private void RunCodeCoverageTest(string testName, decimal expectedValue)
        {
            PhpVHTester tester = null;

            try
            {
                using (tester = new PhpVHTester(
                           testName,
                           "X",
                           new[] { GetFolder() + "\\" + testName + "." + GetExtension() }))
                {
                    tester.CodeCoverage = 2;
                    tester.RunPhpVH();
                    var coverage = tester.LoadCoverage();

                    Assert.AreEqual(2, coverage.Count);

                    var falsePositive = coverage.FirstOrDefault(x => x.Key.EndsWith("\\FalsePositiveCheck.php"));

                    Assert.IsNotNull(falsePositive);
                    Assert.AreEqual((decimal)100.0, falsePositive.Value);

                    coverage.Remove(falsePositive.Key);
                    Assert.AreEqual(expectedValue, coverage.First().Value);
                }
            }
            catch
            {
                if (tester != null)
                {
                    tester.DumpOutput();
                }
                throw;
            }
        }
Esempio n. 2
0
        private void RunVulnerabilityTest(string name, string mode, Action <PhpVHTester> action)
        {
            var phpFiles = Directory.GetFiles("PHP\\" + name);

            using (var tester = new PhpVHTester(name, mode, phpFiles))
            {
                try
                {
                    tester.RunPhpVH();
                    action(tester);
                    var alerts = tester.LoadAlerts();

                    phpFiles
                    .Select(x => "/" + Path.GetFileName(x))
                    .Iter(x => Assert.IsTrue(alerts.Any(y => y.Trace.Request.Contains(x)), _noAlertForTest, x));

                    var anyFalsePositives = alerts.Any(x => x.Trace.Request.Contains("/FalsePositiveCheck.php"));
                    Assert.IsFalse(anyFalsePositives, _falsePositiveMarkerFound);
                }
                catch
                {
                    tester.DumpOutput();

                    throw;
                }
            }
        }
        private void RunCodeCoverageTest(string testName, decimal expectedValue)
        {
            PhpVHTester tester = null;
            try
            {
                using (tester = new PhpVHTester(
                    testName,
                    "X",
                    new[] { GetFolder() + "\\" + testName + "." + GetExtension() }))
                {
                    tester.CodeCoverage = 2;
                    tester.RunPhpVH();
                    var coverage = tester.LoadCoverage();

                    Assert.AreEqual(2, coverage.Count);

                    var falsePositive = coverage.FirstOrDefault(x => x.Key.EndsWith("\\FalsePositiveCheck.php"));

                    Assert.IsNotNull(falsePositive);
                    Assert.AreEqual((decimal)100.0, falsePositive.Value);

                    coverage.Remove(falsePositive.Key);
                    Assert.AreEqual(expectedValue, coverage.First().Value);
                }
            }
            catch
            {
                if (tester != null)
                {
                    tester.DumpOutput();
                }
                throw;
            }
        }
Esempio n. 4
0
 private void ReadTestCore(PhpVHTester tester, string anchor)
 {
     Assert.IsTrue(
         tester
         .LoadAlerts()
         .All(x => x.Trace.Response.Contains(anchor)),
         _falsePositive);
 }
Esempio n. 5
0
        private void TestUploadedFile(PhpVHTester tester, ScanAlertCollection alerts, string filename)
        {
            Assert.IsTrue(HasBeenMoved(alerts, filename), _fileNotMoved, filename);
            var shellFile = Path.Combine(tester.TestDirectory.FullName, filename);

            Assert.IsTrue(File.Exists(shellFile), _fileNotUploaded, shellFile);
            var shellFileText    = File.ReadAllText(shellFile);
            var isValidShellFile = shellFileText.Contains("system") || shellFileText.Contains("AddType");

            Assert.IsTrue(isValidShellFile, _invalidUpload);
        }
 private void TestUploadedFile(PhpVHTester tester, ScanAlertCollection alerts, string filename)
 {
     Assert.IsTrue(HasBeenMoved(alerts, filename), _fileNotMoved, filename);
     var shellFile = Path.Combine(tester.TestDirectory.FullName, filename);
     Assert.IsTrue(File.Exists(shellFile), _fileNotUploaded, shellFile);
     var shellFileText = File.ReadAllText(shellFile);
     var isValidShellFile = shellFileText.Contains("system") || shellFileText.Contains("AddType");
     Assert.IsTrue(isValidShellFile, _invalidUpload);
 }
        private void RunVulnerabilityTest(string name, string mode, Action<PhpVHTester> action)
        {
            var phpFiles = Directory.GetFiles("PHP\\" + name);
            using (var tester = new PhpVHTester(name, mode, phpFiles))
            {
                try
                {
                    tester.RunPhpVH();
                    action(tester);
                    var alerts = tester.LoadAlerts();

                    phpFiles
                        .Select(x => "/" + Path.GetFileName(x))
                        .Iter(x => Assert.IsTrue(alerts.Any(y => y.Trace.Request.Contains(x)), _noAlertForTest, x));

                    var anyFalsePositives = alerts.Any(x => x.Trace.Request.Contains("/FalsePositiveCheck.php"));
                    Assert.IsFalse(anyFalsePositives, _falsePositiveMarkerFound);
                }
                catch
                {
                    tester.DumpOutput();

                    throw;
                }
            }
        }
 private void ReadTestCore(PhpVHTester tester, string anchor)
 {
     Assert.IsTrue(
         tester
             .LoadAlerts()
             .All(x => x.Trace.Response.Contains(anchor)),
         _falsePositive);
 }