Преглед изворни кода

Introduce HiddenString for Config-Values

tags/2019.06^2
Philipp Holzer пре 1 година
родитељ
комит
357d9b5108
No known key found for this signature in database GPG Key ID: D8365C3D36B77D90
6 измењених фајлова са 120 додато и 23 уклоњено
  1. +1
    -0
      composer.json
  2. +66
    -18
      composer.lock
  3. +16
    -3
      src/Core/Config/Cache/ConfigCache.php
  4. +1
    -1
      src/Core/Config/Configuration.php
  5. +2
    -1
      src/Factory/DBFactory.php
  6. +34
    -0
      tests/src/Core/Config/Cache/ConfigCacheTest.php

+ 1
- 0
composer.json Прегледај датотеку

@@ -37,6 +37,7 @@
"mobiledetect/mobiledetectlib": "2.8.*",
"monolog/monolog": "^1.24",
"nikic/fast-route": "^1.3",
"paragonie/hidden-string": "^1.0",
"pear/text_languagedetect": "1.*",
"pragmarx/google2fa": "^5.0",
"pragmarx/recovery": "^0.1.0",


+ 66
- 18
composer.lock Прегледај датотеку

@@ -4,7 +4,7 @@
"Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
"This file is @generated automatically"
],
"content-hash": "67821d2270bdf8cdd24e7a047b9544e7",
"content-hash": "eb985236d64ed0b0fe1fc2e4ac6616e2",
"packages": [
{
"name": "asika/simple-console",
@@ -1723,25 +1723,24 @@
},
{
"name": "paragonie/constant_time_encoding",
"version": "v1.0.4",
"version": "v2.2.3",
"source": {
"type": "git",
"url": "https://github.com/paragonie/constant_time_encoding.git",
"reference": "2132f0f293d856026d7d11bd81b9f4a23a1dc1f6"
"reference": "55af0dc01992b4d0da7f6372e2eac097bbbaffdb"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/2132f0f293d856026d7d11bd81b9f4a23a1dc1f6",
"reference": "2132f0f293d856026d7d11bd81b9f4a23a1dc1f6",
"url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/55af0dc01992b4d0da7f6372e2eac097bbbaffdb",
"reference": "55af0dc01992b4d0da7f6372e2eac097bbbaffdb",
"shasum": ""
},
"require": {
"php": "^5.3|^7"
"php": "^7"
},
"require-dev": {
"paragonie/random_compat": "^1.4|^2",
"phpunit/phpunit": "4.*|5.*",
"vimeo/psalm": "^0.3|^1"
"phpunit/phpunit": "^6|^7",
"vimeo/psalm": "^1|^2"
},
"type": "library",
"autoload": {
@@ -1782,7 +1781,56 @@
"hex2bin",
"rfc4648"
],
"time": "2018-04-30T17:57:16+00:00"
"time": "2019-01-03T20:26:31+00:00"
},
{
"name": "paragonie/hidden-string",
"version": "v1.0.0",
"source": {
"type": "git",
"url": "https://github.com/paragonie/hidden-string.git",
"reference": "0bbb00be0e33b8e1d48fa79ea35cd42d3091a936"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/paragonie/hidden-string/zipball/0bbb00be0e33b8e1d48fa79ea35cd42d3091a936",
"reference": "0bbb00be0e33b8e1d48fa79ea35cd42d3091a936",
"shasum": ""
},
"require": {
"paragonie/constant_time_encoding": "^2",
"paragonie/sodium_compat": "^1.6",
"php": "^7"
},
"require-dev": {
"phpunit/phpunit": "^6|^7",
"vimeo/psalm": "^1"
},
"type": "library",
"autoload": {
"psr-4": {
"ParagonIE\\HiddenString\\": "./src"
}
},
"notification-url": "https://packagist.org/downloads/",
"license": [
"MPL-2.0"
],
"authors": [
{
"name": "Paragon Initiative Enterprises",
"email": "info@paragonie.com",
"homepage": "https://paragonie.com"
}
],
"description": "Encapsulate strings in an object to hide them from stack traces",
"homepage": "https://github.com/paragonie/hidden-string",
"keywords": [
"hidden",
"stack trace",
"string"
],
"time": "2018-05-07T20:28:06+00:00"
},
{
"name": "paragonie/random_compat",
@@ -2793,12 +2841,12 @@
"version": "v1.6.5",
"source": {
"type": "git",
"url": "https://github.com/mikey179/vfsStream.git",
"url": "https://github.com/bovigo/vfsStream.git",
"reference": "d5fec95f541d4d71c4823bb5e30cf9b9e5b96145"
},
"dist": {
"type": "zip",
"url": "https://api.github.com/repos/mikey179/vfsStream/zipball/d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
"url": "https://api.github.com/repos/bovigo/vfsStream/zipball/d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
"reference": "d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
"shasum": ""
},
@@ -3701,7 +3749,7 @@
}
],
"description": "Provides the functionality to compare PHP values for equality",
"homepage": "http://www.github.com/sebastianbergmann/comparator",
"homepage": "https://github.com/sebastianbergmann/comparator",
"keywords": [
"comparator",
"compare",
@@ -3803,7 +3851,7 @@
}
],
"description": "Provides functionality to handle HHVM/PHP environments",
"homepage": "http://www.github.com/sebastianbergmann/environment",
"homepage": "https://github.com/sebastianbergmann/environment",
"keywords": [
"Xdebug",
"environment",
@@ -3871,7 +3919,7 @@
}
],
"description": "Provides the functionality to export PHP variables for visualization",
"homepage": "http://www.github.com/sebastianbergmann/exporter",
"homepage": "https://github.com/sebastianbergmann/exporter",
"keywords": [
"export",
"exporter"
@@ -3923,7 +3971,7 @@
}
],
"description": "Snapshotting of global state",
"homepage": "http://www.github.com/sebastianbergmann/global-state",
"homepage": "https://github.com/sebastianbergmann/global-state",
"keywords": [
"global state"
],
@@ -4025,7 +4073,7 @@
}
],
"description": "Provides functionality to recursively process PHP variables",
"homepage": "http://www.github.com/sebastianbergmann/recursion-context",
"homepage": "https://github.com/sebastianbergmann/recursion-context",
"time": "2016-11-19T07:33:16+00:00"
},
{
@@ -4158,7 +4206,7 @@
},
{
"name": "Gert de Pagter",
"email": "backendtea@gmail.com"
"email": "BackEndTea@gmail.com"
}
],
"description": "Symfony polyfill for ctype functions",


+ 16
- 3
src/Core/Config/Cache/ConfigCache.php Прегледај датотеку

@@ -2,6 +2,8 @@

namespace Friendica\Core\Config\Cache;

use ParagonIE\HiddenString\HiddenString;

/**
* The Friendica config cache for the application
* Initial, all *.config.php files are loaded into this cache with the
@@ -14,11 +16,18 @@ class ConfigCache implements IConfigCache, IPConfigCache
*/
private $config;

/**
* @var bool
*/
private $hidePasswordOutput;

/**
* @param array $config A initial config array
* @param bool $hidePasswordOutput True, if cache variables should take extra care of password values
*/
public function __construct(array $config = [])
public function __construct(array $config = [], $hidePasswordOutput = true)
{
$this->hidePasswordOutput = $hidePasswordOutput;
$this->load($config);
}

@@ -84,8 +93,12 @@ class ConfigCache implements IConfigCache, IPConfigCache
$this->config[$cat] = [];
}

$this->config[$cat][$key] = $value;

if ($this->hidePasswordOutput &&
$key == 'password') {
$this->config[$cat][$key] = new HiddenString($value);
} else {
$this->config[$cat][$key] = $value;
}
return true;
}



+ 1
- 1
src/Core/Config/Configuration.php Прегледај датотеку

@@ -88,7 +88,7 @@ class Configuration

if (isset($dbvalue)) {
$this->configCache->set($cat, $key, $dbvalue);
return $dbvalue;
unset($dbvalue);
}
}



+ 2
- 1
src/Factory/DBFactory.php Прегледај датотеку

@@ -6,6 +6,7 @@ use Friendica\Core\Config\Cache;
use Friendica\Database;
use Friendica\Util\Logger\VoidLogger;
use Friendica\Util\Profiler;
use ParagonIE\HiddenString\HiddenString;

class DBFactory
{
@@ -45,7 +46,7 @@ class DBFactory
} else {
$db_user = $server['MYSQL_USER'];
}
$db_pass = (string) $server['MYSQL_PASSWORD'];
$db_pass = new HiddenString((string) $server['MYSQL_PASSWORD']);
$db_data = $server['MYSQL_DATABASE'];
}



+ 34
- 0
tests/src/Core/Config/Cache/ConfigCacheTest.php Прегледај датотеку

@@ -275,4 +275,38 @@ class ConfigCacheTest extends MockedTest

$this->assertEmpty($configCache->keyDiff($diffConfig));
}

/**
* Test the default hiding of passwords inside the cache
*/
public function testPasswordHide()
{
$configCache = new ConfigCache([
'database' => [
'password' => 'supersecure',
'username' => 'notsecured',
],
]);

$this->assertEquals('supersecure', $configCache->get('database', 'password'));
$this->assertNotEquals('supersecure', print_r($configCache->get('database', 'password'), true));
$this->assertEquals('notsecured', print_r($configCache->get('database', 'username'), true));
}

/**
* Test disabling the hiding of passwords inside the cache
*/
public function testPasswordShow()
{
$configCache = new ConfigCache([
'database' => [
'password' => 'supersecure',
'username' => 'notsecured',
],
], false);

$this->assertEquals('supersecure', $configCache->get('database', 'password'));
$this->assertEquals('supersecure', print_r($configCache->get('database', 'password'), true));
$this->assertEquals('notsecured', print_r($configCache->get('database', 'username'), true));
}
}

Loading…
Откажи
Сачувај