Skip to content

Commit

Permalink
PHP Object Injection Tests (#325)
Browse files Browse the repository at this point in the history 
* POI Tests

* negative scan
  • Loading branch information
@rjt-gupta @rnehra01
rjt-gupta authored and rnehra01 committed Jun 7, 2019
1 parent bcb4e63 commit 2584da9
Show file tree
Hide file tree
Showing 2 changed files with 75 additions and 0 deletions.
19 changes: 19 additions & 0 deletions tanner/tests/test_base.py
View file
Original file line number Diff line number Diff line change
Expand Up @@ -118,6 +118,25 @@ def mock_rfi_scan(value):
assert_detection = {'name': 'rfi', 'order': 2, 'payload': 'rfi_test_payload'}
self.assertDictEqual(detection, assert_detection)

def test_handle_php_object_injection(self):
data = dict(path='/page.php?insert=\'O:15:"ObjectInjection":1:{s:6:"insert";s:2:"id";}\'',
cookies={'sess_uuid': '9f82e5d0e6b64047bba996222d45e72c'})

async def mock_php_object_injection_handle(path, session):
return 'php_object_injection_test_payload'

def mock_php_object_injection_scan(value):
return dict(name='php_object_injection', order=3)

self.handler.emulators['php_object_injection'] = mock.Mock()
self.handler.emulators['php_object_injection'].handle = mock_php_object_injection_handle
self.handler.emulators['php_object_injection'].scan = mock_php_object_injection_scan

detection = self.loop.run_until_complete(self.handler.handle_get(self.session, data))

assert_detection = {'name': 'php_object_injection', 'order': 3, 'payload': 'php_object_injection_test_payload'}
self.assertDictEqual(detection, assert_detection)

def test_set_injectable_page(self):
paths = [{'path': '/python.html', 'timestamp': 1465851064.2740946},
{'path': '/python.php/?foo=bar', 'timestamp': 1465851065.2740946},
Expand Down
56 changes: 56 additions & 0 deletions tanner/tests/test_php_object_injection.py
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,56 @@
import asyncio
import unittest

from tanner.utils.asyncmock import AsyncMock
from tanner.emulators.php_object_injection import PHPObjectInjection


class TestPHPCodeInjection(unittest.TestCase):
def setUp(self):
self.loop = asyncio.new_event_loop()
asyncio.set_event_loop(None)
self.handler = PHPObjectInjection(loop=self.loop)
self.result = None
self.expected_result = None
self.returned_result = None

def test_scan(self):
payload = 'O:15:"ObjectInjection":1:{s:6:"insert";s:2:"id";}'

self.expected_result = dict(name='php_object_injection', order=3)
self.returned_result = self.handler.scan(payload)
self.assertEqual(self.returned_result, self.expected_result)

def test_scan_negative(self):
payload = 'O:"ObjectInjection":1:{s:6:"insert";s:2:"id";}'

self.expected_result = None
self.returned_result = self.handler.scan(payload)
self.assertEqual(self.returned_result, self.expected_result)

def test_handle_status_code(self):
self.handler.get_injection_result = AsyncMock(return_value=None)

attack_params = [dict(id='foo', value="O:15:'ObjectInjection':1:{s:6:'insert';}")]
self.expected_result = dict(status_code=504)

async def test():

self.returned_result = await self.handler.handle(attack_params)

self.loop.run_until_complete(test())
self.assertEqual(self.returned_result, self.expected_result)

def test_handle(self):
attack_params = [dict(id='foo', value='O:15:"ObjectInjection":1:{s:6:"insert";s:2:"id";}')]
self.handler.helper.get_result = AsyncMock(return_value={'file_md5': 'a43deb0f2d7904cbb6c27c02ed7c2593',
'stdout': 'id=0(root) gid=0(root) groups=0(root)'})

self.expected_result = "id=0(root) gid=0(root) groups=0(root)"

async def test():

self.returned_result = await self.handler.handle(attack_params)

self.loop.run_until_complete(test())
self.assertIn(self.expected_result, self.returned_result['value'])

0 comments on commit 2584da9

Please # to comment.