#****u* t/01_ids.t # NAME # 01_ids.t # DESCRIPTION # Tests for PerlIDS (CGI::IDS) # based on PHPIDS http://php-ids.org tests/IDS/MonitorTest.php rev. 1276 # AUTHOR # Hinnerk Altenburg # CREATION DATE # 2008-07-01 # COPYRIGHT # Copyright (C) 2008, 2009 Hinnerk Altenburg # # This file is part of PerlIDS. # # PerlIDS is free software: you can redistribute it and/or modify # it under the terms of the GNU Lesser General Public License as published by # the Free Software Foundation, either version 3 of the License, or # (at your option) any later version. # # PerlIDS is distributed in the hope that it will be useful, # but WITHOUT ANY WARRANTY; without even the implied warranty of # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the # GNU Lesser General Public License for more details. # # You should have received a copy of the GNU Lesser General Public License # along with PerlIDS. If not, see . #**** #------------------------- Pragmas --------------------------------------------- use strict; use warnings; #------------------------- Libs ------------------------------------------------ use Test::More tests => 59; use CGI::IDS; #------------------------- Test Data ------------------------------------------- my %testSimpleScan = ( 'value' => 'alert(1)', ); my %testScanKeys = ( 'alert(0)' => 'hallo', 'alert(1)' => 'alert(2)', 2 => 'alert(#)', 'alert' => 'test', ); my %testWhitelistScan = ( login_password => 'alert(1)', name => 'hinnerk', action => 'login', scr_rec_id => '876876.987ef987', send => '', ); my %testWhitelistScan2 = ( login_password => 'alert(1)', username => 'hinnerk attack', action => 'login', scr_rec_id => '876876.9fe87987', send => '', ); my %testWhitelistScan3 = ( login_password => 'alert(1)', username => 'hinnerk', action => 'xlogin', scr_rec_id => '876876.98ef7987', send => '', ); my %testWhitelistScan4 = ( login_password => 'alert(1)', username => 'hinnerk', action => 'login', scr_rec_id => '876876.98ef7987alert(1)', ); my %testWhitelistScan5 = ( login_password => 'alert(1)', username => 'hinnerk', action => 'login', scr_rec_id => '876876.98ef7987', ); my %testWhitelistSkip = ( login_password => 'alert(1)', username => 'hinnerk', action => 'login', scr_rec_id => '876876.9ef87987', send => '', ); my %testWhitelistSkip2 = ( login_password => 'alert(1)', username => 'hinnerk', action => 'login', scr_rec_id => '876876.9ef87987alert(1)', send => 'hjjkh98798', ); my %testWhitelistSkip3 = ( login_password => 'alert(1)', username => 'hinnerk', action => 'login', scr_rec_id => '876876.9ef87987alert(1)', send => 'hjjkh98798', uid => 'alert(2)', # skip uid everytime ); #------------------------- PHPIDS test data ------------------------------------ my %testAttributeBreakerList = ( 0 => '">XXX', 1 => '" style ="', 2 => '"src=xxx a="', 3 => '"\' onerror = alert(1) ', 4 => '" a "" b="x"', ); my %testCommentList = ( 0 => 'test/**/blafasel', 1 => 'OR 1#', 2 => '', ); my %testConcatenatedXSSList = ( 0 => "s1=''+'java'+''+'scr'+'';s2=''+'ipt'+':'+'ale'+'';s3=''+'rt'+''+'(1)'+''; u1=s1+s2+s3;URL=u1", 1 => "s1=0?'1':'i'; s2=0?'1':'fr'; s3=0?'1':'ame'; i1=s1+s2+s3; s1=0?'1':'jav'; s2=0?'1':'ascr'; s3=0?'1':'ipt'; s4=0?'1':':'; s5=0?'1':'ale'; s6=0?'1':'rt'; s7=0?'1':'(1)'; i2=s1+s2+s3+s4+s5+s6+s7;", 2 => "s1=0?'':'i';s2=0?'':'fr';s3=0?'':'ame';i1=s1+s2+s3;s1=0?'':'jav';s2=0?'':'ascr';s3=0?'':'ipt';s4=0?'':':';s5=0?'':'ale';s6=0?'':'rt';s7=0?'':'(1)';i2=s1+s2+s3+s4+s5+s6+s7;i=createElement(i1);i.src=i2;x=parentNode;x.appendChild(i);", 3 => "s1=['java'+''+''+'scr'+'ipt'+':'+'aler'+'t'+'(1)'];", 4 => "s1=['java'||''+'']; s2=['scri'||''+'']; s3=['pt'||''+''];", 5 => "s1='java'||''+'';s2='scri'||''+'';s3='pt'||''+'';", 6 => "s1=!''&&'jav';s2=!''&&'ascript';s3=!''&&':';s4=!''&&'aler';s5=!''&&'t';s6=!''&&'(1)';s7=s1+s2+s3+s4+s5+s6;URL=s7;", 7 => "t0 =1? \"val\":0;t1 =1? \"e\":0;t2 =1? \"nam\":0;t=1? t1+t0:0;t=1?t[1? t:0]:0;t=(1? t:0)(1? (1? t:0)(1? t2+t1:0):0);", 8 => "a=1!=1?0:'eva';b=1!=1?0:'l';c=a+b;d=1!=1?0:'locatio';e=1!=1?0:'n.has';f=1!=1?0:'h.substrin';g=1!=1?0:'g(1)';h=d+e+f+g;0[''+(c)](0[''+(c)](h));", 9 => 'b=(navigator);c=(b.userAgent);d=c[61]+c[49]+c[6]+c[4];e=\'\'+/abcdefghijklmnopqrstuvwxyz.(1)/;f=e[12]+e[15]+e[3]+e[1]+e[20]+e[9]+e[15]+e[14]+e[27]+e[8]+e[1]+e[19]+e[8]+e[27]+e[19]+e[21]+e[2]+e[19]+e[20]+e[18]+e[9]+e[14]+e[7]+e[28]+e[29]+e[30];0[\'\'+[d]](0[\'\'+(d)](f));', 10 => "c4=1==1&&'(1)';c3=1==1&&'aler';c2=1==1&&':';c1=1==1&&'javascript';a=c1+c2+c3+'t'+c4;(URL=a);", 11 => "x=''+/abcdefghijklmnopqrstuvwxyz.(1)/;e=x[5];v=x[22];a=x[1];l=x[12];o=x[15];c=x[3];t=x[20];i=x[9];n=x[14];h=x[8];s=x[19];u=x[21];b=x[2];r=x[18];g=x[7];dot=x[27];uno=x[29];op=x[28];cp=x[30];z=e+v+a+l;y=l+o+c+a+t+i+o+n+dot+h+a+s+h+dot+s+u+b+s+t+r+i+n+g+op+uno+cp;0[''+[z]](0[''+(z)](y));", 12 => "d=''+/eval~locat~ion.h~ash.su~bstring(1)/;e=/.(x?.*)~(x?.*)~(x?.*)~(x?.*)~(x?.*)./;f=e.exec(d);g=f[2];h=f[3];i=f[4];j=f[5];k=g+h+i+j;0[''+(f[1])](0[''+(f[1])](k));", 13 => "a=1!=1?/x/:'eva';b=1!=1?/x/:'l';a=a+b;e=1!=1?/x/:'h';b=1!=1?/x/:'locatio';c=1!=1?/x/:'n';d=1!=1?/x/:'.has';h=1!=1?/x/:'1)';g=1!=1?/x/:'ring(0';f=1!=1?/x/:'.subst';b=b+c+d+e+f+g+h;B=00[''+[a]](b);00[''+[a]](B);", 14 => "(z=String)&&(z=z() );{a=(1!=1)?a:'eva'+z}{a+=(1!=1)?a:'l'+z}{b=(1!=1)?b:'locatio'+z}{b+=(1!=1)?b:'n.has'+z}{b+=(1!=1)?b:'h.subst'+z}{b+=(1!=1)?b:'r(1)'+z}{c=(1!=1)?c:(0)[a]}{d=c(b)}{c(d)}", 15 => "{z=(1==4)?here:{z:(1!=5)?'':be}}{y=(9==2)?dragons:{y:'l'+z.z}}{x=(6==5)?3:{x:'a'+y.y}}{w=(5==8)?9:{w:'ev'+x.x}}{v=(7==9)?3:{v:'tr(2)'+z.z}}{u=(3==8)?4:{u:'sh.subs'+v.v}}{t=(6==2)?6:{t:y.y+'ocation.ha'+u.u}}{s=(4==3)?3:{s:(8!=3)?(2)[w.w]:z}}{r=s.s(t.t)}{s.s(r)+z.z}", 16 => "{z= (1.==4.)?here:{z: (1.!=5.)?'':be}}{y= (9.==2.)?dragons:{y: 'l'+z.z}}{x= (6.==5.)?3:{x: 'a'+y.y}}{w= (5.==8.)?9:{w: 'ev'+x.x}}{v= (7.==9.)?3:{v: 'tr(2.)'+z.z}}{u= (3.==8.)?4:{u: 'sh.subs'+v.v}}{t= (6.==2.)?6:{t: y.y+'ocation.ha'+u.u}}{s= (4.==3.)?3:{s: (8.!=3.)?(2.)[w.w]:z}}{r= s.s(t.t)}{s.s(r)+z.z}", 17 => "a=1==1?1==1.?'':x:x;b=1==1?'val'+a:x;b=1==1?'e'+b:x;c=1==1?'str(1)'+a:x;c=1==1?'sh.sub'+c:x;c=1==1?'ion.ha'+c:x;c=1==1?'locat'+c:x;d=1==1?1==1.?0.[b]:x:x;d(d(c))", 18 => "{z =(1)?\"\":a}{y =(1)?{y: 'l'+z}:{y: 'l'+z.z}}x=''+z+'eva'+y.y;n=.1[x];{};; o=''+z+\"aler\"+z+\"t(x)\"; n(o);", 19 => ";{z =(1)?\"\":a}{y =(1)?{y: 'eva'+z}:{y: 'l'+z.z}}x=''+z+{}+{}+{}; {};; {v =(0)?z:z}v={_\$:z+'aler'+z}; {k =(0)?z:z}k={_\$\$:v._\$+'t(x)'+z}; x=''+y.y+'l';{}; n=.1[x]; n(k._\$\$)", 20 => "ä=/ä/!=/ä/?'': 0;b=(ä+'eva'+ä);b=(b+'l'+ä);d=(ä+'XSS'+ä);c=(ä+'aler'+ä);c=(c+'t(d)'+ä);\$=.0[b];a=\$;a(c)", 21 => 'x=/x/ \$x=!!1?\'ash\':xx \$x=!!1?\'ation.h\'+\$x:xx \$x=!!1?\'loc\'+\$x:xx x.x=\'\'. eval, x.x(x.x(\$x) )', 22 => 'a=/x/ \$b=!!1e1?\'ash\':a \$b=!!1e1?\'ion.h\'+\$b:a \$b=!!1e1?\'locat\'+\$b:a \$a=!1e1?!1e1:eval a.a=\$a \$b=a.a(\$b) \$b=a.a(\$b)', 23 => 'y=name,null \$x=eval,null \$x(y)', 24 => '\$=\'e\' ,x=\$[\$+\'val\'] x(x(\'nam\'+\$)+\$)', 25 => 'typeof~delete~typeof~alert(1)', 26 => 'ªª=1&& name ª=1&&window.eval,1 ª(ªª)', 27 => "y='nam' x=this.eval x(x(y ('e') new Array) y)", ); my %testConcatenatedXSSList2 = ( 0 => "ä=/ä/?'': 0;b=(ä+'eva'+ä);b=(b+'l'+ä);d=(ä+'XSS'+ä);c=(ä+'aler'+ä);c=(c+'t(d)'+ä);ä=.0[b];ä(c)", 1 => "b = (x()); \$ = .0[b];a=\$; a( h() ); function x () { return 'eva' + p(); }; function p() { return 'l' ; }; function h() { return 'aler' + i(); }; function i() { return 't (123456)' ; };", 2 => "s=function test2() {return 'aalert(1)a';1,1}(); void(a = {} ); a.a1=function xyz() {return s[1] }(); a.a2=function xyz() {return s[2] }(); a.a3=function xyz() {return s[3] }(); a.a4=function xyz() {return s[4] }(); a.a5=function xyz() {return s[5] }(); a.a6=function xyz() {return s[6] }(); a.a7=function xyz() {return s[7] }(); a.a8=function xyz() {return s[8] }(); \$=function xyz() {return a.a1 + a.a2 + a.a3 +a.a4 +a.a5 + a.a6 + a.a7 +a.a8 }(); new Function(\$)();", 3 => "x = localName.toLowerCase() + 'lert(1),' + 0x00;new Function(x)()", 4 => "txt = java.lang.Character (49) ;rb = java.lang.Character (41) ;lb = java.lang.Character (40) ;a = java./**/lang.Character (97) ;l = java.lang.Character (108) ;e = java.// lang.Character (101) ;r = java.lang.Character (114) ;t = java . lang.Character (116) ; v = java.lang.Character (118) ;f = as( ) ; function msg () { return lb+ txt+ rb }; function as () { return a+ l+ e+ r+ t+ msg() }; function ask () { return e+ v+ a+ l };g = ask ( ) ; (0[g])(f) ", 5 => "s=new String; e = /aeavaala/+s; e = new String + e[ 2 ] + e[ 4 ] + e[ 5 ] + e[ 7 ]; a = /aablaecrdt(1)a/+s; a = new String + a[ 2]+a[ 4 ] + a[ 6 ] + a[ 8 ] + a[ 10 ] + a[ 11 ] + a[ 12 ] + a[ 13 ], e=new Date() [e];", 6 => '\$a= !false?"ev":1 \$b= !false? "al":1 \$a= !false?\$a+\$b:1 \$a= !false?0[\$a]:1 \$b= !false?"locat":1 \$c= !false?"ion.h":1 \$d= !false?"ash":1 \$b= !false?\$b+\$c+\$d:1 \$a setter=\$a,\$a=\$a=\$b', 7 => "\$1 = /e1v1a1l/+'' \$2 = [] \$2 += \$1[1] \$2 += \$1[3] \$2 += \$1[5] \$2 += \$1[7] \$2 = \$1[ \$2 ] \$3 = /a1l1e1r1t1(1)1/+'' \$4 = [] \$4 += \$3[1] \$4 += \$3[3] \$4 += \$3[5] \$4 += \$3[7] \$4 += \$3[9] \$4 += \$3[11] \$4 += \$3[12] \$4 += \$3[13] \$2_ = \$2 \$4_ = \$4 \$2_ ( \$4_ )", 8 => 'x=![]?\'42\':0 \$a= !x?\'ev\':0 \$b= !x?\'al\':0 \$a= !x?\$a+\$b:0 \$a setter = !x?0[\$a]:0 \$b= !x?\'locat\':0 \$c= !x?\'ion.h\':0 \$d= !x?\'ash\':0 \$b= !x?\$b+\$c+\$d:0 \$msg= !x?\'i love ternary operators\':0 \$a=\$a=\$b', 9 => "123[''+<_>ev+<_>al](''+<_>aler+<_>t+<_>(1));", 10 => '\$_ = !1-1 ? 0["\ev\al""]("\a\l\ert\(1\)"") : 0', 11 => "\$\$\$[0] = !1-1 ? 'eva' : 0 \$\$\$[1] = !1-1 ? 'l' : 0 \$\$\$['".'\j'."o".'\i'."n']([])", 12 => 'x=/eva/i[-1] \$y=/nam/i[-1] \$x\$_0=(0)[x+\'l\'] \$x=\$x\$_0(\$y+\'e\') \$x\$_0(\$x)', 13 => '\$y=("eva") \$z={}[\$y+"l"] \$y=("aler") \$y+=(/t(1)/)[-1] \$z(\$y)', 14 => '[\$y=("al")]&&[\$z=\$y]&&[\$z+=("ert")+[]][DocDan=(/ev/)[-1]+\$y](\$z).valueOf()(1)', 15 => '[\$y=(\'al\')]&[\$z=\$y \'ert\'][a=(1?/ev/:0)[-1] \$y](\$z)(1)', 16 => "0[('ev')+status+(z=('al'),z)](z+'ert(0),'+/x/)", 17 => "0[('ev')+(n='')+(z=('al'),z)](z+'ert(0),'+/x/)", 18 => "\$={}.eval,\$(\$('na'+navigator.vendor+('me,')+/x/))", 19 => "ale‌rt(1)", 20 => "ale‍rt(1)", 21 => "ale‎rt(1)", 22 => 'al�ert(1)', 23 => 'al�ert(1)', 24 => 'al�ert(1)', #'alÔøΩert(1)', 25 => '1[__par{new Array}ent__][al{new Array}ert](1) ', 26 => '(new Option).style.setExpression(1,1&&name)', 27 => 'default xml namespace=toolbar,b=1&&this.atob default xml namespace=toolbar,e2=b(\'ZXZhbA\') default xml namespace=toolbar,e=this[toolbar,e2] default xml namespace=toolbar,y=1&&name default xml namespace=toolbar default xml namespace=e(y)', 28 => '-Infinity++in eval(1&&name)', 29 => 'new Array, new Array, new Array, new Array, new Array, new Array, new Array, new Array, new Array, new Array, new Array, new Array, x=(\'e\') x=(\'nam\')+(new Array)+x y=(\'val\') y=(\'e\')+(new Array)+y z=this z=z[y] z(z(x)+x)', 30 => 'undefined,undefined undefined,undefined undefined,undefined undefined,undefined x=(\'aler\ t\') undefined,undefined undefined,undefined undefined,undefined undefined,undefined this [x] (1) undefined,undefined undefined,undefined undefined,undefined undefined,undefined', 31 => 'location.assign(1?name+1:(x))', 32 => "this[('eva')+new Array + 'l'](/x.x.x/+name+/x.x/)", 33 => "this[[],('eva')+(/x/,new Array)+'l'](/xxx.xxx.xxx.xxx.xx/+name,new Array)", ); my %testXMLPredicateXSSList = ( 0 => "a=locaetion.hasvah.subsltr(1) {b=0e0[a.v.text() ]}http='';b(b(http+a.text() )) ", 1 => 'y=alert;content[y](123)', 2 => "s1=evalalerta(1)a; s2=+''; s3=s1+s2; e1=/s1/?s3[0]:s1; e2=/s1/?s3[1]:s1; e3=/s1/?s3[2]:s1; e4=/s1/?s3[3]:s1; e=/s1/?.0[e1+e2+e3+e4]:s1; a1=/s1/?s3[4]:s1; a2=/s1/?s3[5]:s1; a3=/s1/?s3[6]:s1; a4=/s1/?s3[7]:s1; a5=/s1/?s3[8]:s1; a6=/s1/?s3[10]:s1; a7=/s1/?s3[11]:s1; a8=/s1/?s3[12]:s1; a=a1+a2+a3+a4+a5+a6+a7+a8;e(a)", 3 => "location=javascr{new Array}ipt:aler{new Array}t(1)", 4 => "µ=<µ ł='le' µ='a' ø='rt'>,top[µ.@µ+µ.@ł+µ.@ø](1)", ); my %testConditionalCompilationXSSList = ( 1 => "/*\@cc_on\@set\@x=88\@set\@ss=83\@set\@s=83\@*/\@cc_on alert(String.fromCharCode(\@x,\@s,\@ss))", 2 => "\@cc_on eval(\@cc_on name)", 3 => "\@if(\@_mc680x0)\@else alert(\@_jscript_version)\@end", 4 => "\"\"\@cc_on,x=\@cc_on'something'\@cc_on", ); my %testXSSList = ( 0 => '\'\'"-->", 111, "eval(name)"]}', ); my %testForFalseAlerts = ( 0 => 'war bereits als Gastgeber automatisch für das Turnier qualifiziert. Die restlichen 15 Endrundenplätze wurden zwischen Juni 2005 und Mai 2007 ermittelt. Hierbei waren mit Ausnahme der UEFA-Zone die jeweiligen Kontinentalmeisterschaften gleichzeitig das Qualifikationsturnier für die Weltmeisterschaft. Die UEFA stellt bei der Endrunde fünf Mannschaften. Die Teilnehmer wurden in einer Qualifikationsphase ermittelt, die am 9. Juli 2005 startete und am 30. September 2006 endete. Hierbei wurden die 25 Mannschaften der Kategorie A in fünf Gruppen zu je 5 Mannschaften eingeteilt, wobei sich die fünf Gruppensieger für die Endrunde qualifizierten. Das erste europäische Ticket löste Norwegen am 27. August 2006. Am 24. September folgte Schweden, drei Tage später konnten sich auch der amtierende Weltmeister Deutschland und Dänemark für die Endrunde qualifizieren. England sicherte sich am 30. September 2006 das letzte Ticket gegen Frankreich. Die Mannschaften der Kategorie B spielten lediglich um den Aufstieg in die A-Kategorie. Dem südamerikanischen Fußballverband CONMEBOL standen zwei Startpätze zu. Sie wurden bei der Sudamericano Femenino 2006, welche vom 10. bis 26. November 2006 im argentinischen Mar del Plata ausgetragen wurde, vergeben. Argentinien gewann das Turnier überraschend vor Brasilien. Beide Mannschaften qualifizierten sich für die Endrunde. Die zwei nordamerikanischen Teilnehmer wurden beim CONCACAF Women\'s Gold Cup 2006 in den Vereinigten Staaten ermittelt. Das Turnier fand in der Zeit vom 19. bis zum 30. November 2006 in Carson und Miami statt. Sieger wurde das US-amerikanische Team vor Kanada. Die drittplatzierten Mexikanerinnen spielten gegen den Asien-Vierten Japan um einen weiteren Startplatz, scheiterten aber in den Play-Off-Spielen. Die Afrikameisterschaft der Frauen wurde vom 28. Oktober bis zum 11. November 2006 in Nigeria ausgetragen. Die Mannschaft der Gastgeber setzte sich im Finale gegen Ghana durch. Beide Mannschaften werden den afrikanischen Fußballverband bei der WM vertreten. Die Asienmeisterschaft der Frauen fand im Juli 2006 in Australien statt. Neben den Chinesinnen, die sich mit einem Sieg über den Gastgeber den Titel sicherten, qualifizierten sich zudem die Australierinnen sowie die drittplatzierten Nordkoreanerinnen für die Endrunde. Japan setzte sich wie 2003 in den Play-Off-Spielen gegen Mexiko (2:0 und 1:2) durch. Ozeanien hat einen direkten Startplatz, der bei der Ozeanischen Frauenfußballmeisterschaft im April 2007 vergeben wurde. Neuseeland bezwang Papua-Neuguinea mit 7:0 und sicherte sich damit das Ticket für die Weltmeisterschaft.', 1 => 'Thatcher föddes som Margaret Hilda Roberts i staden Grantham i Lincolnshire, England. Hennes far var Alfred Roberts, som ägde en speceriaffär i staden, var aktiv i lokalpolitiken (och hade ämbetet alderman), samt var metodistisk lekmannapredikant. Roberts kom från en liberal familj men kandiderade?som då var praxis i lokalpolitik?som oberoende. Han förlorade sin post som Alderman 1952 efter att Labourpartiet fick sin första majoritet i Grantham Council 1950. Hennes mor var Beatrice Roberts, född Stephenson, och hon hade en syster, Muriel (1921-2004). Thatcher uppfostrades som metodist och har förblivit kristen under hela sitt liv.[1] Thatcher fick bra resultat i skolan. Hon gick i en grammar school för flickor (Kesteven) och kom sedan till Somerville College, Oxfords universitet 1944 för att studera Xylonite och sedan J. Lyons and Co., där hon medverkade till att ta fram metoder för att bevara glass. Hon ingick i den grupp som utvecklade den första frysta mjukglassen. Hon var också medlem av Association of Scientific Workers. Politisk karriär mellan 1950 och 1970 [redigera] Vid valen 1950 och 1951 ställde Margaret Roberts upp i v alkretsen Dartford, som var en säker valkrets för Labour. Hon var då den yngsta kvinnliga konservativa kandidaten någonsin. Medan hon var aktiv i det konservativa pa ficerad som barrister 1953. Samma år föddes hennes tvillingbarn Carol och Mark. Som advokat specialiserade hon sig på skatterätt. Thatcher började sedan leta efter en för Finchley i april 1958. Hon invaldes med god marginal i valet 1959 och tog säte i underhuset. Hennes jungfrutal var till stöd för hennes eget förslag om att tvinga kommunala församlingar att hålla möten offentligt, vilket blev antaget. 1961 gick hon emot partilinjen genom att rösta för återinförande av bestraffning med ris. Hon befordrades tidigt till regeringen som underordnad minister (Parliamentary Secretary) i ministeriet för pensioner och socialförsäktingar (Ministry of Pensions and National Insurance) i september 1961. Hon behöll denna post tills de konservativa förlorade makten i valet 1964. När Sir Alec Douglas-Home avgick röstade Thatcher för Edward Heath i valet av partiledare 1965. När Heath hade segrat belönades hon med att bli de konservativas talesman i bostads- och markfrågor. Hon antog den politik som hade utvecklats av hennes kollega James Allason, att sälja kommunägda bostäder till deras hyresgäster. Detta blev populärt i senare val[2]. Hon flyttade till skuggfinansgruppen efter 1966..', 2 => "Results are 'true' or 'false'.", 3 => "Choose between \"red\" and \"green\". ", 4 => "SQL Injection contest is coming in around '1 OR '2 weeks.", 5 => "select *something* from the menu", 6 => '', 7 => 'test_link => /app/search?op=search;keywords=john%20doe;', 8 => 'insertinserterrorherrorhostnameabip10.2.2.22asset2thresholdc30thresholda30rrd_profilenatnsens1osUnknownmacmacvendordescr', 9 => 'Big fun! ;-) :-D :))) ;)', 10 => '"hi" said the mouse to the cat and \'showed off\' her options', 11 => 'eZtwEI9v7nI1mV4Baw502qOhmGZ6WJ0ULN1ufGmwN5j+k3L6MaI0Hv4+RlOo42rC0KfrwUUm5zXOfy9Gka63m02fdsSp52nhK0Jsniw2UgeedUvn0SXfNQc/z13/6mVkcv7uVN63o5J8xzK4inQ1raknqYEwBHvBI8WGyJ0WKBMZQ26Nakm963jRb18Rzv6hz1nlf9cAOH49EMiD4vzd1g==', 12 => "'Reservist, Status: Stabsoffizier'", 13 => '"European Business School (ebs)"', 14 => 'Universität Karlsruhe (TH)', 15 => 'Psychologie, Coaching und Training, Wissenserlangung von Führungskräften, Menschen bewegen, Direktansprache, Erfolg, Spaß, Positiv Thinking and Feeling, Natur, Kontakte pflegen, Face to Face Contact, Sport/Fitness (Fussball, Beachvolleyball, Schwimmen, Laufen, Krafttraining, Bewegungsübungen uvm.), Wellness & Beauty', 16 => 'Großelternzeit - (Sachbearbeiter Lightfline)', 17 => '{HMAC-SHA1}{48de2031}{8AgxrQ==}', 18 => 'exchange of experience in (project) management and leadership • always interested in starting up business and teams • people with a passion • new and lost international contacts', 19 => 'Highly mobile (Project locations: Europe & Asia), You are a team player', 20 => '"Philippine Women\'s University (Honours)"', 21 => ')))) да второй состав в отличной форме, не оставили парням ни единого шанса!!! Я думаю нас jedi, можно в первый переводить ))) ', ); #------------------------- Tests ----------------------------------------------- # test module loading BEGIN { use_ok('CGI::IDS') } # diag( "Testing CGI::IDS $CGI::IDS::VERSION, Perl $], $^X" ); BEGIN { use_ok('XML::Simple', qw(:strict)) } BEGIN { use_ok('HTML::Entities') } BEGIN { use_ok('MIME::Base64') } BEGIN { use_ok('Encode', qw(decode)) } BEGIN { use_ok('Carp') } BEGIN { use_ok('JSON::XS') } BEGIN { use_ok('Time::HiRes') } BEGIN { use_ok('utf8') } BEGIN { use_ok('FindBin', qw($Bin)) } # croak tests print testmessage("croak tests"); eval { my $ids = new CGI::IDS( filters_file => "$Bin/data/missing_filter_file.xml", ); }; like( $@, qr/(?:Error in _load_filters_from_xml while parsing).*(?:File does not exist)/, 'Croak if filter file is missing'); eval { my $ids = new CGI::IDS( filters_file => "$Bin/data/test_filter_bad_xml.xml", ); }; like( $@, qr/(?:Error in _load_filters_from_xml while parsing)(?!.*(?:File does not exist))/, 'Croak if filter file has incorrect XML'); eval { my $ids = new CGI::IDS( filters_file => "$Bin/data/test_filter_bad_regex.xml", ); }; like( $@, qr/Error in filter rule/, 'Croak if filter file contains incorrect RegEx' ); eval { my $ids = new CGI::IDS( filters_file => "$Bin/data/test_filter_bad_data.xml", ); }; like( $@, qr/No IDS filter rules loaded/, 'Croak if filter file loading failed in other cases' ); eval { my $ids = new CGI::IDS( whitelist_file => "$Bin/data/missing_param_whitelist.xml", ); }; like( $@, qr/_load_whitelist_from_xml.*File does not exist/, 'Croak if whitelist file is missing' ); eval { my $ids = new CGI::IDS( whitelist_file => "$Bin/data/test_param_whitelist_bad_xml.xml", ); }; like( $@, qr/(?:Error in _load_whitelist_from_xml while parsing)(?!.*(?:File does not exist))/, 'Croak if whitelist file has incorrect XML'); eval { my $ids = new CGI::IDS( whitelist_file => "$Bin/data/test_param_whitelist_bad_regex.xml", ); }; like( $@, qr/Error in whitelist rule/, 'Croak if whitelist file contains incorrect RegEx' ); # instantiate IDS for detection tests print testmessage("instantiate IDS for detection tests"); my $ids = new CGI::IDS( whitelist_file => "$Bin/data/test_param_whitelist.xml", ); isa_ok ($ids, 'CGI::IDS'); # test get_attacks() print testmessage("test get_attacks()"); ok (!$ids->get_attacks(), 'No attack found if no detection run'); $ids->detect_attacks(request => \%testSimpleScan); isa_ok ($ids->get_attacks(), 'ARRAY', 'The return value of get_attacks()'); my $attacks = $ids->get_attacks(); ok ($attacks, 'Attacks returned in get_attacks()'); is ($attacks->[0]->{impact}, 8, 'Correct impact returned by get_attacks()'); # test key scanning print testmessage("test key scanning"); is ($ids->detect_attacks(request => \%testScanKeys), 16, "testScanKeys default (off)"); $ids->set_scan_keys(scan_keys => 1); is ($ids->detect_attacks(request => \%testScanKeys), 32, "testScanKeys set on"); $ids->set_scan_keys(scan_keys => 0); is ($ids->detect_attacks(request => \%testScanKeys), 16, "testScanKeys set off"); $ids->set_scan_keys(scan_keys => 1); $ids->set_scan_keys(); is ($ids->detect_attacks(request => \%testScanKeys), 16, "testScanKeys set from 1 to default (off)"); # test whitelist print testmessage("test whitelist"); is ($ids->detect_attacks(request => \%testWhitelistScan), 8, "testWhitelistScan"); is ($ids->detect_attacks(request => \%testWhitelistScan2), 8, "testWhitelistScan2"); is ($ids->detect_attacks(request => \%testWhitelistScan3), 8, "testWhitelistScan3"); is ($ids->detect_attacks(request => \%testWhitelistScan4), 16, "testWhitelistScan4"); is ($ids->detect_attacks(request => \%testWhitelistScan5), 8, "testWhitelistScan5"); is ($ids->detect_attacks(request => \%testWhitelistSkip), 0, "testWhitelistSkip"); is ($ids->detect_attacks(request => \%testWhitelistSkip2), 8, "testWhitelistSkip2"); is ($ids->detect_attacks(request => \%testWhitelistSkip3), 8, "testWhitelistSkip3"); # test converters and filters print testmessage("test converters and filters"); is ($ids->detect_attacks(request => \%testAttributeBreakerList), 29, "testAttributeBreakerList"); is ($ids->detect_attacks(request => \%testCommentList), 9, "testCommentList"); is ($ids->detect_attacks(request => \%testConcatenatedXSSList), 1106, "testConcatenatedXSSList"); is ($ids->detect_attacks(request => \%testConcatenatedXSSList2), 871, "testConcatenatedXSSList2"); is ($ids->detect_attacks(request => \%testXMLPredicateXSSList), 154, "testXMLPredicateXSSList"); is ($ids->detect_attacks(request => \%testConditionalCompilationXSSList), 87, "testXMLPredicateXSSList"); is ($ids->detect_attacks(request => \%testXSSList), 563, "testXSSList"); is ($ids->detect_attacks(request => \%testSelfContainedXSSList), 479, "testSelfContainedXSSList"); is ($ids->detect_attacks(request => \%testSQLIList), 465, "testSQLIList"); is ($ids->detect_attacks(request => \%testSQLIList2), 604, "testSQLIList2"); is ($ids->detect_attacks(request => \%testSQLIList3), 612, "testSQLIList3"); is ($ids->detect_attacks(request => \%testSQLIList4), 747, "testSQLIList4"); is ($ids->detect_attacks(request => \%testSQLIList5), 920, "testSQLIList5"); is ($ids->detect_attacks(request => \%testSQLIList6), 335, "testSQLIList6"); is ($ids->detect_attacks(request => \%testDTList), 121, "testDTList"); is ($ids->detect_attacks(request => \%testURIList), 131, "testURIList"); is ($ids->detect_attacks(request => \%testRFEList), 512, "testRFEList"); is ($ids->detect_attacks(request => \%testUTF7List), 71, "testUTF7List"); is ($ids->detect_attacks(request => \%testBase64CCConverter), 95, "testBase64CCConverter"); is ($ids->detect_attacks(request => \%testDecimalCCConverter), 67, "testDecimalCCConverter"); is ($ids->detect_attacks(request => \%testOctalCCConverter), 48, "testOctalCCConverter"); is ($ids->detect_attacks(request => \%testHexCCConverter), 106, "testHexCCConverter"); is ($ids->detect_attacks(request => \%testLDAPInjectionList), 20, "testLDAPInjectionList"); is ($ids->detect_attacks(request => \%testJSONScanning), 32, "testJSONScanning"); is ($ids->detect_attacks(request => \%testForFalseAlerts), 0, "testForFalseAlerts"); sub testmessage { (my $message) = @_; return "\n-- $message\n"; }