Commit 25c8f251 authored by effulgentsia's avatar effulgentsia
Browse files

Issue #3026414 by alexpott, Fabianx: Add tests for PharExtensionInterceptor...

Issue #3026414 by alexpott, Fabianx: Add tests for PharExtensionInterceptor for invocation from a CLI command
parent 8c14acad
......@@ -3,6 +3,8 @@
namespace Drupal\KernelTests\Core\File;
use Drupal\KernelTests\KernelTestBase;
use Symfony\Component\Process\PhpExecutableFinder;
use Symfony\Component\Process\Process;
/**
* Tests that the phar stream wrapper works.
......@@ -30,4 +32,25 @@ public function testPharFile() {
file_exists("phar://$base/image-2.jpg/index.php");
}
/**
* Tests phar files not ending in .phar can be executed using the CLI.
*/
public function testCliPharFile() {
$php = (new PhpExecutableFinder())->find();
$process = new Process("$php cli_phar", __DIR__ . '/fixtures');
$process->run();
$expected_output = <<<EOF
Can access phar files without .phar extension if they are the CLI command.
Can access phar files with .phar extension.
Cannot access other phar files without .phar extension.
Shutdown functions work in phar files without a .phar extension.
Shutdown functions cannot access other phar files without .phar extension.
EOF;
$this->assertSame($expected_output, $process->getOutput());
$this->assertSame(0, $process->getExitCode());
}
}
<?php
/**
* @file
* Builds a test phar file.
*/
if (PHP_SAPI !== 'cli') {
return;
}
// Create a phar to run from CLI.
$phar = new \Phar(__DIR__ . '/cli.phar');
$phar->buildFromDirectory(__DIR__ . '/cli_phar_builder');
// pointing main file which requires all classes
$phar->setDefaultStub('index.php', '/index.php');
// Make a version without a phar extension.
copy(__DIR__ . '/cli.phar', __DIR__ . '/cli_phar');
copy(__DIR__ . '/cli.phar', __DIR__ . '/cli_phar.png');
<?php
/**
* @file
* Tests phar protection.
*/
use Drupal\Core\Security\PharExtensionInterceptor;
use TYPO3\PharStreamWrapper\Behavior;
use TYPO3\PharStreamWrapper\Exception as PharStreamWrapperException;
use TYPO3\PharStreamWrapper\Manager;
use TYPO3\PharStreamWrapper\PharStreamWrapper;
// Use the current working directory so we don't have to include all the code in
// the phar file.
require_once getcwd() . '/../../../../../../../autoload.php';
stream_wrapper_unregister('phar');
stream_wrapper_register('phar', PharStreamWrapper::class);
Manager::initialize(
(new Behavior())
->withAssertion(new PharExtensionInterceptor())
);
if (file_exists(__DIR__ . '/index.php')) {
echo "Can access phar files without .phar extension if they are the CLI command.\n";
}
if (file_exists('phar://cli.phar')) {
echo "Can access phar files with .phar extension.\n";
}
// Try an insecure phar without an extension.
try {
file_exists('phar://cli_phar.png');
}
catch (PharStreamWrapperException $e) {
echo "Cannot access other phar files without .phar extension.\n";
}
// Try accessing phar from a shutdown function.
register_shutdown_function('phar_shutdown');
function phar_shutdown() {
if (file_exists(__DIR__ . '/index.php')) {
echo "Shutdown functions work in phar files without a .phar extension.\n";
}
// Try an insecure phar without an extension.
try {
file_exists('phar://cli_phar.png');
}
catch (PharStreamWrapperException $e) {
echo "Shutdown functions cannot access other phar files without .phar extension.\n";
}
}
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment