add suhosin status test (#401)

* add suhosin status test * get matched line only
2017-06-14 15:06:51 +03:00 · 2017-06-14 15:06:51 +03:00 · 4cbe8f32c6
parent 9dc4efefd6
commit 4cbe8f32c6
2 changed files with 34 additions and 0 deletions
--- a/db/tests.db
+++ b/db/tests.db
@ -268,6 +268,7 @@ PHP-2372:test:security:php::Check PHP expose_php option:
 PHP-2374:test:security:php::Check PHP enable_dl option:
 PHP-2376:test:security:php::Check PHP allow_url_fopen option:
 PHP-2378:test:security:php::Check PHP allow_url_include option:
+PHP-2379:test:security:php::Check PHP suhosin extension status:
 PKGS-7301:test:security:ports_packages::Query NetBSD pkg:
 PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info:
 PKGS-7303:test:security:ports_packages::Query brew package manager:
--- a/include/tests_php
+++ b/include/tests_php
@ -275,6 +275,39 @@
    fi
 #
 #################################################################################
+#
+    # Test        : PHP-2379
+    # Description : Check PHP suhosin extension status
+    if [ ! -z "${PHPINIFILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        for I in ${PHPINI_ALLFILES}; do
+            LogText "Test: Checking for PHP suhosin extension status in file ${I}"
+            FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin.so.*$' ${I})
+            if [ -z "${FIND}" ]; then
+                LogText "Result: ${I}: suhosin is not enabled"
+            else
+                LogText "Result: ${I}: suhosin is enabled"
+                FOUND=1
+            fi
+        done
+
+        if [ ${FOUND} -eq 0 ]; then
+            LogText "Result: Suhosin extension is not enabled"
+            Display --indent 4 --text "- Checking PHP disabled functions" --result "${STATUS_NONE}" --color RED
+            ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension"
+            LogText "suhosin extension is not enabled"
+            AddHP 0 1
+
+        else
+            LogText "Result: suhosin extension is enabled"
+            Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_FOUND}" --color GREEN
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
 #

 WaitForKeyPress