From 4cbe8f32c6e9c0862354fedf28e192035211f070 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?=28=E2=95=AF=C2=B0=E2=96=A1=C2=B0=EF=BC=89=E2=95=AF?=
 =?UTF-8?q?=EF=B8=B5=20u=E1=B4=89=C7=9DssnH=20=C9=90=C9=9F=C9=90=CA=87soW?=
 <mostafa.hussein91@gmail.com>
Date: Wed, 14 Jun 2017 15:06:51 +0300
Subject: [PATCH] add suhosin status test (#401)

* add suhosin status test

* get matched line only
---
 db/tests.db       |  1 +
 include/tests_php | 33 +++++++++++++++++++++++++++++++++
 2 files changed, 34 insertions(+)

diff --git a/db/tests.db b/db/tests.db
index e9235e40..58c76345 100644
--- a/db/tests.db
+++ b/db/tests.db
@@ -268,6 +268,7 @@ PHP-2372:test:security:php::Check PHP expose_php option:
 PHP-2374:test:security:php::Check PHP enable_dl option:
 PHP-2376:test:security:php::Check PHP allow_url_fopen option:
 PHP-2378:test:security:php::Check PHP allow_url_include option:
+PHP-2379:test:security:php::Check PHP suhosin extension status:
 PKGS-7301:test:security:ports_packages::Query NetBSD pkg:
 PKGS-7302:test:security:ports_packages::Query FreeBSD/NetBSD pkg_info:
 PKGS-7303:test:security:ports_packages::Query brew package manager:
diff --git a/include/tests_php b/include/tests_php
index 4a14a0c5..760682a7 100644
--- a/include/tests_php
+++ b/include/tests_php
@@ -275,6 +275,39 @@
     fi
 #
 #################################################################################
+#
+    # Test        : PHP-2379
+    # Description : Check PHP suhosin extension status
+    if [ ! -z "${PHPINIFILE}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi
+    Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status"
+    if [ ${SKIPTEST} -eq 0 ]; then
+        FOUND=0
+        for I in ${PHPINI_ALLFILES}; do
+            LogText "Test: Checking for PHP suhosin extension status in file ${I}"
+            FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin.so.*$' ${I})
+            if [ -z "${FIND}" ]; then
+                LogText "Result: ${I}: suhosin is not enabled"
+            else
+                LogText "Result: ${I}: suhosin is enabled"
+                FOUND=1
+            fi
+        done
+
+        if [ ${FOUND} -eq 0 ]; then
+            LogText "Result: Suhosin extension is not enabled"
+            Display --indent 4 --text "- Checking PHP disabled functions" --result "${STATUS_NONE}" --color RED
+            ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension"
+            LogText "suhosin extension is not enabled"
+            AddHP 0 1
+
+        else
+            LogText "Result: suhosin extension is enabled"
+            Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_FOUND}" --color GREEN
+            AddHP 2 2
+        fi
+    fi
+#
+#################################################################################
 #
 
 WaitForKeyPress