diff options
Diffstat (limited to 'rt/t/security/CVE-2011-2084-modifyscrips-templates.t')
-rw-r--r-- | rt/t/security/CVE-2011-2084-modifyscrips-templates.t | 126 |
1 files changed, 126 insertions, 0 deletions
diff --git a/rt/t/security/CVE-2011-2084-modifyscrips-templates.t b/rt/t/security/CVE-2011-2084-modifyscrips-templates.t new file mode 100644 index 0000000..f68706e --- /dev/null +++ b/rt/t/security/CVE-2011-2084-modifyscrips-templates.t @@ -0,0 +1,126 @@ +use strict; +use warnings; + +use RT::Test tests => undef; + +sub set_fails { + my $col = shift; + my $obj = shift; + my $to = ref $_[0] ? +shift->Id : shift; + my $from = $obj->$col; + my $meth = "Set$col"; + + my ($ok, $msg) = $obj->$meth($to); + ok !$ok, "$meth denied: $msg"; + is $obj->$col, $from, "$col left alone"; +} + +sub set_ok { + my $col = shift; + my $obj = shift; + my $to = ref $_[0] ? +shift->Id : shift; + my $from = $obj->$col; + my $meth = "Set$col"; + + my ($ok, $msg) = $obj->$meth($to); + ok $ok, "$meth allowed: $msg"; + is $obj->$col, $to, "$col updated"; +} + +my $qa = RT::Test->load_or_create_queue( Name => 'Queue A' ); +my $qb = RT::Test->load_or_create_queue( Name => 'Queue B' ); +ok $qa->id, "created Queue A"; +ok $qb->id, "created Queue B"; + +my $user = RT::Test->load_or_create_user( Name => 'testuser' ); +my $cu = RT::CurrentUser->new( $user ); +ok $user->id, "created testuser"; + +diag "ModifyScrips"; +{ + my $scrip = RT::Scrip->new( RT->SystemUser ); + my ($scrip_id, $msg) = $scrip->Create( + Description => 'Testing', + Queue => $qa->Id, + ScripCondition => 'User Defined', + ScripAction => 'User Defined', + Template => 'Blank', + CustomIsApplicableCode => 'if ($self->TicketObj->Subject =~ /fire/) { return (1);} else { return(0)}', + CustomPrepareCode => '1;', + CustomCommitCode => 'warn "scrip fired!";', + ); + ok $scrip_id, $msg; + + RT::Test->set_rights( + { Principal => $user, Right => 'ShowScrips' }, + { Principal => $user, Right => 'ModifyScrips', Object => $qa }, + ); + + $scrip = RT::Scrip->new( $cu ); + $scrip->Load( $scrip_id ); + ok $scrip->id, "loaded scrip as test user"; + is $scrip->Queue, $qa->Id, 'queue is A'; + + ok +($scrip->SetName('Testing ModifyScrips')); + + set_fails( Queue => $scrip => $qb ); + set_fails( Queue => $scrip => 0 ); + set_fails( Queue => $scrip => undef ); + set_fails( Queue => $scrip => '' ); + + RT::Test->add_rights( Principal => $user, Right => 'ModifyScrips', Object => $qb ); + + set_ok( Queue => $scrip => $qb ); + set_fails( Queue => $scrip => 0 ); + set_fails( Queue => $scrip => undef ); + set_fails( Queue => $scrip => '' ); + + RT::Test->add_rights( Principal => $user, Right => 'ModifyScrips' ); + + set_ok( Queue => $scrip => 0 ); + + set_fails( Template => $scrip => 2 ); + + RT::Test->add_rights( Principal => $user, Right => 'ShowTemplate' ); + + set_ok( Template => $scrip => 2 ); + is $scrip->TemplateObj->Name, 'Autoreply', 'template name is right'; +} + +diag "ModifyTemplate"; +{ + RT::Test->set_rights( + { Principal => $user, Right => 'ShowTemplate' }, + { Principal => $user, Right => 'ModifyTemplate', Object => $qa }, + ); + + my $template = RT::Template->new( RT->SystemUser ); + my ($id, $msg) = $template->Create( + Queue => $qa->Id, + Name => 'Testing', + Type => 'Perl', + Content => "\n\nThis is a test template.\n", + ); + ok $id, $msg; + + $template = RT::Template->new( $cu ); + $template->Load( $id ); + ok $template->id, "loaded template as test user"; + is $template->Queue, $qa->Id, 'queue is A'; + + ok +($template->SetName('Testing ModifyTemplate')); + + set_fails( Queue => $template => $qb ); + set_fails( Queue => $template => 0 ); + + RT::Test->add_rights( Principal => $user, Right => 'ModifyTemplate', Object => $qb ); + + set_ok( Queue => $template => $qb ); + set_fails( Queue => $template => 0 ); + + RT::Test->add_rights( Principal => $user, Right => 'ModifyTemplate' ); + + set_ok( Queue => $template => 0 ); +} + +done_testing; |