瀏覽代碼

Introduce HiddenString for Config-Values

tags/2019.06^2
Philipp Holzer 4 月之前
父節點
當前提交
357d9b5108
No account linked to committer's email address

+ 1
- 0
composer.json 查看文件

@@ -37,6 +37,7 @@
37 37
 		"mobiledetect/mobiledetectlib": "2.8.*",
38 38
 		"monolog/monolog": "^1.24",
39 39
 		"nikic/fast-route": "^1.3",
40
+		"paragonie/hidden-string": "^1.0",
40 41
 		"pear/text_languagedetect": "1.*",
41 42
 		"pragmarx/google2fa": "^5.0",
42 43
 		"pragmarx/recovery": "^0.1.0",

+ 66
- 18
composer.lock 查看文件

@@ -4,7 +4,7 @@
4 4
         "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies",
5 5
         "This file is @generated automatically"
6 6
     ],
7
-    "content-hash": "67821d2270bdf8cdd24e7a047b9544e7",
7
+    "content-hash": "eb985236d64ed0b0fe1fc2e4ac6616e2",
8 8
     "packages": [
9 9
         {
10 10
             "name": "asika/simple-console",
@@ -1723,25 +1723,24 @@
1723 1723
         },
1724 1724
         {
1725 1725
             "name": "paragonie/constant_time_encoding",
1726
-            "version": "v1.0.4",
1726
+            "version": "v2.2.3",
1727 1727
             "source": {
1728 1728
                 "type": "git",
1729 1729
                 "url": "https://github.com/paragonie/constant_time_encoding.git",
1730
-                "reference": "2132f0f293d856026d7d11bd81b9f4a23a1dc1f6"
1730
+                "reference": "55af0dc01992b4d0da7f6372e2eac097bbbaffdb"
1731 1731
             },
1732 1732
             "dist": {
1733 1733
                 "type": "zip",
1734
-                "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/2132f0f293d856026d7d11bd81b9f4a23a1dc1f6",
1735
-                "reference": "2132f0f293d856026d7d11bd81b9f4a23a1dc1f6",
1734
+                "url": "https://api.github.com/repos/paragonie/constant_time_encoding/zipball/55af0dc01992b4d0da7f6372e2eac097bbbaffdb",
1735
+                "reference": "55af0dc01992b4d0da7f6372e2eac097bbbaffdb",
1736 1736
                 "shasum": ""
1737 1737
             },
1738 1738
             "require": {
1739
-                "php": "^5.3|^7"
1739
+                "php": "^7"
1740 1740
             },
1741 1741
             "require-dev": {
1742
-                "paragonie/random_compat": "^1.4|^2",
1743
-                "phpunit/phpunit": "4.*|5.*",
1744
-                "vimeo/psalm": "^0.3|^1"
1742
+                "phpunit/phpunit": "^6|^7",
1743
+                "vimeo/psalm": "^1|^2"
1745 1744
             },
1746 1745
             "type": "library",
1747 1746
             "autoload": {
@@ -1782,7 +1781,56 @@
1782 1781
                 "hex2bin",
1783 1782
                 "rfc4648"
1784 1783
             ],
1785
-            "time": "2018-04-30T17:57:16+00:00"
1784
+            "time": "2019-01-03T20:26:31+00:00"
1785
+        },
1786
+        {
1787
+            "name": "paragonie/hidden-string",
1788
+            "version": "v1.0.0",
1789
+            "source": {
1790
+                "type": "git",
1791
+                "url": "https://github.com/paragonie/hidden-string.git",
1792
+                "reference": "0bbb00be0e33b8e1d48fa79ea35cd42d3091a936"
1793
+            },
1794
+            "dist": {
1795
+                "type": "zip",
1796
+                "url": "https://api.github.com/repos/paragonie/hidden-string/zipball/0bbb00be0e33b8e1d48fa79ea35cd42d3091a936",
1797
+                "reference": "0bbb00be0e33b8e1d48fa79ea35cd42d3091a936",
1798
+                "shasum": ""
1799
+            },
1800
+            "require": {
1801
+                "paragonie/constant_time_encoding": "^2",
1802
+                "paragonie/sodium_compat": "^1.6",
1803
+                "php": "^7"
1804
+            },
1805
+            "require-dev": {
1806
+                "phpunit/phpunit": "^6|^7",
1807
+                "vimeo/psalm": "^1"
1808
+            },
1809
+            "type": "library",
1810
+            "autoload": {
1811
+                "psr-4": {
1812
+                    "ParagonIE\\HiddenString\\": "./src"
1813
+                }
1814
+            },
1815
+            "notification-url": "https://packagist.org/downloads/",
1816
+            "license": [
1817
+                "MPL-2.0"
1818
+            ],
1819
+            "authors": [
1820
+                {
1821
+                    "name": "Paragon Initiative Enterprises",
1822
+                    "email": "info@paragonie.com",
1823
+                    "homepage": "https://paragonie.com"
1824
+                }
1825
+            ],
1826
+            "description": "Encapsulate strings in an object to hide them from stack traces",
1827
+            "homepage": "https://github.com/paragonie/hidden-string",
1828
+            "keywords": [
1829
+                "hidden",
1830
+                "stack trace",
1831
+                "string"
1832
+            ],
1833
+            "time": "2018-05-07T20:28:06+00:00"
1786 1834
         },
1787 1835
         {
1788 1836
             "name": "paragonie/random_compat",
@@ -2793,12 +2841,12 @@
2793 2841
             "version": "v1.6.5",
2794 2842
             "source": {
2795 2843
                 "type": "git",
2796
-                "url": "https://github.com/mikey179/vfsStream.git",
2844
+                "url": "https://github.com/bovigo/vfsStream.git",
2797 2845
                 "reference": "d5fec95f541d4d71c4823bb5e30cf9b9e5b96145"
2798 2846
             },
2799 2847
             "dist": {
2800 2848
                 "type": "zip",
2801
-                "url": "https://api.github.com/repos/mikey179/vfsStream/zipball/d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
2849
+                "url": "https://api.github.com/repos/bovigo/vfsStream/zipball/d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
2802 2850
                 "reference": "d5fec95f541d4d71c4823bb5e30cf9b9e5b96145",
2803 2851
                 "shasum": ""
2804 2852
             },
@@ -3701,7 +3749,7 @@
3701 3749
                 }
3702 3750
             ],
3703 3751
             "description": "Provides the functionality to compare PHP values for equality",
3704
-            "homepage": "http://www.github.com/sebastianbergmann/comparator",
3752
+            "homepage": "https://github.com/sebastianbergmann/comparator",
3705 3753
             "keywords": [
3706 3754
                 "comparator",
3707 3755
                 "compare",
@@ -3803,7 +3851,7 @@
3803 3851
                 }
3804 3852
             ],
3805 3853
             "description": "Provides functionality to handle HHVM/PHP environments",
3806
-            "homepage": "http://www.github.com/sebastianbergmann/environment",
3854
+            "homepage": "https://github.com/sebastianbergmann/environment",
3807 3855
             "keywords": [
3808 3856
                 "Xdebug",
3809 3857
                 "environment",
@@ -3871,7 +3919,7 @@
3871 3919
                 }
3872 3920
             ],
3873 3921
             "description": "Provides the functionality to export PHP variables for visualization",
3874
-            "homepage": "http://www.github.com/sebastianbergmann/exporter",
3922
+            "homepage": "https://github.com/sebastianbergmann/exporter",
3875 3923
             "keywords": [
3876 3924
                 "export",
3877 3925
                 "exporter"
@@ -3923,7 +3971,7 @@
3923 3971
                 }
3924 3972
             ],
3925 3973
             "description": "Snapshotting of global state",
3926
-            "homepage": "http://www.github.com/sebastianbergmann/global-state",
3974
+            "homepage": "https://github.com/sebastianbergmann/global-state",
3927 3975
             "keywords": [
3928 3976
                 "global state"
3929 3977
             ],
@@ -4025,7 +4073,7 @@
4025 4073
                 }
4026 4074
             ],
4027 4075
             "description": "Provides functionality to recursively process PHP variables",
4028
-            "homepage": "http://www.github.com/sebastianbergmann/recursion-context",
4076
+            "homepage": "https://github.com/sebastianbergmann/recursion-context",
4029 4077
             "time": "2016-11-19T07:33:16+00:00"
4030 4078
         },
4031 4079
         {
@@ -4158,7 +4206,7 @@
4158 4206
                 },
4159 4207
                 {
4160 4208
                     "name": "Gert de Pagter",
4161
-                    "email": "backendtea@gmail.com"
4209
+                    "email": "BackEndTea@gmail.com"
4162 4210
                 }
4163 4211
             ],
4164 4212
             "description": "Symfony polyfill for ctype functions",

+ 16
- 3
src/Core/Config/Cache/ConfigCache.php 查看文件

@@ -2,6 +2,8 @@
2 2
 
3 3
 namespace Friendica\Core\Config\Cache;
4 4
 
5
+use ParagonIE\HiddenString\HiddenString;
6
+
5 7
 /**
6 8
  * The Friendica config cache for the application
7 9
  * Initial, all *.config.php files are loaded into this cache with the
@@ -14,11 +16,18 @@ class ConfigCache implements IConfigCache, IPConfigCache
14 16
 	 */
15 17
 	private $config;
16 18
 
19
+	/**
20
+	 * @var bool
21
+	 */
22
+	private $hidePasswordOutput;
23
+
17 24
 	/**
18 25
 	 * @param array $config    A initial config array
26
+	 * @param bool  $hidePasswordOutput True, if cache variables should take extra care of password values
19 27
 	 */
20
-	public function __construct(array $config = [])
28
+	public function __construct(array $config = [], $hidePasswordOutput = true)
21 29
 	{
30
+		$this->hidePasswordOutput = $hidePasswordOutput;
22 31
 		$this->load($config);
23 32
 	}
24 33
 
@@ -84,8 +93,12 @@ class ConfigCache implements IConfigCache, IPConfigCache
84 93
 			$this->config[$cat] = [];
85 94
 		}
86 95
 
87
-		$this->config[$cat][$key] = $value;
88
-
96
+		if ($this->hidePasswordOutput &&
97
+			$key == 'password') {
98
+			$this->config[$cat][$key] = new HiddenString($value);
99
+		} else {
100
+			$this->config[$cat][$key] = $value;
101
+		}
89 102
 		return true;
90 103
 	}
91 104
 

+ 1
- 1
src/Core/Config/Configuration.php 查看文件

@@ -88,7 +88,7 @@ class Configuration
88 88
 
89 89
 			if (isset($dbvalue)) {
90 90
 				$this->configCache->set($cat, $key, $dbvalue);
91
-				return $dbvalue;
91
+				unset($dbvalue);
92 92
 			}
93 93
 		}
94 94
 

+ 2
- 1
src/Factory/DBFactory.php 查看文件

@@ -6,6 +6,7 @@ use Friendica\Core\Config\Cache;
6 6
 use Friendica\Database;
7 7
 use Friendica\Util\Logger\VoidLogger;
8 8
 use Friendica\Util\Profiler;
9
+use ParagonIE\HiddenString\HiddenString;
9 10
 
10 11
 class DBFactory
11 12
 {
@@ -45,7 +46,7 @@ class DBFactory
45 46
 			} else {
46 47
 				$db_user = $server['MYSQL_USER'];
47 48
 			}
48
-			$db_pass = (string) $server['MYSQL_PASSWORD'];
49
+			$db_pass = new HiddenString((string) $server['MYSQL_PASSWORD']);
49 50
 			$db_data = $server['MYSQL_DATABASE'];
50 51
 		}
51 52
 

+ 34
- 0
tests/src/Core/Config/Cache/ConfigCacheTest.php 查看文件

@@ -275,4 +275,38 @@ class ConfigCacheTest extends MockedTest
275 275
 
276 276
 		$this->assertEmpty($configCache->keyDiff($diffConfig));
277 277
 	}
278
+
279
+	/**
280
+	 * Test the default hiding of passwords inside the cache
281
+	 */
282
+	public function testPasswordHide()
283
+	{
284
+		$configCache = new ConfigCache([
285
+			'database' => [
286
+				'password' => 'supersecure',
287
+				'username' => 'notsecured',
288
+			],
289
+		]);
290
+
291
+		$this->assertEquals('supersecure', $configCache->get('database', 'password'));
292
+		$this->assertNotEquals('supersecure', print_r($configCache->get('database', 'password'), true));
293
+		$this->assertEquals('notsecured', print_r($configCache->get('database', 'username'), true));
294
+	}
295
+
296
+	/**
297
+	 * Test disabling the hiding of passwords inside the cache
298
+	 */
299
+	public function testPasswordShow()
300
+	{
301
+		$configCache = new ConfigCache([
302
+			'database' => [
303
+				'password' => 'supersecure',
304
+				'username' => 'notsecured',
305
+			],
306
+		], false);
307
+
308
+		$this->assertEquals('supersecure', $configCache->get('database', 'password'));
309
+		$this->assertEquals('supersecure', print_r($configCache->get('database', 'password'), true));
310
+		$this->assertEquals('notsecured', print_r($configCache->get('database', 'username'), true));
311
+	}
278 312
 }

Loading…
取消
儲存