import unittest
import unit
import re
class TestUnitPHPApplication(unit.TestUnitApplicationPHP):
def setUpClass():
unit.TestUnit().check_modules('php')
def search_disabled(self, name):
p = re.compile(name + '\(\) has been disabled')
return self.search_in_log(p)
def test_php_application_variables(self):
self.load('variables')
body = 'Test body string.'
resp = self.post(headers={
'Host': 'localhost',
'Content-Type': 'text/html',
'Custom-Header': 'blah',
'Connection': 'close'
}, body=body)
self.assertEqual(resp['status'], 200, 'status')
headers = resp['headers']
header_server = headers.pop('Server')
self.assertRegex(header_server, r'Unit/[\d\.]+', 'server header')
self.assertEqual(headers.pop('Server-Software'), header_server,
'server software header')
date = headers.pop('Date')
self.assertEqual(date[-4:], ' GMT', 'date header timezone')
self.assertLess(abs(self.date_to_sec_epoch(date) - self.sec_epoch()), 5,
'date header')
if 'X-Powered-By' in headers:
headers.pop('X-Powered-By')
headers.pop('Content-type')
self.assertDictEqual(headers, {
'Connection': 'close',
'Content-Length': str(len(body)),
'Request-Method': 'POST',
'Request-Uri': '/',
'Http-Host': 'localhost',
'Server-Protocol': 'HTTP/1.1',
'Custom-Header': 'blah'
}, 'headers')
self.assertEqual(resp['body'], body, 'body')
def test_php_application_query_string(self):
self.load('query_string')
resp = self.get(url='/?var1=val1&var2=val2')
self.assertEqual(resp['headers']['Query-String'], 'var1=val1&var2=val2',
'query string')
def test_php_application_query_string_empty(self):
self.load('query_string')
resp = self.get(url='/?')
self.assertEqual(resp['status'], 200, 'query string empty status')
self.assertEqual(resp['headers']['Query-String'], '',
'query string empty')
@unittest.expectedFailure
def test_php_application_query_string_absent(self):
self.load('query_string')
resp = self.get()
self.assertEqual(resp['status'], 200, 'query string absent status')
self.assertEqual(resp['headers']['Query-String'], '',
'query string absent')
def test_php_application_phpinfo(self):
self.load('phpinfo')
resp = self.get()
self.assertEqual(resp['status'], 200, 'status')
self.assertNotEqual(resp['body'], '', 'body not empty')
def test_php_application_404(self):
self.load('404')
resp = self.get()
self.assertEqual(resp['status'], 404, '404 status')
self.assertRegex(resp['body'], r'
404 Not Found',
'404 body')
def test_php_application_keepalive_body(self):
self.load('mirror')
(resp, sock) = self.post(headers={
'Host': 'localhost',
'Connection': 'keep-alive',
'Content-Type': 'text/html'
}, start=True, body='0123456789' * 500)
self.assertEqual(resp['body'], '0123456789' * 500, 'keep-alive 1')
resp = self.post(headers={
'Host': 'localhost',
'Connection': 'close',
'Content-Type': 'text/html'
}, sock=sock, body='0123456789')
self.assertEqual(resp['body'], '0123456789', 'keep-alive 2')
def test_php_application_conditional(self):
self.load('conditional')
self.assertRegex(self.get()['body'], r'True', 'conditional true')
self.assertRegex(self.post()['body'], r'False', 'conditional false')
def test_php_application_get_variables(self):
self.load('get_variables')
resp = self.get(url='/?var1=val1&var2=&var3')
self.assertEqual(resp['headers']['X-Var-1'], 'val1', 'GET variables')
self.assertEqual(resp['headers']['X-Var-2'], '1', 'GET variables 2')
self.assertEqual(resp['headers']['X-Var-3'], '1', 'GET variables 3')
self.assertEqual(resp['headers']['X-Var-4'], '', 'GET variables 4')
def test_php_application_post_variables(self):
self.load('post_variables')
resp = self.post(headers={
'Content-Type': 'application/x-www-form-urlencoded',
'Host': 'localhost',
'Connection': 'close'
}, body='var1=val1&var2=')
self.assertEqual(resp['headers']['X-Var-1'], 'val1', 'POST variables')
self.assertEqual(resp['headers']['X-Var-2'], '1', 'POST variables 2')
self.assertEqual(resp['headers']['X-Var-3'], '', 'POST variables 3')
def test_php_application_cookies(self):
self.load('cookies')
resp = self.get(headers={
'Cookie': 'var=val; var2=val2',
'Host': 'localhost',
'Connection': 'close'
})
self.assertEqual(resp['headers']['X-Cookie-1'], 'val', 'cookie')
self.assertEqual(resp['headers']['X-Cookie-2'], 'val2', 'cookie')
def test_php_application_ini_precision(self):
self.load('ini_precision')
self.assertNotEqual(self.get()['headers']['X-Precision'], '4',
'ini value default')
self.conf({"file": "php.ini"}, 'applications/ini_precision/options')
self.assertEqual(self.get()['headers']['X-File'],
self.current_dir + '/php/ini_precision/php.ini', 'ini file')
self.assertEqual(self.get()['headers']['X-Precision'], '4', 'ini value')
@unittest.expectedFailure
def test_php_application_ini_admin_user(self):
self.load('ini_precision')
self.assertIn('error', self.conf({
"user": { "precision": "4" },
"admin": { "precision": "5" }
}, 'applications/ini_precision/options'), 'ini admin user')
def test_php_application_ini_admin(self):
self.load('ini_precision')
self.conf({
"file": "php.ini",
"admin": { "precision": "5" }
}, 'applications/ini_precision/options')
self.assertEqual(self.get()['headers']['X-Precision'], '5',
'ini value admin')
def test_php_application_ini_user(self):
self.load('ini_precision')
self.conf({
"file": "php.ini",
"user": { "precision": "5" }
}, 'applications/ini_precision/options')
self.assertEqual(self.get()['headers']['X-Precision'], '5',
'ini value user')
def test_php_application_ini_user_2(self):
self.load('ini_precision')
self.conf({"file": "php.ini"}, 'applications/ini_precision/options')
self.assertEqual(self.get()['headers']['X-Precision'], '4',
'ini user file')
self.conf({ "precision": "5" },
'applications/ini_precision/options/user')
self.assertEqual(self.get()['headers']['X-Precision'], '5',
'ini value user')
def test_php_application_ini_set_admin(self):
self.load('ini_precision')
self.conf({"admin": { "precision": "5" }},
'applications/ini_precision/options')
self.assertEqual(self.get(url='/?precision=6')['headers']['X-Precision'],
'5', 'ini set admin')
def test_php_application_ini_set_user(self):
self.load('ini_precision')
self.conf({"user": { "precision": "5" }},
'applications/ini_precision/options')
self.assertEqual(self.get(url='/?precision=6')['headers']['X-Precision'],
'6', 'ini set user')
def test_php_application_ini_repeat(self):
self.load('ini_precision')
self.conf({"user": { "precision": "5" }},
'applications/ini_precision/options')
self.assertEqual(self.get()['headers']['X-Precision'], '5', 'ini value')
self.assertEqual(self.get()['headers']['X-Precision'], '5',
'ini value repeat')
def test_php_application_disable_functions_exec(self):
self.load('highlight_file_exec')
self.conf({"admin": { "disable_functions": "exec" }},
'applications/highlight_file_exec/options')
self.get()
self.assertIsNotNone(self.search_disabled('exec'),
'disable_functions exec')
self.assertIsNone(self.search_disabled('highlight_file'),
'disable_functions highlight_file')
def test_php_application_disable_functions_highlight_file(self):
self.load('highlight_file_exec')
self.conf({"admin": { "disable_functions": "highlight_file" }},
'applications/highlight_file_exec/options')
self.get()
self.assertIsNone(self.search_disabled('exec'),
'disable_functions exec')
self.assertIsNotNone(self.search_disabled('highlight_file'),
'disable_functions highlight_file')
def test_php_application_disable_functions_comma(self):
self.load('highlight_file_exec')
self.conf({"admin": { "disable_functions": "exec,highlight_file" }},
'applications/highlight_file_exec/options')
self.get()
self.assertIsNotNone(self.search_disabled('exec'),
'disable_functions exec')
self.assertIsNotNone(self.search_disabled('highlight_file'),
'disable_functions highlight_file')
def test_php_application_disable_functions_space(self):
self.load('highlight_file_exec')
self.conf({"admin": { "disable_functions": "exec highlight_file" }},
'applications/highlight_file_exec/options')
self.get()
self.assertIsNotNone(self.search_disabled('exec'),
'disable_functions exec')
self.assertIsNotNone(self.search_disabled('highlight_file'),
'disable_functions highlight_file')
def test_php_application_disable_functions_user(self):
self.load('highlight_file_exec')
self.conf({"user": { "disable_functions": "exec" }},
'applications/highlight_file_exec/options')
self.get()
self.assertIsNotNone(self.search_disabled('exec'),
'disable_functions exec')
self.assertIsNone(self.search_disabled('highlight_file'),
'disable_functions highlight_file')
def test_php_application_disable_functions_nonexistent(self):
self.load('highlight_file_exec')
self.conf({"admin": { "disable_functions": "blah" }},
'applications/highlight_file_exec/options')
self.get()
self.assertIsNone(self.search_disabled('exec'),
'disable_functions exec')
self.assertIsNone(self.search_disabled('highlight_file'),
'disable_functions highlight_file')
def test_php_application_disable_classes(self):
self.load('date_time')
self.get()
self.assertIsNone(self.search_disabled('DateTime'),
'disable_classes before')
self.conf({"admin": { "disable_classes": "DateTime" }},
'applications/date_time/options')
self.get()
self.assertIsNotNone(self.search_disabled('DateTime'),
'disable_classes')
def test_php_application_disable_classes_user(self):
self.load('date_time')
self.conf({"user": { "disable_classes": "DateTime" }},
'applications/date_time/options')
self.get()
self.assertIsNotNone(self.search_disabled('DateTime'),
'disable_classes user')
if __name__ == '__main__':
TestUnitPHPApplication.main()