import re import unittest from unit.applications.lang.php import TestApplicationPHP class TestPHPApplication(TestApplicationPHP): prerequisites = ['php'] def before_disable_functions(self): body = self.get()['body'] self.assertRegex(body, r'time: \d+', 'disable_functions before time') self.assertRegex(body, r'exec: \/\w+', 'disable_functions before exec') def test_php_application_variables(self): self.load('variables') body = 'Test body string.' resp = self.post( headers={ 'Host': 'localhost', 'Content-Type': 'text/html', 'Custom-Header': 'blah', 'Connection': 'close', }, body=body, url='/index.php/blah?var=val' ) self.assertEqual(resp['status'], 200, 'status') headers = resp['headers'] header_server = headers.pop('Server') self.assertRegex(header_server, r'Unit/[\d\.]+', 'server header') self.assertEqual( headers.pop('Server-Software'), header_server, 'server software header', ) date = headers.pop('Date') self.assertEqual(date[-4:], ' GMT', 'date header timezone') self.assertLess( abs(self.date_to_sec_epoch(date) - self.sec_epoch()), 5, 'date header', ) if 'X-Powered-By' in headers: headers.pop('X-Powered-By') headers.pop('Content-type') self.assertDictEqual( headers, { 'Connection': 'close', 'Content-Length': str(len(body)), 'Request-Method': 'POST', 'Path-Info': '/blah', 'Request-Uri': '/index.php/blah?var=val', 'Http-Host': 'localhost', 'Server-Protocol': 'HTTP/1.1', 'Custom-Header': 'blah', }, 'headers', ) self.assertEqual(resp['body'], body, 'body') def test_php_application_query_string(self): self.load('query_string') resp = self.get(url='/?var1=val1&var2=val2') self.assertEqual( resp['headers']['Query-String'], 'var1=val1&var2=val2', 'query string', ) def test_php_application_query_string_empty(self): self.load('query_string') resp = self.get(url='/?') self.assertEqual(resp['status'], 200, 'query string empty status') self.assertEqual( resp['headers']['Query-String'], '', 'query string empty' ) def test_php_application_query_string_absent(self): self.load('query_string') resp = self.get() self.assertEqual(resp['status'], 200, 'query string absent status') self.assertEqual( resp['headers']['Query-String'], '', 'query string absent' ) def test_php_application_phpinfo(self): self.load('phpinfo') resp = self.get() self.assertEqual(resp['status'], 200, 'status') self.assertNotEqual(resp['body'], '', 'body not empty') def test_php_application_header_status(self): self.load('header') self.assertEqual( self.get( headers={ 'Host': 'localhost', 'Connection': 'close', 'X-Header': 'HTTP/1.1 404 Not Found', } )['status'], 404, 'status', ) self.assertEqual( self.get( headers={ 'Host': 'localhost', 'Connection': 'close', 'X-Header': 'http/1.1 404 Not Found', } )['status'], 404, 'status case insensitive', ) self.assertEqual( self.get( headers={ 'Host': 'localhost', 'Connection': 'close', 'X-Header': 'HTTP/ 404 Not Found', } )['status'], 404, 'status version empty', ) def test_php_application_404(self): self.load('404') resp = self.get() self.assertEqual(resp['status'], 404, '404 status') self.assertRegex( resp['body'], r'404 Not Found', '404 body' ) def test_php_application_keepalive_body(self): self.load('mirror') self.assertEqual(self.get()['status'], 200, 'init') (resp, sock) = self.post( headers={ 'Host': 'localhost', 'Connection': 'keep-alive', 'Content-Type': 'text/html', }, start=True, body='0123456789' * 500, read_timeout=1, ) self.assertEqual(resp['body'], '0123456789' * 500, 'keep-alive 1') resp = self.post( headers={ 'Host': 'localhost', 'Connection': 'close', 'Content-Type': 'text/html', }, sock=sock, body='0123456789', ) self.assertEqual(resp['body'], '0123456789', 'keep-alive 2') def test_php_application_conditional(self): self.load('conditional') self.assertRegex(self.get()['body'], r'True', 'conditional true') self.assertRegex(self.post()['body'], r'False', 'conditional false') def test_php_application_get_variables(self): self.load('get_variables') resp = self.get(url='/?var1=val1&var2=&var3') self.assertEqual(resp['headers']['X-Var-1'], 'val1', 'GET variables') self.assertEqual(resp['headers']['X-Var-2'], '1', 'GET variables 2') self.assertEqual(resp['headers']['X-Var-3'], '1', 'GET variables 3') self.assertEqual(resp['headers']['X-Var-4'], '', 'GET variables 4') def test_php_application_post_variables(self): self.load('post_variables') resp = self.post( headers={ 'Content-Type': 'application/x-www-form-urlencoded', 'Host': 'localhost', 'Connection': 'close', }, body='var1=val1&var2=', ) self.assertEqual(resp['headers']['X-Var-1'], 'val1', 'POST variables') self.assertEqual(resp['headers']['X-Var-2'], '1', 'POST variables 2') self.assertEqual(resp['headers']['X-Var-3'], '', 'POST variables 3') def test_php_application_cookies(self): self.load('cookies') resp = self.get( headers={ 'Cookie': 'var=val; var2=val2', 'Host': 'localhost', 'Connection': 'close', } ) self.assertEqual(resp['headers']['X-Cookie-1'], 'val', 'cookie') self.assertEqual(resp['headers']['X-Cookie-2'], 'val2', 'cookie') def test_php_application_ini_precision(self): self.load('ini_precision') self.assertNotEqual( self.get()['headers']['X-Precision'], '4', 'ini value default' ) self.conf( {"file": "ini/php.ini"}, 'applications/ini_precision/options' ) self.assertEqual( self.get()['headers']['X-File'], self.current_dir + '/php/ini_precision/ini/php.ini', 'ini file', ) self.assertEqual( self.get()['headers']['X-Precision'], '4', 'ini value' ) @unittest.skip('not yet') def test_php_application_ini_admin_user(self): self.load('ini_precision') self.assertIn( 'error', self.conf( {"user": {"precision": "4"}, "admin": {"precision": "5"}}, 'applications/ini_precision/options', ), 'ini admin user', ) def test_php_application_ini_admin(self): self.load('ini_precision') self.conf( {"file": "php.ini", "admin": {"precision": "5"}}, 'applications/ini_precision/options', ) self.assertEqual( self.get()['headers']['X-Precision'], '5', 'ini value admin' ) def test_php_application_ini_user(self): self.load('ini_precision') self.conf( {"file": "php.ini", "user": {"precision": "5"}}, 'applications/ini_precision/options', ) self.assertEqual( self.get()['headers']['X-Precision'], '5', 'ini value user' ) def test_php_application_ini_user_2(self): self.load('ini_precision') self.conf( {"file": "ini/php.ini"}, 'applications/ini_precision/options' ) self.assertEqual( self.get()['headers']['X-Precision'], '4', 'ini user file' ) self.conf( {"precision": "5"}, 'applications/ini_precision/options/user' ) self.assertEqual( self.get()['headers']['X-Precision'], '5', 'ini value user' ) def test_php_application_ini_set_admin(self): self.load('ini_precision') self.conf( {"admin": {"precision": "5"}}, 'applications/ini_precision/options' ) self.assertEqual( self.get(url='/?precision=6')['headers']['X-Precision'], '5', 'ini set admin', ) def test_php_application_ini_set_user(self): self.load('ini_precision') self.conf( {"user": {"precision": "5"}}, 'applications/ini_precision/options' ) self.assertEqual( self.get(url='/?precision=6')['headers']['X-Precision'], '6', 'ini set user', ) def test_php_application_ini_repeat(self): self.load('ini_precision') self.conf( {"user": {"precision": "5"}}, 'applications/ini_precision/options' ) self.assertEqual( self.get()['headers']['X-Precision'], '5', 'ini value' ) self.assertEqual( self.get()['headers']['X-Precision'], '5', 'ini value repeat' ) def test_php_application_disable_functions_exec(self): self.load('time_exec') self.before_disable_functions() self.conf( {"admin": {"disable_functions": "exec"}}, 'applications/time_exec/options', ) body = self.get()['body'] self.assertRegex(body, r'time: \d+', 'disable_functions time') self.assertNotRegex(body, r'exec: \/\w+', 'disable_functions exec') def test_php_application_disable_functions_comma(self): self.load('time_exec') self.before_disable_functions() self.conf( {"admin": {"disable_functions": "exec,time"}}, 'applications/time_exec/options', ) body = self.get()['body'] self.assertNotRegex(body, r'time: \d+', 'disable_functions comma time') self.assertNotRegex( body, r'exec: \/\w+', 'disable_functions comma exec' ) def test_php_application_disable_functions_space(self): self.load('time_exec') self.before_disable_functions() self.conf( {"admin": {"disable_functions": "exec time"}}, 'applications/time_exec/options', ) body = self.get()['body'] self.assertNotRegex(body, r'time: \d+', 'disable_functions space time') self.assertNotRegex( body, r'exec: \/\w+', 'disable_functions space exec' ) def test_php_application_disable_functions_user(self): self.load('time_exec') self.before_disable_functions() self.conf( {"user": {"disable_functions": "exec"}}, 'applications/time_exec/options', ) body = self.get()['body'] self.assertRegex(body, r'time: \d+', 'disable_functions user time') self.assertNotRegex( body, r'exec: \/\w+', 'disable_functions user exec' ) def test_php_application_disable_functions_nonexistent(self): self.load('time_exec') self.before_disable_functions() self.conf( {"admin": {"disable_functions": "blah"}}, 'applications/time_exec/options', ) body = self.get()['body'] self.assertRegex( body, r'time: \d+', 'disable_functions nonexistent time' ) self.assertRegex( body, r'exec: \/\w+', 'disable_functions nonexistent exec' ) def test_php_application_disable_classes(self): self.load('date_time') self.assertRegex( self.get()['body'], r'012345', 'disable_classes before' ) self.conf( {"admin": {"disable_classes": "DateTime"}}, 'applications/date_time/options', ) self.assertNotRegex( self.get()['body'], r'012345', 'disable_classes before' ) def test_php_application_disable_classes_user(self): self.load('date_time') self.assertRegex( self.get()['body'], r'012345', 'disable_classes before' ) self.conf( {"user": {"disable_classes": "DateTime"}}, 'applications/date_time/options', ) self.assertNotRegex( self.get()['body'], r'012345', 'disable_classes before' ) if __name__ == '__main__': TestPHPApplication.main()