Subversion Repositories ggsysinfo

[/] [modules/] [sysinfo/] [lib/] [PhpSecInfo/] [Test/] [Core/] [memory_limit.php] - Blame information for rev 123

Details | Compare with Previous | View Log

Line No. Rev Author Line
1 123 gg
<?php
2
/**
3
 * Test Class for memory_limit setting
4
 *
5
 * @package PhpSecInfo
6
 * @author  Paul Reinheimer
7
 * @author  Ed Finkler
8
 * @author  Mark Wallaert <mark@autumnweave.com>
9
 */
10
 
11
 
12
/**
13
 * require the PhpSecInfo_Test_Core class
14
 */
15
require_once(PHPSECINFO_BASE_DIR.'/Test/Test_Core.php');
16
 
17
/**
18
 * The max recommended size for the memory_limit setting, in bytes
19
 *
20
 */
21
define ('PHPSECINFO_MEMORY_LIMIT', 8*1024*1024);
22
 
23
/**
24
 * Test Class for memory_limit setting
25
 *
26
 * @package PhpSecInfo
27
 */
28
class PhpSecInfo_Test_Core_Memory_Limit extends PhpSecInfo_Test_Core
29
{
30
 
31
 
32
        /**
33
         * This should be a <b>unique</b>, human-readable identifier for this test
34
         *
35
         * @var string
36
         */
37
        var $test_name = "memory_limit";
38
 
39
        var $recommended_value = PHPSECINFO_MEMORY_LIMIT;
40
 
41
        function _retrieveCurrentValue() {
42
                $this->current_value =  $this->returnBytes(ini_get('memory_limit'));
43
        }
44
 
45
 
46
        /**
47
         * Check to see if the memory_limit setting is enabled.
48
         *
49
         * Test conditions and results:
50
         * OK: memory_limit enabled and set to a value of 8MB or less.
51
         * NOTICE: memory_limit enabled and set to a value greater than 8MB.
52
         * WARNING: memory_limit disabled (compile time option).
53
         *
54
         * @return integer
55
         */
56
        function _execTest() {
57
                if (!$this->current_value) {
58
                        return PHPSECINFO_TEST_RESULT_WARN;
59
                } else if ($this->returnBytes($this->current_value) <= PHPSECINFO_MEMORY_LIMIT) {
60
                        return PHPSECINFO_TEST_RESULT_OK;
61
                }
62
                return PHPSECINFO_TEST_RESULT_NOTICE;
63
        }
64
 
65
 
66
        /**
67
         * Set the messages specific to this test
68
         *
69
         * @access      public
70
         * @return      null
71
         */
72
        function _setMessages() {
73
                parent::_setMessages();
74
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_OK, 'en', 'memory_limit is enabled, and appears to be set
75
                                to a realistic value.');
76
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_NOTICE, 'en', 'memory_limit is set to a very high value. Are
77
                                you sure your apps require this much memory? If not, lower the limit, as certain attacks or poor
78
                                programming practices can lead to exhaustion of server resources. It is recommended that you set this
79
                                to a realistic value (8M for example) from which it can be expanded as required.');
80
                $this->setMessageForResult(PHPSECINFO_TEST_RESULT_WARN, 'en', 'memory_limit does not appear to be enabled.  This
81
                                leaves the server vulnerable to attacks that attempt to exhaust resources and creates an environment
82
                                where poor programming practices can propagate unchecked.  This must be enabled at compile time by
83
                                including the parameter "--enable-memory-limit" in the configure line.  Once enabled "memory_limit" may
84
                                be set in php.ini to define the maximum amount of memory a script is allowed to allocate.');
85
        }
86
 
87
 
88
}