private void RunCodeCoverageTest(string testName, decimal expectedValue)
{
PhpVHTester tester = null;
try
{
using (tester = new PhpVHTester(
testName,
"X",
new[] { GetFolder() + "\\" + testName + "." + GetExtension() }))
{
tester.CodeCoverage = 2;
tester.RunPhpVH();
var coverage = tester.LoadCoverage();
Assert.AreEqual(2, coverage.Count);
var falsePositive = coverage.FirstOrDefault(x => x.Key.EndsWith("\\FalsePositiveCheck.php"));
Assert.IsNotNull(falsePositive);
Assert.AreEqual((decimal)100.0, falsePositive.Value);
coverage.Remove(falsePositive.Key);
Assert.AreEqual(expectedValue, coverage.First().Value);
}
}
catch
{
if (tester != null)
{
tester.DumpOutput();
}
throw;
}
}
private void RunVulnerabilityTest(string name, string mode, Action <PhpVHTester> action)
{
var phpFiles = Directory.GetFiles("PHP\\" + name);
using (var tester = new PhpVHTester(name, mode, phpFiles))
{
try
{
tester.RunPhpVH();
action(tester);
var alerts = tester.LoadAlerts();
phpFiles
.Select(x => "/" + Path.GetFileName(x))
.Iter(x => Assert.IsTrue(alerts.Any(y => y.Trace.Request.Contains(x)), _noAlertForTest, x));
var anyFalsePositives = alerts.Any(x => x.Trace.Request.Contains("/FalsePositiveCheck.php"));
Assert.IsFalse(anyFalsePositives, _falsePositiveMarkerFound);
}
catch
{
tester.DumpOutput();
throw;
}
}
}
private void RunCodeCoverageTest(string testName, decimal expectedValue)
{
PhpVHTester tester = null;
try
{
using (tester = new PhpVHTester(
testName,
"X",
new[] { GetFolder() + "\\" + testName + "." + GetExtension() }))
{
tester.CodeCoverage = 2;
tester.RunPhpVH();
var coverage = tester.LoadCoverage();
Assert.AreEqual(2, coverage.Count);
var falsePositive = coverage.FirstOrDefault(x => x.Key.EndsWith("\\FalsePositiveCheck.php"));
Assert.IsNotNull(falsePositive);
Assert.AreEqual((decimal)100.0, falsePositive.Value);
coverage.Remove(falsePositive.Key);
Assert.AreEqual(expectedValue, coverage.First().Value);
}
}
catch
{
if (tester != null)
{
tester.DumpOutput();
}
throw;
}
}
private void ReadTestCore(PhpVHTester tester, string anchor)
{
Assert.IsTrue(
tester
.LoadAlerts()
.All(x => x.Trace.Response.Contains(anchor)),
_falsePositive);
}
private void TestUploadedFile(PhpVHTester tester, ScanAlertCollection alerts, string filename)
{
Assert.IsTrue(HasBeenMoved(alerts, filename), _fileNotMoved, filename);
var shellFile = Path.Combine(tester.TestDirectory.FullName, filename);
Assert.IsTrue(File.Exists(shellFile), _fileNotUploaded, shellFile);
var shellFileText = File.ReadAllText(shellFile);
var isValidShellFile = shellFileText.Contains("system") || shellFileText.Contains("AddType");
Assert.IsTrue(isValidShellFile, _invalidUpload);
}
private void TestUploadedFile(PhpVHTester tester, ScanAlertCollection alerts, string filename)
{
Assert.IsTrue(HasBeenMoved(alerts, filename), _fileNotMoved, filename);
var shellFile = Path.Combine(tester.TestDirectory.FullName, filename);
Assert.IsTrue(File.Exists(shellFile), _fileNotUploaded, shellFile);
var shellFileText = File.ReadAllText(shellFile);
var isValidShellFile = shellFileText.Contains("system") || shellFileText.Contains("AddType");
Assert.IsTrue(isValidShellFile, _invalidUpload);
}
private void RunVulnerabilityTest(string name, string mode, Action<PhpVHTester> action)
{
var phpFiles = Directory.GetFiles("PHP\\" + name);
using (var tester = new PhpVHTester(name, mode, phpFiles))
{
try
{
tester.RunPhpVH();
action(tester);
var alerts = tester.LoadAlerts();
phpFiles
.Select(x => "/" + Path.GetFileName(x))
.Iter(x => Assert.IsTrue(alerts.Any(y => y.Trace.Request.Contains(x)), _noAlertForTest, x));
var anyFalsePositives = alerts.Any(x => x.Trace.Request.Contains("/FalsePositiveCheck.php"));
Assert.IsFalse(anyFalsePositives, _falsePositiveMarkerFound);
}
catch
{
tester.DumpOutput();
throw;
}
}
}
private void ReadTestCore(PhpVHTester tester, string anchor)
{
Assert.IsTrue(
tester
.LoadAlerts()
.All(x => x.Trace.Response.Contains(anchor)),
_falsePositive);
}
