예제 #1
0
 function __construct()
 {
     //The xml file is in its insecure default location.
     //We would normally have all referenced libraries outside of the webroot.
     $this->esapi = new ESAPI('../owasp-esapi-php-read-only/test/testresources/ESAPI.xml');
     ESAPI::setEncoder(new DefaultEncoder());
     ESAPI::setValidator(new DefaultValidator());
     $this->encoder = ESAPI::getEncoder();
     $this->validator = ESAPI::getValidator();
 }
예제 #2
0
 /**
  * The constructor stores an instance of Auditor for the purpose of logging.
  */
 public function __construct()
 {
     $this->_auditor = ESAPI::getAuditor('DefaultHTTPUtilities');
     $this->_validator = ESAPI::getValidator();
 }
예제 #3
0
 /**
  * Test of isValidDirectoryPath method, of class org.owasp.esapi.Validator.
  */
 public function testIsValidDirectoryPath()
 {
     $list = array();
     array_push($list, new HTMLEntityCodec());
     $encoder = new DefaultEncoder($list);
     $instance = ESAPI::getValidator();
     switch ($this->_os) {
         case self::PLATFORM_WINDOWS:
             // Windows paths that should pass
             $this->assertTrue($instance->isValidDirectoryPath('test', 'C:\\', false));
             // Windows root directory
             $this->assertTrue($instance->isValidDirectoryPath('test', 'C:\\Windows', false));
             // Windows always exist directory
             // Windows paths that don't exist and thus should fail
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\ridiculous', false));
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\temp\\..\\etc', false));
             // Windows path that exists but is not a directory
             $this->assertFalse($instance->isValidDirectoryPath('test', 'C:\\Windows\\System32\\cmd.exe', false));
             // Windows command shell
             // Windows path that exists but is not canonical
             $this->assertFalse($instance->isValidDirectoryPath('test', 'C:\\Windows\\System32\\..', false));
             // Unix specific paths should not pass
             $this->assertFalse($instance->isValidDirectoryPath('test', '/tmp', false));
             // Unix Temporary directory
             $this->assertFalse($instance->isValidDirectoryPath('test', '/bin/sh', false));
             // Unix Standard shell
             $this->assertFalse($instance->isValidDirectoryPath('test', '/etc/config', false));
             // Unix specific paths that should not exist or work
             $this->assertFalse($instance->isValidDirectoryPath('test', '/etc/ridiculous', false));
             $this->assertFalse($instance->isValidDirectoryPath('test', '/tmp/../etc', false));
             break;
         case self::PLATFORM_UNIX:
             // Unix specific paths should pass
             $this->assertTrue($instance->isValidDirectoryPath('test', '/', false));
             // Root directory
             $this->assertTrue($instance->isValidDirectoryPath('test', '/bin', false));
             // Always exist directory
             // Unix specific path that exists but is not a directory
             $this->assertFalse($instance->isValidDirectoryPath('test', '/bin/sh', false));
             // Standard shell
             // Unix specific path that exists but is not canonical
             $this->assertFalse($instance->isValidDirectoryPath('test', '/bin/../', false));
             // Unix specific paths that should not exist or work
             $this->assertFalse($instance->isValidDirectoryPath('test', '/etc/ridiculous', false));
             $this->assertFalse($instance->isValidDirectoryPath('test', '/tmp/../etc', false));
             // Windows paths should fail
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\ridiculous', false));
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\temp\\..\\etc', false));
             // Standard Windows locations should fail
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\', false));
             // Windows root directory
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\Windows\\temp', false));
             // Windows temporary directory
             $this->assertFalse($instance->isValidDirectoryPath('test', 'c:\\Windows\\System32\\cmd.exe', false));
             // Windows command shell
             break;
     }
 }
예제 #4
0
 /**
  * SafeRequest can be forced to use the supplied cookies, headers and server
  * globals by passing an array containing the following keys: 'cookies',
  * 'headers', 'env'.  The values for each of the keys should be an associative
  * array e.g. 'headers' => array('REQUEST_METHOD' => 'GET').
  * If any of the three options keys are not supplied then those elements will be
  * extracted from the actual request.
  * TODO accept a string like: 'GET / HTTP/1.1\r\nHost:example.com\r\n\r\n'
  * TODO accept GET and REQUEST parameters.
  *
  * @param NULL|array $options Array (optional) of HTTP Request elements.
  */
 public function __construct($options = null)
 {
     $codecs = array(new HTMLEntityCodec(), new PercentCodec());
     $this->_encoder = new DefaultEncoder($codecs);
     $this->_auditor = ESAPI::getAuditor('SafeRequest');
     $this->_validator = ESAPI::getValidator();
     if ($options !== null && is_array($options)) {
         if (array_key_exists('cookies', $options)) {
             $this->_cookies = $this->_validateCookies($options['cookies']);
         }
         if (array_key_exists('headers', $options)) {
             $this->_headers = $this->_validateHeaders($options['headers']);
         }
         if (array_key_exists('env', $options)) {
             $this->_serverGlobals = $this->_canonicalizeServerGlobals($options['env']);
         }
     }
 }