lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Merge pull request #9386 from frederic34/testsqlAndScript

Browse Source 
deprecated test_sql_and_script_inject
This commit is contained in:
Laurent Destailleur 2018-09-15 17:01:40 +02:00 committed by GitHub
commit 73f5e183d6
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
3 changed files with 59 additions and 43 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
htdocs/core/class/html.form.class.php
View File

@ -1108,8 +1108,8 @@ class Form
else if (!is_array($selected)) $selected = array($selected);
// Clean $filter that may contains sql conditions so sql code
if (function_exists('test_sql_and_script_inject')) {
if (test_sql_and_script_inject($filter, 3)>0) {
if (function_exists('testSqlAndScriptInject')) {
if (testSqlAndScriptInject($filter, 3)>0) {
$filter ='';
}
}

20
htdocs/main.inc.php
View File

@ -68,6 +68,22 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
}
}
// phpcs:disable PEAR.NamingConventions.ValidFunctionName.NotCamelCaps
/**
* Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
*
* @param string $val Value
* @param string $type 1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
* @return int >0 if there is an injection, 0 if none
* @deprecated use testSqlAndScriptInject
* @see testSqlAndScriptInject($val, $type)
*/
function test_sql_and_script_inject($val, $type)
{
// phpcs:enable
return testSqlAndScriptInject($val, $type);
}
/**
* Security: SQL Injection and XSS Injection (scripts) protection (Filters on GET, POST, PHP_SELF).
*
@ -75,7 +91,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
* @param string $type 1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
* @return int >0 if there is an injection, 0 if none
*/
function test_sql_and_script_inject($val, $type)
function testSqlAndScriptInject($val, $type)
{
$inj = 0;
// For SQL Injection (only GET are used to be included into bad escaped SQL requests)
@ -158,7 +174,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
}
else
{
return (test_sql_and_script_inject($var, $type) <= 0);
return (testSqlAndScriptInject($var, $type) <= 0);
}
}

78
test/phpunit/CoreTest.php
View File

@ -260,7 +260,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
* @param string $type 1=GET, 0=POST, 2=PHP_SELF
* @return int >0 if there is an injection
*/
function test_sql_and_script_inject($val, $type)
function testSqlAndScriptInject($val, $type)
{
// phpcs:enable
$inj = 0;
@ -310,55 +310,55 @@ class CoreTest extends PHPUnit_Framework_TestCase
$expectedresult=0;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1a');
$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject 1a');
// Should detect XSS
$expectedresult=1;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject 1b');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($test, 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa2');
$result=testSqlAndScriptInject($test, 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa2');
$test='<IMG SRC=# onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa3');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa3');
$test='<IMG SRC onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa4');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa4');
$test='<IMG onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa5');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa5');
$test='<IMG SRC=/ onerror="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa6');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa6');
$test='<IMG SRC=" &#14; javascript:alert(1);">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa7');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa7');
$test='<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject bbb');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject bbb');
$test='<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ccc');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ccc');
$test='<IMG SRC="javascript:alert(\'XSS\');">';
$result=test_sql_and_script_inject($test, 1);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ddd');
$result=testSqlAndScriptInject($test, 1);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ddd');
$test='<IMG """><SCRIPT>alert("XSS")</SCRIPT>">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test='<!-- Google analytics -->
<script>
@ -371,30 +371,30 @@ class CoreTest extends PHPUnit_Framework_TestCase
ga(\'send\', \'pageview\');
</script>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test="<IMG SRC=\"jav\tascript:alert('XSS');\">"; // Is locked by some brwoser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
$test="<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">"; // Same
$test='<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff1');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff1');
$test='<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff2');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff2');
// This case seems to be filtered by browsers now.
$test='<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1)>';
//$result=test_sql_and_script_inject($test, 0);
//$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ggg');
//$result=testSqlAndScriptInject($test, 0);
//$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ggg');
$test='<iframe src=http://xss.rocks/scriptlet.html <';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject hhh');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject hhh');
$test='Set.constructor`alert\x281\x29```';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject iii');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject iii');
}
}