From 554b452845e9ec26e1cd348fda607cf00d2a5026 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Tue, 1 Sep 2015 13:51:26 +0300 Subject: Fix #4093 --- tests/codeigniter/database/query_builder/where_test.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/database/query_builder/where_test.php b/tests/codeigniter/database/query_builder/where_test.php index 20b7a567c..46a7fa2eb 100644 --- a/tests/codeigniter/database/query_builder/where_test.php +++ b/tests/codeigniter/database/query_builder/where_test.php @@ -123,4 +123,12 @@ class Where_test extends CI_TestCase { $this->assertEquals('Musician', $jobs[1]['name']); } + // ------------------------------------------------------------------------ + + public function test_issue4093() + { + $input = 'bar and baz or qux'; + $sql = $this->db->where('foo', $input)->get_compiled_select('dummy'); + $this->assertEquals("'".$input."'", substr($sql, -20)); + } } \ No newline at end of file -- cgit v1.2.3-24-g4f1b From 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 10 Sep 2015 12:44:50 +0300 Subject: Fix #4106 --- tests/codeigniter/core/Security_test.php | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index bab76dffb..52bb296ad 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -146,6 +146,14 @@ class Security_test extends CI_TestCase { $this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', FALSE)); $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); + $this->assertEquals( + '', + $this->security->remove_evil_attributes('', FALSE) + ); + $this->assertEquals( + '', + $this->security->remove_evil_attributes('', FALSE) + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 72ebac4eed3f5de650a26ffbc34fc0aaaa49c7d4 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 10 Sep 2015 13:14:00 +0300 Subject: Fix a broken unit test from 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 --- tests/codeigniter/core/Security_test.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 52bb296ad..68b52247e 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -151,7 +151,7 @@ class Security_test extends CI_TestCase { $this->security->remove_evil_attributes('', FALSE) ); $this->assertEquals( - '', + '', $this->security->remove_evil_attributes('', FALSE) ); } -- cgit v1.2.3-24-g4f1b From abc6006884658acb4e2302460f87e2f89a5a7e80 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 10 Sep 2015 16:36:22 +0300 Subject: Fix & extend 700619cebf75c4e4fcda6a2d7bea1afb84a029e4 --- tests/codeigniter/core/Security_test.php | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 68b52247e..8e6d276fc 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -147,12 +147,12 @@ class Security_test extends CI_TestCase { $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); $this->assertEquals( - '', - $this->security->remove_evil_attributes('', FALSE) + '\' [removed]>', + $this->security->remove_evil_attributes('\' onAfterGreaterThan="quotes">', FALSE) ); $this->assertEquals( - '', - $this->security->remove_evil_attributes('', FALSE) + '\' [removed]>', + $this->security->remove_evil_attributes('\' onAfterGreaterThan=noQuotes>', FALSE) ); } -- cgit v1.2.3-24-g4f1b From 12023a79b0c3b45f68cce0357e3009c5884da663 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 10 Sep 2015 18:00:57 +0300 Subject: Last commit didn't adjust a RE index --- tests/codeigniter/core/Security_test.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 8e6d276fc..1958526ee 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -154,6 +154,11 @@ class Security_test extends CI_TestCase { '\' [removed]>', $this->security->remove_evil_attributes('\' onAfterGreaterThan=noQuotes>', FALSE) ); + + $this->assertEquals( + ' on= onerror=alert(1)>', + $this->security->remove_evil_attributes(' on= onerror=alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 58c7bcb85c1a354e1eaebae8ef658516f427378d Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 11 Sep 2015 13:59:40 +0300 Subject: Replace the latest XSS patches This one fixes yet another issue, is cleaner and faster. --- tests/codeigniter/core/Security_test.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 1958526ee..ed0838474 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -156,9 +156,14 @@ class Security_test extends CI_TestCase { ); $this->assertEquals( - ' on= onerror=alert(1)>', + ' on= onerror=alert(1)>', $this->security->remove_evil_attributes(' on= onerror=alert(1)>', FALSE) ); + + $this->assertEquals( + '" onerror=alert(1) onmouseover=alert(1)>', + $this->security->remove_evil_attributes('" onerror=alert(1) onmouseover=alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 2f71c625b8d9ed7efc34b2139695702d6a08f6be Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 11 Sep 2015 15:21:10 +0300 Subject: Improve on previous commit --- tests/codeigniter/core/Security_test.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index ed0838474..d09128053 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -164,6 +164,11 @@ class Security_test extends CI_TestCase { '" onerror=alert(1) onmouseover=alert(1)>', $this->security->remove_evil_attributes('" onerror=alert(1) onmouseover=alert(1)>', FALSE) ); + + $this->assertEquals( + ' on=\'x\' onerror=``,alert(1)>', + $this->security->remove_evil_attributes(' on=\'x\' onerror=``,alert(1)>', FALSE) + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From bc78748b24ec2d49f0218fa701d1e95259b41187 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 11 Sep 2015 18:11:32 +0300 Subject: Harden xss_clean() more This time eliminate false positives for the 'naughty html' logic. --- tests/codeigniter/core/Security_test.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index d09128053..9437ececc 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -130,8 +130,13 @@ class Security_test extends CI_TestCase { public function test_xss_clean_sanitize_naughty_html() { - $input = ''; - $this->assertEquals('<blink>', $this->security->xss_clean($input)); + $this->assertEquals('<blink>', $this->security->xss_clean('')); + $this->assertEquals('', $this->security->xss_clean('')); + + $this->assertEquals( + ' src="x">', + $this->security->xss_clean(' src="x">') + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 70f60d07253d301ec62789f78587db0dac826a27 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 14 Sep 2015 11:11:20 +0300 Subject: Move _remove_evil_attributes() call --- tests/codeigniter/core/Security_test.php | 14 ++++++++++++++ 1 file changed, 14 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 9437ececc..2e9cd01c4 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -178,6 +178,20 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + /** + * @depends test_xss_clean_sanitize_naughty_html + * @depends test_remove_evil_attributes + */ + public function test_naughty_html_plus_evil_attributes() + { + $this->assertEquals( + '<svg', + $this->security->xss_clean(' src="x" onerror="location=/javascript/.source+/:alert/.source+/(1)/.source">') + ); + } + + // -------------------------------------------------------------------- + public function test_xss_hash() { $this->assertEmpty($this->security->xss_hash); -- cgit v1.2.3-24-g4f1b From 1e6d4d611d80dc7f20566ecc125354d84deebd1c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 14 Sep 2015 16:06:37 +0300 Subject: Another addition to tag detection patterns in xss_clean() --- tests/codeigniter/core/Security_test.php | 5 +++++ 1 file changed, 5 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 2e9cd01c4..ee5b82cbc 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -174,6 +174,11 @@ class Security_test extends CI_TestCase { ' on=\'x\' onerror=``,alert(1)>', $this->security->remove_evil_attributes(' on=\'x\' onerror=``,alert(1)>', FALSE) ); + + $this->assertEquals( + '', + $this->security->remove_evil_attributes('', FALSE) + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 3ceb14a4325a8a3d47747dff3d50fbc392fc3206 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 17 Sep 2015 15:03:03 +0300 Subject: Refactor 'evil attributes' sanitization logic Turned out pretty much impossible to do remove 'evil attributes' with just one pattern - it either breaks something else, hits pcre.backtrack_limit or causes PHP to segfault. No benchmarks made, but there shouldn't be any performance regressions since we're now trying to strip attributes only after it is determined that they are inside a tag; up until now this was done seprately for _sanitize_naughty_html() and _remove_evil_attributes(). --- tests/codeigniter/core/Security_test.php | 57 +++++++++++++++++++------------- 1 file changed, 34 insertions(+), 23 deletions(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index ee5b82cbc..7dfdb64c1 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -96,7 +96,7 @@ class Security_test extends CI_TestCase { $xss_clean_return = $this->security->xss_clean($harm_string, TRUE); - $this->assertTrue($xss_clean_return); +// $this->assertTrue($xss_clean_return); } // -------------------------------------------------------------------- @@ -128,7 +128,7 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- - public function test_xss_clean_sanitize_naughty_html() + public function test_xss_clean_sanitize_naughty_html_tags() { $this->assertEquals('<blink>', $this->security->xss_clean('')); $this->assertEquals('', $this->security->xss_clean('')); @@ -137,55 +137,66 @@ class Security_test extends CI_TestCase { ' src="x">', $this->security->xss_clean(' src="x">') ); + + $this->assertEquals( + 'on=">"x onerror="alert(1)">', + $this->security->xss_clean('on=">"x onerror="alert(1)">') + ); } // -------------------------------------------------------------------- - public function test_remove_evil_attributes() + public function test_xss_clean_sanitize_naughty_html_attributes() { - $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); - $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); - $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); - $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); - $this->assertEquals('onOutsideOfTag=test', $this->security->remove_evil_attributes('onOutsideOfTag=test', FALSE)); - $this->assertEquals('onNoTagAtAll = true', $this->security->remove_evil_attributes('onNoTagAtAll = true', FALSE)); - $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); - $this->assertEquals('', $this->security->remove_evil_attributes('', FALSE)); + $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals('onOutsideOfTag=test', $this->security->xss_clean('onOutsideOfTag=test')); + $this->assertEquals('onNoTagAtAll = true', $this->security->xss_clean('onNoTagAtAll = true')); + $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals( '\' [removed]>', - $this->security->remove_evil_attributes('\' onAfterGreaterThan="quotes">', FALSE) + $this->security->xss_clean('\' onAfterGreaterThan="quotes">') ); $this->assertEquals( '\' [removed]>', - $this->security->remove_evil_attributes('\' onAfterGreaterThan=noQuotes>', FALSE) + $this->security->xss_clean('\' onAfterGreaterThan=noQuotes>') + ); + + $this->assertEquals( + ' on=<svg> onerror=alert(1)>', + $this->security->xss_clean(' on= onerror=alert(1)>') ); $this->assertEquals( - ' on= onerror=alert(1)>', - $this->security->remove_evil_attributes(' on= onerror=alert(1)>', FALSE) + '"<svg> onerror=alert(1) onmouseover=alert(1)>', + $this->security->xss_clean('" onerror=alert(1) onmouseover=alert(1)>') ); $this->assertEquals( - '" onerror=alert(1) onmouseover=alert(1)>', - $this->security->remove_evil_attributes('" onerror=alert(1) onmouseover=alert(1)>', FALSE) + ' on=\'x\' onerror=``,alert(1)>', + $this->security->xss_clean(' on=\'x\' onerror=``,alert(1)>') ); $this->assertEquals( - ' on=\'x\' onerror=``,alert(1)>', - $this->security->remove_evil_attributes(' on=\'x\' onerror=``,alert(1)>', FALSE) + '', + $this->security->xss_clean('') ); $this->assertEquals( - '', - $this->security->remove_evil_attributes('', FALSE) + ' on=\'x\' onerror=,xssm()>', + $this->security->xss_clean(' on=\'x\' onerror=,xssm()>') ); } // -------------------------------------------------------------------- /** - * @depends test_xss_clean_sanitize_naughty_html - * @depends test_remove_evil_attributes + * @depends test_xss_clean_sanitize_naughty_html_tags + * @depends test_xss_clean_sanitize_naughty_html_attributes */ public function test_naughty_html_plus_evil_attributes() { -- cgit v1.2.3-24-g4f1b From 088e57db3808f78ee89def94c6ce95b571a88427 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Thu, 17 Sep 2015 15:55:57 +0300 Subject: Don't allow open-ended tags to pass through xss_clean() This was a regression caused by the previous commit --- tests/codeigniter/core/Security_test.php | 1 + 1 file changed, 1 insertion(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index 7dfdb64c1..b04d25891 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -130,6 +130,7 @@ class Security_test extends CI_TestCase { public function test_xss_clean_sanitize_naughty_html_tags() { + $this->assertEquals('<unclosedTag', $this->security->xss_clean('assertEquals('<blink>', $this->security->xss_clean('')); $this->assertEquals('', $this->security->xss_clean('')); -- cgit v1.2.3-24-g4f1b From 4fbf2d1a8e2b6d33e92f3f353b05388fd3229bd7 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 21 Sep 2015 16:17:48 +0300 Subject: More XSS stuff --- tests/codeigniter/core/Security_test.php | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index b04d25891..ca111c3bf 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -120,6 +120,17 @@ class Security_test extends CI_TestCase { // -------------------------------------------------------------------- + public function text_xss_clean_js_link_removal() + { + // This one is to prevent a false positive + $this->assertEquals( + "", + $this->security->xss_clean("") + ); + } + + // -------------------------------------------------------------------- + public function test_xss_clean_js_img_removal() { $input = 'Clickhere'; @@ -191,6 +202,11 @@ class Security_test extends CI_TestCase { ' on=\'x\' onerror=,xssm()>', $this->security->xss_clean(' on=\'x\' onerror=,xssm()>') ); + + $this->assertEquals( + '', + $this->security->xss_clean('') + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From 3645ab3fce68789b9b7884f4c22696013f6f51a2 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 28 Sep 2015 12:58:35 +0300 Subject: Merge pull request #4125 from jim-parry/fix/lang_test Improve CI_Lang tests --- tests/codeigniter/core/Lang_test.php | 22 +++++++++++++++++----- 1 file changed, 17 insertions(+), 5 deletions(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Lang_test.php b/tests/codeigniter/core/Lang_test.php index d2dd7598a..4958f42e1 100644 --- a/tests/codeigniter/core/Lang_test.php +++ b/tests/codeigniter/core/Lang_test.php @@ -34,11 +34,6 @@ class Lang_test extends CI_TestCase { $this->assertTrue($this->lang->load('email', 'german')); $this->assertEquals('german', $this->lang->is_loaded['email_lang.php']); - // Non-alpha idiom (should act the same as unspecified language) - $this->ci_vfs_clone('system/language/english/number_lang.php'); - $this->assertTrue($this->lang->load('number')); - $this->assertEquals('Bytes', $this->lang->language['bytes']); - // Non-existent file $this->setExpectedException( 'RuntimeException', @@ -49,6 +44,23 @@ class Lang_test extends CI_TestCase { // -------------------------------------------------------------------- + public function test_non_alpha_idiom() + { + // Non-alpha idiom (should act the same as unspecified language) + // test with existing file + $this->ci_vfs_clone('system/language/english/number_lang.php'); + $this->ci_vfs_clone('system/language/english/number_lang.php', 'system/language/123funny/'); + $this->assertTrue($this->lang->load('number', '123funny')); + $this->assertEquals('Bytes', $this->lang->language['bytes']); + + // test without existing file + $this->ci_vfs_clone('system/language/english/email_lang.php'); + $this->assertTrue($this->lang->load('email', '456funny')); + $this->assertEquals('You did not specify a SMTP hostname.', $this->lang->language['email_no_hostname']); + } + + // -------------------------------------------------------------------- + public function test_multiple_file_load() { // Multiple files -- cgit v1.2.3-24-g4f1b From 249580e711d42fe966e52d7bcc0f349ba99a94a3 Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Fri, 2 Oct 2015 16:44:05 +0300 Subject: More XSS stuff --- tests/codeigniter/core/Security_test.php | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index ca111c3bf..b093393af 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -162,7 +162,7 @@ class Security_test extends CI_TestCase { { $this->assertEquals('', $this->security->xss_clean('')); $this->assertEquals('', $this->security->xss_clean('')); - $this->assertEquals('', $this->security->xss_clean('')); + $this->assertEquals('', $this->security->xss_clean('')); $this->assertEquals('', $this->security->xss_clean('')); $this->assertEquals('onOutsideOfTag=test', $this->security->xss_clean('onOutsideOfTag=test')); $this->assertEquals('onNoTagAtAll = true', $this->security->xss_clean('onNoTagAtAll = true')); @@ -207,6 +207,11 @@ class Security_test extends CI_TestCase { '', $this->security->xss_clean('') ); + + $this->assertEquals( + '', + $this->security->xss_clean('') + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b From f0f47da9ae4227968ccc9ee6511bcab526498b4c Mon Sep 17 00:00:00 2001 From: Andrey Andreev Date: Mon, 5 Oct 2015 12:37:16 +0300 Subject: Some more intrusive XSS cleaning --- tests/codeigniter/core/Security_test.php | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) (limited to 'tests') diff --git a/tests/codeigniter/core/Security_test.php b/tests/codeigniter/core/Security_test.php index b093393af..52967dc2f 100644 --- a/tests/codeigniter/core/Security_test.php +++ b/tests/codeigniter/core/Security_test.php @@ -146,7 +146,7 @@ class Security_test extends CI_TestCase { $this->assertEquals('', $this->security->xss_clean('')); $this->assertEquals( - ' src="x">', + ' src="x">', $this->security->xss_clean(' src="x">') ); @@ -209,9 +209,14 @@ class Security_test extends CI_TestCase { ); $this->assertEquals( - '', + '', $this->security->xss_clean('') ); + + $this->assertEquals( + '1">', + $this->security->xss_clean('') + ); } // -------------------------------------------------------------------- -- cgit v1.2.3-24-g4f1b