jorton 2004/10/19 08:02:26
Modified: perl-framework/t/conf extra.conf.in
Added: perl-framework/t/htdocs/php/safemode badenv.php hello.txt
protected.php putenv.php readfile.php readpass.php
system.php
perl-framework/t/htdocs/php/safemode/error mail.php
perl-framework/t/htdocs/php/safemode/noexec system.php
perl-framework/t/htdocs/php/safemode/nofile readfile.php
perl-framework/t/php safemode.t
Log:
Add tests for PHP safe mode.
Revision Changes Path
1.55 +24 -0 httpd-test/perl-framework/t/conf/extra.conf.in
Index: extra.conf.in
===================================================================
RCS file: /home/cvs/httpd-test/perl-framework/t/conf/extra.conf.in,v
retrieving revision 1.54
retrieving revision 1.55
diff -d -w -u -r1.54 -r1.55
--- extra.conf.in 15 Oct 2004 16:19:58 -0000 1.54
+++ extra.conf.in 19 Oct 2004 15:02:25 -0000 1.55
@@ -48,6 +48,30 @@
</IfModule>
</IfDefine>
+<IfModule @PHP_MODULE@>
+ <Directory @SERVERROOT@/htdocs/php/safemode>
+ php_admin_value safe_mode 1
+ php_admin_value safe_mode_exec_dir /usr/bin
+ php_admin_value open_basedir @SERVERROOT@
+ php_admin_value display_errors 0
+ php_admin_value log_errors 1
+ php_admin_value safe_mode_allowed_env_vars FOO_
+ php_admin_value safe_mode_protected_env_vars FOO_FEE
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/php/safemode/noexec>
+ php_admin_value safe_mode_exec_dir /tmp
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/php/safemode/nofile>
+ php_admin_value open_basedir @SERVERROOT@/htdocs/php/safemode/nofile
+ </Directory>
+
+ <Directory @SERVERROOT@/htdocs/php/safemode/error>
+ php_admin_value display_errors 1
+ </Directory>
+</IfModule>
+
##
## mod_expires test config
##
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/badenv.php
Index: badenv.php
===================================================================
<?php putenv("FISH=HelloWorld");
echo getenv("FISH"); ?>
1.1 httpd-test/perl-framework/t/htdocs/php/safemode/hello.txt
Index: hello.txt
===================================================================
This is Content.
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/protected.php
Index: protected.php
===================================================================
<?php putenv("FOO_FEE=HelloWorld");
echo getenv("FOO_FEE"); ?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/putenv.php
Index: putenv.php
===================================================================
<?php putenv("FOO_BAR=HelloWorld");
echo getenv("FOO_BAR"); ?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/readfile.php
Index: readfile.php
===================================================================
<?php readfile("hello.txt"); ?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/readpass.php
Index: readpass.php
===================================================================
<?php readfile("/etc/passwd"); ?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/system.php
Index: system.php
===================================================================
<?php system("printf 'Hello World'"); ?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/error/mail.php
Index: mail.php
===================================================================
<?php
// fix for CAN-2002-0985: mail() must reject 5th argument in safe mode
if (mail("[EMAIL PROTECTED]", "httpd-test PHP mail",
"test mail from httpd-test", "", "-C/etc/passwd")) {
print("FAIL");
} else {
print("OK");
}
?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/noexec/system.php
Index: system.php
===================================================================
<?php system("/bin/ls /"); ?>
1.1
httpd-test/perl-framework/t/htdocs/php/safemode/nofile/readfile.php
Index: readfile.php
===================================================================
<?php readfile("../hello.txt"); ?>
1.1 httpd-test/perl-framework/t/php/safemode.t
Index: safemode.t
===================================================================
use strict;
use warnings FATAL => 'all';
use Apache::Test;
use Apache::TestRequest;
use Apache::TestUtil;
plan tests => 9, have_php;
ok t_cmp(GET_BODY("/php/safemode/system.php"),
"Hello World\n");
ok t_cmp(GET_BODY("/php/safemode/putenv.php"),
"HelloWorld",
"testing for unrestricted envvar access");
ok t_cmp(GET_BODY("/php/safemode/badenv.php"), "",
"testing for restricted envvar access");
ok t_cmp(GET_BODY("/php/safemode/protected.php"),
"",
"testing for explicitly restricted envvar access");
if (-r "/etc/passwd") {
ok t_cmp(GET_BODY("/php/safemode/readpass.php"),
"",
"testing that open_basedir is respected");
} else {
skip "Can't test inability to read /etc/passwd", 1;
}
ok t_cmp(GET_BODY("/php/safemode/readfile.php"),
"This is Content.\n",
"testing that readfile is not restricted");
ok t_cmp(GET_BODY("/php/safemode/nofile/readfile.php"),
"", "testing that open_basedir is respected");
ok t_cmp(GET_BODY("/php/safemode/noexec/system.php"),
"", "testing that system() is restricted");
ok t_cmp(GET_BODY("/php/safemode/error/mail.php"),
qr/Warning.*SAFE MODE.*OK/s,
"testing that the fifth parameter to mail() is restricted");
