Skip to content

Commit

Permalink
Merge pull request #4120 in SW/shopware from sw-16599/5.2/improve-inp…
Browse files Browse the repository at this point in the history 
…ut-filter to 5.2

* commit '20e816606d638a4819a20dc3715f300b08abe676':
  SW-16599 - Improve SQL input filter
  • Loading branch information
@bcremer
bcremer committed Oct 17, 2016
2 parents a979bff + 20e8166 commit 5b66fc3
Show file tree
Hide file tree
Showing 2 changed files with 90 additions and 1 deletion.
2 changes: 1 addition & 1 deletion engine/Shopware/Plugins/Default/Frontend/InputFilter/Bootstrap.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -27,7 +27,7 @@
*/
class Shopware_Plugins_Frontend_InputFilter_Bootstrap extends Shopware_Components_Plugin_Bootstrap
{
public $sqlRegex = 's_core_|s_order_|s_user|benchmark.*\(|(?:insert|replace).+into|update.+set|(?:delete|select).+from|(?:alter|rename|create|drop|truncate).+(?:database|table|procedure)|union.+select|prepare.+from.+execute';
public $sqlRegex = 's_core_|s_order_|s_user|benchmark.*\(|(?:insert|replace).+into|update.+set|(?:delete|select).+from|(?:alter|rename|create|drop|truncate).+(?:database|table|procedure)|union.+select|prepare.+from.+execute|select.+into\s+(outfile|dumpfile)';
public $xssRegex = 'javascript:|src\s*=|on[a-z]+\s*=|style\s*=';
public $rfiRegex = '\.\./|\\0';

Expand Down
89 changes: 89 additions & 0 deletions tests/Unit/Plugin/Frontend/InputFilter/FilterTest.php
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,89 @@
<?php
/**
* Shopware 5
* Copyright (c) shopware AG
*
* According to our dual licensing model, this program can be used either
* under the terms of the GNU Affero General Public License, version 3,
* or under a proprietary license.
*
* The texts of the GNU Affero General Public License with an additional
* permission and of our proprietary license can be found at and
* in the LICENSE file you have received along with this program.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU Affero General Public License for more details.
*
* "Shopware" is a registered trademark of shopware AG.
* The licensing of the program under the AGPLv3 does not imply a
* trademark license. Therefore any rights, title and interest in
* our trademarks remain entirely with us.
*/

namespace Shopware\Tests\Unit\Plugin\Frontend\InputFilter;

use PHPUnit\Framework\TestCase;

/**
* @category Shopware
* @package Shopware\Tests
* @copyright Copyright (c) shopware AG (http://www.shopware.de)
*/
class FilterTest extends TestCase
{
/** @var \Shopware_Plugins_Frontend_InputFilter_Bootstrap */
private $inputFilter;

/**
* @inheritdoc
*/
public function setUp()
{
$this->inputFilter = $this->createMock(\Shopware_Plugins_Frontend_InputFilter_Bootstrap::class);
}

/**
* @return array
*/
public function sqlProvider()
{
return [
["SELECT * FROM s_core_auth"],
["SELECT * FROM s_order_details"],
["SELECT * FROM benchmark.foo"],
["INSERT INTO foo (bar) VALUES ('moo')"],
["REPLACE INSERT INTO foo (bar) VALUES ('moo')"],
["REPLACE INTO foo (bar) VALUES ('moo')"],
["UPDATE foo SET a=2 WHERE x=y"],
["DELETE FROM foo WHERE id > 1"],
["ALTER TABLE foo ADD COLUMN bar int(1)"],
["RENAME TABLE foo TO foobar"],
["CREATE TABLE foobar (id int(11))"],
["DROP TABLE foobar"],
["TRUNCATE TABLE foobar"],
["ALTER DATABASE `shopware` UPGRADE DATA DIRECTORY NAME;"],
["RENAME DATABASE shopware TO shopware_foo"],
["SELECT * FROM s_user UNION ALL SELECT * FROM s_user_addresses"],
["SELECT CONCAT(CHAR(60),CHAR(63),CHAR(112),CHAR(104),CHAR(112),CHAR(32),CHAR(115),CHAR(121),CHAR(115),CHAR(116),CHAR(101),CHAR(109),CHAR(40),CHAR(36),CHAR(95),CHAR(71),CHAR(69),CHAR(84),CHAR(91),CHAR(39),CHAR(99),CHAR(111),CHAR(109),CHAR(109),CHAR(97),CHAR(110),CHAR(100),CHAR(39),CHAR(93),CHAR(41),CHAR(59),CHAR(32),CHAR(63),CHAR(62)) INTO OUTFILE '/var/www/backdoor.php'"],
["SELECT CONCAT(CHAR(60),CHAR(63),CHAR(112),CHAR(104),CHAR(112),CHAR(32),CHAR(115),CHAR(121),CHAR(115),CHAR(116),CHAR(101),CHAR(109),CHAR(40),CHAR(36),CHAR(95),CHAR(71),CHAR(69),CHAR(84),CHAR(91),CHAR(39),CHAR(99),CHAR(111),CHAR(109),CHAR(109),CHAR(97),CHAR(110),CHAR(100),CHAR(39),CHAR(93),CHAR(41),CHAR(59),CHAR(32),CHAR(63),CHAR(62)) INTO OUTFILE '/var/www/backdoor.php'"],
["SELECT CONCAT(CHAR(60),CHAR(63),CHAR(112),CHAR(104),CHAR(112),CHAR(32),CHAR(115),CHAR(121),CHAR(115),CHAR(116),CHAR(101),CHAR(109),CHAR(40),CHAR(36),CHAR(95),CHAR(71),CHAR(69),CHAR(84),CHAR(91),CHAR(39),CHAR(99),CHAR(111),CHAR(109),CHAR(109),CHAR(97),CHAR(110),CHAR(100),CHAR(39),CHAR(93),CHAR(41),CHAR(59),CHAR(32),CHAR(63),CHAR(62)) INTO OUTFILE '/var/www/backdoor.php'"],
["SELECT CONCAT(CHAR(60),CHAR(63),CHAR(112),CHAR(104),CHAR(112),CHAR(32),CHAR(115),CHAR(121),CHAR(115),CHAR(116),CHAR(101),CHAR(109),CHAR(40),CHAR(36),CHAR(95),CHAR(71),CHAR(69),CHAR(84),CHAR(91),CHAR(39),CHAR(99),CHAR(111),CHAR(109),CHAR(109),CHAR(97),CHAR(110),CHAR(100),CHAR(39),CHAR(93),CHAR(41),CHAR(59),CHAR(32),CHAR(63),CHAR(62)) INTO DUMPFILE '/var/www/backdoor.php'"],
["SELECT CONCAT(CHAR(60),CHAR(63),CHAR(112),CHAR(104),CHAR(112),CHAR(32),CHAR(115),CHAR(121),CHAR(115),CHAR(116),CHAR(101),CHAR(109),CHAR(40),CHAR(36),CHAR(95),CHAR(71),CHAR(69),CHAR(84),CHAR(91),CHAR(39),CHAR(99),CHAR(111),CHAR(109),CHAR(109),CHAR(97),CHAR(110),CHAR(100),CHAR(39),CHAR(93),CHAR(41),CHAR(59),CHAR(32),CHAR(63),CHAR(62)) INTO DUMPFILE '/var/www/backdoor.php'"],
["SELECT CONCAT(CHAR(60),CHAR(63),CHAR(112),CHAR(104),CHAR(112),CHAR(32),CHAR(115),CHAR(121),CHAR(115),CHAR(116),CHAR(101),CHAR(109),CHAR(40),CHAR(36),CHAR(95),CHAR(71),CHAR(69),CHAR(84),CHAR(91),CHAR(39),CHAR(99),CHAR(111),CHAR(109),CHAR(109),CHAR(97),CHAR(110),CHAR(100),CHAR(39),CHAR(93),CHAR(41),CHAR(59),CHAR(32),CHAR(63),CHAR(62)) INTO DUMPFILE '/var/www/backdoor.php'"],
];
}

/**
* @dataProvider sqlProvider
* @param string $statement
*/
public function testSql($statement)
{
$regex = '#' . $this->inputFilter->sqlRegex . '#msi';
$statement = \Shopware_Plugins_Frontend_InputFilter_Bootstrap::filterValue($statement, $regex);

$this->assertNull($statement);
}
}

0 comments on commit 5b66fc3

Please sign in to comment.