tainted(ob_get_clean()); echo "\n\n"; echo "testing ob_get_contents\n"; ob_start(); echo $good1; $a = ob_get_contents(); ob_end_clean(); not_tainted($a); ob_start(); echo $bad1; $a = ob_get_contents(); ob_end_clean(); tainted($a); echo "\n\n"; echo "testing ob_get_flush\n"; ob_start(); ob_start(); echo $good1; $a = ob_get_flush(); ob_end_clean(); $b = ob_get_clean(); not_tainted($a); not_tainted($b); ob_start(); ob_start(); echo $bad1; $a = ob_get_flush(); ob_end_clean(); $b = ob_get_clean(); tainted($a); tainted($b);
echo "testing wordwrap\n"; not_tainted(wordwrap($good1, 5, $good2, true)); tainted(wordwrap($bad1, 5, $good1, true)); tainted(wordwrap($good1, 5, $bad1, true)); tainted(wordwrap($bad1, 5, $bad2, true)); echo "\n\n"; echo "testing html_entity_decode\n"; not_tainted(html_entity_decode($good1)); tainted(html_entity_decode($bad1)); echo "\n\n"; echo "testing htmlentities\n"; not_tainted(htmlentities($good1)); tainted(htmlentities($bad1)); echo "\n\n"; echo "testing convert_uuencode\n"; not_tainted(convert_uuencode($good1)); tainted(convert_uuencode($bad1)); echo "\n\n"; echo "testing md5\n"; // We consider md5 operation to generate dangerous output. It unlikely to be // exploitable, but it's better for us to be safe than sorry... not_tainted(md5($good1)); tainted(md5($bad1)); echo "\n\n"; echo "testing print_r\n"; $arr = array($good1, $good2); $x = print_r($arr, true); not_tainted($x); $arr = array($good1, $bad1); $x = print_r($arr, true); tainted($x);
| HipHop for PHP |
+----------------------------------------------------------------------+
| Copyright (c) 2010 Facebook, Inc. (http://www.facebook.com) |
+----------------------------------------------------------------------+
| This source file is subject to version 3.01 of the PHP license, |
| that is bundled with this package in the file LICENSE, and is |
| available through the world-wide-web at the following url: |
| http://www.php.net/license/3_01.txt |
| If you did not receive a copy of the PHP license and are unable to |
| obtain it through the world-wide-web, please send a note to |
| license@php.net so we can mail you a copy immediately. |
+----------------------------------------------------------------------+
*/
require_once 'setup.inc';
/**
* Check that various forms of concatenations output the right taint information
*/
$a = $good1 . $good2;
not_tainted($a);
$a = $good1 . $bad1;
tainted($a);
$a = $good1;
$a .= $good2;
not_tainted($a);
$a = $good1;
$a .= $bad1;
tainted($a);
$a = "{$good1} {$good2}";
not_tainted($a);
$a = "{$good1} {$bad1}";
tainted($a);
tainted($a);
echo "\n\n";
echo "testing debug_zval_dump\n";
ob_start();
debug_zval_dump($good1);
$a = ob_get_clean();
not_tainted($a);
ob_start();
debug_zval_dump($bad1);
$a = ob_get_clean();
tainted($a);
echo "\n\n";
echo "testing serialize\n";
not_tainted(serialize($good1));
tainted(serialize($bad1));
echo "\n\n";
echo "testing unserialize\n";
not_tainted(unserialize($serialized_good));
tainted(unserialize($serialized_bad));
echo "\n\n";
echo "testing get_defined_vars\n";
$arr = get_defined_vars();
not_tainted($arr['good1']);
tainted($arr['bad1']);
// Note: import_request_variables is not supported in hphp
echo "\n\n";
echo "testing extract\n";
$arr = array('good1' => $good1, 'bad1' => $bad1);
extract($arr, EXTR_PREFIX_ALL, 'extract');
not_tainted($extract_good1);
tainted($extract_bad1);
