV_EXCL_BR_END - - if (wrapper_is_whitelisted(protocol_name)) { + zend_parse_parameters_ex(ZEND_PARSE_PARAMS_QUIET, ZEND_NUM_ARGS(), "S*", &protocol_name, ¶ms, ¶m_count); + // ignore proper arguments here and just let the original handler deal with it + if (!protocol_name || wrapper_is_whitelisted(protocol_name)) { orig_handler = zend_hash_str_find_ptr(SPG(sp_internal_functions_hook), ZEND_STRL("stream_wrapper_register")); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } -- cgit v1.3 From a870b1547fceb5f58d56f1a1646ab1e897d28238 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 30 Nov 2021 19:36:29 +0100 Subject: clarify control flow --- src/sp_utils.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) (limited to 'src') diff --git a/src/sp_utils.c b/src/sp_utils.c index 2f0f565..b53ddcb 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -269,10 +269,8 @@ bool sp_match_value(const zend_string* value, const zend_string* to_match, bool ret = sp_is_regexp_matching(rx, tmp); efree(tmp); return ret; - } else { - return true; } - return false; + return true; } void sp_log_disable(const char* restrict path, const char* restrict arg_name, -- cgit v1.3 From 6095651e2caa729ff56ae5a53c908b09e5f7dc29 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 30 Nov 2021 19:38:34 +0100 Subject: PHP 8.1 compatibility with streams/includes + fix for ticks --- src/snuffleupagus.c | 1 - src/sp_disabled_functions.c | 12 +++----- src/sp_execute.c | 40 ++++++++++++++++++++------ src/tests/ini/config/sp-policy-drop.ini | 2 +- src/tests/ini/config/sp-policy-silent-fail.ini | 2 +- src/tests/ini/config/sp.ini | 3 +- src/tests/ini/ini_min_policy_drop.phpt | 4 +-- src/tests/ini/ini_min_policy_silent_fail.phpt | 4 +-- src/tests/ini/ini_minmax.phpt | 24 ++++++++-------- 9 files changed, 55 insertions(+), 37 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index e3ecd72..01a0b01 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -370,7 +370,6 @@ static PHP_INI_MH(OnUpdateConfiguration) { if (SPCFG(show_old_php_warning)) { time_t ts = time(NULL); - sp_log_debug("foo"); if (PHP_VERSION_ID < 70300 || PHP_VERSION_ID < 70400 && ts >= (time_t)1638745200L || PHP_VERSION_ID < 80000 && ts >= (time_t)1669590000L || diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 4ef72bf..a3b3e99 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -498,11 +498,9 @@ static int hook_functions_regexp(const sp_list_node* config) { assert(function_name || function_name_regexp); if (function_name) { - HOOK_FUNCTION(ZSTR_VAL(function_name), disabled_functions_hook, - PHP_FN(check_disabled_function)); + HOOK_FUNCTION(ZSTR_VAL(function_name), disabled_functions_hook, PHP_FN(check_disabled_function)); } else { - HOOK_FUNCTION_BY_REGEXP(function_name_regexp, disabled_functions_hook, - PHP_FN(check_disabled_function)); + HOOK_FUNCTION_BY_REGEXP(function_name_regexp, disabled_functions_hook, PHP_FN(check_disabled_function)); } config = config->next; @@ -515,10 +513,8 @@ static void hook_functions(HashTable* to_hook_ht, HashTable* hooked_ht) { zval* value; ZEND_HASH_FOREACH_STR_KEY_VAL(to_hook_ht, key, value) { - bool hooked = HOOK_FUNCTION(ZSTR_VAL(key), disabled_functions_hook, - PHP_FN(check_disabled_function)); - bool is_builtin = - check_is_builtin_name(((sp_list_node*)Z_PTR_P(value))->data); + bool hooked = HOOK_FUNCTION(ZSTR_VAL(key), disabled_functions_hook, PHP_FN(check_disabled_function)); + bool is_builtin = check_is_builtin_name(((sp_list_node*)Z_PTR_P(value))->data); if (hooked || is_builtin) { zend_symtable_add_new(hooked_ht, key, value); zend_hash_del(to_hook_ht, key); diff --git a/src/sp_execute.c b/src/sp_execute.c index ccb7508..f540119 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -3,8 +3,11 @@ static void (*orig_execute_ex)(zend_execute_data *execute_data) = NULL; static void (*orig_zend_execute_internal)(zend_execute_data *execute_data, zval *return_value) = NULL; -static int (*orig_zend_stream_open)(const char *filename, - zend_file_handle *handle) = NULL; +#if PHP_VERSION_ID < 80100 +static int (*orig_zend_stream_open)(const char *filename, zend_file_handle *handle) = NULL; +#else +static zend_result (*orig_zend_stream_open)(zend_file_handle *handle) = NULL; +#endif // FIXME handle symlink ZEND_COLD static inline void terminate_if_writable(const char *filename) { @@ -168,6 +171,7 @@ static void sp_execute_ex(zend_execute_data *execute_data) { case ZEND_DO_FCALL_BY_NAME: case ZEND_DO_ICALL: case ZEND_DO_UCALL: + case ZEND_TICKS: should_disable_ht(execute_data, function_name, NULL, NULL, config_disabled_functions_reg, config_disabled_functions); @@ -209,21 +213,21 @@ static void sp_zend_execute_internal(INTERNAL_FUNCTION_PARAMETERS) { } } -static int sp_stream_open(const char *filename, zend_file_handle *handle) { +static inline void sp_stream_open_checks(zend_string *zend_filename, zend_file_handle *handle) { zend_execute_data const *const data = EG(current_execute_data); if ((NULL == data) || (NULL == data->opline) || (data->func->type != ZEND_USER_FUNCTION)) { - goto end; + return; } - zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0); + // zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0); const HashTable *disabled_functions_hooked = SPCFG(disabled_functions_hooked); switch (data->opline->opcode) { case ZEND_INCLUDE_OR_EVAL: if (SPCFG(readonly_exec).enable) { - terminate_if_writable(filename); + terminate_if_writable(ZSTR_VAL(zend_filename)); } switch (data->opline->extended_value) { case ZEND_INCLUDE: @@ -253,12 +257,32 @@ static int sp_stream_open(const char *filename, zend_file_handle *handle) { EMPTY_SWITCH_DEFAULT_CASE(); // LCOV_EXCL_LINE } } - efree(zend_filename); + // efree(zend_filename); + +// end: + // return orig_zend_stream_open(filename, handle); +} + +#if PHP_VERSION_ID < 80100 + +static int sp_stream_open(const char *filename, zend_file_handle *handle) { + zend_string *zend_filename = zend_string_init(filename, strlen(filename), 0); -end: + sp_stream_open_checks(zend_filename, handle); + + zend_string_release_ex(zend_filename, 0); return orig_zend_stream_open(filename, handle); } +#else // PHP >= 8.1 + +static zend_result sp_stream_open(zend_file_handle *handle) { + sp_stream_open_checks(handle->filename, handle); + return orig_zend_stream_open(handle); +} + +#endif + int hook_execute(void) { TSRMLS_FETCH(); diff --git a/src/tests/ini/config/sp-policy-drop.ini b/src/tests/ini/config/sp-policy-drop.ini index 1c28030..4b1e374 100644 --- a/src/tests/ini/config/sp-policy-drop.ini +++ b/src/tests/ini/config/sp-policy-drop.ini @@ -1,3 +1,3 @@ sp.ini_protection.enable(); sp.ini_protection.policy_drop(); -sp.ini.key("log_errors_max_len").min("200").max("2000"); +sp.ini.key("max_execution_time").min("30").max("300"); diff --git a/src/tests/ini/config/sp-policy-silent-fail.ini b/src/tests/ini/config/sp-policy-silent-fail.ini index 8236077..2123837 100644 --- a/src/tests/ini/config/sp-policy-silent-fail.ini +++ b/src/tests/ini/config/sp-policy-silent-fail.ini @@ -1,3 +1,3 @@ sp.ini_protection.enable(); sp.ini_protection.policy_silent_fail(); -sp.ini.key("log_errors_max_len").min("200").max("2000"); +sp.ini.key("max_execution_time").min("30").max("300"); diff --git a/src/tests/ini/config/sp.ini b/src/tests/ini/config/sp.ini index 3022e37..86a63a7 100644 --- a/src/tests/ini/config/sp.ini +++ b/src/tests/ini/config/sp.ini @@ -1,7 +1,6 @@ sp.ini_protection.enable(); -sp.ini.key("log_errors_max_len").min("200").max("2000"); -sp.ini.key("max_execution_time").min("30").max("600"); +sp.ini.key("max_execution_time").min("30").max("300"); sp.ini.key("highlight.comment").regexp("^#[0-9a-fA-F]{6}$"); sp.ini.key("default_mimetype").set("text/plain").ro(); diff --git a/src/tests/ini/ini_min_policy_drop.phpt b/src/tests/ini/ini_min_policy_drop.phpt index 9dddcc4..ef40ebc 100644 --- a/src/tests/ini/ini_min_policy_drop.phpt +++ b/src/tests/ini/ini_min_policy_drop.phpt @@ -6,8 +6,8 @@ INI protection .min() + .policy_drop() sp.configuration_file={PWD}/config/sp-policy-drop.ini --FILE-- --EXPECTF-- Fatal error: [snuffleupagus][0.0.0.0][ini_protection][drop] INI value out of range in %a/ini_min_policy_drop.php on line 2 diff --git a/src/tests/ini/ini_min_policy_silent_fail.phpt b/src/tests/ini/ini_min_policy_silent_fail.phpt index 8ef780d..d0117a7 100644 --- a/src/tests/ini/ini_min_policy_silent_fail.phpt +++ b/src/tests/ini/ini_min_policy_silent_fail.phpt @@ -6,8 +6,8 @@ INI protection .min() + .policy_silent_fail() sp.configuration_file={PWD}/config/sp-policy-silent-fail.ini --FILE-- --EXPECTF-- bool(true) diff --git a/src/tests/ini/ini_minmax.phpt b/src/tests/ini/ini_minmax.phpt index fc93075..4cd6bc4 100644 --- a/src/tests/ini/ini_minmax.phpt +++ b/src/tests/ini/ini_minmax.phpt @@ -6,29 +6,29 @@ INI protection .min()/.max() sp.configuration_file={PWD}/config/sp.ini --FILE-- --EXPECTF-- bool(false) -string(3) "200" +string(2) "30" bool(false) -string(4) "2000" +string(3) "300" Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value out of range in %a/ini_minmax.php on line 8 bool(true) -string(4) "2000" +string(3) "300" Warning: [snuffleupagus][0.0.0.0][ini_protection][log] INI value out of range in %a/ini_minmax.php on line 11 bool(true) -string(4) "2000" \ No newline at end of file +string(3) "300" \ No newline at end of file -- cgit v1.3 From bb07f43600028ac137ba56bd86cb2321d8e11e81 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 30 Nov 2021 19:48:11 +0100 Subject: fixed test case for PHP 8.1. ini_set argument types changed with PHP 8.1, so the test is using ini_get now. --- src/tests/strict_mode/strict_mode_enabled.phpt | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) (limited to 'src') diff --git a/src/tests/strict_mode/strict_mode_enabled.phpt b/src/tests/strict_mode/strict_mode_enabled.phpt index a986987..a78a604 100644 --- a/src/tests/strict_mode/strict_mode_enabled.phpt +++ b/src/tests/strict_mode/strict_mode_enabled.phpt @@ -8,11 +8,11 @@ if (!extension_loaded("snuffleupagus")) print "skip snuffleupagus extension miss sp.configuration_file={PWD}/config/config_strict_mode_enabled.ini --FILE-- --EXPECTF-- -Fatal error: Uncaught TypeError: ini_set()%s given in %s/tests/strict_mode/strict_mode_enabled.php:%d +Fatal error: Uncaught TypeError: ini_get()%s given in %s/tests/strict_mode/strict_mode_enabled.php:%d Stack trace: -#0 %s/tests/strict_mode/strict_mode_enabled.php(2): ini_set('display_errors', 1) +#0 %s/tests/strict_mode/strict_mode_enabled.php(2): ini_get(23) #1 {main} thrown in %s/tests/strict_mode/strict_mode_enabled.php on line 2 -- cgit v1.3 From 08725a0b7fce751c333e0dba2f6df6838dea15de Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 13 Dec 2021 13:56:52 +0100 Subject: fixed test case with new behaviour --- src/tests/broken_configuration/broken_conf_enable_disable2.phpt | 6 ------ 1 file changed, 6 deletions(-) (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf_enable_disable2.phpt b/src/tests/broken_configuration/broken_conf_enable_disable2.phpt index 0d6fb8c..77d5f83 100644 --- a/src/tests/broken_configuration/broken_conf_enable_disable2.phpt +++ b/src/tests/broken_configuration/broken_conf_enable_disable2.phpt @@ -7,9 +7,3 @@ Global strict mode sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable2.ini --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 2 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 2 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. -- cgit v1.3 From 682cf7e9b05833cb7502f29edbcf4e0fa567cdf4 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 13 Dec 2021 13:57:18 +0100 Subject: fixed use after free + PHP 7 compatibility --- src/sp_unserialize.c | 15 ++++++++++++++- 1 file changed, 14 insertions(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_unserialize.c b/src/sp_unserialize.c index 4a9f565..c2173d3 100644 --- a/src/sp_unserialize.c +++ b/src/sp_unserialize.c @@ -1,14 +1,25 @@ #include "php_snuffleupagus.h" // condensed version of PHP's php_hash_do_hash_hmac() in ext/hash/hash.c +#if PHP_VERSION_ID < 80000 +static inline void *php_hash_alloc_context(const php_hash_ops *ops) { + /* Zero out context memory so serialization doesn't expose internals */ + return ecalloc(1, ops->context_size); +} +#endif + static zend_string *sp_do_hash_hmac_sha256(char *data, size_t data_len, char *key, size_t key_len) { +#if PHP_VERSION_ID < 80000 + const php_hash_ops *ops = php_hash_fetch_ops(ZEND_STRL("sha256")); +#else zend_string *algo = zend_string_init(ZEND_STRL("sha256"), 0); const php_hash_ops *ops = php_hash_fetch_ops(algo); zend_string_release_ex(algo, 0); +#endif if (!ops || !ops->is_crypto) { - sp_log_err("unsupported hash algorithm for hmac: %s", ZSTR_VAL(algo)); + sp_log_err("hmac", "unsupported hash algorithm: sha256"); return NULL; } @@ -35,6 +46,8 @@ static zend_string *sp_do_hash_hmac_sha256(char *data, size_t data_len, char *ke return hex_digest; } +// ------------------ + PHP_FUNCTION(sp_serialize) { zif_handler orig_handler; -- cgit v1.3 From c160736a503c853366c0cfb72e7a1a316cb5eef2 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 14 Dec 2021 14:17:32 +0100 Subject: fixed typo where execution hook may not have been active --- src/snuffleupagus.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 01a0b01..de68130 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -366,7 +366,7 @@ static PHP_INI_MH(OnUpdateConfiguration) { SPCFG(disabled_functions_reg).disabled_functions || SPCFG(disabled_functions_reg_ret).disabled_functions || (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions))) || - (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions_ret))); + (SPCFG(disabled_functions_ret) && zend_hash_num_elements(SPCFG(disabled_functions_ret))); if (SPCFG(show_old_php_warning)) { time_t ts = time(NULL); -- cgit v1.3 From 9cc76c5d82df5df98392c9428eb98809c97d2cc7 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 14 Dec 2021 14:21:43 +0100 Subject: get class name from execution_data --- src/sp_disabled_functions.c | 13 ++++++------- 1 file changed, 6 insertions(+), 7 deletions(-) (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index a3b3e99..4c85dec 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -13,20 +13,19 @@ static void should_drop_on_ret(const zval* return_value, zend_execute_data* execute_data); char* get_complete_function_path(zend_execute_data const* const execute_data) { - if (zend_is_executing() && !EG(current_execute_data)->func) { + if (!execute_data) { return NULL; // LCOV_EXCL_LINE } - if (!(execute_data->func->common.function_name)) { + zend_function *func = execute_data->func; + if (!(func->common.function_name)) { return NULL; } - char const* class_name; - char const* const function_name = - ZSTR_VAL(execute_data->func->common.function_name); + char const* const function_name = ZSTR_VAL(func->common.function_name); char* complete_path_function = NULL; - class_name = get_active_class_name(NULL); - if (*class_name) { + if ((func->type == ZEND_USER_FUNCTION || func->type == ZEND_INTERNAL_FUNCTION) && func->common.scope) { + char const* class_name = ZSTR_VAL(func->common.scope->name); const size_t len = strlen(class_name) + 2 + strlen(function_name) + 1; complete_path_function = emalloc(len); snprintf(complete_path_function, len, "%s::%s", class_name, function_name); -- cgit v1.3 From 1746eb1013af60d8524a42fb3431446a5933a646 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 14 Dec 2021 14:24:56 +0100 Subject: code cleanup + removed line breaks for easier IDE integration --- src/sp_disabled_functions.c | 36 ++++++++++++------------------------ 1 file changed, 12 insertions(+), 24 deletions(-) (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 4c85dec..216f696 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -259,7 +259,7 @@ void should_disable_ht(zend_execute_data* execute_data, current_filename = zend_string_init(tmp, strlen(tmp), 0); } - ht_entry = zend_hash_str_find_ptr(ht, function_name, strlen(function_name)); + ht_entry = zend_hash_str_find_ptr(ht, VAR_AND_LEN(function_name)); if (ht_entry) { should_disable(execute_data, function_name, builtin_param, @@ -279,29 +279,24 @@ static void should_disable(zend_execute_data* execute_data, const sp_list_node* config, const zend_string* current_filename) { char current_file_hash[SHA256_SIZE * 2 + 1] = {0}; - // sp_log_debug("%s %s %s", complete_function_path, builtin_param, builtin_param_name); while (config) { - sp_disabled_function const* const config_node = - (sp_disabled_function*)(config->data); + sp_disabled_function const* const config_node = (sp_disabled_function*)(config->data); const char* arg_name = NULL; const zend_string* arg_value_str = NULL; /* The order matters, since when we have `config_node->functions_list`, we also do have `config_node->function` */ if (config_node->functions_list) { - if (false == is_functions_list_matching(execute_data, - config_node->functions_list)) { + if (false == is_functions_list_matching(execute_data, config_node->functions_list)) { goto next; } } else if (config_node->function) { - if (0 != - strcmp(ZSTR_VAL(config_node->function), complete_function_path)) { + if (0 != strcmp(ZSTR_VAL(config_node->function), complete_function_path)) { goto next; // LCOV_EXCL_LINE } } else if (config_node->r_function) { - if (false == sp_is_regexp_matching(config_node->r_function, - complete_function_path)) { + if (false == sp_is_regexp_matching(config_node->r_function, complete_function_path)) { goto next; } } @@ -313,8 +308,7 @@ static void should_disable(zend_execute_data* execute_data, } if (config_node->filename || config_node->r_filename) { - zend_execute_data* ex = - is_file_matching(execute_data, config_node, current_filename); + zend_execute_data* ex = is_file_matching(execute_data, config_node, current_filename); if (!ex) { goto next; } @@ -337,8 +331,7 @@ static void should_disable(zend_execute_data* execute_data, if ('\0' == current_file_hash[0]) { compute_hash(ZSTR_VAL(current_filename), current_file_hash); } - if (0 != strncmp(current_file_hash, ZSTR_VAL(config_node->hash), - SHA256_SIZE)) { + if (0 != strncmp(current_file_hash, ZSTR_VAL(config_node->hash), SHA256_SIZE)) { goto next; } } @@ -359,9 +352,7 @@ static void should_disable(zend_execute_data* execute_data, "Snuffleupagus doesn't support variadic functions yet, sorry. " "Check https://github.com/jvoisin/snuffleupagus/issues/164 for " "details."); - } else if (false == is_param_matching( - execute_data, config_node, builtin_param, builtin_param_name, - &arg_name, &arg_value_str)) { + } else if (false == is_param_matching(execute_data, config_node, builtin_param, builtin_param_name, &arg_name, &arg_value_str)) { goto next; } } @@ -372,11 +363,9 @@ static void should_disable(zend_execute_data* execute_data, } if (config_node->functions_list) { - sp_log_disable(ZSTR_VAL(config_node->function), arg_name, arg_value_str, - config_node); + sp_log_disable(ZSTR_VAL(config_node->function), arg_name, arg_value_str, config_node); } else { - sp_log_disable(complete_function_path, arg_name, arg_value_str, - config_node); + sp_log_disable(complete_function_path, arg_name, arg_value_str, config_node); } next: @@ -480,10 +469,9 @@ ZEND_FUNCTION(check_disabled_function) { should_disable_ht(execute_data, current_function_name, NULL, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions_hooked)); - orig_handler = zend_hash_str_find_ptr( - SPG(disabled_functions_hook), current_function_name, - strlen(current_function_name)); + orig_handler = zend_hash_str_find_ptr(SPG(disabled_functions_hook), VAR_AND_LEN(current_function_name)); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); + should_drop_on_ret_ht(return_value, current_function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret_hooked), execute_data); } -- cgit v1.3 From 4a45ba42b609d48c8297456d67cc8d955073b567 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 14 Dec 2021 14:29:43 +0100 Subject: fix: include class name in eval whitelist matching --- src/sp_disabled_functions.c | 17 +++++------------ src/sp_execute.c | 29 +++++++++++------------------ src/sp_utils.c | 15 ++++----------- src/sp_utils.h | 8 +++++--- 4 files changed, 25 insertions(+), 44 deletions(-) (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 216f696..1d9c6c7 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -512,19 +512,13 @@ static void hook_functions(HashTable* to_hook_ht, HashTable* hooked_ht) { ZEND_FUNCTION(eval_blacklist_callback) { zif_handler orig_handler; - const char* current_function_name = get_active_function_name(TSRMLS_C); - zend_string* tmp = - zend_string_init(current_function_name, strlen(current_function_name), 0); + char* current_function_name = get_complete_function_path(EG(current_execute_data)); - if (true == check_is_in_eval_whitelist(tmp)) { - zend_string_release(tmp); + if (!current_function_name || true == check_is_in_eval_whitelist(current_function_name)) { goto whitelisted; } - zend_string_release(tmp); if (SPG(in_eval) > 0) { - // zend_string* filename = get_eval_filename(zend_get_executed_filename()); - // const int line_number = zend_get_executed_lineno(TSRMLS_C); const sp_config_eval* config_eval = &(SPCFG(eval)); if (config_eval->dump) { @@ -535,13 +529,12 @@ ZEND_FUNCTION(eval_blacklist_callback) { } else { sp_log_drop("eval", "A call to '%s' was tried in eval. dropping it.", current_function_name); } - // efree(filename); } whitelisted: - orig_handler = zend_hash_str_find_ptr( - SPG(sp_eval_blacklist_functions_hook), current_function_name, - strlen(current_function_name)); + + orig_handler = zend_hash_str_find_ptr(SPG(sp_eval_blacklist_functions_hook), current_function_name, strlen(current_function_name)); + efree(current_function_name); orig_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); } diff --git a/src/sp_execute.c b/src/sp_execute.c index f540119..0474fc8 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -48,8 +48,7 @@ inline static void is_builtin_matching( should_disable_ht(EG(current_execute_data), function_name, param_value, param_name, SPCFG(disabled_functions_reg).disabled_functions, ht); } -static void ZEND_HOT -is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { +static void ZEND_HOT is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { const sp_config_eval *config_eval = &(SPCFG(eval)); if (EXPECTED(0 == SPG(in_eval))) { @@ -60,35 +59,29 @@ is_in_eval_and_whitelisted(const zend_execute_data *execute_data) { return; } - if (zend_is_executing() && !EG(current_execute_data)->func) { + if (zend_is_executing() && !EX(func)) { return; // LCOV_EXCL_LINE } - if (UNEXPECTED(!(execute_data->func->common.function_name))) { + char *function_name = get_complete_function_path(execute_data); + if (!function_name) { return; } - zend_string const *const current_function = EX(func)->common.function_name; - - if (EXPECTED(NULL != current_function)) { - if (UNEXPECTED(false == check_is_in_eval_whitelist(current_function))) { + if (UNEXPECTED(false == check_is_in_eval_whitelist(function_name))) { if (config_eval->dump) { sp_log_request(config_eval->dump, config_eval->textual_representation); } if (config_eval->simulation) { - sp_log_simulation( - "Eval_whitelist", - "The function '%s' isn't in the eval whitelist, logging its call.", - ZSTR_VAL(current_function)); - return; + sp_log_simulation("Eval_whitelist", "The function '%s' isn't in the eval whitelist, logging its call.", function_name); + goto out; } else { - sp_log_drop( - "Eval_whitelist", - "The function '%s' isn't in the eval whitelist, dropping its call.", - ZSTR_VAL(current_function)); + sp_log_drop("Eval_whitelist", "The function '%s' isn't in the eval whitelist, dropping its call.", function_name); } } - } + // } +out: + efree(function_name); } /* This function gets the filename in which `eval()` is called from, diff --git a/src/sp_utils.c b/src/sp_utils.c index b53ddcb..034aaf4 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -1,12 +1,5 @@ #include "php_snuffleupagus.h" -bool sp_zend_string_equals(const zend_string* s1, const zend_string* s2) { - // We can't use `zend_string_equals` here because it doesn't work on - // `const` zend_string. - return ZSTR_LEN(s1) == ZSTR_LEN(s2) && - !memcmp(ZSTR_VAL(s1), ZSTR_VAL(s2), ZSTR_LEN(s1)); -} - static const char* default_ipaddr = "0.0.0.0"; const char* get_ipaddr() { const char* client_ip = getenv("REMOTE_ADDR"); @@ -155,8 +148,8 @@ int sp_log_request(const zend_string* restrict folder, const zend_string* restri char* const complete_path_function = get_complete_function_path(current); if (complete_path_function) { const int current_line = zend_get_executed_lineno(TSRMLS_C); - fprintf(file, "STACKTRACE: %s:%d\n", complete_path_function, - current_line); + fprintf(file, "STACKTRACE: %s:%d\n", complete_path_function, current_line); + efree(complete_path_function); } current = current->prev_execute_data; } @@ -468,7 +461,7 @@ void unhook_functions(HashTable *ht) { ZEND_HASH_FOREACH_END_DEL(); } -bool check_is_in_eval_whitelist(const zend_string* const function_name) { +bool check_is_in_eval_whitelist(const char* function_name) { const sp_list_node* it = SPCFG(eval).whitelist; if (!it) { return false; @@ -477,7 +470,7 @@ bool check_is_in_eval_whitelist(const zend_string* const function_name) { /* yes, we could use a HashTable instead, but since the list is pretty * small, it doesn't make a difference in practise. */ while (it && it->data) { - if (sp_zend_string_equals(function_name, (const zend_string*)(it->data))) { + if (sp_zend_string_equals_str((const zend_string*)(it->data), VAR_AND_LEN(function_name))) { /* We've got a match, the function is whiteslited. */ return true; } diff --git a/src/sp_utils.h b/src/sp_utils.h index a4694f2..0581363 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -85,8 +85,10 @@ void sp_log_disable_ret(const char *restrict, const zend_string *restrict, bool hook_function(const char *, HashTable *, zif_handler); void unhook_functions(HashTable *ht); int hook_regexp(const sp_pcre *, HashTable *, zif_handler); -bool check_is_in_eval_whitelist(const zend_string *const function_name); +bool check_is_in_eval_whitelist(const char* function_name); int sp_log_request(const zend_string *restrict folder, const zend_string *restrict text_repr); -bool sp_zend_string_equals(const zend_string *s1, const zend_string *s2); - +#define sp_zend_string_equals(s1, s2) zend_string_equals((zend_string*)s1, (zend_string*)s2) +static inline bool sp_zend_string_equals_str(const zend_string* s1, const char *str, size_t len) { + return (ZSTR_LEN(s1) == len && !memcmp(ZSTR_VAL(s1), str, len)); +} #endif /* SP_UTILS_H */ -- cgit v1.3 From a5dcbb8cb802ba18e618ca38ea8e6acbf8b133ff Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 14 Dec 2021 14:46:23 +0100 Subject: fix: apply checks to internal function calls, too, so we can match internal class methods that are not hooked --- src/sp_execute.c | 163 ++++++++++++++++++++++++++++--------------------------- 1 file changed, 84 insertions(+), 79 deletions(-) (limited to 'src') diff --git a/src/sp_execute.c b/src/sp_execute.c index 0474fc8..21a68dd 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -12,25 +12,19 @@ static zend_result (*orig_zend_stream_open)(zend_file_handle *handle) = NULL; // FIXME handle symlink ZEND_COLD static inline void terminate_if_writable(const char *filename) { const sp_config_readonly_exec *config_ro_exec = &(SPCFG(readonly_exec)); - if (0 == access(filename, W_OK)) { if (config_ro_exec->dump) { - sp_log_request(config_ro_exec->dump, - config_ro_exec->textual_representation); + sp_log_request(config_ro_exec->dump, config_ro_exec->textual_representation); } if (true == config_ro_exec->simulation) { - sp_log_simulation("readonly_exec", - "Attempted execution of a writable file (%s).", - filename); + sp_log_simulation("readonly_exec", "Attempted execution of a writable file (%s).", filename); } else { - sp_log_drop("readonly_exec", - "Attempted execution of a writable file (%s).", filename); + sp_log_drop("readonly_exec", "Attempted execution of a writable file (%s).", filename); } } else { if (EACCES != errno) { // LCOV_EXCL_START - sp_log_err("Writable execution", "Error while accessing %s: %s", filename, - strerror(errno)); + sp_log_err("Writable execution", "Error while accessing %s: %s", filename, strerror(errno)); // LCOV_EXCL_STOP } } @@ -113,97 +107,108 @@ static inline void sp_orig_execute(zend_execute_data *execute_data) { SPG(execution_depth)--; } -static void sp_execute_ex(zend_execute_data *execute_data) { - is_in_eval_and_whitelisted(execute_data); - const HashTable *config_disabled_functions = SPCFG(disabled_functions); +static inline void sp_check_writable(zend_execute_data *execute_data) { + if (execute_data && EX(func) && EX(func)->op_array.filename && SPCFG(readonly_exec).enable) { + terminate_if_writable(ZSTR_VAL(EX(func)->op_array.filename)); + } +} +static inline void sp_call_orig_execute(INTERNAL_FUNCTION_PARAMETERS, bool internal) { + if (internal) { + if (UNEXPECTED(NULL != orig_zend_execute_internal)) { + orig_zend_execute_internal(INTERNAL_FUNCTION_PARAM_PASSTHRU); + } else { + EX(func)->internal_function.handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); + } + } else { + sp_orig_execute(execute_data); + } +} + +static inline void sp_execute_handler(INTERNAL_FUNCTION_PARAMETERS, bool internal) { if (!execute_data) { return; // LCOV_EXCL_LINE } - if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) { - const sp_list_node *config = zend_hash_str_find_ptr(config_disabled_functions, ZEND_STRL("eval")); + is_in_eval_and_whitelisted(execute_data); - zend_string *filename = get_eval_filename(zend_get_executed_filename()); - is_builtin_matching(filename, "eval", NULL, config, config_disabled_functions); - zend_string_release(filename); + if (!internal) { + if (UNEXPECTED(EX(func)->op_array.type == ZEND_EVAL_CODE)) { + const sp_list_node *config = zend_hash_str_find_ptr(SPCFG(disabled_functions), ZEND_STRL("eval")); - SPG(in_eval)++; - sp_orig_execute(execute_data); - SPG(in_eval)--; - return; - } + zend_string *filename = get_eval_filename(zend_get_executed_filename()); + is_builtin_matching(filename, "eval", NULL, config, SPCFG(disabled_functions)); + zend_string_release(filename); - if (NULL != EX(func)->op_array.filename) { - if (SPCFG(readonly_exec).enable) { - terminate_if_writable(ZSTR_VAL(EX(func)->op_array.filename)); + SPG(in_eval)++; + sp_orig_execute(execute_data); + SPG(in_eval)--; + return; } + + sp_check_writable(execute_data); } - if (SPG(hook_execute)) { - char *function_name = get_complete_function_path(execute_data); - zval ret_val; - const sp_list_node *config_disabled_functions_reg = SPCFG(disabled_functions_reg).disabled_functions; + if (!SPG(hook_execute)) { + sp_call_orig_execute(INTERNAL_FUNCTION_PARAM_PASSTHRU, internal); + return; + } - if (!function_name) { - sp_orig_execute(execute_data); - return; - } + char *function_name = get_complete_function_path(execute_data); - // If we're at an internal function - if (!execute_data->prev_execute_data || - !execute_data->prev_execute_data->func || - !ZEND_USER_CODE(execute_data->prev_execute_data->func->type) || - !execute_data->prev_execute_data->opline) { - should_disable_ht(execute_data, function_name, NULL, NULL, - config_disabled_functions_reg, - config_disabled_functions); - } else { // If we're at a userland function call - switch (execute_data->prev_execute_data->opline->opcode) { - case ZEND_DO_FCALL: - case ZEND_DO_FCALL_BY_NAME: - case ZEND_DO_ICALL: - case ZEND_DO_UCALL: - case ZEND_TICKS: - should_disable_ht(execute_data, function_name, NULL, NULL, - config_disabled_functions_reg, - config_disabled_functions); - default: - break; - } - } + if (!function_name) { + sp_call_orig_execute(INTERNAL_FUNCTION_PARAM_PASSTHRU, internal); + return; + } - // When a function's return value isn't used, php doesn't store it in the - // execute_data, so we need to use a local variable to be able to match on - // it later. - if (EX(return_value) == NULL) { - memset(&ret_val, 0, sizeof(ret_val)); - EX(return_value) = &ret_val; + const sp_list_node *config_disabled_functions_reg = SPCFG(disabled_functions_reg).disabled_functions; + + // If we're at an internal function + if (!execute_data->prev_execute_data || + !execute_data->prev_execute_data->func || + !ZEND_USER_CODE(execute_data->prev_execute_data->func->type) || + !execute_data->prev_execute_data->opline) { + should_disable_ht(execute_data, function_name, NULL, NULL, config_disabled_functions_reg, SPCFG(disabled_functions)); + } else { // If we're at a userland function call + switch (execute_data->prev_execute_data->opline->opcode) { + case ZEND_DO_FCALL: + case ZEND_DO_FCALL_BY_NAME: + case ZEND_DO_ICALL: + case ZEND_DO_UCALL: + case ZEND_TICKS: + should_disable_ht(execute_data, function_name, NULL, NULL, config_disabled_functions_reg, SPCFG(disabled_functions)); + default: + break; } + } - sp_orig_execute(execute_data); + // When a function's return value isn't used, php doesn't store it in the + // execute_data, so we need to use a local variable to be able to match on + // it later. + zval ret_val; + if (EX(return_value) == NULL) { + memset(&ret_val, 0, sizeof(ret_val)); + EX(return_value) = &ret_val; + } - should_drop_on_ret_ht(EX(return_value), function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret), execute_data); - efree(function_name); + sp_call_orig_execute(INTERNAL_FUNCTION_PARAM_PASSTHRU, internal); - if (EX(return_value) == &ret_val) { - EX(return_value) = NULL; - } - } else { - sp_orig_execute(execute_data); + should_drop_on_ret_ht(EX(return_value), function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret), execute_data); + efree(function_name); + + if (EX(return_value) == &ret_val) { + EX(return_value) = NULL; } + } -static void sp_zend_execute_internal(INTERNAL_FUNCTION_PARAMETERS) { - is_in_eval_and_whitelisted(execute_data); - if (UNEXPECTED(NULL != orig_zend_execute_internal)) { - // LCOV_EXCL_START - orig_zend_execute_internal(INTERNAL_FUNCTION_PARAM_PASSTHRU); - // LCOV_EXCL_STOP - } else { - EX(func)->internal_function.handler(INTERNAL_FUNCTION_PARAM_PASSTHRU); - } +static void sp_execute_ex(zend_execute_data *execute_data) { + sp_execute_handler(execute_data, NULL, false); +} + +static void sp_zend_execute_internal(INTERNAL_FUNCTION_PARAMETERS) { + sp_execute_handler(INTERNAL_FUNCTION_PARAM_PASSTHRU, true); } static inline void sp_stream_open_checks(zend_string *zend_filename, zend_file_handle *handle) { -- cgit v1.3 From c3fddfecfab29504097932184389a94251991bc7 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 14 Dec 2021 15:25:31 +0100 Subject: test cases for testing edge cases, eval and cmd execution --- .../config/disabled_functions_extra.ini | 7 +++++++ .../disable_function/disabled_functions_exec.phpt | 12 ++++++++++++ .../disabled_functions_passthru.phpt | 12 ++++++++++++ .../disabled_functions_phpinfo_header_callback.phpt | 12 ++++++++++++ .../disable_function/disabled_functions_popen.phpt | 12 ++++++++++++ .../disabled_functions_proc_open.phpt | 17 +++++++++++++++++ .../disabled_functions_shell_exec_backtick.phpt | 12 ++++++++++++ .../disabled_functions_shell_exec_backtick_var.phpt | 12 ++++++++++++ ...led_functions_shell_exec_backtick_var_string.phpt | 12 ++++++++++++ .../disabled_functions_shell_exec_closure.phpt | 13 +++++++++++++ .../disabled_functions_shell_exec_closure2.phpt | 14 ++++++++++++++ .../disabled_functions_shell_exec_filter_input.phpt | 14 ++++++++++++++ .../disabled_functions_shell_exec_include_data.phpt | 16 ++++++++++++++++ ...abled_functions_shell_exec_include_phpfilter.phpt | 16 ++++++++++++++++ ...isabled_functions_shell_exec_opcache_preload.phpt | 18 ++++++++++++++++++ ...abled_functions_shell_exec_shutdown_function.phpt | 12 ++++++++++++ .../disabled_functions_shell_exec_signal.phpt | 20 ++++++++++++++++++++ .../disabled_functions_shell_exec_var.phpt | 13 +++++++++++++ 18 files changed, 244 insertions(+) create mode 100644 src/tests/disable_function/config/disabled_functions_extra.ini create mode 100644 src/tests/disable_function/disabled_functions_exec.phpt create mode 100644 src/tests/disable_function/disabled_functions_passthru.phpt create mode 100644 src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt create mode 100644 src/tests/disable_function/disabled_functions_popen.phpt create mode 100644 src/tests/disable_function/disabled_functions_proc_open.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_closure.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_signal.phpt create mode 100644 src/tests/disable_function/disabled_functions_shell_exec_var.phpt (limited to 'src') diff --git a/src/tests/disable_function/config/disabled_functions_extra.ini b/src/tests/disable_function/config/disabled_functions_extra.ini new file mode 100644 index 0000000..305c4b3 --- /dev/null +++ b/src/tests/disable_function/config/disabled_functions_extra.ini @@ -0,0 +1,7 @@ +sp.disable_function.function("shell_exec").pos("0").value("ls").drop(); +sp.disable_function.function("exec").drop(); +sp.disable_function.function("passthru").drop(); +#sp.disable_function.function("system").drop(); +sp.disable_function.function("proc_open").drop(); +sp.disable_function.function("popen").drop(); +sp.disable_function.function("phpinfo").drop(); diff --git a/src/tests/disable_function/disabled_functions_exec.phpt b/src/tests/disable_function/disabled_functions_exec.phpt new file mode 100644 index 0000000..d49ea58 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_exec.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - exec +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'exec' in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_passthru.phpt b/src/tests/disable_function/disabled_functions_passthru.phpt new file mode 100644 index 0000000..27eb8f8 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_passthru.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - passthru +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'passthru' in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt b/src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt new file mode 100644 index 0000000..347101e --- /dev/null +++ b/src/tests/disable_function/disabled_functions_phpinfo_header_callback.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - phpinfo via header_register_callback +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'phpinfo' in Unknown on line 0 diff --git a/src/tests/disable_function/disabled_functions_popen.phpt b/src/tests/disable_function/disabled_functions_popen.phpt new file mode 100644 index 0000000..d027aed --- /dev/null +++ b/src/tests/disable_function/disabled_functions_popen.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - popen +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'popen' in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_proc_open.phpt b/src/tests/disable_function/disabled_functions_proc_open.phpt new file mode 100644 index 0000000..7c8c7eb --- /dev/null +++ b/src/tests/disable_function/disabled_functions_proc_open.phpt @@ -0,0 +1,17 @@ +--TEST-- +Disable functions - proc_open +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + array("pipe", "r"), + 1 => array("pipe", "w"), + 2 => array("pipe", "w") +); +echo proc_open('ls', $descriptorspec, $pipes); +?> +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'proc_open' in %a.php on line 7 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt new file mode 100644 index 0000000..aeb64c2 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - shell_exec via backtick operator +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt new file mode 100644 index 0000000..a312acf --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - shell_exec via backtick operator in context of a var name +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt new file mode 100644 index 0000000..ea77a7d --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_backtick_var_string.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - shell_exec via backtick operator in context of a var name in a string +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_closure.phpt b/src/tests/disable_function/disabled_functions_shell_exec_closure.phpt new file mode 100644 index 0000000..fd9343b --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_closure.phpt @@ -0,0 +1,13 @@ +--TEST-- +Disable functions - shell_exec via closure +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt b/src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt new file mode 100644 index 0000000..fac6031 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_closure2.phpt @@ -0,0 +1,14 @@ +--TEST-- +Disable functions - shell_exec via 1st class closure +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt b/src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt new file mode 100644 index 0000000..8a18d9b --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_filter_input.phpt @@ -0,0 +1,14 @@ +--TEST-- +Disable functions - shell_exec via filter_input callback +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--GET-- +cmd=ls +--FILE-- + 'shell_exec')); +?> +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 2 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt b/src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt new file mode 100644 index 0000000..4c13db6 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_include_data.phpt @@ -0,0 +1,16 @@ +--TEST-- +Disable functions - shell_exec via include(data://) +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +allow_url_include=1 +--FILE-- + +--EXPECTF-- +Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in data%a line 1 \ No newline at end of file diff --git a/src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt b/src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt new file mode 100644 index 0000000..941d168 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_include_phpfilter.phpt @@ -0,0 +1,16 @@ +--TEST-- +Disable functions - shell_exec via include(php://filter) +--SKIPIF-- + + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +allow_url_include=1 +--FILE-- + +--EXPECTF-- +Deprecated: Directive 'allow_url_include' is deprecated in Unknown on line 0 + +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in php%a line 1 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt new file mode 100644 index 0000000..3e43a14 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt @@ -0,0 +1,18 @@ +--TEST-- +Disable functions - shell_exec via opcache.preload +--SKIPIF-- + + +--EXTENSIONS-- +opcache +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +allow_url_include=1 +opcache.enable=1 +opcache.enable_cli=1 +opcache.preload=data://text/plain,%3C%3Fphp+shell_exec%28%22ls%22%29%3B +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in data%a line 1 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt b/src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt new file mode 100644 index 0000000..8dcc40e --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_shutdown_function.phpt @@ -0,0 +1,12 @@ +--TEST-- +Disable functions - shell_exec via register_shutdown_function +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in Unknown on line 0 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt b/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt new file mode 100644 index 0000000..f99b423 --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - shell_exec via signal handler +--SKIPIF-- + + +--EXTENSIONS-- +pcntl +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +pcntl.async_signals=1 +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 4 diff --git a/src/tests/disable_function/disabled_functions_shell_exec_var.phpt b/src/tests/disable_function/disabled_functions_shell_exec_var.phpt new file mode 100644 index 0000000..e5a6a4e --- /dev/null +++ b/src/tests/disable_function/disabled_functions_shell_exec_var.phpt @@ -0,0 +1,13 @@ +--TEST-- +Disable functions - shell_exec via var call +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_extra.ini +--FILE-- + +--EXPECTF-- +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'shell_exec', %a matched a rule in %a.php on line 3 -- cgit v1.3 From d3d9b594fe904e6d101522617fdcf18dc5518b16 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 16:26:12 +0100 Subject: added @warn/@err to config syntax --- src/snuffleupagus.c | 3 +- src/sp_config_scanner.cached.c | 937 +++++++++++++++++++++++++---------------- src/sp_config_scanner.re | 26 +- 3 files changed, 593 insertions(+), 373 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index de68130..3baad1b 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -223,8 +223,7 @@ PHP_RINIT_FUNCTION(snuffleupagus) { if (SPG(is_config_valid) == SP_CONFIG_INVALID) { sp_log_err("config", "Invalid configuration file"); } else if (SPG(is_config_valid) == SP_CONFIG_NONE) { - sp_log_warn("config", - "No configuration specificed via sp.configuration_file"); + sp_log_warn("config", "No configuration specificed via sp.configuration_file"); } } diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index 91144c7..bd2fa3c 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -11,6 +11,8 @@ enum YYCONDTYPE { #define cs_log_error(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) #define cs_log_info(fmt, ...) sp_log_msg("config", SP_LOG_INFO, fmt, ##__VA_ARGS__) +#define cs_log_warning(fmt, ...) sp_log_warn("config", fmt, ##__VA_ARGS__) + zend_string *sp_get_arg_string(sp_parsed_keyword *kw) { if (!kw || !kw->arg) { @@ -133,6 +135,12 @@ static int sy_apply_op(char op, int a, int b) { int res = sy_apply_op(op, a, b); \ sy_res_push(res); +#define TMPSTR(tmpstr, t2, t1) \ + char tmpstr[1024]; \ + size_t tmplen = MIN(t2-t1-2, 1023); \ + strncpy(tmpstr, t1+1, tmplen); \ + tmpstr[tmplen] = 0; + zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { @@ -270,23 +278,23 @@ yy12: yy15: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych <= 'd') { - if (yych == 'c') goto yy17; - goto yy5; - } else { - if (yych <= 'e') goto yy19; - if (yych == 'l') goto yy20; - goto yy5; + switch (yych) { + case 'c': goto yy17; + case 'e': goto yy19; + case 'i': goto yy20; + case 'l': goto yy21; + case 'w': goto yy22; + default: goto yy5; } yy16: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy21; - if (yych == 'p') goto yy22; + if (yych == 'e') goto yy23; + if (yych == 'p') goto yy24; goto yy5; yy17: yych = *++YYCURSOR; - if (yych == 'o') goto yy24; + if (yych == 'o') goto yy26; yy18: YYCURSOR = YYMARKER; if (yyaccept <= 2) { @@ -294,225 +302,406 @@ yy18: if (yyaccept == 0) { goto yy5; } else { - yyt1 = YYCURSOR; - goto yy37; + goto yy66; } } else { - goto yy37; + goto yy70; } } else { - if (yyaccept == 3) { - yyt4 = YYCURSOR; - goto yy57; + if (yyaccept <= 4) { + if (yyaccept == 3) { + goto yy83; + } else { + yyt4 = YYCURSOR; + goto yy88; + } } else { - goto yy57; + goto yy88; } } yy19: yych = *++YYCURSOR; - if (yych == 'n') goto yy25; + if (yych == 'n') goto yy27; + if (yych == 'r') goto yy28; goto yy18; yy20: yych = *++YYCURSOR; - if (yych == 'o') goto yy26; + if (yych == 'n') goto yy29; goto yy18; yy21: yych = *++YYCURSOR; - if (yych == 't') goto yy27; + if (yych == 'o') goto yy30; goto yy18; yy22: - ++YYCURSOR; - { kw_i = 0; goto yyc_rule; } -yy24: yych = *++YYCURSOR; - if (yych == 'n') goto yy28; + if (yych == 'a') goto yy31; goto yy18; -yy25: +yy23: yych = *++YYCURSOR; - if (yych == 'd') goto yy29; + if (yych == 't') goto yy32; goto yy18; +yy24: + ++YYCURSOR; + { kw_i = 0; goto yyc_rule; } yy26: yych = *++YYCURSOR; - if (yych == 'g') goto yy30; + if (yych == 'n') goto yy33; goto yy18; yy27: yych = *++YYCURSOR; - if (yych == '\t') goto yy31; - if (yych == ' ') goto yy31; + if (yych == 'd') goto yy34; goto yy18; yy28: yych = *++YYCURSOR; - if (yych == 'd') goto yy33; + if (yych == 'r') goto yy35; goto yy18; yy29: yych = *++YYCURSOR; - if (yych == '_') goto yy34; + if (yych == 'f') goto yy36; goto yy18; yy30: yych = *++YYCURSOR; - if (yych == '\t') goto yy35; - if (yych == ' ') goto yy35; + if (yych == 'g') goto yy37; goto yy18; yy31: + yych = *++YYCURSOR; + if (yych == 'r') goto yy38; + goto yy18; +yy32: + yych = *++YYCURSOR; + if (yych == '\t') goto yy39; + if (yych == ' ') goto yy39; + goto yy18; +yy33: + yych = *++YYCURSOR; + if (yych == 'd') goto yy41; + goto yy18; +yy34: + yych = *++YYCURSOR; + if (yych == '_') goto yy42; + goto yy18; +yy35: + yych = *++YYCURSOR; + if (yych == '"') goto yy18; + if (yych == 'o') goto yy45; + goto yy44; +yy36: + yych = *++YYCURSOR; + if (yych != 'o') goto yy18; +yy37: + yych = *++YYCURSOR; + if (yych == '"') goto yy18; + goto yy47; +yy38: + yych = *++YYCURSOR; + if (yych == 'n') goto yy48; + goto yy18; +yy39: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '\t') { if (yych <= 0x08) goto yy18; - goto yy31; + goto yy39; } else { - if (yych == ' ') goto yy31; + if (yych == ' ') goto yy39; goto yy18; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy38; + goto yy49; } if (yych <= '^') goto yy18; yyt1 = YYCURSOR; - goto yy38; + goto yy49; } else { if (yych <= '`') goto yy18; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy38; + goto yy49; } goto yy18; } } -yy33: +yy41: yych = *++YYCURSOR; - if (yych == 'i') goto yy40; + if (yych == 'i') goto yy51; goto yy18; -yy34: +yy42: yych = *++YYCURSOR; - if (yych == 'c') goto yy41; + if (yych == 'c') goto yy52; goto yy18; -yy35: - yyaccept = 1; - yych = *(YYMARKER = ++YYCURSOR); +yy43: + yych = *++YYCURSOR; +yy44: if (yych <= 0x1F) { - if (yych == '\t') goto yy35; - yyt1 = YYCURSOR; + if (yych == '\t') goto yy43; + goto yy18; } else { - if (yych <= ' ') goto yy35; + if (yych <= ' ') goto yy43; if (yych == '"') { yyt1 = YYCURSOR; - goto yy42; + goto yy53; } - yyt1 = YYCURSOR; + goto yy18; } -yy37: - t1 = yyt1; - t2 = YYCURSOR; - { - char tmpstr[1024]; - size_t tmplen = MIN(t2-t1-2, 1023); - strncpy(tmpstr, t1+1, tmplen); - tmpstr[tmplen] = 0; - cs_log_info("[line %d]: %s", lineno, tmpstr); - goto yyc_init; - } -yy38: +yy45: + yych = *++YYCURSOR; + if (yych == 'r') goto yy55; + goto yy18; +yy46: + yych = *++YYCURSOR; +yy47: + if (yych <= 0x1F) { + if (yych == '\t') goto yy46; + goto yy18; + } else { + if (yych <= ' ') goto yy46; + if (yych == '"') { + yyt1 = YYCURSOR; + goto yy56; + } + goto yy18; + } +yy48: + yych = *++YYCURSOR; + if (yych == '"') goto yy18; + if (yych == 'i') goto yy60; + goto yy59; +yy49: yych = *++YYCURSOR; if (yybm[0+yych] & 32) { - goto yy38; + goto yy49; } if (yych == '\t') { yyt2 = YYCURSOR; - goto yy44; + goto yy61; } if (yych == ' ') { yyt2 = YYCURSOR; - goto yy44; + goto yy61; } goto yy18; -yy40: +yy51: yych = *++YYCURSOR; - if (yych == 't') goto yy46; + if (yych == 't') goto yy63; goto yy18; -yy41: +yy52: yych = *++YYCURSOR; - if (yych == 'o') goto yy47; + if (yych == 'o') goto yy64; goto yy18; -yy42: +yy53: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy42; + goto yy53; } if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy48; - goto yy49; -yy44: + if (yych <= '"') goto yy65; + goto yy67; +yy55: yych = *++YYCURSOR; + if (yych == '"') goto yy18; + goto yy44; +yy56: + yych = *++YYCURSOR; + if (yych <= '\r') { + if (yych == '\n') goto yy18; + if (yych <= '\f') goto yy56; + goto yy18; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy56; + goto yy69; + } else { + if (yych == '\\') goto yy71; + goto yy56; + } + } +yy58: + yych = *++YYCURSOR; +yy59: if (yych <= 0x1F) { - if (yych == '\t') goto yy44; + if (yych == '\t') goto yy58; goto yy18; } else { - if (yych <= ' ') goto yy44; + if (yych <= ' ') goto yy58; + if (yych == '"') { + yyt1 = YYCURSOR; + goto yy73; + } + goto yy18; + } +yy60: + yych = *++YYCURSOR; + if (yych == 'n') goto yy75; + goto yy18; +yy61: + yych = *++YYCURSOR; + if (yych <= 0x1F) { + if (yych == '\t') goto yy61; + goto yy18; + } else { + if (yych <= ' ') goto yy61; if (yych == '"') { yyt3 = YYCURSOR; - goto yy51; + goto yy76; } goto yy18; } -yy46: +yy63: yych = *++YYCURSOR; - if (yych == 'i') goto yy53; + if (yych == 'i') goto yy78; goto yy18; -yy47: +yy64: yych = *++YYCURSOR; - if (yych == 'n') goto yy54; + if (yych == 'n') goto yy79; goto yy18; -yy48: +yy65: ++YYCURSOR; - goto yy37; -yy49: +yy66: + t1 = yyt1; + t2 = YYCURSOR; + { + TMPSTR(tmpstr, t2, t1); + cs_log_error("[line %d]: %s", lineno, tmpstr); + goto out; + } +yy67: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy42; + goto yy53; } if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy55; - goto yy49; -yy51: + if (yych <= '"') goto yy80; + goto yy67; +yy69: + ++YYCURSOR; +yy70: + t1 = yyt1; + t2 = YYCURSOR; + { + TMPSTR(tmpstr, t2, t1); + sp_log_debug("tmplen: %d", tmplen); + cs_log_info("[line %d]: %s", lineno, tmpstr); + goto yyc_init; + } +yy71: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy51; + if (yych <= '\f') goto yy56; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy51; + if (yych <= '!') goto yy56; + goto yy81; + } else { + if (yych == '\\') goto yy71; goto yy56; + } + } +yy73: + yych = *++YYCURSOR; + if (yych <= '\r') { + if (yych == '\n') goto yy18; + if (yych <= '\f') goto yy73; + goto yy18; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy73; + goto yy82; } else { - if (yych == '\\') goto yy58; - goto yy51; + if (yych == '\\') goto yy84; + goto yy73; } } -yy53: +yy75: yych = *++YYCURSOR; - if (yych == 'o') goto yy60; + if (yych == 'g') goto yy86; goto yy18; -yy54: +yy76: yych = *++YYCURSOR; - if (yych == 'd') goto yy61; + if (yych <= '\r') { + if (yych == '\n') goto yy18; + if (yych <= '\f') goto yy76; + goto yy18; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy76; + goto yy87; + } else { + if (yych == '\\') goto yy89; + goto yy76; + } + } +yy78: + yych = *++YYCURSOR; + if (yych == 'o') goto yy91; goto yy18; -yy55: - yyaccept = 2; +yy79: + yych = *++YYCURSOR; + if (yych == 'd') goto yy92; + goto yy18; +yy80: + yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy42; + goto yy53; } - if (yych <= '\r') goto yy37; - if (yych <= '"') goto yy48; - goto yy49; -yy56: + if (yych <= '\r') goto yy66; + if (yych <= '"') goto yy65; + goto yy67; +yy81: + yyaccept = 2; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '\r') { + if (yych == '\n') goto yy70; + if (yych <= '\f') goto yy56; + goto yy70; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy56; + goto yy69; + } else { + if (yych == '\\') goto yy71; + goto yy56; + } + } +yy82: + ++YYCURSOR; +yy83: + t1 = yyt1; + t2 = YYCURSOR; + { + TMPSTR(tmpstr, t2, t1); + cs_log_warning("[line %d]: %s", lineno, tmpstr); + goto yyc_init; + } +yy84: + yych = *++YYCURSOR; + if (yych <= '\r') { + if (yych == '\n') goto yy18; + if (yych <= '\f') goto yy73; + goto yy18; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy73; + goto yy93; + } else { + if (yych == '\\') goto yy84; + goto yy73; + } + } +yy86: + yych = *++YYCURSOR; + if (yych == '"') goto yy18; + goto yy59; +yy87: yych = *++YYCURSOR; yyt4 = YYCURSOR; - goto yy63; -yy57: + goto yy95; +yy88: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -528,142 +717,158 @@ yy57: zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } -yy58: +yy89: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy51; + if (yych <= '\f') goto yy76; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy51; - goto yy65; + if (yych <= '!') goto yy76; + goto yy97; } else { - if (yych == '\\') goto yy58; - goto yy51; + if (yych == '\\') goto yy89; + goto yy76; } } -yy60: +yy91: yych = *++YYCURSOR; - if (yych == 'n') goto yy66; + if (yych == 'n') goto yy98; goto yy18; -yy61: +yy92: yych = *++YYCURSOR; - if (yych == 'i') goto yy67; + if (yych == 'i') goto yy99; goto yy18; -yy62: +yy93: + yyaccept = 3; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '\r') { + if (yych == '\n') goto yy83; + if (yych <= '\f') goto yy73; + goto yy83; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy73; + goto yy82; + } else { + if (yych == '\\') goto yy84; + goto yy73; + } + } +yy94: yych = *++YYCURSOR; -yy63: +yy95: if (yych <= 0x1F) { - if (yych == '\t') goto yy62; - goto yy57; + if (yych == '\t') goto yy94; + goto yy88; } else { - if (yych <= ' ') goto yy62; - if (yych != ';') goto yy57; + if (yych <= ' ') goto yy94; + if (yych != ';') goto yy88; } ++YYCURSOR; - goto yy57; -yy65: - yyaccept = 3; + goto yy88; +yy97: + yyaccept = 4; yych = *(YYMARKER = ++YYCURSOR); if (yych <= ' ') { if (yych <= '\n') { - if (yych <= 0x08) goto yy51; + if (yych <= 0x08) goto yy76; if (yych <= '\t') { yyt4 = YYCURSOR; - goto yy68; + goto yy100; } yyt4 = YYCURSOR; - goto yy57; + goto yy88; } else { if (yych == '\r') { yyt4 = YYCURSOR; - goto yy57; + goto yy88; } - if (yych <= 0x1F) goto yy51; + if (yych <= 0x1F) goto yy76; yyt4 = YYCURSOR; - goto yy68; + goto yy100; } } else { if (yych <= ':') { - if (yych == '"') goto yy56; - goto yy51; + if (yych == '"') goto yy87; + goto yy76; } else { if (yych <= ';') { yyt4 = YYCURSOR; - goto yy70; + goto yy102; } - if (yych == '\\') goto yy58; - goto yy51; + if (yych == '\\') goto yy89; + goto yy76; } } -yy66: +yy98: yych = *++YYCURSOR; - if (yych == '\t') goto yy71; - if (yych == ' ') goto yy71; + if (yych == '\t') goto yy103; + if (yych == ' ') goto yy103; goto yy18; -yy67: +yy99: yych = *++YYCURSOR; - if (yych == 't') goto yy74; + if (yych == 't') goto yy106; goto yy18; -yy68: - yyaccept = 4; +yy100: + yyaccept = 5; yych = *(YYMARKER = ++YYCURSOR); if (yych <= ' ') { if (yych <= '\n') { - if (yych <= 0x08) goto yy51; - if (yych <= '\t') goto yy68; - goto yy57; + if (yych <= 0x08) goto yy76; + if (yych <= '\t') goto yy100; + goto yy88; } else { - if (yych == '\r') goto yy57; - if (yych <= 0x1F) goto yy51; - goto yy68; + if (yych == '\r') goto yy88; + if (yych <= 0x1F) goto yy76; + goto yy100; } } else { if (yych <= ':') { - if (yych == '"') goto yy56; - goto yy51; + if (yych == '"') goto yy87; + goto yy76; } else { - if (yych <= ';') goto yy70; - if (yych == '\\') goto yy58; - goto yy51; + if (yych <= ';') goto yy102; + if (yych == '\\') goto yy89; + goto yy76; } } -yy70: - yyaccept = 4; +yy102: + yyaccept = 5; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy57; - if (yych <= '\f') goto yy51; - goto yy57; + if (yych == '\n') goto yy88; + if (yych <= '\f') goto yy76; + goto yy88; } else { if (yych <= '"') { - if (yych <= '!') goto yy51; - goto yy56; + if (yych <= '!') goto yy76; + goto yy87; } else { - if (yych == '\\') goto yy58; - goto yy51; + if (yych == '\\') goto yy89; + goto yy76; } } -yy71: +yy103: yych = *++YYCURSOR; - if (yych == '\t') goto yy71; - if (yych == ' ') goto yy71; + if (yych == '\t') goto yy103; + if (yych == ' ') goto yy103; { goto yyc_cond; } -yy74: +yy106: yych = *++YYCURSOR; if (yych != 'i') goto yy18; yych = *++YYCURSOR; if (yych != 'o') goto yy18; yych = *++YYCURSOR; if (yych != 'n') goto yy18; -yy77: +yy109: yych = *++YYCURSOR; if (yych <= 0x1F) { - if (yych == '\t') goto yy77; + if (yych == '\t') goto yy109; goto yy18; } else { - if (yych <= ' ') goto yy77; + if (yych <= ' ') goto yy109; if (yych != ';') goto yy18; } ++YYCURSOR; @@ -708,85 +913,85 @@ yyc_cond: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy85; + goto yy117; } if (yych <= '(') { if (yych <= '\r') { - if (yych <= 0x08) goto yy83; - if (yych <= '\n') goto yy88; - if (yych >= '\r') goto yy90; + if (yych <= 0x08) goto yy115; + if (yych <= '\n') goto yy120; + if (yych >= '\r') goto yy122; } else { - if (yych <= 0x1F) goto yy83; - if (yych <= '!') goto yy91; - if (yych >= '(') goto yy93; + if (yych <= 0x1F) goto yy115; + if (yych <= '!') goto yy123; + if (yych >= '(') goto yy125; } } else { if (yych <= 'Z') { - if (yych <= '/') goto yy83; + if (yych <= '/') goto yy115; if (yych <= '9') { yyt1 = YYCURSOR; - goto yy95; + goto yy127; } if (yych >= 'A') { yyt1 = YYCURSOR; - goto yy98; + goto yy130; } } else { if (yych <= '_') { if (yych >= '_') { yyt1 = YYCURSOR; - goto yy98; + goto yy130; } } else { - if (yych <= '`') goto yy83; + if (yych <= '`') goto yy115; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy98; + goto yy130; } } } } -yy83: +yy115: ++YYCURSOR; -yy84: +yy116: { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } -yy85: +yy117: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy85; + goto yy117; } { goto yyc_cond; } -yy88: +yy120: ++YYCURSOR; { lineno++; goto yyc_cond; } -yy90: +yy122: yych = *++YYCURSOR; - if (yych == '\n') goto yy88; - goto yy84; -yy91: + if (yych == '\n') goto yy120; + goto yy116; +yy123: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy93: +yy125: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy95: +yy127: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy95; + goto yy127; } t1 = yyt1; t2 = YYCURSOR; { sy_res_push(atoi(t1)); goto yyc_cond_op; } -yy98: +yy130: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy98; + goto yy130; } - if (yych == '(') goto yy101; -yy100: + if (yych == '(') goto yy133; +yy132: t1 = yyt1; t2 = YYCURSOR; { @@ -798,34 +1003,34 @@ yy100: sy_res_push(atoi(ZSTR_VAL(tmp))); goto yyc_cond_op; } -yy101: +yy133: yych = *++YYCURSOR; if (yych == '"') { yyt2 = YYCURSOR; - goto yy103; + goto yy135; } if (yych == ')') { yyt2 = YYCURSOR; - goto yy105; + goto yy137; } -yy102: +yy134: YYCURSOR = YYMARKER; if (yyaccept == 0) { - goto yy100; + goto yy132; } else { - goto yy106; + goto yy138; } -yy103: +yy135: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy103; + goto yy135; } - if (yych <= '\r') goto yy102; - if (yych <= '"') goto yy107; - goto yy108; -yy105: + if (yych <= '\r') goto yy134; + if (yych <= '"') goto yy139; + goto yy140; +yy137: ++YYCURSOR; -yy106: +yy138: t1 = yyt1; t3 = yyt2; t2 = yyt2 - 1; @@ -840,41 +1045,41 @@ yy106: } goto yyc_cond_op; } -yy107: +yy139: yych = *++YYCURSOR; - if (yych == ')') goto yy105; - goto yy102; -yy108: + if (yych == ')') goto yy137; + goto yy134; +yy140: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy103; + goto yy135; } - if (yych <= '\r') goto yy102; - if (yych >= '#') goto yy108; + if (yych <= '\r') goto yy134; + if (yych >= '#') goto yy140; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy108; + goto yy140; } if (yych <= '\r') { - if (yych == '\n') goto yy102; - if (yych <= '\f') goto yy103; - goto yy102; + if (yych == '\n') goto yy134; + if (yych <= '\f') goto yy135; + goto yy134; } else { if (yych <= '"') { - if (yych <= '!') goto yy103; - goto yy107; + if (yych <= '!') goto yy135; + goto yy139; } else { - if (yych != ')') goto yy103; + if (yych != ')') goto yy135; } } yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy103; + goto yy135; } - if (yych <= '\r') goto yy106; - if (yych <= '"') goto yy107; - goto yy108; + if (yych <= '\r') goto yy138; + if (yych <= '"') goto yy139; + goto yy140; } /* *********************************** */ yyc_cond_op: @@ -915,63 +1120,63 @@ yyc_cond_op: }; yych = *YYCURSOR; if (yybm[0+yych] & 128) { - goto yy116; + goto yy148; } if (yych <= ')') { if (yych <= '\r') { - if (yych <= 0x08) goto yy114; - if (yych <= '\n') goto yy119; - if (yych >= '\r') goto yy121; + if (yych <= 0x08) goto yy146; + if (yych <= '\n') goto yy151; + if (yych >= '\r') goto yy153; } else { if (yych == '&') { yyt1 = YYCURSOR; - goto yy122; + goto yy154; } - if (yych >= ')') goto yy123; + if (yych >= ')') goto yy155; } } else { if (yych <= '=') { - if (yych <= ':') goto yy114; - if (yych <= ';') goto yy125; + if (yych <= ':') goto yy146; + if (yych <= ';') goto yy157; if (yych <= '<') { yyt1 = YYCURSOR; - goto yy127; + goto yy159; } yyt1 = YYCURSOR; - goto yy129; + goto yy161; } else { if (yych <= '>') { yyt1 = YYCURSOR; - goto yy127; + goto yy159; } if (yych == '|') { yyt1 = YYCURSOR; - goto yy130; + goto yy162; } } } -yy114: +yy146: ++YYCURSOR; -yy115: +yy147: { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } -yy116: +yy148: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy116; + goto yy148; } { goto yyc_cond_op; } -yy119: +yy151: ++YYCURSOR; { lineno++; goto yyc_cond_op; } -yy121: +yy153: yych = *++YYCURSOR; - if (yych == '\n') goto yy119; - goto yy115; -yy122: + if (yych == '\n') goto yy151; + goto yy147; +yy154: yych = *++YYCURSOR; - if (yych == '&') goto yy131; - goto yy115; -yy123: + if (yych == '&') goto yy163; + goto yy147; +yy155: ++YYCURSOR; { while (cond_op_i && sy_op_peek() != '(') { @@ -983,7 +1188,7 @@ yy123: cond_op_i--; goto yyc_cond_op; } -yy125: +yy157: ++YYCURSOR; { while (cond_op_i) { @@ -993,10 +1198,10 @@ yy125: if (cond_res_i > 1) { cs_log_error("invalid condition on line %d", lineno); goto out; } goto yyc_init; } -yy127: +yy159: yych = *++YYCURSOR; - if (yych == '=') goto yy131; -yy128: + if (yych == '=') goto yy163; +yy160: t1 = yyt1; t2 = YYCURSOR; { @@ -1013,16 +1218,16 @@ yy128: sy_op_push(*t1); goto yyc_cond; } -yy129: +yy161: yych = *++YYCURSOR; - if (yych == '=') goto yy131; - goto yy115; -yy130: + if (yych == '=') goto yy163; + goto yy147; +yy162: yych = *++YYCURSOR; - if (yych != '|') goto yy115; -yy131: + if (yych != '|') goto yy147; +yy163: ++YYCURSOR; - goto yy128; + goto yy160; } /* *********************************** */ yyc_rule: @@ -1063,77 +1268,77 @@ yyc_rule: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy136; + goto yy168; } if (yych <= '\r') { - if (yych <= 0x08) goto yy134; - if (yych <= '\n') goto yy139; - if (yych >= '\r') goto yy140; + if (yych <= 0x08) goto yy166; + if (yych <= '\n') goto yy171; + if (yych >= '\r') goto yy172; } else { if (yych <= '.') { - if (yych >= '.') goto yy141; + if (yych >= '.') goto yy173; } else { - if (yych == ';') goto yy142; + if (yych == ';') goto yy174; } } -yy134: +yy166: ++YYCURSOR; -yy135: +yy167: { goto end_of_rule; } -yy136: +yy168: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy136; + goto yy168; } { goto yyc_rule; } -yy139: +yy171: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych <= 0x08) goto yy135; + if (yych <= 0x08) goto yy167; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy144; + goto yy176; } - if (yych <= '\f') goto yy135; + if (yych <= '\f') goto yy167; yyt1 = YYCURSOR; - goto yy147; + goto yy179; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy135; + if (yych <= 0x1F) goto yy167; yyt1 = YYCURSOR; - goto yy144; + goto yy176; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy148; + goto yy180; } - goto yy135; + goto yy167; } } -yy140: +yy172: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '\n') goto yy150; - goto yy135; -yy141: + if (yych == '\n') goto yy182; + goto yy167; +yy173: yych = *++YYCURSOR; if (yych <= '^') { - if (yych <= '@') goto yy135; + if (yych <= '@') goto yy167; if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy151; + goto yy183; } - goto yy135; + goto yy167; } else { - if (yych == '`') goto yy135; + if (yych == '`') goto yy167; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy151; + goto yy183; } - goto yy135; + goto yy167; } -yy142: +yy174: ++YYCURSOR; { end_of_rule: @@ -1144,71 +1349,71 @@ yy142: } goto yyc_init; } -yy144: +yy176: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy144; + goto yy176; } - if (yych == '\r') goto yy147; - if (yych == '.') goto yy148; -yy146: + if (yych == '\r') goto yy179; + if (yych == '.') goto yy180; +yy178: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { - goto yy135; + goto yy167; } else { yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; - goto yy153; + goto yy185; } } else { - goto yy153; + goto yy185; } -yy147: +yy179: yych = *++YYCURSOR; - if (yych == '\n') goto yy144; - goto yy146; -yy148: + if (yych == '\n') goto yy176; + goto yy178; +yy180: ++YYCURSOR; YYCURSOR = yyt1; { lineno++; goto yyc_rule; } -yy150: +yy182: yych = *++YYCURSOR; if (yych <= '\r') { - if (yych <= 0x08) goto yy146; + if (yych <= 0x08) goto yy178; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy144; + goto yy176; } - if (yych <= '\f') goto yy146; + if (yych <= '\f') goto yy178; yyt1 = YYCURSOR; - goto yy147; + goto yy179; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy146; + if (yych <= 0x1F) goto yy178; yyt1 = YYCURSOR; - goto yy144; + goto yy176; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy148; + goto yy180; } - goto yy146; + goto yy178; } } -yy151: +yy183: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy151; + goto yy183; } if (yych == '(') { yyt2 = YYCURSOR; - goto yy154; + goto yy186; } yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; -yy153: +yy185: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -1243,110 +1448,110 @@ yy153: parsed_rule[kw_i++] = kw; goto yyc_rule; } -yy154: +yy186: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '"') { - if (yych <= '!') goto yy146; + if (yych <= '!') goto yy178; yyt3 = YYCURSOR; } else { if (yych == ')') { yyt3 = yyt4 = YYCURSOR; - goto yy157; + goto yy189; } - goto yy146; + goto yy178; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt3 = YYCURSOR; - goto yy158; + goto yy190; } - if (yych <= '^') goto yy146; + if (yych <= '^') goto yy178; yyt3 = YYCURSOR; - goto yy158; + goto yy190; } else { - if (yych <= '`') goto yy146; + if (yych <= '`') goto yy178; if (yych <= 'z') { yyt3 = YYCURSOR; - goto yy158; + goto yy190; } - goto yy146; + goto yy178; } } -yy155: +yy187: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy155; + goto yy187; } - if (yych <= '\r') goto yy146; - if (yych <= '"') goto yy160; - goto yy161; -yy157: + if (yych <= '\r') goto yy178; + if (yych <= '"') goto yy192; + goto yy193; +yy189: ++YYCURSOR; - goto yy153; -yy158: + goto yy185; +yy190: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= ')') { - if (yych <= '(') goto yy146; + if (yych <= '(') goto yy178; yyt4 = YYCURSOR; - goto yy157; + goto yy189; } else { - if (yych <= '/') goto yy146; - if (yych <= '9') goto yy158; - goto yy146; + if (yych <= '/') goto yy178; + if (yych <= '9') goto yy190; + goto yy178; } } else { if (yych <= '_') { - if (yych <= 'Z') goto yy158; - if (yych <= '^') goto yy146; - goto yy158; + if (yych <= 'Z') goto yy190; + if (yych <= '^') goto yy178; + goto yy190; } else { - if (yych <= '`') goto yy146; - if (yych <= 'z') goto yy158; - goto yy146; + if (yych <= '`') goto yy178; + if (yych <= 'z') goto yy190; + goto yy178; } } -yy160: +yy192: yych = *++YYCURSOR; if (yych == ')') { yyt4 = YYCURSOR; - goto yy157; + goto yy189; } - goto yy146; -yy161: + goto yy178; +yy193: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy155; + goto yy187; } - if (yych <= '\r') goto yy146; - if (yych >= '#') goto yy161; + if (yych <= '\r') goto yy178; + if (yych >= '#') goto yy193; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy161; + goto yy193; } if (yych <= '\r') { - if (yych == '\n') goto yy146; - if (yych <= '\f') goto yy155; - goto yy146; + if (yych == '\n') goto yy178; + if (yych <= '\f') goto yy187; + goto yy178; } else { if (yych <= '"') { - if (yych <= '!') goto yy155; - goto yy160; + if (yych <= '!') goto yy187; + goto yy192; } else { - if (yych != ')') goto yy155; + if (yych != ')') goto yy187; yyt4 = YYCURSOR; } } yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy155; + goto yy187; } - if (yych <= '\r') goto yy153; - if (yych <= '"') goto yy160; - goto yy161; + if (yych <= '\r') goto yy185; + if (yych <= '"') goto yy192; + goto yy193; } } diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index 063d332..b0ee5d5 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -4,6 +4,8 @@ #define cs_log_error(fmt, ...) sp_log_err("config", fmt, ##__VA_ARGS__) #define cs_log_info(fmt, ...) sp_log_msg("config", SP_LOG_INFO, fmt, ##__VA_ARGS__) +#define cs_log_warning(fmt, ...) sp_log_warn("config", fmt, ##__VA_ARGS__) + zend_string *sp_get_arg_string(sp_parsed_keyword *kw) { if (!kw || !kw->arg) { @@ -126,6 +128,12 @@ static int sy_apply_op(char op, int a, int b) { int res = sy_apply_op(op, a, b); \ sy_res_push(res); +#define TMPSTR(tmpstr, t2, t1) \ + char tmpstr[1024]; \ + size_t tmplen = MIN(t2-t1-2, 1023); \ + strncpy(tmpstr, t1+1, tmplen); \ + tmpstr[tmplen] = 0; + zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_keyword*)) { @@ -186,14 +194,22 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key } "@condition" ws+ { goto yyc_cond; } "@end_condition" ws* ";" { cond_res[0] = 1; goto yyc_init; } - "@log" ws+ @t1 string? @t2 { - char tmpstr[1024]; - size_t tmplen = MIN(t2-t1-2, 1023); - strncpy(tmpstr, t1+1, tmplen); - tmpstr[tmplen] = 0; + ( "@log" | "@info" ) ws+ @t1 string @t2 { + TMPSTR(tmpstr, t2, t1); cs_log_info("[line %d]: %s", lineno, tmpstr); goto yyc_init; } + ( "@warn" | "@warning" ) ws+ @t1 string @t2 { + TMPSTR(tmpstr, t2, t1); + cs_log_warning("[line %d]: %s", lineno, tmpstr); + goto yyc_init; + } + ( "@err" | "@error" ) ws+ @t1 string @t2 { + TMPSTR(tmpstr, t2, t1); + cs_log_error("[line %d]: %s", lineno, tmpstr); + goto out; + } + ws+ { goto yyc_cond; } nl { lineno++; goto yyc_cond; } -- cgit v1.3 From 93c806a0e8e4b290a26ef62d726bfc936b2a5d1b Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 17:57:32 +0100 Subject: updated cached scanner file --- src/sp_config_scanner.cached.c | 1 - 1 file changed, 1 deletion(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index bd2fa3c..dd6f4f6 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -582,7 +582,6 @@ yy70: t2 = YYCURSOR; { TMPSTR(tmpstr, t2, t1); - sp_log_debug("tmplen: %d", tmplen); cs_log_info("[line %d]: %s", lineno, tmpstr); goto yyc_init; } -- cgit v1.3 From f24151869a54a95da28b74beac5f1f87c06cfafe Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 17:58:23 +0100 Subject: removed confusung newlines for better reading/searching --- src/sp_upload_validation.c | 20 ++++++-------------- 1 file changed, 6 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index bff7e43..38b4cb3 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -36,12 +36,9 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { zval *file; pid_t pid; - sp_log_debug( - "Got %d files", - zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]))); + sp_log_debug("Got %d files", zend_hash_num_elements(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]))); - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]), - file_key, file) { // for each uploaded file + ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL(PG(http_globals)[TRACK_VARS_FILES]), file_key, file) { // for each uploaded file char *filename = Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("name"))); char *tmp_name = Z_STRVAL_P(zend_hash_str_find(Z_ARRVAL_P(file), ZEND_STRL("tmp_name"))); @@ -60,22 +57,19 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { spprintf(&env[0], 0, "SP_FILENAME=%s", filename); spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", getenv("REMOTE_ADDR")); - spprintf(&env[2], 0, "SP_CURRENT_FILE=%s", - zend_get_executed_filename(TSRMLS_C)); + spprintf(&env[2], 0, "SP_CURRENT_FILE=%s", zend_get_executed_filename(TSRMLS_C)); spprintf(&env[3], 0, "SP_FILESIZE=%zu", filesize); env[4] = NULL; if ((pid = fork()) == 0) { if (execve(ZSTR_VAL(config_upload->script), cmd, env) == -1) { - sp_log_warn("upload_validation", "Could not call '%s' : %s", - ZSTR_VAL(config_upload->script), strerror(errno)); + sp_log_warn("upload_validation", "Could not call '%s' : %s", ZSTR_VAL(config_upload->script), strerror(errno)); EFREE_3(env); exit(1); } } else if (pid == -1) { // LCOV_EXCL_START - sp_log_err("upload_validation", "Could not fork process : %s\n", - strerror(errno)); + sp_log_err("upload_validation", "Could not fork process : %s\n", strerror(errno)); EFREE_3(env); continue; // LCOV_EXCL_STOP @@ -87,9 +81,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { if (WEXITSTATUS(waitstatus) != 0) { // Nope char *uri = getenv("REQUEST_URI"); int sim = config_upload->simulation; - sp_log_auto("upload_validation", sim, - "The upload of %s on %s was rejected.", filename, - uri ? uri : "?"); + sp_log_auto("upload_validation", sim, "The upload of %s on %s was rejected.", filename, uri ? uri : "?"); } } ZEND_HASH_FOREACH_END(); -- cgit v1.3 From 6f50404217f9c6cc25654f6edd527c1d1f3286e4 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 17:59:21 +0100 Subject: check compatibility with linux --- src/tests/stream_wrapper/stream_wrapper.phpt | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/tests/stream_wrapper/stream_wrapper.phpt b/src/tests/stream_wrapper/stream_wrapper.phpt index 588a10d..6cd7a66 100644 --- a/src/tests/stream_wrapper/stream_wrapper.phpt +++ b/src/tests/stream_wrapper/stream_wrapper.phpt @@ -23,9 +23,9 @@ Warning: Unknown: Unable to find the wrapper "php" - did you forget to enable it Warning: file_get_contents(): Unable to find the wrapper "http" - did you forget to enable it when you configured PHP? in %a/stream_wrapper.php on line %d -Warning: file_get_contents(): php_network_getaddresses: getaddrinfo failed: %s +Warning: file_get_contents(): php_network_getaddresses: getaddrinfo%sfailed: %s -Warning: file_get_contents(https://qweqwezxc): %s to open stream: php_network_getaddresses: getaddrinfo failed: %s +Warning: file_get_contents(https://qweqwezxc): %s to open stream: php_network_getaddresses: getaddrinfo%sfailed: %s Warning: file_get_contents(ftp://qweqwezxc): %s to open stream: operation failed in %a/stream_wrapper.php on line %d -- cgit v1.3 From 2863344b21977bb5b1df276b2f17e2ac9572e42a Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 18:00:34 +0100 Subject: removed upload script x-bit check at load time, thus allowing root-user to execute test cases --- src/sp_config_keywords.c | 3 --- src/tests/upload_validation/upload_validation_no_exec.phpt | 7 ++++--- 2 files changed, 4 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index cbe4966..138da75 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -429,9 +429,6 @@ SP_PARSE_FN(parse_upload_validation) { } else if (-1 == access(ZSTR_VAL(cfg->script), F_OK)) { sp_log_err("config", "The `script` (%s) doesn't exist on line %zu", ZSTR_VAL(cfg->script), parsed_rule->lineno); return SP_PARSER_ERROR; - } else if (-1 == access(ZSTR_VAL(cfg->script), X_OK)) { - sp_log_err("config", "The `script` (%s) isn't executable on line %zu", ZSTR_VAL(cfg->script), parsed_rule->lineno); - return SP_PARSER_ERROR; } return SP_PARSER_STOP; diff --git a/src/tests/upload_validation/upload_validation_no_exec.phpt b/src/tests/upload_validation/upload_validation_no_exec.phpt index b198bda..ff3dc14 100644 --- a/src/tests/upload_validation/upload_validation_no_exec.phpt +++ b/src/tests/upload_validation/upload_validation_no_exec.phpt @@ -4,6 +4,7 @@ Upload a file, validation script not executable file_uploads=1 sp.configuration_file={PWD}/config/upload_validation_non_exec.ini output_buffering=off +expose_php=0 --POST_RAW-- Content-Type: multipart/form-data; boundary=blabla --blabla @@ -14,6 +15,6 @@ Content-Disposition: form-data; name="test"; filename="test.php" var_dump($_FILES); ?> --EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` (tests/data/upload_no_exec.sh) isn't executable on line 1 in Unknown on line 0 +Warning: [snuffleupagus][0.0.0.0][upload_validation][log] Could not call '%s' : Permission denied %s +%a +Fatal error: [snuffleupagus][0.0.0.0][upload_validation][drop] The upload %s was rejected. in Unknown on line 0 -- cgit v1.3 From 578f879e26ce4e3f1cd7693cb9d9a8a6f35cc389 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 19:47:56 +0100 Subject: make set + @log/@info/@error conditional --- src/sp_config_scanner.cached.c | 718 ++++++++++++++++++++++++----------------- src/sp_config_scanner.re | 14 +- 2 files changed, 424 insertions(+), 308 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index dd6f4f6..bb23cf9 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -297,26 +297,41 @@ yy17: if (yych == 'o') goto yy26; yy18: YYCURSOR = YYMARKER; - if (yyaccept <= 2) { - if (yyaccept <= 1) { - if (yyaccept == 0) { - goto yy5; + if (yyaccept <= 4) { + if (yyaccept <= 2) { + if (yyaccept <= 1) { + if (yyaccept == 0) { + goto yy5; + } else { + yyt2 = YYCURSOR; + goto yy66; + } } else { - goto yy66; + yyt2 = YYCURSOR; + goto yy70; } } else { - goto yy70; + if (yyaccept == 3) { + goto yy66; + } else { + goto yy70; + } } } else { - if (yyaccept <= 4) { - if (yyaccept == 3) { - goto yy83; + if (yyaccept <= 6) { + if (yyaccept == 5) { + yyt2 = YYCURSOR; + goto yy85; } else { yyt4 = YYCURSOR; - goto yy88; + goto yy90; } } else { - goto yy88; + if (yyaccept == 7) { + goto yy85; + } else { + goto yy90; + } } } yy19: @@ -558,11 +573,14 @@ yy64: if (yych == 'n') goto yy79; goto yy18; yy65: - ++YYCURSOR; + yych = *++YYCURSOR; + yyt2 = YYCURSOR; + if (yych == ';') goto yy80; yy66: t1 = yyt1; - t2 = YYCURSOR; + t2 = yyt2; { + if (!cond_res[0]) { goto yyc_init; } TMPSTR(tmpstr, t2, t1); cs_log_error("[line %d]: %s", lineno, tmpstr); goto out; @@ -573,14 +591,17 @@ yy67: goto yy53; } if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy80; + if (yych <= '"') goto yy81; goto yy67; yy69: - ++YYCURSOR; + yych = *++YYCURSOR; + yyt2 = YYCURSOR; + if (yych == ';') goto yy82; yy70: t1 = yyt1; - t2 = YYCURSOR; + t2 = yyt2; { + if (!cond_res[0]) { goto yyc_init; } TMPSTR(tmpstr, t2, t1); cs_log_info("[line %d]: %s", lineno, tmpstr); goto yyc_init; @@ -594,7 +615,7 @@ yy71: } else { if (yych <= '"') { if (yych <= '!') goto yy56; - goto yy81; + goto yy83; } else { if (yych == '\\') goto yy71; goto yy56; @@ -609,15 +630,15 @@ yy73: } else { if (yych <= '"') { if (yych <= '!') goto yy73; - goto yy82; + goto yy84; } else { - if (yych == '\\') goto yy84; + if (yych == '\\') goto yy86; goto yy73; } } yy75: yych = *++YYCURSOR; - if (yych == 'g') goto yy86; + if (yych == 'g') goto yy88; goto yy18; yy76: yych = *++YYCURSOR; @@ -628,56 +649,92 @@ yy76: } else { if (yych <= '"') { if (yych <= '!') goto yy76; - goto yy87; + goto yy89; } else { - if (yych == '\\') goto yy89; + if (yych == '\\') goto yy91; goto yy76; } } yy78: yych = *++YYCURSOR; - if (yych == 'o') goto yy91; + if (yych == 'o') goto yy93; goto yy18; yy79: yych = *++YYCURSOR; - if (yych == 'd') goto yy92; + if (yych == 'd') goto yy94; goto yy18; yy80: + ++YYCURSOR; + goto yy66; +yy81: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); - if (yybm[0+yych] & 64) { - goto yy53; + if (yybm[0+yych] & 128) { + goto yy67; } - if (yych <= '\r') goto yy66; - if (yych <= '"') goto yy65; - goto yy67; -yy81: - yyaccept = 2; - yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy70; - if (yych <= '\f') goto yy56; - goto yy70; + if (yych == '\n') { + yyt2 = YYCURSOR; + goto yy66; + } + if (yych <= '\f') goto yy53; + yyt2 = YYCURSOR; + goto yy66; } else { if (yych <= '"') { - if (yych <= '!') goto yy56; - goto yy69; + if (yych <= '!') goto yy53; + goto yy65; } else { - if (yych == '\\') goto yy71; - goto yy56; + if (yych == ';') { + yyt2 = YYCURSOR; + goto yy95; + } + goto yy53; } } yy82: ++YYCURSOR; + goto yy70; yy83: + yyaccept = 2; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '!') { + if (yych <= '\n') { + if (yych <= '\t') goto yy56; + yyt2 = YYCURSOR; + goto yy70; + } else { + if (yych == '\r') { + yyt2 = YYCURSOR; + goto yy70; + } + goto yy56; + } + } else { + if (yych <= ';') { + if (yych <= '"') goto yy69; + if (yych <= ':') goto yy56; + yyt2 = YYCURSOR; + goto yy96; + } else { + if (yych == '\\') goto yy71; + goto yy56; + } + } +yy84: + yych = *++YYCURSOR; + yyt2 = YYCURSOR; + if (yych == ';') goto yy97; +yy85: t1 = yyt1; - t2 = YYCURSOR; + t2 = yyt2; { + if (!cond_res[0]) { goto yyc_init; } TMPSTR(tmpstr, t2, t1); cs_log_warning("[line %d]: %s", lineno, tmpstr); goto yyc_init; } -yy84: +yy86: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; @@ -686,26 +743,27 @@ yy84: } else { if (yych <= '"') { if (yych <= '!') goto yy73; - goto yy93; + goto yy98; } else { - if (yych == '\\') goto yy84; + if (yych == '\\') goto yy86; goto yy73; } } -yy86: +yy88: yych = *++YYCURSOR; if (yych == '"') goto yy18; goto yy59; -yy87: +yy89: yych = *++YYCURSOR; yyt4 = YYCURSOR; - goto yy95; -yy88: + goto yy100; +yy90: t1 = yyt1; t2 = yyt2; t3 = yyt3; t4 = yyt4; { + if (!cond_res[0]) { goto yyc_init; } char *key = (char*)t1; int keylen = t2-t1; zend_string *tmp = zend_hash_str_find_ptr(&vars, key, keylen); @@ -716,7 +774,7 @@ yy88: zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } -yy89: +yy91: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; @@ -725,153 +783,207 @@ yy89: } else { if (yych <= '"') { if (yych <= '!') goto yy76; - goto yy97; + goto yy102; } else { - if (yych == '\\') goto yy89; + if (yych == '\\') goto yy91; goto yy76; } } -yy91: +yy93: yych = *++YYCURSOR; - if (yych == 'n') goto yy98; + if (yych == 'n') goto yy103; goto yy18; -yy92: +yy94: yych = *++YYCURSOR; - if (yych == 'i') goto yy99; + if (yych == 'i') goto yy104; goto yy18; -yy93: +yy95: yyaccept = 3; yych = *(YYMARKER = ++YYCURSOR); + if (yybm[0+yych] & 64) { + goto yy53; + } + if (yych <= '\r') goto yy66; + if (yych <= '"') goto yy65; + goto yy67; +yy96: + yyaccept = 4; + yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy83; - if (yych <= '\f') goto yy73; - goto yy83; + if (yych == '\n') goto yy70; + if (yych <= '\f') goto yy56; + goto yy70; } else { if (yych <= '"') { - if (yych <= '!') goto yy73; - goto yy82; + if (yych <= '!') goto yy56; + goto yy69; + } else { + if (yych == '\\') goto yy71; + goto yy56; + } + } +yy97: + ++YYCURSOR; + goto yy85; +yy98: + yyaccept = 5; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '!') { + if (yych <= '\n') { + if (yych <= '\t') goto yy73; + yyt2 = YYCURSOR; + goto yy85; + } else { + if (yych == '\r') { + yyt2 = YYCURSOR; + goto yy85; + } + goto yy73; + } + } else { + if (yych <= ';') { + if (yych <= '"') goto yy84; + if (yych <= ':') goto yy73; + yyt2 = YYCURSOR; + goto yy105; } else { - if (yych == '\\') goto yy84; + if (yych == '\\') goto yy86; goto yy73; } } -yy94: +yy99: yych = *++YYCURSOR; -yy95: +yy100: if (yych <= 0x1F) { - if (yych == '\t') goto yy94; - goto yy88; + if (yych == '\t') goto yy99; + goto yy90; } else { - if (yych <= ' ') goto yy94; - if (yych != ';') goto yy88; + if (yych <= ' ') goto yy99; + if (yych != ';') goto yy90; } ++YYCURSOR; - goto yy88; -yy97: - yyaccept = 4; + goto yy90; +yy102: + yyaccept = 6; yych = *(YYMARKER = ++YYCURSOR); if (yych <= ' ') { if (yych <= '\n') { if (yych <= 0x08) goto yy76; if (yych <= '\t') { yyt4 = YYCURSOR; - goto yy100; + goto yy106; } yyt4 = YYCURSOR; - goto yy88; + goto yy90; } else { if (yych == '\r') { yyt4 = YYCURSOR; - goto yy88; + goto yy90; } if (yych <= 0x1F) goto yy76; yyt4 = YYCURSOR; - goto yy100; + goto yy106; } } else { if (yych <= ':') { - if (yych == '"') goto yy87; + if (yych == '"') goto yy89; goto yy76; } else { if (yych <= ';') { yyt4 = YYCURSOR; - goto yy102; + goto yy108; } - if (yych == '\\') goto yy89; + if (yych == '\\') goto yy91; goto yy76; } } -yy98: +yy103: yych = *++YYCURSOR; - if (yych == '\t') goto yy103; - if (yych == ' ') goto yy103; + if (yych == '\t') goto yy109; + if (yych == ' ') goto yy109; goto yy18; -yy99: +yy104: yych = *++YYCURSOR; - if (yych == 't') goto yy106; + if (yych == 't') goto yy112; goto yy18; -yy100: - yyaccept = 5; +yy105: + yyaccept = 7; + yych = *(YYMARKER = ++YYCURSOR); + if (yych <= '\r') { + if (yych == '\n') goto yy85; + if (yych <= '\f') goto yy73; + goto yy85; + } else { + if (yych <= '"') { + if (yych <= '!') goto yy73; + goto yy84; + } else { + if (yych == '\\') goto yy86; + goto yy73; + } + } +yy106: + yyaccept = 8; yych = *(YYMARKER = ++YYCURSOR); if (yych <= ' ') { if (yych <= '\n') { if (yych <= 0x08) goto yy76; - if (yych <= '\t') goto yy100; - goto yy88; + if (yych <= '\t') goto yy106; + goto yy90; } else { - if (yych == '\r') goto yy88; + if (yych == '\r') goto yy90; if (yych <= 0x1F) goto yy76; - goto yy100; + goto yy106; } } else { if (yych <= ':') { - if (yych == '"') goto yy87; + if (yych == '"') goto yy89; goto yy76; } else { - if (yych <= ';') goto yy102; - if (yych == '\\') goto yy89; + if (yych <= ';') goto yy108; + if (yych == '\\') goto yy91; goto yy76; } } -yy102: - yyaccept = 5; +yy108: + yyaccept = 8; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy88; + if (yych == '\n') goto yy90; if (yych <= '\f') goto yy76; - goto yy88; + goto yy90; } else { if (yych <= '"') { if (yych <= '!') goto yy76; - goto yy87; + goto yy89; } else { - if (yych == '\\') goto yy89; + if (yych == '\\') goto yy91; goto yy76; } } -yy103: +yy109: yych = *++YYCURSOR; - if (yych == '\t') goto yy103; - if (yych == ' ') goto yy103; - { goto yyc_cond; } -yy106: + if (yych == '\t') goto yy109; + if (yych == ' ') goto yy109; + { cond_res_i = 0; goto yyc_cond; } +yy112: yych = *++YYCURSOR; if (yych != 'i') goto yy18; yych = *++YYCURSOR; if (yych != 'o') goto yy18; yych = *++YYCURSOR; if (yych != 'n') goto yy18; -yy109: +yy115: yych = *++YYCURSOR; if (yych <= 0x1F) { - if (yych == '\t') goto yy109; + if (yych == '\t') goto yy115; goto yy18; } else { - if (yych <= ' ') goto yy109; + if (yych <= ' ') goto yy115; if (yych != ';') goto yy18; } ++YYCURSOR; - { cond_res[0] = 1; goto yyc_init; } + { cond_res[0] = 1; cond_res_i = 0; goto yyc_init; } } /* *********************************** */ yyc_cond: @@ -912,85 +1024,85 @@ yyc_cond: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy117; + goto yy123; } if (yych <= '(') { if (yych <= '\r') { - if (yych <= 0x08) goto yy115; - if (yych <= '\n') goto yy120; - if (yych >= '\r') goto yy122; + if (yych <= 0x08) goto yy121; + if (yych <= '\n') goto yy126; + if (yych >= '\r') goto yy128; } else { - if (yych <= 0x1F) goto yy115; - if (yych <= '!') goto yy123; - if (yych >= '(') goto yy125; + if (yych <= 0x1F) goto yy121; + if (yych <= '!') goto yy129; + if (yych >= '(') goto yy131; } } else { if (yych <= 'Z') { - if (yych <= '/') goto yy115; + if (yych <= '/') goto yy121; if (yych <= '9') { yyt1 = YYCURSOR; - goto yy127; + goto yy133; } if (yych >= 'A') { yyt1 = YYCURSOR; - goto yy130; + goto yy136; } } else { if (yych <= '_') { if (yych >= '_') { yyt1 = YYCURSOR; - goto yy130; + goto yy136; } } else { - if (yych <= '`') goto yy115; + if (yych <= '`') goto yy121; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy130; + goto yy136; } } } } -yy115: +yy121: ++YYCURSOR; -yy116: +yy122: { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } -yy117: +yy123: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy117; + goto yy123; } { goto yyc_cond; } -yy120: +yy126: ++YYCURSOR; { lineno++; goto yyc_cond; } -yy122: +yy128: yych = *++YYCURSOR; - if (yych == '\n') goto yy120; - goto yy116; -yy123: + if (yych == '\n') goto yy126; + goto yy122; +yy129: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy125: +yy131: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy127: +yy133: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy127; + goto yy133; } t1 = yyt1; t2 = YYCURSOR; { sy_res_push(atoi(t1)); goto yyc_cond_op; } -yy130: +yy136: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy130; + goto yy136; } - if (yych == '(') goto yy133; -yy132: + if (yych == '(') goto yy139; +yy138: t1 = yyt1; t2 = YYCURSOR; { @@ -1002,34 +1114,34 @@ yy132: sy_res_push(atoi(ZSTR_VAL(tmp))); goto yyc_cond_op; } -yy133: +yy139: yych = *++YYCURSOR; if (yych == '"') { yyt2 = YYCURSOR; - goto yy135; + goto yy141; } if (yych == ')') { yyt2 = YYCURSOR; - goto yy137; + goto yy143; } -yy134: +yy140: YYCURSOR = YYMARKER; if (yyaccept == 0) { - goto yy132; - } else { goto yy138; + } else { + goto yy144; } -yy135: +yy141: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy135; + goto yy141; } - if (yych <= '\r') goto yy134; - if (yych <= '"') goto yy139; - goto yy140; -yy137: + if (yych <= '\r') goto yy140; + if (yych <= '"') goto yy145; + goto yy146; +yy143: ++YYCURSOR; -yy138: +yy144: t1 = yyt1; t3 = yyt2; t2 = yyt2 - 1; @@ -1044,41 +1156,41 @@ yy138: } goto yyc_cond_op; } -yy139: +yy145: yych = *++YYCURSOR; - if (yych == ')') goto yy137; - goto yy134; -yy140: + if (yych == ')') goto yy143; + goto yy140; +yy146: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy135; + goto yy141; } - if (yych <= '\r') goto yy134; - if (yych >= '#') goto yy140; + if (yych <= '\r') goto yy140; + if (yych >= '#') goto yy146; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy140; + goto yy146; } if (yych <= '\r') { - if (yych == '\n') goto yy134; - if (yych <= '\f') goto yy135; - goto yy134; + if (yych == '\n') goto yy140; + if (yych <= '\f') goto yy141; + goto yy140; } else { if (yych <= '"') { - if (yych <= '!') goto yy135; - goto yy139; + if (yych <= '!') goto yy141; + goto yy145; } else { - if (yych != ')') goto yy135; + if (yych != ')') goto yy141; } } yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy135; + goto yy141; } - if (yych <= '\r') goto yy138; - if (yych <= '"') goto yy139; - goto yy140; + if (yych <= '\r') goto yy144; + if (yych <= '"') goto yy145; + goto yy146; } /* *********************************** */ yyc_cond_op: @@ -1119,63 +1231,63 @@ yyc_cond_op: }; yych = *YYCURSOR; if (yybm[0+yych] & 128) { - goto yy148; + goto yy154; } if (yych <= ')') { if (yych <= '\r') { - if (yych <= 0x08) goto yy146; - if (yych <= '\n') goto yy151; - if (yych >= '\r') goto yy153; + if (yych <= 0x08) goto yy152; + if (yych <= '\n') goto yy157; + if (yych >= '\r') goto yy159; } else { if (yych == '&') { yyt1 = YYCURSOR; - goto yy154; + goto yy160; } - if (yych >= ')') goto yy155; + if (yych >= ')') goto yy161; } } else { if (yych <= '=') { - if (yych <= ':') goto yy146; - if (yych <= ';') goto yy157; + if (yych <= ':') goto yy152; + if (yych <= ';') goto yy163; if (yych <= '<') { yyt1 = YYCURSOR; - goto yy159; + goto yy165; } yyt1 = YYCURSOR; - goto yy161; + goto yy167; } else { if (yych <= '>') { yyt1 = YYCURSOR; - goto yy159; + goto yy165; } if (yych == '|') { yyt1 = YYCURSOR; - goto yy162; + goto yy168; } } } -yy146: +yy152: ++YYCURSOR; -yy147: +yy153: { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } -yy148: +yy154: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy148; + goto yy154; } { goto yyc_cond_op; } -yy151: +yy157: ++YYCURSOR; { lineno++; goto yyc_cond_op; } -yy153: +yy159: yych = *++YYCURSOR; - if (yych == '\n') goto yy151; - goto yy147; -yy154: + if (yych == '\n') goto yy157; + goto yy153; +yy160: yych = *++YYCURSOR; - if (yych == '&') goto yy163; - goto yy147; -yy155: + if (yych == '&') goto yy169; + goto yy153; +yy161: ++YYCURSOR; { while (cond_op_i && sy_op_peek() != '(') { @@ -1187,7 +1299,7 @@ yy155: cond_op_i--; goto yyc_cond_op; } -yy157: +yy163: ++YYCURSOR; { while (cond_op_i) { @@ -1197,10 +1309,10 @@ yy157: if (cond_res_i > 1) { cs_log_error("invalid condition on line %d", lineno); goto out; } goto yyc_init; } -yy159: +yy165: yych = *++YYCURSOR; - if (yych == '=') goto yy163; -yy160: + if (yych == '=') goto yy169; +yy166: t1 = yyt1; t2 = YYCURSOR; { @@ -1217,16 +1329,16 @@ yy160: sy_op_push(*t1); goto yyc_cond; } -yy161: +yy167: yych = *++YYCURSOR; - if (yych == '=') goto yy163; - goto yy147; -yy162: + if (yych == '=') goto yy169; + goto yy153; +yy168: yych = *++YYCURSOR; - if (yych != '|') goto yy147; -yy163: + if (yych != '|') goto yy153; +yy169: ++YYCURSOR; - goto yy160; + goto yy166; } /* *********************************** */ yyc_rule: @@ -1267,77 +1379,77 @@ yyc_rule: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy168; + goto yy174; } if (yych <= '\r') { - if (yych <= 0x08) goto yy166; - if (yych <= '\n') goto yy171; - if (yych >= '\r') goto yy172; + if (yych <= 0x08) goto yy172; + if (yych <= '\n') goto yy177; + if (yych >= '\r') goto yy178; } else { if (yych <= '.') { - if (yych >= '.') goto yy173; + if (yych >= '.') goto yy179; } else { - if (yych == ';') goto yy174; + if (yych == ';') goto yy180; } } -yy166: +yy172: ++YYCURSOR; -yy167: +yy173: { goto end_of_rule; } -yy168: +yy174: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy168; + goto yy174; } { goto yyc_rule; } -yy171: +yy177: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych <= 0x08) goto yy167; + if (yych <= 0x08) goto yy173; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy176; + goto yy182; } - if (yych <= '\f') goto yy167; + if (yych <= '\f') goto yy173; yyt1 = YYCURSOR; - goto yy179; + goto yy185; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy167; + if (yych <= 0x1F) goto yy173; yyt1 = YYCURSOR; - goto yy176; + goto yy182; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy180; + goto yy186; } - goto yy167; + goto yy173; } } -yy172: +yy178: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '\n') goto yy182; - goto yy167; -yy173: + if (yych == '\n') goto yy188; + goto yy173; +yy179: yych = *++YYCURSOR; if (yych <= '^') { - if (yych <= '@') goto yy167; + if (yych <= '@') goto yy173; if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy183; + goto yy189; } - goto yy167; + goto yy173; } else { - if (yych == '`') goto yy167; + if (yych == '`') goto yy173; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy183; + goto yy189; } - goto yy167; + goto yy173; } -yy174: +yy180: ++YYCURSOR; { end_of_rule: @@ -1348,71 +1460,71 @@ yy174: } goto yyc_init; } -yy176: +yy182: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy176; + goto yy182; } - if (yych == '\r') goto yy179; - if (yych == '.') goto yy180; -yy178: + if (yych == '\r') goto yy185; + if (yych == '.') goto yy186; +yy184: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { - goto yy167; + goto yy173; } else { yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; - goto yy185; + goto yy191; } } else { - goto yy185; + goto yy191; } -yy179: +yy185: yych = *++YYCURSOR; - if (yych == '\n') goto yy176; - goto yy178; -yy180: + if (yych == '\n') goto yy182; + goto yy184; +yy186: ++YYCURSOR; YYCURSOR = yyt1; { lineno++; goto yyc_rule; } -yy182: +yy188: yych = *++YYCURSOR; if (yych <= '\r') { - if (yych <= 0x08) goto yy178; + if (yych <= 0x08) goto yy184; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy176; + goto yy182; } - if (yych <= '\f') goto yy178; + if (yych <= '\f') goto yy184; yyt1 = YYCURSOR; - goto yy179; + goto yy185; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy178; + if (yych <= 0x1F) goto yy184; yyt1 = YYCURSOR; - goto yy176; + goto yy182; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy180; + goto yy186; } - goto yy178; + goto yy184; } } -yy183: +yy189: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy183; + goto yy189; } if (yych == '(') { yyt2 = YYCURSOR; - goto yy186; + goto yy192; } yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; -yy185: +yy191: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -1447,110 +1559,110 @@ yy185: parsed_rule[kw_i++] = kw; goto yyc_rule; } -yy186: +yy192: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '"') { - if (yych <= '!') goto yy178; + if (yych <= '!') goto yy184; yyt3 = YYCURSOR; } else { if (yych == ')') { yyt3 = yyt4 = YYCURSOR; - goto yy189; + goto yy195; } - goto yy178; + goto yy184; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt3 = YYCURSOR; - goto yy190; + goto yy196; } - if (yych <= '^') goto yy178; + if (yych <= '^') goto yy184; yyt3 = YYCURSOR; - goto yy190; + goto yy196; } else { - if (yych <= '`') goto yy178; + if (yych <= '`') goto yy184; if (yych <= 'z') { yyt3 = YYCURSOR; - goto yy190; + goto yy196; } - goto yy178; + goto yy184; } } -yy187: +yy193: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy187; + goto yy193; } - if (yych <= '\r') goto yy178; - if (yych <= '"') goto yy192; - goto yy193; -yy189: + if (yych <= '\r') goto yy184; + if (yych <= '"') goto yy198; + goto yy199; +yy195: ++YYCURSOR; - goto yy185; -yy190: + goto yy191; +yy196: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= ')') { - if (yych <= '(') goto yy178; + if (yych <= '(') goto yy184; yyt4 = YYCURSOR; - goto yy189; + goto yy195; } else { - if (yych <= '/') goto yy178; - if (yych <= '9') goto yy190; - goto yy178; + if (yych <= '/') goto yy184; + if (yych <= '9') goto yy196; + goto yy184; } } else { if (yych <= '_') { - if (yych <= 'Z') goto yy190; - if (yych <= '^') goto yy178; - goto yy190; + if (yych <= 'Z') goto yy196; + if (yych <= '^') goto yy184; + goto yy196; } else { - if (yych <= '`') goto yy178; - if (yych <= 'z') goto yy190; - goto yy178; + if (yych <= '`') goto yy184; + if (yych <= 'z') goto yy196; + goto yy184; } } -yy192: +yy198: yych = *++YYCURSOR; if (yych == ')') { yyt4 = YYCURSOR; - goto yy189; + goto yy195; } - goto yy178; -yy193: + goto yy184; +yy199: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy187; + goto yy193; } - if (yych <= '\r') goto yy178; - if (yych >= '#') goto yy193; + if (yych <= '\r') goto yy184; + if (yych >= '#') goto yy199; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy193; + goto yy199; } if (yych <= '\r') { - if (yych == '\n') goto yy178; - if (yych <= '\f') goto yy187; - goto yy178; + if (yych == '\n') goto yy184; + if (yych <= '\f') goto yy193; + goto yy184; } else { if (yych <= '"') { - if (yych <= '!') goto yy187; - goto yy192; + if (yych <= '!') goto yy193; + goto yy198; } else { - if (yych != ')') goto yy187; + if (yych != ')') goto yy193; yyt4 = YYCURSOR; } } yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy187; + goto yy193; } - if (yych <= '\r') goto yy185; - if (yych <= '"') goto yy192; - goto yy193; + if (yych <= '\r') goto yy191; + if (yych <= '"') goto yy198; + goto yy199; } } diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index b0ee5d5..6b52b20 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -182,6 +182,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key "sp" { kw_i = 0; goto yyc_rule; } end { ret = SUCCESS; goto out; } "set" ws+ @t1 keyword @t2 ws+ @t3 string @t4 ws* ";"? { + if (!cond_res[0]) { goto yyc_init; } char *key = (char*)t1; int keylen = t2-t1; zend_string *tmp = zend_hash_str_find_ptr(&vars, key, keylen); @@ -192,19 +193,22 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } - "@condition" ws+ { goto yyc_cond; } - "@end_condition" ws* ";" { cond_res[0] = 1; goto yyc_init; } - ( "@log" | "@info" ) ws+ @t1 string @t2 { + "@condition" ws+ { cond_res_i = 0; goto yyc_cond; } + "@end_condition" ws* ";" { cond_res[0] = 1; cond_res_i = 0; goto yyc_init; } + ( "@log" | "@info" ) ws+ @t1 string @t2 ";"? { + if (!cond_res[0]) { goto yyc_init; } TMPSTR(tmpstr, t2, t1); cs_log_info("[line %d]: %s", lineno, tmpstr); goto yyc_init; } - ( "@warn" | "@warning" ) ws+ @t1 string @t2 { + ( "@warn" | "@warning" ) ws+ @t1 string @t2 ";"? { + if (!cond_res[0]) { goto yyc_init; } TMPSTR(tmpstr, t2, t1); cs_log_warning("[line %d]: %s", lineno, tmpstr); goto yyc_init; } - ( "@err" | "@error" ) ws+ @t1 string @t2 { + ( "@err" | "@error" ) ws+ @t1 string @t2 ";"? { + if (!cond_res[0]) { goto yyc_init; } TMPSTR(tmpstr, t2, t1); cs_log_error("[line %d]: %s", lineno, tmpstr); goto out; -- cgit v1.3 From 3045f5adb916d4ef8520a2c88d82ff8c38ee6328 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Mon, 20 Dec 2021 19:51:45 +0100 Subject: allow '@set' as a synonym for 'set' in rules files --- src/sp_config_scanner.cached.c | 919 +++++++++++++++++++++-------------------- src/sp_config_scanner.re | 2 +- 2 files changed, 463 insertions(+), 458 deletions(-) (limited to 'src') diff --git a/src/sp_config_scanner.cached.c b/src/sp_config_scanner.cached.c index bb23cf9..7617ebf 100644 --- a/src/sp_config_scanner.cached.c +++ b/src/sp_config_scanner.cached.c @@ -283,18 +283,19 @@ yy15: case 'e': goto yy19; case 'i': goto yy20; case 'l': goto yy21; - case 'w': goto yy22; + case 's': goto yy22; + case 'w': goto yy23; default: goto yy5; } yy16: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == 'e') goto yy23; - if (yych == 'p') goto yy24; + if (yych == 'e') goto yy24; + if (yych == 'p') goto yy25; goto yy5; yy17: yych = *++YYCURSOR; - if (yych == 'o') goto yy26; + if (yych == 'o') goto yy27; yy18: YYCURSOR = YYMARKER; if (yyaccept <= 4) { @@ -304,279 +305,283 @@ yy18: goto yy5; } else { yyt2 = YYCURSOR; - goto yy66; + goto yy67; } } else { yyt2 = YYCURSOR; - goto yy70; + goto yy71; } } else { if (yyaccept == 3) { - goto yy66; + goto yy67; } else { - goto yy70; + goto yy71; } } } else { if (yyaccept <= 6) { if (yyaccept == 5) { yyt2 = YYCURSOR; - goto yy85; + goto yy86; } else { yyt4 = YYCURSOR; - goto yy90; + goto yy91; } } else { if (yyaccept == 7) { - goto yy85; + goto yy86; } else { - goto yy90; + goto yy91; } } } yy19: yych = *++YYCURSOR; - if (yych == 'n') goto yy27; - if (yych == 'r') goto yy28; + if (yych == 'n') goto yy28; + if (yych == 'r') goto yy29; goto yy18; yy20: yych = *++YYCURSOR; - if (yych == 'n') goto yy29; + if (yych == 'n') goto yy30; goto yy18; yy21: yych = *++YYCURSOR; - if (yych == 'o') goto yy30; + if (yych == 'o') goto yy31; goto yy18; yy22: yych = *++YYCURSOR; - if (yych == 'a') goto yy31; + if (yych == 'e') goto yy24; goto yy18; yy23: yych = *++YYCURSOR; - if (yych == 't') goto yy32; + if (yych == 'a') goto yy32; goto yy18; yy24: - ++YYCURSOR; - { kw_i = 0; goto yyc_rule; } -yy26: yych = *++YYCURSOR; - if (yych == 'n') goto yy33; + if (yych == 't') goto yy33; goto yy18; +yy25: + ++YYCURSOR; + { kw_i = 0; goto yyc_rule; } yy27: yych = *++YYCURSOR; - if (yych == 'd') goto yy34; + if (yych == 'n') goto yy34; goto yy18; yy28: yych = *++YYCURSOR; - if (yych == 'r') goto yy35; + if (yych == 'd') goto yy35; goto yy18; yy29: yych = *++YYCURSOR; - if (yych == 'f') goto yy36; + if (yych == 'r') goto yy36; goto yy18; yy30: yych = *++YYCURSOR; - if (yych == 'g') goto yy37; + if (yych == 'f') goto yy37; goto yy18; yy31: yych = *++YYCURSOR; - if (yych == 'r') goto yy38; + if (yych == 'g') goto yy38; goto yy18; yy32: yych = *++YYCURSOR; - if (yych == '\t') goto yy39; - if (yych == ' ') goto yy39; + if (yych == 'r') goto yy39; goto yy18; yy33: yych = *++YYCURSOR; - if (yych == 'd') goto yy41; + if (yych == '\t') goto yy40; + if (yych == ' ') goto yy40; goto yy18; yy34: yych = *++YYCURSOR; - if (yych == '_') goto yy42; + if (yych == 'd') goto yy42; goto yy18; yy35: yych = *++YYCURSOR; - if (yych == '"') goto yy18; - if (yych == 'o') goto yy45; - goto yy44; + if (yych == '_') goto yy43; + goto yy18; yy36: yych = *++YYCURSOR; - if (yych != 'o') goto yy18; + if (yych == '"') goto yy18; + if (yych == 'o') goto yy46; + goto yy45; yy37: yych = *++YYCURSOR; - if (yych == '"') goto yy18; - goto yy47; + if (yych != 'o') goto yy18; yy38: yych = *++YYCURSOR; - if (yych == 'n') goto yy48; - goto yy18; + if (yych == '"') goto yy18; + goto yy48; yy39: + yych = *++YYCURSOR; + if (yych == 'n') goto yy49; + goto yy18; +yy40: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '\t') { if (yych <= 0x08) goto yy18; - goto yy39; + goto yy40; } else { - if (yych == ' ') goto yy39; + if (yych == ' ') goto yy40; goto yy18; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy49; + goto yy50; } if (yych <= '^') goto yy18; yyt1 = YYCURSOR; - goto yy49; + goto yy50; } else { if (yych <= '`') goto yy18; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy49; + goto yy50; } goto yy18; } } -yy41: - yych = *++YYCURSOR; - if (yych == 'i') goto yy51; - goto yy18; yy42: yych = *++YYCURSOR; - if (yych == 'c') goto yy52; + if (yych == 'i') goto yy52; goto yy18; yy43: yych = *++YYCURSOR; + if (yych == 'c') goto yy53; + goto yy18; yy44: + yych = *++YYCURSOR; +yy45: if (yych <= 0x1F) { - if (yych == '\t') goto yy43; + if (yych == '\t') goto yy44; goto yy18; } else { - if (yych <= ' ') goto yy43; + if (yych <= ' ') goto yy44; if (yych == '"') { yyt1 = YYCURSOR; - goto yy53; + goto yy54; } goto yy18; } -yy45: - yych = *++YYCURSOR; - if (yych == 'r') goto yy55; - goto yy18; yy46: yych = *++YYCURSOR; + if (yych == 'r') goto yy56; + goto yy18; yy47: + yych = *++YYCURSOR; +yy48: if (yych <= 0x1F) { - if (yych == '\t') goto yy46; + if (yych == '\t') goto yy47; goto yy18; } else { - if (yych <= ' ') goto yy46; + if (yych <= ' ') goto yy47; if (yych == '"') { yyt1 = YYCURSOR; - goto yy56; + goto yy57; } goto yy18; } -yy48: +yy49: yych = *++YYCURSOR; if (yych == '"') goto yy18; - if (yych == 'i') goto yy60; - goto yy59; -yy49: + if (yych == 'i') goto yy61; + goto yy60; +yy50: yych = *++YYCURSOR; if (yybm[0+yych] & 32) { - goto yy49; + goto yy50; } if (yych == '\t') { yyt2 = YYCURSOR; - goto yy61; + goto yy62; } if (yych == ' ') { yyt2 = YYCURSOR; - goto yy61; + goto yy62; } goto yy18; -yy51: - yych = *++YYCURSOR; - if (yych == 't') goto yy63; - goto yy18; yy52: yych = *++YYCURSOR; - if (yych == 'o') goto yy64; + if (yych == 't') goto yy64; goto yy18; yy53: + yych = *++YYCURSOR; + if (yych == 'o') goto yy65; + goto yy18; +yy54: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy53; + goto yy54; } if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy65; - goto yy67; -yy55: + if (yych <= '"') goto yy66; + goto yy68; +yy56: yych = *++YYCURSOR; if (yych == '"') goto yy18; - goto yy44; -yy56: + goto yy45; +yy57: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy56; + if (yych <= '\f') goto yy57; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy56; - goto yy69; + if (yych <= '!') goto yy57; + goto yy70; } else { - if (yych == '\\') goto yy71; - goto yy56; + if (yych == '\\') goto yy72; + goto yy57; } } -yy58: - yych = *++YYCURSOR; yy59: + yych = *++YYCURSOR; +yy60: if (yych <= 0x1F) { - if (yych == '\t') goto yy58; + if (yych == '\t') goto yy59; goto yy18; } else { - if (yych <= ' ') goto yy58; + if (yych <= ' ') goto yy59; if (yych == '"') { yyt1 = YYCURSOR; - goto yy73; + goto yy74; } goto yy18; } -yy60: +yy61: yych = *++YYCURSOR; - if (yych == 'n') goto yy75; + if (yych == 'n') goto yy76; goto yy18; -yy61: +yy62: yych = *++YYCURSOR; if (yych <= 0x1F) { - if (yych == '\t') goto yy61; + if (yych == '\t') goto yy62; goto yy18; } else { - if (yych <= ' ') goto yy61; + if (yych <= ' ') goto yy62; if (yych == '"') { yyt3 = YYCURSOR; - goto yy76; + goto yy77; } goto yy18; } -yy63: - yych = *++YYCURSOR; - if (yych == 'i') goto yy78; - goto yy18; yy64: yych = *++YYCURSOR; - if (yych == 'n') goto yy79; + if (yych == 'i') goto yy79; goto yy18; yy65: yych = *++YYCURSOR; - yyt2 = YYCURSOR; - if (yych == ';') goto yy80; + if (yych == 'n') goto yy80; + goto yy18; yy66: + yych = *++YYCURSOR; + yyt2 = YYCURSOR; + if (yych == ';') goto yy81; +yy67: t1 = yyt1; t2 = yyt2; { @@ -585,19 +590,19 @@ yy66: cs_log_error("[line %d]: %s", lineno, tmpstr); goto out; } -yy67: +yy68: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy53; + goto yy54; } if (yych <= '\r') goto yy18; - if (yych <= '"') goto yy81; - goto yy67; -yy69: + if (yych <= '"') goto yy82; + goto yy68; +yy70: yych = *++YYCURSOR; yyt2 = YYCURSOR; - if (yych == ';') goto yy82; -yy70: + if (yych == ';') goto yy83; +yy71: t1 = yyt1; t2 = yyt2; { @@ -606,126 +611,126 @@ yy70: cs_log_info("[line %d]: %s", lineno, tmpstr); goto yyc_init; } -yy71: +yy72: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy56; + if (yych <= '\f') goto yy57; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy56; - goto yy83; + if (yych <= '!') goto yy57; + goto yy84; } else { - if (yych == '\\') goto yy71; - goto yy56; + if (yych == '\\') goto yy72; + goto yy57; } } -yy73: +yy74: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy73; + if (yych <= '\f') goto yy74; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy73; - goto yy84; + if (yych <= '!') goto yy74; + goto yy85; } else { - if (yych == '\\') goto yy86; - goto yy73; + if (yych == '\\') goto yy87; + goto yy74; } } -yy75: +yy76: yych = *++YYCURSOR; - if (yych == 'g') goto yy88; + if (yych == 'g') goto yy89; goto yy18; -yy76: +yy77: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy76; + if (yych <= '\f') goto yy77; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy76; - goto yy89; + if (yych <= '!') goto yy77; + goto yy90; } else { - if (yych == '\\') goto yy91; - goto yy76; + if (yych == '\\') goto yy92; + goto yy77; } } -yy78: - yych = *++YYCURSOR; - if (yych == 'o') goto yy93; - goto yy18; yy79: yych = *++YYCURSOR; - if (yych == 'd') goto yy94; + if (yych == 'o') goto yy94; goto yy18; yy80: - ++YYCURSOR; - goto yy66; + yych = *++YYCURSOR; + if (yych == 'd') goto yy95; + goto yy18; yy81: + ++YYCURSOR; + goto yy67; +yy82: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 128) { - goto yy67; + goto yy68; } if (yych <= '\r') { if (yych == '\n') { yyt2 = YYCURSOR; - goto yy66; + goto yy67; } - if (yych <= '\f') goto yy53; + if (yych <= '\f') goto yy54; yyt2 = YYCURSOR; - goto yy66; + goto yy67; } else { if (yych <= '"') { - if (yych <= '!') goto yy53; - goto yy65; + if (yych <= '!') goto yy54; + goto yy66; } else { if (yych == ';') { yyt2 = YYCURSOR; - goto yy95; + goto yy96; } - goto yy53; + goto yy54; } } -yy82: - ++YYCURSOR; - goto yy70; yy83: + ++YYCURSOR; + goto yy71; +yy84: yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '!') { if (yych <= '\n') { - if (yych <= '\t') goto yy56; + if (yych <= '\t') goto yy57; yyt2 = YYCURSOR; - goto yy70; + goto yy71; } else { if (yych == '\r') { yyt2 = YYCURSOR; - goto yy70; + goto yy71; } - goto yy56; + goto yy57; } } else { if (yych <= ';') { - if (yych <= '"') goto yy69; - if (yych <= ':') goto yy56; + if (yych <= '"') goto yy70; + if (yych <= ':') goto yy57; yyt2 = YYCURSOR; - goto yy96; + goto yy97; } else { - if (yych == '\\') goto yy71; - goto yy56; + if (yych == '\\') goto yy72; + goto yy57; } } -yy84: +yy85: yych = *++YYCURSOR; yyt2 = YYCURSOR; - if (yych == ';') goto yy97; -yy85: + if (yych == ';') goto yy98; +yy86: t1 = yyt1; t2 = yyt2; { @@ -734,30 +739,30 @@ yy85: cs_log_warning("[line %d]: %s", lineno, tmpstr); goto yyc_init; } -yy86: +yy87: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy73; + if (yych <= '\f') goto yy74; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy73; - goto yy98; + if (yych <= '!') goto yy74; + goto yy99; } else { - if (yych == '\\') goto yy86; - goto yy73; + if (yych == '\\') goto yy87; + goto yy74; } } -yy88: +yy89: yych = *++YYCURSOR; if (yych == '"') goto yy18; - goto yy59; -yy89: + goto yy60; +yy90: yych = *++YYCURSOR; yyt4 = YYCURSOR; - goto yy100; -yy90: + goto yy101; +yy91: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -774,212 +779,212 @@ yy90: zend_hash_str_add_ptr(&vars, key, keylen, tmp); goto yyc_init; } -yy91: +yy92: yych = *++YYCURSOR; if (yych <= '\r') { if (yych == '\n') goto yy18; - if (yych <= '\f') goto yy76; + if (yych <= '\f') goto yy77; goto yy18; } else { if (yych <= '"') { - if (yych <= '!') goto yy76; - goto yy102; + if (yych <= '!') goto yy77; + goto yy103; } else { - if (yych == '\\') goto yy91; - goto yy76; + if (yych == '\\') goto yy92; + goto yy77; } } -yy93: - yych = *++YYCURSOR; - if (yych == 'n') goto yy103; - goto yy18; yy94: yych = *++YYCURSOR; - if (yych == 'i') goto yy104; + if (yych == 'n') goto yy104; goto yy18; yy95: + yych = *++YYCURSOR; + if (yych == 'i') goto yy105; + goto yy18; +yy96: yyaccept = 3; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy53; + goto yy54; } - if (yych <= '\r') goto yy66; - if (yych <= '"') goto yy65; - goto yy67; -yy96: + if (yych <= '\r') goto yy67; + if (yych <= '"') goto yy66; + goto yy68; +yy97: yyaccept = 4; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy70; - if (yych <= '\f') goto yy56; - goto yy70; + if (yych == '\n') goto yy71; + if (yych <= '\f') goto yy57; + goto yy71; } else { if (yych <= '"') { - if (yych <= '!') goto yy56; - goto yy69; + if (yych <= '!') goto yy57; + goto yy70; } else { - if (yych == '\\') goto yy71; - goto yy56; + if (yych == '\\') goto yy72; + goto yy57; } } -yy97: - ++YYCURSOR; - goto yy85; yy98: + ++YYCURSOR; + goto yy86; +yy99: yyaccept = 5; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '!') { if (yych <= '\n') { - if (yych <= '\t') goto yy73; + if (yych <= '\t') goto yy74; yyt2 = YYCURSOR; - goto yy85; + goto yy86; } else { if (yych == '\r') { yyt2 = YYCURSOR; - goto yy85; + goto yy86; } - goto yy73; + goto yy74; } } else { if (yych <= ';') { - if (yych <= '"') goto yy84; - if (yych <= ':') goto yy73; + if (yych <= '"') goto yy85; + if (yych <= ':') goto yy74; yyt2 = YYCURSOR; - goto yy105; + goto yy106; } else { - if (yych == '\\') goto yy86; - goto yy73; + if (yych == '\\') goto yy87; + goto yy74; } } -yy99: - yych = *++YYCURSOR; yy100: + yych = *++YYCURSOR; +yy101: if (yych <= 0x1F) { - if (yych == '\t') goto yy99; - goto yy90; + if (yych == '\t') goto yy100; + goto yy91; } else { - if (yych <= ' ') goto yy99; - if (yych != ';') goto yy90; + if (yych <= ' ') goto yy100; + if (yych != ';') goto yy91; } ++YYCURSOR; - goto yy90; -yy102: + goto yy91; +yy103: yyaccept = 6; yych = *(YYMARKER = ++YYCURSOR); if (yych <= ' ') { if (yych <= '\n') { - if (yych <= 0x08) goto yy76; + if (yych <= 0x08) goto yy77; if (yych <= '\t') { yyt4 = YYCURSOR; - goto yy106; + goto yy107; } yyt4 = YYCURSOR; - goto yy90; + goto yy91; } else { if (yych == '\r') { yyt4 = YYCURSOR; - goto yy90; + goto yy91; } - if (yych <= 0x1F) goto yy76; + if (yych <= 0x1F) goto yy77; yyt4 = YYCURSOR; - goto yy106; + goto yy107; } } else { if (yych <= ':') { - if (yych == '"') goto yy89; - goto yy76; + if (yych == '"') goto yy90; + goto yy77; } else { if (yych <= ';') { yyt4 = YYCURSOR; - goto yy108; + goto yy109; } - if (yych == '\\') goto yy91; - goto yy76; + if (yych == '\\') goto yy92; + goto yy77; } } -yy103: - yych = *++YYCURSOR; - if (yych == '\t') goto yy109; - if (yych == ' ') goto yy109; - goto yy18; yy104: yych = *++YYCURSOR; - if (yych == 't') goto yy112; + if (yych == '\t') goto yy110; + if (yych == ' ') goto yy110; goto yy18; yy105: + yych = *++YYCURSOR; + if (yych == 't') goto yy113; + goto yy18; +yy106: yyaccept = 7; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy85; - if (yych <= '\f') goto yy73; - goto yy85; + if (yych == '\n') goto yy86; + if (yych <= '\f') goto yy74; + goto yy86; } else { if (yych <= '"') { - if (yych <= '!') goto yy73; - goto yy84; + if (yych <= '!') goto yy74; + goto yy85; } else { - if (yych == '\\') goto yy86; - goto yy73; + if (yych == '\\') goto yy87; + goto yy74; } } -yy106: +yy107: yyaccept = 8; yych = *(YYMARKER = ++YYCURSOR); if (yych <= ' ') { if (yych <= '\n') { - if (yych <= 0x08) goto yy76; - if (yych <= '\t') goto yy106; - goto yy90; + if (yych <= 0x08) goto yy77; + if (yych <= '\t') goto yy107; + goto yy91; } else { - if (yych == '\r') goto yy90; - if (yych <= 0x1F) goto yy76; - goto yy106; + if (yych == '\r') goto yy91; + if (yych <= 0x1F) goto yy77; + goto yy107; } } else { if (yych <= ':') { - if (yych == '"') goto yy89; - goto yy76; + if (yych == '"') goto yy90; + goto yy77; } else { - if (yych <= ';') goto yy108; - if (yych == '\\') goto yy91; - goto yy76; + if (yych <= ';') goto yy109; + if (yych == '\\') goto yy92; + goto yy77; } } -yy108: +yy109: yyaccept = 8; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych == '\n') goto yy90; - if (yych <= '\f') goto yy76; - goto yy90; + if (yych == '\n') goto yy91; + if (yych <= '\f') goto yy77; + goto yy91; } else { if (yych <= '"') { - if (yych <= '!') goto yy76; - goto yy89; + if (yych <= '!') goto yy77; + goto yy90; } else { - if (yych == '\\') goto yy91; - goto yy76; + if (yych == '\\') goto yy92; + goto yy77; } } -yy109: +yy110: yych = *++YYCURSOR; - if (yych == '\t') goto yy109; - if (yych == ' ') goto yy109; + if (yych == '\t') goto yy110; + if (yych == ' ') goto yy110; { cond_res_i = 0; goto yyc_cond; } -yy112: +yy113: yych = *++YYCURSOR; if (yych != 'i') goto yy18; yych = *++YYCURSOR; if (yych != 'o') goto yy18; yych = *++YYCURSOR; if (yych != 'n') goto yy18; -yy115: +yy116: yych = *++YYCURSOR; if (yych <= 0x1F) { - if (yych == '\t') goto yy115; + if (yych == '\t') goto yy116; goto yy18; } else { - if (yych <= ' ') goto yy115; + if (yych <= ' ') goto yy116; if (yych != ';') goto yy18; } ++YYCURSOR; @@ -1024,85 +1029,85 @@ yyc_cond: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy123; + goto yy124; } if (yych <= '(') { if (yych <= '\r') { - if (yych <= 0x08) goto yy121; - if (yych <= '\n') goto yy126; - if (yych >= '\r') goto yy128; + if (yych <= 0x08) goto yy122; + if (yych <= '\n') goto yy127; + if (yych >= '\r') goto yy129; } else { - if (yych <= 0x1F) goto yy121; - if (yych <= '!') goto yy129; - if (yych >= '(') goto yy131; + if (yych <= 0x1F) goto yy122; + if (yych <= '!') goto yy130; + if (yych >= '(') goto yy132; } } else { if (yych <= 'Z') { - if (yych <= '/') goto yy121; + if (yych <= '/') goto yy122; if (yych <= '9') { yyt1 = YYCURSOR; - goto yy133; + goto yy134; } if (yych >= 'A') { yyt1 = YYCURSOR; - goto yy136; + goto yy137; } } else { if (yych <= '_') { if (yych >= '_') { yyt1 = YYCURSOR; - goto yy136; + goto yy137; } } else { - if (yych <= '`') goto yy121; + if (yych <= '`') goto yy122; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy136; + goto yy137; } } } } -yy121: - ++YYCURSOR; yy122: - { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } + ++YYCURSOR; yy123: + { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } +yy124: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy123; + goto yy124; } { goto yyc_cond; } -yy126: +yy127: ++YYCURSOR; { lineno++; goto yyc_cond; } -yy128: - yych = *++YYCURSOR; - if (yych == '\n') goto yy126; - goto yy122; yy129: + yych = *++YYCURSOR; + if (yych == '\n') goto yy127; + goto yy123; +yy130: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy131: +yy132: ++YYCURSOR; t1 = YYCURSOR - 1; { sy_op_push(*t1); goto yyc_cond; } -yy133: +yy134: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy133; + goto yy134; } t1 = yyt1; t2 = YYCURSOR; { sy_res_push(atoi(t1)); goto yyc_cond_op; } -yy136: +yy137: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy136; + goto yy137; } - if (yych == '(') goto yy139; -yy138: + if (yych == '(') goto yy140; +yy139: t1 = yyt1; t2 = YYCURSOR; { @@ -1114,34 +1119,34 @@ yy138: sy_res_push(atoi(ZSTR_VAL(tmp))); goto yyc_cond_op; } -yy139: +yy140: yych = *++YYCURSOR; if (yych == '"') { yyt2 = YYCURSOR; - goto yy141; + goto yy142; } if (yych == ')') { yyt2 = YYCURSOR; - goto yy143; + goto yy144; } -yy140: +yy141: YYCURSOR = YYMARKER; if (yyaccept == 0) { - goto yy138; + goto yy139; } else { - goto yy144; + goto yy145; } -yy141: +yy142: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy141; + goto yy142; } - if (yych <= '\r') goto yy140; - if (yych <= '"') goto yy145; - goto yy146; -yy143: - ++YYCURSOR; + if (yych <= '\r') goto yy141; + if (yych <= '"') goto yy146; + goto yy147; yy144: + ++YYCURSOR; +yy145: t1 = yyt1; t3 = yyt2; t2 = yyt2 - 1; @@ -1156,41 +1161,41 @@ yy144: } goto yyc_cond_op; } -yy145: - yych = *++YYCURSOR; - if (yych == ')') goto yy143; - goto yy140; yy146: + yych = *++YYCURSOR; + if (yych == ')') goto yy144; + goto yy141; +yy147: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy141; + goto yy142; } - if (yych <= '\r') goto yy140; - if (yych >= '#') goto yy146; + if (yych <= '\r') goto yy141; + if (yych >= '#') goto yy147; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy146; + goto yy147; } if (yych <= '\r') { - if (yych == '\n') goto yy140; - if (yych <= '\f') goto yy141; - goto yy140; + if (yych == '\n') goto yy141; + if (yych <= '\f') goto yy142; + goto yy141; } else { if (yych <= '"') { - if (yych <= '!') goto yy141; - goto yy145; + if (yych <= '!') goto yy142; + goto yy146; } else { - if (yych != ')') goto yy141; + if (yych != ')') goto yy142; } } yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy141; + goto yy142; } - if (yych <= '\r') goto yy144; - if (yych <= '"') goto yy145; - goto yy146; + if (yych <= '\r') goto yy145; + if (yych <= '"') goto yy146; + goto yy147; } /* *********************************** */ yyc_cond_op: @@ -1231,63 +1236,63 @@ yyc_cond_op: }; yych = *YYCURSOR; if (yybm[0+yych] & 128) { - goto yy154; + goto yy155; } if (yych <= ')') { if (yych <= '\r') { - if (yych <= 0x08) goto yy152; - if (yych <= '\n') goto yy157; - if (yych >= '\r') goto yy159; + if (yych <= 0x08) goto yy153; + if (yych <= '\n') goto yy158; + if (yych >= '\r') goto yy160; } else { if (yych == '&') { yyt1 = YYCURSOR; - goto yy160; + goto yy161; } - if (yych >= ')') goto yy161; + if (yych >= ')') goto yy162; } } else { if (yych <= '=') { - if (yych <= ':') goto yy152; - if (yych <= ';') goto yy163; + if (yych <= ':') goto yy153; + if (yych <= ';') goto yy164; if (yych <= '<') { yyt1 = YYCURSOR; - goto yy165; + goto yy166; } yyt1 = YYCURSOR; - goto yy167; + goto yy168; } else { if (yych <= '>') { yyt1 = YYCURSOR; - goto yy165; + goto yy166; } if (yych == '|') { yyt1 = YYCURSOR; - goto yy168; + goto yy169; } } } -yy152: - ++YYCURSOR; yy153: - { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } + ++YYCURSOR; yy154: + { cs_log_error("Syntax error in condition on line %d", lineno); goto out; } +yy155: yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy154; + goto yy155; } { goto yyc_cond_op; } -yy157: +yy158: ++YYCURSOR; { lineno++; goto yyc_cond_op; } -yy159: - yych = *++YYCURSOR; - if (yych == '\n') goto yy157; - goto yy153; yy160: yych = *++YYCURSOR; - if (yych == '&') goto yy169; - goto yy153; + if (yych == '\n') goto yy158; + goto yy154; yy161: + yych = *++YYCURSOR; + if (yych == '&') goto yy170; + goto yy154; +yy162: ++YYCURSOR; { while (cond_op_i && sy_op_peek() != '(') { @@ -1299,7 +1304,7 @@ yy161: cond_op_i--; goto yyc_cond_op; } -yy163: +yy164: ++YYCURSOR; { while (cond_op_i) { @@ -1309,10 +1314,10 @@ yy163: if (cond_res_i > 1) { cs_log_error("invalid condition on line %d", lineno); goto out; } goto yyc_init; } -yy165: - yych = *++YYCURSOR; - if (yych == '=') goto yy169; yy166: + yych = *++YYCURSOR; + if (yych == '=') goto yy170; +yy167: t1 = yyt1; t2 = YYCURSOR; { @@ -1329,16 +1334,16 @@ yy166: sy_op_push(*t1); goto yyc_cond; } -yy167: - yych = *++YYCURSOR; - if (yych == '=') goto yy169; - goto yy153; yy168: yych = *++YYCURSOR; - if (yych != '|') goto yy153; + if (yych == '=') goto yy170; + goto yy154; yy169: + yych = *++YYCURSOR; + if (yych != '|') goto yy154; +yy170: ++YYCURSOR; - goto yy166; + goto yy167; } /* *********************************** */ yyc_rule: @@ -1379,77 +1384,77 @@ yyc_rule: }; yych = *YYCURSOR; if (yybm[0+yych] & 8) { - goto yy174; + goto yy175; } if (yych <= '\r') { - if (yych <= 0x08) goto yy172; - if (yych <= '\n') goto yy177; - if (yych >= '\r') goto yy178; + if (yych <= 0x08) goto yy173; + if (yych <= '\n') goto yy178; + if (yych >= '\r') goto yy179; } else { if (yych <= '.') { - if (yych >= '.') goto yy179; + if (yych >= '.') goto yy180; } else { - if (yych == ';') goto yy180; + if (yych == ';') goto yy181; } } -yy172: - ++YYCURSOR; yy173: - { goto end_of_rule; } + ++YYCURSOR; yy174: + { goto end_of_rule; } +yy175: yych = *++YYCURSOR; if (yybm[0+yych] & 8) { - goto yy174; + goto yy175; } { goto yyc_rule; } -yy177: +yy178: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); if (yych <= '\r') { - if (yych <= 0x08) goto yy173; + if (yych <= 0x08) goto yy174; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy182; + goto yy183; } - if (yych <= '\f') goto yy173; + if (yych <= '\f') goto yy174; yyt1 = YYCURSOR; - goto yy185; + goto yy186; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy173; + if (yych <= 0x1F) goto yy174; yyt1 = YYCURSOR; - goto yy182; + goto yy183; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy186; + goto yy187; } - goto yy173; + goto yy174; } } -yy178: +yy179: yyaccept = 0; yych = *(YYMARKER = ++YYCURSOR); - if (yych == '\n') goto yy188; - goto yy173; -yy179: + if (yych == '\n') goto yy189; + goto yy174; +yy180: yych = *++YYCURSOR; if (yych <= '^') { - if (yych <= '@') goto yy173; + if (yych <= '@') goto yy174; if (yych <= 'Z') { yyt1 = YYCURSOR; - goto yy189; + goto yy190; } - goto yy173; + goto yy174; } else { - if (yych == '`') goto yy173; + if (yych == '`') goto yy174; if (yych <= 'z') { yyt1 = YYCURSOR; - goto yy189; + goto yy190; } - goto yy173; + goto yy174; } -yy180: +yy181: ++YYCURSOR; { end_of_rule: @@ -1460,71 +1465,71 @@ yy180: } goto yyc_init; } -yy182: +yy183: yych = *++YYCURSOR; if (yybm[0+yych] & 16) { - goto yy182; + goto yy183; } - if (yych == '\r') goto yy185; - if (yych == '.') goto yy186; -yy184: + if (yych == '\r') goto yy186; + if (yych == '.') goto yy187; +yy185: YYCURSOR = YYMARKER; if (yyaccept <= 1) { if (yyaccept == 0) { - goto yy173; + goto yy174; } else { yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; - goto yy191; + goto yy192; } } else { - goto yy191; + goto yy192; } -yy185: - yych = *++YYCURSOR; - if (yych == '\n') goto yy182; - goto yy184; yy186: + yych = *++YYCURSOR; + if (yych == '\n') goto yy183; + goto yy185; +yy187: ++YYCURSOR; YYCURSOR = yyt1; { lineno++; goto yyc_rule; } -yy188: +yy189: yych = *++YYCURSOR; if (yych <= '\r') { - if (yych <= 0x08) goto yy184; + if (yych <= 0x08) goto yy185; if (yych <= '\n') { yyt1 = YYCURSOR; - goto yy182; + goto yy183; } - if (yych <= '\f') goto yy184; + if (yych <= '\f') goto yy185; yyt1 = YYCURSOR; - goto yy185; + goto yy186; } else { if (yych <= ' ') { - if (yych <= 0x1F) goto yy184; + if (yych <= 0x1F) goto yy185; yyt1 = YYCURSOR; - goto yy182; + goto yy183; } else { if (yych == '.') { yyt1 = YYCURSOR; - goto yy186; + goto yy187; } - goto yy184; + goto yy185; } } -yy189: +yy190: yyaccept = 1; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 32) { - goto yy189; + goto yy190; } if (yych == '(') { yyt2 = YYCURSOR; - goto yy192; + goto yy193; } yyt3 = yyt4 = NULL; yyt2 = YYCURSOR; -yy191: +yy192: t1 = yyt1; t2 = yyt2; t3 = yyt3; @@ -1559,110 +1564,110 @@ yy191: parsed_rule[kw_i++] = kw; goto yyc_rule; } -yy192: +yy193: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= '"') { - if (yych <= '!') goto yy184; + if (yych <= '!') goto yy185; yyt3 = YYCURSOR; } else { if (yych == ')') { yyt3 = yyt4 = YYCURSOR; - goto yy195; + goto yy196; } - goto yy184; + goto yy185; } } else { if (yych <= '_') { if (yych <= 'Z') { yyt3 = YYCURSOR; - goto yy196; + goto yy197; } - if (yych <= '^') goto yy184; + if (yych <= '^') goto yy185; yyt3 = YYCURSOR; - goto yy196; + goto yy197; } else { - if (yych <= '`') goto yy184; + if (yych <= '`') goto yy185; if (yych <= 'z') { yyt3 = YYCURSOR; - goto yy196; + goto yy197; } - goto yy184; + goto yy185; } } -yy193: +yy194: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy193; + goto yy194; } - if (yych <= '\r') goto yy184; - if (yych <= '"') goto yy198; - goto yy199; -yy195: - ++YYCURSOR; - goto yy191; + if (yych <= '\r') goto yy185; + if (yych <= '"') goto yy199; + goto yy200; yy196: + ++YYCURSOR; + goto yy192; +yy197: yych = *++YYCURSOR; if (yych <= '@') { if (yych <= ')') { - if (yych <= '(') goto yy184; + if (yych <= '(') goto yy185; yyt4 = YYCURSOR; - goto yy195; + goto yy196; } else { - if (yych <= '/') goto yy184; - if (yych <= '9') goto yy196; - goto yy184; + if (yych <= '/') goto yy185; + if (yych <= '9') goto yy197; + goto yy185; } } else { if (yych <= '_') { - if (yych <= 'Z') goto yy196; - if (yych <= '^') goto yy184; - goto yy196; + if (yych <= 'Z') goto yy197; + if (yych <= '^') goto yy185; + goto yy197; } else { - if (yych <= '`') goto yy184; - if (yych <= 'z') goto yy196; - goto yy184; + if (yych <= '`') goto yy185; + if (yych <= 'z') goto yy197; + goto yy185; } } -yy198: +yy199: yych = *++YYCURSOR; if (yych == ')') { yyt4 = YYCURSOR; - goto yy195; + goto yy196; } - goto yy184; -yy199: + goto yy185; +yy200: yych = *++YYCURSOR; if (yybm[0+yych] & 64) { - goto yy193; + goto yy194; } - if (yych <= '\r') goto yy184; - if (yych >= '#') goto yy199; + if (yych <= '\r') goto yy185; + if (yych >= '#') goto yy200; yych = *++YYCURSOR; if (yybm[0+yych] & 128) { - goto yy199; + goto yy200; } if (yych <= '\r') { - if (yych == '\n') goto yy184; - if (yych <= '\f') goto yy193; - goto yy184; + if (yych == '\n') goto yy185; + if (yych <= '\f') goto yy194; + goto yy185; } else { if (yych <= '"') { - if (yych <= '!') goto yy193; - goto yy198; + if (yych <= '!') goto yy194; + goto yy199; } else { - if (yych != ')') goto yy193; + if (yych != ')') goto yy194; yyt4 = YYCURSOR; } } yyaccept = 2; yych = *(YYMARKER = ++YYCURSOR); if (yybm[0+yych] & 64) { - goto yy193; + goto yy194; } - if (yych <= '\r') goto yy191; - if (yych <= '"') goto yy198; - goto yy199; + if (yych <= '\r') goto yy192; + if (yych <= '"') goto yy199; + goto yy200; } } diff --git a/src/sp_config_scanner.re b/src/sp_config_scanner.re index 6b52b20..d7c9884 100644 --- a/src/sp_config_scanner.re +++ b/src/sp_config_scanner.re @@ -181,7 +181,7 @@ zend_result sp_config_scan(char *data, zend_result (*process_rule)(sp_parsed_key nl { lineno++; goto yyc_init; } "sp" { kw_i = 0; goto yyc_rule; } end { ret = SUCCESS; goto out; } - "set" ws+ @t1 keyword @t2 ws+ @t3 string @t4 ws* ";"? { + "@"? "set" ws+ @t1 keyword @t2 ws+ @t3 string @t4 ws* ";"? { if (!cond_res[0]) { goto yyc_init; } char *key = (char*)t1; int keylen = t2-t1; -- cgit v1.3 From 8b1fc7ce30ca6886bb2957d6bd8b59ee6580b5ce Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 5 Jan 2022 19:21:13 +0100 Subject: fix test case for php7 --- .../disable_function/disabled_functions_shell_exec_opcache_preload.phpt | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt index 3e43a14..14e5d0d 100644 --- a/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt +++ b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt @@ -11,6 +11,7 @@ allow_url_include=1 opcache.enable=1 opcache.enable_cli=1 opcache.preload=data://text/plain,%3C%3Fphp+shell_exec%28%22ls%22%29%3B +opcache.preload_user=nobody --FILE-- -- cgit v1.3 From acb737ef367f61ee0c0d219ea7272abb56e68e34 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 5 Jan 2022 20:17:09 +0100 Subject: skip old php check for testing --- Makefile | 2 +- src/snuffleupagus.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/Makefile b/Makefile index b8236fb..78aefe2 100644 --- a/Makefile +++ b/Makefile @@ -19,7 +19,7 @@ compile_debug: ## compile a debug build make -C src tests: release ## compile a release build and run the testsuite - TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 make -C src test + TEST_PHP_ARGS='-q' REPORT_EXIT_STATUS=1 SP_SKIP_OLD_PHP_CHECK=1 make -C src test coverage: ## compile snuffleugpaus, and run the testsuite with coverage cd src; phpize diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 3baad1b..1ccc412 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -367,7 +367,7 @@ static PHP_INI_MH(OnUpdateConfiguration) { (SPCFG(disabled_functions) && zend_hash_num_elements(SPCFG(disabled_functions))) || (SPCFG(disabled_functions_ret) && zend_hash_num_elements(SPCFG(disabled_functions_ret))); - if (SPCFG(show_old_php_warning)) { + if (SPCFG(show_old_php_warning) && getenv("SP_SKIP_OLD_PHP_CHECK") == NULL) { time_t ts = time(NULL); if (PHP_VERSION_ID < 70300 || PHP_VERSION_ID < 70400 && ts >= (time_t)1638745200L || -- cgit v1.3 From 1e8f148fe8f6c7934f1b84e41add465844c2dcdc Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 6 Jan 2022 21:16:39 +0100 Subject: added stderr debug output option to configure instead of CFLAGS --- src/config.m4 | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index e6eed84..a421c0c 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -18,6 +18,9 @@ PHP_ARG_ENABLE(coverage, whether to enable coverage support, PHP_ARG_ENABLE(debug, whether to enable debug messages, [ --enable-debug Enable debug messages], no, no) +PHP_ARG_ENABLE(debug-stderr, whether to enable debug messages, +[ --enable-debug-stderr Enable debug messages], no, no) + AC_PROG_CC_STDC() CFLAGS="$CFLAGS" @@ -28,8 +31,11 @@ CFLAGS="$CFLAGS -fstack-protector-strong" LDFLAGS="$LDFLAGS `pcre2-config --libs8`" if test "$PHP_DEBUG" = "yes"; then - AC_DEFINE(SP_DEBUG, 1, [Wether you want to enable debug messages]) - CFLAGS="$CFLAGS -g -ggdb -O0" + AC_DEFINE(SP_DEBUG, 1, [Enable SP debug messages]) + CFLAGS="$CFLAGS -g -ggdb -O0" + if test "$PHP_DEBUG_STDERR" = "yes"; then + AC_DEFINE(SP_DEBUG_STDERR, 1, [Print SP debug messages to stderr]) + fi fi AC_CHECK_LIB(pcre, pcre_compile, AC_DEFINE(HAVE_PCRE, 1, [have pcre])) -- cgit v1.3 From 94d3124c3972ee950a40dad72fe1b4bcf16db2c4 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 6 Jan 2022 21:17:41 +0100 Subject: make tests for running tests w/ and w/o debug mode --- src/Makefile.frag | 4 ++++ 1 file changed, 4 insertions(+) (limited to 'src') diff --git a/src/Makefile.frag b/src/Makefile.frag index 1236599..e110544 100644 --- a/src/Makefile.frag +++ b/src/Makefile.frag @@ -5,3 +5,7 @@ $(srcdir)/sp_config_scanner.c: $(srcdir)/sp_config_scanner.re else \ cp $(srcdir)/sp_config_scanner.cached.c $@; \ fi; + +.PHONY: tests +tests: + $(MAKE) test NO_INTERACTION=1 SP_NODEBUG=1 SP_SKIP_OLD_PHP_CHECK=1 $(TESTS) -- cgit v1.3 From 4b5afd0148cef6c845a37aff68e1fbac8f5653d7 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Thu, 6 Jan 2022 21:22:50 +0100 Subject: prevent double checks and fixed segfault on return value access --- src/snuffleupagus.c | 3 ++- src/sp_disabled_functions.c | 16 ++++++++++------ src/sp_execute.c | 19 ++++++++++++------- 3 files changed, 24 insertions(+), 14 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 1ccc412..53db721 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -334,7 +334,6 @@ static PHP_INI_MH(OnUpdateConfiguration) { } } - hook_disabled_functions(); hook_execute(); hook_cookies(); @@ -353,6 +352,8 @@ static PHP_INI_MH(OnUpdateConfiguration) { CG(compiler_options) |= ZEND_COMPILE_HANDLE_OP_ARRAY; } + hook_disabled_functions(); + // If `zend_write_default` is not NULL it is already hooked. if ((zend_hash_str_find(SPCFG(disabled_functions_hooked), ZEND_STRL("echo")) || zend_hash_str_find(SPCFG(disabled_functions_ret_hooked), ZEND_STRL("echo"))) && diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 1d9c6c7..c0c642b 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -400,7 +400,6 @@ static void should_drop_on_ret(const zval* return_value, bool match_type = false, match_value = false; while (config) { - const zend_string* ret_value_str = NULL; sp_disabled_function const* const config_node = (sp_disabled_function*)(config->data); @@ -444,13 +443,18 @@ static void should_drop_on_ret(const zval* return_value, } } - ret_value_str = sp_zval_to_zend_string(return_value); + const zend_string* ret_value_str = NULL; + sp_php_type ret_type = SP_PHP_TYPE_NULL; + + if (return_value) { + ret_value_str = sp_zval_to_zend_string(return_value); + ret_type = Z_TYPE_P(return_value); + } match_type = (config_node->ret_type) && - (config_node->ret_type == Z_TYPE_P(return_value)); - match_value = (config_node->ret || config_node->r_ret) && - (true == sp_match_value(ret_value_str, config_node->ret, - config_node->r_ret)); + (config_node->ret_type == ret_type); + match_value = return_value && (config_node->ret || config_node->r_ret) && + (true == sp_match_value(ret_value_str, config_node->ret, config_node->r_ret)); if (true == match_type || true == match_value) { if (true == config_node->allow) { diff --git a/src/sp_execute.c b/src/sp_execute.c index 21a68dd..aadd145 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -161,14 +161,18 @@ static inline void sp_execute_handler(INTERNAL_FUNCTION_PARAMETERS, bool interna return; } - const sp_list_node *config_disabled_functions_reg = SPCFG(disabled_functions_reg).disabled_functions; + bool is_hooked = (zend_hash_str_find(SPG(disabled_functions_hook), VAR_AND_LEN(function_name)) || zend_hash_str_find(SPG(disabled_functions_hook), VAR_AND_LEN(function_name))); + if (is_hooked) { + sp_call_orig_execute(INTERNAL_FUNCTION_PARAM_PASSTHRU, internal); + return; + } // If we're at an internal function if (!execute_data->prev_execute_data || !execute_data->prev_execute_data->func || !ZEND_USER_CODE(execute_data->prev_execute_data->func->type) || !execute_data->prev_execute_data->opline) { - should_disable_ht(execute_data, function_name, NULL, NULL, config_disabled_functions_reg, SPCFG(disabled_functions)); + should_disable_ht(execute_data, function_name, NULL, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions)); } else { // If we're at a userland function call switch (execute_data->prev_execute_data->opline->opcode) { case ZEND_DO_FCALL: @@ -176,7 +180,7 @@ static inline void sp_execute_handler(INTERNAL_FUNCTION_PARAMETERS, bool interna case ZEND_DO_ICALL: case ZEND_DO_UCALL: case ZEND_TICKS: - should_disable_ht(execute_data, function_name, NULL, NULL, config_disabled_functions_reg, SPCFG(disabled_functions)); + should_disable_ht(execute_data, function_name, NULL, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions)); default: break; } @@ -188,23 +192,24 @@ static inline void sp_execute_handler(INTERNAL_FUNCTION_PARAMETERS, bool interna zval ret_val; if (EX(return_value) == NULL) { memset(&ret_val, 0, sizeof(ret_val)); - EX(return_value) = &ret_val; + return_value = EX(return_value) = &ret_val; } sp_call_orig_execute(INTERNAL_FUNCTION_PARAM_PASSTHRU, internal); - should_drop_on_ret_ht(EX(return_value), function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret), execute_data); + should_drop_on_ret_ht(return_value, function_name, SPCFG(disabled_functions_reg_ret).disabled_functions, SPCFG(disabled_functions_ret), execute_data); + efree(function_name); if (EX(return_value) == &ret_val) { - EX(return_value) = NULL; + return_value = EX(return_value) = NULL; } } static void sp_execute_ex(zend_execute_data *execute_data) { - sp_execute_handler(execute_data, NULL, false); + sp_execute_handler(execute_data, execute_data ? EX(return_value) : NULL, false); } static void sp_zend_execute_internal(INTERNAL_FUNCTION_PARAMETERS) { -- cgit v1.3 From c102fd3535cbed3d8a22d77306dedf2caf7c8674 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 7 Jan 2022 18:01:50 +0100 Subject: fixed invalid return value --- src/sp_disabled_functions.c | 2 +- src/sp_execute.c | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'src') diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index c0c642b..0ff859c 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -469,7 +469,7 @@ static void should_drop_on_ret(const zval* return_value, ZEND_FUNCTION(check_disabled_function) { zif_handler orig_handler; - const char* current_function_name = get_active_function_name(TSRMLS_C); + const char* current_function_name = get_active_function_name(); should_disable_ht(execute_data, current_function_name, NULL, NULL, SPCFG(disabled_functions_reg).disabled_functions, SPCFG(disabled_functions_hooked)); diff --git a/src/sp_execute.c b/src/sp_execute.c index aadd145..f1ed8d0 100644 --- a/src/sp_execute.c +++ b/src/sp_execute.c @@ -190,7 +190,7 @@ static inline void sp_execute_handler(INTERNAL_FUNCTION_PARAMETERS, bool interna // execute_data, so we need to use a local variable to be able to match on // it later. zval ret_val; - if (EX(return_value) == NULL) { + if (EX(return_value) == NULL && return_value == NULL) { memset(&ret_val, 0, sizeof(ret_val)); return_value = EX(return_value) = &ret_val; } -- cgit v1.3 From db2c5561289bff3a4364cb2e1601878fac7330fe Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Fri, 7 Jan 2022 18:02:38 +0100 Subject: proper test case cleanup --- src/tests/dump_request/dump_eval_blacklist.phpt | 7 +++++++ src/tests/dump_request/dump_eval_whitelist.phpt | 7 +++++++ src/tests/dump_request/dump_request.phpt | 10 ++++------ src/tests/dump_request/dump_request_stacktrace.phpt | 4 +++- src/tests/dump_request/dump_request_too_big.phpt | 15 +++++++++------ 5 files changed, 30 insertions(+), 13 deletions(-) (limited to 'src') diff --git a/src/tests/dump_request/dump_eval_blacklist.phpt b/src/tests/dump_request/dump_eval_blacklist.phpt index b8192a7..c9f48e4 100644 --- a/src/tests/dump_request/dump_eval_blacklist.phpt +++ b/src/tests/dump_request/dump_eval_blacklist.phpt @@ -4,6 +4,13 @@ Dump eval blacklist +--CLEAN-- + --POST-- post_a=data_post_a&post_b=data_post_b --GET-- diff --git a/src/tests/dump_request/dump_eval_whitelist.phpt b/src/tests/dump_request/dump_eval_whitelist.phpt index 09f5523..cc5a824 100644 --- a/src/tests/dump_request/dump_eval_whitelist.phpt +++ b/src/tests/dump_request/dump_eval_whitelist.phpt @@ -4,6 +4,13 @@ Dump eval whitelist +--CLEAN-- + --POST-- post_a=data_post_a&post_b=data_post_b --GET-- diff --git a/src/tests/dump_request/dump_request.phpt b/src/tests/dump_request/dump_request.phpt index d18580b..f8dee11 100644 --- a/src/tests/dump_request/dump_request.phpt +++ b/src/tests/dump_request/dump_request.phpt @@ -5,7 +5,9 @@ Dump request if (!extension_loaded("snuffleupagus")) { print "skip"; } - +?> +--CLEAN-- + +--CLEAN-- + +--CLEAN-- + --POST-- post_a=data_post_a&post_b=data_post_b&post_c=c --GET-- @@ -20,15 +27,11 @@ END; sp.configuration_file={PWD}/config/dump_request.ini --FILE-- name), ZSTR_VAL(new_value)); if (!sp_ini_check(ini_entry->name, new_value, &sp_entry)) { return FAILURE; } @@ -96,7 +95,6 @@ void sp_hook_ini() { sp_ini_entry *sp_entry; zend_ini_entry *ini_entry; ZEND_HASH_FOREACH_PTR(cfg->entries, sp_entry) - sp_log_debug("hook entry `%s`", ZSTR_VAL(sp_entry->key)); if ((ini_entry = zend_hash_find_ptr(EG(ini_directives), sp_entry->key)) == NULL) { sp_log_warn("ini_protection", "Cannot hook INI var `%s`. Maybe a typo or the PHP extension providing this var is not loaded yet.", ZSTR_VAL(sp_entry->key)); continue; -- cgit v1.3 From 2f6eabb4b3b8e8477fa2c606890bf6cdd12bfdd7 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 11 Jan 2022 15:53:59 +0100 Subject: skip test if pcntl is missing --- src/tests/disable_function/disabled_functions_shell_exec_signal.phpt | 1 + 1 file changed, 1 insertion(+) (limited to 'src') diff --git a/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt b/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt index f99b423..c0b5103 100644 --- a/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt +++ b/src/tests/disable_function/disabled_functions_shell_exec_signal.phpt @@ -2,6 +2,7 @@ Disable functions - shell_exec via signal handler --SKIPIF-- + --EXTENSIONS-- pcntl -- cgit v1.3 From 046e39bd4a41cc2c509d975dc6cbf9ca6e49dfbc Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 11 Jan 2022 17:54:19 +0100 Subject: handle opcache test case failure --- .../disable_function/disabled_functions_shell_exec_opcache_preload.phpt | 2 ++ 1 file changed, 2 insertions(+) (limited to 'src') diff --git a/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt index 14e5d0d..7e076ae 100644 --- a/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt +++ b/src/tests/disable_function/disabled_functions_shell_exec_opcache_preload.phpt @@ -2,9 +2,11 @@ Disable functions - shell_exec via opcache.preload --SKIPIF-- + --EXTENSIONS-- opcache +--XFAIL-- --INI-- sp.configuration_file={PWD}/config/disabled_functions_extra.ini allow_url_include=1 -- cgit v1.3 From 62433175a6f7d31772942f1f49971c7085b83ab5 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 11 Jan 2022 19:46:19 +0100 Subject: fixed test case --- src/tests/disable_function/disabled_functions_chmod.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/tests/disable_function/disabled_functions_chmod.phpt b/src/tests/disable_function/disabled_functions_chmod.phpt index 28f948d..834bc31 100644 --- a/src/tests/disable_function/disabled_functions_chmod.phpt +++ b/src/tests/disable_function/disabled_functions_chmod.phpt @@ -11,4 +11,4 @@ chmod( 'foo', 0777 ); ?> --XFAIL-- --EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'chmod', because its argument '$mode' content (511) matched a rule in %a/disabled_function_chmod.php on line %d +Fatal error: [snuffleupagus][0.0.0.0][disabled_function][drop] Aborted execution on call of the function 'chmod', because its argument '$mode' content (511) matched a rule in %a.php on line %d -- cgit v1.3 From 2ed170be25a3a0dfe74c6520baf40ada89797ff7 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 11 Jan 2022 19:46:47 +0100 Subject: made xml a runtime requirement instead of compile time --- src/sp_disable_xxe.c | 24 ++++++++---------------- 1 file changed, 8 insertions(+), 16 deletions(-) (limited to 'src') diff --git a/src/sp_disable_xxe.c b/src/sp_disable_xxe.c index b6030c6..44e60ab 100644 --- a/src/sp_disable_xxe.c +++ b/src/sp_disable_xxe.c @@ -1,23 +1,22 @@ #include "php_snuffleupagus.h" -#ifdef HAVE_XML - PHP_FUNCTION(sp_libxml_disable_entity_loader) { - sp_log_warn("xxe", - "A call to libxml_disable_entity_loader was tried and nopped"); + sp_log_warn("xxe", "A call to libxml_disable_entity_loader was tried and nopped"); RETURN_TRUE; } PHP_FUNCTION(sp_libxml_set_external_entity_loader) { - sp_log_warn( - "xxe", - "A call to libxml_set_external_entity_loader was tried and nopped"); + sp_log_warn("xxe", "A call to libxml_set_external_entity_loader was tried and nopped"); RETURN_TRUE; } int hook_libxml_disable_entity_loader() { TSRMLS_FETCH(); + if (!zend_hash_str_find_ptr(&module_registry, ZEND_STRL("xml"))) { + sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP."); + } + zval func_name; zval retval; zval params[1] = {0}; @@ -34,15 +33,8 @@ int hook_libxml_disable_entity_loader() { ZVAL_NULL(¶ms[0]); call_user_function(CG(function_table), NULL, &func_name, &retval, 1, params); - HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook, - PHP_FN(sp_libxml_disable_entity_loader)); - HOOK_FUNCTION("libxml_set_external_entity_loader", sp_internal_functions_hook, - PHP_FN(sp_libxml_set_external_entity_loader)); + HOOK_FUNCTION("libxml_disable_entity_loader", sp_internal_functions_hook, PHP_FN(sp_libxml_disable_entity_loader)); + HOOK_FUNCTION("libxml_set_external_entity_loader", sp_internal_functions_hook, PHP_FN(sp_libxml_set_external_entity_loader)); return SUCCESS; } -#else -int hook_libxml_disable_entity_loader() { - sp_log_warn("xxe", "Cannot enable XXE protection. XML support is disabled in PHP."); -} -#endif \ No newline at end of file -- cgit v1.3 From c6c55498d9b3757f071f5effce39017ae10e913b Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 11 Jan 2022 19:47:15 +0100 Subject: removed a few newlines --- src/sp_session.c | 9 +++------ 1 file changed, 3 insertions(+), 6 deletions(-) (limited to 'src') diff --git a/src/sp_session.c b/src/sp_session.c index b54849e..214aa85 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -121,8 +121,7 @@ static PHP_INI_MH(sp_OnUpdateSaveHandler) { SESSION_G(mod) = s_original_mod; - int r = old_OnUpdateSaveHandler(entry, new_value, mh_arg1, mh_arg2, mh_arg3, - stage); + int r = old_OnUpdateSaveHandler(entry, new_value, mh_arg1, mh_arg2, mh_arg3, stage); sp_hook_session_module(); @@ -138,8 +137,7 @@ static int sp_hook_session_RINIT(INIT_FUNC_ARGS) { void hook_session() { zend_module_entry *module; - if ((module = zend_hash_str_find_ptr(&module_registry, - ZEND_STRL("session"))) == NULL) { + if ((module = zend_hash_str_find_ptr(&module_registry, ZEND_STRL("session"))) == NULL) { return; // LCOV_EXCL_LINE } @@ -160,8 +158,7 @@ void hook_session() { module->request_startup_func = sp_hook_session_RINIT; zend_ini_entry *ini_entry; - if ((ini_entry = zend_hash_str_find_ptr( - EG(ini_directives), ZEND_STRL("session.save_handler"))) != NULL) { + if ((ini_entry = zend_hash_str_find_ptr(EG(ini_directives), ZEND_STRL("session.save_handler"))) != NULL) { old_OnUpdateSaveHandler = ini_entry->on_modify; ini_entry->on_modify = sp_OnUpdateSaveHandler; } -- cgit v1.3 From bbba4e72b2234e2b527c9cfdc73018192ea2ab29 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Tue, 11 Jan 2022 19:58:23 +0100 Subject: fixed incorrect test description --- src/tests/phpinfo_presence.phpt | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/tests/phpinfo_presence.phpt b/src/tests/phpinfo_presence.phpt index c1388ed..48daffb 100644 --- a/src/tests/phpinfo_presence.phpt +++ b/src/tests/phpinfo_presence.phpt @@ -1,5 +1,5 @@ --TEST-- -Unserialize fail +phpinfo() showing snuffleupagus --SKIPIF-- --INI-- -- cgit v1.3 From 22aeaa944bf5e0646b6ec06995a184d64a55ded0 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 12 Jan 2022 10:39:29 +0100 Subject: fixed compiler warning + better warning message --- src/snuffleupagus.c | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index 53db721..caa6ba3 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -370,11 +370,11 @@ static PHP_INI_MH(OnUpdateConfiguration) { if (SPCFG(show_old_php_warning) && getenv("SP_SKIP_OLD_PHP_CHECK") == NULL) { time_t ts = time(NULL); - if (PHP_VERSION_ID < 70300 || - PHP_VERSION_ID < 70400 && ts >= (time_t)1638745200L || - PHP_VERSION_ID < 80000 && ts >= (time_t)1669590000L || - PHP_VERSION_ID < 80100 && ts >= (time_t)1700953200L) { - sp_log_warn("End-of-Life Check", "Your PHP version '" PHP_VERSION "' is not officially mainained anymore. Please upgrade as soon as possible."); + if ((PHP_VERSION_ID < 70300) || + (PHP_VERSION_ID < 70400 && ts >= (time_t)1638745200L) || + (PHP_VERSION_ID < 80000 && ts >= (time_t)1669590000L) || + (PHP_VERSION_ID < 80100 && ts >= (time_t)1700953200L)) { + sp_log_warn("End-of-Life Check", "Your PHP version '" PHP_VERSION "' is not officially mainained anymore. Please upgrade as soon as possible. - Note: This message can be switched off by setting 'sp.global.show_old_php_warning.disable();' in your rules file or by setting the environment variable SP_SKIP_OLD_PHP_CHECK=1."); } } return SUCCESS; -- cgit v1.3 From bbe6eaabbd0ff750e2e44c5b49c0ac4ea761c86b Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 12 Jan 2022 12:27:35 +0100 Subject: fixed potential oob read --- src/sp_pcre_compat.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src') diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index e994123..375a708 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -16,7 +16,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { PCRE2_SIZE erroroffset; ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &errornumber, &erroroffset, NULL); - pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)); + pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)-1); #else const char* pcre_error = NULL; int erroroffset; -- cgit v1.3 From 02fa1c084405fc96ba83a06cd83047ecd8eb22cb Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 12 Jan 2022 19:08:28 +0100 Subject: make session support a runtime check instead of compile time --- src/sp_config_keywords.c | 9 --------- src/sp_session.c | 11 ++--------- 2 files changed, 2 insertions(+), 18 deletions(-) (limited to 'src') diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 138da75..3e2b156 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -39,15 +39,6 @@ SP_PARSE_FN(parse_session) { SP_PROCESS_CONFIG_KEYWORDS_ERR(); -#if (!HAVE_PHP_SESSION || defined(COMPILE_DL_SESSION)) - sp_log_err("config", - "You're trying to use the session cookie encryption feature " - "on line %zu without having session support statically built into PHP. " - "This isn't supported, see " - "https://github.com/jvoisin/snuffleupagus/issues/278 for details.", parsed_rule->lineno); - return SP_PARSER_ERROR; -#endif - if (cfg->encrypt) { if (!SPCFG(cookies_env_var)) { sp_log_err("config", "You're trying to use the session cookie encryption feature " diff --git a/src/sp_session.c b/src/sp_session.c index 214aa85..6335838 100644 --- a/src/sp_session.c +++ b/src/sp_session.c @@ -1,7 +1,5 @@ #include "php_snuffleupagus.h" -#if (HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION)) - #ifdef ZTS static ts_rsrc_id session_globals_id = 0; #define SESSION_G(v) ZEND_TSRMG(session_globals_id, php_ps_globals *, v) @@ -10,7 +8,7 @@ ZEND_TSRMLS_CACHE_EXTERN(); #endif #else static php_ps_globals *session_globals = NULL; -#define SESSION_G(v) (ps_globals.v) +#define SESSION_G(v) (session_globals->v) #endif static ps_module *s_module; @@ -138,6 +136,7 @@ void hook_session() { zend_module_entry *module; if ((module = zend_hash_str_find_ptr(&module_registry, ZEND_STRL("session"))) == NULL) { + sp_log_err("session", "You are trying to use session encryption or session ID restrictions, but your PHP installation has no session support. Please install the PHP session module or recompile PHP with session support."); return; // LCOV_EXCL_LINE } @@ -166,9 +165,3 @@ void hook_session() { sp_hook_session_module(); } - -#else - -void hook_session() {} - -#endif // HAVE_PHP_SESSION && !defined(COMPILE_DL_SESSION) -- cgit v1.3 From 80228c69c19b131764cd5848071d25f7ba0ad249 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Wed, 12 Jan 2022 19:51:09 +0100 Subject: removed redundant tests + minor fixes --- src/tests/broken_configuration/broken_conf.phpt | 4 +-- src/tests/broken_configuration/broken_conf2.phpt | 4 +-- .../broken_conf_allow_broken_disabled.phpt | 4 +-- .../broken_conf_allow_broken_enabled.phpt | 4 +-- .../broken_conf_config_regexp.phpt | 5 +--- ...broken_conf_config_regexp_no_closing_paren.phpt | 4 +-- ...f_cookie_encryption_without_encryption_key.phpt | 4 +-- ...ken_conf_cookie_encryption_without_env_var.phpt | 4 +-- .../broken_conf_cookie_name_and_regexp.phpt | 4 +-- .../broken_conf_enable_disable.phpt | 4 +-- .../broken_conf_enable_disable2.phpt | 2 +- .../broken_configuration/broken_conf_eval.phpt | 4 +-- .../broken_conf_expecting_bool.phpt | 4 +-- .../broken_conf_invalid_cidr.phpt | 4 +-- .../broken_conf_invalid_cidr6.phpt | 4 +-- .../broken_conf_invalid_cidr6_no_slash.phpt | 4 +-- .../broken_conf_invalid_cidr6_too_big.phpt | 4 +-- .../broken_conf_invalid_cidr_value.phpt | 4 +-- .../broken_conf_invalid_filename.phpt | 4 +-- .../broken_conf_invalid_log_media.phpt | 4 +-- .../broken_conf_invalid_type.phpt | 4 +-- .../broken_conf_key_value.phpt | 4 +-- .../broken_conf_line_empty_string.phpt | 4 +-- .../broken_conf_line_no_closing.phpt | 4 +-- .../broken_conf_local_var_1.phpt | 5 +--- .../broken_conf_local_var_10.phpt | 5 +--- .../broken_conf_local_var_11.phpt | 5 +--- .../broken_conf_local_var_12.phpt | 4 +-- .../broken_conf_local_var_13.phpt | 5 +--- .../broken_conf_local_var_14.phpt | 5 +--- .../broken_conf_local_var_15.phpt | 5 +--- .../broken_conf_local_var_16.phpt | 5 +--- .../broken_conf_local_var_2.phpt | 5 +--- .../broken_conf_local_var_3.phpt | 5 +--- .../broken_conf_local_var_4.phpt | 5 +--- .../broken_conf_local_var_5.phpt | 5 +--- .../broken_conf_local_var_6.phpt | 5 +--- .../broken_conf_local_var_7.phpt | 5 +--- .../broken_conf_local_var_8.phpt | 5 +--- .../broken_conf_local_var_9.phpt | 4 +-- .../broken_conf_lots_of_quotes.phpt | 4 +-- .../broken_conf_missing_script.phpt | 5 ++-- .../broken_conf_mutually_exclusive.phpt | 4 +-- .../broken_conf_mutually_exclusive10.phpt | 4 +-- .../broken_conf_mutually_exclusive11.phpt | 4 +-- .../broken_conf_mutually_exclusive12.phpt | 4 +-- .../broken_conf_mutually_exclusive2.phpt | 4 +-- .../broken_conf_mutually_exclusive3.phpt | 4 +-- .../broken_conf_mutually_exclusive4.phpt | 4 +-- .../broken_conf_mutually_exclusive5.phpt | 4 +-- .../broken_conf_mutually_exclusive6.phpt | 4 +-- .../broken_conf_mutually_exclusive7.phpt | 4 +-- .../broken_conf_mutually_exclusive8.phpt | 4 +-- .../broken_conf_mutually_exclusive9.phpt | 4 +-- .../broken_conf_no_cookie_action.phpt | 4 +-- .../broken_conf_no_cookie_name.phpt | 4 +-- .../broken_conf_nonexisting_script.phpt | 5 ++-- .../broken_configuration/broken_conf_quotes.phpt | 5 +--- .../broken_conf_readonly_exec.phpt | 5 ++-- .../broken_configuration/broken_conf_samesite.phpt | 4 +-- .../broken_conf_session_encryption.phpt | 4 +-- ..._session_encryption_without_encryption_key.phpt | 7 +++-- ...en_conf_session_encryption_without_env_var.phpt | 7 +++-- .../broken_conf_shown_in_phpinfo.phpt | 5 +--- .../broken_conf_truncated.phpt | 4 +-- .../broken_conf_unserialize.phpt | 5 ++-- .../broken_conf_upload_validation.phpt | 5 ++-- .../broken_conf_weird_keyword.phpt | 4 +-- .../broken_conf_wrapper_whitelist.phpt | 4 +-- .../broken_conf_wrong_quotes.phpt | 4 +-- .../broken_conf_wrong_type.phpt | 4 +-- src/tests/broken_configuration/broken_regexp.phpt | 5 +--- .../broken_unmatching_brackets.phpt | 5 +--- .../encrypt_key_too_short.phpt | 4 +-- .../encrypt_regexp_cookies_bad_regexp.phpt | 7 ++--- .../broken_configuration_php8/broken_conf.phpt | 13 --------- .../broken_configuration_php8/broken_conf2.phpt | 13 --------- .../broken_conf_allow_broken_disabled.phpt | 18 ------------ .../broken_conf_allow_broken_enabled.phpt | 16 ----------- .../broken_conf_config_regexp.phpt | 15 ---------- ...broken_conf_config_regexp_no_closing_paren.phpt | 13 --------- ...f_cookie_encryption_without_encryption_key.phpt | 13 --------- ...ken_conf_cookie_encryption_without_env_var.phpt | 13 --------- .../broken_conf_cookie_name_and_regexp.phpt | 14 --------- .../broken_conf_enable_disable.phpt | 14 --------- .../broken_conf_enable_disable2.phpt | 9 ------ .../broken_conf_eval.phpt | 14 --------- .../broken_conf_expecting_bool.phpt | 13 --------- .../broken_conf_invalid_cidr.phpt | 13 --------- .../broken_conf_invalid_cidr6.phpt | 14 --------- .../broken_conf_invalid_cidr6_no_slash.phpt | 14 --------- .../broken_conf_invalid_cidr6_too_big.phpt | 14 --------- .../broken_conf_invalid_cidr_value.phpt | 14 --------- .../broken_conf_invalid_filename.phpt | 13 --------- .../broken_conf_invalid_log_media.phpt | 13 --------- .../broken_conf_invalid_type.phpt | 13 --------- .../broken_conf_key_value.phpt | 13 --------- .../broken_conf_line_empty_string.phpt | 13 --------- .../broken_conf_line_no_closing.phpt | 13 --------- .../broken_conf_local_var_1.phpt | 16 ----------- .../broken_conf_local_var_10.phpt | 16 ----------- .../broken_conf_local_var_11.phpt | 16 ----------- .../broken_conf_local_var_12.phpt | 14 --------- .../broken_conf_local_var_13.phpt | 16 ----------- .../broken_conf_local_var_14.phpt | 16 ----------- .../broken_conf_local_var_15.phpt | 16 ----------- .../broken_conf_local_var_16.phpt | 16 ----------- .../broken_conf_local_var_2.phpt | 16 ----------- .../broken_conf_local_var_3.phpt | 16 ----------- .../broken_conf_local_var_4.phpt | 16 ----------- .../broken_conf_local_var_5.phpt | 16 ----------- .../broken_conf_local_var_6.phpt | 16 ----------- .../broken_conf_local_var_7.phpt | 16 ----------- .../broken_conf_local_var_8.phpt | 16 ----------- .../broken_conf_local_var_9.phpt | 16 ----------- .../broken_conf_lots_of_quotes.phpt | 13 --------- .../broken_conf_missing_script.phpt | 16 ----------- .../broken_conf_mutually_exclusive.phpt | 13 --------- .../broken_conf_mutually_exclusive10.phpt | 14 --------- .../broken_conf_mutually_exclusive11.phpt | 13 --------- .../broken_conf_mutually_exclusive12.phpt | 13 --------- .../broken_conf_mutually_exclusive2.phpt | 13 --------- .../broken_conf_mutually_exclusive3.phpt | 13 --------- .../broken_conf_mutually_exclusive4.phpt | 14 --------- .../broken_conf_mutually_exclusive5.phpt | 14 --------- .../broken_conf_mutually_exclusive6.phpt | 13 --------- .../broken_conf_mutually_exclusive7.phpt | 13 --------- .../broken_conf_mutually_exclusive8.phpt | 13 --------- .../broken_conf_mutually_exclusive9.phpt | 14 --------- .../broken_conf_no_cookie_action.phpt | 14 --------- .../broken_conf_no_cookie_name.phpt | 14 --------- .../broken_conf_no_file_specified.phpt | 10 ------- .../broken_conf_nonexisting_script.phpt | 17 ----------- .../broken_conf_quotes.phpt | 16 ----------- .../broken_conf_readonly_exec.phpt | 16 ----------- .../broken_conf_samesite.phpt | 13 --------- .../broken_conf_session_encryption.phpt | 13 --------- ..._session_encryption_without_encryption_key.phpt | 15 ---------- ...en_conf_session_encryption_without_env_var.phpt | 15 ---------- .../broken_conf_shown_in_phpinfo.phpt | 26 ----------------- .../broken_conf_truncated.phpt | 13 --------- .../broken_conf_unserialize.phpt | 16 ----------- .../broken_conf_upload_validation.phpt | 16 ----------- .../broken_conf_weird_keyword.phpt | 13 --------- .../broken_conf_wrapper_whitelist.phpt | 17 ----------- .../broken_conf_wrong_quotes.phpt | 13 --------- .../broken_conf_wrong_type.phpt | 14 --------- .../broken_invalid_client_ip4.phpt | 16 ----------- .../broken_configuration_php8/broken_regexp.phpt | 15 ---------- .../broken_unmatching_brackets.phpt | 16 ----------- .../config/broken_conf.ini | 1 - .../config/broken_conf2.ini | 1 - .../config/broken_conf_cookie_action.ini | 1 - ...nf_cookie_encryption_without_encryption_key.ini | 2 -- ...oken_conf_cookie_encryption_without_env_var.ini | 2 -- .../config/broken_conf_cookie_name_and_regexp.ini | 2 -- .../config/broken_conf_cookie_samesite.ini | 1 - .../config/broken_conf_eval.ini | 1 - .../config/broken_conf_expecting_bool.ini | 5 ---- .../config/broken_conf_invalid_cidr.ini | 1 - .../config/broken_conf_invalid_cidr6.ini | 1 - .../config/broken_conf_invalid_cidr6_no_slash.ini | 1 - .../config/broken_conf_invalid_cidr6_too_big.ini | 1 - .../config/broken_conf_invalid_cidr_value.ini | 1 - .../config/broken_conf_invalid_filename.ini | 1 - .../config/broken_conf_invalid_log_media.ini | 1 - .../config/broken_conf_invalid_type.ini | 1 - .../config/broken_conf_key_value.ini | 1 - .../config/broken_conf_line_empty_string.ini | 1 - .../config/broken_conf_line_no_closing.ini | 1 - .../config/broken_conf_local_var_1.ini | 1 - .../config/broken_conf_local_var_10.ini | 1 - .../config/broken_conf_local_var_11.ini | 1 - .../config/broken_conf_local_var_12.ini | 1 - .../config/broken_conf_local_var_13.ini | 1 - .../config/broken_conf_local_var_14.ini | 1 - .../config/broken_conf_local_var_15.ini | 1 - .../config/broken_conf_local_var_16.ini | 1 - .../config/broken_conf_local_var_2.ini | 1 - .../config/broken_conf_local_var_3.ini | 1 - .../config/broken_conf_local_var_4.ini | 1 - .../config/broken_conf_local_var_5.ini | 1 - .../config/broken_conf_local_var_6.ini | 1 - .../config/broken_conf_local_var_7.ini | 1 - .../config/broken_conf_local_var_8.ini | 1 - .../config/broken_conf_local_var_9.ini | 1 - .../config/broken_conf_lots_of_quotes.ini | 1 - .../config/broken_conf_missing_script.ini | 1 - .../config/broken_conf_mutually_exclusive.ini | 1 - .../config/broken_conf_mutually_exclusive10.ini | 1 - .../config/broken_conf_mutually_exclusive11.ini | 1 - .../config/broken_conf_mutually_exclusive12.ini | 1 - .../config/broken_conf_mutually_exclusive2.ini | 1 - .../config/broken_conf_mutually_exclusive3.ini | 1 - .../config/broken_conf_mutually_exclusive4.ini | 1 - .../config/broken_conf_mutually_exclusive5.ini | 1 - .../config/broken_conf_mutually_exclusive6.ini | 1 - .../config/broken_conf_mutually_exclusive7.ini | 1 - .../config/broken_conf_mutually_exclusive8.ini | 1 - .../config/broken_conf_mutually_exclusive9.ini | 1 - .../config/broken_conf_nonexisting_script.ini | 1 - .../config/broken_conf_quotes.ini | 3 -- .../config/broken_conf_readonly_exec.ini | 1 - .../config/broken_conf_session_encryption.ini | 1 - ...f_session_encryption_without_encryption_key.ini | 2 -- ...ken_conf_session_encryption_without_env_var.ini | 2 -- .../config/broken_conf_to_few_args.ini | 1 - .../config/broken_conf_unserialize.ini | 1 - .../config/broken_conf_weird_keyword.ini | 1 - .../config/broken_conf_wrapper_whitelist.ini | 1 - .../config/broken_conf_wrong_quotes.ini | 1 - .../config/broken_conf_wrong_type.ini | 5 ---- .../config/broken_config_regexp.ini | 1 - .../broken_config_regexp_no_closing_paren.ini | 1 - .../config/broken_regexp.ini | 1 - .../config/config_broken_conf_truncated.ini | 1 - .../config/config_encrypted_cookies_noname.ini | 3 -- .../config_encrypted_regexp_cookies_bad_regexp.ini | 3 -- .../config/config_unmatching_brackets.ini | 1 - .../config/disabled_functions_cidr.ini | 9 ------ .../encrypt_key_too_short.phpt | 22 --------------- .../encrypt_regexp_cookies_bad_regexp.phpt | 22 --------------- .../disabled_functions_param_broken_line.phpt | 4 +-- .../disabled_functions_param_invalid_pos.phpt | 4 +-- src/tests/inexistent_conf_file.phpt | 4 +-- src/tests/inexistent_conf_file_list.phpt | 4 +-- src/tests/php8/inexistent_conf_file.phpt | 14 --------- src/tests/php8/inexistent_conf_file_list.phpt | 14 --------- .../crypt_session_corrupted_session.phpt | 5 ++-- .../session_encryption/crypt_session_invalid.phpt | 5 ++-- .../crypt_session_invalid_simul.phpt | 8 ++++-- .../crypt_session_invalid_simul_php8.phpt | 33 ---------------------- .../crypt_session_read_uncrypt.phpt | 3 ++ .../session_encryption/crypt_session_valid.phpt | 3 ++ .../crypt_session_valid_simul.phpt | 3 ++ .../set_custom_session_handler.phpt | 3 ++ .../set_custom_session_handler2.phpt | 3 ++ .../set_custom_session_handler_ini.phpt | 3 ++ src/tests/sid_too_long.phpt | 3 ++ src/tests/sid_too_short.phpt | 3 ++ 240 files changed, 126 insertions(+), 1551 deletions(-) delete mode 100644 src/tests/broken_configuration_php8/broken_conf.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf2.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_enable_disable.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_eval.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_cidr6.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_no_slash.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_key_value.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_1.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_10.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_11.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_12.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_13.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_14.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_15.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_16.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_2.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_3.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_4.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_5.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_6.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_7.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_8.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_local_var_9.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_missing_script.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive10.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_mutually_exclusive9.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_no_cookie_action.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_no_cookie_name.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_no_file_specified.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_nonexisting_script.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_quotes.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_samesite.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_truncated.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_unserialize.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_conf_wrong_type.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_invalid_client_ip4.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_regexp.phpt delete mode 100644 src/tests/broken_configuration_php8/broken_unmatching_brackets.phpt delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf2.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_cookie_action.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_encryption_key.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_env_var.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_cookie_samesite.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_eval.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_expecting_bool.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_no_slash.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_too_big.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr_value.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_filename.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_log_media.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_invalid_type.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_key_value.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_line_empty_string.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_line_no_closing.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_1.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_10.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_11.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_12.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_13.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_14.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_15.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_16.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_2.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_3.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_4.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_5.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_6.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_7.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_8.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_local_var_9.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_lots_of_quotes.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_missing_script.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive10.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive11.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive12.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive2.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive3.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive4.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive5.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive6.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive7.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive8.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive9.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_nonexisting_script.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_quotes.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_readonly_exec.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_session_encryption.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_encryption_key.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_env_var.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_to_few_args.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_unserialize.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_weird_keyword.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_wrapper_whitelist.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_wrong_quotes.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_conf_wrong_type.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_config_regexp.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_config_regexp_no_closing_paren.ini delete mode 100644 src/tests/broken_configuration_php8/config/broken_regexp.ini delete mode 100644 src/tests/broken_configuration_php8/config/config_broken_conf_truncated.ini delete mode 100644 src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini delete mode 100644 src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini delete mode 100644 src/tests/broken_configuration_php8/config/config_unmatching_brackets.ini delete mode 100644 src/tests/broken_configuration_php8/config/disabled_functions_cidr.ini delete mode 100644 src/tests/broken_configuration_php8/encrypt_key_too_short.phpt delete mode 100644 src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt delete mode 100644 src/tests/php8/inexistent_conf_file.phpt delete mode 100644 src/tests/php8/inexistent_conf_file_list.phpt delete mode 100644 src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt (limited to 'src') diff --git a/src/tests/broken_configuration/broken_conf.phpt b/src/tests/broken_configuration/broken_conf.phpt index 59bfcaf..3500b42 100644 --- a/src/tests/broken_configuration/broken_conf.phpt +++ b/src/tests/broken_configuration/broken_conf.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf2.phpt b/src/tests/broken_configuration/broken_conf2.phpt index 9cc6264..a26d5c8 100644 --- a/src/tests/broken_configuration/broken_conf2.phpt +++ b/src/tests/broken_configuration/broken_conf2.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf2.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'wrong' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'wrong' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt b/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt index a88a751..f43c790 100644 --- a/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt +++ b/src/tests/broken_configuration/broken_conf_allow_broken_disabled.phpt @@ -2,17 +2,15 @@ Broken configuration with allow broken turned off --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf.ini sp.allow_broken_configuration=Off +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt b/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt index f410431..b999e7e 100644 --- a/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt +++ b/src/tests/broken_configuration/broken_conf_allow_broken_enabled.phpt @@ -2,16 +2,14 @@ Broken configuration with allow broken turned on --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf.ini sp.allow_broken_configuration=On +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 1337 diff --git a/src/tests/broken_configuration/broken_conf_config_regexp.phpt b/src/tests/broken_configuration/broken_conf_config_regexp.phpt index 6428c4a..27fff9c 100644 --- a/src/tests/broken_configuration/broken_conf_config_regexp.phpt +++ b/src/tests/broken_configuration/broken_conf_config_regexp.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_config_regexp.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt b/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt index 451d8f0..e32ffa8 100644 --- a/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt +++ b/src/tests/broken_configuration/broken_conf_config_regexp_no_closing_paren.phpt @@ -2,13 +2,11 @@ Broken configuration - regexp without a closing parenthesis --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_config_regexp_no_closing_paren.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'filename_r' - it should be 'filename_r("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'filename_r' - it should be 'filename_r("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt index 1a1e97b..90b497c 100644 --- a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt +++ b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_encryption_key.phpt @@ -2,13 +2,11 @@ Broken configuration - encrypted cookie without encryption key --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt index a7686aa..adefcab 100644 --- a/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration/broken_conf_cookie_encryption_without_env_var.phpt @@ -2,13 +2,11 @@ Broken configuration - encrypted cookie with without cookie env var --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_cookie_name_and_regexp.phpt b/src/tests/broken_configuration/broken_conf_cookie_name_and_regexp.phpt index 141cf77..9899912 100644 --- a/src/tests/broken_configuration/broken_conf_cookie_name_and_regexp.phpt +++ b/src/tests/broken_configuration/broken_conf_cookie_name_and_regexp.phpt @@ -2,13 +2,11 @@ Broken configuration - encrypted cookie with name and regexp --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_cookie_name_and_regexp.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] name and name_r are mutually exclusive on line 2 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] name and name_r are mutually exclusive on line 2 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_enable_disable.phpt b/src/tests/broken_configuration/broken_conf_enable_disable.phpt index 6ca95ea..cf80a9d 100644 --- a/src/tests/broken_configuration/broken_conf_enable_disable.phpt +++ b/src/tests/broken_configuration/broken_conf_enable_disable.phpt @@ -2,13 +2,11 @@ Global strict mode --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_enable_disable.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_enable_disable2.phpt b/src/tests/broken_configuration/broken_conf_enable_disable2.phpt index 77d5f83..21380ce 100644 --- a/src/tests/broken_configuration/broken_conf_enable_disable2.phpt +++ b/src/tests/broken_configuration/broken_conf_enable_disable2.phpt @@ -2,8 +2,8 @@ Global strict mode --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable2.ini +error_log=/dev/null --FILE-- --EXPECTF-- diff --git a/src/tests/broken_configuration/broken_conf_eval.phpt b/src/tests/broken_configuration/broken_conf_eval.phpt index 0fd9a86..d09beec 100644 --- a/src/tests/broken_configuration/broken_conf_eval.phpt +++ b/src/tests/broken_configuration/broken_conf_eval.phpt @@ -2,13 +2,11 @@ Broken configuration for eval --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_eval.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'list' - it should be 'list("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'list' - it should be 'list("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_expecting_bool.phpt b/src/tests/broken_configuration/broken_conf_expecting_bool.phpt index 75c4977..38417b9 100644 --- a/src/tests/broken_configuration/broken_conf_expecting_bool.phpt +++ b/src/tests/broken_configuration/broken_conf_expecting_bool.phpt @@ -2,13 +2,11 @@ Bad boolean value in configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_expecting_bool.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 5 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 5 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr.phpt index e618676..74f13ac 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '42' isn't a valid ipv4 mask. in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] '42' isn't a valid ipv4 mask. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr6.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr6.phpt index 34a0d30..3765c22 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr6.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr6.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] 'ZZZ' isn't a valid network mask. in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] 'ZZZ' isn't a valid network mask. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr6_no_slash.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr6_no_slash.phpt index 8703dff..a6eea84 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr6_no_slash.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr6_no_slash.phpt @@ -2,13 +2,11 @@ Broken configuration, invalid cidr for ipv6 because there is no `/` in it --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_no_slash.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '2001:0db8:0000:0000:0000:ff00:0042:8329' isn't a valid network mask, it seems that you forgot a '/'. in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] '2001:0db8:0000:0000:0000:ff00:0042:8329' isn't a valid network mask, it seems that you forgot a '/'. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt index 58065a4..0fa61aa 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr6_too_big.phpt @@ -3,13 +3,11 @@ Broken configuration, cidr for ipv6 is too big, that will `mod` to 25. (13337%128 = 25) --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] '13337' isn't a valid network mask. in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] '13337' isn't a valid network mask. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt b/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt index 1ec4d36..9894975 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_cidr_value.phpt @@ -3,13 +3,11 @@ Broken configuration, invalid cidr value (13337%128 = 25) --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_cidr_value.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'cidr' - it should be 'cidr("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'cidr' - it should be 'cidr("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_filename.phpt b/src/tests/broken_configuration/broken_conf_invalid_filename.phpt index da33d55..bf74900 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_filename.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_filename.phpt @@ -2,13 +2,11 @@ Broken configuration filename without absolute path --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_filename.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': '.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt index a6cab6f..af0d61f 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_log_media.phpt @@ -2,13 +2,11 @@ Broken configuration filename with improper log media --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_log_media.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_invalid_type.phpt b/src/tests/broken_configuration/broken_conf_invalid_type.phpt index 784ee11..acb8fee 100644 --- a/src/tests/broken_configuration/broken_conf_invalid_type.phpt +++ b/src/tests/broken_configuration/broken_conf_invalid_type.phpt @@ -2,13 +2,11 @@ Broken conf with wrong type --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_invalid_type.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'ret_type' - it should be 'ret_type("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'ret_type' - it should be 'ret_type("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_key_value.phpt b/src/tests/broken_configuration/broken_conf_key_value.phpt index e5b8620..6acb2af 100644 --- a/src/tests/broken_configuration/broken_conf_key_value.phpt +++ b/src/tests/broken_configuration/broken_conf_key_value.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_key_value.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_line_empty_string.phpt b/src/tests/broken_configuration/broken_conf_line_empty_string.phpt index 7d5bb49..06553d8 100644 --- a/src/tests/broken_configuration/broken_conf_line_empty_string.phpt +++ b/src/tests/broken_configuration/broken_conf_line_empty_string.phpt @@ -2,13 +2,11 @@ Configuration line with an empty string --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_line_empty_string.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_line_no_closing.phpt b/src/tests/broken_configuration/broken_conf_line_no_closing.phpt index 5700962..8b06dc5 100644 --- a/src/tests/broken_configuration/broken_conf_line_no_closing.phpt +++ b/src/tests/broken_configuration/broken_conf_line_no_closing.phpt @@ -2,13 +2,11 @@ Configuration line without closing parenthese --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_line_no_closing.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_1.phpt b/src/tests/broken_configuration/broken_conf_local_var_1.phpt index 851d532..dab3b56 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_1.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_1.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_1.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value ']' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value ']' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_10.phpt b/src/tests/broken_configuration/broken_conf_local_var_10.phpt index 747cc5a..7633107 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_10.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_10.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_10.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]asd' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]asd' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_11.phpt b/src/tests/broken_configuration/broken_conf_local_var_11.phpt index 11ca562..f881df4 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_11.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_11.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_11.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `::` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd::' for `param` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `::` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd::' for `param` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_12.phpt b/src/tests/broken_configuration/broken_conf_local_var_12.phpt index 962f5ab..43dda8a 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_12.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_12.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_12.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Empty value in `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Empty value in `var` on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_13.phpt b/src/tests/broken_configuration/broken_conf_local_var_13.phpt index 5c33fdd..d771060 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_13.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_13.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_13.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd->asd' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd->asd' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_14.phpt b/src/tests/broken_configuration/broken_conf_local_var_14.phpt index a831ef7..38225b6 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_14.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_14.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_14.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid var name: $i+valid var name . in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$i+valid var name ' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid var name: $i+valid var name . in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$i+valid var name ' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_15.phpt b/src/tests/broken_configuration/broken_conf_local_var_15.phpt index 5d8c6f1..d58bccb 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_15.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_15.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_15.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid var name: $i$$!@#. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$i$$!@#->qwe' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid var name: $i$$!@#. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$i$$!@#->qwe' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_16.phpt b/src/tests/broken_configuration/broken_conf_local_var_16.phpt index 47c1f17..2206c7d 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_16.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_16.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_16.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing a closing quote. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '"' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing a closing quote. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '"' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_2.phpt b/src/tests/broken_configuration/broken_conf_local_var_2.phpt index ec7ac2c..8eb38d0 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_2.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_2.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_2.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `"` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '""asd' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `"` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '""asd' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_3.phpt b/src/tests/broken_configuration/broken_conf_local_var_3.phpt index 776cee0..959ae3f 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_3.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_3.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_3.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$qwe->::' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$qwe->::' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_4.phpt b/src/tests/broken_configuration/broken_conf_local_var_4.phpt index 4390640..eab4e26 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_4.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_4.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_4.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `"` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '"asd"asd[]' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `"` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '"asd"asd[]' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_5.phpt b/src/tests/broken_configuration/broken_conf_local_var_5.phpt index a73056e..2a87994 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_5.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_5.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_5.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `'` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value ''asd'asd[]' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `'` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value ''asd'asd[]' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_6.phpt b/src/tests/broken_configuration/broken_conf_local_var_6.phpt index 19b2915..8e69255 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_6.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_6.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_6.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `'` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '''asd' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `'` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '''asd' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_7.phpt b/src/tests/broken_configuration/broken_conf_local_var_7.phpt index 62e983f..4fb6047 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_7.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_7.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_7.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd-->' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd-->' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_8.phpt b/src/tests/broken_configuration/broken_conf_local_var_8.phpt index 1d170d2..11187cc 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_8.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_8.phpt @@ -2,14 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_8.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]"asd"' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]"asd"' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_local_var_9.phpt b/src/tests/broken_configuration/broken_conf_local_var_9.phpt index 5786e02..ec97f5d 100644 --- a/src/tests/broken_configuration/broken_conf_local_var_9.phpt +++ b/src/tests/broken_configuration/broken_conf_local_var_9.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_local_var_9.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]'asd'' for `var` on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt b/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt index 22fa558..0896868 100644 --- a/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt +++ b/src/tests/broken_configuration/broken_conf_lots_of_quotes.phpt @@ -2,13 +2,11 @@ Configuration line with too many quotes --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_lots_of_quotes.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_missing_script.phpt b/src/tests/broken_configuration/broken_conf_missing_script.phpt index df4f717..0b8a183 100644 --- a/src/tests/broken_configuration/broken_conf_missing_script.phpt +++ b/src/tests/broken_configuration/broken_conf_missing_script.phpt @@ -1,17 +1,16 @@ --TEST-- Invalid configuration file for upload --SKIPIF-- -= 80000) print "skip"; ?> + --INI-- file_uploads=1 sp.configuration_file={PWD}/config/broken_conf_missing_script.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.upload_validation' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.upload_validation' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt index a4a38aa..df7085a 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive10.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive10.phpt index 932f584..de8f909 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive10.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive10.phpt @@ -2,13 +2,11 @@ Broken configuration - enabled/disabled readonly --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive10.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt index eb4856f..07f5077 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive11.phpt @@ -2,13 +2,11 @@ Broken configuration - ret and var are mutually exclusives --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt index 186de9d..8cf2bf0 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive12.phpt @@ -2,13 +2,11 @@ Broken configuration - ret and value are mutually exclusive --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt index 512cbe7..9474909 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive2.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt index fb91a4c..2730694 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive3.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt index 3c0faca..fd7041f 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive4.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt index b19a651..7bf1f88 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive5.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt index fe23788..2083894 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive6.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for 'sp.disabled_functions': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt index cb12b44..64baefd 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive7.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive7.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt index bbb7d84..f8277eb 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive8.phpt @@ -2,13 +2,11 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive8.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': must take a function name on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: 'sp.disabled_functions': must take a function name on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_mutually_exclusive9.phpt b/src/tests/broken_configuration/broken_conf_mutually_exclusive9.phpt index b384d77..1a62ef0 100644 --- a/src/tests/broken_configuration/broken_conf_mutually_exclusive9.phpt +++ b/src/tests/broken_configuration/broken_conf_mutually_exclusive9.phpt @@ -2,13 +2,11 @@ Broken configuration - enabled/disabled unserialize --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive9.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_no_cookie_action.phpt b/src/tests/broken_configuration/broken_conf_no_cookie_action.phpt index 62831d4..668e09c 100644 --- a/src/tests/broken_configuration/broken_conf_no_cookie_action.phpt +++ b/src/tests/broken_configuration/broken_conf_no_cookie_action.phpt @@ -2,13 +2,11 @@ Bad config, invalid action. --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_cookie_action.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You must specify a at least one action to a cookie on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You must specify a at least one action to a cookie on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_no_cookie_name.phpt b/src/tests/broken_configuration/broken_conf_no_cookie_name.phpt index 51d2980..e074411 100644 --- a/src/tests/broken_configuration/broken_conf_no_cookie_name.phpt +++ b/src/tests/broken_configuration/broken_conf_no_cookie_name.phpt @@ -2,13 +2,11 @@ Broken configuration - encrypted cookie with no name --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_encrypted_cookies_noname.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You must specify a cookie name/regexp on line 2 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You must specify a cookie name/regexp on line 2 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_nonexisting_script.phpt b/src/tests/broken_configuration/broken_conf_nonexisting_script.phpt index fa891d8..df0c231 100644 --- a/src/tests/broken_configuration/broken_conf_nonexisting_script.phpt +++ b/src/tests/broken_configuration/broken_conf_nonexisting_script.phpt @@ -1,17 +1,16 @@ --TEST-- Invalid configuration file for upload --SKIPIF-- -= 80000) print "skip"; ?> + --INI-- file_uploads=1 sp.configuration_file={PWD}/config/broken_conf_nonexisting_script.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` (./non_existing_script.sh) doesn't exist on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` (./non_existing_script.sh) doesn't exist on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_quotes.phpt b/src/tests/broken_configuration/broken_conf_quotes.phpt index 5b7b839..da168ae 100644 --- a/src/tests/broken_configuration/broken_conf_quotes.phpt +++ b/src/tests/broken_configuration/broken_conf_quotes.phpt @@ -2,14 +2,11 @@ Broken configuration - missing quote --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_quotes.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You forgot to close a bracket. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '_SERVER[PHP_SELF' for `var` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You forgot to close a bracket. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '_SERVER[PHP_SELF' for `var` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_readonly_exec.phpt b/src/tests/broken_configuration/broken_conf_readonly_exec.phpt index 0028394..a53024e 100644 --- a/src/tests/broken_configuration/broken_conf_readonly_exec.phpt +++ b/src/tests/broken_configuration/broken_conf_readonly_exec.phpt @@ -1,17 +1,16 @@ --TEST-- Invalid configuration file for readonly_exec --SKIPIF-- -= 80000) print "skip"; ?> + --INI-- file_uploads=1 sp.configuration_file={PWD}/config/broken_conf_readonly_exec.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_samesite.phpt b/src/tests/broken_configuration/broken_conf_samesite.phpt index 6328ad8..0a39915 100644 --- a/src/tests/broken_configuration/broken_conf_samesite.phpt +++ b/src/tests/broken_configuration/broken_conf_samesite.phpt @@ -2,13 +2,11 @@ Bad config, invalid samesite type. --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_cookie_samesite.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] 'nop' is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] 'nop' is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_session_encryption.phpt b/src/tests/broken_configuration/broken_conf_session_encryption.phpt index c8fa30e..0a031c8 100644 --- a/src/tests/broken_configuration/broken_conf_session_encryption.phpt +++ b/src/tests/broken_configuration/broken_conf_session_encryption.phpt @@ -2,13 +2,11 @@ Broken config, session encryption --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_session_encryption.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'encrypt' - it should be 'encrypt()' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'encrypt' - it should be 'encrypt()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt b/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt index e5632fa..63af9e8 100644 --- a/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt +++ b/src/tests/broken_configuration/broken_conf_session_encryption_without_encryption_key.phpt @@ -2,13 +2,14 @@ Broken configuration - encrypted session without encryption key --SKIPIF-- -= 80000) print "skip"; ?> + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_encryption_key.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt b/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt index 47f57d3..80b3a5f 100644 --- a/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt +++ b/src/tests/broken_configuration/broken_conf_session_encryption_without_env_var.phpt @@ -2,13 +2,14 @@ Broken configuration - encrypted session without env var --SKIPIF-- -= 80000) print "skip"; ?> + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_env_var.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt b/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt index cb93a25..616bef8 100644 --- a/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt +++ b/src/tests/broken_configuration/broken_conf_shown_in_phpinfo.phpt @@ -2,9 +2,9 @@ Broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_config_regexp.ini +error_log=/dev/null --FILE-- no') !== FALSE) { } ?> --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': %a. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_truncated.phpt b/src/tests/broken_configuration/broken_conf_truncated.phpt index 3cb292b..06a53a9 100644 --- a/src/tests/broken_configuration/broken_conf_truncated.phpt +++ b/src/tests/broken_configuration/broken_conf_truncated.phpt @@ -1,14 +1,12 @@ --TEST-- Bad boolean value in configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_broken_conf_truncated.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'param' - it should be 'param("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'param' - it should be 'param("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_unserialize.phpt b/src/tests/broken_configuration/broken_conf_unserialize.phpt index faf1032..e897388 100644 --- a/src/tests/broken_configuration/broken_conf_unserialize.phpt +++ b/src/tests/broken_configuration/broken_conf_unserialize.phpt @@ -1,17 +1,16 @@ --TEST-- Invalid configuration file for unserialize --SKIPIF-- -= 80000) print "skip"; ?> + --INI-- file_uploads=1 sp.configuration_file={PWD}/config/broken_conf_unserialize.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_upload_validation.phpt b/src/tests/broken_configuration/broken_conf_upload_validation.phpt index 7fe80a9..7c8f604 100644 --- a/src/tests/broken_configuration/broken_conf_upload_validation.phpt +++ b/src/tests/broken_configuration/broken_conf_upload_validation.phpt @@ -1,17 +1,16 @@ --TEST-- Invalid configuration file for upload validation --SKIPIF-- -= 80000) print "skip"; ?> + --INI-- file_uploads=1 sp.configuration_file={PWD}/config/broken_conf_upload_validation.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'script' - it should be 'script("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'script' - it should be 'script("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_weird_keyword.phpt b/src/tests/broken_configuration/broken_conf_weird_keyword.phpt index b0394fa..663f153 100644 --- a/src/tests/broken_configuration/broken_conf_weird_keyword.phpt +++ b/src/tests/broken_configuration/broken_conf_weird_keyword.phpt @@ -2,13 +2,11 @@ Bad config, unknown keyword --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_weird_keyword.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'not_a_valid_keyword' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'not_a_valid_keyword' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt index 668a3ef..37d074a 100644 --- a/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt +++ b/src/tests/broken_configuration/broken_conf_wrapper_whitelist.phpt @@ -2,17 +2,15 @@ Broken configuration with invalid token for wrapper whitelist --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_wrapper_whitelist.ini sp.allow_broken_configuration=Off +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'invalid_param' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'invalid_param' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt b/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt index e49ef90..cd19eb3 100644 --- a/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt +++ b/src/tests/broken_configuration/broken_conf_wrong_quotes.phpt @@ -2,13 +2,11 @@ Configuration line with too many quotes --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_wrong_quotes.ini +error_log=/dev/null --FILE-- --EXPECT-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_conf_wrong_type.phpt b/src/tests/broken_configuration/broken_conf_wrong_type.phpt index b204968..a24b415 100644 --- a/src/tests/broken_configuration/broken_conf_wrong_type.phpt +++ b/src/tests/broken_configuration/broken_conf_wrong_type.phpt @@ -2,13 +2,11 @@ Broken conf with wrong type --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_conf_wrong_type.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][error][log] .ret_type() is expecting a valid php type ('false', 'true', 'array'. 'object', 'long', 'double', 'null', 'resource', 'reference', 'undef') on line 5 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][error][log] .ret_type() is expecting a valid php type ('false', 'true', 'array'. 'object', 'long', 'double', 'null', 'resource', 'reference', 'undef') on line 5 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_regexp.phpt b/src/tests/broken_configuration/broken_regexp.phpt index 2d4259f..f216e9a 100644 --- a/src/tests/broken_configuration/broken_regexp.phpt +++ b/src/tests/broken_configuration/broken_regexp.phpt @@ -2,14 +2,11 @@ Broken regexp --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/broken_regexp.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '^$[' for '.value_r()' on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '^$[' for '.value_r()' on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/broken_unmatching_brackets.phpt b/src/tests/broken_configuration/broken_unmatching_brackets.phpt index ba14ff3..d900eaa 100644 --- a/src/tests/broken_configuration/broken_unmatching_brackets.phpt +++ b/src/tests/broken_configuration/broken_unmatching_brackets.phpt @@ -2,14 +2,11 @@ Broken configuration - unmatching brackets --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_unmatching_brackets.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'arr[b]]]]]' for `param` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'arr[b]]]]]' for `param` on line 1 in Unknown on line 0 diff --git a/src/tests/broken_configuration/encrypt_key_too_short.phpt b/src/tests/broken_configuration/encrypt_key_too_short.phpt index 9b1828c..a6feb6e 100644 --- a/src/tests/broken_configuration/encrypt_key_too_short.phpt +++ b/src/tests/broken_configuration/encrypt_key_too_short.phpt @@ -2,9 +2,9 @@ Cookie encryption key too short --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_encryption_key_short.ini +error_log=/dev/null --COOKIE-- --ENV-- return << --EXPECT-- -PHP Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0 - Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0 Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt index ef83154..f660f28 100644 --- a/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt +++ b/src/tests/broken_configuration/encrypt_regexp_cookies_bad_regexp.phpt @@ -2,7 +2,6 @@ Cookie decryption in ipv4 --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini error_reporting=1 @@ -15,9 +14,7 @@ HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like EOF; --FILE-- ---EXPECT-- +--EXPECTF-- Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 - -Fatal error: [snuffleupagus][127.0.0.1][config][log] Failed to compile '^super_co[a-z+$': missing terminating ] for character class. in Unknown on line 0 - +%A Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid regexp '^super_co[a-z+$' for '.name_r()' on line 2 in Unknown on line 0 diff --git a/src/tests/broken_configuration_php8/broken_conf.phpt b/src/tests/broken_configuration_php8/broken_conf.phpt deleted file mode 100644 index 9a5a5ab..0000000 --- a/src/tests/broken_configuration_php8/broken_conf.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf2.phpt b/src/tests/broken_configuration_php8/broken_conf2.phpt deleted file mode 100644 index 94ebc01..0000000 --- a/src/tests/broken_configuration_php8/broken_conf2.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf2.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'wrong' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt b/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt deleted file mode 100644 index ad3aa08..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_allow_broken_disabled.phpt +++ /dev/null @@ -1,18 +0,0 @@ ---TEST-- -Broken configuration with allow broken turned off ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf.ini -sp.allow_broken_configuration=Off ---FILE-- - ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt b/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt deleted file mode 100644 index 0f71408..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_allow_broken_enabled.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration with allow broken turned on ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf.ini -sp.allow_broken_configuration=On ---FILE-- - ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Parser error on line 1 in Unknown on line 0 -1337 diff --git a/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt b/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt deleted file mode 100644 index c4eec17..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_config_regexp.phpt +++ /dev/null @@ -1,15 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_config_regexp.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt b/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt deleted file mode 100644 index 2629ba5..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_config_regexp_no_closing_paren.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration - regexp without a closing parenthesis ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_config_regexp_no_closing_paren.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'filename_r' - it should be 'filename_r("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt deleted file mode 100644 index 6213041..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_encryption_key.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration - encrypted cookie without encryption key ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt deleted file mode 100644 index 99e391e..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_cookie_encryption_without_env_var.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration - encrypted cookie with without cookie env var ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt deleted file mode 100644 index c02d67a..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration - encrypted cookie with name and regexp ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_cookie_name_and_regexp.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] name and name_r are mutually exclusive on line 2 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_enable_disable.phpt b/src/tests/broken_configuration_php8/broken_conf_enable_disable.phpt deleted file mode 100644 index d74709d..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_enable_disable.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Global strict mode ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable.ini ---FILE-- ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt b/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt deleted file mode 100644 index 2446663..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_enable_disable2.phpt +++ /dev/null @@ -1,9 +0,0 @@ ---TEST-- -Global strict mode ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_enable_disable2.ini ---FILE-- ---EXPECTF-- diff --git a/src/tests/broken_configuration_php8/broken_conf_eval.phpt b/src/tests/broken_configuration_php8/broken_conf_eval.phpt deleted file mode 100644 index f45aabf..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_eval.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration for eval ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_eval.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'list' - it should be 'list("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt b/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt deleted file mode 100644 index 419d687..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_expecting_bool.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Bad boolean value in configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_expecting_bool.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 5 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt deleted file mode 100644 index 7bbf132..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_cidr.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] '42' isn't a valid ipv4 mask. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6.phpt deleted file mode 100644 index 91bd4a2..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] 'ZZZ' isn't a valid network mask. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_no_slash.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_no_slash.phpt deleted file mode 100644 index c6c8231..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_no_slash.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration, invalid cidr for ipv6 because there is no `/` in it ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_no_slash.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] '2001:0db8:0000:0000:0000:ff00:0042:8329' isn't a valid network mask, it seems that you forgot a '/'. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt deleted file mode 100644 index c14e131..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr6_too_big.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration, cidr for ipv6 is too big, that will `mod` to 25. -(13337%128 = 25) ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_cidr6_too_big.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] '13337' isn't a valid network mask. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt deleted file mode 100644 index 31140dc..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_cidr_value.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration, invalid cidr value -(13337%128 = 25) ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_cidr_value.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'cidr' - it should be 'cidr("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt deleted file mode 100644 index da40235..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_filename.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration filename without absolute path ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_filename.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.filename' must be an absolute path or a phar archive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt deleted file mode 100644 index fda609d..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_log_media.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration filename with improper log media ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_log_media.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] .log_media() only supports 'syslog' or 'php' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt b/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt deleted file mode 100644 index 9e35170..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_invalid_type.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken conf with wrong type ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_invalid_type.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'ret_type' - it should be 'ret_type("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt b/src/tests/broken_configuration_php8/broken_conf_key_value.phpt deleted file mode 100644 index 909aae1..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_key_value.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_key_value.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.key' and '.value' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt b/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt deleted file mode 100644 index 5702f43..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_line_empty_string.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Configuration line with an empty string ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_line_empty_string.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt b/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt deleted file mode 100644 index 1a0a392..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_line_no_closing.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Configuration line without closing parenthese ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_line_no_closing.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_1.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_1.phpt deleted file mode 100644 index 52cd962..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_1.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_1.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value ']' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_10.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_10.phpt deleted file mode 100644 index 7817a19..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_10.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_10.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]asd' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_11.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_11.phpt deleted file mode 100644 index 06099a5..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_11.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_11.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `::` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd::' for `param` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_12.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_12.phpt deleted file mode 100644 index df753df..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_12.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_12.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Empty value in `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_13.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_13.phpt deleted file mode 100644 index 80bc068..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_13.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_13.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd->asd' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_14.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_14.phpt deleted file mode 100644 index 749c317..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_14.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_14.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid var name: $i+valid var name . in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$i+valid var name ' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_15.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_15.phpt deleted file mode 100644 index 97eab54..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_15.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_15.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid var name: $i$$!@#. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$i$$!@#->qwe' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_16.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_16.phpt deleted file mode 100644 index c643144..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_16.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_16.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing a closing quote. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '"' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_2.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_2.phpt deleted file mode 100644 index 8b769af..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_2.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_2.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `"` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '""asd' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_3.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_3.phpt deleted file mode 100644 index 850a977..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_3.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_3.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '$qwe->::' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_4.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_4.phpt deleted file mode 100644 index 5146590..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_4.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_4.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `"` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '"asd"asd[]' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_5.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_5.phpt deleted file mode 100644 index a7f8183..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_5.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_5.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `'` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value ''asd'asd[]' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_6.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_6.phpt deleted file mode 100644 index 283cb41..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_6.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_6.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `'` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '''asd' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_7.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_7.phpt deleted file mode 100644 index 223e599..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_7.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_7.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `->` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd-->' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_8.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_8.phpt deleted file mode 100644 index 058b5dd..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_8.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_8.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]"asd"' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_local_var_9.phpt b/src/tests/broken_configuration_php8/broken_conf_local_var_9.phpt deleted file mode 100644 index c1eeae6..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_local_var_9.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_local_var_9.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'asd[asd]'asd'' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt b/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt deleted file mode 100644 index 27135ca..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_lots_of_quotes.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Configuration line with too many quotes ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_lots_of_quotes.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt b/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt deleted file mode 100644 index bb44f15..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_missing_script.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Invalid configuration file for upload ---SKIPIF-- - ---INI-- -file_uploads=1 -sp.configuration_file={PWD}/config/broken_conf_missing_script.ini ---FILE-- - ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` directive is mandatory in '.upload_validation' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt deleted file mode 100644 index f331eee..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.value' and '.value_r' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive10.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive10.phpt deleted file mode 100644 index c863bf9..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive10.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration - enabled/disabled readonly ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive10.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt deleted file mode 100644 index 93fc581..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive11.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration - ret and var are mutually exclusives ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for '%a': '.ret' and '.var' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt deleted file mode 100644 index 24162df..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive12.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration - ret and value are mutually exclusive ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for '%a': '.ret' and '.value' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt deleted file mode 100644 index 35c4de1..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive2.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive2.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.function' and '.function_r' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt deleted file mode 100644 index fd6e0b4..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive3.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive3.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.filename' and '.filename_r' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt deleted file mode 100644 index 80370f6..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive4.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive4.ini ---FILE-- ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.param' and '.param_r' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt deleted file mode 100644 index 3087a17..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive5.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive5.ini ---FILE-- ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line%a: '.ret' and '.ret_r' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt deleted file mode 100644 index 2099a4b..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive6.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive6.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line for '%a': '.ret' and '.param' are mutually exclusive on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt deleted file mode 100644 index f0b44da..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive7.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive7.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: '%a': The rule must either be a `drop` or `allow` one on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt deleted file mode 100644 index 8f6c246..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive8.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive8.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration line: '%a': must take a function name on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive9.phpt b/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive9.phpt deleted file mode 100644 index e4a2d6f..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_mutually_exclusive9.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration - enabled/disabled unserialize ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive9.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] A rule can't be enabled and disabled on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_no_cookie_action.phpt b/src/tests/broken_configuration_php8/broken_conf_no_cookie_action.phpt deleted file mode 100644 index 5fb3f0b..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_no_cookie_action.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Bad config, invalid action. ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_cookie_action.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You must specify a at least one action to a cookie on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_no_cookie_name.phpt b/src/tests/broken_configuration_php8/broken_conf_no_cookie_name.phpt deleted file mode 100644 index 1b2922b..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_no_cookie_name.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken configuration - encrypted cookie with no name ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/config_encrypted_cookies_noname.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You must specify a cookie name/regexp on line 2 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_no_file_specified.phpt b/src/tests/broken_configuration_php8/broken_conf_no_file_specified.phpt deleted file mode 100644 index cb2d95f..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_no_file_specified.phpt +++ /dev/null @@ -1,10 +0,0 @@ ---TEST-- -Broken configuration - No configuration file specified ---INI-- ---SKIPIF-- - ---FILE-- - ---EXPECT-- -Warning: [snuffleupagus][0.0.0.0][config][log] No configuration specificed via sp.configuration_file in Unknown on line 0 -1 diff --git a/src/tests/broken_configuration_php8/broken_conf_nonexisting_script.phpt b/src/tests/broken_configuration_php8/broken_conf_nonexisting_script.phpt deleted file mode 100644 index 21717a8..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_nonexisting_script.phpt +++ /dev/null @@ -1,17 +0,0 @@ ---TEST-- -Invalid configuration file for upload ---SKIPIF-- - ---INI-- -file_uploads=1 -sp.configuration_file={PWD}/config/broken_conf_nonexisting_script.ini ---FILE-- - ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] The `script` (./non_existing_script.sh) doesn't exist on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_quotes.phpt b/src/tests/broken_configuration_php8/broken_conf_quotes.phpt deleted file mode 100644 index d437669..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_quotes.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration - missing quote ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_quotes.ini ---FILE-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You forgot to close a bracket. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value '_SERVER[PHP_SELF' for `var` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt b/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt deleted file mode 100644 index 5107ede..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_readonly_exec.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Invalid configuration file for readonly_exec ---SKIPIF-- - ---INI-- -file_uploads=1 -sp.configuration_file={PWD}/config/broken_conf_readonly_exec.ini ---FILE-- - ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_samesite.phpt b/src/tests/broken_configuration_php8/broken_conf_samesite.phpt deleted file mode 100644 index 63075d0..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_samesite.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Bad config, invalid samesite type. ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_cookie_samesite.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] 'nop' is an invalid value to samesite (expected Lax or Strict) on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt b/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt deleted file mode 100644 index cc7369a..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_session_encryption.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Broken config, session encryption ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_session_encryption.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'encrypt' - it should be 'encrypt()' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt b/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt deleted file mode 100644 index b2d6ee0..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_encryption_key.phpt +++ /dev/null @@ -1,15 +0,0 @@ ---TEST-- -Broken configuration - encrypted session without encryption key ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_encryption_key.ini ---FILE-- ---XFAIL-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.secret_key` option in `sp.global`: please set it first in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt b/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt deleted file mode 100644 index 1753802..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_session_encryption_without_env_var.phpt +++ /dev/null @@ -1,15 +0,0 @@ ---TEST-- -Broken configuration - encrypted session without env var ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_session_encryption_without_env_var.ini ---FILE-- ---XFAIL-- ---EXPECT-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] You're trying to use the session cookie encryption feature on line 2 without having set the `.cookie_env_var` option in `sp.global`: please set it first in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt b/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt deleted file mode 100644 index 23a8e53..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_shown_in_phpinfo.phpt +++ /dev/null @@ -1,26 +0,0 @@ ---TEST-- -Broken configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_config_regexp.ini ---FILE-- - no') !== FALSE) { - echo "win"; -} else { - echo "lose"; -} -?> ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '*.': quantifier does not follow a repeatable item. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '*.' for '.filename_r()' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_truncated.phpt b/src/tests/broken_configuration_php8/broken_conf_truncated.phpt deleted file mode 100644 index ff821f4..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_truncated.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Bad boolean value in configuration ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/config_broken_conf_truncated.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'param' - it should be 'param("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt b/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt deleted file mode 100644 index 5e6c28e..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_unserialize.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Invalid configuration file for unserialize ---SKIPIF-- - ---INI-- -file_uploads=1 -sp.configuration_file={PWD}/config/broken_conf_unserialize.ini ---FILE-- - ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing paranthesis for keyword 'enable' - it should be 'enable()' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt b/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt deleted file mode 100644 index 31afff9..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_upload_validation.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Invalid configuration file for upload validation ---SKIPIF-- - ---INI-- -file_uploads=1 -sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_upload_validation.ini ---FILE-- - ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'script' - it should be 'script("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt b/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt deleted file mode 100644 index 6082f42..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_weird_keyword.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Bad config, unknown keyword ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_weird_keyword.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'not_a_valid_keyword' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt deleted file mode 100644 index 1f2d9da..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_wrapper_whitelist.phpt +++ /dev/null @@ -1,17 +0,0 @@ ---TEST-- -Broken configuration with invalid token for wrapper whitelist ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_wrapper_whitelist.ini -sp.allow_broken_configuration=Off ---FILE-- - ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Unexpected keyword 'invalid_param' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt b/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt deleted file mode 100644 index d3cf9e0..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_wrong_quotes.phpt +++ /dev/null @@ -1,13 +0,0 @@ ---TEST-- -Configuration line with too many quotes ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_wrong_quotes.ini ---FILE-- ---EXPECT-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Missing argument to keyword 'name' - it should be 'name("...")' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_conf_wrong_type.phpt b/src/tests/broken_configuration_php8/broken_conf_wrong_type.phpt deleted file mode 100644 index 1f1cead..0000000 --- a/src/tests/broken_configuration_php8/broken_conf_wrong_type.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Broken conf with wrong type ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_conf_wrong_type.ini ---FILE-- ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][error][log] .ret_type() is expecting a valid php type ('false', 'true', 'array'. 'object', 'long', 'double', 'null', 'resource', 'reference', 'undef') on line 5 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_invalid_client_ip4.phpt b/src/tests/broken_configuration_php8/broken_invalid_client_ip4.phpt deleted file mode 100644 index a96b059..0000000 --- a/src/tests/broken_configuration_php8/broken_invalid_client_ip4.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Invalid client IP ---SKIPIF-- - ---ENV-- -return << ---EXPECTF-- -Fatal error: [snuffleupagus][xyz][cidr_match][log] Weird ip (xyz) family in %a/broken_invalid_client_ip4.php on line 2 \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/broken_regexp.phpt b/src/tests/broken_configuration_php8/broken_regexp.phpt deleted file mode 100644 index 7461d57..0000000 --- a/src/tests/broken_configuration_php8/broken_regexp.phpt +++ /dev/null @@ -1,15 +0,0 @@ ---TEST-- -Broken regexp ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/broken_regexp.ini ---FILE-- ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to compile '^$[': missing terminating ] for character class. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid regexp '^$[' for '.value_r()' on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/broken_unmatching_brackets.phpt b/src/tests/broken_configuration_php8/broken_unmatching_brackets.phpt deleted file mode 100644 index d143cbd..0000000 --- a/src/tests/broken_configuration_php8/broken_unmatching_brackets.phpt +++ /dev/null @@ -1,16 +0,0 @@ ---TEST-- -Broken configuration - unmatching brackets ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/config_unmatching_brackets.ini ---FILE-- ---EXPECTF-- - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid `]` position. in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid value 'arr[b]]]]]' for `param` on line 1 in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/broken_configuration_php8/config/broken_conf.ini b/src/tests/broken_configuration_php8/config/broken_conf.ini deleted file mode 100644 index 0595320..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf.ini +++ /dev/null @@ -1 +0,0 @@ -this is a broken line diff --git a/src/tests/broken_configuration_php8/config/broken_conf2.ini b/src/tests/broken_configuration_php8/config/broken_conf2.ini deleted file mode 100644 index fdb6b8f..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf2.ini +++ /dev/null @@ -1 +0,0 @@ -sp.wrong diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_action.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_action.ini deleted file mode 100644 index 5f07c28..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_action.ini +++ /dev/null @@ -1 +0,0 @@ -sp.cookie.name("my_cookie_name"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_encryption_key.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_encryption_key.ini deleted file mode 100644 index a100bd8..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_encryption_key.ini +++ /dev/null @@ -1,2 +0,0 @@ -sp.global.cookie_env_var("MY_SUPER_ENV_VAR_YAY"); -sp.cookie.name("my_cookie_name").encrypt(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_env_var.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_env_var.ini deleted file mode 100644 index 54cb101..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_encryption_without_env_var.ini +++ /dev/null @@ -1,2 +0,0 @@ -sp.global.secret_key("super secret encryption key"); -sp.cookie.name("my_cookie_name").encrypt(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini deleted file mode 100644 index 6b43b71..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini +++ /dev/null @@ -1,2 +0,0 @@ -sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); -sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_samesite.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_samesite.ini deleted file mode 100644 index acc4aa0..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_samesite.ini +++ /dev/null @@ -1 +0,0 @@ -sp.cookie.name("my_cookie_name").samesite("nop"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_eval.ini b/src/tests/broken_configuration_php8/config/broken_conf_eval.ini deleted file mode 100644 index 80ef7e5..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_eval.ini +++ /dev/null @@ -1 +0,0 @@ -sp.eval_blacklist.list("cos,sin diff --git a/src/tests/broken_configuration_php8/config/broken_conf_expecting_bool.ini b/src/tests/broken_configuration_php8/config/broken_conf_expecting_bool.ini deleted file mode 100644 index 51c28b2..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_expecting_bool.ini +++ /dev/null @@ -1,5 +0,0 @@ - # this is an example of broken conf - - - ; this is another comment -sp.harden_random.enable(1337); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr.ini deleted file mode 100644 index b1929c1..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").drop().cidr("127.0.0.1/42"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6.ini deleted file mode 100644 index 5e91faf..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329/ZZZ"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_no_slash.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_no_slash.ini deleted file mode 100644 index 067209f..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_no_slash.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_too_big.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_too_big.ini deleted file mode 100644 index f82b18b..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr6_too_big.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").drop().cidr("2001:0db8:0000:0000:0000:ff00:0042:8329/13337"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr_value.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr_value.ini deleted file mode 100644 index 06a56bd..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_cidr_value.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").drop().cidr(" diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_filename.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_filename.ini deleted file mode 100644 index 1be3b51..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_filename.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("sprintf").filename("wrong file name").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_log_media.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_log_media.ini deleted file mode 100644 index 9e7cea0..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_log_media.ini +++ /dev/null @@ -1 +0,0 @@ -sp.log_media("pouet"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_invalid_type.ini b/src/tests/broken_configuration_php8/config/broken_conf_invalid_type.ini deleted file mode 100644 index c52994e..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_invalid_type.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("strpos").ret_type("totally_wrong"_type") diff --git a/src/tests/broken_configuration_php8/config/broken_conf_key_value.ini b/src/tests/broken_configuration_php8/config/broken_conf_key_value.ini deleted file mode 100644 index a0edaf2..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_key_value.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("").value("").key("").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_line_empty_string.ini b/src/tests/broken_configuration_php8/config/broken_conf_line_empty_string.ini deleted file mode 100644 index dfa5520..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_line_empty_string.ini +++ /dev/null @@ -1 +0,0 @@ -sp.cookie.name( diff --git a/src/tests/broken_configuration_php8/config/broken_conf_line_no_closing.ini b/src/tests/broken_configuration_php8/config/broken_conf_line_no_closing.ini deleted file mode 100644 index 6a8c922..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_line_no_closing.ini +++ /dev/null @@ -1 +0,0 @@ -sp.cookie.name("123" diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_1.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_1.ini deleted file mode 100644 index ae5165c..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_1.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("]").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_10.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_10.ini deleted file mode 100644 index 93dd07f..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_10.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("asd[asd]asd").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_11.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_11.ini deleted file mode 100644 index 028b1bd..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_11.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").param("asd::").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_12.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_12.ini deleted file mode 100644 index a151960..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_12.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_13.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_13.ini deleted file mode 100644 index e7c9778..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_13.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("asd->asd").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_14.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_14.ini deleted file mode 100644 index 6c98ec3..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_14.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("$i+valid var name ").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_15.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_15.ini deleted file mode 100644 index a8dc5a4..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_15.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("$i$$!@#->qwe").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_16.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_16.ini deleted file mode 100644 index 550719b..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_16.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("\"").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_2.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_2.ini deleted file mode 100644 index 145a3b5..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_2.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("\"\"asd").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_3.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_3.ini deleted file mode 100644 index 5d89076..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_3.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("\$qwe->::").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_4.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_4.ini deleted file mode 100644 index 3ec073b..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_4.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("\"asd\"asd[]").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_5.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_5.ini deleted file mode 100644 index cd350b6..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_5.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("'asd'asd[]").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_6.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_6.ini deleted file mode 100644 index 02f4f1a..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_6.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("''asd").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_7.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_7.ini deleted file mode 100644 index abbd223..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_7.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("asd-->").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_8.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_8.ini deleted file mode 100644 index fd18487..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_8.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("asd[asd]\"asd\"").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_local_var_9.ini b/src/tests/broken_configuration_php8/config/broken_conf_local_var_9.ini deleted file mode 100644 index a311b86..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_local_var_9.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").var("asd[asd]\'asd\'").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_lots_of_quotes.ini b/src/tests/broken_configuration_php8/config/broken_conf_lots_of_quotes.ini deleted file mode 100644 index 189a10d..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_lots_of_quotes.ini +++ /dev/null @@ -1 +0,0 @@ -sp.cookie.name("this\"is a weird\"\"\"cookie\"name""); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_missing_script.ini b/src/tests/broken_configuration_php8/config/broken_conf_missing_script.ini deleted file mode 100644 index a46f590..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_missing_script.ini +++ /dev/null @@ -1 +0,0 @@ -sp.upload_validation.enable(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive.ini deleted file mode 100644 index 7ea483f..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").param("id").value("42").value_r("^id$").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive10.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive10.ini deleted file mode 100644 index da8426e..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive10.ini +++ /dev/null @@ -1 +0,0 @@ -sp.readonly_exec.enable().disable(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive11.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive11.ini deleted file mode 100644 index cab163f..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive11.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("strcmp").drop().ret("hip").var("hop"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive12.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive12.ini deleted file mode 100644 index fe140db..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive12.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("strcmp").drop().ret("hip").value("hop"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive2.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive2.ini deleted file mode 100644 index 3ff3ca7..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive2.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").function_r("system").param("id").value("42").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive3.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive3.ini deleted file mode 100644 index f4f7604..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive3.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").param("id").value("42").filename_r("^id$").filename("pouet.txt").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive4.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive4.ini deleted file mode 100644 index c38a727..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive4.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").param("id").value("42").param_r("^id$").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive5.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive5.ini deleted file mode 100644 index 254b2a3..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive5.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").ret("0").drop().ret_r("^0$"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive6.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive6.ini deleted file mode 100644 index 7c6712c..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive6.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").param("id").value("42").ret_r("^0$").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive7.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive7.ini deleted file mode 100644 index feb3486..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive7.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("system").ret("0").drop().allow(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive8.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive8.ini deleted file mode 100644 index c9c9ea2..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive8.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.ret("0").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive9.ini b/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive9.ini deleted file mode 100644 index 7bf6a62..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_mutually_exclusive9.ini +++ /dev/null @@ -1 +0,0 @@ -sp.unserialize_hmac.enable().disable(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_nonexisting_script.ini b/src/tests/broken_configuration_php8/config/broken_conf_nonexisting_script.ini deleted file mode 100644 index 8327438..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_nonexisting_script.ini +++ /dev/null @@ -1 +0,0 @@ -sp.upload_validation.enable().script("./non_existing_script.sh"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_quotes.ini b/src/tests/broken_configuration_php8/config/broken_conf_quotes.ini deleted file mode 100644 index eac8739..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_quotes.ini +++ /dev/null @@ -1,3 +0,0 @@ -sp.disable_function.function("system").filename("/static_pages/index.php").var("_SERVER[PHP_SELF").value_r("\"").drop().alias("XSS"); -sp.disable_function.filename("include/imageobject_im.class.php").function("exec").var("CONFIG[im_options]).value_r("[^a-z0-9]").drop(); - diff --git a/src/tests/broken_configuration_php8/config/broken_conf_readonly_exec.ini b/src/tests/broken_configuration_php8/config/broken_conf_readonly_exec.ini deleted file mode 100644 index 9e11313..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_readonly_exec.ini +++ /dev/null @@ -1 +0,0 @@ -sp.readonly_exec.enable(1234); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_session_encryption.ini b/src/tests/broken_configuration_php8/config/broken_conf_session_encryption.ini deleted file mode 100644 index 66b7956..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_session_encryption.ini +++ /dev/null @@ -1 +0,0 @@ -sp.session.encrypt(invalid value :/); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_encryption_key.ini b/src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_encryption_key.ini deleted file mode 100644 index 2b6f674..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_encryption_key.ini +++ /dev/null @@ -1,2 +0,0 @@ -sp.global.cookie_env_var("MY_SUPER_ENV_VAR_YAY"); -sp.session.encrypt(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_env_var.ini b/src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_env_var.ini deleted file mode 100644 index 43caf4a..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_session_encryption_without_env_var.ini +++ /dev/null @@ -1,2 +0,0 @@ -sp.global.secret_key("super secret key, shhhh"); -sp.session.encrypt(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_to_few_args.ini b/src/tests/broken_configuration_php8/config/broken_conf_to_few_args.ini deleted file mode 100644 index 89e19be..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_to_few_args.ini +++ /dev/null @@ -1 +0,0 @@ -sp.harden_random.enable(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_unserialize.ini b/src/tests/broken_configuration_php8/config/broken_conf_unserialize.ini deleted file mode 100644 index 9cdc9a6..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_unserialize.ini +++ /dev/null @@ -1 +0,0 @@ -sp.unserialize_hmac.enable(1234); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_weird_keyword.ini b/src/tests/broken_configuration_php8/config/broken_conf_weird_keyword.ini deleted file mode 100644 index bf5e7f5..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_weird_keyword.ini +++ /dev/null @@ -1 +0,0 @@ -sp.harden_random.enable().not_a_valid_keyword("test"); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_wrapper_whitelist.ini b/src/tests/broken_configuration_php8/config/broken_conf_wrapper_whitelist.ini deleted file mode 100644 index b8e08a8..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_wrapper_whitelist.ini +++ /dev/null @@ -1 +0,0 @@ -sp.wrappers_whitelist.invalid_param(); diff --git a/src/tests/broken_configuration_php8/config/broken_conf_wrong_quotes.ini b/src/tests/broken_configuration_php8/config/broken_conf_wrong_quotes.ini deleted file mode 100644 index ff41f93..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_wrong_quotes.ini +++ /dev/null @@ -1 +0,0 @@ -sp.cookie.name("\) diff --git a/src/tests/broken_configuration_php8/config/broken_conf_wrong_type.ini b/src/tests/broken_configuration_php8/config/broken_conf_wrong_type.ini deleted file mode 100644 index b2943db..0000000 --- a/src/tests/broken_configuration_php8/config/broken_conf_wrong_type.ini +++ /dev/null @@ -1,5 +0,0 @@ -sp.disable_function.function("strpos").ret_type("undef").drop().alias("Return value is undef"); -sp.disable_function.function("strpos").ret_type("null").drop().alias("Return value is null"); -sp.disable_function.function("strpos").ret_type("object").drop().alias("Return value is object"); -sp.disable_function.function("strpos").ret_type("reference").drop().alias("Return value is reference"); -sp.disable_function.function("strpos").ret_type("totally_wrong_type").drop().alias("Return value is FALSE"); diff --git a/src/tests/broken_configuration_php8/config/broken_config_regexp.ini b/src/tests/broken_configuration_php8/config/broken_config_regexp.ini deleted file mode 100644 index 62bed11..0000000 --- a/src/tests/broken_configuration_php8/config/broken_config_regexp.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function_r("^system$").filename_r("*.").drop(); diff --git a/src/tests/broken_configuration_php8/config/broken_config_regexp_no_closing_paren.ini b/src/tests/broken_configuration_php8/config/broken_config_regexp_no_closing_paren.ini deleted file mode 100644 index 93e150b..0000000 --- a/src/tests/broken_configuration_php8/config/broken_config_regexp_no_closing_paren.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function_r("^system$").drop().filename_r("*." diff --git a/src/tests/broken_configuration_php8/config/broken_regexp.ini b/src/tests/broken_configuration_php8/config/broken_regexp.ini deleted file mode 100644 index 8e4bf69..0000000 --- a/src/tests/broken_configuration_php8/config/broken_regexp.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("AwesomeClass::method3").param("a").drop().value_r("^$["); diff --git a/src/tests/broken_configuration_php8/config/config_broken_conf_truncated.ini b/src/tests/broken_configuration_php8/config/config_broken_conf_truncated.ini deleted file mode 100644 index bf05dfb..0000000 --- a/src/tests/broken_configuration_php8/config/config_broken_conf_truncated.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("").param(no quote, omg! diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini deleted file mode 100644 index 43a4284..0000000 --- a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini +++ /dev/null @@ -1,3 +0,0 @@ -sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); -sp.cookie.name("").encrypt(); -sp.auto_cookie_secure.enable(); diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini deleted file mode 100644 index 817de14..0000000 --- a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini +++ /dev/null @@ -1,3 +0,0 @@ -sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR"); -sp.cookie.name_r("^super_co[a-z+$").encrypt(); -sp.auto_cookie_secure.enable(); diff --git a/src/tests/broken_configuration_php8/config/config_unmatching_brackets.ini b/src/tests/broken_configuration_php8/config/config_unmatching_brackets.ini deleted file mode 100644 index 45fa4fe..0000000 --- a/src/tests/broken_configuration_php8/config/config_unmatching_brackets.ini +++ /dev/null @@ -1 +0,0 @@ -sp.disable_function.function("foo").param("arr[b]]]]]").value("aaa").alias("4").drop(); diff --git a/src/tests/broken_configuration_php8/config/disabled_functions_cidr.ini b/src/tests/broken_configuration_php8/config/disabled_functions_cidr.ini deleted file mode 100644 index f69ce07..0000000 --- a/src/tests/broken_configuration_php8/config/disabled_functions_cidr.ini +++ /dev/null @@ -1,9 +0,0 @@ -sp.disable_function.function("system").drop().cidr("2001:ab9:a::123/64"); -sp.disable_function.function("system").drop().cidr("192.168.0.1/16"); -sp.disable_function.function("system").drop().cidr("127.0.0.1/8"); -sp.disable_function.function("printf").drop().cidr("10.0.0.1/8"); -sp.disable_function.function("strpos").drop().cidr("127.0.0.2/4"); -sp.disable_function.function("strpos").drop().cidr("::ffff:192.0.2.128/128"); -sp.disable_function.function("strpos").drop().cidr("2001:ab9:a::123/64"); -sp.disable_function.function("strpos").drop().cidr("2001:0db8:f000:f000:f000:ff00:0042:8329/124"); -sp.disable_function.function("printf").drop().cidr("2002:0db8:0000:0000:0000:ff00:0042:8329/24"); diff --git a/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt deleted file mode 100644 index c14785e..0000000 --- a/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt +++ /dev/null @@ -1,22 +0,0 @@ ---TEST-- -Cookie encryption key too short ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/../broken_configuration/config/config_encryption_key_short.ini ---COOKIE-- ---ENV-- -return << ---EXPECT-- -Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0 - -Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. \ No newline at end of file diff --git a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt deleted file mode 100644 index 6796c5b..0000000 --- a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt +++ /dev/null @@ -1,22 +0,0 @@ ---TEST-- -Cookie decryption in ipv4 ---SKIPIF-- - ---INI-- -sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini -error_reporting=1 ---COOKIE-- -super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value; ---ENV-- -return << ---EXPECT-- -Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid configuration file in Unknown on line 0 - -Fatal error: [snuffleupagus][127.0.0.1][config][log] Failed to compile '^super_co[a-z+$': missing terminating ] for character class. in Unknown on line 0 - -Fatal error: [snuffleupagus][127.0.0.1][config][log] Invalid regexp '^super_co[a-z+$' for '.name_r()' on line 2 in Unknown on line 0 diff --git a/src/tests/disable_function/disabled_functions_param_broken_line.phpt b/src/tests/disable_function/disabled_functions_param_broken_line.phpt index 806816d..5251e4c 100644 --- a/src/tests/disable_function/disabled_functions_param_broken_line.phpt +++ b/src/tests/disable_function/disabled_functions_param_broken_line.phpt @@ -2,17 +2,15 @@ Disable functions - match on a specific line - broken configuration --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/disabled_functions_broken_line.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to parse arg 'qwe' of `line` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to parse arg 'qwe' of `line` on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/disable_function/disabled_functions_param_invalid_pos.phpt b/src/tests/disable_function/disabled_functions_param_invalid_pos.phpt index e409300..235d3f7 100644 --- a/src/tests/disable_function/disabled_functions_param_invalid_pos.phpt +++ b/src/tests/disable_function/disabled_functions_param_invalid_pos.phpt @@ -2,16 +2,14 @@ Disable functions - match on argument's position --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/disabled_functions_invalid_pos.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to parse arg 'qwe' of `pos` on line 1 in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Failed to parse arg 'qwe' of `pos` on line 1 in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/inexistent_conf_file.phpt b/src/tests/inexistent_conf_file.phpt index cd10665..27b176f 100644 --- a/src/tests/inexistent_conf_file.phpt +++ b/src/tests/inexistent_conf_file.phpt @@ -2,14 +2,12 @@ Check for snuffleupagus presence --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/config/unexistent_configuration_file.ini +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Could not open configuration file %a/config/unexistent_configuration_file.ini : No such file or directory in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Could not open configuration file %a/config/unexistent_configuration_file.ini : No such file or directory in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/inexistent_conf_file_list.phpt b/src/tests/inexistent_conf_file_list.phpt index 6cac934..fe9a206 100644 --- a/src/tests/inexistent_conf_file_list.phpt +++ b/src/tests/inexistent_conf_file_list.phpt @@ -2,14 +2,12 @@ Non-existent configuration file in a list --SKIPIF-- -= 80000) print "skip"; ?> --INI-- sp.configuration_file={PWD}/../../config/default.rules,{PWD}/non_existent_configuration_file +error_log=/dev/null --FILE-- --EXPECTF-- -PHP Fatal error: [snuffleupagus][0.0.0.0][config][log] Could not open configuration file %a/non_existent_configuration_file : No such file or directory in Unknown on line 0 - Fatal error: [snuffleupagus][0.0.0.0][config][log] Could not open configuration file %a/non_existent_configuration_file : No such file or directory in Unknown on line 0 Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 diff --git a/src/tests/php8/inexistent_conf_file.phpt b/src/tests/php8/inexistent_conf_file.phpt deleted file mode 100644 index ac763aa..0000000 --- a/src/tests/php8/inexistent_conf_file.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Test for unexistent configuration file, in php8 ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/config/unexistent_configuration_file.ini ---FILE-- - ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Could not open configuration file %a/config/unexistent_configuration_file.ini : No such file or directory in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/php8/inexistent_conf_file_list.phpt b/src/tests/php8/inexistent_conf_file_list.phpt deleted file mode 100644 index 2309fc6..0000000 --- a/src/tests/php8/inexistent_conf_file_list.phpt +++ /dev/null @@ -1,14 +0,0 @@ ---TEST-- -Non-existent configuration file in a list in php8 ---SKIPIF-- - - ---INI-- -sp.configuration_file={PWD}/../../../config/default.rules,{PWD}/non_existent_configuration_file ---FILE-- - ---EXPECTF-- -Fatal error: [snuffleupagus][0.0.0.0][config][log] Could not open configuration file %a/non_existent_configuration_file : No such file or directory in Unknown on line 0 - -Fatal error: [snuffleupagus][0.0.0.0][config][log] Invalid configuration file in Unknown on line 0 -Could not startup. diff --git a/src/tests/session_encryption/crypt_session_corrupted_session.phpt b/src/tests/session_encryption/crypt_session_corrupted_session.phpt index db3f949..eca43b4 100644 --- a/src/tests/session_encryption/crypt_session_corrupted_session.phpt +++ b/src/tests/session_encryption/crypt_session_corrupted_session.phpt @@ -2,8 +2,9 @@ Set a custom session handler --SKIPIF-- -= 80000) print "skip"; ?> -= 70400) print "skip"; ?> + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini session.save_path="/tmp" diff --git a/src/tests/session_encryption/crypt_session_invalid.phpt b/src/tests/session_encryption/crypt_session_invalid.phpt index 967d9d1..a71a601 100644 --- a/src/tests/session_encryption/crypt_session_invalid.phpt +++ b/src/tests/session_encryption/crypt_session_invalid.phpt @@ -2,8 +2,9 @@ SESSION crypt and bad decrypt --SKIPIF-- -= 80000) print "skip"; ?> -= 70400) print "skip"; ?> + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini --ENV-- diff --git a/src/tests/session_encryption/crypt_session_invalid_simul.phpt b/src/tests/session_encryption/crypt_session_invalid_simul.phpt index 02db524..3eb619c 100644 --- a/src/tests/session_encryption/crypt_session_invalid_simul.phpt +++ b/src/tests/session_encryption/crypt_session_invalid_simul.phpt @@ -1,7 +1,10 @@ --TEST-- SESSION crypt and bad decrypt --SKIPIF-- - + + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session_simul.ini display_errors=0 @@ -30,5 +33,4 @@ unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp"); --EXPECTF-- array(0) { } -%aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul.php on line 9 -%aPHP Warning: session_start(): Failed to decode session object. Session has been destroyed in %a/crypt_session_invalid_simul.php on line 9 +%sPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul.php on line 9%A \ No newline at end of file diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt deleted file mode 100644 index a05b828..0000000 --- a/src/tests/session_encryption/crypt_session_invalid_simul_php8.phpt +++ /dev/null @@ -1,33 +0,0 @@ ---TEST-- -SESSION crypt and bad decrypt ---SKIPIF-- -= 80000) print "skip"; ?> ---INI-- -sp.configuration_file={PWD}/config/config_crypt_session_simul.ini -display_errors=0 -log_errors=1 -error_log="{PWD}"/crypt_session_invalid_simul.tmp ---ENV-- -return << ---EXPECTF-- -array(0) { -} -%aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9 diff --git a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt index e2e1737..5966f8e 100644 --- a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt +++ b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt @@ -2,6 +2,9 @@ SESSION crypt/decrypt valid --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session_simul.ini session.save_path="{PWD}" diff --git a/src/tests/session_encryption/crypt_session_valid.phpt b/src/tests/session_encryption/crypt_session_valid.phpt index c272486..a28685b 100644 --- a/src/tests/session_encryption/crypt_session_valid.phpt +++ b/src/tests/session_encryption/crypt_session_valid.phpt @@ -2,6 +2,9 @@ SESSION crypt/decrypt valid --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini --ENV-- diff --git a/src/tests/session_encryption/crypt_session_valid_simul.phpt b/src/tests/session_encryption/crypt_session_valid_simul.phpt index d63277d..6af015e 100644 --- a/src/tests/session_encryption/crypt_session_valid_simul.phpt +++ b/src/tests/session_encryption/crypt_session_valid_simul.phpt @@ -2,6 +2,9 @@ SESSION crypt/decrypt valid --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session_simul.ini --ENV-- diff --git a/src/tests/session_encryption/set_custom_session_handler.phpt b/src/tests/session_encryption/set_custom_session_handler.phpt index 1b81a04..04edcd0 100644 --- a/src/tests/session_encryption/set_custom_session_handler.phpt +++ b/src/tests/session_encryption/set_custom_session_handler.phpt @@ -2,6 +2,9 @@ Set a custom session handler --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini session.save_path="/tmp" diff --git a/src/tests/session_encryption/set_custom_session_handler2.phpt b/src/tests/session_encryption/set_custom_session_handler2.phpt index 58b6595..0ebf7b6 100644 --- a/src/tests/session_encryption/set_custom_session_handler2.phpt +++ b/src/tests/session_encryption/set_custom_session_handler2.phpt @@ -2,6 +2,9 @@ Set a custom session handler, twice --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini session.save_path="/tmp" diff --git a/src/tests/session_encryption/set_custom_session_handler_ini.phpt b/src/tests/session_encryption/set_custom_session_handler_ini.phpt index f9fbfb2..a454fc6 100644 --- a/src/tests/session_encryption/set_custom_session_handler_ini.phpt +++ b/src/tests/session_encryption/set_custom_session_handler_ini.phpt @@ -2,6 +2,9 @@ Set a custom session handler --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/config_crypt_session.ini session.save_handler = diff --git a/src/tests/sid_too_long.phpt b/src/tests/sid_too_long.phpt index 235b166..85f7fc2 100644 --- a/src/tests/sid_too_long.phpt +++ b/src/tests/sid_too_long.phpt @@ -2,6 +2,9 @@ SESSION ID too long --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/sid_length_limit.ini --FILE-- diff --git a/src/tests/sid_too_short.phpt b/src/tests/sid_too_short.phpt index 0d9d514..3ebbc58 100644 --- a/src/tests/sid_too_short.phpt +++ b/src/tests/sid_too_short.phpt @@ -2,6 +2,9 @@ SESSION ID too short --SKIPIF-- + +--EXTENSIONS-- +session --INI-- sp.configuration_file={PWD}/config/sid_length_limit.ini --FILE-- -- cgit v1.3 From dece0e45b7f66cc51bcbe590240eab3f82da900c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 5 Feb 2022 12:17:42 +0100 Subject: convert cidr to string --- src/sp_network_utils.c | 27 +++++++++++++++++++++++++++ src/sp_network_utils.h | 1 + 2 files changed, 28 insertions(+) (limited to 'src') diff --git a/src/sp_network_utils.c b/src/sp_network_utils.c index 0a26254..943c418 100644 --- a/src/sp_network_utils.c +++ b/src/sp_network_utils.c @@ -121,3 +121,30 @@ int get_ip_and_cidr(char *ip, sp_cidr *cidr) { return 0; } + +bool /* success */ get_ip_str(char *dst, size_t dst_len, sp_cidr *cidr) { + size_t ipstr_len = 0; + void *ip = NULL; + switch (cidr->ip_version) { + case AF_INET: + ipstr_len = INET_ADDRSTRLEN; + ip = &cidr->ip.ipv4; + break; + case AF_INET6: + ipstr_len = INET6_ADDRSTRLEN; + ip = &cidr->ip.ipv6; + break; + default: + return false; + } + + if (dst_len < ipstr_len + 1 + 3 + 1) { + return false; + } + if (!inet_ntop(cidr->ip_version, ip, dst, ipstr_len)) { + return false; + } + ipstr_len = strlen(dst); + snprintf(dst + ipstr_len, dst_len - ipstr_len, "/%d", cidr->mask); + return true; +} \ No newline at end of file diff --git a/src/sp_network_utils.h b/src/sp_network_utils.h index 2c1062a..69789a6 100644 --- a/src/sp_network_utils.h +++ b/src/sp_network_utils.h @@ -3,5 +3,6 @@ int get_ip_and_cidr(char *, sp_cidr *); bool cidr_match(const char *, const sp_cidr *); +bool /* success */ get_ip_str(char *dst, size_t dst_len, sp_cidr *cidr); #endif /*SP_NETWORK_UTILS_H*/ -- cgit v1.3 From 323f818a6ce33d021bc0a6d34064598917e68c91 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 5 Feb 2022 12:22:13 +0100 Subject: introduced sp_regexp / store original regex --- src/sp_config.c | 23 ++++++++++------------- src/sp_config.h | 16 ++++++++-------- src/sp_disabled_functions.c | 15 ++++++--------- src/sp_ini.c | 2 +- src/sp_pcre_compat.c | 14 +++----------- src/sp_pcre_compat.h | 38 +++++++++++++++++++++++++++++++------- src/sp_utils.c | 26 ++++++++------------------ src/sp_utils.h | 15 ++++++--------- src/sp_var_parser.c | 4 ++-- 9 files changed, 75 insertions(+), 78 deletions(-) (limited to 'src') diff --git a/src/sp_config.c b/src/sp_config.c index bc9aa0d..7294b0e 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -228,20 +228,17 @@ SP_PARSEKW_FN(parse_cidr) { } SP_PARSEKW_FN(parse_regexp) { - /* TODO: Do we want to use pcre_study? - * (http://www.pcre.org/original/doc/html/pcre_study.html) - * maybe not: http://sljit.sourceforge.net/pcre.html*/ CHECK_DUPLICATE_KEYWORD(retval); SP_PARSE_ARG(value); - sp_pcre *compiled_re = sp_pcre_compile(ZSTR_VAL(value)); + sp_regexp *compiled_re = sp_regexp_compile(value); if (!compiled_re) { sp_log_err("config", "Invalid regexp '%s' for '.%s()' on line %zu", ZSTR_VAL(value), token, kw->lineno); zend_string_release_ex(value, 1); return SP_PARSER_ERROR; } - *(sp_pcre **)retval = compiled_re; + *(sp_regexp **)retval = compiled_re; return SP_PARSER_SUCCESS; } @@ -252,24 +249,24 @@ void sp_free_disabled_function(void *data) { sp_free_zstr(df->textual_representation); sp_free_zstr(df->filename); - sp_pcre_free(df->r_filename); + sp_regexp_free(df->r_filename); sp_free_zstr(df->function); - sp_pcre_free(df->r_function); + sp_regexp_free(df->r_function); sp_list_free(df->functions_list, free); sp_free_zstr(df->hash); sp_tree_free(df->param); - sp_pcre_free(df->r_param); + sp_regexp_free(df->r_param); - sp_pcre_free(df->r_ret); + sp_regexp_free(df->r_ret); sp_free_zstr(df->ret); - sp_pcre_free(df->r_value); + sp_regexp_free(df->r_value); sp_free_zstr(df->value); - sp_pcre_free(df->r_key); + sp_regexp_free(df->r_key); sp_free_zstr(df->key); sp_free_zstr(df->dump); @@ -287,7 +284,7 @@ void sp_free_cookie(void *data) { sp_cookie *c = data; if (c->name) zend_string_release_ex(c->name, 1); - sp_pcre_free(c->name_r); + sp_regexp_free(c->name_r); } void sp_free_zstr(void *data) { @@ -302,7 +299,7 @@ void sp_free_ini_entry(void *data) { sp_free_zstr(entry->key); sp_free_zstr(entry->min); sp_free_zstr(entry->max); - sp_pcre_free(entry->regexp); + sp_regexp_free(entry->regexp); sp_free_zstr(entry->msg); sp_free_zstr(entry->set); } diff --git a/src/sp_config.h b/src/sp_config.h index 1a891c1..6d48240 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -63,7 +63,7 @@ typedef struct { enum samesite_type { strict = 1, lax = 2 } samesite; bool encrypt; zend_string *name; - sp_pcre *name_r; + sp_regexp *name_r; bool simulation; } sp_cookie; @@ -91,29 +91,29 @@ typedef struct { zend_string *textual_representation; zend_string *filename; - sp_pcre *r_filename; + sp_regexp *r_filename; zend_string *function; - sp_pcre *r_function; + sp_regexp *r_function; sp_list_node *functions_list; zend_string *hash; int simulation; sp_tree *param; - sp_pcre *r_param; + sp_regexp *r_param; sp_php_type param_type; int pos; unsigned int line; - sp_pcre *r_ret; + sp_regexp *r_ret; zend_string *ret; sp_php_type ret_type; - sp_pcre *r_value; + sp_regexp *r_value; zend_string *value; - sp_pcre *r_key; + sp_regexp *r_key; zend_string *key; zend_string *dump; @@ -157,7 +157,7 @@ typedef struct { sp_ini_permission access; zend_string *min; zend_string *max; - sp_pcre *regexp; + sp_regexp *regexp; zend_string *msg; zend_string *set; bool allow_null; diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 0ff859c..95e19ad 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -210,17 +210,15 @@ static zend_execute_data* is_file_matching( return ex; // LCOV_EXCL_LINE } ITERATE(ex); - if (zend_string_equals(ex->func->op_array.filename, - config_node->filename)) { + if (zend_string_equals(ex->func->op_array.filename, config_node->filename)) { return ex; // LCOV_EXCL_LINE } } else if (config_node->r_filename) { - if (sp_is_regexp_matching_zend(config_node->r_filename, current_filename)) { + if (sp_is_regexp_matching_zstr(config_node->r_filename, current_filename)) { return ex; } ITERATE(ex); - if (sp_is_regexp_matching_zend(config_node->r_filename, - ex->func->op_array.filename)) { + if (sp_is_regexp_matching_zstr(config_node->r_filename, ex->func->op_array.filename)) { return ex; } } @@ -481,10 +479,9 @@ ZEND_FUNCTION(check_disabled_function) { static int hook_functions_regexp(const sp_list_node* config) { while (config && config->data) { - const zend_string* function_name = - ((sp_disabled_function*)config->data)->function; - const sp_pcre* function_name_regexp = - ((sp_disabled_function*)config->data)->r_function; + const zend_string* function_name = ((sp_disabled_function*)config->data)->function; + sp_regexp *function_name_sp_regexp = ((sp_disabled_function*)config->data)->r_function; + const sp_pcre* function_name_regexp = function_name_sp_regexp ? function_name_sp_regexp->re : NULL; assert(function_name || function_name_regexp); diff --git a/src/sp_ini.c b/src/sp_ini.c index 62bd181..7fec297 100644 --- a/src/sp_ini.c +++ b/src/sp_ini.c @@ -66,7 +66,7 @@ static bool /* success */ sp_ini_check(zend_string *varname, zend_string *new_va } if (entry->regexp) { - if (!sp_is_regexp_matching_len(entry->regexp, ZSTR_VAL(new_value), ZSTR_LEN(new_value))) { + if (!sp_is_regexp_matching_zstr(entry->regexp, new_value)) { sp_log_ini_check_violation("%s", (entry->msg ? ZSTR_VAL(entry->msg) : "INI value does not match regex")); return simulation; } diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c index 375a708..81c51fd 100644 --- a/src/sp_pcre_compat.c +++ b/src/sp_pcre_compat.c @@ -1,10 +1,5 @@ #include "php_snuffleupagus.h" -inline void sp_pcre_free(sp_pcre* regexp) { -#ifdef SP_HAS_PCRE2 - pcre2_code_free(regexp); -#endif -} sp_pcre* sp_pcre_compile(const char* const pattern) { assert(NULL != pattern); @@ -14,8 +9,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { unsigned char pcre_error[128] = {0}; int errornumber; PCRE2_SIZE erroroffset; - ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, - PCRE2_CASELESS, &errornumber, &erroroffset, NULL); + ret = pcre2_compile((PCRE2_SPTR)pattern, PCRE2_ZERO_TERMINATED, PCRE2_CASELESS, &errornumber, &erroroffset, NULL); pcre2_get_error_message(errornumber, pcre_error, sizeof(pcre_error)-1); #else const char* pcre_error = NULL; @@ -29,16 +23,14 @@ sp_pcre* sp_pcre_compile(const char* const pattern) { return ret; } -bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, - size_t len) { +bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len) { int ret = 0; assert(NULL != regexp); assert(NULL != str); #ifdef SP_HAS_PCRE2 - pcre2_match_data* match_data = - pcre2_match_data_create_from_pattern(regexp, NULL); + pcre2_match_data* match_data = pcre2_match_data_create_from_pattern(regexp, NULL); if (NULL == match_data) { sp_log_err("regexp", "Unable to get memory for a regxp."); } diff --git a/src/sp_pcre_compat.h b/src/sp_pcre_compat.h index 725004d..6e9d91a 100644 --- a/src/sp_pcre_compat.h +++ b/src/sp_pcre_compat.h @@ -17,12 +17,36 @@ #endif sp_pcre* sp_pcre_compile(const char* str); -void sp_pcre_free(sp_pcre* regexp); -#define sp_is_regexp_matching_zend(regexp, zstr) \ - sp_is_regexp_matching_len(regexp, ZSTR_VAL(zstr), ZSTR_LEN(zstr)) -#define sp_is_regexp_matching(regexp, str) \ - sp_is_regexp_matching_len(regexp, str, strlen(str)) -bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, - size_t len); +static inline void sp_pcre_free(sp_pcre* regexp) { +#ifdef SP_HAS_PCRE2 + pcre2_code_free(regexp); +#endif +} +bool sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str, size_t len); + + +typedef struct { + sp_pcre *re; + zend_string *pattern; +} sp_regexp; + +#define sp_is_regexp_matching_zstr(regexp, zstr) sp_is_regexp_matching_len(regexp->re, ZSTR_VAL(zstr), ZSTR_LEN(zstr)) +#define sp_is_regexp_matching(regexp, str) sp_is_regexp_matching_len(regexp->re, str, strlen(str)) +static inline sp_regexp* sp_regexp_compile(zend_string *zstr) { + sp_pcre *re = sp_pcre_compile(ZSTR_VAL(zstr)); + if (!re) { return NULL; } + sp_regexp *ret = pecalloc(sizeof(sp_regexp), 1, 1); + ret->re = re; + ret->pattern = zstr; + return ret; +} +static inline void sp_regexp_free(sp_regexp *regexp) { + if (regexp) { + if (regexp->re) { sp_pcre_free(regexp->re); } + if (regexp->pattern) { zend_string_release(regexp->pattern); } + pefree(regexp, 1); + } +} + #endif // SP_PCRE_COMPAT_H diff --git a/src/sp_utils.c b/src/sp_utils.c index 034aaf4..6161859 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -253,15 +253,11 @@ const zend_string* sp_zval_to_zend_string(const zval* zv) { } } -bool sp_match_value(const zend_string* value, const zend_string* to_match, - const sp_pcre* rx) { +bool sp_match_value(const zend_string* value, const zend_string* to_match, const sp_regexp* rx) { if (to_match) { return (sp_zend_string_equals(to_match, value)); } else if (rx) { - char* tmp = zend_string_to_char(value); - bool ret = sp_is_regexp_matching(rx, tmp); - efree(tmp); - return ret; + return sp_is_regexp_matching_zstr(rx, value); } return true; } @@ -338,8 +334,7 @@ void sp_log_disable_ret(const char* restrict path, efree(char_repr); } -bool sp_match_array_key(const zval* zv, const zend_string* to_match, - const sp_pcre* rx) { +bool sp_match_array_key(const zval* zv, const zend_string* to_match, const sp_regexp* rx) { zend_string* key; zend_ulong idx; @@ -363,8 +358,7 @@ bool sp_match_array_key(const zval* zv, const zend_string* to_match, return false; } -bool sp_match_array_value(const zval* arr, const zend_string* to_match, - const sp_pcre* rx) { +bool sp_match_array_value(const zval* arr, const zend_string* to_match, const sp_regexp* rx) { zval* value; ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(arr), value) { @@ -380,8 +374,7 @@ bool sp_match_array_value(const zval* arr, const zend_string* to_match, return false; } -bool /* success */ _hook_function(const char* original_name, HashTable* hook_table, - zif_handler new_function) { +bool /* success */ _hook_function(const char* original_name, HashTable* hook_table, zif_handler new_function) { zend_function* func; if ((func = zend_hash_str_find_ptr(CG(function_table), VAR_AND_LEN(original_name)))) { if (func->type != ZEND_INTERNAL_FUNCTION) { @@ -393,8 +386,7 @@ bool /* success */ _hook_function(const char* original_name, HashTable* hook_tab if (zend_hash_str_add_new_ptr((hook_table), VAR_AND_LEN(original_name), func->internal_function.handler) == NULL) { // LCOV_EXCL_START - sp_log_err("function_pointer_saving", - "Could not save function pointer for %s", original_name); + sp_log_err("function_pointer_saving", "Could not save function pointer for %s", original_name); return false; // LCOV_EXCL_STOP } @@ -404,8 +396,7 @@ bool /* success */ _hook_function(const char* original_name, HashTable* hook_tab return false; } -bool hook_function(const char* original_name, HashTable* hook_table, - zif_handler new_function) { +bool hook_function(const char* original_name, HashTable* hook_table, zif_handler new_function) { bool ret = _hook_function(original_name, hook_table, new_function); #if PHP_VERSION_ID < 80000 @@ -433,8 +424,7 @@ bool hook_function(const char* original_name, HashTable* hook_table, return ret; } -int hook_regexp(const sp_pcre* regexp, HashTable* hook_table, - zif_handler new_function) { +int hook_regexp(const sp_pcre* regexp, HashTable* hook_table, zif_handler new_function) { zend_string* key; ZEND_HASH_FOREACH_STR_KEY(CG(function_table), key) diff --git a/src/sp_utils.h b/src/sp_utils.h index 0581363..0e595d8 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -71,17 +71,14 @@ extern int sp_debug_stderr; #define GET_SUFFIX(x) (x == 1) ? "st" : ((x == 2) ? "nd" : "th") const char *get_ipaddr(void); -void sp_log_msgf(char const *restrict feature, int level, int type, - const char *restrict fmt, ...); +void sp_log_msgf(char const *restrict feature, int level, int type, const char *restrict fmt, ...); int compute_hash(const char *const restrict filename, char *restrict file_hash); const zend_string *sp_zval_to_zend_string(const zval *); -bool sp_match_value(const zend_string *, const zend_string *, const sp_pcre *); -bool sp_match_array_key(const zval *, const zend_string *, const sp_pcre *); -bool sp_match_array_value(const zval *, const zend_string *, const sp_pcre *); -void sp_log_disable(const char *restrict, const char *restrict, - const zend_string *restrict, const sp_disabled_function *); -void sp_log_disable_ret(const char *restrict, const zend_string *restrict, - const sp_disabled_function *); +bool sp_match_value(const zend_string* value, const zend_string* to_match, const sp_regexp* rx); +bool sp_match_array_key(const zval *, const zend_string *, const sp_regexp *); +bool sp_match_array_value(const zval *, const zend_string *, const sp_regexp *); +void sp_log_disable(const char *restrict, const char *restrict, const zend_string *restrict, const sp_disabled_function *); +void sp_log_disable_ret(const char *restrict, const zend_string *restrict, const sp_disabled_function *); bool hook_function(const char *, HashTable *, zif_handler); void unhook_functions(HashTable *ht); int hook_regexp(const sp_pcre *, HashTable *, zif_handler); diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c index cc75d83..2639991 100644 --- a/src/sp_var_parser.c +++ b/src/sp_var_parser.c @@ -33,8 +33,8 @@ static bool is_var_name_valid(const char *const name) { if (NULL == regexp_var || NULL == regexp_const) { return false; // LCOV_EXCL_LINE } - if ((false == sp_is_regexp_matching(regexp_var, name)) && - (false == sp_is_regexp_matching(regexp_const, name))) { + if ((false == sp_is_regexp_matching_len(regexp_var, VAR_AND_LEN(name))) && + (false == sp_is_regexp_matching_len(regexp_const, VAR_AND_LEN(name)))) { return false; } return true; -- cgit v1.3 From 4d4ae75f0b843e06c666ea192a912316a9e1497c Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 5 Feb 2022 12:23:04 +0100 Subject: sp_list length --- src/sp_list.c | 6 ++++++ src/sp_list.h | 1 + 2 files changed, 7 insertions(+) (limited to 'src') diff --git a/src/sp_list.c b/src/sp_list.c index 92e628d..ab752f7 100644 --- a/src/sp_list.c +++ b/src/sp_list.c @@ -75,3 +75,9 @@ sp_list_node *sp_list_prepend(sp_list_node *list, void *data) { new->data = data; return new; } + +size_t sp_list_len(sp_list_node *p) { + size_t num = 0; + for (; p; p = p->next) { num++; } + return num; +} diff --git a/src/sp_list.h b/src/sp_list.h index 7ceee50..81bbb29 100644 --- a/src/sp_list.h +++ b/src/sp_list.h @@ -13,5 +13,6 @@ sp_list_node *sp_list_insert(sp_list_node *, void *); sp_list_node *sp_list_prepend(sp_list_node *, void *); void sp_list_free(sp_list_node *, void (*free_data_func)(void *data)); void sp_list_free2(sp_list_node *node); +size_t sp_list_len(sp_list_node *p); #endif -- cgit v1.3 From c38df1077a6c1dfbca1baca049214d053e2e7684 Mon Sep 17 00:00:00 2001 From: Ben Fuhrmannek Date: Sat, 5 Feb 2022 12:23:37 +0100 Subject: added config dump/export for use with other tools --- src/snuffleupagus.c | 260 +++++++++++++++++++++++++++++++++++++++++++++++++--- 1 file changed, 249 insertions(+), 11 deletions(-) (limited to 'src') diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index caa6ba3..e8f3664 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c @@ -4,6 +4,8 @@ #include #endif +#include "zend_smart_str.h" + #include "php_snuffleupagus.h" #ifndef ZEND_EXT_API @@ -38,19 +40,10 @@ static inline void sp_op_array_handler(zend_op_array *const op) { ZEND_DECLARE_MODULE_GLOBALS(snuffleupagus) -static PHP_INI_MH(StrictMode) { - TSRMLS_FETCH(); - - SPG(allow_broken_configuration) = false; - if (new_value && zend_string_equals_literal(new_value, "1")) { - SPG(allow_broken_configuration) = true; - } - return SUCCESS; -} - PHP_INI_BEGIN() PHP_INI_ENTRY("sp.configuration_file", "", PHP_INI_SYSTEM, OnUpdateConfiguration) -PHP_INI_ENTRY("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, StrictMode) +STD_PHP_INI_BOOLEAN("sp.allow_broken_configuration", "0", PHP_INI_SYSTEM, OnUpdateBool, allow_broken_configuration, zend_snuffleupagus_globals, snuffleupagus_globals) + PHP_INI_END() ZEND_DLEXPORT zend_extension zend_extension_entry = { @@ -266,6 +259,237 @@ PHP_MINFO_FUNCTION(snuffleupagus) { DISPLAY_INI_ENTRIES(); } +#define ADD_ASSOC_ZSTR(arr, key, zstr) if (zstr) { add_assoc_str(arr, key, zstr); } else { add_assoc_null(arr, key); } +#define ADD_ASSOC_REGEXP(arr, key, regexp) if (regexp && regexp->pattern) { add_assoc_str(arr, key, regexp->pattern); } else { add_assoc_null(arr, key); } + +static void add_df_to_arr(zval *arr, sp_disabled_function *df) { + zval arr_df; + array_init(&arr_df); + + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_FILENAME, df->filename); + ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_FILENAME_REGEXP, df->r_filename); + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_FUNCTION, df->function); + ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_FUNCTION_REGEXP, df->r_function); + if (df->functions_list && df->functions_list->data) { + zval arr_fl; + array_init(&arr_fl); + for (sp_list_node *p = df->functions_list; p; p = p->next) { add_next_index_str(&arr_fl, p->data); } + add_assoc_zval(&arr_df, "function_list", &arr_fl); + } else { + add_assoc_null(&arr_df, "function_list"); + } + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_HASH, df->hash); + add_assoc_bool(&arr_df, SP_TOKEN_SIM, df->simulation); + if (df->param && df->param->value) { + add_assoc_string(&arr_df, SP_TOKEN_PARAM, df->param->value); + } else { + add_assoc_null(&arr_df, SP_TOKEN_PARAM); + } + ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_PARAM_REGEXP, df->r_param); + add_assoc_long(&arr_df, SP_TOKEN_PARAM_TYPE, df->param_type); + add_assoc_long(&arr_df, SP_TOKEN_VALUE_ARG_POS, df->pos); + add_assoc_long(&arr_df, SP_TOKEN_LINE_NUMBER, df->line); + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_RET, df->ret); + ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_RET_REGEXP, df->r_ret); + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_VALUE, df->value); + ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_VALUE_REGEXP, df->r_value); + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_KEY, df->key); + ADD_ASSOC_REGEXP(&arr_df, SP_TOKEN_KEY_REGEXP, df->r_key); + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_DUMP, df->dump); + ADD_ASSOC_ZSTR(&arr_df, SP_TOKEN_ALIAS, df->alias); + add_assoc_bool(&arr_df, "param_is_array", df->param_is_array); + add_assoc_bool(&arr_df, "var_is_array", df->var_is_array); + add_assoc_bool(&arr_df, "allow", df->allow); + // todo: properly traverse tree for .var() and .param() + // sp_tree *tr = df->var; + // for (; tr; tr = tr->next) { + // sp_log_debug("tree: %s", tr->value); + // } + + if (df->var && df->var->value) { + add_assoc_string(&arr_df, SP_TOKEN_LOCAL_VAR, df->var->value); + } else { + add_assoc_null(&arr_df, SP_TOKEN_LOCAL_VAR); + } + if (df->param && df->param->value) { + add_assoc_string(&arr_df, SP_TOKEN_PARAM, df->param->value); + } else { + add_assoc_null(&arr_df, SP_TOKEN_PARAM); + } + + if (df->cidr) { + char cidrstr[INET6_ADDRSTRLEN+5]; + if (!get_ip_str(cidrstr, sizeof(cidrstr), df->cidr)) { + add_assoc_null(&arr_df, SP_TOKEN_CIDR); + } else { + add_assoc_string(&arr_df, SP_TOKEN_CIDR, cidrstr); + } + } else { + add_assoc_null(&arr_df, SP_TOKEN_CIDR); + } + + add_next_index_zval(arr, &arr_df); +} + +static void dump_config() { + zval arr; + php_serialize_data_t var_hash; + smart_str buf = {0}; + + array_init(&arr); + add_assoc_string(&arr, "version", PHP_SNUFFLEUPAGUS_VERSION); + + add_assoc_bool(&arr, SP_TOKEN_UNSERIALIZE_HMAC "." SP_TOKEN_ENABLE, SPCFG(unserialize).enable); + add_assoc_bool(&arr, SP_TOKEN_UNSERIALIZE_HMAC "." SP_TOKEN_SIM, SPCFG(unserialize).simulation); + ADD_ASSOC_ZSTR(&arr, SP_TOKEN_UNSERIALIZE_HMAC "." SP_TOKEN_DUMP, SPCFG(unserialize).dump); + + add_assoc_bool(&arr, SP_TOKEN_HARDEN_RANDOM "." SP_TOKEN_ENABLE, SPCFG(random).enable); + + add_assoc_bool(&arr, "readonly_exec.enable", SPCFG(readonly_exec).enable); + add_assoc_bool(&arr, "readonly_exec.sim", SPCFG(readonly_exec).simulation); + ADD_ASSOC_ZSTR(&arr, SP_TOKEN_READONLY_EXEC "." SP_TOKEN_DUMP, SPCFG(readonly_exec).dump); + + add_assoc_bool(&arr, "global_strict.enable", SPCFG(global_strict).enable); + + add_assoc_bool(&arr, "upload_validation.enable", SPCFG(upload_validation).enable); + add_assoc_bool(&arr, "upload_validation.sim", SPCFG(upload_validation).simulation); + ADD_ASSOC_ZSTR(&arr, SP_TOKEN_UPLOAD_VALIDATION "." SP_TOKEN_UPLOAD_SCRIPT, SPCFG(upload_validation).script); + + // global + add_assoc_bool(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_ENCRYPTION_KEY, SPCFG(encryption_key) && ZSTR_LEN(SPCFG(encryption_key))); + ADD_ASSOC_ZSTR(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_ENV_VAR, SPCFG(cookies_env_var)); + add_assoc_long(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_LOG_MEDIA, SPCFG(log_media)); + add_assoc_long(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_MAX_EXECUTION_DEPTH, SPCFG(max_execution_depth)); + add_assoc_bool(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_SERVER_ENCODE, SPCFG(server_encode)); + add_assoc_bool(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_SERVER_STRIP, SPCFG(server_strip)); + add_assoc_bool(&arr, SP_TOKEN_GLOBAL "." SP_TOKEN_SHOW_OLD_PHP_WARNING, SPCFG(show_old_php_warning)); + + add_assoc_bool(&arr, SP_TOKEN_AUTO_COOKIE_SECURE, SPCFG(auto_cookie_secure).enable); + add_assoc_bool(&arr, SP_TOKEN_XXE_PROTECTION, SPCFG(xxe_protection).enable); + + add_assoc_bool(&arr, SP_TOKEN_EVAL_BLACKLIST "." SP_TOKEN_SIM, SPCFG(eval).simulation); + ADD_ASSOC_ZSTR(&arr, SP_TOKEN_EVAL_BLACKLIST "." SP_TOKEN_DUMP, SPCFG(eval).dump); +#define ADD_ASSOC_SPLIST(arr, key, splist) \ + if (splist) { \ + zval arr_sp; \ + array_init(&arr_sp); \ + for (sp_list_node *p = splist; p; p = p->next) { add_next_index_str(&arr_sp, p->data); } \ + add_assoc_zval(arr, key, &arr_sp); \ + } else { add_assoc_null(arr, key); } + + ADD_ASSOC_SPLIST(&arr, SP_TOKEN_EVAL_BLACKLIST "." SP_TOKEN_LIST, SPCFG(eval).blacklist); + ADD_ASSOC_SPLIST(&arr, SP_TOKEN_EVAL_WHITELIST "." SP_TOKEN_LIST, SPCFG(eval).whitelist) + + add_assoc_bool(&arr, SP_TOKEN_SESSION_ENCRYPTION "." SP_TOKEN_ENCRYPT, SPCFG(session).encrypt); + add_assoc_bool(&arr, SP_TOKEN_SESSION_ENCRYPTION "." SP_TOKEN_SIM, SPCFG(session).simulation); + + add_assoc_long(&arr, SP_TOKEN_SESSION_ENCRYPTION "." SP_TOKEN_SID_MIN_LENGTH, SPCFG(session).sid_min_length); + add_assoc_long(&arr, SP_TOKEN_SESSION_ENCRYPTION "." SP_TOKEN_SID_MAX_LENGTH, SPCFG(session).sid_max_length); + add_assoc_bool(&arr, SP_TOKEN_SLOPPY_COMPARISON "." SP_TOKEN_ENABLE, SPCFG(sloppy).enable); + + ADD_ASSOC_SPLIST(&arr, SP_TOKEN_ALLOW_WRAPPERS, SPCFG(wrapper).whitelist); + + add_assoc_bool(&arr, SP_TOKEN_INI_PROTECTION "." SP_TOKEN_ENABLE, SPCFG(ini).enable); + add_assoc_bool(&arr, SP_TOKEN_INI_PROTECTION "." SP_TOKEN_SIM, SPCFG(ini).simulation); + add_assoc_bool(&arr, SP_TOKEN_INI_PROTECTION "." "policy_ro", SPCFG(ini).policy_readonly); + add_assoc_bool(&arr, SP_TOKEN_INI_PROTECTION "." "policy_silent_ro", SPCFG(ini).policy_silent_ro); + add_assoc_bool(&arr, SP_TOKEN_INI_PROTECTION "." "policy_silent_fail", SPCFG(ini).policy_silent_fail); + add_assoc_bool(&arr, SP_TOKEN_INI_PROTECTION "." "policy_drop", SPCFG(ini).policy_drop); + + if (SPCFG(ini).entries && zend_hash_num_elements(SPCFG(ini).entries) > 0) { + zval arr_ini; + array_init(&arr_ini); + + sp_ini_entry *sp_entry; + ZEND_HASH_FOREACH_PTR(SPCFG(ini).entries, sp_entry) + zval arr_ini_entry; + array_init(&arr_ini_entry); + add_assoc_bool(&arr_ini_entry, SP_TOKEN_SIM, sp_entry->simulation); + ADD_ASSOC_ZSTR(&arr_ini_entry, SP_TOKEN_KEY, sp_entry->key); + ADD_ASSOC_ZSTR(&arr_ini_entry, "msg", sp_entry->msg); + ADD_ASSOC_ZSTR(&arr_ini_entry, "set", sp_entry->set); + ADD_ASSOC_ZSTR(&arr_ini_entry, "min", sp_entry->min); + ADD_ASSOC_ZSTR(&arr_ini_entry, "max", sp_entry->max); + add_assoc_long(&arr_ini_entry, "access", sp_entry->access); + add_assoc_bool(&arr_ini_entry, "drop", sp_entry->drop); + add_assoc_bool(&arr_ini_entry, "allow_null", sp_entry->allow_null); + ADD_ASSOC_REGEXP(&arr_ini_entry, "regexp", sp_entry->regexp); + add_next_index_zval(&arr_ini, &arr_ini_entry); + ZEND_HASH_FOREACH_END(); + add_assoc_zval(&arr, SP_TOKEN_INI, &arr_ini); + } else { + add_assoc_null(&arr, SP_TOKEN_INI); + } + + if (SPCFG(cookie).cookies && SPCFG(cookie).cookies->data) { + zval arr_cookies; + array_init(&arr_cookies); + + sp_cookie *cookie; + sp_list_node *p = SPCFG(cookie).cookies; + for (; p; p = p->next) { + zval arr_cookie; + array_init(&arr_cookie); + cookie = (sp_cookie*)p->data; + + add_assoc_long(&arr_cookie, SP_TOKEN_SAMESITE, cookie->samesite); + add_assoc_bool(&arr_cookie, SP_TOKEN_ENCRYPT, cookie->encrypt); + ADD_ASSOC_ZSTR(&arr_cookie, SP_TOKEN_NAME, cookie->name); + ADD_ASSOC_REGEXP(&arr_cookie, SP_TOKEN_NAME_REGEXP, cookie->name_r); + add_assoc_bool(&arr_cookie, SP_TOKEN_SIM, cookie->simulation); + + add_next_index_zval(&arr_cookies, &arr_cookie); + } + + add_assoc_zval(&arr, SP_TOKEN_COOKIE_ENCRYPTION, &arr_cookies); + } else { + add_assoc_null(&arr, SP_TOKEN_COOKIE_ENCRYPTION); + } + + // disabled_functions + zval arr_dfs; + array_init(&arr_dfs); + size_t num_df = 0; + sp_list_node *dflist, *dfp; + ZEND_HASH_FOREACH_PTR(SPCFG(disabled_functions), dflist) + for (dfp = dflist; dfp; dfp = dfp->next) { + add_df_to_arr(&arr_dfs, dfp->data); + num_df++; + } + ZEND_HASH_FOREACH_END(); + ZEND_HASH_FOREACH_PTR(SPCFG(disabled_functions_ret), dflist) + for (dfp = dflist; dfp; dfp = dfp->next) { + add_df_to_arr(&arr_dfs, dfp->data); + num_df++; + } + ZEND_HASH_FOREACH_END(); + for (dfp = SPCFG(disabled_functions_reg).disabled_functions; dfp; dfp = dfp->next) { + add_df_to_arr(&arr_dfs, dfp->data); + num_df++; + } + for (dfp = SPCFG(disabled_functions_reg_ret).disabled_functions; dfp; dfp = dfp->next) { + add_df_to_arr(&arr_dfs, dfp->data); + num_df++; + } + + if (num_df) { + add_assoc_zval(&arr, SP_TOKEN_DISABLE_FUNC, &arr_dfs); + } else { + add_assoc_null(&arr, SP_TOKEN_DISABLE_FUNC); + } + + // serialize and print array + PHP_VAR_SERIALIZE_INIT(var_hash); + php_var_serialize(&buf, &arr, &var_hash); + PHP_VAR_SERIALIZE_DESTROY(var_hash); + + printf("%s", ZSTR_VAL(buf.s)); + sp_log_debug("--"); + + smart_str_free(&buf); + +} + static PHP_INI_MH(OnUpdateConfiguration) { sp_log_debug("(OnUpdateConfiguration)"); @@ -304,6 +528,20 @@ static PHP_INI_MH(OnUpdateConfiguration) { SPG(is_config_valid) = SP_CONFIG_VALID; + // dump config + sp_log_debug("module name? %s", sapi_module.name); + if (getenv("SP_DUMP_CONFIG")) { + sp_log_debug("env? %s", getenv("SP_DUMP_CONFIG")); + } + + if (strcmp(sapi_module.name, "cli") == 0 && getenv("SP_DUMP_CONFIG")) { + dump_config(); + return SUCCESS; + } + + + // start hooks + if (SPCFG(sloppy).enable) { hook_sloppy(); } -- cgit v1.3