From f4e3a800aa5a243464911fc2e9fa81a7848c57f7 Mon Sep 17 00:00:00 2001
From: xXx-caillou-xXx
Date: Sun, 3 Jan 2021 00:11:09 +0100
Subject: Add a check on parameters names

Snuffleupagus will now warn when a particular function
doesn't have the expected parameters configuration-wise.
---
 src/sp_pcre_compat.c                                     |  6 ++----
 src/sp_var_value.c                                       | 13 ++++++++++++-
 .../broken_conf_config_invalid_param.phpt                | 16 ++++++++++++++++
 .../config/broken_conf_config_invalid_param.ini          |  1 +
 .../config/config_disabled_functions_param_array.ini     |  1 -
 5 files changed, 31 insertions(+), 6 deletions(-)
 create mode 100644 src/tests/broken_configuration/broken_conf_config_invalid_param.phpt
 create mode 100644 src/tests/broken_configuration/config/broken_conf_config_invalid_param.ini

(limited to 'src')

diff --git a/src/sp_pcre_compat.c b/src/sp_pcre_compat.c
index 283eeb7..509a8ea 100644
--- a/src/sp_pcre_compat.c
+++ b/src/sp_pcre_compat.c
@@ -14,8 +14,7 @@ sp_pcre* sp_pcre_compile(const char* const pattern) {
 #else
   const char* pcre_error = NULL;
   int erroroffset;
-  ret =
-      pcre_compile(pattern, PCRE_CASELESS, &pcre_error, &erroroffset, NULL);
+  ret = pcre_compile(pattern, PCRE_CASELESS, &pcre_error, &erroroffset, NULL);
 #endif
 
   if (NULL == ret) {
@@ -38,8 +37,7 @@ bool ZEND_HOT sp_is_regexp_matching_len(const sp_pcre* regexp, const char* str,
   ret = pcre2_match(regexp, (PCRE2_SPTR)str, len, 0, 0, match_data, NULL);
 #else
   int vec[30];
-  ret = pcre_exec(regexp, NULL, str, len, 0, 0, vec,
-                      sizeof(vec) / sizeof(int));
+  ret = pcre_exec(regexp, NULL, str, len, 0, 0, vec, sizeof(vec) / sizeof(int));
 #endif
 
   if (ret < 0) {
diff --git a/src/sp_var_value.c b/src/sp_var_value.c
index 986ea2d..126ba0e 100644
--- a/src/sp_var_value.c
+++ b/src/sp_var_value.c
@@ -68,7 +68,18 @@ static zval *get_var_value(zend_execute_data *ed, const char *var_name,
   }
 
   if (is_param) {
-    return get_param_var(ed, var_name);
+    zval *zvalue = get_param_var(ed, var_name);
+    if (!zvalue) {
+      const char *complete_function_path = get_complete_function_path(ed);
+      sp_log_warn("config",
+                  "It seems that you are filtering on a parameter "
+                  "'%s' of the function '%s', but the parameter does "
+                  "not exists.",
+                  var_name, complete_function_path);
+      efree(complete_function_path);
+      return NULL;
+    }
+    return zvalue;
   } else {
     return get_local_var(ed, var_name);
   }
diff --git a/src/tests/broken_configuration/broken_conf_config_invalid_param.phpt b/src/tests/broken_configuration/broken_conf_config_invalid_param.phpt
new file mode 100644
index 0000000..ac85dea
--- /dev/null
+++ b/src/tests/broken_configuration/broken_conf_config_invalid_param.phpt
@@ -0,0 +1,16 @@
+--TEST--
+Broken configuration with invalid parameter warning
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/broken_conf_config_invalid_param.ini
+--FILE--
+<?php
+function foo($blah, $x = null, $y = null) {
+  echo "ok";
+}
+
+foo("qwe");
+--EXPECTF--
+Warning: [snuffleupagus][0.0.0.0][config][log] It seems that you are filtering on a parameter 'qwe' of the function 'foo', but the parameter does not exists. in %s/tests/broken_configuration/broken_conf_config_invalid_param.php on line %d
+ok
diff --git a/src/tests/broken_configuration/config/broken_conf_config_invalid_param.ini b/src/tests/broken_configuration/config/broken_conf_config_invalid_param.ini
new file mode 100644
index 0000000..22894c8
--- /dev/null
+++ b/src/tests/broken_configuration/config/broken_conf_config_invalid_param.ini
@@ -0,0 +1 @@
+sp.disable_function.function("foo").param("qwe").value("abc").drop()
diff --git a/src/tests/disable_function/config/config_disabled_functions_param_array.ini b/src/tests/disable_function/config/config_disabled_functions_param_array.ini
index f676d76..2bfa648 100644
--- a/src/tests/disable_function/config/config_disabled_functions_param_array.ini
+++ b/src/tests/disable_function/config/config_disabled_functions_param_array.ini
@@ -4,4 +4,3 @@ sp.disable_function.function("foo").param("arr[test]").alias("3").drop();
 sp.disable_function.function("foo").param("arr[test2][foo]").value("aaa").alias("4").drop();
 sp.disable_function.function("foo").param("arr[test2][bar]").key("lol").alias("5").drop();
 sp.disable_function.function("foo").param("arr[test2][bar]").key("123").alias("6").drop();
-sp.disable_function.function("foo").param("qwe[a]").value("abcd").alias("7").drop();
-- 
cgit v1.3