Date: 06/20/07 (PHP Community)    Keywords: php, security

Hello Friends

I needed a unit test that would tell me if all files in a given directory contained a call to a specific function within the first few lines. This function's purpose was to reassure me that all files are being properly authenticated.

The function had to provide a whitelist feature. It makes use of common Unix commands and has been tested in Cygwin on the command line.

I was pretty happy with my results, and thought I might share them.

Constructive criticism very welcome.

167     public function test_file_security() {
168         $admin_search_path = '../admin/';
169         $user_search_path = '../users/';
170         $search_target = 'Util::validate_user';
171         
172         //The grep expression matches the ==> arrow returned by xargs
173         //It also matches calls to the search target preceeded by zero or more whitespace characters only                                                  
174         $grep_command = "grep -E \"(==>|^([ ]+)?$search_target)\"";                                                                                        
175         
176         $command = "find $admin_search_path $user_search_path -maxdepth 1 -name \"*.php\" -print0 | xargs -0 head -n 3 | $grep_command";
177         //echo $command;
178         
179         $security_info = array();
180         $unsecured_files = '';
181         
182         $whitelist = array(
183             $admin_search_path . 'index.php',
184             $admin_search_path . 'login_page_bottom.php',
185             $admin_search_path . 'login_page_top.php'
186         );
187         
188         exec($command, $security_info, $return_val);
189         
190         $this->assertTrue($return_val === 0);
191         $this->assertTrue(count($security_info) > 0);
192         
193         //echo print_r($security_info, TRUE) . "\n";
194         //echo print_r($return_val, TRUE) . "\n";
195         
196         for ($i = 0; $i < count($security_info); $i++) {
197             //Strip out arrows returned by xargs
198             $current_token = trim(ereg_replace('([ <])?==([ >])?', '', $security_info[$i]));
199             $next_token = trim(@$security_info[$i + 1]);
200             
201             if (preg_match("/$search_target/", $current_token) > 0) {
202                 //Skip non-file tokens
203                 continue;
204             }   
205             elseif (array_search($current_token, $whitelist) !== FALSE) {
206                 //Skip whitelisted files
207                 continue;
208             }   
209             elseif ((empty($next_token)) || ((preg_match("/$search_target/", $next_token) == 0))) {
210                 $unsecured_files .= $current_token . "\n";
211             }
212         }
213 
214         $security_issue_found = (empty($unsecured_files)) ? FALSE : TRUE;
215         echo ($security_issue_found) ? "\n\n$unsecured_files\n" : '';
216         
217         $this->assertFalse($security_issue_found);
218     }   
219 }

Source: http://community.livejournal.com/php/572617.html