private void RunCodeCoverageTest(string testName, decimal expectedValue) { PhpVHTester tester = null; try { using (tester = new PhpVHTester( testName, "X", new[] { GetFolder() + "\\" + testName + "." + GetExtension() })) { tester.CodeCoverage = 2; tester.RunPhpVH(); var coverage = tester.LoadCoverage(); Assert.AreEqual(2, coverage.Count); var falsePositive = coverage.FirstOrDefault(x => x.Key.EndsWith("\\FalsePositiveCheck.php")); Assert.IsNotNull(falsePositive); Assert.AreEqual((decimal)100.0, falsePositive.Value); coverage.Remove(falsePositive.Key); Assert.AreEqual(expectedValue, coverage.First().Value); } } catch { if (tester != null) { tester.DumpOutput(); } throw; } }
private void RunVulnerabilityTest(string name, string mode, Action <PhpVHTester> action) { var phpFiles = Directory.GetFiles("PHP\\" + name); using (var tester = new PhpVHTester(name, mode, phpFiles)) { try { tester.RunPhpVH(); action(tester); var alerts = tester.LoadAlerts(); phpFiles .Select(x => "/" + Path.GetFileName(x)) .Iter(x => Assert.IsTrue(alerts.Any(y => y.Trace.Request.Contains(x)), _noAlertForTest, x)); var anyFalsePositives = alerts.Any(x => x.Trace.Request.Contains("/FalsePositiveCheck.php")); Assert.IsFalse(anyFalsePositives, _falsePositiveMarkerFound); } catch { tester.DumpOutput(); throw; } } }
private void ReadTestCore(PhpVHTester tester, string anchor) { Assert.IsTrue( tester .LoadAlerts() .All(x => x.Trace.Response.Contains(anchor)), _falsePositive); }
private void TestUploadedFile(PhpVHTester tester, ScanAlertCollection alerts, string filename) { Assert.IsTrue(HasBeenMoved(alerts, filename), _fileNotMoved, filename); var shellFile = Path.Combine(tester.TestDirectory.FullName, filename); Assert.IsTrue(File.Exists(shellFile), _fileNotUploaded, shellFile); var shellFileText = File.ReadAllText(shellFile); var isValidShellFile = shellFileText.Contains("system") || shellFileText.Contains("AddType"); Assert.IsTrue(isValidShellFile, _invalidUpload); }
private void RunVulnerabilityTest(string name, string mode, Action<PhpVHTester> action) { var phpFiles = Directory.GetFiles("PHP\\" + name); using (var tester = new PhpVHTester(name, mode, phpFiles)) { try { tester.RunPhpVH(); action(tester); var alerts = tester.LoadAlerts(); phpFiles .Select(x => "/" + Path.GetFileName(x)) .Iter(x => Assert.IsTrue(alerts.Any(y => y.Trace.Request.Contains(x)), _noAlertForTest, x)); var anyFalsePositives = alerts.Any(x => x.Trace.Request.Contains("/FalsePositiveCheck.php")); Assert.IsFalse(anyFalsePositives, _falsePositiveMarkerFound); } catch { tester.DumpOutput(); throw; } } }