"Fossies" - the Fresh Open Source Software Archive  

Source code changes of the file "tests/framework/base/SecurityTest.php" between
yii2-2.0.35.tar.gz and yii2-2.0.36.tar.gz

About: Yii 2 is a high-performance component-based PHP framework for developing large-scale Web applications (source).

SecurityTest.php  (yii2-2.0.35):SecurityTest.php  (yii2-2.0.36)
skipping to change at line 99 skipping to change at line 99
} }
protected function tearDown() protected function tearDown()
{ {
static::$functions = []; static::$functions = [];
static::$fopen = null; static::$fopen = null;
static::$fread = null; static::$fread = null;
parent::tearDown(); parent::tearDown();
} }
private function isWindows()
{
return DIRECTORY_SEPARATOR !== '/';
}
// Tests : // Tests :
public function testHashData() public function testHashData()
{ {
$data = 'known data'; $data = 'known data';
$key = 'secret'; $key = 'secret';
$hashedData = $this->security->hashData($data, $key); $hashedData = $this->security->hashData($data, $key);
$this->assertNotSame($data, $hashedData); $this->assertNotSame($data, $hashedData);
$this->assertEquals($data, $this->security->validateData($hashedData, $k ey)); $this->assertEquals($data, $this->security->validateData($hashedData, $k ey));
$hashedData[strlen($hashedData) - 1] = 'A'; $hashedData[strlen($hashedData) - 1] = 'A';
skipping to change at line 945 skipping to change at line 950
* @param array $functions * @param array $functions
*/ */
public function testGenerateRandomKey($functions) public function testGenerateRandomKey($functions)
{ {
foreach ($functions as $fun => $available) { foreach ($functions as $fun => $available) {
if ($available && !\function_exists($fun)) { if ($available && !\function_exists($fun)) {
$this->markTestSkipped("Can not test generateRandomKey() branch that includes $fun, because it is not available on your system."); $this->markTestSkipped("Can not test generateRandomKey() branch that includes $fun, because it is not available on your system.");
} }
} }
// there is no /dev/urandom on windows so we expect this to fail // there is no /dev/urandom on windows so we expect this to fail
if (DIRECTORY_SEPARATOR === '\\' && $functions['random_bytes'] === false && $functions['openssl_random_pseudo_bytes'] === false && $functions['mcrypt_cr eate_iv'] === false) { if ($this->isWindows() && $functions['random_bytes'] === false && $funct ions['openssl_random_pseudo_bytes'] === false && $functions['mcrypt_create_iv'] === false) {
$this->expectException('yii\base\Exception'); $this->expectException('yii\base\Exception');
$this->expectExceptionMessage('Unable to generate a random key'); $this->expectExceptionMessage('Unable to generate a random key');
} }
// Function mcrypt_create_iv() is deprecated since PHP 7.1 // Function mcrypt_create_iv() is deprecated since PHP 7.1
if (version_compare(PHP_VERSION, '7.1.0alpha', '>=') && $functions['rand om_bytes'] === false && $functions['mcrypt_create_iv'] === true) { if (version_compare(PHP_VERSION, '7.1.0alpha', '>=') && $functions['rand om_bytes'] === false && $functions['mcrypt_create_iv'] === true) {
$this->markTestSkipped('Function mcrypt_create_iv() is deprecated as if ($functions['openssl_random_pseudo_bytes'] === false) {
of PHP 7.1'); $this->markTestSkipped('Function mcrypt_create_iv() is deprecate
d as of PHP 7.1');
} elseif (!$this->security->shouldUseLibreSSL() && !$this->isWindows
()) {
$this->markTestSkipped('Function openssl_random_pseudo_bytes nee
d LibreSSL version >=2.1.5 or Windows system on server');
}
} }
static::$functions = $functions; static::$functions = $functions;
// test various string lengths // test various string lengths
for ($length = 1; $length < 64; $length++) { for ($length = 1; $length < 64; $length++) {
$key1 = $this->security->generateRandomKey($length); $key1 = $this->security->generateRandomKey($length);
$this->assertInternalType('string', $key1); $this->assertInternalType('string', $key1);
$this->assertEquals($length, strlen($key1)); $this->assertEquals($length, strlen($key1));
$key2 = $this->security->generateRandomKey($length); $key2 = $this->security->generateRandomKey($length);
skipping to change at line 1015 skipping to change at line 1024
self::markTestSkipped('Comment markTestSkipped in testGenerateRandomKeyS peed() in order to get RNG benchmark.'); self::markTestSkipped('Comment markTestSkipped in testGenerateRandomKeyS peed() in order to get RNG benchmark.');
$tests = [ $tests = [
"function_exists('random_bytes')", "function_exists('random_bytes')",
"defined('OPENSSL_VERSION_TEXT') ? OPENSSL_VERSION_TEXT : null", "defined('OPENSSL_VERSION_TEXT') ? OPENSSL_VERSION_TEXT : null",
'PHP_VERSION_ID', 'PHP_VERSION_ID',
'PHP_OS', 'PHP_OS',
"function_exists('mcrypt_create_iv') ? bin2hex(mcrypt_create_iv(4, M CRYPT_DEV_URANDOM)) : null", "function_exists('mcrypt_create_iv') ? bin2hex(mcrypt_create_iv(4, M CRYPT_DEV_URANDOM)) : null",
'DIRECTORY_SEPARATOR', 'DIRECTORY_SEPARATOR',
"ini_get('open_basedir')", "ini_get('open_basedir')",
]; ];
if (DIRECTORY_SEPARATOR === '/') { if ($this->isWindows()) {
$tests[] = "sprintf('%o', lstat(PHP_OS === 'FreeBSD' ? '/dev/random' : '/dev/urandom')['mode'] & 0170000)"; $tests[] = "sprintf('%o', lstat(PHP_OS === 'FreeBSD' ? '/dev/random' : '/dev/urandom')['mode'] & 0170000)";
$tests[] = "bin2hex(file_get_contents(PHP_OS === 'FreeBSD' ? '/dev/r andom' : '/dev/urandom', false, null, 0, 8))"; $tests[] = "bin2hex(file_get_contents(PHP_OS === 'FreeBSD' ? '/dev/r andom' : '/dev/urandom', false, null, 0, 8))";
} }
foreach ($tests as $i => $test) { foreach ($tests as $i => $test) {
$result = eval('return ' . $test . ';'); $result = eval('return ' . $test . ';');
fwrite(STDERR, sprintf("%2d %s ==> %s\n", $i + 1, $test, var_export( $result, true))); fwrite(STDERR, sprintf("%2d %s ==> %s\n", $i + 1, $test, var_export( $result, true)));
} }
foreach ([16, 2000, 262144] as $block) { foreach ([16, 2000, 262144] as $block) {
$security = new Security(); $security = new Security();
 End of changes. 4 change blocks. 
4 lines changed or deleted 15 lines changed or added

Home  |  About  |  Features  |  All  |  Newest  |  Dox  |  Diffs  |  RSS Feeds  |  Screenshots  |  Comments  |  Imprint  |  Privacy  |  HTTP(S)