[PHP] Add LFI endpoint (#2966)

DataDog · Jan 31, 2025 · 3f6a518 · 3f6a518
1 parent cc6ed14
commit 3f6a518
Show file tree

Hide file tree

Showing 4 changed files with 36 additions and 10 deletions.
diff --git a/manifests/php.yml b/manifests/php.yml
@@ -167,17 +167,17 @@ tests/:
         Test_Cmdi_UrlQuery: missing_feature
         Test_Cmdi_Waf_Version: v1.6.2
       test_lfi.py:
-        Test_Lfi_BodyJson: missing_feature
-        Test_Lfi_BodyUrlEncoded: missing_feature
-        Test_Lfi_BodyXml: missing_feature
-        Test_Lfi_Capability: missing_feature
-        Test_Lfi_Mandatory_SpanTags: missing_feature
-        Test_Lfi_Optional_SpanTags: missing_feature
-        Test_Lfi_RC_CustomAction: missing_feature
+        Test_Lfi_BodyJson: v1.6.2
+        Test_Lfi_BodyUrlEncoded: v1.6.2
+        Test_Lfi_BodyXml: v1.6.2
+        Test_Lfi_Capability: v1.7.0
+        Test_Lfi_Mandatory_SpanTags: v1.6.2
+        Test_Lfi_Optional_SpanTags: v1.6.2
+        Test_Lfi_RC_CustomAction: missing_feature # It works but missing this APPSEC-56457
         Test_Lfi_Rules_Version:  v1.6.2
-        Test_Lfi_StackTrace: missing_feature
+        Test_Lfi_StackTrace: v1.6.2
         Test_Lfi_Telemetry: missing_feature
-        Test_Lfi_UrlQuery: missing_feature
+        Test_Lfi_UrlQuery: v1.6.2
         Test_Lfi_Waf_Version:  v1.6.2
       test_shi.py:
         Test_Shi_BodyJson: missing_feature

diff --git a/utils/build/docker/php/app.sh b/utils/build/docker/php/app.sh
@@ -0,0 +1,3 @@
+#!/bin/bash
+
+#Nothing to do here. This file is to allow --sleep execution
diff --git a/utils/build/docker/php/common/php.ini b/utils/build/docker/php/common/php.ini
@@ -10,6 +10,7 @@ extension=mysqli.so
 extension=pdo.so
 extension=pdo_mysql.so
 extension=pdo_pgsql.so
+extension=simplexml.so
 error_log=/var/log/system-tests/php_error.log
 error_reporting=2147483647
 display_errors=0

diff --git a/utils/build/docker/php/common/rasp/lfi.php b/utils/build/docker/php/common/rasp/lfi.php
@@ -1 +1,23 @@
-<?php echo "Hello, LFI!";
+<?php
+
+$file = null;
+$contentType = $_SERVER['CONTENT_TYPE'] ?? "";
+switch ($contentType) {
+	case 'application/json':
+		$body = file_get_contents("php://input");
+		$decoded = json_decode($body, 1);
+		$file = $decoded["file"];
+		break;
+	case 'application/xml':
+		$body = file_get_contents("php://input");
+		$decoded = simplexml_load_string(stripslashes($body));
+		$file = (string)$decoded[0];
+		break;
+	default:
+		$file = urldecode($_REQUEST["file"]);
+		break;
+}
+
+file_get_contents($file);
+
+echo "Hello, LFI!";
Original file line number	Diff line number	Diff line change
		@@ -0,0 +1,3 @@
		#!/bin/bash

		#Nothing to do here. This file is to allow --sleep execution