function FileDeleteGadgetChainTest::testFileDeleteGadgetChain
Tests unserializing a File Delete payload.
File
-
core/
tests/ Drupal/ KernelTests/ Core/ File/ FileDeleteGadgetChainTest.php, line 21
Class
- FileDeleteGadgetChainTest
- Tests protection against SA-CORE-2024-006 File Delete Gadget Chain.
Namespace
Drupal\KernelTests\Core\FileCode
public function testFileDeleteGadgetChain() : void {
file_put_contents('public://canary.txt', 'now you see me');
// ./phpggc --public-properties Drupal/FD1 public://canary.txt
$payload = 'O:34:"Drupal\\Core\\Config\\StorageComparer":1:{s:18:"targetCacheStorage";O:39:"Drupal\\Component\\PhpStorage\\FileStorage":1:{s:9:"directory";s:19:"public://canary.txt";}}';
try {
unserialize($payload);
$this->fail('No exception was thrown');
} catch (\Throwable $e) {
$this->assertInstanceOf(\TypeError::class, $e);
$this->assertStringContainsString('Cannot assign Drupal\\Component\\PhpStorage\\FileStorage to property Drupal\\Core\\Config\\StorageComparer::$targetCacheStorage', $e->getMessage());
}
$this->assertTrue(file_exists('public://canary.txt'));
unlink('public://canary.txt');
}Buggy or inaccurate documentation? Please file an issue. Need support? Need help programming? Connect with the Drupal community.