diff options
22 files changed, 304 insertions, 65 deletions
diff --git a/src/snuffleupagus.c b/src/snuffleupagus.c index ae1a864..afbd725 100644 --- a/src/snuffleupagus.c +++ b/src/snuffleupagus.c | |||
| @@ -78,7 +78,7 @@ PHP_GINIT_FUNCTION(snuffleupagus) { | |||
| 78 | snuffleupagus_globals->config.config_disabled_constructs->construct_eval = sp_list_new(); | 78 | snuffleupagus_globals->config.config_disabled_constructs->construct_eval = sp_list_new(); |
| 79 | snuffleupagus_globals->config.config_disabled_functions->disabled_functions = sp_list_new(); | 79 | snuffleupagus_globals->config.config_disabled_functions->disabled_functions = sp_list_new(); |
| 80 | snuffleupagus_globals->config.config_disabled_functions_ret->disabled_functions = sp_list_new(); | 80 | snuffleupagus_globals->config.config_disabled_functions_ret->disabled_functions = sp_list_new(); |
| 81 | SP_INIT_HT(snuffleupagus_globals->config.config_cookie->cookies); | 81 | snuffleupagus_globals->config.config_cookie->cookies = sp_list_new(); |
| 82 | 82 | ||
| 83 | #undef SP_INIT | 83 | #undef SP_INIT |
| 84 | #undef SP_INIT_HT | 84 | #undef SP_INIT_HT |
| @@ -96,7 +96,6 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { | |||
| 96 | pefree(SNUFFLEUPAGUS_G(F), 1); | 96 | pefree(SNUFFLEUPAGUS_G(F), 1); |
| 97 | 97 | ||
| 98 | FREE_HT(disabled_functions_hook); | 98 | FREE_HT(disabled_functions_hook); |
| 99 | FREE_HT(config.config_cookie->cookies); | ||
| 100 | 99 | ||
| 101 | #undef FREE_HT | 100 | #undef FREE_HT |
| 102 | 101 | ||
| @@ -109,19 +108,20 @@ PHP_MSHUTDOWN_FUNCTION(snuffleupagus) { | |||
| 109 | pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1); | 108 | pefree(SNUFFLEUPAGUS_G(config.config_disable_xxe), 1); |
| 110 | pefree(SNUFFLEUPAGUS_G(config.config_upload_validation), 1); | 109 | pefree(SNUFFLEUPAGUS_G(config.config_upload_validation), 1); |
| 111 | 110 | ||
| 112 | #define FREE_LST(L) \ | 111 | #define FREE_LST_DISABLE(L) \ |
| 113 | do { \ | 112 | do { \ |
| 114 | sp_list_node* _n = SNUFFLEUPAGUS_G(L); \ | 113 | sp_list_node* _n = SNUFFLEUPAGUS_G(L); \ |
| 115 | sp_disabled_function_list_free(_n); \ | 114 | sp_disabled_function_list_free(_n); \ |
| 116 | sp_list_free(_n); \ | 115 | sp_list_free(_n); \ |
| 117 | } while(0) | 116 | } while(0) |
| 118 | 117 | ||
| 119 | FREE_LST(config.config_disabled_functions->disabled_functions); | 118 | FREE_LST_DISABLE(config.config_disabled_functions->disabled_functions); |
| 120 | FREE_LST(config.config_disabled_functions_ret->disabled_functions); | 119 | FREE_LST_DISABLE(config.config_disabled_functions_ret->disabled_functions); |
| 121 | FREE_LST(config.config_disabled_constructs->construct_include); | 120 | FREE_LST_DISABLE(config.config_disabled_constructs->construct_include); |
| 122 | FREE_LST(config.config_disabled_constructs->construct_eval); | 121 | FREE_LST_DISABLE(config.config_disabled_constructs->construct_eval); |
| 122 | sp_list_free(SNUFFLEUPAGUS_G(config).config_cookie->cookies); | ||
| 123 | 123 | ||
| 124 | #undef FREE_LST | 124 | #undef FREE_LST_DISABLE |
| 125 | 125 | ||
| 126 | pefree(SNUFFLEUPAGUS_G(config.config_disabled_functions), 1); | 126 | pefree(SNUFFLEUPAGUS_G(config.config_disabled_functions), 1); |
| 127 | pefree(SNUFFLEUPAGUS_G(config.config_disabled_functions_ret), 1); | 127 | pefree(SNUFFLEUPAGUS_G(config.config_disabled_functions_ret), 1); |
diff --git a/src/sp_config.c b/src/sp_config.c index 1877859..f1c7b65 100644 --- a/src/sp_config.c +++ b/src/sp_config.c | |||
| @@ -186,13 +186,13 @@ int sp_parse_config(const char *conf_file) { | |||
| 186 | void sp_disabled_function_list_free(sp_list_node* list) { | 186 | void sp_disabled_function_list_free(sp_list_node* list) { |
| 187 | sp_list_node* cursor = list; | 187 | sp_list_node* cursor = list; |
| 188 | while(cursor) { | 188 | while(cursor) { |
| 189 | sp_disabled_function* df = cursor->data; | 189 | sp_disabled_function* df = cursor->data; |
| 190 | if (df && df->functions_list) | 190 | if (df && df->functions_list) |
| 191 | sp_list_free(df->functions_list); | 191 | sp_list_free(df->functions_list); |
| 192 | if (df) { | 192 | if (df) { |
| 193 | sp_tree_free(df->param); | 193 | sp_tree_free(df->param); |
| 194 | sp_tree_free(df->var); | 194 | sp_tree_free(df->var); |
| 195 | } | 195 | } |
| 196 | cursor = cursor->next; | 196 | cursor = cursor->next; |
| 197 | } | 197 | } |
| 198 | } | 198 | } |
diff --git a/src/sp_config.h b/src/sp_config.h index 3a7a79c..aca9ff6 100644 --- a/src/sp_config.h +++ b/src/sp_config.h | |||
| @@ -58,7 +58,9 @@ typedef struct { bool enable; } sp_config_disable_xxe; | |||
| 58 | typedef struct { | 58 | typedef struct { |
| 59 | enum samesite_type {strict=1, lax=2} samesite; | 59 | enum samesite_type {strict=1, lax=2} samesite; |
| 60 | bool encrypt; | 60 | bool encrypt; |
| 61 | bool simulation; | 61 | char *name; |
| 62 | pcre *name_r; | ||
| 63 | bool simulation; | ||
| 62 | } sp_cookie; | 64 | } sp_cookie; |
| 63 | 65 | ||
| 64 | typedef struct { | 66 | typedef struct { |
| @@ -114,7 +116,7 @@ typedef struct { | |||
| 114 | } sp_config_disabled_functions; | 116 | } sp_config_disabled_functions; |
| 115 | 117 | ||
| 116 | typedef struct { | 118 | typedef struct { |
| 117 | HashTable *cookies; // HashTable of sp_cookie | 119 | sp_list_node *cookies; //list of sp_cookie for regexp/names |
| 118 | } sp_config_cookie; | 120 | } sp_config_cookie; |
| 119 | 121 | ||
| 120 | typedef struct { | 122 | typedef struct { |
| @@ -204,6 +206,7 @@ typedef struct { | |||
| 204 | 206 | ||
| 205 | // cookies encryption | 207 | // cookies encryption |
| 206 | #define SP_TOKEN_NAME ".name(" | 208 | #define SP_TOKEN_NAME ".name(" |
| 209 | #define SP_TOKEN_NAME_REGEXP ".name_r(" | ||
| 207 | 210 | ||
| 208 | // cookies samesite | 211 | // cookies samesite |
| 209 | #define SP_TOKEN_SAMESITE ".samesite(" | 212 | #define SP_TOKEN_SAMESITE ".samesite(" |
diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c index 32363b8..f4ff249 100644 --- a/src/sp_config_keywords.c +++ b/src/sp_config_keywords.c | |||
| @@ -104,16 +104,15 @@ int parse_global(char *line) { | |||
| 104 | 104 | ||
| 105 | int parse_cookie(char *line) { | 105 | int parse_cookie(char *line) { |
| 106 | int ret = 0; | 106 | int ret = 0; |
| 107 | char *samesite = NULL, *name = NULL; | 107 | char *samesite = NULL; |
| 108 | sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1); | 108 | sp_cookie *cookie = pecalloc(sizeof(sp_cookie), 1, 1); |
| 109 | zend_string *zend_name; | ||
| 110 | 109 | ||
| 111 | sp_config_functions sp_config_funcs_cookie_encryption[] = { | 110 | sp_config_functions sp_config_funcs_cookie_encryption[] = { |
| 112 | {parse_str, SP_TOKEN_NAME, &name}, | 111 | {parse_str, SP_TOKEN_NAME, &(cookie->name)}, |
| 113 | {parse_str, SP_TOKEN_SAMESITE, &samesite}, | 112 | {parse_regexp, SP_TOKEN_NAME_REGEXP, &(cookie->name_r)}, |
| 114 | {parse_empty, SP_TOKEN_SIMULATION, &cookie->simulation}, | 113 | {parse_str, SP_TOKEN_SAMESITE, &samesite}, |
| 115 | {parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt}, | 114 | {parse_empty, SP_TOKEN_ENCRYPT, &cookie->encrypt}, |
| 116 | {0}}; | 115 | {0}}; |
| 117 | 116 | ||
| 118 | ret = parse_keywords(sp_config_funcs_cookie_encryption, line); | 117 | ret = parse_keywords(sp_config_funcs_cookie_encryption, line); |
| 119 | if (0 != ret) { | 118 | if (0 != ret) { |
| @@ -122,21 +121,18 @@ int parse_cookie(char *line) { | |||
| 122 | 121 | ||
| 123 | if (cookie->encrypt) { | 122 | if (cookie->encrypt) { |
| 124 | if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) { | 123 | if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->cookies_env_var)) { |
| 125 | sp_log_err( | 124 | sp_log_err("config", |
| 126 | "config", | 125 | "You're trying to use the cookie encryption feature" |
| 127 | "You're trying to use the cookie encryption feature" | 126 | "on line %zu without having set the `.cookie_env_var` option in" |
| 128 | "on line %zu without having set the `.cookie_env_var` option in" | 127 | "`sp.global`: please set it first.", |
| 129 | "`sp.global`: please set it first.", | ||
| 130 | sp_line_no); | 128 | sp_line_no); |
| 131 | return -1; | 129 | return -1; |
| 132 | } else if (0 == | 130 | } else if (0 == (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) { |
| 133 | (SNUFFLEUPAGUS_G(config).config_snuffleupagus->encryption_key)) { | 131 | sp_log_err("config", |
| 134 | sp_log_err( | 132 | "You're trying to use the cookie encryption feature" |
| 135 | "config", | 133 | "on line %zu without having set the `.encryption_key` option in" |
| 136 | "You're trying to use the cookie encryption feature" | 134 | "`sp.global`: please set it first.", |
| 137 | "on line %zu without having set the `.encryption_key` option in" | 135 | sp_line_no); |
| 138 | "`sp.global`: please set it first.", | ||
| 139 | sp_line_no); | ||
| 140 | return -1; | 136 | return -1; |
| 141 | } | 137 | } |
| 142 | } else if (!samesite) { | 138 | } else if (!samesite) { |
| @@ -146,9 +142,16 @@ int parse_cookie(char *line) { | |||
| 146 | sp_line_no); | 142 | sp_line_no); |
| 147 | return -1; | 143 | return -1; |
| 148 | } | 144 | } |
| 149 | if (0 == strlen(name)) { | 145 | if ((!cookie->name || '\0' == cookie->name[0]) && !cookie->name_r) { |
| 146 | sp_log_err("config", | ||
| 147 | "You must specify a cookie name/regexp on line " | ||
| 148 | "%zu.", | ||
| 149 | sp_line_no); | ||
| 150 | return -1; | ||
| 151 | } | ||
| 152 | if (cookie->name && cookie->name_r) { | ||
| 150 | sp_log_err("config", | 153 | sp_log_err("config", |
| 151 | "You must specify a cookie name on line " | 154 | "name and name_r are mutually exclusive on line " |
| 152 | "%zu.", | 155 | "%zu.", |
| 153 | sp_line_no); | 156 | sp_line_no); |
| 154 | return -1; | 157 | return -1; |
| @@ -159,20 +162,16 @@ int parse_cookie(char *line) { | |||
| 159 | } else if (0 == strcasecmp(samesite, SP_TOKEN_SAMESITE_STRICT)) { | 162 | } else if (0 == strcasecmp(samesite, SP_TOKEN_SAMESITE_STRICT)) { |
| 160 | cookie->samesite = strict; | 163 | cookie->samesite = strict; |
| 161 | } else { | 164 | } else { |
| 162 | sp_log_err( | 165 | sp_log_err("config", |
| 163 | "config", | 166 | "%s is an invalid value to samesite (expected %s or %s) on line " |
| 164 | "%s is an invalid value to samesite (expected %s or %s) on line " | 167 | "%zu.", |
| 165 | "%zu.", | 168 | samesite, SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT, |
| 166 | samesite, SP_TOKEN_SAMESITE_LAX, SP_TOKEN_SAMESITE_STRICT, | 169 | sp_line_no); |
| 167 | sp_line_no); | ||
| 168 | return -1; | 170 | return -1; |
| 169 | } | 171 | } |
| 170 | } | 172 | } |
| 171 | 173 | sp_list_insert(SNUFFLEUPAGUS_G(config).config_cookie->cookies, | |
| 172 | zend_name = zend_string_init(name, strlen(name), 1); | 174 | cookie); |
| 173 | zend_hash_add_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, zend_name, | ||
| 174 | cookie); | ||
| 175 | |||
| 176 | return SUCCESS; | 175 | return SUCCESS; |
| 177 | } | 176 | } |
| 178 | 177 | ||
diff --git a/src/sp_cookie_encryption.c b/src/sp_cookie_encryption.c index 04c864f..4e9818f 100644 --- a/src/sp_cookie_encryption.c +++ b/src/sp_cookie_encryption.c | |||
| @@ -39,21 +39,34 @@ static inline void generate_key(unsigned char *key) { | |||
| 39 | PHP_SHA256Final((unsigned char *)key, &ctx); | 39 | PHP_SHA256Final((unsigned char *)key, &ctx); |
| 40 | } | 40 | } |
| 41 | 41 | ||
| 42 | static inline const sp_cookie *sp_lookup_cookie_config(const char *key) { | ||
| 43 | sp_list_node *it = SNUFFLEUPAGUS_G(config).config_cookie->cookies; | ||
| 44 | |||
| 45 | while (it) { | ||
| 46 | const sp_cookie *config = it->data; | ||
| 47 | if (config && sp_match_value(key, config->name, config->name_r)) { | ||
| 48 | return config; | ||
| 49 | } | ||
| 50 | it = it->next; | ||
| 51 | } | ||
| 52 | return NULL; | ||
| 53 | } | ||
| 54 | |||
| 55 | /* called at RINIT time with each cookie, eventually decrypt said cookie */ | ||
| 42 | int decrypt_cookie(zval *pDest, int num_args, va_list args, | 56 | int decrypt_cookie(zval *pDest, int num_args, va_list args, |
| 43 | zend_hash_key *hash_key) { | 57 | zend_hash_key *hash_key) { |
| 44 | unsigned char key[crypto_secretbox_KEYBYTES] = {0}; | 58 | unsigned char key[crypto_secretbox_KEYBYTES] = {0}; |
| 45 | zend_string *debase64; | 59 | zend_string *debase64; |
| 46 | unsigned char *decrypted; | 60 | unsigned char *decrypted; |
| 47 | sp_cookie *cookie = zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, | 61 | const sp_cookie *cookie = sp_lookup_cookie_config(ZSTR_VAL(hash_key->key)); |
| 48 | hash_key->key); | ||
| 49 | int ret = 0; | 62 | int ret = 0; |
| 50 | 63 | ||
| 51 | /* If the cookie isn't in the conf, it shouldn't be encrypted. */ | 64 | /* If the cookie isn't in the conf, it shouldn't be encrypted. */ |
| 52 | if (!cookie || !cookie->encrypt) { | 65 | if (!cookie || !cookie->encrypt) { |
| 53 | return ZEND_HASH_APPLY_KEEP; | 66 | return ZEND_HASH_APPLY_KEEP; |
| 54 | } | 67 | } |
| 55 | 68 | ||
| 56 | /* If the cookie has no value, it shouldn't be encrypted. */ | 69 | /* If the cookie has no value, it shouldn't be encrypted. */ |
| 57 | if (0 == Z_STRLEN_P(pDest)) { | 70 | if (0 == Z_STRLEN_P(pDest)) { |
| 58 | return ZEND_HASH_APPLY_KEEP; | 71 | return ZEND_HASH_APPLY_KEEP; |
| 59 | } | 72 | } |
| @@ -107,10 +120,10 @@ int decrypt_cookie(zval *pDest, int num_args, va_list args, | |||
| 107 | return ZEND_HASH_APPLY_KEEP; | 120 | return ZEND_HASH_APPLY_KEEP; |
| 108 | } | 121 | } |
| 109 | 122 | ||
| 110 | /** | 123 | /* |
| 111 | This function will return the `data` of length `data_len` encrypted in the | 124 | ** This function will return the `data` of length `data_len` encrypted in the |
| 112 | form `base64(nonce | encrypted_data)` (with `|` being the concatenation | 125 | ** form `base64(nonce | encrypted_data)` (with `|` being the concatenation |
| 113 | operation). | 126 | ** operation). |
| 114 | */ | 127 | */ |
| 115 | static zend_string *encrypt_data(char *data, unsigned long long data_len) { | 128 | static zend_string *encrypt_data(char *data, unsigned long long data_len) { |
| 116 | const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; | 129 | const size_t encrypted_msg_len = crypto_secretbox_ZEROBYTES + data_len + 1; |
| @@ -182,9 +195,9 @@ PHP_FUNCTION(sp_setcookie) { | |||
| 182 | } | 195 | } |
| 183 | } | 196 | } |
| 184 | 197 | ||
| 185 | cookie_node = | 198 | /* lookup existing configuration for said cookie */ |
| 186 | zend_hash_find_ptr(SNUFFLEUPAGUS_G(config).config_cookie->cookies, name); | 199 | cookie_node = sp_lookup_cookie_config(ZSTR_VAL(name)); |
| 187 | 200 | ||
| 188 | /* If the cookie's value is encrypted, it won't be usable by | 201 | /* If the cookie's value is encrypted, it won't be usable by |
| 189 | * javascript anyway. | 202 | * javascript anyway. |
| 190 | */ | 203 | */ |
diff --git a/src/tests/broken_conf_no_cookie_name.phpt b/src/tests/broken_conf_no_cookie_name.phpt index 4616f12..10fde3e 100644 --- a/src/tests/broken_conf_no_cookie_name.phpt +++ b/src/tests/broken_conf_no_cookie_name.phpt | |||
| @@ -6,4 +6,4 @@ Borken configuration - encrypted cookie with no name | |||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_cookies_noname.ini | 6 | sp.configuration_file={PWD}/config/config_encrypted_cookies_noname.ini |
| 7 | --FILE-- | 7 | --FILE-- |
| 8 | --EXPECT-- | 8 | --EXPECT-- |
| 9 | [snuffleupagus][0.0.0.0][config][error] You must specify a cookie name on line 2. | 9 | [snuffleupagus][0.0.0.0][config][error] You must specify a cookie name/regexp on line 2. |
diff --git a/src/tests/config/config_encrypted_regexp_cookies.ini b/src/tests/config/config_encrypted_regexp_cookies.ini new file mode 100644 index 0000000..8ea77f7 --- /dev/null +++ b/src/tests/config/config_encrypted_regexp_cookies.ini | |||
| @@ -0,0 +1,3 @@ | |||
| 1 | sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); | ||
| 2 | sp.cookie.name_r("^super_co[a-z]+$").encrypt(); | ||
| 3 | sp.auto_cookie_secure.enable(); | ||
diff --git a/src/tests/config/config_encrypted_regexp_cookies_empty_env.ini b/src/tests/config/config_encrypted_regexp_cookies_empty_env.ini new file mode 100644 index 0000000..da84df7 --- /dev/null +++ b/src/tests/config/config_encrypted_regexp_cookies_empty_env.ini | |||
| @@ -0,0 +1,2 @@ | |||
| 1 | sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR"); | ||
| 2 | sp.cookie.name_r("^super_coo[a-z]+$").encrypt(); | ||
diff --git a/src/tests/config/encrypt_regexp_cookies_no_env.ini b/src/tests/config/encrypt_regexp_cookies_no_env.ini new file mode 100644 index 0000000..0e1fa30 --- /dev/null +++ b/src/tests/config/encrypt_regexp_cookies_no_env.ini | |||
| @@ -0,0 +1,2 @@ | |||
| 1 | sp.global.secret_key("abcdef"); | ||
| 2 | sp.cookie.name_r("^super_co[a-z]+$").encrypt(); | ||
diff --git a/src/tests/config/encrypt_regexp_cookies_no_key.ini b/src/tests/config/encrypt_regexp_cookies_no_key.ini new file mode 100644 index 0000000..52427f4 --- /dev/null +++ b/src/tests/config/encrypt_regexp_cookies_no_key.ini | |||
| @@ -0,0 +1,2 @@ | |||
| 1 | sp.global.cookie_env_var("TEST"); | ||
| 2 | sp.cookie.name_r("^super_co[a-z]+$").encrypt(); | ||
diff --git a/src/tests/encrypt_cookies2.phpt b/src/tests/encrypt_cookies2.phpt index be4c990..195cb24 100644 --- a/src/tests/encrypt_cookies2.phpt +++ b/src/tests/encrypt_cookies2.phpt | |||
| @@ -3,7 +3,7 @@ Cookie encryption in ipv4 | |||
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_encrypted_cookies.ini | 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini |
| 7 | --COOKIE-- | 7 | --COOKIE-- |
| 8 | --ENV-- | 8 | --ENV-- |
| 9 | return <<<EOF | 9 | return <<<EOF |
diff --git a/src/tests/encrypt_cookies3.phpt b/src/tests/encrypt_cookies3.phpt index b4acbc0..ceb364c 100644 --- a/src/tests/encrypt_cookies3.phpt +++ b/src/tests/encrypt_cookies3.phpt | |||
| @@ -3,7 +3,7 @@ Cookie decryption with ipv6 | |||
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_encrypted_cookies.ini | 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini |
| 7 | --COOKIE-- | 7 | --COOKIE-- |
| 8 | super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value; | 8 | super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value; |
| 9 | --ENV-- | 9 | --ENV-- |
diff --git a/src/tests/encrypt_regexp_cookies.phpt b/src/tests/encrypt_regexp_cookies.phpt new file mode 100644 index 0000000..6bc187a --- /dev/null +++ b/src/tests/encrypt_regexp_cookies.phpt | |||
| @@ -0,0 +1,22 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie decryption in ipv4 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini | ||
| 7 | --COOKIE-- | ||
| 8 | super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value; | ||
| 9 | --ENV-- | ||
| 10 | return <<<EOF | ||
| 11 | REMOTE_ADDR=127.0.0.1 | ||
| 12 | HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36 | ||
| 13 | EOF; | ||
| 14 | --FILE-- | ||
| 15 | <?php var_dump($_COOKIE); ?> | ||
| 16 | --EXPECT-- | ||
| 17 | array(2) { | ||
| 18 | ["super_cookie"]=> | ||
| 19 | string(11) "super_value" | ||
| 20 | ["awful_cookie"]=> | ||
| 21 | string(18) "awful_cookie_value" | ||
| 22 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies2.phpt b/src/tests/encrypt_regexp_cookies2.phpt new file mode 100644 index 0000000..195cb24 --- /dev/null +++ b/src/tests/encrypt_regexp_cookies2.phpt | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption in ipv4 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini | ||
| 7 | --COOKIE-- | ||
| 8 | --ENV-- | ||
| 9 | return <<<EOF | ||
| 10 | REMOTE_ADDR=127.0.0.1 | ||
| 11 | HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36 | ||
| 12 | HTTPS=1 | ||
| 13 | EOF; | ||
| 14 | --FILE-- | ||
| 15 | <?php | ||
| 16 | setcookie("super_cookie", "super_value"); | ||
| 17 | setcookie("awful_cookie", "awful_value"); | ||
| 18 | setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true); | ||
| 19 | var_dump($_COOKIE); | ||
| 20 | ?> | ||
| 21 | --EXPECT-- | ||
| 22 | array(0) { | ||
| 23 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies3.phpt b/src/tests/encrypt_regexp_cookies3.phpt new file mode 100644 index 0000000..ceb364c --- /dev/null +++ b/src/tests/encrypt_regexp_cookies3.phpt | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie decryption with ipv6 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini | ||
| 7 | --COOKIE-- | ||
| 8 | super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value; | ||
| 9 | --ENV-- | ||
| 10 | return <<<EOF | ||
| 11 | REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329 | ||
| 12 | HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36 | ||
| 13 | HTTPS=1 | ||
| 14 | EOF; | ||
| 15 | --FILE-- | ||
| 16 | <?php var_dump($_COOKIE); ?> | ||
| 17 | --EXPECT-- | ||
| 18 | array(2) { | ||
| 19 | ["super_cookie"]=> | ||
| 20 | string(11) "super_value" | ||
| 21 | ["awful_cookie"]=> | ||
| 22 | string(18) "awful_cookie_value" | ||
| 23 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies4.phpt b/src/tests/encrypt_regexp_cookies4.phpt new file mode 100644 index 0000000..14d737a --- /dev/null +++ b/src/tests/encrypt_regexp_cookies4.phpt | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption in ipv6 | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_cookies.ini | ||
| 7 | --COOKIE-- | ||
| 8 | --ENV-- | ||
| 9 | return <<<EOF | ||
| 10 | REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329 | ||
| 11 | HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36 | ||
| 12 | HTTPS=1 | ||
| 13 | EOF; | ||
| 14 | --FILE-- | ||
| 15 | <?php | ||
| 16 | setcookie("super_cookie", "super_value"); | ||
| 17 | setcookie("awful_cookie", "awful_value"); | ||
| 18 | setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true); | ||
| 19 | var_dump($_COOKIE); | ||
| 20 | ?> | ||
| 21 | --EXPECT-- | ||
| 22 | array(0) { | ||
| 23 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies_empty_env.phpt b/src/tests/encrypt_regexp_cookies_empty_env.phpt new file mode 100644 index 0000000..1ee6160 --- /dev/null +++ b/src/tests/encrypt_regexp_cookies_empty_env.phpt | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption - empty environment variable specified | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_empty_env.ini | ||
| 7 | display_errors=1 | ||
| 8 | display_startup_errors=1 | ||
| 9 | error_reporting=E_ALL | ||
| 10 | --COOKIE-- | ||
| 11 | super_cookie=1337;awful_cookie=awful_cookie_value; | ||
| 12 | --ENV-- | ||
| 13 | return <<<EOF | ||
| 14 | NOT_REMOTE_ADDR=127.0.0.1 | ||
| 15 | EOF; | ||
| 16 | --FILE-- | ||
| 17 | <?php echo "1\n\n\n\n\n"; ?> | ||
| 18 | --EXPECT-- | ||
| 19 | 1 | ||
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt new file mode 100644 index 0000000..22bed26 --- /dev/null +++ b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini | ||
| 7 | display_errors=1 | ||
| 8 | display_startup_errors=1 | ||
| 9 | error_reporting=E_ALL | ||
| 10 | --COOKIE-- | ||
| 11 | super_cookie=jWjORGsgZyqzk3WA63XZBmUoSknXWnXDfAAAAAAAAAAAAAAAAAAAAAA7LiMDfkpP94jDnMVH%2Fm41GeL0Y00q3mbOFYz%2FS9mQGySu;awful_cookie=awful_cookie_value; | ||
| 12 | --ENV-- | ||
| 13 | return <<<EOF | ||
| 14 | REMOTE_ADDR=127.0.0.1 | ||
| 15 | EOF; | ||
| 16 | --FILE-- | ||
| 17 | <?php var_dump($_COOKIE); ?> | ||
| 18 | --EXPECT-- | ||
| 19 | |||
| 20 | array(1) { | ||
| 21 | ["awful_cookie"]=> | ||
| 22 | string(18) "awful_cookie_value" | ||
| 23 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt new file mode 100644 index 0000000..1a740c0 --- /dev/null +++ b/src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt | |||
| @@ -0,0 +1,23 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini | ||
| 7 | display_errors=1 | ||
| 8 | display_startup_errors=1 | ||
| 9 | error_reporting=E_ALL | ||
| 10 | --COOKIE-- | ||
| 11 | super_cookie=1337;awful_cookie=awful_cookie_value; | ||
| 12 | --ENV-- | ||
| 13 | return <<<EOF | ||
| 14 | REMOTE_ADDR=127.0.0.1 | ||
| 15 | EOF; | ||
| 16 | --FILE-- | ||
| 17 | <?php var_dump($_COOKIE); ?> | ||
| 18 | --EXPECT-- | ||
| 19 | |||
| 20 | array(1) { | ||
| 21 | ["awful_cookie"]=> | ||
| 22 | string(18) "awful_cookie_value" | ||
| 23 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt new file mode 100644 index 0000000..28ffaad --- /dev/null +++ b/src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt | |||
| @@ -0,0 +1,21 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini | ||
| 7 | --COOKIE-- | ||
| 8 | super_cookie=;awful_cookie=awful_cookie_value; | ||
| 9 | --ENV-- | ||
| 10 | return <<<EOF | ||
| 11 | REMOTE_ADDR=127.0.0.1 | ||
| 12 | EOF; | ||
| 13 | --FILE-- | ||
| 14 | <?php var_dump($_COOKIE); ?> | ||
| 15 | --EXPECT-- | ||
| 16 | array(2) { | ||
| 17 | ["super_cookie"]=> | ||
| 18 | string(0) "" | ||
| 19 | ["awful_cookie"]=> | ||
| 20 | string(18) "awful_cookie_value" | ||
| 21 | } | ||
diff --git a/src/tests/encrypt_regexp_cookies_no_env.phpt b/src/tests/encrypt_regexp_cookies_no_env.phpt new file mode 100644 index 0000000..37b95c1 --- /dev/null +++ b/src/tests/encrypt_regexp_cookies_no_env.phpt | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption - no environment variable specified | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/encrypt_regexp_cookies_no_env.ini | ||
| 7 | display_errors=1 | ||
| 8 | display_startup_errors=1 | ||
| 9 | error_reporting=E_ALL | ||
| 10 | --COOKIE-- | ||
| 11 | super_cookie=1337;awful_cookie=awful_cookie_value; | ||
| 12 | --ENV-- | ||
| 13 | return <<<EOF | ||
| 14 | REMOTE_ADDR=127.0.0.1 | ||
| 15 | EOF; | ||
| 16 | --FILE-- | ||
| 17 | <?php echo "1\n\n\n\n\n"; ?> | ||
| 18 | --EXPECT-- | ||
| 19 | 1 | ||
diff --git a/src/tests/encrypt_regexp_cookies_no_key.phpt b/src/tests/encrypt_regexp_cookies_no_key.phpt new file mode 100644 index 0000000..12512ce --- /dev/null +++ b/src/tests/encrypt_regexp_cookies_no_key.phpt | |||
| @@ -0,0 +1,19 @@ | |||
| 1 | --TEST-- | ||
| 2 | Cookie encryption - no encryption key specified | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/encrypt_regexp_cookies_no_key.ini | ||
| 7 | display_errors=1 | ||
| 8 | display_startup_errors=1 | ||
| 9 | error_reporting=E_ALL | ||
| 10 | --COOKIE-- | ||
| 11 | super_cookie=1337;awful_cookie=awful_cookie_value; | ||
| 12 | --ENV-- | ||
| 13 | return <<<EOF | ||
| 14 | REMOTE_ADDR=127.0.0.1 | ||
| 15 | EOF; | ||
| 16 | --FILE-- | ||
| 17 | <?php echo "1\n\n\n\n\n"; ?> | ||
| 18 | --EXPECT-- | ||
| 19 | 1 | ||