lainwir3d/dolibarr
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

replace test_sql_and_script_inject

Browse Source
This commit is contained in:
Frédéric FRANCE 2018-09-01 17:42:16 +02:00
parent c3438b79c8
commit ab9bf78ecf
No known key found for this signature in database
GPG Key ID: 06809324E4B2ABC1
3 changed files with 45 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
htdocs/core/class/html.form.class.php
View File

@ -51,12 +51,12 @@ class Form
* @var DoliDB Database handler.
*/
public $db;
/**
* @var string Error code (or message)
*/
public $error='';
var $num;
// Cache arrays
@ -1099,8 +1099,8 @@ class Form
else if (!is_array($selected)) $selected = array($selected);
// Clean $filter that may contains sql conditions so sql code
if (function_exists('test_sql_and_script_inject')) {
if (test_sql_and_script_inject($filter, 3)>0) {
if (function_exists('testSqlAndScriptInject')) {
if (testSqlAndScriptInject($filter, 3)>0) {
$filter ='';
}
}

4
htdocs/main.inc.php
View File

@ -75,7 +75,7 @@ if (function_exists('get_magic_quotes_gpc')) // magic_quotes_* deprecated in PHP
* @param string $type 1=GET, 0=POST, 2=PHP_SELF, 3=GET without sql reserved keywords (the less tolerant test)
* @return int >0 if there is an injection, 0 if none
*/
function test_sql_and_script_inject($val, $type)
function testSqlAndScriptInject($val, $type)
{
$inj = 0;
// For SQL Injection (only GET are used to be included into bad escaped SQL requests)
@ -158,7 +158,7 @@ function analyseVarsForSqlAndScriptsInjection(&$var, $type)
}
else
{
return (test_sql_and_script_inject($var, $type) <= 0);
return (testSqlAndScriptInject($var, $type) <= 0);
}
}

79
test/phpunit/CoreTest.php
View File

@ -257,8 +257,7 @@ class CoreTest extends PHPUnit_Framework_TestCase
* @param string $type 1=GET, 0=POST, 2=PHP_SELF
* @return int >0 if there is an injection
*/
// phpcs:ignore PEAR.NamingConventions.ValidFunctionName.NotCamelCaps
function test_sql_and_script_inject($val, $type)
function testSqlAndScriptInject($val, $type)
{
$inj = 0;
// For SQL Injection (only GET and POST are used to be included into bad escaped SQL requests)
@ -307,55 +306,55 @@ class CoreTest extends PHPUnit_Framework_TestCase
$expectedresult=0;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices';
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
$this->assertEquals($expectedresult, $result, 'Error on test_sql_and_script_inject 1a');
$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
$this->assertEquals($expectedresult, $result, 'Error on testSqlAndScriptInject 1a');
// Should detect XSS
$expectedresult=1;
$_SERVER["PHP_SELF"]='/DIR WITH SPACE/htdocs/admin/index.php?mainmenu=home&leftmenu=setup&username=weservices;badaction';
$result=test_sql_and_script_inject($_SERVER["PHP_SELF"], 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject 1b');
$result=testSqlAndScriptInject($_SERVER["PHP_SELF"], 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject 1b');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa');
$test="<img src='1.jpg' onerror =javascript:alert('XSS')>";
$result=test_sql_and_script_inject($test, 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa2');
$result=testSqlAndScriptInject($test, 2);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa2');
$test='<IMG SRC=# onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa3');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa3');
$test='<IMG SRC onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa4');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa4');
$test='<IMG onmouseover="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa5');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa5');
$test='<IMG SRC=/ onerror="alert(1)">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa6');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa6');
$test='<IMG SRC=" &#14; javascript:alert(1);">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject aaa7');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject aaa7');
$test='<IMG SRC=&#106;&#97;&#118;&#97;&#115;&#99;&#114;&#105;&#112;&#116;&#58;&#97;&#108;&#101;&#114;&#116;&#40;&#39;&#88;&#83;&#83;&#39;&#41;>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject bbb');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject bbb');
$test='<SCRIPT SRC=http://xss.rocks/xss.js></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ccc');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ccc');
$test='<IMG SRC="javascript:alert(\'XSS\');">';
$result=test_sql_and_script_inject($test, 1);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ddd');
$result=testSqlAndScriptInject($test, 1);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ddd');
$test='<IMG """><SCRIPT>alert("XSS")</SCRIPT>">';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test='<!-- Google analytics -->
<script>
@ -368,30 +367,30 @@ class CoreTest extends PHPUnit_Framework_TestCase
ga(\'send\', \'pageview\');
</script>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject eee');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject eee');
$test="<IMG SRC=\"jav\tascript:alert('XSS');\">"; // Is locked by some brwoser like chrome because the default directive no-referrer-when-downgrade is sent when requesting the SRC and then refused because of browser protection on img src load without referrer.
$test="<IMG SRC=\"jav&#x0D;ascript:alert('XSS');\">"; // Same
$test='<SCRIPT/XSS SRC="http://xss.rocks/xss.js"></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff1');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff1');
$test='<SCRIPT/SRC="http://xss.rocks/xss.js"></SCRIPT>';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject fff2');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject fff2');
// This case seems to be filtered by browsers now.
$test='<BODY onload!#$%&()*~+-_.,:;?@[/|\]^`=alert(1)>';
//$result=test_sql_and_script_inject($test, 0);
//$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject ggg');
//$result=testSqlAndScriptInject($test, 0);
//$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject ggg');
$test='<iframe src=http://xss.rocks/scriptlet.html <';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject hhh');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject hhh');
$test='Set.constructor`alert\x281\x29```';
$result=test_sql_and_script_inject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on test_sql_and_script_inject iii');
$result=testSqlAndScriptInject($test, 0);
$this->assertGreaterThanOrEqual($expectedresult, $result, 'Error on testSqlAndScriptInject iii');
}
}