Implement the .line filter

Close #48

doc/source/config.rst

@@ -237,6 +237,7 @@ Filters
 - ``function(name)``: match on function ``name``
 - ``function_r(regexp)``: the function matching the ``regexp``
 - ``hash(sha256)``: match on the file's `sha256 <https://en.wikipedia.org/wiki/SHA-2>`_ sum
+- ``line(line_number)``: match on the file's line.
 - ``param(name)``: match on the function's parameter ``name``
 - ``param_r(regexp)``: match on the function's parameter ``regexp``
 - ``param_type(type)``: match on the function's parameter ``type``

src/sp_config.h

@@ -78,6 +78,7 @@ typedef struct {
   pcre *r_param;
   sp_php_type param_type;
   int pos;
+  unsigned int line;
 
   char *ret;
   pcre *r_ret;
@@ -185,6 +186,7 @@ typedef struct {
 #define SP_TOKEN_VALUE ".value("
 #define SP_TOKEN_VALUE_REGEXP ".value_r("
 #define SP_TOKEN_VALUE_ARG_POS ".pos("
+#define SP_TOKEN_LINE_NUMBER ".line("
 
 // cookies encryption
 #define SP_TOKEN_NAME ".cookie("

src/sp_config_keywords.c

@@ -145,6 +145,7 @@ int parse_disabled_functions(char *line) {
   int ret = 0;
   bool enable = true, disable = false;
   char *pos = NULL;
+  char *line_number = NULL;
   sp_disabled_function *df = pecalloc(sizeof(*df), 1, 1);
   df->pos = -1;
 
@@ -172,6 +173,7 @@ int parse_disabled_functions(char *line) {
       {parse_php_type, SP_TOKEN_RET_TYPE, &(df->ret_type)},
       {parse_str, SP_TOKEN_LOCAL_VAR, &(df->var)},
       {parse_str, SP_TOKEN_VALUE_ARG_POS, &(pos)},
+      {parse_str, SP_TOKEN_LINE_NUMBER, &(line_number)},
       {0}};
 
   ret = parse_keywords(sp_config_funcs_disabled_functions, line);
@@ -252,6 +254,17 @@ int parse_disabled_functions(char *line) {
     }
   }
 
+  if (line_number) {
+    errno = 0;
+    char *endptr;
+    df->line = strtoul(line_number, &endptr, 10);
+    if (errno != 0 || endptr == line_number) {
+      sp_log_err("config", "Failed to parse arg '%s' of `line` on line %zu.",
+		 line_number, sp_line_no);
+      return -1;
+    }
+  }
+
   if (df->function) {
     df->functions_list = parse_functions_list(df->function);
   }

src/sp_disabled_functions.c

@@ -172,6 +172,12 @@ bool should_disable(zend_execute_data* execute_data) {
       }
     }
 
+    if (config_node->line) {
+      if (config_node->line != zend_get_executed_lineno()) {
+	goto next;
+      }
+    }
+
     if (client_ip && config_node->cidr &&
         (false == cidr_match(client_ip, config_node->cidr))) {
       goto next;

src/tests/config/disabled_functions_broken_line.ini

@@ -0,0 +1 @@
+sp.disable_function.function("system").line("qwe").drop();

src/tests/config/disabled_functions_line.ini

@@ -0,0 +1 @@
+sp.disable_function.function("system").line("3").drop();

src/tests/disabled_functions_param_broken_line.phpt

@@ -0,0 +1,15 @@
+--TEST--
+Disable functions - match on a specific line - broken configuration
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_broken_line.ini
+--FILE--
+<?php 
+system("echo 1337");
+system("echo 1338");
+?>
+--EXPECTF--
+[snuffleupagus][0.0.0.0][config][error] Failed to parse arg 'qwe' of `line` on line 1.
+1337
+1338

src/tests/disabled_functions_param_line.phpt

@@ -0,0 +1,14 @@
+--TEST--
+Disable functions - match on a specific line
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/disabled_functions_line.ini
+--FILE--
+<?php 
+system("echo 1337");
+system("id");
+?>
+--EXPECTF--
+1337
+[snuffleupagus][0.0.0.0][disabled_function][drop] The call to the function 'system' in %a/disabled_functions_param_line.php:3 has been disabled.