FileDeleteGadgetChainTest.php

Namespace

Drupal\KernelTests\Core\File

File

core/tests/Drupal/KernelTests/Core/File/FileDeleteGadgetChainTest.php

View on git.drupalcode.org
View source 
<?php

declare (strict_types=1);
// cSpell:ignore phpggc
namespace Drupal\KernelTests\Core\File;

use Drupal\KernelTests\KernelTestBase;

/**
 * Tests protection against SA-CORE-2024-006 File Delete Gadget Chain.
 *
 * @group file
 */
class FileDeleteGadgetChainTest extends KernelTestBase {
  
  /**
   * Tests unserializing a File Delete payload.
   */
  public function testFileDeleteGadgetChain() : void {
    file_put_contents('public://canary.txt', 'now you see me');
    // ./phpggc --public-properties Drupal/FD1 public://canary.txt
    $payload = 'O:34:"Drupal\\Core\\Config\\StorageComparer":1:{s:18:"targetCacheStorage";O:39:"Drupal\\Component\\PhpStorage\\FileStorage":1:{s:9:"directory";s:19:"public://canary.txt";}}';
    try {
      unserialize($payload);
      $this->fail('No exception was thrown');
    } catch (\Throwable $e) {
      $this->assertInstanceOf(\TypeError::class, $e);
      $this->assertStringContainsString('Cannot assign Drupal\\Component\\PhpStorage\\FileStorage to property Drupal\\Core\\Config\\StorageComparer::$targetCacheStorage', $e->getMessage());
    }
    $this->assertTrue(file_exists('public://canary.txt'));
    unlink('public://canary.txt');
  }

}

Classes

Title Deprecated Summary
FileDeleteGadgetChainTest Tests protection against SA-CORE-2024-006 File Delete Gadget Chain.

Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.