summaryrefslogtreecommitdiff
path: root/src/tests/broken_configuration_php8
diff options
context:
space:
mode:
authorBen Fuhrmannek2021-11-11 12:02:07 +0100
committerBen Fuhrmannek2021-11-11 12:02:07 +0100
commit9111fdf5e6332923a5faf9f8a7e6b428eb91795a (patch)
tree046703d4a95f8590a01e8a82631d3c061a6c2865 /src/tests/broken_configuration_php8
parent8e95c5d30f197716ba132e3f2494c5e220f3e5cd (diff)
detect dummy or short encryption key
Diffstat (limited to 'src/tests/broken_configuration_php8')
-rw-r--r--src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt2
-rw-r--r--src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini2
-rw-r--r--src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini2
-rw-r--r--src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini2
-rw-r--r--src/tests/broken_configuration_php8/encrypt_key_too_short.phpt22
-rw-r--r--src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt2
6 files changed, 27 insertions, 5 deletions
diff --git a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
index 8648b4f..c02d67a 100644
--- a/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
+++ b/src/tests/broken_configuration_php8/broken_conf_cookie_name_and_regexp.phpt
@@ -4,7 +4,7 @@ Broken configuration - encrypted cookie with name and regexp
4<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> 4<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
5<?php if (PHP_VERSION_ID < 80000) print "skip"; ?> 5<?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
6--INI-- 6--INI--
7sp.configuration_file={PWD}/config/broken_conf_cookie_name_and_regexp.ini 7sp.configuration_file={PWD}/../broken_configuration/config/broken_conf_cookie_name_and_regexp.ini
8--FILE-- 8--FILE--
9--EXPECT-- 9--EXPECT--
10 10
diff --git a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
index 503889b..6b43b71 100644
--- a/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
+++ b/src/tests/broken_configuration_php8/config/broken_conf_cookie_name_and_regexp.ini
@@ -1,2 +1,2 @@
1sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); 1sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
2sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt(); 2sp.cookie.name("my_cookie_name").name_r("my_cookie_regexp").encrypt();
diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
index 048e404..43a4284 100644
--- a/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
+++ b/src/tests/broken_configuration_php8/config/config_encrypted_cookies_noname.ini
@@ -1,3 +1,3 @@
1sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); 1sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
2sp.cookie.name("").encrypt(); 2sp.cookie.name("").encrypt();
3sp.auto_cookie_secure.enable(); 3sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
index 4fe92fd..817de14 100644
--- a/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
+++ b/src/tests/broken_configuration_php8/config/config_encrypted_regexp_cookies_bad_regexp.ini
@@ -1,3 +1,3 @@
1sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); 1sp.global.secret_key("abcdefGHIJ").cookie_env_var("REMOTE_ADDR");
2sp.cookie.name_r("^super_co[a-z+$").encrypt(); 2sp.cookie.name_r("^super_co[a-z+$").encrypt();
3sp.auto_cookie_secure.enable(); 3sp.auto_cookie_secure.enable();
diff --git a/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
new file mode 100644
index 0000000..c14785e
--- /dev/null
+++ b/src/tests/broken_configuration_php8/encrypt_key_too_short.phpt
@@ -0,0 +1,22 @@
1--TEST--
2Cookie encryption key too short
3--SKIPIF--
4<?php if (!extension_loaded("snuffleupagus")) print "skip"; ?>
5<?php if (PHP_VERSION_ID < 80000) print "skip"; ?>
6--INI--
7sp.configuration_file={PWD}/../broken_configuration/config/config_encryption_key_short.ini
8--COOKIE--
9--ENV--
10return <<<EOF
11REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
12HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
13HTTPS=1
14EOF;
15--FILE--
16<?php
17?>
18--EXPECT--
19Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] The encryption key set on line 1 is too short. please use at least 10 bytes in Unknown on line 0
20
21Fatal error: [snuffleupagus][2001:0db8:0000:0000:0000:fe00:0042:8329][config][log] Invalid configuration file in Unknown on line 0
22Could not startup. \ No newline at end of file
diff --git a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
index 5383df6..6796c5b 100644
--- a/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
+++ b/src/tests/broken_configuration_php8/encrypt_regexp_cookies_bad_regexp.phpt
@@ -6,7 +6,7 @@ Cookie decryption in ipv4
6sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini 6sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_bad_regexp.ini
7error_reporting=1 7error_reporting=1
8--COOKIE-- 8--COOKIE--
9super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value; 9super_cookie=IpRZV4rivSjANrEOSxINd%2FdFe17giJgaAAAAAAAAAAAAAAAAAAAAALnmBVs%2BTILKxauHeGcUyJpR%2BX2UiZ6OamUTaWc=;awful_cookie=awful_cookie_value;
10--ENV-- 10--ENV--
11return <<<EOF 11return <<<EOF
12REMOTE_ADDR=127.0.0.1 12REMOTE_ADDR=127.0.0.1