diff options
| author | (╯°□°)╯︵ uᴉǝssnH ɐɟɐʇsoW <mostafa.hussein91@gmail.com> | 2017-07-10 15:38:42 +0300 |
|---|---|---|
| committer | Michael Boelen <michael.boelen@cisofy.com> | 2017-07-10 15:38:42 +0300 |
| commit | 3a6fa0bb6b2671c36cbf00b2e416a9d360f4a104 (patch) | |
| tree | 436f7a159fb947d503dca108959122da90cdf85f /include/tests_php | |
| parent | f8a765a1a7e1a9e1e2958f377cd795621446011c (diff) | |
Suhosin simulation mode status (#411)
* fix suhsoin check text
* use PHPINI_ALLFILES variable
* Check suhosin simulation mode status
* Small style improvement
Diffstat (limited to 'include/tests_php')
| -rw-r--r-- | include/tests_php | 29 |
1 files changed, 25 insertions, 4 deletions
diff --git a/include/tests_php b/include/tests_php index 17ea34af..ee5fc52d 100644 --- a/include/tests_php +++ b/include/tests_php @@ -296,10 +296,11 @@ # # Test : PHP-2379 # Description : Check PHP suhosin extension status - if [ ! -z "${PHPINIFILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + if [ ! -z "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status" if [ ${SKIPTEST} -eq 0 ]; then FOUND=0 + SIMULATION=0 for I in ${PHPINI_ALLFILES}; do LogText "Test: Checking for PHP suhosin extension status in file ${I}" FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin.so.*$' ${I}) @@ -309,20 +310,40 @@ LogText "Result: ${I}: suhosin is enabled" FOUND=1 fi + + LogText "Test: Check Suhosin simulation mode status" + SIMULATION=$(${GREPBINARY} -oP '^suhosin.simulation.*$' ${I} | ${CUTBINARY} -d= -f2 | ${GREPBINARY} -io 'off' | ${TRBINARY} '[:upper:]' '[:lower:]') + if [ "${SIMULATION}" = "off" ]; then + LogText "Result: ${I}: suhosin simulation mode is not active" + else + LogText "Result: ${I}: suhosin simulation mode is active" + fi done if [ ${FOUND} -eq 0 ]; then LogText "Result: Suhosin extension is not enabled" - Display --indent 4 --text "- Checking PHP disabled functions" --result "${STATUS_NONE}" --color RED + Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" LogText "suhosin extension is not enabled" AddHP 0 1 else - LogText "Result: suhosin extension is enabled" - Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_FOUND}" --color GREEN + LogText "Result: Suhosin extension is enabled" + Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN AddHP 2 2 fi + + if [ "${SIMULATION}" = "off" ]; then + LogText "Result: Suhosin simulation mode is not active" + Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN + AddHP 2 2 + else + LogText "Result: Suhosin simulation mode is active" + Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED + ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode" + LogText "suhosin simulation mode is active" + AddHP 0 1 + fi fi # ################################################################################# |