diff options
author | (╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW <mostafa.hussein91@gmail.com> | 2017-06-14 15:06:51 +0300 |
---|---|---|
committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-06-14 15:06:51 +0300 |
commit | 4cbe8f32c6e9c0862354fedf28e192035211f070 (patch) | |
tree | f4c796141d6e6cfd4dc75c98688a9fec13c5e96a | |
parent | 9dc4efefd6acd5fb7a7b14adde026531e48df4a0 (diff) |
add suhosin status test (#401)
* add suhosin status test
* get matched line only
-rw-r--r-- | db/tests.db | 1 | ||||
-rw-r--r-- | include/tests_php | 33 |
2 files changed, 34 insertions, 0 deletions
diff --git a/db/tests.db b/db/tests.db index e9235e40..58c76345 100644 --- a/db/tests.db +++ b/db/tests.db @@ -268,6 +268,7 @@ PHP-2372:test:security:php::Check PHP expose_php option: PHP-2374:test:security:php::Check PHP enable_dl option: PHP-2376:test:security:php::Check PHP allow_url_fopen option: PHP-2378:test:security:php::Check PHP allow_url_include option: +PHP-2379:test:security:php::Check PHP suhosin extension status: PKGS-7301:test:security:ports_packages::Query NetBSD pkg: PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info: PKGS-7303:test:security:ports_packages::Query brew package manager: diff --git a/include/tests_php b/include/tests_php index 4a14a0c5..760682a7 100644 --- a/include/tests_php +++ b/include/tests_php @@ -276,6 +276,39 @@ # ################################################################################# # + # Test : PHP-2379 + # Description : Check PHP suhosin extension status + if [ ! -z "${PHPINIFILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status" + if [ ${SKIPTEST} -eq 0 ]; then + FOUND=0 + for I in ${PHPINI_ALLFILES}; do + LogText "Test: Checking for PHP suhosin extension status in file ${I}" + FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin.so.*$' ${I}) + if [ -z "${FIND}" ]; then + LogText "Result: ${I}: suhosin is not enabled" + else + LogText "Result: ${I}: suhosin is enabled" + FOUND=1 + fi + done + + if [ ${FOUND} -eq 0 ]; then + LogText "Result: Suhosin extension is not enabled" + Display --indent 4 --text "- Checking PHP disabled functions" --result "${STATUS_NONE}" --color RED + ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" + LogText "suhosin extension is not enabled" + AddHP 0 1 + + else + LogText "Result: suhosin extension is enabled" + Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_FOUND}" --color GREEN + AddHP 2 2 + fi + fi +# +################################################################################# +# WaitForKeyPress |