diff options
Diffstat (limited to 'src/tests/session_encryption')
6 files changed, 57 insertions, 13 deletions
diff --git a/src/tests/session_encryption/crypt_session_corrupted_session.phpt b/src/tests/session_encryption/crypt_session_corrupted_session.phpt index 6f9c287..db3f949 100644 --- a/src/tests/session_encryption/crypt_session_corrupted_session.phpt +++ b/src/tests/session_encryption/crypt_session_corrupted_session.phpt | |||
| @@ -6,7 +6,7 @@ Set a custom session handler | |||
| 6 | <?php if (PHP_VERSION_ID >= 70400) print "skip"; ?> | 6 | <?php if (PHP_VERSION_ID >= 70400) print "skip"; ?> |
| 7 | --INI-- | 7 | --INI-- |
| 8 | sp.configuration_file={PWD}/config/config_crypt_session.ini | 8 | sp.configuration_file={PWD}/config/config_crypt_session.ini |
| 9 | session.save_path = "/tmp" | 9 | session.save_path="/tmp" |
| 10 | --ENV-- | 10 | --ENV-- |
| 11 | return <<<EOF | 11 | return <<<EOF |
| 12 | REMOTE_ADDR=127.0.0.1 | 12 | REMOTE_ADDR=127.0.0.1 |
diff --git a/src/tests/session_encryption/crypt_session_invalid_simul.phpt b/src/tests/session_encryption/crypt_session_invalid_simul.phpt index cbb80dc..80edb8a 100644 --- a/src/tests/session_encryption/crypt_session_invalid_simul.phpt +++ b/src/tests/session_encryption/crypt_session_invalid_simul.phpt | |||
| @@ -1,9 +1,12 @@ | |||
| 1 | --TEST-- | 1 | --TEST-- |
| 2 | SESSION crypt and bad decrypt | 2 | SESSION crypt and bad decrypt |
| 3 | --SKIPIF-- | 3 | --SKIPIF-- |
| 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | 4 | <?php if (!extension_loaded("snuffleupagus") || PHP_VERSION_ID < 70400) print "skip"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_crypt_session_simul.ini | 6 | sp.configuration_file={PWD}/config/config_crypt_session_simul.ini |
| 7 | display_errors=0 | ||
| 8 | log_errors=1 | ||
| 9 | error_log="{PWD}"/crypt_session_invalid_simul.tmp | ||
| 7 | --ENV-- | 10 | --ENV-- |
| 8 | return <<<EOF | 11 | return <<<EOF |
| 9 | REMOTE_ADDR=127.0.0.1 | 12 | REMOTE_ADDR=127.0.0.1 |
| @@ -19,9 +22,13 @@ putenv("REMOTE_ADDR=127.0.0.2"); | |||
| 19 | session_id($id); // Recover the session with the previous session_id | 22 | session_id($id); // Recover the session with the previous session_id |
| 20 | session_start(); // Re start the session, It will read and decrypt the non empty session | 23 | session_start(); // Re start the session, It will read and decrypt the non empty session |
| 21 | var_dump($_SESSION); // Dump the session | 24 | var_dump($_SESSION); // Dump the session |
| 25 | |||
| 26 | echo file_get_contents(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp"); | ||
| 27 | unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp"); | ||
| 28 | |||
| 22 | ?> | 29 | ?> |
| 23 | --EXPECTF-- | 30 | --EXPECTF-- |
| 24 | array(1) { | 31 | array(0) { |
| 25 | ["toto"]=> | ||
| 26 | string(4) "tata" | ||
| 27 | } | 32 | } |
| 33 | %aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul.php on line 9 | ||
| 34 | %aPHP Warning: session_start(): Failed to decode session object. Session has been destroyed in %a/crypt_session_invalid_simul.php on line 9 | ||
diff --git a/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt new file mode 100644 index 0000000..4d1f747 --- /dev/null +++ b/src/tests/session_encryption/crypt_session_invalid_simul_php73.phpt | |||
| @@ -0,0 +1,33 @@ | |||
| 1 | --TEST-- | ||
| 2 | SESSION crypt and bad decrypt | ||
| 3 | --SKIPIF-- | ||
| 4 | <?php if (!extension_loaded("snuffleupagus") || PHP_VERSION_ID >= 70400) print "skip"; ?> | ||
| 5 | --INI-- | ||
| 6 | sp.configuration_file={PWD}/config/config_crypt_session_simul.ini | ||
| 7 | display_errors=0 | ||
| 8 | log_errors=1 | ||
| 9 | error_log="{PWD}"/crypt_session_invalid_simul.tmp | ||
| 10 | --ENV-- | ||
| 11 | return <<<EOF | ||
| 12 | REMOTE_ADDR=127.0.0.1 | ||
| 13 | EOF; | ||
| 14 | --FILE-- | ||
| 15 | <?php | ||
| 16 | // Do it like that to write (encrypt) the session and then to read (decrypt) the session | ||
| 17 | session_start(); // Start new_session , it will read an empty session | ||
| 18 | $_SESSION["toto"] = "tata"; // Encrypt and write the session | ||
| 19 | $id = session_id(); // Get the session_id to use it later | ||
| 20 | session_write_close(); // Close the session | ||
| 21 | putenv("REMOTE_ADDR=127.0.0.2"); | ||
| 22 | session_id($id); // Recover the session with the previous session_id | ||
| 23 | session_start(); // Re start the session, It will read and decrypt the non empty session | ||
| 24 | var_dump($_SESSION); // Dump the session | ||
| 25 | |||
| 26 | echo file_get_contents(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp"); | ||
| 27 | unlink(dirname(__FILE__) . "/crypt_session_invalid_simul.tmp"); | ||
| 28 | |||
| 29 | ?> | ||
| 30 | --EXPECTF-- | ||
| 31 | array(0) { | ||
| 32 | } | ||
| 33 | %aPHP Warning: [snuffleupagus][127.0.0.2][cookie_encryption][simulation] Something went wrong with the decryption of the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_invalid_simul%a.php on line 9 | ||
diff --git a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt index 5e81b52..e2e1737 100644 --- a/src/tests/session_encryption/crypt_session_read_uncrypt.phpt +++ b/src/tests/session_encryption/crypt_session_read_uncrypt.phpt | |||
| @@ -4,25 +4,28 @@ SESSION crypt/decrypt valid | |||
| 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_crypt_session_simul.ini | 6 | sp.configuration_file={PWD}/config/config_crypt_session_simul.ini |
| 7 | session.save_path="{PWD}" | ||
| 8 | display_errors=0 | ||
| 9 | log_errors=1 | ||
| 10 | error_log="{PWD}"/crypt_session_read_uncrypt.tmp | ||
| 7 | --ENV-- | 11 | --ENV-- |
| 8 | return <<<EOF | 12 | return <<<EOF |
| 9 | REMOTE_ADDR=127.0.0.1 | 13 | REMOTE_ADDR=127.0.0.1 |
| 10 | EOF; | 14 | EOF; |
| 11 | --FILE-- | 15 | --FILE-- |
| 12 | <?php | 16 | <?php |
| 13 | $current_path = dirname(getcwd()) . "/src/tests/" ; | ||
| 14 | ini_set("session.save_path", $current_path); | ||
| 15 | |||
| 16 | session_start(); | 17 | session_start(); |
| 17 | $id = session_id(); // Get the session_id to use it later | 18 | $id = session_id(); // Get the session_id to use it later |
| 18 | $filename_sess = $current_path . "sess_" . $id; | 19 | $filename_sess = dirname(__FILE__) . "/sess_" . $id; |
| 19 | file_put_contents($filename_sess, "toto|s:4:\"tata\";"); // Write a unencrypted session | 20 | file_put_contents($filename_sess, "toto|s:4:\"tata\";"); // Write unencrypted session |
| 20 | session_write_close(); // Close the session | 21 | session_write_close(); // Close the session |
| 21 | 22 | ||
| 22 | session_id($id); | 23 | session_id($id); |
| 23 | session_start(); // Try to read the unencrypted session, it will fail to decrypt but it must return the session | 24 | session_start(); // Try to read the unencrypted session, it will fail to decrypt but it must return the session |
| 24 | var_dump($_SESSION); | 25 | var_dump($_SESSION); |
| 25 | echo "OK"; | 26 | echo "OK\n"; |
| 27 | echo file_get_contents(dirname(__FILE__) . "/crypt_session_read_uncrypt.tmp"); | ||
| 28 | unlink(dirname(__FILE__) . "/crypt_session_read_uncrypt.tmp"); | ||
| 26 | unlink($filename_sess); | 29 | unlink($filename_sess); |
| 27 | ?> | 30 | ?> |
| 28 | --EXPECTF-- | 31 | --EXPECTF-- |
| @@ -31,3 +34,4 @@ array(1) { | |||
| 31 | string(4) "tata" | 34 | string(4) "tata" |
| 32 | } | 35 | } |
| 33 | OK | 36 | OK |
| 37 | %aPHP Warning: [snuffleupagus][127.0.0.1][cookie_encryption][simulation] Buffer underflow tentative detected in cookie encryption handling for the session. Using the cookie 'as is' instead of decrypting it in %a/crypt_session_read_uncrypt.php on line 9 | ||
diff --git a/src/tests/session_encryption/set_custom_session_handler.phpt b/src/tests/session_encryption/set_custom_session_handler.phpt index 725ee43..1b81a04 100644 --- a/src/tests/session_encryption/set_custom_session_handler.phpt +++ b/src/tests/session_encryption/set_custom_session_handler.phpt | |||
| @@ -4,7 +4,7 @@ Set a custom session handler | |||
| 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_crypt_session.ini | 6 | sp.configuration_file={PWD}/config/config_crypt_session.ini |
| 7 | session.save_path = "/tmp" | 7 | session.save_path="/tmp" |
| 8 | --ENV-- | 8 | --ENV-- |
| 9 | return <<<EOF | 9 | return <<<EOF |
| 10 | REMOTE_ADDR=127.0.0.1 | 10 | REMOTE_ADDR=127.0.0.1 |
diff --git a/src/tests/session_encryption/set_custom_session_handler2.phpt b/src/tests/session_encryption/set_custom_session_handler2.phpt index 8cc6786..58b6595 100644 --- a/src/tests/session_encryption/set_custom_session_handler2.phpt +++ b/src/tests/session_encryption/set_custom_session_handler2.phpt | |||
| @@ -4,7 +4,7 @@ Set a custom session handler, twice | |||
| 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> | 4 | <?php if (!extension_loaded("snuffleupagus")) print "skip"; ?> |
| 5 | --INI-- | 5 | --INI-- |
| 6 | sp.configuration_file={PWD}/config/config_crypt_session.ini | 6 | sp.configuration_file={PWD}/config/config_crypt_session.ini |
| 7 | session.save_path = "/tmp" | 7 | session.save_path="/tmp" |
| 8 | --ENV-- | 8 | --ENV-- |
| 9 | return <<<EOF | 9 | return <<<EOF |
| 10 | REMOTE_ADDR=127.0.0.1 | 10 | REMOTE_ADDR=127.0.0.1 |