From bc4d0e014e9fb1edd05e6f9c91cbf97b6c5546b4 Mon Sep 17 00:00:00 2001
From: Thibault "bui" Koechlin
Date: Thu, 28 Dec 2017 13:37:10 +0100
Subject: Implement regexp support for cookies encryption

It's now possible to encrypt cookies matching a specific regexp.

This should close #106 ---
 src/tests/broken_conf_no_cookie_name.phpt          |  2 +-
 .../config/config_encrypted_regexp_cookies.ini     |  3 +++
 .../config_encrypted_regexp_cookies_empty_env.ini  |  2 ++
 src/tests/config/encrypt_regexp_cookies_no_env.ini |  2 ++
 src/tests/config/encrypt_regexp_cookies_no_key.ini |  2 ++
 src/tests/encrypt_cookies2.phpt                    |  2 +-
 src/tests/encrypt_cookies3.phpt                    |  2 +-
 src/tests/encrypt_regexp_cookies.phpt              | 22 +++++++++++++++++++++
 src/tests/encrypt_regexp_cookies2.phpt             | 23 ++++++++++++++++++++++
 src/tests/encrypt_regexp_cookies3.phpt             | 23 ++++++++++++++++++++++
 src/tests/encrypt_regexp_cookies4.phpt             | 23 ++++++++++++++++++++++
 src/tests/encrypt_regexp_cookies_empty_env.phpt    | 19 ++++++++++++++++++
 .../encrypt_regexp_cookies_invalid_decryption.phpt | 23 ++++++++++++++++++++++
 ...encrypt_regexp_cookies_invalid_decryption2.phpt | 23 ++++++++++++++++++++++
 ...encrypt_regexp_cookies_invalid_decryption3.phpt | 21 ++++++++++++++++++++
 src/tests/encrypt_regexp_cookies_no_env.phpt       | 19 ++++++++++++++++++
 src/tests/encrypt_regexp_cookies_no_key.phpt       | 19 ++++++++++++++++++
 17 files changed, 227 insertions(+), 3 deletions(-)
 create mode 100644 src/tests/config/config_encrypted_regexp_cookies.ini
 create mode 100644 src/tests/config/config_encrypted_regexp_cookies_empty_env.ini
 create mode 100644 src/tests/config/encrypt_regexp_cookies_no_env.ini
 create mode 100644 src/tests/config/encrypt_regexp_cookies_no_key.ini
 create mode 100644 src/tests/encrypt_regexp_cookies.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies2.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies3.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies4.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies_empty_env.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies_invalid_decryption.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies_no_env.phpt
 create mode 100644 src/tests/encrypt_regexp_cookies_no_key.phpt

(limited to 'src/tests')

diff --git a/src/tests/broken_conf_no_cookie_name.phpt b/src/tests/broken_conf_no_cookie_name.phpt
index 4616f12..10fde3e 100644
--- a/src/tests/broken_conf_no_cookie_name.phpt
+++ b/src/tests/broken_conf_no_cookie_name.phpt
@@ -6,4 +6,4 @@ Borken configuration - encrypted cookie with no name
 sp.configuration_file={PWD}/config/config_encrypted_cookies_noname.ini
 --FILE--
 --EXPECT--
-[snuffleupagus][0.0.0.0][config][error] You must specify a cookie name on line 2.
+[snuffleupagus][0.0.0.0][config][error] You must specify a cookie name/regexp on line 2.
diff --git a/src/tests/config/config_encrypted_regexp_cookies.ini b/src/tests/config/config_encrypted_regexp_cookies.ini
new file mode 100644
index 0000000..8ea77f7
--- /dev/null
+++ b/src/tests/config/config_encrypted_regexp_cookies.ini
@@ -0,0 +1,3 @@
+sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.cookie.name_r("^super_co[a-z]+$").encrypt();
+sp.auto_cookie_secure.enable();
diff --git a/src/tests/config/config_encrypted_regexp_cookies_empty_env.ini b/src/tests/config/config_encrypted_regexp_cookies_empty_env.ini
new file mode 100644
index 0000000..da84df7
--- /dev/null
+++ b/src/tests/config/config_encrypted_regexp_cookies_empty_env.ini
@@ -0,0 +1,2 @@
+sp.global.secret_key("abcdef").cookie_env_var("REMOTE_ADDR");
+sp.cookie.name_r("^super_coo[a-z]+$").encrypt();
diff --git a/src/tests/config/encrypt_regexp_cookies_no_env.ini b/src/tests/config/encrypt_regexp_cookies_no_env.ini
new file mode 100644
index 0000000..0e1fa30
--- /dev/null
+++ b/src/tests/config/encrypt_regexp_cookies_no_env.ini
@@ -0,0 +1,2 @@
+sp.global.secret_key("abcdef");
+sp.cookie.name_r("^super_co[a-z]+$").encrypt();
diff --git a/src/tests/config/encrypt_regexp_cookies_no_key.ini b/src/tests/config/encrypt_regexp_cookies_no_key.ini
new file mode 100644
index 0000000..52427f4
--- /dev/null
+++ b/src/tests/config/encrypt_regexp_cookies_no_key.ini
@@ -0,0 +1,2 @@
+sp.global.cookie_env_var("TEST");
+sp.cookie.name_r("^super_co[a-z]+$").encrypt();
diff --git a/src/tests/encrypt_cookies2.phpt b/src/tests/encrypt_cookies2.phpt
index be4c990..195cb24 100644
--- a/src/tests/encrypt_cookies2.phpt
+++ b/src/tests/encrypt_cookies2.phpt
@@ -3,7 +3,7 @@ Cookie encryption in ipv4
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
 --ENV--
 return <<<EOF
diff --git a/src/tests/encrypt_cookies3.phpt b/src/tests/encrypt_cookies3.phpt
index b4acbc0..ceb364c 100644
--- a/src/tests/encrypt_cookies3.phpt
+++ b/src/tests/encrypt_cookies3.phpt
@@ -3,7 +3,7 @@ Cookie decryption with ipv6
 --SKIPIF--
 <?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
 --INI--
-sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
 --COOKIE--
 super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value;
 --ENV--
diff --git a/src/tests/encrypt_regexp_cookies.phpt b/src/tests/encrypt_regexp_cookies.phpt
new file mode 100644
index 0000000..6bc187a
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies.phpt
@@ -0,0 +1,22 @@
+--TEST--
+Cookie decryption in ipv4
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
+--COOKIE--
+super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAP3gV9YJZL/pUeNAjCKFW0U2ywmf1CwHzwd2pWM=;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+array(2) {
+  ["super_cookie"]=>
+  string(11) "super_value"
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_regexp_cookies2.phpt b/src/tests/encrypt_regexp_cookies2.phpt
new file mode 100644
index 0000000..195cb24
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies2.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption in ipv4
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+setcookie("super_cookie", "super_value");
+setcookie("awful_cookie", "awful_value");
+setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true);
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(0) {
+}
diff --git a/src/tests/encrypt_regexp_cookies3.phpt b/src/tests/encrypt_regexp_cookies3.phpt
new file mode 100644
index 0000000..ceb364c
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies3.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie decryption with ipv6
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
+--COOKIE--
+super_cookie=AAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAAABM84SCotZTpP6b27Lr5lavORPMvqaKpcUahvxw=;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+array(2) {
+  ["super_cookie"]=>
+  string(11) "super_value"
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_regexp_cookies4.phpt b/src/tests/encrypt_regexp_cookies4.phpt
new file mode 100644
index 0000000..14d737a
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies4.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption in ipv6
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_cookies.ini
+--COOKIE--
+--ENV--
+return <<<EOF
+REMOTE_ADDR=2001:0db8:0000:0000:0000:fe00:0042:8329
+HTTP_USER_AGENT=Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Ubuntu Chromium/59.0.3071.109 Chrome/59.0.3071.109 Safari/537.36
+HTTPS=1
+EOF;
+--FILE--
+<?php
+setcookie("super_cookie", "super_value");
+setcookie("awful_cookie", "awful_value");
+setcookie("nice_cookie", "nice_value", 1, "1", "1", true, true);
+var_dump($_COOKIE);
+?>
+--EXPECT--
+array(0) {
+}
diff --git a/src/tests/encrypt_regexp_cookies_empty_env.phpt b/src/tests/encrypt_regexp_cookies_empty_env.phpt
new file mode 100644
index 0000000..1ee6160
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies_empty_env.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Cookie encryption - empty environment variable specified
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies_empty_env.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=1337;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+NOT_REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php echo "1\n\n\n\n\n"; ?>
+--EXPECT--
+1
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt
new file mode 100644
index 0000000..22bed26
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies_invalid_decryption.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=jWjORGsgZyqzk3WA63XZBmUoSknXWnXDfAAAAAAAAAAAAAAAAAAAAAA7LiMDfkpP94jDnMVH%2Fm41GeL0Y00q3mbOFYz%2FS9mQGySu;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+
+array(1) {
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt
new file mode 100644
index 0000000..1a740c0
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies_invalid_decryption2.phpt
@@ -0,0 +1,23 @@
+--TEST--
+Cookie encryption
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=1337;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+
+array(1) {
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt b/src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt
new file mode 100644
index 0000000..28ffaad
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies_invalid_decryption3.phpt
@@ -0,0 +1,21 @@
+--TEST--
+Cookie encryption
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/config_encrypted_regexp_cookies.ini
+--COOKIE--
+super_cookie=;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php var_dump($_COOKIE); ?>
+--EXPECT--
+array(2) {
+  ["super_cookie"]=>
+  string(0) ""
+  ["awful_cookie"]=>
+  string(18) "awful_cookie_value"
+}
diff --git a/src/tests/encrypt_regexp_cookies_no_env.phpt b/src/tests/encrypt_regexp_cookies_no_env.phpt
new file mode 100644
index 0000000..37b95c1
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies_no_env.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Cookie encryption - no environment variable specified
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/encrypt_regexp_cookies_no_env.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=1337;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php echo "1\n\n\n\n\n"; ?>
+--EXPECT--
+1
diff --git a/src/tests/encrypt_regexp_cookies_no_key.phpt b/src/tests/encrypt_regexp_cookies_no_key.phpt
new file mode 100644
index 0000000..12512ce
--- /dev/null
+++ b/src/tests/encrypt_regexp_cookies_no_key.phpt
@@ -0,0 +1,19 @@
+--TEST--
+Cookie encryption - no encryption key specified
+--SKIPIF--
+<?php if (!extension_loaded("snuffleupagus")) die "skip"; ?>
+--INI--
+sp.configuration_file={PWD}/config/encrypt_regexp_cookies_no_key.ini
+display_errors=1
+display_startup_errors=1
+error_reporting=E_ALL
+--COOKIE--
+super_cookie=1337;awful_cookie=awful_cookie_value;
+--ENV--
+return <<<EOF
+REMOTE_ADDR=127.0.0.1
+EOF;
+--FILE--
+<?php echo "1\n\n\n\n\n"; ?>
+--EXPECT--
+1
-- 
cgit v1.3