diff --git a/include/tests_php b/include/tests_php index 44f0296b..267375f3 100644 --- a/include/tests_php +++ b/include/tests_php @@ -311,79 +311,80 @@ # ################################################################################# # + # - test disabled for time being, as newer suhosin7 work is not stable enough - # Test : PHP-2379 # Description : Check PHP suhosin extension status - if [ ! -z "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi - Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status" + #if [ ! -z "${PHPINI_ALLFILES}" ]; then PREQS_MET="YES"; else PREQS_MET="NO"; fi + #Register --test-no PHP-2379 --preqs-met ${PREQS_MET} --weight L --network NO --category security --description "Check PHP suhosin extension status" - if [ ${SKIPTEST} -eq 0 ]; then - FOUND=0 - SIMULATION=0 - MAJOR_VERSION=$(echo ${PHPVERSION} | ${EGREPBINARY} "^7") - if [ "${OS}" = "OpenBSD" ]; then - FOUND=1 # On OpenBSD, Suhosin is hard linked into PHP - SIMULATION=off - else - for I in ${PHPINI_ALLFILES}; do - LogText "Test: Checking for PHP suhosin extension status in file ${I}" - FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin7?.so.*$' ${I}) - if [ -z "${FIND}" ]; then - LogText "Result: ${I}: suhosin is not enabled" - else - LogText "Result: ${I}: suhosin is enabled" - FOUND=1 - fi + #if [ ${SKIPTEST} -eq 0 ]; then + # FOUND=0 + # SIMULATION=0 + # MAJOR_VERSION=$(echo ${PHPVERSION} | ${EGREPBINARY} "^7") + # if [ "${OS}" = "OpenBSD" ]; then + # FOUND=1 # On OpenBSD, Suhosin is hard linked into PHP + # SIMULATION=off + # else + # for I in ${PHPINI_ALLFILES}; do + # LogText "Test: Checking for PHP suhosin extension status in file ${I}" + # FIND=$(${GREPBINARY} -oP '^extension=.*?suhosin7?.so.*$' ${I}) + # if [ -z "${FIND}" ]; then + # LogText "Result: ${I}: suhosin is not enabled" + # else + # LogText "Result: ${I}: suhosin is enabled" + # FOUND=1 + # fi - LogText "Test: Check Suhosin simulation mode status" - SIMULATION=$(${GREPBINARY} -oP '^suhosin.simulation.*$' ${I} | ${CUTBINARY} -d= -f2 | ${GREPBINARY} -io 'off' | ${TRBINARY} '[:upper:]' '[:lower:]') - if [ "${SIMULATION}" = "off" ]; then - LogText "Result: ${I}: suhosin simulation mode is not active" - else - LogText "Result: ${I}: suhosin simulation mode is active" - fi - done - fi + # LogText "Test: Check Suhosin simulation mode status" + # SIMULATION=$(${GREPBINARY} -oP '^suhosin.simulation.*$' ${I} | ${CUTBINARY} -d= -f2 | ${GREPBINARY} -io 'off' | ${TRBINARY} '[:upper:]' '[:lower:]') + # if [ "${SIMULATION}" = "off" ]; then + # LogText "Result: ${I}: suhosin simulation mode is not active" + # else + # LogText "Result: ${I}: suhosin simulation mode is active" + # fi + # done + # fi - # Check Suhosin for PHP 7 - if [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 1 ]; then - LogText "Test: Check Suhosin for PHP 7 is not enabled" - LogText "Result: Suhosin for PHP 7 is in alpha stage and should not be used in production" - ReportSuggestion ${TEST_NO} "Disable Suhosin for PHP 7" - Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED - Display --indent 6 --text "- Suhosin is enabled for PHP 7" --result "${STATUS_WARNING}" --color RED - AddHP 0 1 - elif [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 0 ]; then - LogText "Test: Check Suhosin for PHP 7 is not enabled" - LogText "Result: Suhosin for PHP 7 is not enabled" - Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN - Display --indent 6 --text "- Suhosin is not enabled for PHP 7" --result "${STATUS_OK}" --color GREEN - AddHP 1 1 - else - if [ ${FOUND} -eq 0 ]; then - LogText "Result: Suhosin extension is not enabled" - Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED - ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" - LogText "suhosin extension is not enabled" - AddHP 0 1 - else - LogText "Result: Suhosin extension is enabled" - Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN - AddHP 2 2 - fi + # # Check Suhosin for PHP 7 + # if [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 1 ]; then + # LogText "Test: Check Suhosin for PHP 7 is not enabled" + # LogText "Result: Suhosin for PHP 7 is in alpha stage and should not be used in production" + # ReportSuggestion ${TEST_NO} "Disable Suhosin for PHP 7" + # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED + # Display --indent 6 --text "- Suhosin is enabled for PHP 7" --result "${STATUS_WARNING}" --color RED + # AddHP 0 1 + # elif [ ! -z "${MAJOR_VERSION}" -a ${FOUND} -eq 0 ]; then + # LogText "Test: Check Suhosin for PHP 7 is not enabled" + # LogText "Result: Suhosin for PHP 7 is not enabled" + # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN + # Display --indent 6 --text "- Suhosin is not enabled for PHP 7" --result "${STATUS_OK}" --color GREEN + # AddHP 1 1 + # else + # if [ ${FOUND} -eq 0 ]; then + # LogText "Result: Suhosin extension is not enabled" + # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_WARNING}" --color RED + # ReportSuggestion ${TEST_NO} "Harden PHP by enabling suhosin extension" + # LogText "suhosin extension is not enabled" + # AddHP 0 1 + # else + # LogText "Result: Suhosin extension is enabled" + # Display --indent 4 --text "- Checking PHP suhosin extension status" --result "${STATUS_OK}" --color GREEN + # AddHP 2 2 + # fi - if [ "${SIMULATION}" = "off" ]; then - LogText "Result: Suhosin simulation mode is not active" - Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN - AddHP 2 2 - else - LogText "Result: Suhosin simulation mode is active" - Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED - ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode" - LogText "suhosin simulation mode is active" - AddHP 0 1 - fi - fi - fi + # if [ "${SIMULATION}" = "off" ]; then + # LogText "Result: Suhosin simulation mode is not active" + # Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_OK}" --color GREEN + # AddHP 2 2 + # else + # LogText "Result: Suhosin simulation mode is active" + # Display --indent 6 --text "- Suhosin simulation mode status" --result "${STATUS_WARNING}" --color RED + # ReportSuggestion ${TEST_NO} "Harden PHP by deactivating suhosin simulation mode" + # LogText "suhosin simulation mode is active" + # AddHP 0 1 + # fi + # fi + #fi # ################################################################################# #