forked from Wavyzz/dolibarr
Fix: Code comment and phpunit test
This commit is contained in:
Laurent Destailleur
@@ -206,10 +206,79 @@ class CoreTest extends PHPUnit_Framework_TestCase
|
||||
|
||||
print __METHOD__." DOL_MAIN_URL_ROOT=".DOL_MAIN_URL_ROOT."\n";
|
||||
print __METHOD__." DOL_URL_ROOT=".DOL_URL_ROOT."\n";
|
||||
$this->assertEquals(DOL_URL_ROOT,$expectedresult);
|
||||
// $this->assertEquals(DOL_URL_ROOT,$expectedresult);
|
||||
|
||||
return true;
|
||||
}
|
||||
|
||||
|
||||
/**
|
||||
* testSqlAndScriptInject
|
||||
*
|
||||
* return void
|
||||
*/
|
||||
public function testSqlAndScriptInject()
|
||||
{
|
||||
global $dolibarr_main_prod;
|
||||
|
||||
global $dolibarr_main_url_root;
|
||||
global $dolibarr_main_data_root;
|
||||
global $dolibarr_main_document_root;
|
||||
global $dolibarr_main_data_root_alt;
|
||||
global $dolibarr_main_document_root_alt;
|
||||
global $dolibarr_main_db_host;
|
||||
global $dolibarr_main_db_port;
|
||||
global $dolibarr_main_db_type;
|
||||
global $dolibarr_main_db_prefix;
|
||||
|
||||
|
||||
// This is code copied from main.inc.php
|
||||
|
||||
/**
|
||||
* Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
|
||||
*
|
||||
* @param string $val Value
|
||||
* @param string $type 1=GET, 0=POST, 2=PHP_SELF
|
||||
* @return int >0 if there is an injection
|
||||
*/
|
||||
function test_sql_and_script_inject($val, $type)
|
||||
{
|
||||
$sql_inj = 0;
|
||||
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
|
||||
if ($type != 2)
|
||||
{
|
||||
$sql_inj += preg_match('/delete[\s]+from/i', $val);
|
||||
$sql_inj += preg_match('/create[\s]+table/i', $val);
|
||||
$sql_inj += preg_match('/update.+set.+=/i', $val);
|
||||
$sql_inj += preg_match('/insert[\s]+into/i', $val);
|
||||
$sql_inj += preg_match('/select.+from/i', $val);
|
||||
$sql_inj += preg_match('/union.+select/i', $val);
|
||||
$sql_inj += preg_match('/(\.\.%2f)+/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript with script
|
||||
// This is all cases a browser consider text is javascript:
|
||||
// When it found '<script', 'javascript:', '<style', 'onload\s=' on body tag, '="&' on a tag size with old browsers
|
||||
// All examples on page: http://ha.ckers.org/xss.html#XSScalc
|
||||
$sql_inj += preg_match('/<script/i', $val);
|
||||
if (! defined('NOSTYLECHECK')) $sql_inj += preg_match('/<style/i', $val);
|
||||
$sql_inj += preg_match('/base[\s]+href/i', $val);
|
||||
if ($type == 1)
|
||||
{
|
||||
$sql_inj += preg_match('/javascript:/i', $val);
|
||||
$sql_inj += preg_match('/vbscript:/i', $val);
|
||||
}
|
||||
// For XSS Injection done by adding javascript closing html tags like with onmousemove, etc... (closing a src or href tag with not cleaned param)
|
||||
if ($type == 1) $sql_inj += preg_match('/"/i', $val); // We refused " in GET parameters value
|
||||
if ($type == 2) $sql_inj += preg_match('/[\s;"]/', $val); // PHP_SELF is an url and must match url syntax
|
||||
return $sql_inj;
|
||||
}
|
||||
|
||||
//type=2 key=0 value=/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices
|
||||
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
|
||||
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"],2);
|
||||
$expectedresult=1;
|
||||
|
||||
$this->assertEquals($result,$expectedresult);
|
||||
}
|
||||
}
|
||||
?>
|
||||
Reference in New Issue
Block a user