Author: Kris.Wallsmith
Date: 2010-02-25 00:42:54 +0100 (Thu, 25 Feb 2010)
New Revision: 28260
Modified:
branches/1.2/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
branches/1.3/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
branches/1.3/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
branches/1.4/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
branches/1.4/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
Log:
[1.2, 1.3, 1.4] fixed sql injection vulnerability in doctrine admin generator
Modified:
branches/1.2/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
===================================================================
---
branches/1.2/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
2010-02-24 23:26:15 UTC (rev 28259)
+++
branches/1.2/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
2010-02-24 23:42:54 UTC (rev 28260)
@@ -5,6 +5,11 @@
return;
}
+ if (!in_array(strtolower($sort[1]), array('asc', 'desc')))
+ {
+ $sort[1] = 'asc';
+ }
+
$query->addOrderBy($sort[0] . ' ' . $sort[1]);
}
Modified:
branches/1.3/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
===================================================================
---
branches/1.3/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
2010-02-24 23:26:15 UTC (rev 28259)
+++
branches/1.3/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
2010-02-24 23:42:54 UTC (rev 28260)
@@ -5,6 +5,11 @@
return;
}
+ if (!in_array(strtolower($sort[1]), array('asc', 'desc')))
+ {
+ $sort[1] = 'asc';
+ }
+
$query->addOrderBy($sort[0] . ' ' . $sort[1]);
}
Modified:
branches/1.3/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
===================================================================
---
branches/1.3/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
2010-02-24 23:26:15 UTC (rev 28259)
+++
branches/1.3/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
2010-02-24 23:42:54 UTC (rev 28260)
@@ -28,6 +28,71 @@
}
}
+ protected function _testValidSort()
+ {
+ $this->info('Test valid sort parameter');
+
+ $this->get('/users?sort=username');
+
+ $matches = 0;
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ if (false !== strpos($event->getQuery(), 'ORDER BY u.username asc'))
+ {
+ ++$matches;
+ }
+ }
+
+ $this->test()->is($matches, 1);
+ }
+
+ protected function _testInvalidSort()
+ {
+ $this->info('Test invalid sort parameter');
+
+ $this->get('/users?sort=INVALID');
+
+ // there should be no queries that match "INVALID"
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ $this->test()->unlike($event->getQuery(), '/INVALID/');
+ }
+ }
+
+ protected function _testValidSortType()
+ {
+ $this->info('Test valid sort_type parameter');
+
+ foreach (array('asc', 'desc', 'ASC', 'DESC') as $sortType)
+ {
+ $this->get('/users?sort=username&sort_type='.$sortType);
+
+ $matches = 0;
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ if (false !== strpos($event->getQuery(), 'ORDER BY u.username
'.$sortType))
+ {
+ ++$matches;
+ }
+ }
+
+ $this->test()->is($matches, 1);
+ }
+ }
+
+ protected function _testInvalidSortType()
+ {
+ $this->info('Test invalid sort_type parameter');
+
+ $this->get('/users?sort=username&sort_type=INVALID');
+
+ // there should be no queries that match "INVALID"
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ $this->test()->unlike($event->getQuery(), '/INVALID/');
+ }
+ }
+
protected function _testSanityCheck()
{
$this->info('Admin Generator Sanity Checks');
@@ -202,6 +267,28 @@
$fs->execute('rm -rf ' . sfConfig::get('sf_data_dir') . '/*.sqlite');
}
+ protected function _getQueryExecutionEvents()
+ {
+ $events = array();
+
+ $databaseManager = $this->browser->getContext()->getDatabaseManager();
+ foreach ($databaseManager->getNames() as $name)
+ {
+ $database = $databaseManager->getDatabase($name);
+ if ($database instanceof sfDoctrineDatabase && $profiler =
$database->getProfiler())
+ {
+ foreach ($profiler->getQueryExecutionEvents() as $event)
+ {
+ $events[$event->getSequence()] = $event;
+ }
+ }
+ }
+
+ ksort($events);
+
+ return array_values($events);
+ }
+
public function __destruct()
{
$this->_cleanupAdminGenModules();
Modified:
branches/1.4/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
===================================================================
---
branches/1.4/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
2010-02-24 23:26:15 UTC (rev 28259)
+++
branches/1.4/lib/plugins/sfDoctrinePlugin/data/generator/sfDoctrineModule/admin/parts/sortingAction.php
2010-02-24 23:42:54 UTC (rev 28260)
@@ -5,6 +5,11 @@
return;
}
+ if (!in_array(strtolower($sort[1]), array('asc', 'desc')))
+ {
+ $sort[1] = 'asc';
+ }
+
$query->addOrderBy($sort[0] . ' ' . $sort[1]);
}
Modified:
branches/1.4/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
===================================================================
---
branches/1.4/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
2010-02-24 23:26:15 UTC (rev 28259)
+++
branches/1.4/lib/plugins/sfDoctrinePlugin/test/functional/AdminGenBrowser.class.php
2010-02-24 23:42:54 UTC (rev 28260)
@@ -28,6 +28,71 @@
}
}
+ protected function _testValidSort()
+ {
+ $this->info('Test valid sort parameter');
+
+ $this->get('/users?sort=username');
+
+ $matches = 0;
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ if (false !== strpos($event->getQuery(), 'ORDER BY u.username asc'))
+ {
+ ++$matches;
+ }
+ }
+
+ $this->test()->is($matches, 1);
+ }
+
+ protected function _testInvalidSort()
+ {
+ $this->info('Test invalid sort parameter');
+
+ $this->get('/users?sort=INVALID');
+
+ // there should be no queries that match "INVALID"
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ $this->test()->unlike($event->getQuery(), '/INVALID/');
+ }
+ }
+
+ protected function _testValidSortType()
+ {
+ $this->info('Test valid sort_type parameter');
+
+ foreach (array('asc', 'desc', 'ASC', 'DESC') as $sortType)
+ {
+ $this->get('/users?sort=username&sort_type='.$sortType);
+
+ $matches = 0;
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ if (false !== strpos($event->getQuery(), 'ORDER BY u.username
'.$sortType))
+ {
+ ++$matches;
+ }
+ }
+
+ $this->test()->is($matches, 1);
+ }
+ }
+
+ protected function _testInvalidSortType()
+ {
+ $this->info('Test invalid sort_type parameter');
+
+ $this->get('/users?sort=username&sort_type=INVALID');
+
+ // there should be no queries that match "INVALID"
+ foreach ($this->_getQueryExecutionEvents() as $event)
+ {
+ $this->test()->unlike($event->getQuery(), '/INVALID/');
+ }
+ }
+
protected function _testSanityCheck()
{
$this->info('Admin Generator Sanity Checks');
@@ -202,6 +267,28 @@
$fs->execute('rm -rf ' . sfConfig::get('sf_data_dir') . '/*.sqlite');
}
+ protected function _getQueryExecutionEvents()
+ {
+ $events = array();
+
+ $databaseManager = $this->browser->getContext()->getDatabaseManager();
+ foreach ($databaseManager->getNames() as $name)
+ {
+ $database = $databaseManager->getDatabase($name);
+ if ($database instanceof sfDoctrineDatabase && $profiler =
$database->getProfiler())
+ {
+ foreach ($profiler->getQueryExecutionEvents() as $event)
+ {
+ $events[$event->getSequence()] = $event;
+ }
+ }
+ }
+
+ ksort($events);
+
+ return array_values($events);
+ }
+
public function __destruct()
{
$this->_cleanupAdminGenModules();
--
You received this message because you are subscribed to the Google Groups
"symfony SVN" group.
To post to this group, send email to [email protected].
To unsubscribe from this group, send email to
[email protected].
For more options, visit this group at
http://groups.google.com/group/symfony-svn?hl=en.
