blob: cd76ecd3a89168b6c4a9ca090c5f8f3fda8f4a56 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
|
<?php
/**
* Test Class for memory_limit setting
*
* @package PhpSecInfo
* @author Paul Reinheimer
* @author Ed Finkler
* @author Mark Wallaert <mark@autumnweave.com>
*/
/**
* require the PhpSecInfo_Test_Core class
*/
require_once(PHPSECINFO_BASE_DIR . '/Test/Test_Core.php');
/**
* The max recommended size for the memory_limit setting, in bytes
*
*/
define ('PHPSECINFO_MEMORY_LIMIT', 8 * 1024 * 1024);
/**
* Test Class for memory_limit setting
*
* @package PhpSecInfo
*/
class PhpSecInfo_Test_Core_Memory_Limit extends PhpSecInfo_Test_Core
{
/**
* This should be a <b>unique</b>, human-readable identifier for this test
*
* @var string
*/
var $test_name = "memory_limit";
var $recommended_value = PHPSECINFO_MEMORY_LIMIT;
function _retrieveCurrentValue()
{
$this->current_value = $this->returnBytes(ini_get('memory_limit'));
}
/**
* Check to see if the memory_limit setting is enabled.
*
* Test conditions and results:
* OK: memory_limit enabled and set to a value of 8MB or less.
* NOTICE: memory_limit enabled and set to a value greater than 8MB.
* WARNING: memory_limit disabled (compile time option).
*
* @return integer
*/
function _execTest()
{
if (!$this->current_value) {
return PHPSECINFO_TEST_RESULT_WARN;
} else if ($this->returnBytes($this->current_value) <= PHPSECINFO_MEMORY_LIMIT) {
return PHPSECINFO_TEST_RESULT_OK;
}
return PHPSECINFO_TEST_RESULT_NOTICE;
}
/**
* Set the messages specific to this test
*
* @access public
* @return null
*/
function _setMessages()
{
parent::_setMessages();
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'memory_limit is enabled, and appears to be set
to a realistic value.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'memory_limit is set to a very high value. Are
you sure your apps require this much memory? If not, lower the limit, as certain attacks or poor
programming practices can lead to exhaustion of server resources. It is recommended that you set this
to a realistic value (8M for example) from which it can be expanded as required.');
$this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'memory_limit does not appear to be enabled. This
leaves the server vulnerable to attacks that attempt to exhaust resources and creates an environment
where poor programming practices can propagate unchecked. This must be enabled at compile time by
including the parameter "--enable-memory-limit" in the configure line. Once enabled "memory_limit" may
be set in php.ini to define the maximum amount of memory a script is allowed to allocate.');
}
}
|
