Main RocketGit repo
/tests/http_csrf.php (8a07a689f60f90937ce1a8d6eb22576db35b75f2) (2967 bytes) (mode 100644) (type blob)
<?php
error_reporting(E_ALL | E_STRICT);
ini_set("track_errors", "On");
$rg_cache_debug = TRUE;
$INC = dirname(__FILE__) . "/../inc";
require_once(dirname(__FILE__) . "/config.php");
require_once($INC . "/init.inc.php");
require_once($INC . "/util.inc.php");
require_once("helpers.inc.php");
require_once("http.inc.php");
rg_log_set_file("http_csrf.log");
$rg_sql = "host=localhost user=rocketgit dbname=rocketgit connect_timeout=10";
$rg_no_db = TRUE;
require_once("common.php");
$_testns = 'http_csrf';
$rg_cache_enable = TRUE;
prepare_http();
test_set_ua("user-agent-1");
rg_test_create_user($db, $rg_ui);
$r = test_login($test_url, $rg_ui);
if ($r === FALSE) {
rg_log("Cannot login!");
exit(1);
}
rg_log_enter("Loading suggestion form (referer test)");
test_set_ua("user-agent-1");
test_set_referer($test_url);
$data = array();
$headers = array();
$r = do_req($test_url . "/op/suggestion?t=load_suggestion_form_referer", $data, $headers);
if (!stristr($r['body'], "action=\"/op/suggestion\"")) {
rg_log("Cannot load form! See above.");
exit(1);
}
$good_token = $r['tokens']['suggestion'];
$good_logout_token = $r['tokens']['logout'];
rg_log_exit();
rg_log_enter("Try posting with different referer: should not work");
test_set_ua("user-agent-1");
test_set_referer("http://attacker.com:4000/bla");
$data = array(
"doit" => 1,
"token" => $good_token,
"suggestion" => "bla bla bla"
);
$headers = array();
$r = do_req($test_url . "/op/suggestion?t=post_suggestion_form_diff_referer", $data, $headers);
if (!stristr($r['body'], "invalid referer")) {
rg_log_ml("Seems I could add a suggestion bypassing CSRF"
. " protection based on referer! See above.");
exit(1);
}
rg_log_exit();
rg_log_enter("Testing logout CSRF (wrong token)...");
test_set_ua("user-agent-1");
test_set_referer($test_url);
$data['token'] = strtoupper($good_token);
$headers = array();
$r = do_req($test_url . "/op/logout?t=wrong_token", $data, $headers);
if (stristr($r['body'], "You are now logged out")) {
rg_log("No error on logout with wrong token?! See above.");
exit(1);
}
rg_log_exit();
/* TODO setting cookie does not work!
rg_log_enter("Testing logout CSRF (token passed in cookie)...");
test_set_ua("user-agent-1");
test_set_referer($test_url);
$headers = array('Cookie: token=' . $good_logout_token);
$data = array('doit' => 1);
$r = do_req($test_url . "/op/logout?t=token_passed_by_cookie", $data, $headers);
if (stristr($r['body'], "You are now logged out")) {
rg_log("No error on logout with token passed by cookie?! See above.");
exit(1);
}
rg_log_exit();
*/
rg_log_enter("Testing logout CSRF (good token)...");
test_set_ua("user-agent-1");
$url = $test_url . "/op/logout?t=good_token&token=" . $good_logout_token;
$data = array(); $headers = array();
$r = do_req($url, $data, $headers);
if (!stristr($r['body'], "You are now logged out")) {
rg_log("Seems I cannot logout with a good token! See above.");
exit(1);
}
rg_log_exit();
rg_log("OK!");
?>
| Mode | Type | Size | Ref | File |
|---|---|---|---|---|
| 100644 | blob | 9 | f3c7a7c5da68804a1bdf391127ba34aed33c3cca | .exclude |
| 100644 | blob | 102 | eaeb7d777062c60a55cdd4b5734902cdf6e1790c | .gitignore |
| 100644 | blob | 341 | 4f4fc30b693128521d8deabbd0e1a09e46b6ced5 | AUTHORS |
| 100644 | blob | 1132 | dd65951315f3de6d52d52a82fca59889d1d95187 | Certs.txt |
| 100644 | blob | 1178 | 18c1f4f5d5cc03c630566e39418788160c2b0a24 | History.txt |
| 100644 | blob | 34520 | dba13ed2ddf783ee8118c6a581dbf75305f816a3 | LICENSE |
| 100644 | blob | 3398 | cf75b360b8a3e6ef86bc4a42648e353bd58c2a80 | Makefile.in |
| 100644 | blob | 5649 | 0be60bc826db4b315efb6e15cb499a577c3340d2 | README |
| 100644 | blob | 136232 | 9a1643c1672b63d18b16775918520c7f559f0ddf | TODO |
| 100644 | blob | 1294 | f22911eb777f0695fcf81ad686eac133eb11fcc4 | TODO-plans |
| 100644 | blob | 203 | a2863c67c3da44126b61a15a6f09738c25e0fbe0 | TODO.perf |
| 100644 | blob | 1044 | 9bb3652b3937eb624dba0f2d8efff7ce6c0ce0e2 | TODO.vm |
| 040000 | tree | - | 21928e906ad2907a55c2e81c2a8b0502b586b8a0 | artwork |
| 100644 | blob | 4707 | 0da219f933a61fe4d34eb59e1a3829e19e3d246e | compare.csv |
| 100755 | blob | 30 | 92c4bc48245c00408cd7e1fd89bc1a03058f4ce4 | configure |
| 040000 | tree | - | 69114e8648f8e0e7173c76e30ca6bbfcece7df31 | debian |
| 040000 | tree | - | e1f903261de934d6a656f07278d8c99446eaf9e9 | docker |
| 040000 | tree | - | f67d3605efbd6422a8acdd953578991139266391 | docs |
| 100755 | blob | 16720 | 52405deef0d3708e7553022e1e9db73faa28d05c | duilder |
| 100644 | blob | 536 | 96c75f943c5bf93b54dbddf678e8a99d7ba4ff93 | duilder.conf |
| 040000 | tree | - | 2f3d689ae2a6df46f805b6a1d7e0036ad8304874 | hooks |
| 040000 | tree | - | 6d06d271895cb6d3d508335148a66e52e6a56e2c | inc |
| 040000 | tree | - | c070ac2ad296b44903e5e3495d81a905802a3d78 | misc |
| 100644 | blob | 3766 | a0f894a1e351d296c73467c75f4508a5ed85fc1e | rocketgit.spec.in |
| 040000 | tree | - | ebabf40af80662ecb8b82a95bfd91800db6ca18a | root |
| 040000 | tree | - | c6edd648d12e2e98861583d5a0d5eab8381b2c06 | samples |
| 040000 | tree | - | 7b6bd5c91f898dcee3e820cf289852c86291982a | scripts |
| 040000 | tree | - | f0806d955c8d64a3c1522c5ee97c4295a6203c5e | selinux |
| 100755 | blob | 256 | 462ccd108c431f54e380cdac2329129875a318b5 | spell_check.sh |
| 040000 | tree | - | cb54e074b3ca35943edfcda9dd9cfcd281bcd9e7 | techdocs |
| 040000 | tree | - | 0a6340f78c2c656cc34c9b3b59dcf26e581bafee | tests |
| 040000 | tree | - | bc0ac4ce1d9e6c858f09fa0c615f1c9f55609b6f | tools |
Hints:
Before first commit, do not forget to setup your git environment:
Clone this repository using HTTP(S):
Clone this repository using ssh (do not forget to upload a key first):
Clone this repository using git:
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
Before first commit, do not forget to setup your git environment:
git config --global user.name "your_name_here"
git config --global user.email "your@email_here"
git config --global user.email "your@email_here"
Clone this repository using HTTP(S):
git clone https://rocketgit.com/user/catalinux/rocketgit
Clone this repository using ssh (do not forget to upload a key first):
git clone ssh://rocketgit@ssh.rocketgit.com/user/catalinux/rocketgit
Clone this repository using git:
git clone git://git.rocketgit.com/user/catalinux/rocketgit
You are allowed to anonymously push to this repository.
This means that your pushed commits will automatically be transformed into a merge request:
... clone the repository ...
... make some changes and some commits ...
git push origin main
... make some changes and some commits ...
git push origin main
RocketGit
Rocket your launch!
Rocket your launch!