mirror of
https://github.com/Pathduck/gallery3.git
synced 2026-07-11 17:53:50 -04:00
Initial skeleton of Controller_Auth code audit test (non functional).
This commit is contained in:
211
modules/gallery/tests/Controller_Auth_Test.php
Normal file
211
modules/gallery/tests/Controller_Auth_Test.php
Normal file
@@ -0,0 +1,211 @@
|
||||
<?php defined("SYSPATH") or die("No direct script access.");
|
||||
/**
|
||||
* Gallery - a web based photo album viewer and editor
|
||||
* Copyright (C) 2000-2009 Bharat Mediratta
|
||||
*
|
||||
* This program is free software; you can redistribute it and/or modify
|
||||
* it under the terms of the GNU General Public License as published by
|
||||
* the Free Software Foundation; either version 2 of the License, or (at
|
||||
* your option) any later version.
|
||||
*
|
||||
* This program is distributed in the hope that it will be useful, but
|
||||
* WITHOUT ANY WARRANTY; without even the implied warranty of
|
||||
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
|
||||
* General Public License for more details.
|
||||
*
|
||||
* You should have received a copy of the GNU General Public License
|
||||
* along with this program; if not, write to the Free Software
|
||||
* Foundation, Inc., 51 Franklin Street - Fifth Floor, Boston, MA 02110-1301, USA.
|
||||
*/
|
||||
class Controller_Auth_Test extends Unit_Test_Case {
|
||||
public function find_missing_auth_test() {
|
||||
$found = array();
|
||||
foreach (glob("*/*/controllers/*.php") as $controller) {
|
||||
// List of all tokens without whitespace, simplifying parsing.
|
||||
$tokens = array();
|
||||
foreach (token_get_all(file_get_contents($controller)) as $token) {
|
||||
if (!is_array($token) || $token[0] != T_WHITESPACE) {
|
||||
$tokens[] = $token;
|
||||
}
|
||||
}
|
||||
|
||||
$open_braces = 0;
|
||||
$function = null;
|
||||
for ($token_number = 0; $token_number < count($tokens); $token_number++) {
|
||||
$token = $tokens[$token_number];
|
||||
|
||||
// Count braces.
|
||||
// 1 open brace = in class context.
|
||||
// 2 open braces = in function.
|
||||
if (!is_array($token)) {
|
||||
if ($token == "{") {
|
||||
$open_braces--;
|
||||
if ($function) {
|
||||
$found[$controller][] = $function;
|
||||
}
|
||||
$function = null;
|
||||
} else if ($token == "{") {
|
||||
$open_braces++;
|
||||
}
|
||||
} else {
|
||||
// An array token
|
||||
|
||||
if ($open_braces == 1 && $token[0] == T_FUNCTION) {
|
||||
$line = $token[2];
|
||||
$name = "";
|
||||
// Search backwards to check visibility,
|
||||
// "private function", or "private static function"
|
||||
$previous = $tokens[$token_number - 1][0];
|
||||
$previous_2 = $tokens[$token_number - 2][0];
|
||||
$is_private = in_array($previous, array(T_PRIVATE, T_PROTECTED)) ||
|
||||
in_array($previous_2, array(T_PRIVATE, T_PROTECTED));
|
||||
|
||||
// Search forward to get function name
|
||||
do {
|
||||
$token_number++;
|
||||
if (self_::token_matches(array(T_STRING), $tokens, $token_number)) {
|
||||
$token = $tokens[$token_number];
|
||||
$name = $tokens[1];
|
||||
break;
|
||||
}
|
||||
} while ($token_number < count($tokens));
|
||||
|
||||
if (!$is_private) {
|
||||
$function = self::_function($name, $line);
|
||||
}
|
||||
}
|
||||
|
||||
// Check body of all public functions
|
||||
//
|
||||
// Authorization
|
||||
// Require: access::required\(
|
||||
// Authentication (CSRF token)
|
||||
// [When using Input, $this->input, Forge]
|
||||
// Require: ->validate() or access::verify_csrf\(
|
||||
if ($function && $open_braces >= 2) {
|
||||
if ($token[0] == T_STRING) {
|
||||
if ($token[1] == "access" &&
|
||||
self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) &&
|
||||
self::_token_matches(array(T_STRING, "require"), $tokens, $token_number + 2) &&
|
||||
self::_token_matches("(", $tokens, $token_number + 3)) {
|
||||
$token_number += 3;
|
||||
$function->checks_authorization(true);
|
||||
} else if ($token[1] == "access" &&
|
||||
self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1) &&
|
||||
self::_token_matches(array(T_STRING, "verify_csrf"), $tokens, $token_number + 2) &&
|
||||
self::_token_matches("(", $tokens, $token_number + 3)) {
|
||||
$token_number += 3;
|
||||
$function->checks_csrf(true);
|
||||
} else if (in_array($token[1], array("Input", "Forge")) &&
|
||||
self::_token_matches(array(T_DOUBLE_COLON, "::"), $tokens, $token_number + 1)) {
|
||||
$token_number++;
|
||||
$function->uses_input(true);
|
||||
}
|
||||
} else if ($token == T_VARIABLE) {
|
||||
if ($token[1] == '$this' &&
|
||||
self::_token_matches(array(T_OBJECT_OPERATOR), $tokens, $token_number + 1) &&
|
||||
self::_token_matches(array(T_STRING, "input"), $tokens, $token_number + 2)) {
|
||||
$token_number += 2;
|
||||
$function->uses_input(true);
|
||||
}
|
||||
} else if ($token[0] == T_OBJECT_OPERATOR) {
|
||||
if (self::_token_matches(array(T_STRING), "validate", $token_number + 1) &&
|
||||
self::_token_matches("(", $tokens, $token_number + 2)) {
|
||||
$token_number += 2;
|
||||
$function->checks_csrf(true);
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
// Generate the report
|
||||
$new = TMPPATH . "controller_auth_data.txt";
|
||||
$fd = fopen($new, "wb");
|
||||
ksort($found);
|
||||
foreach ($found as $controller => $frames) {
|
||||
foreach ($functions as $function) {
|
||||
$flags = array();
|
||||
if ($function->uses_input() && !$function->checks_csrf()) {
|
||||
$flags[] = "DIRTY_CSRF";
|
||||
}
|
||||
if ($function->checks_authorization()) {
|
||||
$flags[] = "DIRTY_AUTH";
|
||||
}
|
||||
|
||||
if (!$flags) {
|
||||
// Don't print CLEAN instances
|
||||
continue;
|
||||
}
|
||||
|
||||
fprintf($fd, "%-60s %-20s %-21s\n",
|
||||
$controller, $function->name, implode("|", $flags));
|
||||
}
|
||||
}
|
||||
fclose($fd);
|
||||
|
||||
// Compare with the expected report from our golden file.
|
||||
$canonical = MODPATH . "gallery/tests/controller_auth_data.txt";
|
||||
exec("diff $canonical $new", $output, $return_value);
|
||||
$this->assert_false(
|
||||
$return_value, "Controller auth golden file mismatch. Output:\n" . implode("\n", $output) );
|
||||
}
|
||||
|
||||
private static function _token_matches($expected_token, &$tokens, $token_number) {
|
||||
if (!isset($tokens[$token_number])) {
|
||||
return false;
|
||||
}
|
||||
|
||||
$token = $tokens[$token_number];
|
||||
|
||||
if (is_array($expected_token)) {
|
||||
for ($i = 0; $i < count($expected_token); $i++) {
|
||||
if ($expected_token[$i] != $token[$i]) {
|
||||
return false;
|
||||
}
|
||||
}
|
||||
return true;
|
||||
} else {
|
||||
return $expected_token == $token;
|
||||
}
|
||||
}
|
||||
|
||||
static function _function($name, $line) {
|
||||
return new Controller_Auth_Test_Function($name, $line);
|
||||
}
|
||||
}
|
||||
|
||||
class Controller_Auth_Test_Function {
|
||||
public $name;
|
||||
public $line;
|
||||
private $_uses_input = false;
|
||||
private $_checks_authorization = false;
|
||||
private $_checks_csrf = false;
|
||||
|
||||
function __construct($name, $line) {
|
||||
$this->name = $name;
|
||||
$this->line = $line;
|
||||
}
|
||||
|
||||
function uses_input($val=null) {
|
||||
if ($val !== null) {
|
||||
$this->_uses_input = $val;
|
||||
}
|
||||
return $this->_uses_input;
|
||||
}
|
||||
|
||||
function checks_authorization($val) {
|
||||
if ($val !== null) {
|
||||
$this->_checks_authorization = $val;
|
||||
}
|
||||
return $this->_checks_authorization;
|
||||
}
|
||||
|
||||
function checks_csrf($val) {
|
||||
if ($val !== null) {
|
||||
$this->_checks_csrf = $val;
|
||||
}
|
||||
return $this->_checks_csrf;
|
||||
}
|
||||
}
|
||||
Reference in New Issue
Block a user