From aa550b9abadc109a2c89a7cd6dd047ac2a953027 Mon Sep 17 00:00:00 2001 From: jvoisin Date: Sat, 6 Oct 2018 16:15:00 +0000 Subject: Bump a bit the coverage * `setcookie` doesn't always return `true` anymore * clang-format * Cookies with invalid decryption are dropped, but the request isn't anymore * faulty unserialize are now dumpable--- ..._conf_cookie_encryption_without_encryption_key.phpt | 14 ++++++++++++++ .../broken_conf_cookie_encryption_without_env_var.phpt | 14 ++++++++++++++ src/tests/broken_conf_mutually_exclusive11.phpt | 14 ++++++++++++++ src/tests/broken_conf_mutually_exclusive12.phpt | 14 ++++++++++++++ src/tests/broken_conf_wrapper_whitelist.phpt | 18 ++++++++++++++++++ ...n_conf_cookie_encryption_without_encryption_key.ini | 2 ++ .../broken_conf_cookie_encryption_without_env_var.ini | 2 ++ src/tests/config/broken_conf_mutually_exclusive11.ini | 1 + src/tests/config/broken_conf_mutually_exclusive12.ini | 1 + src/tests/config/broken_conf_wrapper_whitelist.ini | 1 + src/tests/crypt_session_invalid.phpt | 2 +- src/tests/encrypt_cookies4.phpt | 7 ++++++- src/tests/encrypt_cookies_empty_env.phpt | 3 ++- src/tests/encrypt_cookies_invalid_decryption.phpt | 15 +++++++++++---- .../encrypt_regexp_cookies_invalid_decryption.phpt | 6 +++++- 15 files changed, 106 insertions(+), 8 deletions(-) create mode 100644 src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt create mode 100644 src/tests/broken_conf_cookie_encryption_without_env_var.phpt create mode 100644 src/tests/broken_conf_mutually_exclusive11.phpt create mode 100644 src/tests/broken_conf_mutually_exclusive12.phpt create mode 100644 src/tests/broken_conf_wrapper_whitelist.phpt create mode 100644 src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini create mode 100644 src/tests/config/broken_conf_cookie_encryption_without_env_var.ini create mode 100644 src/tests/config/broken_conf_mutually_exclusive11.ini create mode 100644 src/tests/config/broken_conf_mutually_exclusive12.ini create mode 100644 src/tests/config/broken_conf_wrapper_whitelist.ini (limited to 'src/tests') diff --git a/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt b/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt new file mode 100644 index 0000000..d0b7c0d --- /dev/null +++ b/src/tests/broken_conf_cookie_encryption_without_encryption_key.phpt @@ -0,0 +1,14 @@ +--TEST-- +Borken configuration - encrypted cookie without encryption key +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_encryption_key.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.encryption_key` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_cookie_encryption_without_env_var.phpt b/src/tests/broken_conf_cookie_encryption_without_env_var.phpt new file mode 100644 index 0000000..af5d471 --- /dev/null +++ b/src/tests/broken_conf_cookie_encryption_without_env_var.phpt @@ -0,0 +1,14 @@ +--TEST-- +Borken configuration - encrypted cookie with without cookie env var +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_cookie_encryption_without_env_var.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] You're trying to use the cookie encryption featureon line 2 without having set the `.cookie_env_var` option in`sp.global`: please set it first in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_mutually_exclusive11.phpt b/src/tests/broken_conf_mutually_exclusive11.phpt new file mode 100644 index 0000000..507d7fa --- /dev/null +++ b/src/tests/broken_conf_mutually_exclusive11.phpt @@ -0,0 +1,14 @@ +--TEST-- +Broken configuration - ret and var are mutually exclusives +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive11.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").var("hop");':`ret` and `var` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_mutually_exclusive12.phpt b/src/tests/broken_conf_mutually_exclusive12.phpt new file mode 100644 index 0000000..d823de9 --- /dev/null +++ b/src/tests/broken_conf_mutually_exclusive12.phpt @@ -0,0 +1,14 @@ +--TEST-- +Broken configuration - ret and value are mutually exclusive +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_mutually_exclusive12.ini +--FILE-- +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration line: 'sp.disabled_functions.function("strcmp").drop().ret("hip").value("hop");':`ret` and `value` are mutually exclusive on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/broken_conf_wrapper_whitelist.phpt b/src/tests/broken_conf_wrapper_whitelist.phpt new file mode 100644 index 0000000..ea147ac --- /dev/null +++ b/src/tests/broken_conf_wrapper_whitelist.phpt @@ -0,0 +1,18 @@ +--TEST-- +Broken configuration with invalid token for wrapper whitelist +--SKIPIF-- + +--INI-- +sp.configuration_file={PWD}/config/broken_conf_wrapper_whitelist.ini +sp.allow_broken_configuration=Off +--FILE-- + +--EXPECT-- +PHP Fatal error: [snuffleupagus][config] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Trailing chars '.invalid_param();' at the end of '.invalid_param();' on line 1 in Unknown on line 0 + +Fatal error: [snuffleupagus][config] Invalid configuration file in Unknown on line 0 +Could not startup. diff --git a/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini b/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini new file mode 100644 index 0000000..a100bd8 --- /dev/null +++ b/src/tests/config/broken_conf_cookie_encryption_without_encryption_key.ini @@ -0,0 +1,2 @@ +sp.global.cookie_env_var("MY_SUPER_ENV_VAR_YAY"); +sp.cookie.name("my_cookie_name").encrypt(); diff --git a/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini b/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini new file mode 100644 index 0000000..54cb101 --- /dev/null +++ b/src/tests/config/broken_conf_cookie_encryption_without_env_var.ini @@ -0,0 +1,2 @@ +sp.global.secret_key("super secret encryption key"); +sp.cookie.name("my_cookie_name").encrypt(); diff --git a/src/tests/config/broken_conf_mutually_exclusive11.ini b/src/tests/config/broken_conf_mutually_exclusive11.ini new file mode 100644 index 0000000..cab163f --- /dev/null +++ b/src/tests/config/broken_conf_mutually_exclusive11.ini @@ -0,0 +1 @@ +sp.disable_function.function("strcmp").drop().ret("hip").var("hop"); diff --git a/src/tests/config/broken_conf_mutually_exclusive12.ini b/src/tests/config/broken_conf_mutually_exclusive12.ini new file mode 100644 index 0000000..fe140db --- /dev/null +++ b/src/tests/config/broken_conf_mutually_exclusive12.ini @@ -0,0 +1 @@ +sp.disable_function.function("strcmp").drop().ret("hip").value("hop"); diff --git a/src/tests/config/broken_conf_wrapper_whitelist.ini b/src/tests/config/broken_conf_wrapper_whitelist.ini new file mode 100644 index 0000000..b8e08a8 --- /dev/null +++ b/src/tests/config/broken_conf_wrapper_whitelist.ini @@ -0,0 +1 @@ +sp.wrappers_whitelist.invalid_param(); diff --git a/src/tests/crypt_session_invalid.phpt b/src/tests/crypt_session_invalid.phpt index cc6e80e..4b0f4d2 100644 --- a/src/tests/crypt_session_invalid.phpt +++ b/src/tests/crypt_session_invalid.phpt @@ -21,4 +21,4 @@ session_start(); // Re start the session, It will read and decrypt the non em var_dump($_SESSION); // Dump the session ?> --EXPECTF-- -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of the session in %s/tests/crypt_session_invalid.php on line %d +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of the session in %s/tests/crypt_session_invalid.php on line %d diff --git a/src/tests/encrypt_cookies4.phpt b/src/tests/encrypt_cookies4.phpt index 14d737a..04d4076 100644 --- a/src/tests/encrypt_cookies4.phpt +++ b/src/tests/encrypt_cookies4.phpt @@ -16,8 +16,13 @@ EOF; setcookie("super_cookie", "super_value"); setcookie("awful_cookie", "awful_value"); setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true); +$ret = setcookie("", "Cookie with no name", 1, "1", "1", true, true); +if ($ret == TRUE) { + echo "fail :/"; +} var_dump($_COOKIE); ?> ---EXPECT-- +--EXPECTF-- +Warning: Cookie names must not be empty in %a/tests/encrypt_cookies4.php on line %d array(0) { } diff --git a/src/tests/encrypt_cookies_empty_env.phpt b/src/tests/encrypt_cookies_empty_env.phpt index 252f831..23f1759 100644 --- a/src/tests/encrypt_cookies_empty_env.phpt +++ b/src/tests/encrypt_cookies_empty_env.phpt @@ -14,4 +14,5 @@ super_cookie=cGFkZGluZ3BhZGRpbmdwYWRkaW5ncGFkZGluZ3BhZGRpbmdwYWRkaW5ncGFkZGluZ3B --EXPECT-- Warning: [snuffleupagus][cookie_encryption] The environment variable 'SUPER_ENV_VAR' is empty, cookies are weakly encrypted in Unknown on line 0 -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +1 diff --git a/src/tests/encrypt_cookies_invalid_decryption.phpt b/src/tests/encrypt_cookies_invalid_decryption.phpt index c64675d..d4a0b0f 100644 --- a/src/tests/encrypt_cookies_invalid_decryption.phpt +++ b/src/tests/encrypt_cookies_invalid_decryption.phpt @@ -1,5 +1,5 @@ --TEST-- -Cookie encryption +Cookie encryption - invalid decryption --SKIPIF-- --INI-- @@ -8,12 +8,19 @@ display_errors=1 display_startup_errors=1 error_reporting=E_ALL --COOKIE-- -super_cookie=jWjORGsgZyqzk3WA63XZBmUoSknXWnXDfAAAAAAAAAAAAAAAAAAAAAA7LiMDfkpP94jDnMVH%2Fm41GeL0Y00q3mbOFYz%2FS9mQGySu;awful_cookie=awful_cookie_value; +super_cookie=Wk9NR1RISVNJU05PVEVOQ1JZUFRFREFUQUxMV0hBVFRIRUhFTExJU0hIRUxMQVJFWU9VRE9JTkdaT01Hb2htYXliZXRoaXNpc2Fub2xkc2Vzc2lvbmNvb2tpZQo=;awfulcookie=awfulcookievalue; --ENV-- return << + --EXPECT-- -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 \ No newline at end of file +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +1337 +array(1) { + ["awfulcookie"]=> + string(16) "awfulcookievalue" +} diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt index 0c02806..d2f9e3c 100644 --- a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt +++ b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt @@ -16,4 +16,8 @@ EOF; --FILE-- --EXPECT-- -Fatal error: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 \ No newline at end of file +Warning: [snuffleupagus][cookie_encryption] Something went wrong with the decryption of super_cookie in Unknown on line 0 +array(1) { + ["awful_cookie"]=> + string(18) "awful_cookie_value" +} -- cgit v1.3