From f25e585008178010c5fede256b4d9e7638da1070 Mon Sep 17 00:00:00 2001 From: Dan Brown <ssddanbrown@googlemail.com> Date: Sat, 6 Feb 2021 00:16:27 +0000 Subject: [PATCH] Moved sketchy file samples to base64 equivilents Hides them from AV systems. Done some test helper cleaning while at it. Related to #1571 --- tests/Uploads/ImageTest.php | 6 +++--- tests/Uploads/UsesImages.php | 28 +++++++++++++++++++-------- tests/test-data/bad-php.base64 | 10 ++++++++++ tests/test-data/bad-phtml-png.base64 | 3 +++ tests/test-data/bad-phtml.base64 | 10 ++++++++++ tests/test-data/bad.php | Bin 560 -> 0 bytes tests/test-data/bad.phtml | Bin 560 -> 0 bytes tests/test-data/bad.phtml.png | Bin 158 -> 0 bytes 8 files changed, 46 insertions(+), 11 deletions(-) create mode 100644 tests/test-data/bad-php.base64 create mode 100644 tests/test-data/bad-phtml-png.base64 create mode 100644 tests/test-data/bad-phtml.base64 delete mode 100644 tests/test-data/bad.php delete mode 100644 tests/test-data/bad.phtml delete mode 100644 tests/test-data/bad.phtml.png diff --git a/tests/Uploads/ImageTest.php b/tests/Uploads/ImageTest.php index 1c736d672..9b0e004b1 100644 --- a/tests/Uploads/ImageTest.php +++ b/tests/Uploads/ImageTest.php @@ -136,7 +136,7 @@ class ImageTest extends TestCase $relPath = $this->getTestImagePath('gallery', $fileName); $this->deleteImage($relPath); - $file = $this->getTestImage($fileName); + $file = $this->newTestImageFromBase64('bad-php.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); @@ -158,7 +158,7 @@ class ImageTest extends TestCase $relPath = $this->getTestImagePath('gallery', $fileName); $this->deleteImage($relPath); - $file = $this->getTestImage($fileName); + $file = $this->newTestImageFromBase64('bad-phtml.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/jpeg')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); @@ -175,7 +175,7 @@ class ImageTest extends TestCase $relPath = $this->getTestImagePath('gallery', $fileName); $this->deleteImage($relPath); - $file = $this->getTestImage($fileName); + $file = $this->newTestImageFromBase64('bad-phtml-png.base64', $fileName); $upload = $this->withHeader('Content-Type', 'image/png')->call('POST', '/images/gallery', ['uploaded_to' => $page->id], [], ['file' => $file], []); $upload->assertStatus(302); diff --git a/tests/Uploads/UsesImages.php b/tests/Uploads/UsesImages.php index 64f26dea8..a2026d968 100644 --- a/tests/Uploads/UsesImages.php +++ b/tests/Uploads/UsesImages.php @@ -6,10 +6,9 @@ use Illuminate\Http\UploadedFile; trait UsesImages { /** - * Get the path to our basic test image. - * @return string + * Get the path to a file in the test-data-directory. */ - protected function getTestImageFilePath(?string $fileName = null) + protected function getTestImageFilePath(?string $fileName = null): string { if (is_null($fileName)) { $fileName = 'test-image.png'; @@ -19,13 +18,26 @@ trait UsesImages } /** - * Get a test image that can be uploaded - * @param $fileName - * @return UploadedFile + * Creates a new temporary image file using the given name, + * with the content decoded from the given bas64 file name. + * Is generally used for testing sketchy files that could trip AV. */ - protected function getTestImage($fileName, ?string $testDataFileName = null) + protected function newTestImageFromBase64(string $base64FileName, $imageFileName): UploadedFile { - return new UploadedFile($this->getTestImageFilePath($testDataFileName), $fileName, 'image/png', 5238, null, true); + $imagePath = implode(DIRECTORY_SEPARATOR, [sys_get_temp_dir(), $imageFileName]); + $base64FilePath = $this->getTestImageFilePath($base64FileName); + $data = file_get_contents($base64FilePath); + $decoded = base64_decode($data); + file_put_contents($imagePath, $decoded); + return new UploadedFile($imagePath, $imageFileName, 'image/png', null, true); + } + + /** + * Get a test image that can be uploaded + */ + protected function getTestImage(string $fileName, ?string $testDataFileName = null): UploadedFile + { + return new UploadedFile($this->getTestImageFilePath($testDataFileName), $fileName, 'image/png', null, true); } /** diff --git a/tests/test-data/bad-php.base64 b/tests/test-data/bad-php.base64 new file mode 100644 index 000000000..550ce17e8 --- /dev/null +++ b/tests/test-data/bad-php.base64 @@ -0,0 +1,10 @@ +/9j/4AAQSkZJRgABAQEBLAEsAAD//gATQ3JlYXRlZCB3aXRoIEdJTVD/2wBDAAEBAQEBAQEBAQEB +AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBD +AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB +AQEBAQEBAQH/wgARCAABAAEDAREAAhEBAxEB/8QAFAABAAAAAAAAAAAAAAAAAAAACv/EABQBAQAA +AAAAAAAAAAAAAAAAAAD/2gAMAwEAAhADEAAAAT/n/8QAFBABAAAAAAAAAAAAAAAAAAAAAP/aAAgB +AQABBQJ//8QAFBEBAAAAAAAAAAAAAAAAAAAAAP/aAAgBAwEBPwF//8QAFBEBAAAAAAAAAAAAAAAA +AAAAAP/aAAgBAgEBPwF//8QAFBABAAAAAAAAAAAAAAAAAAAAAP/aAAgBAQAGPwJ//8QAFBABAAAA +AAAAAAAAAAAAAAAAAP/aAAgBAQABPyF//9oADAMBAAIAAwAAABAf/8QAFBEBAAAAAAAAAAAAAAAA +AAAAAP/aAAgBAwEBPxB//8QAFBEBAAAAAAAAAAAAAAAAAAAAAP/aAAgBAgEBPxB//8QAFBABAAAA +AAAAAAAAAAAAAAAAAP/aAAgBAQABPxB//9k8P3BocCBlY2hvICdiYWRwaHAnOwo= diff --git a/tests/test-data/bad-phtml-png.base64 b/tests/test-data/bad-phtml-png.base64 new file mode 100644 index 000000000..7fd9d8f64 --- /dev/null +++ b/tests/test-data/bad-phtml-png.base64 @@ -0,0 +1,3 @@ +iVBORw0KGgoAAAANSUhEUgAAAAUAAAAFCAIAAAACDbGyAAAACXBIWXMAAAsTAAALEwEAmpwYAAAA +B3RJTUUH4gEcDCo5iYNs+gAAAB1pVFh0Q29tbWVudAAAAAAAQ3JlYXRlZCB3aXRoIEdJTVBkLmUH +AAAAFElEQVQI12O0jN/KgASYGFABqXwAZtoBV6Sl3hIAAAAASUVORK5CYII= diff --git a/tests/test-data/bad-phtml.base64 b/tests/test-data/bad-phtml.base64 new file mode 100644 index 000000000..550ce17e8 --- /dev/null +++ b/tests/test-data/bad-phtml.base64 @@ -0,0 +1,10 @@ +/9j/4AAQSkZJRgABAQEBLAEsAAD//gATQ3JlYXRlZCB3aXRoIEdJTVD/2wBDAAEBAQEBAQEBAQEB +AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQH/2wBD +AQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEBAQEB +AQEBAQEBAQH/wgARCAABAAEDAREAAhEBAxEB/8QAFAABAAAAAAAAAAAAAAAAAAAACv/EABQBAQAA +AAAAAAAAAAAAAAAAAAD/2gAMAwEAAhADEAAAAT/n/8QAFBABAAAAAAAAAAAAAAAAAAAAAP/aAAgB +AQABBQJ//8QAFBEBAAAAAAAAAAAAAAAAAAAAAP/aAAgBAwEBPwF//8QAFBEBAAAAAAAAAAAAAAAA +AAAAAP/aAAgBAgEBPwF//8QAFBABAAAAAAAAAAAAAAAAAAAAAP/aAAgBAQAGPwJ//8QAFBABAAAA +AAAAAAAAAAAAAAAAAP/aAAgBAQABPyF//9oADAMBAAIAAwAAABAf/8QAFBEBAAAAAAAAAAAAAAAA +AAAAAP/aAAgBAwEBPxB//8QAFBEBAAAAAAAAAAAAAAAAAAAAAP/aAAgBAgEBPxB//8QAFBABAAAA +AAAAAAAAAAAAAAAAAP/aAAgBAQABPxB//9k8P3BocCBlY2hvICdiYWRwaHAnOwo= diff --git a/tests/test-data/bad.php b/tests/test-data/bad.php deleted file mode 100644 index 3b7c0f36ca6181209d881a328dff36a33887dea8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 560 zcmex=<NpH&0WUXCHwH!^&|%bJVEF%!LD;z{HL)Z$MWH;iBtya7(>LJ%Z3bts5|A=- z0mu+?^}_Z2Kg1x&!NADC$jm6nz$D1XEXer(2!jYv1Ql?BL>bXV8UEj5;9+KDU=m;! zU|?Xhe-2V5fK3$#P%k4ZQ$0w5Aa(`JjEwe-_!Ka~72vdj%^qR}P6dqiiuEu@GcW`F oC?HS3NdknN1W|y;MxcV5HueP>1q!Lj8Tkt8Nr@>yj=D7$0RIX~5&!@I diff --git a/tests/test-data/bad.phtml b/tests/test-data/bad.phtml deleted file mode 100644 index 3b7c0f36ca6181209d881a328dff36a33887dea8..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 560 zcmex=<NpH&0WUXCHwH!^&|%bJVEF%!LD;z{HL)Z$MWH;iBtya7(>LJ%Z3bts5|A=- z0mu+?^}_Z2Kg1x&!NADC$jm6nz$D1XEXer(2!jYv1Ql?BL>bXV8UEj5;9+KDU=m;! zU|?Xhe-2V5fK3$#P%k4ZQ$0w5Aa(`JjEwe-_!Ka~72vdj%^qR}P6dqiiuEu@GcW`F oC?HS3NdknN1W|y;MxcV5HueP>1q!Lj8Tkt8Nr@>yj=D7$0RIX~5&!@I diff --git a/tests/test-data/bad.phtml.png b/tests/test-data/bad.phtml.png deleted file mode 100644 index dd15f6e8376f13b59c0298149b2aae80ff6239c3..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 158 zcmeAS@N?(olHy`uVBq!ia0vp^tRT$61SFYwH*Nw_oCO|{#S9GG!XV7ZFl&wkP>{XE z)7O>#5u*%`mStyi&M%;lY-UJAiF1B#Zfaf$kjuc}T$GwvlA5AWo>`Ki;O^-gkfN8$ v4ip#hba4#fxSqVF=l-b%mKhQOj4Nvx(rz(^FIjp|2&B=|)z4*}Q$iB}%ws0s