From 9111fdf5e6332923a5faf9f8a7e6b428eb91795a Mon Sep 17 00:00:00 2001
From: Ben Fuhrmannek
Date: Thu, 11 Nov 2021 12:02:07 +0100
Subject: detect dummy or short encryption key

---
 src/sp_config_keywords.c | 13 +++++++++++++
 1 file changed, 13 insertions(+)

(limited to 'src/sp_config_keywords.c')

diff --git a/src/sp_config_keywords.c b/src/sp_config_keywords.c
index f6af86b..cf44ed9 100644
--- a/src/sp_config_keywords.c
+++ b/src/sp_config_keywords.c
@@ -136,6 +136,19 @@ SP_PARSE_FN(parse_global) {
       {0, 0, 0}};
 
   SP_PROCESS_CONFIG_KEYWORDS_ERR();
+
+  if (SPCFG(encryption_key)) {
+    if (ZSTR_LEN(SPCFG(encryption_key)) < 10) {
+      sp_log_err("config", "The encryption key set on line %zu is too short. please use at least 10 bytes", parsed_rule->lineno);
+      return SP_PARSER_ERROR;
+    }
+    if (zend_string_equals_literal(SPCFG(encryption_key), "YOU _DO_ NEED TO CHANGE THIS WITH SOME RANDOM CHARACTERS.") ||
+        zend_string_equals_literal(SPCFG(encryption_key), "c6a0e02b3b818f7559d5f85303d8fe44")) {
+      sp_log_err("config", "The encryption key set on line %zu is an unchanged dummy value. please use a unique secret.", parsed_rule->lineno);
+      return SP_PARSER_ERROR;
+    }
+  }
+
   return SP_PARSER_STOP;
 }
 
-- 
cgit v1.3