Tests: PHP directives "disable_classes" and "disable_functions".

2018-11-28 03:14:38 +03:00
parent 2ef5011236
commit 37cd6d23b6
3 changed files with 118 additions and 0 deletions
--- a/test/php/date_time/index.php
+++ b/test/php/date_time/index.php
@@ -0,0 +1,4 @@
+<?php
+$d = new DateTime('2011-01-01T15:03:01.012345Z');
+echo $d->format('u');
+?>
--- a/test/php/highlight_file_exec/index.php
+++ b/test/php/highlight_file_exec/index.php
@@ -0,0 +1,4 @@
+<?php
+highlight_file('index.php');
+exec('pwd');
+?>
--- a/test/test_php_application.py
+++ b/test/test_php_application.py
@@ -1,11 +1,16 @@
 import unittest
 import unit
+import re

 class TestUnitPHPApplication(unit.TestUnitApplicationPHP):

    def setUpClass():
        unit.TestUnit().check_modules('php')

+    def search_disabled(self, name):
+        p = re.compile(name + '\(\) has been disabled')
+        return self.search_in_log(p)
+
    def test_php_application_variables(self):
        self.load('variables')

@@ -204,5 +209,110 @@ class TestUnitPHPApplication(unit.TestUnitApplicationPHP):
        self.assertEqual(self.get()['headers']['X-Precision'], '5',
            'ini value repeat')

+    def test_php_application_disable_functions_exec(self):
+        self.load('highlight_file_exec')
+
+        self.conf({"admin": { "disable_functions": "exec" }},
+            'applications/highlight_file_exec/options')
+
+        self.get()
+
+        self.assertIsNotNone(self.search_disabled('exec'),
+            'disable_functions exec')
+        self.assertIsNone(self.search_disabled('highlight_file'),
+            'disable_functions highlight_file')
+
+    def test_php_application_disable_functions_highlight_file(self):
+        self.load('highlight_file_exec')
+
+        self.conf({"admin": { "disable_functions": "highlight_file" }},
+            'applications/highlight_file_exec/options')
+
+        self.get()
+
+        self.assertIsNone(self.search_disabled('exec'),
+            'disable_functions exec')
+        self.assertIsNotNone(self.search_disabled('highlight_file'),
+            'disable_functions highlight_file')
+
+    def test_php_application_disable_functions_comma(self):
+        self.load('highlight_file_exec')
+
+        self.conf({"admin": { "disable_functions": "exec,highlight_file" }},
+            'applications/highlight_file_exec/options')
+
+        self.get()
+
+        self.assertIsNotNone(self.search_disabled('exec'),
+            'disable_functions exec')
+        self.assertIsNotNone(self.search_disabled('highlight_file'),
+            'disable_functions highlight_file')
+
+    def test_php_application_disable_functions_space(self):
+        self.load('highlight_file_exec')
+
+        self.conf({"admin": { "disable_functions": "exec highlight_file" }},
+            'applications/highlight_file_exec/options')
+
+        self.get()
+
+        self.assertIsNotNone(self.search_disabled('exec'),
+            'disable_functions exec')
+        self.assertIsNotNone(self.search_disabled('highlight_file'),
+            'disable_functions highlight_file')
+
+    def test_php_application_disable_functions_user(self):
+        self.load('highlight_file_exec')
+
+        self.conf({"user": { "disable_functions": "exec" }},
+            'applications/highlight_file_exec/options')
+
+        self.get()
+
+        self.assertIsNotNone(self.search_disabled('exec'),
+            'disable_functions exec')
+        self.assertIsNone(self.search_disabled('highlight_file'),
+            'disable_functions highlight_file')
+
+    def test_php_application_disable_functions_nonexistent(self):
+        self.load('highlight_file_exec')
+
+        self.conf({"admin": { "disable_functions": "blah" }},
+            'applications/highlight_file_exec/options')
+
+        self.get()
+
+        self.assertIsNone(self.search_disabled('exec'),
+            'disable_functions exec')
+        self.assertIsNone(self.search_disabled('highlight_file'),
+            'disable_functions highlight_file')
+
+    def test_php_application_disable_classes(self):
+        self.load('date_time')
+
+        self.get()
+
+        self.assertIsNone(self.search_disabled('DateTime'),
+            'disable_classes before')
+
+        self.conf({"admin": { "disable_classes": "DateTime" }},
+            'applications/date_time/options')
+
+        self.get()
+
+        self.assertIsNotNone(self.search_disabled('DateTime'),
+            'disable_classes')
+
+    def test_php_application_disable_classes_user(self):
+        self.load('date_time')
+
+        self.conf({"user": { "disable_classes": "DateTime" }},
+            'applications/date_time/options')
+
+        self.get()
+
+        self.assertIsNotNone(self.search_disabled('DateTime'),
+            'disable_classes user')
+
 if __name__ == '__main__':
    TestUnitPHPApplication.main()