Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Issue 89 - multiple open basedir directories support for upload_tmp_dir check test #93

Open
wants to merge 7 commits into
base: master
Choose a base branch
from
Open

Issue 89 - multiple open basedir directories support for upload_tmp_dir check test #93

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
7 commits
Select commit Hold shift + click to select a range
3fb3355
/bin folder excluded by .gitignore
mgrajcarek Sep 10, 2015
8972db8
Previously commented tests from CheckUploadTmpDir brought back to tes…
mgrajcarek Sep 10, 2015
b3feee3
CheckUploadTmpDir - tests added for open_basedir containing more then…
mgrajcarek Sep 10, 2015
70ff5b7
Fix for usage of return value in write context
mgrajcarek Sep 10, 2015
aded7c8
Fixes after friends code review
mgrajcarek Sep 11, 2015
5deae80
Added check if openBasedirDir is a string or it is overwritten with a…
mgrajcarek Sep 11, 2015
0cabc87
Array brackets changed to array() constructor
mgrajcarek Sep 11, 2015
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 1 addition & 0 deletions .gitignore
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1 +1,2 @@
vendor/*
bin/*
36 changes: 27 additions & 9 deletions src/Psecio/Iniscan/Rule/CheckUploadTmpDir.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,13 +23,20 @@ public function __construct($config, $section)
*/
public function evaluate(array $ini)
{
$openBasedir = $this->getCast()->castValue($this->findValue('open_basedir', $ini));
$openBasedirDirs = $this->getCast()->castValue($this->findValue('open_basedir', $ini));

$openBasedirDirs = is_string($openBasedirDirs) ? explode(PATH_SEPARATOR, $openBasedirDirs) : array();
$openBasedirDirs = array_filter($openBasedirDirs, function($baseDir) {
return trim($baseDir) !== '';
});

// This only matters if an open_basedir is set
if ($openBasedir === 0) {
if (empty($openBasedirDirs)) {
return true;
} else {
$openBasedir = realpath($openBasedir);
array_walk($openBasedirDirs, function(&$openBasedir) {
$openBasedir = realpath($openBasedir);
});
}

$uploadTmpDir = $this->getCast()->castValue($this->findValue('upload_tmp_dir', $ini));
Expand All @@ -41,21 +48,32 @@ public function evaluate(array $ini)
$uploadTmpDir = realpath($uploadTmpDir);
}


// Make sure the folders are still valid
if ($openBasedir === false) {
$this->setDescription('The open_basedir did not resolve to a valid directory');
$this->fail();
return false;
foreach ($openBasedirDirs as $openBasedir) {
if ($openBasedir === false) {
$this->setDescription(sprintf('The open_basedir [%s] did not resolve to a valid directory', $openBasedir));
$this->fail();
return false;
}
}

if ($uploadTmpDir === false) {
$this->setDescription('The upload_tmp_dir did not resolve to a valid directory');
$this->fail();
return false;
}

// Ensure that the upload_tmp_dir is inside the base directory
if (strpos($uploadTmpDir, $openBasedir) !== 0) {
$this->setDescription('upload_tmp_dir is not inside of open_basedir which will prevent files from being uploaded');
$uploadDirInOpenBasedir = false;
foreach ($openBasedirDirs as $openBasedir) {
if (strpos($uploadTmpDir, $openBasedir) === 0) {
$uploadDirInOpenBasedir = true;
break;
}
}
if (!$uploadDirInOpenBasedir) {
$this->setDescription('upload_tmp_dir is not inside any of open_basedir directories which will prevent files from being uploaded');
$this->fail();
return false;
}
Expand Down
49 changes: 45 additions & 4 deletions tests/Psecio/Iniscan/Rule/CheckUploadTmpDirTest.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ class CheckUploadTmpDirTest extends \PHPUnit_Framework_TestCase
*
* @covers \Psecio\Iniscan\Rule\CheckUploadTmpDir::evaluate
*/
/* public function testUploadTmpDirFail()
public function testUploadTmpDirNotInOpenBaseDir()
{
$config = array();
$section = 'PHP';
Expand Down Expand Up @@ -45,11 +45,11 @@ public function testUploadTmpDirSuccess()
}

/**
* Test that when upload_tmp_dir is inside open_basedir, we evaluate true
* Test that when open_basedir is set to system tmp dir and upload_tmp_dir is not set, we evaluate true
*
* @covers \Psecio\Iniscan\Rule\CheckUploadTmpDir::evaluate
*/
/* public function testUploadTmpDirSysDefault()
public function testUploadTmpDirSysDefault()
{
$config = array();
$section = 'PHP';
Expand All @@ -61,5 +61,46 @@ public function testUploadTmpDirSuccess()

$result = $rule->evaluate($ini);
$this->assertTrue($result);
}*/
}

/**
* Test that when upload_tmp_dir is inside one of open_basedir directories, we evaluate true
*
* @covers \Psecio\Iniscan\Rule\CheckUploadTmpDir::evaluate
*/
public function testUploadTmpDirInOneOfOpenBasedir()
{
$config = array();
$section = 'PHP';
$rule = new CheckUploadTmpDir($config, $section);

$ini = array(
'open_basedir' => '/tmp' . PATH_SEPARATOR . '/var',
'upload_tmp_dir' => '/tmp'
);

$result = $rule->evaluate($ini);
$this->assertTrue($result);
}

/**
* Test that when upload_tmp_dir is not inside one of open_basedir directories, we evaluate false
*
* @covers \Psecio\Iniscan\Rule\CheckUploadTmpDir::evaluate
*/
public function testUploadTmpDirNotInOneOfOpenBasedir()
{
$config = array();
$section = 'PHP';
$rule = new CheckUploadTmpDir($config, $section);

$ini = array(
'open_basedir' => '/tmp' . PATH_SEPARATOR . '/var',
'upload_tmp_dir' => '/etc'
);

$result = $rule->evaluate($ini);
$this->assertFalse($result);
}

}