From e7f541396715ee2895abcf73044b91ae9b746201 Mon Sep 17 00:00:00 2001 From: xXx-caillou-xXx Date: Wed, 20 Dec 2017 18:09:53 +0100 Subject: Better parsing of the rules Thanks to this huge commit from @xXx-caillou-xXx, we can now write amazingly flexible rules.--- src/config.m4 | 2 +- src/php_snuffleupagus.h | 1 + src/sp_config.c | 4 + src/sp_config.h | 9 +- src/sp_config_keywords.c | 45 ++-- src/sp_config_utils.c | 44 ---- src/sp_cookie_encryption.c | 4 +- src/sp_disabled_functions.c | 140 ++++++------ src/sp_list.c | 28 +++ src/sp_list.h | 1 + src/sp_tree.c | 20 ++ src/sp_upload_validation.c | 4 +- src/sp_utils.c | 84 +++---- src/sp_utils.h | 6 +- src/sp_var_parser.c | 247 +++++++++++++++++++++ src/sp_var_parser.h | 51 +++++ src/sp_var_value.c | 226 +++++++++++++++++++ src/tests/broken_conf_key_value.phpt | 9 + src/tests/broken_conf_local_var_1.phpt | 10 + src/tests/broken_conf_local_var_10.phpt | 10 + src/tests/broken_conf_local_var_11.phpt | 10 + src/tests/broken_conf_local_var_12.phpt | 9 + src/tests/broken_conf_local_var_13.phpt | 10 + src/tests/broken_conf_local_var_14.phpt | 10 + src/tests/broken_conf_local_var_2.phpt | 10 + src/tests/broken_conf_local_var_3.phpt | 10 + src/tests/broken_conf_local_var_4.phpt | 10 + src/tests/broken_conf_local_var_5.phpt | 10 + src/tests/broken_conf_local_var_6.phpt | 10 + src/tests/broken_conf_local_var_7.phpt | 10 + src/tests/broken_conf_local_var_8.phpt | 10 + src/tests/broken_conf_local_var_9.phpt | 10 + src/tests/config/broken_conf_key_value.ini | 1 + src/tests/config/broken_conf_local_var_1.ini | 1 + src/tests/config/broken_conf_local_var_10.ini | 1 + src/tests/config/broken_conf_local_var_11.ini | 1 + src/tests/config/broken_conf_local_var_12.ini | 1 + src/tests/config/broken_conf_local_var_13.ini | 1 + src/tests/config/broken_conf_local_var_14.ini | 1 + src/tests/config/broken_conf_local_var_2.ini | 1 + src/tests/config/broken_conf_local_var_3.ini | 1 + src/tests/config/broken_conf_local_var_4.ini | 1 + src/tests/config/broken_conf_local_var_5.ini | 1 + src/tests/config/broken_conf_local_var_6.ini | 1 + src/tests/config/broken_conf_local_var_7.ini | 1 + src/tests/config/broken_conf_local_var_8.ini | 1 + src/tests/config/broken_conf_local_var_9.ini | 1 + .../config_disabled_functions_local_var_array.ini | 1 + ...nfig_disabled_functions_local_var_array_key.ini | 1 + .../config/config_disabled_functions_name_type.ini | 2 +- .../config/config_disabled_functions_nul_byte.ini | 2 +- .../config/config_disabled_functions_param.ini | 12 +- .../config_disabled_functions_param_allow.ini | 4 +- .../config_disabled_functions_param_array.ini | 11 +- .../config/config_disabled_functions_param_int.ini | 4 +- .../config_disabled_functions_param_r_array.ini | 2 + .../config_disabled_functions_param_runtime.ini | 2 +- src/tests/config/disabled_function_local_var.ini | 12 +- src/tests/config/disabled_function_local_var_2.ini | 1 + .../config/disabled_function_local_var_obj.ini | 3 + .../config/disabled_function_super_global_var.ini | 2 +- src/tests/config/disabled_functions_pos.ini | 1 + src/tests/disabled_function_local_var_10.phpt | 44 ++++ src/tests/disabled_function_local_var_2.phpt | 46 ++++ src/tests/disabled_function_local_var_3.phpt | 45 ++++ src/tests/disabled_function_local_var_4.phpt | 56 +++++ src/tests/disabled_function_local_var_5.phpt | 33 +++ src/tests/disabled_function_local_var_6.phpt | 31 +++ src/tests/disabled_function_local_var_7.phpt | 31 +++ src/tests/disabled_function_local_var_8.phpt | 20 ++ src/tests/disabled_function_local_var_9.phpt | 20 ++ src/tests/disabled_function_local_var_obj.phpt | 25 +++ src/tests/disabled_functions_local_var_array.phpt | 20 ++ .../disabled_functions_local_var_array_key.phpt | 20 ++ src/tests/disabled_functions_name_type.phpt | 2 +- src/tests/disabled_functions_nul_byte.phpt | 2 +- src/tests/disabled_functions_param.phpt | 2 +- src/tests/disabled_functions_param_array.phpt | 2 +- .../disabled_functions_param_array_deref.phpt | 2 +- .../disabled_functions_param_array_no_value.phpt | 2 +- src/tests/disabled_functions_param_array_r.phpt | 20 ++ .../disabled_functions_param_array_r_keys.phpt | 20 ++ ...abled_functions_param_array_several_levels.phpt | 2 +- ...d_functions_param_array_several_levels_int.phpt | 20 ++ ..._functions_param_array_several_levels_keys.phpt | 20 ++ ...ctions_param_array_several_levels_keys_int.phpt | 20 ++ src/tests/disabled_functions_param_int.phpt | 2 +- src/tests/disabled_functions_pos_type.phpt | 14 ++ src/tests/disabled_functions_runtime.phpt | 2 +- 89 files changed, 1441 insertions(+), 221 deletions(-) create mode 100644 src/sp_tree.c create mode 100644 src/sp_var_parser.c create mode 100644 src/sp_var_parser.h create mode 100644 src/sp_var_value.c create mode 100644 src/tests/broken_conf_key_value.phpt create mode 100644 src/tests/broken_conf_local_var_1.phpt create mode 100644 src/tests/broken_conf_local_var_10.phpt create mode 100644 src/tests/broken_conf_local_var_11.phpt create mode 100644 src/tests/broken_conf_local_var_12.phpt create mode 100644 src/tests/broken_conf_local_var_13.phpt create mode 100644 src/tests/broken_conf_local_var_14.phpt create mode 100644 src/tests/broken_conf_local_var_2.phpt create mode 100644 src/tests/broken_conf_local_var_3.phpt create mode 100644 src/tests/broken_conf_local_var_4.phpt create mode 100644 src/tests/broken_conf_local_var_5.phpt create mode 100644 src/tests/broken_conf_local_var_6.phpt create mode 100644 src/tests/broken_conf_local_var_7.phpt create mode 100644 src/tests/broken_conf_local_var_8.phpt create mode 100644 src/tests/broken_conf_local_var_9.phpt create mode 100644 src/tests/config/broken_conf_key_value.ini create mode 100644 src/tests/config/broken_conf_local_var_1.ini create mode 100644 src/tests/config/broken_conf_local_var_10.ini create mode 100644 src/tests/config/broken_conf_local_var_11.ini create mode 100644 src/tests/config/broken_conf_local_var_12.ini create mode 100644 src/tests/config/broken_conf_local_var_13.ini create mode 100644 src/tests/config/broken_conf_local_var_14.ini create mode 100644 src/tests/config/broken_conf_local_var_2.ini create mode 100644 src/tests/config/broken_conf_local_var_3.ini create mode 100644 src/tests/config/broken_conf_local_var_4.ini create mode 100644 src/tests/config/broken_conf_local_var_5.ini create mode 100644 src/tests/config/broken_conf_local_var_6.ini create mode 100644 src/tests/config/broken_conf_local_var_7.ini create mode 100644 src/tests/config/broken_conf_local_var_8.ini create mode 100644 src/tests/config/broken_conf_local_var_9.ini create mode 100644 src/tests/config/config_disabled_functions_local_var_array.ini create mode 100644 src/tests/config/config_disabled_functions_local_var_array_key.ini create mode 100644 src/tests/config/config_disabled_functions_param_r_array.ini create mode 100644 src/tests/config/disabled_function_local_var_2.ini create mode 100644 src/tests/config/disabled_function_local_var_obj.ini create mode 100644 src/tests/disabled_function_local_var_10.phpt create mode 100644 src/tests/disabled_function_local_var_2.phpt create mode 100644 src/tests/disabled_function_local_var_3.phpt create mode 100644 src/tests/disabled_function_local_var_4.phpt create mode 100644 src/tests/disabled_function_local_var_5.phpt create mode 100644 src/tests/disabled_function_local_var_6.phpt create mode 100644 src/tests/disabled_function_local_var_7.phpt create mode 100644 src/tests/disabled_function_local_var_8.phpt create mode 100644 src/tests/disabled_function_local_var_9.phpt create mode 100644 src/tests/disabled_function_local_var_obj.phpt create mode 100644 src/tests/disabled_functions_local_var_array.phpt create mode 100644 src/tests/disabled_functions_local_var_array_key.phpt create mode 100644 src/tests/disabled_functions_param_array_r.phpt create mode 100644 src/tests/disabled_functions_param_array_r_keys.phpt create mode 100644 src/tests/disabled_functions_param_array_several_levels_int.phpt create mode 100644 src/tests/disabled_functions_param_array_several_levels_keys.phpt create mode 100644 src/tests/disabled_functions_param_array_several_levels_keys_int.phpt create mode 100644 src/tests/disabled_functions_pos_type.phpt (limited to 'src') diff --git a/src/config.m4 b/src/config.m4 index 8fa22c5..b2c6ed5 100644 --- a/src/config.m4 +++ b/src/config.m4 @@ -5,7 +5,7 @@ sources="snuffleupagus.c sp_config.c sp_config_utils.c sp_harden_rand.c" sources="$sources sp_unserialize.c sp_utils.c sp_disable_xxe.c sp_list.c" sources="$sources sp_disabled_functions.c sp_execute.c sp_upload_validation.c" sources="$sources sp_cookie_encryption.c sp_network_utils.c tweetnacl.c" -sources="$sources sp_config_keywords.c" +sources="$sources sp_config_keywords.c sp_var_parser.c sp_var_value.c sp_tree.c" PHP_ARG_ENABLE(snuffleupagus, whether to enable snuffleupagus support, [ --enable-snuffleupagus Enable snuffleupagus support]) diff --git a/src/php_snuffleupagus.h b/src/php_snuffleupagus.h index 2ad412d..bccf998 100644 --- a/src/php_snuffleupagus.h +++ b/src/php_snuffleupagus.h @@ -26,6 +26,7 @@ #include "zend_extensions.h" #include "sp_list.h" +#include "sp_var_parser.h" #include "sp_config.h" #include "sp_config_utils.h" #include "sp_config_keywords.h" diff --git a/src/sp_config.c b/src/sp_config.c index 2432cc4..bed81bc 100644 --- a/src/sp_config.c +++ b/src/sp_config.c @@ -189,6 +189,10 @@ void sp_disabled_function_list_free(sp_node_t* list) { sp_disabled_function* df = cursor->data; if (df && df->functions_list) sp_list_free(df->functions_list); + if (df) { + sp_tree_free(df->param); + sp_tree_free(df->var); + } cursor = cursor->next; } } diff --git a/src/sp_config.h b/src/sp_config.h index 8ef62a2..127c557 100644 --- a/src/sp_config.h +++ b/src/sp_config.h @@ -78,7 +78,7 @@ typedef struct { char *hash; int simulation; - char *param; + sp_tree *param; pcre *r_param; sp_php_type param_type; int pos; @@ -91,6 +91,9 @@ typedef struct { pcre *value_r; char *value; + pcre *r_key; + char *key; + char *dump; char *alias; bool param_is_array; @@ -100,7 +103,7 @@ typedef struct { bool allow; - char *var; + sp_tree *var; sp_cidr *cidr; } sp_disabled_function; @@ -193,6 +196,8 @@ typedef struct { #define SP_TOKEN_RET_TYPE ".ret_type(" #define SP_TOKEN_VALUE ".value(" #define SP_TOKEN_VALUE_REGEXP ".value_r(" +#define SP_TOKEN_KEY ".key(" +#define SP_TOKEN_KEY_REGEXP ".key_r(" #define SP_TOKEN_VALUE_ARG_POS ".pos(" #define SP_TOKEN_LINE_NUMBER ".line(" diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index dd9a880..2d294ee 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c @@ -178,7 +178,7 @@ int parse_cookie(char *line) { int parse_disabled_functions(char *line) { int ret = 0; bool enable = true, disable = false, allow = false, drop = false; - char *pos = NULL; + char *pos = NULL, *var = NULL, *param = NULL; char *line_number = NULL; sp_disabled_function *df = pecalloc(sizeof(*df), 1, 1); df->pos = -1; @@ -196,16 +196,18 @@ int parse_disabled_functions(char *line) { {parse_empty, SP_TOKEN_ALLOW, &(allow)}, {parse_empty, SP_TOKEN_DROP, &(drop)}, {parse_str, SP_TOKEN_HASH, &(df->hash)}, - {parse_str, SP_TOKEN_PARAM, &(df->param)}, + {parse_str, SP_TOKEN_PARAM, &(param)}, {parse_regexp, SP_TOKEN_VALUE_REGEXP, &(df->value_r)}, {parse_str, SP_TOKEN_VALUE, &(df->value)}, + {parse_str, SP_TOKEN_KEY, &(df->key)}, + {parse_regexp, SP_TOKEN_KEY_REGEXP, &(df->r_key)}, {parse_regexp, SP_TOKEN_PARAM_REGEXP, &(df->r_param)}, {parse_php_type, SP_TOKEN_PARAM_TYPE, &(df->param_type)}, {parse_str, SP_TOKEN_RET, &(df->ret)}, {parse_cidr, SP_TOKEN_CIDR, &(df->cidr)}, {parse_regexp, SP_TOKEN_RET_REGEXP, &(df->r_ret)}, {parse_php_type, SP_TOKEN_RET_TYPE, &(df->ret_type)}, - {parse_str, SP_TOKEN_LOCAL_VAR, &(df->var)}, + {parse_str, SP_TOKEN_LOCAL_VAR, &(var)}, {parse_str, SP_TOKEN_VALUE_ARG_POS, &(pos)}, {parse_str, SP_TOKEN_LINE_NUMBER, &(line_number)}, {0}}; @@ -229,9 +231,10 @@ int parse_disabled_functions(char *line) { MUTUALLY_EXCLUSIVE(df->r_function, df->function, "r_function", "function"); MUTUALLY_EXCLUSIVE(df->filename, df->r_filename, "r_filename", "filename"); MUTUALLY_EXCLUSIVE(df->ret, df->r_ret, "r_ret", "ret"); + MUTUALLY_EXCLUSIVE(df->key, df->r_key, "r_key", "key"); #undef MUTUALLY_EXCLUSIVE - if (1 < ((df->r_param ? 1 : 0) + (df->param ? 1 : 0) + + if (1 < ((df->r_param ? 1 : 0) + (param ? 1 : 0) + ((-1 != df->pos) ? 1 : 0))) { sp_log_err( "config", @@ -239,7 +242,13 @@ int parse_disabled_functions(char *line) { "'.r_param', '.param' and '.pos' are mutually exclusive on line %zu.", line, sp_line_no); return -1; - } else if ((df->r_ret || df->ret) && (df->r_param || df->param)) { + } else if ((df->r_key || df->key) && (df->value_r || df->value)) { + sp_log_err("config", + "Invalid configuration line: 'sp.disabled_functions%s':" + "`key` and `value` are mutually exclusive on line %zu.", + line, sp_line_no); + return -1; + } else if ((df->r_ret || df->ret) && (df->r_param || param)) { sp_log_err("config", "Invalid configuration line: 'sp.disabled_functions%s':" "`ret` and `param` are mutually exclusive on line %zu.", @@ -293,22 +302,28 @@ int parse_disabled_functions(char *line) { df->functions_list = parse_functions_list(df->function); } - if (df->param && strchr(df->param, '[')) { // assume that this is an array - df->param_array_keys = sp_list_new(); - if (0 != array_to_list(&df->param, &df->param_array_keys)) { - pefree(df->param_array_keys, 1); + if (param) { + df->param = parse_var(param); + if (!df->param) { + sp_log_err("config", "Invalid value '%s' for `param` on line %zu.", + param, sp_line_no); return -1; } - df->param_is_array = 1; } - if (df->var && strchr(df->var, '[')) { // assume that this is an array - df->var_array_keys = sp_list_new(); - if (0 != array_to_list(&df->var, &df->var_array_keys)) { - pefree(df->var_array_keys, 1); + if (var) { + if (*var) { + df->var = parse_var(var); + if (!df->var) { + sp_log_err("config", "Invalid value '%s' for `var` on line %zu.", + var, sp_line_no); + return -1; + } + } else { + sp_log_err("config", "Empty value in `var` on line %zu.", + sp_line_no); return -1; } - df->var_is_array = 1; } switch (get_construct_type(df)) { diff --git a/src/sp_config_utils.c b/src/sp_config_utils.c index 1a797e5..ddd2e05 100644 --- a/src/sp_config_utils.c +++ b/src/sp_config_utils.c @@ -133,50 +133,6 @@ char *get_param(size_t *consumed, char *restrict line, sp_type type, return NULL; } -// FIXME this is leaking like hell @blotus -int array_to_list(char **name_ptr, sp_node_t **keys) { - int in_key = 0; - size_t i = 0; - char *name = *name_ptr; - char *key_name = ecalloc(strlen(name) + 1, 1); // im way too lazy for - // now - char *tmp = ecalloc(strlen(name) + 1, 1); - - for (i = 0; name[i] != '['; i++) { - tmp[i] = name[i]; - } - tmp[i] = 0; - - for (size_t j = 0; name[i]; i++) { - const char c = name[i]; - if (c == '[') { - if (in_key == 0) { - in_key = 1; - } else { - efree(key_name); - return -1; - } - } else if (c == ']') { - if (in_key == 0) { - efree(key_name); - return -1; - } else { - in_key = 0; - j = 0; - sp_list_insert(*keys, pestrdup(key_name, 1)); - memset(key_name, 0, strlen(name) + 1); - } - } else if (in_key == 1) { - key_name[j] = c; - j++; - } - } - efree(key_name); - *name_ptr = pestrdup(tmp, 1); - return in_key; -} - - zend_always_inline sp_node_t *parse_functions_list(char *value) { const char *sep = ">"; diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index b7050da..c749040 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c @@ -8,9 +8,9 @@ static zend_long nonce_d = 0; static inline void generate_key(unsigned char *key) { PHP_SHA256_CTX ctx; - const char *user_agent = sp_getenv("HTTP_USER_AGENT"); + const char *user_agent = getenv("HTTP_USER_AGENT"); const char *env_var = - sp_getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); + getenv(SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var); const char *encryption_key = SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key; diff --git a/src/sp_disabled_functions.c b/src/sp_disabled_functions.c index 6c180aa..c7974ff 100644 --- a/src/sp_disabled_functions.c +++ b/src/sp_disabled_functions.c @@ -64,43 +64,30 @@ end: static bool is_local_var_matching( zend_execute_data* execute_data, const sp_disabled_function* const config_node) { - zend_execute_data* orig_execute_data = execute_data; - - /*because execute_data points to hooked function data, - which we dont care about */ - zend_execute_data* current = execute_data->prev_execute_data; - zval* value = NULL; - - while (current) { - zend_string* key = NULL; - EG(current_execute_data) = current; - zend_array* symtable = zend_rebuild_symbol_table(); - ZEND_HASH_FOREACH_STR_KEY_VAL(symtable, key, value) { - if (0 == strcmp(config_node->var, key->val)) { // is the var name right? - if (Z_TYPE_P(value) == IS_INDIRECT) { - value = Z_INDIRECT_P(value); - } - if (Z_TYPE_P(value) != IS_ARRAY) { - char* var_value_str = sp_convert_to_string(value); - if (true == sp_match_value(var_value_str, config_node->value, - config_node->value_r)) { - efree(var_value_str); - EG(current_execute_data) = orig_execute_data; - return true; - } - efree(var_value_str); - } else { - EG(current_execute_data) = orig_execute_data; - return sp_match_array_key_recurse(value, config_node->var_array_keys, - config_node->value, NULL); - } + zval *var_value; + + var_value = get_value(execute_data, config_node->var, false); + if (var_value) { + char *var_value_str = sp_convert_to_string(var_value); + if (Z_TYPE_P(var_value) == IS_ARRAY) { + if (config_node->key || config_node->r_key) { + if (sp_match_array_key(var_value, config_node->key, + config_node->r_key)) { + efree(var_value_str); + return true; + } + } else if (sp_match_array_value(var_value, config_node->value, + config_node->value_r)) { + efree(var_value_str); + return true; } + } else if (sp_match_value(var_value_str, config_node->value, + config_node->value_r)) { + efree(var_value_str); + return true; } - ZEND_HASH_FOREACH_END(); - current = current->prev_execute_data; + efree(var_value_str); } - - EG(current_execute_data) = orig_execute_data; return false; } @@ -128,6 +115,7 @@ static bool is_param_matching(zend_execute_data* execute_data, const char** arg_value_str) { int nb_param = execute_data->func->common.num_args; int i = 0; + zval *arg_value; if (config_node->pos != -1) { if (config_node->pos <= nb_param) { @@ -154,7 +142,7 @@ static bool is_param_matching(zend_execute_data* execute_data, *arg_value_str = builtin_param; return sp_match_value(builtin_param, config_node->value, config_node->value_r); - } else { + } else if (config_node->r_param || config_node->pos != -1) { // We're matching on a function (and not a language construct) for (; i < nb_param; i++) { if (ZEND_USER_CODE(execute_data->func->type)) { // yay consistency @@ -162,49 +150,63 @@ static bool is_param_matching(zend_execute_data* execute_data, } else { *arg_name = execute_data->func->internal_function.arg_info[i].name; } - - const bool arg_matching = - config_node->param && (0 == strcmp(*arg_name, config_node->param)); - const bool pcre_matching = - config_node->r_param && - (true == is_regexp_matching(config_node->r_param, *arg_name)); + const bool pcre_matching = config_node->r_param + && (true == is_regexp_matching(config_node->r_param, *arg_name)); /* This is the parameter name we're looking for. */ - if (true == arg_matching || true == pcre_matching || - (config_node->pos != -1)) { - zval* arg_value = ZEND_CALL_VAR_NUM(execute_data, i); + if (true == pcre_matching || config_node->pos != -1) { + arg_value = ZEND_CALL_VAR_NUM(execute_data, i); if (config_node->param_type) { // Are we matching on the `type`? if (config_node->param_type == Z_TYPE_P(arg_value)) { - return true; - } - } else if (Z_TYPE_P(arg_value) == IS_ARRAY) { - *arg_value_str = estrdup("Array"); - // match on arr -> match on all key content, if a key is an array, - // ignore it - // match on arr[foo] -> match only on key foo, if the key is an - // array, match on all keys content - if (config_node->param_is_array == true) { - if (true == sp_match_array_key_recurse( - arg_value, config_node->param_array_keys, - config_node->value, config_node->value_r)) { - return true; - } - } else { // match on all keys, but don't go into subarray - if (true == sp_match_array_key(arg_value, config_node->value, - config_node->value_r)) { - return true; - } - } - } else { - *arg_value_str = sp_convert_to_string(arg_value); - if (true == sp_match_value(*arg_value_str, config_node->value, - config_node->value_r)) { + return true; + } + } else if (Z_TYPE_P(arg_value) == IS_ARRAY) { + *arg_value_str = sp_convert_to_string(arg_value); + if (config_node->key || config_node->r_key) { + if (sp_match_array_key(arg_value, config_node->key, + config_node->r_key)) { + return true; + } + } else if (sp_match_array_value(arg_value, config_node->value, + config_node->value_r)) { + return true; + } + } else { + *arg_value_str = sp_convert_to_string(arg_value); + if (sp_match_value(*arg_value_str, config_node->value, + config_node->value_r)) { return true; } } } } + } else if (config_node->param) { + *arg_name = config_node->param->value; + arg_value = get_value(execute_data, config_node->param, true); + + if (arg_value) { + *arg_value_str = sp_convert_to_string(arg_value); + if (config_node->param_type) { // Are we matching on the `type`? + if (config_node->param_type + && config_node->param_type == Z_TYPE_P(arg_value)) { + return true; + } + } else if (Z_TYPE_P(arg_value) == IS_ARRAY) { + if (config_node->key || config_node->r_key) { + if (sp_match_array_key(arg_value, config_node->key, + config_node->r_key)) { + return true; + } + } else if (sp_match_array_value(arg_value, config_node->value, + config_node->value_r)) { + return true; + } + } else if (sp_match_value(*arg_value_str, config_node->value, + config_node->value_r)) { + return true; + } + } } return false; } @@ -214,7 +216,7 @@ bool should_disable(zend_execute_data* execute_data, const char* builtin_name, char current_file_hash[SHA256_SIZE * 2 + 1] = {0}; const sp_node_t* config = get_config_node(builtin_name); char* complete_path_function = get_complete_function_path(execute_data); - char const* client_ip = sp_getenv("REMOTE_ADDR"); + char const* client_ip = getenv("REMOTE_ADDR"); const char* current_filename; if (!config || !config->data) { diff --git a/src/sp_list.c b/src/sp_list.c index c671f51..70d0ebe 100644 --- a/src/sp_list.c +++ b/src/sp_list.c @@ -17,6 +17,34 @@ sp_node_t *sp_list_new() { return new; } +// Thanks to https://en.wikipedia.org/wiki/Insertion_sort :> +sp_node_t *sp_list_sort(sp_node_t *pList, int (*cmp_func)(sp_node_t *, sp_node_t *)) { + sp_node_t *head = NULL; + + if (pList == NULL || pList->next == NULL) { + return pList; + } + while (pList != NULL) { + sp_node_t *current = pList; + pList = pList->next; + if (head == NULL || 0 > cmp_func(current, head)) { + current->next = head; + head = current; + } else { + sp_node_t *p = head; + while (p != NULL) { + if (p->next == NULL || 0 > cmp_func(current, p->next)) { + current->next = p->next; + p->next = current; + break; + } + p = p->next; + } + } + } + return head; +} + void sp_list_insert(sp_node_t *list, void *data) { if (list->head == NULL) { list->data = data; diff --git a/src/sp_list.h b/src/sp_list.h index dda139f..7878f78 100644 --- a/src/sp_list.h +++ b/src/sp_list.h @@ -9,6 +9,7 @@ typedef struct sp_node_s { } sp_node_t; sp_node_t *sp_list_new(); +sp_node_t *sp_list_sort(sp_node_t *, int (*)(sp_node_t *, sp_node_t *)); void sp_list_insert(sp_node_t *, void *); void sp_list_free(sp_node_t *); void sp_list_prepend(sp_node_t *, void *); diff --git a/src/sp_tree.c b/src/sp_tree.c new file mode 100644 index 0000000..328a919 --- /dev/null +++ b/src/sp_tree.c @@ -0,0 +1,20 @@ +#include "php_snuffleupagus.h" + +void sp_tree_free(sp_tree *tree) { + while (tree) { + sp_tree *tmp; + pefree(tree->value, 1); + sp_tree_free(tree->idx); + tmp = tree; + tree = tree->next; + pefree(tmp, 1); + } +} + +sp_tree *sp_tree_new() { + sp_tree *new = pecalloc(sizeof(sp_tree), 1, 1); + new->next = new->idx = NULL; + new->value = NULL; + new->type = 0; + return new; +} diff --git a/src/sp_upload_validation.c b/src/sp_upload_validation.c index 731a737..0010984 100644 --- a/src/sp_upload_validation.c +++ b/src/sp_upload_validation.c @@ -51,7 +51,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { cmd[2] = NULL; spprintf(&env[0], 0, "SP_FILENAME=%s", filename); - spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", sp_getenv("REMOTE_ADDR")); + spprintf(&env[1], 0, "SP_REMOTE_ADDR=%s", getenv("REMOTE_ADDR")); spprintf(&env[2], 0, "SP_CURRENT_FILE=%s", zend_get_executed_filename(TSRMLS_C)); spprintf(&env[3], 0, "SP_FILESIZE=%zu", filesize); @@ -77,7 +77,7 @@ int sp_rfc1867_callback(unsigned int event, void *event_data, void **extra) { int waitstatus; wait(&waitstatus); if (WEXITSTATUS(waitstatus) != 0) { // Nope - char *uri = sp_getenv("REQUEST_URI"); + char *uri = getenv("REQUEST_URI"); int sim = SNUFFLEUPAGUS_G(config).config_upload_validation->simulation; sp_log_msg("upload_validation", sim?SP_LOG_SIMULATION:SP_LOG_DROP, "The upload of %s on %s was rejected.", filename, uri?uri:"?"); diff --git a/src/sp_utils.c b/src/sp_utils.c index 1ed770b..3fe2e44 100644 --- a/src/sp_utils.c +++ b/src/sp_utils.c @@ -25,20 +25,11 @@ void sp_log_msg(char const *feature, char const *level, const char* fmt, ...) { vspprintf(&msg, 0, fmt, args); va_end(args); - char const * const client_ip = sp_getenv("REMOTE_ADDR"); + char const * const client_ip = getenv("REMOTE_ADDR"); _sp_log_err("[snuffleupagus][%s][%s][%s] %s", client_ip?client_ip:"0.0.0.0", feature, level, msg); } - -zend_always_inline char* sp_getenv(char* var) { - if (sapi_module.getenv) { - return sapi_module.getenv(ZEND_STRL(var)); - } else { - return getenv(var); - } -} - zend_always_inline int is_regexp_matching(const pcre* regexp, const char* str) { int vec[30]; int ret = 0; @@ -278,63 +269,50 @@ void sp_log_disable_ret(const char* restrict path, } } -int sp_match_array_key(const zval* zv, const char* to_match, const pcre* rx) { +bool sp_match_array_key(const zval* zv, const char* to_match, const pcre* rx) { zend_string* key; - zval* value; - char* arg_value_str; + zend_ulong idx; - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(zv), key, value) { - if (Z_TYPE_P(value) == IS_ARRAY) { - continue; - } - arg_value_str = sp_convert_to_string(value); - if (!sp_match_value(arg_value_str, to_match, rx)) { - efree(arg_value_str); - continue; + ZEND_HASH_FOREACH_KEY(Z_ARRVAL_P(zv), idx, key) { + if (key) { + if (sp_match_value(ZSTR_VAL(key), to_match, rx)) { + return true; + } } else { - efree(arg_value_str); - return 1; + char *idx_str = NULL; + + // Could use a log. + idx_str = emalloc(snprintf(NULL, 0, "%lu", idx)); + sprintf(idx_str, "%lu", idx); + if (sp_match_value(idx_str, to_match, rx)) { + efree(idx_str); + return true; + } + efree(idx_str); } } ZEND_HASH_FOREACH_END(); - - (void)key; // silence a compiler warning - - return 0; + return false; } -int sp_match_array_key_recurse(const zval* arr, sp_node_t* keys, - const char* to_match, const pcre* rx) { - zend_string* key; +bool sp_match_array_value(const zval* arr, const char* to_match, const pcre* rx) { zval* value; - sp_node_t* current = keys; - if (current == NULL) { - return 0; - } - ZEND_HASH_FOREACH_STR_KEY_VAL(Z_ARRVAL_P(arr), key, value) { - if (Z_TYPE_P(value) == IS_ARRAY && !strcmp(ZSTR_VAL(key), current->data)) { - return sp_match_array_key_recurse(value, current->next, to_match, rx); - } - if (!strcmp(ZSTR_VAL(key), current->data) && current->next == NULL) { - if (!to_match && !rx) { - return 1; - } - if (Z_TYPE_P(value) == IS_ARRAY) { - return sp_match_array_key(value, to_match, rx); + + ZEND_HASH_FOREACH_VAL(Z_ARRVAL_P(arr), value) { + if (Z_TYPE_P(value) != IS_ARRAY) { + char *value_str = sp_convert_to_string(value); + if (sp_match_value(value_str, to_match, rx)) { + efree(value_str); + return true; } else { - char *value_str = sp_convert_to_string(value); - if (sp_match_value(value_str, to_match, rx)) { - efree(value_str); - return 1; - } else { - efree (value_str); - return 0; - } + efree (value_str); } + } else if (sp_match_array_value(value, to_match, rx)) { + return true; } } ZEND_HASH_FOREACH_END(); - return 0; + return false; } diff --git a/src/sp_utils.h b/src/sp_utils.h index a17ac4f..e54f307 100644 --- a/src/sp_utils.h +++ b/src/sp_utils.h @@ -57,14 +57,12 @@ void sp_log_msg(char const *feature, char const *level, const char* fmt, ...); int compute_hash(const char *const filename, char *file_hash); char *sp_convert_to_string(zval *); bool sp_match_value(const char *, const char *, const pcre *); -int sp_match_array_key(const zval *, const char *, const pcre *); -int sp_match_array_key_recurse(const zval *, sp_node_t *, const char *, - const pcre *); +bool sp_match_array_key(const zval *, const char *, const pcre *); +bool sp_match_array_value(const zval *, const char *, const pcre *); void sp_log_disable(const char *restrict, const char *restrict, const char *restrict, const sp_disabled_function *); void sp_log_disable_ret(const char *restrict, const char *restrict, const sp_disabled_function *); -char *sp_getenv(char *); int is_regexp_matching(const pcre *, const char *); int hook_function(const char *, HashTable *, void (*)(INTERNAL_FUNCTION_PARAMETERS), bool); diff --git a/src/sp_var_parser.c b/src/sp_var_parser.c new file mode 100644 index 0000000..bc0a80e --- /dev/null +++ b/src/sp_var_parser.c @@ -0,0 +1,247 @@ +#include "php_snuffleupagus.h" + +static int parse_str_tokens(const char *str, const sp_token_t token, + sp_node_t *tokens_list) { + const char *cur_str = str; + + while ((cur_str = strchr(cur_str, token.token[0]))) { + if (0 == strncmp(cur_str, token.token, strlen(token.token))) { + sp_token_t *token_elm = pecalloc(sizeof(sp_token_t), 1, 1); + token_elm->pos = cur_str - str; + token_elm->token = token.token; + token_elm->type = token.type; + sp_list_insert(tokens_list, token_elm); + cur_str += strlen(token.token); + } else { + cur_str++; + } + } + return 0; +} + +static bool is_var_name_valid(const char *name) { + static pcre *regexp_const = NULL; + static pcre *regexp_var = NULL; + const char *pcre_error; + int pcre_error_offset; + + if (!name) { + return false; + } + if (NULL == regexp_var || NULL == regexp_const) { + regexp_var = sp_pcre_compile(REGEXP_VAR, PCRE_CASELESS, &pcre_error, + &pcre_error_offset, NULL); + regexp_const = sp_pcre_compile(REGEXP_CONST, PCRE_CASELESS, &pcre_error, + &pcre_error_offset, NULL); + } + if (NULL == regexp_var || NULL == regexp_const) { + sp_log_err("config", "Could not compile regexp."); + return false; + } + if (0 > sp_pcre_exec(regexp_var, NULL, name, strlen(name), 0, 0, NULL, 0) + && 0 > sp_pcre_exec(regexp_const, NULL, name, strlen(name), 0, 0, NULL, 0)) { + return false; + } + return true; +} + +static int create_var(sp_tree *tree, const char *restrict value, + size_t value_len, elem_type _type, const char *restrict idx) { + sp_tree *var_node = NULL; + + if (!tree) { + return -1; + } + if (tree->next == NULL && tree->type == 0) { + var_node = tree; + } else { + var_node = pecalloc(sizeof(sp_tree), 1, 1); + } + + var_node->value = NULL; + var_node->next = NULL; + var_node->idx = NULL; + var_node->type = _type; + // Check if a constant is a variable + if (value && value[0] == VARIABLE_TOKEN && _type == CONSTANT) { + var_node->type = VAR; + } + if (!(var_node->value = pestrndup(value, value_len, 1))) { + sp_log_err("config", "Can't allocate a strndup"); + return -1; + } + if (var_node->type != STRING_DELIMITER && !is_var_name_valid(var_node->value)) { + sp_log_err("config", "Invalid var name: %s.", var_node->value); + return -1; + } + var_node->idx = parse_var(idx); + + if (tree != var_node) { + while (tree->next) { + tree = tree->next; + } + tree->next = var_node; + } + return 0; +} + +int cmp_tokens(sp_node_t *list1, sp_node_t *list2) { + return (((sp_token_t *)list1->data)->pos + - ((sp_token_t *)list2->data)->pos); +} + +static int is_next_token_empty(sp_token_t *token, sp_token_t *token_next, + const char * restrict str) { + if ((token_next && token_next->pos == token->pos + strlen(token->token)) + || (!token_next && token->pos == strlen(str) - strlen(token->token))) { + return -1; + } + return 0; +} + +static int is_token_valid(sp_node_t *tokens_list, elem_type ignore, + int array_count, const char * restrict str, + size_t pos) { + sp_token_t *token = (sp_token_t *)tokens_list->data; + sp_token_t *token_next = NULL; + + if (tokens_list->next) { + token_next = (sp_token_t *)tokens_list->next->data; + } + switch (token->type) { + case ESC_STRING_DELIMITER: + case STRING_DELIMITER: + if (ignore == token->type) { + if (token_next) { + if (token_next->pos != token->pos + 1) { + return -1; + } + } else if (token->pos != strlen(str) - 1) { + return -1; + } + } + break; + case ARRAY_END: + if (!ignore) { + if (array_count < 1) { + return -1; + } else if (token_next) { + if (token_next->type == STRING_DELIMITER + || token_next->type == ESC_STRING_DELIMITER) { + return -1; + } + } else if (token->pos != strlen(str) - strlen(token->token)) { + return -1; + } + } + break; + case OBJECT: + if (!ignore && -1 == is_next_token_empty(token, token_next, str)) { + return -1; + } + if (pos == 0 && *str != VARIABLE_TOKEN) { + return -1; + } + break; + case CLASS: + if (!ignore && -1 == is_next_token_empty(token, token_next, str)) { + return -1; + } + break; + default: + break; + } + return 0; +} + +static sp_tree *parse_tokens(const char * restrict str, + sp_node_t *tokens_list) { + size_t pos = 0; + int array_count = 0, pos_idx_start = -1; + elem_type ignore = 0; + sp_tree *tree = sp_tree_new(); + + for (; tokens_list && tokens_list->data; tokens_list = tokens_list->next) { + sp_token_t *token = (sp_token_t *)tokens_list->data; + size_t value_len; + char *idx = NULL; + + if (-1 == is_token_valid(tokens_list, ignore, array_count, str, pos)) { + sp_log_err("config", "Invalid `%s` position.", token->token); + goto error; + } + if (token->type == STRING_DELIMITER || token->type == ESC_STRING_DELIMITER) { + pos = (!ignore && !array_count) ? pos + strlen(token->token) : pos; + ignore = (!ignore) ? token->type : (ignore == token->type) ? 0 : ignore; + token->type = STRING_DELIMITER; + } + if (ignore == 0) { + if (token->type == ARRAY) { + pos_idx_start = (array_count) ? pos_idx_start : + (int)(token->pos + strlen(token->token)); + array_count++; + } else if (token->type == ARRAY_END) { + array_count--; + token->type = ARRAY; + } + if (array_count == 0) { + value_len = token->pos - pos; + if (token->type == ARRAY) { + value_len -= strlen(token->token); + } + if (pos_idx_start > 0) { + idx = estrndup(&(str[pos_idx_start]), token->pos - pos_idx_start); + value_len -= token->pos - pos_idx_start; + } + if (create_var(tree, &str[pos], value_len, token->type, idx)) { + goto error; + } + efree(idx); + pos = token->pos + strlen(token->token); + pos_idx_start = -1; + } + } + } + + if (ignore != 0 || array_count != 0) { +error: + sp_tree_free(tree); + return NULL; + } + if (pos != strlen(str) + && create_var(tree, &str[pos], strlen(str) - pos, CONSTANT, NULL)) { + goto error; + } + return tree; +} + +sp_tree *parse_var(const char *line) { + sp_node_t *tokens_list = NULL; + sp_tree *tree = NULL; + const sp_token_t delimiter_list[] = { + {.type=OBJECT, .token=OBJECT_TOKEN}, + {.type=ARRAY, .token=ARRAY_TOKEN}, + {.type=ARRAY_END, .token=ARRAY_END_TOKEN}, + {.type=STRING_DELIMITER, .token=STRING_TOKEN}, + {.type=ESC_STRING_DELIMITER, .token=ESC_STRING_TOKEN}, + {.type=CLASS, .token=CLASS_TOKEN} + }; + + + if (!line) { + return NULL; + } + tokens_list = sp_list_new(); + for (unsigned int i = 0; i < sizeof(delimiter_list) / sizeof(sp_token_t); i++) { + parse_str_tokens(line, delimiter_list[i], tokens_list); + } + tokens_list = sp_list_sort(tokens_list, cmp_tokens); + tree = parse_tokens(line, tokens_list); + sp_list_free(tokens_list); + // Check if tree is empty. + if (tree && tree->next == NULL && tree->type == 0) { + tree->type = CONSTANT; + tree->value = pestrdup("", 1); + } + return tree; +} diff --git a/src/sp_var_parser.h b/src/sp_var_parser.h new file mode 100644 index 0000000..eec1d06 --- /dev/null +++ b/src/sp_var_parser.h @@ -0,0 +1,51 @@ +#ifndef SP_VAR_PARSER_H +# define SP_VAR_PARSER_H +# include "php_snuffleupagus.h" +# include "sp_list.h" + +typedef enum { + OBJECT = 1, + ARRAY, + ARRAY_END, + STRING_DELIMITER, + CLASS, + VAR, + ESC_STRING_DELIMITER, + CONSTANT +} elem_type; + +typedef struct sp_token_s { + elem_type type; + char *token; + unsigned int pos; +} sp_token_t; + +typedef struct parser_s { + elem_type type; + char *value; + struct parser_s *idx; + struct parser_s *next; +} sp_tree; + +zval *get_value(zend_execute_data *, const sp_tree *, bool); +sp_tree *sp_tree_new(); +sp_tree *parse_var(const char *); +void print_type_list(const char *, sp_tree*, int); +void sp_tree_free(sp_tree *); + +# define OBJECT_TOKEN "->" +# define ARRAY_TOKEN "[" +# define ARRAY_END_TOKEN "]" +# define STRING_TOKEN "\"" +# define ESC_STRING_TOKEN "\'" +# define CLASS_TOKEN "::" + +# define VARIABLE_TOKEN '$' + +# define PRIVATE_PROP_FMT "%c%s%c%s" +# define PROTECTED_PROP_FMT "%c*%c%s" + +# define REGEXP_VAR "^\\$[a-z_][a-z0-9_]*$" +# define REGEXP_CONST "^[a-z_0-9\\\\]*$" + +#endif diff --git a/src/sp_var_value.c b/src/sp_var_value.c new file mode 100644 index 0000000..304ece9 --- /dev/null +++ b/src/sp_var_value.c @@ -0,0 +1,226 @@ +#include "php_snuffleupagus.h" + +static zval *get_param_var(zend_execute_data *ed, const char *var_name) { + unsigned int nb_param = ed->func->common.num_args; + + for (unsigned int i = 0; i < nb_param; i++) { + const char *arg_name; + if (ZEND_USER_CODE(ed->func->type)) { + arg_name = ZSTR_VAL(ed->func->common.arg_info[i].name); + } else { + arg_name = ed->func->internal_function.arg_info[i].name; + } + if (0 == strcmp(arg_name, var_name)) { + return ZEND_CALL_VAR_NUM(ed, i); + } + } + return NULL; +} + +static zval *get_local_var(zend_execute_data *ed, const char *var_name) { + zend_execute_data *orig_execute_data = ed; + zend_execute_data *current = ed; + zval *value = NULL; + + while (current) { + zend_string* key = NULL; + EG(current_execute_data) = current; + zend_array* symtable = zend_rebuild_symbol_table(); + ZEND_HASH_FOREACH_STR_KEY_VAL(symtable, key, value) { + if (0 == strcmp(var_name, key->val)) { + if (Z_TYPE_P(value) == IS_INDIRECT) { + value = Z_INDIRECT_P(value); + } + EG(current_execute_data) = orig_execute_data; + return value; + } + } + ZEND_HASH_FOREACH_END(); + current = current->prev_execute_data; + } + EG(current_execute_data) = orig_execute_data; + return NULL; +} + +static zval *get_constant(const char *value) { + zend_string *name = zend_string_init(value, strlen(value), 0); + zval *zvalue = zend_get_constant_ex(name, NULL, 0); + + zend_string_release(name); + return zvalue; +} + +static zval *get_var_value(zend_execute_data *ed, const char *var_name, + bool is_param) { + zval *zvalue = NULL; + + if (!var_name) { + return NULL; + } + if (*var_name != VARIABLE_TOKEN) { + return get_constant(var_name); + } else { + var_name++; + } + if (is_param) { + zvalue = get_param_var(ed, var_name); + if (!zvalue) { + return get_local_var(ed, var_name); + } + return zvalue; + } + return get_local_var(ed, var_name); +} + +static void *get_entry_hashtable(const HashTable *ht, const char *entry, + size_t entry_len) { + zval *zvalue = zend_hash_str_find(ht, entry, entry_len); + + if (!zvalue) { + zvalue = zend_hash_index_find(ht, atol(entry)); + } + while (zvalue && (Z_TYPE_P(zvalue) == IS_INDIRECT + || Z_TYPE_P(zvalue) == IS_PTR)) { + if (Z_TYPE_P(zvalue) == IS_INDIRECT) { + zvalue = Z_INDIRECT_P(zvalue); + } else { + zvalue = Z_PTR_P(zvalue); + } + } + return zvalue; +} + +static zval *get_array_value(zend_execute_data *ed, zval *zvalue, + const sp_tree *tree) { + zval *idx_value, *ret = NULL; + char *idx = NULL; + + idx_value = get_value(ed, tree->idx, false); + if (!zvalue || !idx_value) { + return NULL; + } + if (Z_TYPE_P(zvalue) == IS_ARRAY) { + idx = sp_convert_to_string(idx_value); + ret = get_entry_hashtable(Z_ARRVAL_P(zvalue), idx, strlen(idx)); + efree(idx); + } + return ret; +} + +static zval *get_object_property(zend_execute_data *ed, zval *object, + const char *property, bool is_param) { + char *class_name = object->value.obj->ce->name->val; + HashTable *array = Z_OBJPROP_P(object); + zval *zvalue = NULL; + zval *property_val = get_var_value(ed, property, is_param); + size_t len; + + if (property_val) { + if (Z_TYPE_P(property_val) != IS_STRING) { + return NULL; + } else { + property = Z_STRVAL_P(property_val); + } + } + zvalue = get_entry_hashtable(array, property, strlen(property)); + if (!zvalue) { + char *protected_property = emalloc(strlen(property) + 4); + len = sprintf(protected_property, PROTECTED_PROP_FMT, 0, 0, property); + zvalue = get_entry_hashtable(array, protected_property, len); + efree(protected_property); + } + if (!zvalue) { + char *private_property = emalloc(strlen(class_name) + 3 + strlen(property)); + len = sprintf(private_property, PRIVATE_PROP_FMT, 0, class_name, 0, property); + zvalue = get_entry_hashtable(array, private_property, len); + efree(private_property); + } + return zvalue; +} + +static zend_class_entry *get_class(const char *value) { + zend_string *name; + zend_class_entry *ce; + + name = zend_string_init(value, strlen(value), 0); + ce = zend_lookup_class(name); + zend_string_release(name); + return ce; +} + +static zval *get_unknown_type(const char *restrict value, zval *zvalue, + zend_class_entry *ce, zend_execute_data *ed, + const sp_tree *tree, bool is_param) { + if (ce) { + zvalue = get_entry_hashtable(&ce->constants_table, value, strlen(value)); + ce = NULL; + } else if (zvalue && Z_TYPE_P(zvalue) == IS_OBJECT && value[0]) { + zvalue = get_object_property(ed, zvalue, value, is_param); + } else if (!tree->next && !zvalue) { + if (tree->type == CONSTANT) { + zvalue = get_constant(value); + } + if (!zvalue) { + zvalue = emalloc(sizeof(zval)); + zvalue->value.str = zend_string_init(value, strlen(value), 0); + zvalue->u1.v.type = IS_STRING; + } + } else { + return NULL; + } + return zvalue; +} + +zval *get_value(zend_execute_data *ed, const sp_tree *tree, + bool is_param) { + zval *zvalue = NULL; + zend_class_entry *ce = NULL; + + while (tree) { + switch (tree->type) { + case ARRAY: + if (ce) { + zvalue = get_entry_hashtable(&ce->constants_table, tree->value, + strlen(tree->value)); + ce = NULL; + } else if (!zvalue) { + zvalue = get_var_value(ed, tree->value, is_param); + } else if (Z_TYPE_P(zvalue) == IS_OBJECT) { + zvalue = get_object_property(ed, zvalue, tree->value, is_param); + } + zvalue = get_array_value(ed, zvalue, tree); + break; + case VAR: + if (zvalue && Z_TYPE_P(zvalue) == IS_OBJECT) { + zvalue = get_object_property(ed, zvalue, tree->value, is_param); + } else { + zvalue = get_var_value(ed, tree->value, is_param); + } + break; + case OBJECT: + if (!zvalue) { + zvalue = get_var_value(ed, tree->value, is_param); + } else if (Z_TYPE_P(zvalue) == IS_OBJECT) { + if (0 != strlen(tree->value)) { + zvalue = get_object_property(ed, zvalue, tree->value, is_param); + } + } else { + return NULL; + } + break; + case CLASS: + ce = get_class(tree->value); + zvalue = NULL; + break; + default: + zvalue = get_unknown_type(tree->value, zvalue, ce, ed, tree, is_param); + ce = NULL; + break; + } + if (!zvalue && !ce) { + return NULL; + } + tree = tree->next; + } + return zvalue; +} diff --git a/src/tests/broken_conf_key_value.phpt b/src/tests/broken_conf_key_value.phpt new file mode 100644 index 0000000..e9ee4a9 --- /dev/null +++ b/src/tests/broken_conf_key_value.phpt @@ -0,0 +1,9 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_key_value.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid configuration line: 'sp.disabled_functions.function("system").var("").value("").key("").drop();':`key` and `value` are mutually exclusive on line 1. diff --git a/src/tests/broken_conf_local_var_1.phpt b/src/tests/broken_conf_local_var_1.phpt new file mode 100644 index 0000000..a91d275 --- /dev/null +++ b/src/tests/broken_conf_local_var_1.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_1.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `]` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value ']' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_10.phpt b/src/tests/broken_conf_local_var_10.phpt new file mode 100644 index 0000000..8a7d9b9 --- /dev/null +++ b/src/tests/broken_conf_local_var_10.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_10.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `]` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'asd[asd]asd' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_11.phpt b/src/tests/broken_conf_local_var_11.phpt new file mode 100644 index 0000000..1817a3f --- /dev/null +++ b/src/tests/broken_conf_local_var_11.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_11.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `::` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'asd::' for `param` on line 1. diff --git a/src/tests/broken_conf_local_var_12.phpt b/src/tests/broken_conf_local_var_12.phpt new file mode 100644 index 0000000..0b52e2a --- /dev/null +++ b/src/tests/broken_conf_local_var_12.phpt @@ -0,0 +1,9 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_12.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Empty value in `var` on line 1. diff --git a/src/tests/broken_conf_local_var_13.phpt b/src/tests/broken_conf_local_var_13.phpt new file mode 100644 index 0000000..ca6be6d --- /dev/null +++ b/src/tests/broken_conf_local_var_13.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_13.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `->` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'asd->asd' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_14.phpt b/src/tests/broken_conf_local_var_14.phpt new file mode 100644 index 0000000..cb7e455 --- /dev/null +++ b/src/tests/broken_conf_local_var_14.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_14.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid var name: $i+valid var name . +[snuffleupagus][0.0.0.0][config][error] Invalid value '$i+valid var name ' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_2.phpt b/src/tests/broken_conf_local_var_2.phpt new file mode 100644 index 0000000..b67a492 --- /dev/null +++ b/src/tests/broken_conf_local_var_2.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_2.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `"` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value '""asd' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_3.phpt b/src/tests/broken_conf_local_var_3.phpt new file mode 100644 index 0000000..639d2ea --- /dev/null +++ b/src/tests/broken_conf_local_var_3.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_3.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `->` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value '$qwe->::' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_4.phpt b/src/tests/broken_conf_local_var_4.phpt new file mode 100644 index 0000000..e50f9a6 --- /dev/null +++ b/src/tests/broken_conf_local_var_4.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_4.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `"` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value '"asd"asd[]' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_5.phpt b/src/tests/broken_conf_local_var_5.phpt new file mode 100644 index 0000000..0c0d59a --- /dev/null +++ b/src/tests/broken_conf_local_var_5.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_5.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `'` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value ''asd'asd[]' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_6.phpt b/src/tests/broken_conf_local_var_6.phpt new file mode 100644 index 0000000..c51de24 --- /dev/null +++ b/src/tests/broken_conf_local_var_6.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_6.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `'` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value '''asd' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_7.phpt b/src/tests/broken_conf_local_var_7.phpt new file mode 100644 index 0000000..d3a0fa4 --- /dev/null +++ b/src/tests/broken_conf_local_var_7.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_7.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `->` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'asd-->' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_8.phpt b/src/tests/broken_conf_local_var_8.phpt new file mode 100644 index 0000000..749a1aa --- /dev/null +++ b/src/tests/broken_conf_local_var_8.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_8.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `]` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'asd[asd]"asd"' for `var` on line 1. diff --git a/src/tests/broken_conf_local_var_9.phpt b/src/tests/broken_conf_local_var_9.phpt new file mode 100644 index 0000000..6f706db --- /dev/null +++ b/src/tests/broken_conf_local_var_9.phpt @@ -0,0 +1,10 @@ +--TEST-- +Broken configuration +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_local_var_9.ini +--FILE-- +--EXPECT-- +[snuffleupagus][0.0.0.0][config][error] Invalid `]` position. +[snuffleupagus][0.0.0.0][config][error] Invalid value 'asd[asd]'asd'' for `var` on line 1. diff --git a/src/tests/config/broken_conf_key_value.ini b/src/tests/config/broken_conf_key_value.ini new file mode 100644 index 0000000..a0edaf2 --- /dev/null +++ b/src/tests/config/broken_conf_key_value.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("").value("").key("").drop(); diff --git a/src/tests/config/broken_conf_local_var_1.ini b/src/tests/config/broken_conf_local_var_1.ini new file mode 100644 index 0000000..ae5165c --- /dev/null +++ b/src/tests/config/broken_conf_local_var_1.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("]").drop(); diff --git a/src/tests/config/broken_conf_local_var_10.ini b/src/tests/config/broken_conf_local_var_10.ini new file mode 100644 index 0000000..93dd07f --- /dev/null +++ b/src/tests/config/broken_conf_local_var_10.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd[asd]asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_11.ini b/src/tests/config/broken_conf_local_var_11.ini new file mode 100644 index 0000000..028b1bd --- /dev/null +++ b/src/tests/config/broken_conf_local_var_11.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").param("asd::").drop(); diff --git a/src/tests/config/broken_conf_local_var_12.ini b/src/tests/config/broken_conf_local_var_12.ini new file mode 100644 index 0000000..a151960 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_12.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("").drop(); diff --git a/src/tests/config/broken_conf_local_var_13.ini b/src/tests/config/broken_conf_local_var_13.ini new file mode 100644 index 0000000..e7c9778 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_13.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd->asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_14.ini b/src/tests/config/broken_conf_local_var_14.ini new file mode 100644 index 0000000..6c98ec3 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_14.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("$i+valid var name ").drop(); diff --git a/src/tests/config/broken_conf_local_var_2.ini b/src/tests/config/broken_conf_local_var_2.ini new file mode 100644 index 0000000..145a3b5 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_2.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("\"\"asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_3.ini b/src/tests/config/broken_conf_local_var_3.ini new file mode 100644 index 0000000..5d89076 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_3.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("\$qwe->::").drop(); diff --git a/src/tests/config/broken_conf_local_var_4.ini b/src/tests/config/broken_conf_local_var_4.ini new file mode 100644 index 0000000..3ec073b --- /dev/null +++ b/src/tests/config/broken_conf_local_var_4.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("\"asd\"asd[]").drop(); diff --git a/src/tests/config/broken_conf_local_var_5.ini b/src/tests/config/broken_conf_local_var_5.ini new file mode 100644 index 0000000..cd350b6 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_5.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("'asd'asd[]").drop(); diff --git a/src/tests/config/broken_conf_local_var_6.ini b/src/tests/config/broken_conf_local_var_6.ini new file mode 100644 index 0000000..02f4f1a --- /dev/null +++ b/src/tests/config/broken_conf_local_var_6.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("''asd").drop(); diff --git a/src/tests/config/broken_conf_local_var_7.ini b/src/tests/config/broken_conf_local_var_7.ini new file mode 100644 index 0000000..abbd223 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_7.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd-->").drop(); diff --git a/src/tests/config/broken_conf_local_var_8.ini b/src/tests/config/broken_conf_local_var_8.ini new file mode 100644 index 0000000..fd18487 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_8.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd[asd]\"asd\"").drop(); diff --git a/src/tests/config/broken_conf_local_var_9.ini b/src/tests/config/broken_conf_local_var_9.ini new file mode 100644 index 0000000..a311b86 --- /dev/null +++ b/src/tests/config/broken_conf_local_var_9.ini @@ -0,0 +1 @@ +sp.disable_function.function("system").var("asd[asd]\'asd\'").drop(); diff --git a/src/tests/config/config_disabled_functions_local_var_array.ini b/src/tests/config/config_disabled_functions_local_var_array.ini new file mode 100644 index 0000000..15dd5a1 --- /dev/null +++ b/src/tests/config/config_disabled_functions_local_var_array.ini @@ -0,0 +1 @@ +sp.disable_function.function("foo").var("$a[test2][foo]").value("aaa").drop(); diff --git a/src/tests/config/config_disabled_functions_local_var_array_key.ini b/src/tests/config/config_disabled_functions_local_var_array_key.ini new file mode 100644 index 0000000..75c840d --- /dev/null +++ b/src/tests/config/config_disabled_functions_local_var_array_key.ini @@ -0,0 +1 @@ +sp.disable_function.function("foo").var("$a[test2][foo]").key("aaa").drop(); diff --git a/src/tests/config/config_disabled_functions_name_type.ini b/src/tests/config/config_disabled_functions_name_type.ini index 25bdf98..c25b92c 100644 --- a/src/tests/config/config_disabled_functions_name_type.ini +++ b/src/tests/config/config_disabled_functions_name_type.ini @@ -1 +1 @@ -sp.disable_function.function_r("^strcmp$").param("str1").param_type("array").drop(); +sp.disable_function.function_r("^strcmp$").param("$str1").param_type("array").drop(); diff --git a/src/tests/config/config_disabled_functions_nul_byte.ini b/src/tests/config/config_disabled_functions_nul_byte.ini index d5eb847..e664cba 100644 --- a/src/tests/config/config_disabled_functions_nul_byte.ini +++ b/src/tests/config/config_disabled_functions_nul_byte.ini @@ -1 +1 @@ -sp.disable_function.function("system").param("command").value_r("id").drop(); \ No newline at end of file +sp.disable_function.function("system").param("$command").value_r("id").drop(); diff --git a/src/tests/config/config_disabled_functions_param.ini b/src/tests/config/config_disabled_functions_param.ini index 87f1b3c..dc1c949 100644 --- a/src/tests/config/config_disabled_functions_param.ini +++ b/src/tests/config/config_disabled_functions_param.ini @@ -1,6 +1,6 @@ -sp.disable_function.function("system").param("command").value_r("^id$").alias("1").drop(); -sp.disable_function.function("array_sum").param("array").value_r("^8$").alias("2").drop(); -sp.disable_function.function("shell_exec").param("cmd").value("id").alias("3").drop(); -sp.disable_function.function("shell_exec").param("cmd").value("bla").alias("4").drop(); -sp.disable_function.function("strcmp").param("str1").value("bla").alias("5").drop().simulation(); -sp.disable_function.function("strncmp").param("str1").value("bla").drop().simulation(); +sp.disable_function.function("system").param("$command").value_r("^id$").alias("1").drop(); +sp.disable_function.function("array_sum").param("$array").value_r("^8$").alias("2").drop(); +sp.disable_function.function("shell_exec").param("$cmd").value("id").alias("3").drop(); +sp.disable_function.function("shell_exec").param("$cmd").value("bla").alias("4").drop(); +sp.disable_function.function("strcmp").param("$str1").value("bla").alias("5").drop().simulation(); +sp.disable_function.function("strncmp").param("$str1").value("bla").drop().simulation(); diff --git a/src/tests/config/config_disabled_functions_param_allow.ini b/src/tests/config/config_disabled_functions_param_allow.ini index 8e139e4..27d919a 100644 --- a/src/tests/config/config_disabled_functions_param_allow.ini +++ b/src/tests/config/config_disabled_functions_param_allow.ini @@ -1,3 +1,3 @@ -sp.disable_function.function("system").param("command").value("echo win").filename("/test.php").drop(); -sp.disable_function.function("system").param("command").value("echo win").allow(); +sp.disable_function.function("system").param("$command").value("echo win").filename("/test.php").drop(); +sp.disable_function.function("system").param("$command").value("echo win").allow(); sp.disable_function.function("system").drop(); diff --git a/src/tests/config/config_disabled_functions_param_array.ini b/src/tests/config/config_disabled_functions_param_array.ini index 0589ad8..6fe0615 100644 --- a/src/tests/config/config_disabled_functions_param_array.ini +++ b/src/tests/config/config_disabled_functions_param_array.ini @@ -1,4 +1,7 @@ -sp.disable_function.function("foo").param("arr").value("abcd").alias("1").drop(); -sp.disable_function.function("foo").param("arr[bla]").value("abcdef").alias("2").drop(); -sp.disable_function.function("foo").param("arr[test]").alias("3").drop(); -sp.disable_function.function("foo").param("arr[test2][foo][lol]").value("aaa").alias("4").drop(); +sp.disable_function.function("foo").param("$arr[a]").value("abcd").alias("1").drop(); +sp.disable_function.function("foo").param("$arr[bla]").value("abcdef").alias("2").drop(); +sp.disable_function.function("foo").param("$arr[test]").alias("3").drop(); +sp.disable_function.function("foo").param("$arr[test2][foo]").value("aaa").alias("4").drop(); +sp.disable_function.function("foo").param("$arr[test2][bar]").key("lol").alias("5").drop(); +sp.disable_function.function("foo").param("$arr[test2][bar]").key("123").alias("6").drop(); +sp.disable_function.function("foo").param("$qwe[a]").value("abcd").alias("7").drop(); diff --git a/src/tests/config/config_disabled_functions_param_int.ini b/src/tests/config/config_disabled_functions_param_int.ini index 1c93c2f..2a7d962 100644 --- a/src/tests/config/config_disabled_functions_param_int.ini +++ b/src/tests/config/config_disabled_functions_param_int.ini @@ -1,2 +1,2 @@ -sp.disable_function.function("foobar").param("id").value("42").drop(); -sp.disable_function.function("foobar").param("id").value_r("^1337").drop(); +sp.disable_function.function("foobar").param("$id").value("42").drop(); +sp.disable_function.function("foobar").param("$id").value_r("^1337").drop(); diff --git a/src/tests/config/config_disabled_functions_param_r_array.ini b/src/tests/config/config_disabled_functions_param_r_array.ini new file mode 100644 index 0000000..fcac71d --- /dev/null +++ b/src/tests/config/config_disabled_functions_param_r_array.ini @@ -0,0 +1,2 @@ +sp.disable_function.function("foo").param_r("arr").value("abcd").alias("1").drop(); +sp.disable_function.function("foo").param_r("arr").key_r("abc").alias("2").drop(); diff --git a/src/tests/config/config_disabled_functions_param_runtime.ini b/src/tests/config/config_disabled_functions_param_runtime.ini index e7a011f..e9d44a2 100644 --- a/src/tests/config/config_disabled_functions_param_runtime.ini +++ b/src/tests/config/config_disabled_functions_param_runtime.ini @@ -1 +1 @@ -sp.disable_function.function("test").param("param").value_r("1337").drop(); +sp.disable_function.function("test").param("$param").value_r("1337").drop(); diff --git a/src/tests/config/disabled_function_local_var.ini b/src/tests/config/disabled_function_local_var.ini index cba2ae3..3d553c0 100644 --- a/src/tests/config/disabled_function_local_var.ini +++ b/src/tests/config/disabled_function_local_var.ini @@ -1,2 +1,10 @@ -sp.disable_function.function("phpinfo").var("b").value("1337").drop(); -sp.disable_function.function("strlen").var("a").value("1337").drop(); +sp.disable_function.function("phpinfo").var("$b").value("1337").drop(); +sp.disable_function.function("strlen").var("$a").value("1337").drop(); +sp.disable_function.function("strlen").var("$a['123']").value("block").drop(); +sp.disable_function.function("strlen").var("$a[$c]->prop").value("block").drop(); +sp.disable_function.function("strlen").var("$a->zxc").value("not a good value").drop(); +sp.disable_function.function("strlen").var("\\asd\\test_object::TEST_VALUE['constant']").value("no good").drop(); +sp.disable_function.function("strlen").var("\\asd\\test_object::TEST_VALUE").value("qwerty").drop(); +sp.disable_function.function("strlen").var("\\qwe\\ASD").value("qwerty").drop(); +sp.disable_function.function("strlen").var("\\qwe\\QWE['123']").value("asdfgh").drop(); +sp.disable_function.function("strlen").var("$qwe").value("block this").drop(); diff --git a/src/tests/config/disabled_function_local_var_2.ini b/src/tests/config/disabled_function_local_var_2.ini new file mode 100644 index 0000000..e3e9ae6 --- /dev/null +++ b/src/tests/config/disabled_function_local_var_2.ini @@ -0,0 +1 @@ +sp.disable_function.function("strlen").var("$b['_GET[obj->nop]'][$b[456][$d->$idk->qwe[\\qwe\\UNE_CONSTANTE]]][$a]->uio").value("valeur de apres").drop(); diff --git a/src/tests/config/disabled_function_local_var_obj.ini b/src/tests/config/disabled_function_local_var_obj.ini new file mode 100644 index 0000000..df6b617 --- /dev/null +++ b/src/tests/config/disabled_function_local_var_obj.ini @@ -0,0 +1,3 @@ +sp.disable_function.function("strlen").var("$test->$test_array").value("value").drop(); +sp.disable_function.function("strlen").var("$arg->$test_array").value("value").drop(); +sp.disable_function.function("strlen").var("$test->$arg").value("nop_object").drop(); diff --git a/src/tests/config/disabled_function_super_global_var.ini b/src/tests/config/disabled_function_super_global_var.ini index feac314..178a01a 100644 --- a/src/tests/config/disabled_function_super_global_var.ini +++ b/src/tests/config/disabled_function_super_global_var.ini @@ -1 +1 @@ -sp.disable_function.function("strlen").var("_GET[bla]").value("test2").drop(); +sp.disable_function.function("strlen").var("$_GET[bla]").value("test2").drop(); diff --git a/src/tests/config/disabled_functions_pos.ini b/src/tests/config/disabled_functions_pos.ini index e7d12a9..2b4650d 100644 --- a/src/tests/config/disabled_functions_pos.ini +++ b/src/tests/config/disabled_functions_pos.ini @@ -1,2 +1,3 @@ sp.disable_function.function("system").pos("1337").value("id").drop(); sp.disable_function.function("system").pos("0").value("id").drop(); +sp.disable_function.function("system").pos("1").param_type("ARRAY").alias("1").drop(); diff --git a/src/tests/disabled_function_local_var_10.phpt b/src/tests/disabled_function_local_var_10.phpt new file mode 100644 index 0000000..538d693 --- /dev/null +++ b/src/tests/disabled_function_local_var_10.phpt @@ -0,0 +1,44 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- + Array('qwe'), '456' => Array('no block this')); +var_dump($qwe); +strlen("qwe"); +$qwe = Array('123' => Array('qwe'), '456' => Array(Array('block this'))); +var_dump($qwe); +strlen("qwe"); +?> +--EXPECTF-- +array(2) { + [123]=> + array(1) { + [0]=> + string(3) "qwe" + } + [456]=> + array(1) { + [0]=> + string(13) "no block this" + } +} +array(2) { + [123]=> + array(1) { + [0]=> + string(3) "qwe" + } + [456]=> + array(1) { + [0]=> + array(1) { + [0]=> + string(10) "block this" + } + } +} +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_10.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_2.phpt b/src/tests/disabled_function_local_var_2.phpt new file mode 100644 index 0000000..da0a3d2 --- /dev/null +++ b/src/tests/disabled_function_local_var_2.phpt @@ -0,0 +1,46 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- + +--EXPECTF-- +Value of a: 1338 +2 +Value of a: +array(2) { + ["qwe"]=> + string(5) "block" + [123]=> + string(3) "nop" +} +2 +Value of a: +array(2) { + ["qwe"]=> + string(5) "block" + [123]=> + string(5) "block" +} +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_2.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_3.phpt b/src/tests/disabled_function_local_var_3.phpt new file mode 100644 index 0000000..d26b636 --- /dev/null +++ b/src/tests/disabled_function_local_var_3.phpt @@ -0,0 +1,45 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- + 'block']; +echo "Value of a:\n"; +var_dump($a); +test(); +?> +--EXPECTF-- +Value of a: +array(2) { + ["qwe"]=> + string(3) "qwe" + [123]=> + string(3) "nop" +} +2 +Value of a: +array(2) { + ["qwe"]=> + string(3) "qwe" + [123]=> + object(stdClass)#1 (1) { + ["prop"]=> + string(5) "block" + } +} +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_3.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_4.phpt b/src/tests/disabled_function_local_var_4.phpt new file mode 100644 index 0000000..ae8d713 --- /dev/null +++ b/src/tests/disabled_function_local_var_4.phpt @@ -0,0 +1,56 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var_2.ini +--FILE-- +nop]'] = Array(); +$b['_GET[obj->nop]']["qwe"] = Array(); +$b[456] = Array(); +$b[456]['zxc'] = "qwe"; +$b[456]['nop'] = "nop"; +$b['_GET[obj->nop]']["qwe"][321] = "Yeay"; +$b["123"] = "qwe"; +$b["123a"] = "foo"; +$b["asd"] = "zxc"; +$b['_GET[obj->nop]']["qwe"][1337] = (Object)(['uio' => "valeur de apres"]); +$b['_GET[obj->nop]']["qwe"][1338] = (Object)(['uio' => "valeur de a"]); +$c = (Object)(['qwe' => Array(\qwe\UNE_CONSTANTE => 'zxc')]); +$idk = 'test_asd'; +$class_name = 'test_object'; +class test_object { + const TEST_VALUE = ['constant' => 'truc']; + private $asd = "qwe"; + public $qwe = 'bar'; + private $test_asd = ''; + function __construct($asd) { + $this->test_asd = $asd; + } + function do_a_barell_roll() { + var_dump($this->test_asd); + } +} +$d = new test_object($c); +$a = 1338; +function test(){ + strlen("qwe"); +} +echo "Valeur: " . $b['_GET[obj->nop]']["qwe"][$a]->uio . "\n"; +test(); + +$a = 1337; +echo "Valeur: " . $b['_GET[obj->nop]']["qwe"][$a]->uio . "\n"; +test(); +} +?> +--EXPECTF-- +Valeur: valeur de a +Valeur: valeur de apres +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_4.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_5.phpt b/src/tests/disabled_function_local_var_5.phpt new file mode 100644 index 0000000..d82574d --- /dev/null +++ b/src/tests/disabled_function_local_var_5.phpt @@ -0,0 +1,33 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- + 'not a good value']; +echo "Value of a:\n"; +var_dump($a); +test(); +?> +--EXPECTF-- +Value of a: +array(0) { +} +2 +Value of a: +object(stdClass)#1 (1) { + ["zxc"]=> + string(16) "not a good value" +} +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_5.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_6.phpt b/src/tests/disabled_function_local_var_6.phpt new file mode 100644 index 0000000..90c1815 --- /dev/null +++ b/src/tests/disabled_function_local_var_6.phpt @@ -0,0 +1,31 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- + 'no good']; + private $asd = "qwe"; + public $qwe = 'bar'; + private $test_asd = ''; + function __construct($asd) { + $this->test_asd = $asd; + } + function do_a_barell_roll() { + var_dump($this->test_asd); + } +} +} +?> +--EXPECTF-- +Valeur: no good +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_6.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_7.phpt b/src/tests/disabled_function_local_var_7.phpt new file mode 100644 index 0000000..7ab249a --- /dev/null +++ b/src/tests/disabled_function_local_var_7.phpt @@ -0,0 +1,31 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- +test_asd = $asd; + } + function do_a_barell_roll() { + var_dump($this->test_asd); + } +} +} +?> +--EXPECTF-- +Valeur: qwerty +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_7.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_8.phpt b/src/tests/disabled_function_local_var_8.phpt new file mode 100644 index 0000000..475b472 --- /dev/null +++ b/src/tests/disabled_function_local_var_8.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- + +--EXPECTF-- +Valeur: qwerty +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_8.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_9.phpt b/src/tests/disabled_function_local_var_9.phpt new file mode 100644 index 0000000..fb65bc4 --- /dev/null +++ b/src/tests/disabled_function_local_var_9.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var.ini +--FILE-- +'asdfgh'); +} +namespace asd { + const asd = 'qwe'; + echo "Valeur: " . \qwe\QWE[123]. "\n"; + strlen("qwe"); +} +?> +--EXPECTF-- +Valeur: asdfgh +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_9.php:%d has been disabled. diff --git a/src/tests/disabled_function_local_var_obj.phpt b/src/tests/disabled_function_local_var_obj.phpt new file mode 100644 index 0000000..868ea4c --- /dev/null +++ b/src/tests/disabled_function_local_var_obj.phpt @@ -0,0 +1,25 @@ +--TEST-- +Disable functions - match on a local variable +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_function_local_var_obj.ini +--FILE-- +$arg = $value; + } +} + +$test_array = ['qwe']; +$arg = 'qwe'; +$test = new test_class('qwe', 'qwe'); +echo strlen($test->$arg) . "\n"; +$test = new test_class('qwe', 'nop_object'); +echo strlen($test->$arg) . "\n"; +?> +--EXPECTF-- +3 +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strlen' in %a/tests/disabled_function_local_var_obj.php:%d has been disabled. diff --git a/src/tests/disabled_functions_local_var_array.phpt b/src/tests/disabled_functions_local_var_array.phpt new file mode 100644 index 0000000..2255cbf --- /dev/null +++ b/src/tests/disabled_functions_local_var_array.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array value buried in several levels +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_local_var_array.ini +--FILE-- +Array("pof"=>"pif", "foo"=>Array("lol"=>"bbb")), "a"=>"cccc"); +foo($a); + +$a=Array("test2"=>Array("foo"=>Array("lol"=>"aaa")), "a"=>"dddd"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_local_var_array.php:3 has been disabled. diff --git a/src/tests/disabled_functions_local_var_array_key.phpt b/src/tests/disabled_functions_local_var_array_key.phpt new file mode 100644 index 0000000..4014c05 --- /dev/null +++ b/src/tests/disabled_functions_local_var_array_key.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array value buried in several levels +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_local_var_array_key.ini +--FILE-- +Array("pof"=>"pif", "foo"=>Array("lol"=>"bbb")), "a"=>"cccc"); +foo($a); + +$a=Array("test2"=>Array("foo"=>Array("aaa"=>"ccc")), "a"=>"dddd"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_local_var_array_key.php:3 has been disabled. diff --git a/src/tests/disabled_functions_name_type.phpt b/src/tests/disabled_functions_name_type.phpt index c5b24d6..1022238 100644 --- a/src/tests/disabled_functions_name_type.phpt +++ b/src/tests/disabled_functions_name_type.phpt @@ -11,4 +11,4 @@ echo strcmp([1,23], "pouet") . "\n"; ?> --EXPECTF-- 0 -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strcmp' in %a/disabled_functions_name_type.php:%d has been disabled, because its argument 'str1' content (?) matched a rule. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'strcmp' in %a/disabled_functions_name_type.php:%d has been disabled, because its argument '$str1' content (ARRAY) matched a rule. diff --git a/src/tests/disabled_functions_nul_byte.phpt b/src/tests/disabled_functions_nul_byte.phpt index b4974a9..f03a8e4 100644 --- a/src/tests/disabled_functions_nul_byte.phpt +++ b/src/tests/disabled_functions_nul_byte.phpt @@ -11,4 +11,4 @@ system("id"); ?> --EXPECTF-- -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_nul_byte.php:2 has been disabled, because its argument 'command' content (0id) matched a rule. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/tests/disabled_functions_nul_byte.php:2 has been disabled, because its argument '$command' content (0id) matched a rule. diff --git a/src/tests/disabled_functions_param.phpt b/src/tests/disabled_functions_param.phpt index d9f8767..fe0e244 100644 --- a/src/tests/disabled_functions_param.phpt +++ b/src/tests/disabled_functions_param.phpt @@ -15,4 +15,4 @@ strcmp("bla", "ble"); strncmp("bla", "ble", 2); ?> --EXPECTF-- -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/disabled_functions_param.php:2 has been disabled, because its argument 'command' content (id) matched the rule '1'. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/disabled_functions_param.php:2 has been disabled, because its argument '$command' content (id) matched the rule '1'. diff --git a/src/tests/disabled_functions_param_array.phpt b/src/tests/disabled_functions_param_array.phpt index 5ca13aa..f023cfc 100644 --- a/src/tests/disabled_functions_param_array.phpt +++ b/src/tests/disabled_functions_param_array.phpt @@ -21,4 +21,4 @@ foo($a); --EXPECTF-- test1 abcde -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/disabled_functions_param_array.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '1'. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/disabled_functions_param_array.php:3 has been disabled, because its argument '$arr' content (abcd) matched the rule '1'. diff --git a/src/tests/disabled_functions_param_array_deref.phpt b/src/tests/disabled_functions_param_array_deref.phpt index 556cb06..1e8e31b 100644 --- a/src/tests/disabled_functions_param_array_deref.phpt +++ b/src/tests/disabled_functions_param_array_deref.phpt @@ -22,4 +22,4 @@ foo($a); --EXPECTF-- eee abcdef -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_deref.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '2'. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_deref.php:3 has been disabled, because its argument '$arr' content (abcdef) matched the rule '2'. diff --git a/src/tests/disabled_functions_param_array_no_value.phpt b/src/tests/disabled_functions_param_array_no_value.phpt index 06b9839..ac1b5e0 100644 --- a/src/tests/disabled_functions_param_array_no_value.phpt +++ b/src/tests/disabled_functions_param_array_no_value.phpt @@ -19,4 +19,4 @@ foo($a); ?> --EXPECTF-- cccc -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_no_value.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '3'. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_no_value.php:3 has been disabled, because its argument '$arr' content (aaa) matched the rule '3'. diff --git a/src/tests/disabled_functions_param_array_r.phpt b/src/tests/disabled_functions_param_array_r.phpt new file mode 100644 index 0000000..8bd85ce --- /dev/null +++ b/src/tests/disabled_functions_param_array_r.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array using regexp +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_param_r_array.ini +--FILE-- +"pof", "pof"=>"pif", "a"=>Array("qwe"=>"bbb"), "a"=>"cccc"); +foo($a); + +$a=Array("a"=>"abcd", "pof"=>"pif", "bar"=>Array("qwe"=>"bbb"), "b"=>"cccc"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_r.php:3 has been disabled, because its argument 'arr' content (ARRAY) matched the rule '1'. diff --git a/src/tests/disabled_functions_param_array_r_keys.phpt b/src/tests/disabled_functions_param_array_r_keys.phpt new file mode 100644 index 0000000..e9ef50d --- /dev/null +++ b/src/tests/disabled_functions_param_array_r_keys.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array using regexp +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_param_r_array.ini +--FILE-- +"pof", "pof"=>"pif", "qwe"=>Array("qwe"=>"bbb"), "a"=>"cccc"); +foo($a); + +$a=Array("a"=>"", "pof"=>"pif", "bar"=>Array("qwe"=>"bbb"), "qweabcqwe"=>"nop"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_r_keys.php:3 has been disabled, because its argument 'arr' content (ARRAY) matched the rule '2'. diff --git a/src/tests/disabled_functions_param_array_several_levels.phpt b/src/tests/disabled_functions_param_array_several_levels.phpt index cef6ded..f5665fb 100644 --- a/src/tests/disabled_functions_param_array_several_levels.phpt +++ b/src/tests/disabled_functions_param_array_several_levels.phpt @@ -17,4 +17,4 @@ foo($a); ?> --EXPECTF-- cccc -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_several_levels.php:3 has been disabled, because its argument 'arr' content (Array) matched the rule '4'. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_several_levels.php:3 has been disabled, because its argument '$arr' content (ARRAY) matched the rule '4'. diff --git a/src/tests/disabled_functions_param_array_several_levels_int.phpt b/src/tests/disabled_functions_param_array_several_levels_int.phpt new file mode 100644 index 0000000..2e546f4 --- /dev/null +++ b/src/tests/disabled_functions_param_array_several_levels_int.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array value buried in several levels +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_param_array.ini +--FILE-- +Array("pof"=>"pif", "foo"=>Array("lol"=>"bbb")), "a"=>"cccc"); +foo($a); + +$a=Array("test2"=>Array("foo"=>Array("123"=>"aaa")), "a"=>"dddd"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_several_levels_int.php:3 has been disabled, because its argument '$arr' content (ARRAY) matched the rule '4'. diff --git a/src/tests/disabled_functions_param_array_several_levels_keys.phpt b/src/tests/disabled_functions_param_array_several_levels_keys.phpt new file mode 100644 index 0000000..1be59fc --- /dev/null +++ b/src/tests/disabled_functions_param_array_several_levels_keys.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array value buried in several levels +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_param_array.ini +--FILE-- +Array("pof"=>"pif", "bar"=>Array("qwe"=>"bbb")), "a"=>"cccc"); +foo($a); + +$a=Array("test2"=>Array("bar"=>Array("lol"=>"aaa")), "a"=>"dddd"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_several_levels_keys.php:3 has been disabled, because its argument '$arr' content (ARRAY) matched the rule '5'. diff --git a/src/tests/disabled_functions_param_array_several_levels_keys_int.phpt b/src/tests/disabled_functions_param_array_several_levels_keys_int.phpt new file mode 100644 index 0000000..acb696f --- /dev/null +++ b/src/tests/disabled_functions_param_array_several_levels_keys_int.phpt @@ -0,0 +1,20 @@ +--TEST-- +Disable functions - match on an array value buried in several levels +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/config_disabled_functions_param_array.ini +--FILE-- +Array("pof"=>"pif", "bar"=>Array("qwe"=>"bbb")), "a"=>"cccc"); +foo($a); + +$a=Array("test2"=>Array("bar"=>Array("123"=>"aaa")), "a"=>"dddd"); +foo($a); +?> +--EXPECTF-- +cccc +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foo' in %a/tests/disabled_functions_param_array_several_levels_keys_int.php:3 has been disabled, because its argument '$arr' content (ARRAY) matched the rule '6'. diff --git a/src/tests/disabled_functions_param_int.phpt b/src/tests/disabled_functions_param_int.phpt index 0e6a62c..692009a 100644 --- a/src/tests/disabled_functions_param_int.phpt +++ b/src/tests/disabled_functions_param_int.phpt @@ -18,4 +18,4 @@ foobar("10"); ?> --EXPECTF-- 1 -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foobar' in %a/tests/disabled_functions_param_int.php:3 has been disabled, because its argument 'id' content (42) matched a rule. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'foobar' in %a/tests/disabled_functions_param_int.php:3 has been disabled, because its argument '$id' content (42) matched a rule. diff --git a/src/tests/disabled_functions_pos_type.phpt b/src/tests/disabled_functions_pos_type.phpt new file mode 100644 index 0000000..7556440 --- /dev/null +++ b/src/tests/disabled_functions_pos_type.phpt @@ -0,0 +1,14 @@ +--TEST-- +Disable functions - match on argument's position +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/disabled_functions_pos.ini +--FILE-- + +--EXPECTF-- +[snuffleupagus][0.0.0.0][config][error] It seems that you wrote a rule filtering on the 0th argument of the function 'system', but it takes only 2 arguments. Matching on _all_ arguments instead. +[snuffleupagus][0.0.0.0][config][error] It seems that you wrote a rule filtering on the 1st argument of the function 'system', but it takes only 2 arguments. Matching on _all_ arguments instead. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/disabled_functions_pos_type.php:2 has been disabled, because its argument 'command' content (?) matched the rule '1'. diff --git a/src/tests/disabled_functions_runtime.phpt b/src/tests/disabled_functions_runtime.phpt index 1c6a141..1508735 100644 --- a/src/tests/disabled_functions_runtime.phpt +++ b/src/tests/disabled_functions_runtime.phpt @@ -23,7 +23,7 @@ test('1338');test('1337'); ?> --EXPECTF-- 1338 -[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'test' in %a has been disabled, because its argument 'param' content (1337) matched a rule. +[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'test' in %a has been disabled, because its argument '$param' content (1337) matched a rule. --CLEAN--