mirror/php-zip
1
0
Fork 0
mirror of https://github.com/Ne-Lexa/php-zip.git synced 2025-07-26 02:01:13 +02:00
Code Issues Releases Wiki Activity

use random_compat

Browse Source
This commit is contained in:
wapplay
2019-12-06 23:23:44 +03:00
parent 95e3312e60
commit a20e9e054d
11 changed files with 75 additions and 70 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
.travis.yml
View File

@@ -10,12 +10,6 @@ php:
- '7.3' - '7.3'
- '7.4' - '7.4'
# cache vendor dirs
cache:
directories:
- vendor
- $HOME/.composer/cache
install: install:
- travis_retry composer self-update && composer --version - travis_retry composer self-update && composer --version
- travis_retry composer install --no-interaction - travis_retry composer install --no-interaction

3
composer.json
View File

@@ -23,7 +23,8 @@
"require": { "require": {
"php": "^5.5 || ^7.0", "php": "^5.5 || ^7.0",
"ext-zlib": "*", "ext-zlib": "*",
"psr/http-message": "^1.0" "psr/http-message": "^1.0",
"paragonie/random_compat": ">=1 <9.99"
}, },
"require-dev": { "require-dev": {
"phpunit/phpunit": "^4.8|^5.7", "phpunit/phpunit": "^4.8|^5.7",

8
src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php
View File

@@ -6,7 +6,6 @@ use PhpZip\Exception\RuntimeException;
use PhpZip\Exception\ZipAuthenticationException; use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Exception\ZipCryptoException; use PhpZip\Exception\ZipCryptoException;
use PhpZip\Model\ZipEntry; use PhpZip\Model\ZipEntry;
use PhpZip\Util\CryptoUtil;
use PhpZip\Util\PackUtil; use PhpZip\Util\PackUtil;
/** /**
@@ -430,7 +429,12 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine
$crc = $this->entry->isDataDescriptorRequired() ? $crc = $this->entry->isDataDescriptorRequired() ?
($this->entry->getDosTime() & 0x0000ffff) << 16 : ($this->entry->getDosTime() & 0x0000ffff) << 16 :
$this->entry->getCrc(); $this->entry->getCrc();
$headerBytes = CryptoUtil::randomBytes(self::STD_DEC_HDR_SIZE);
try {
$headerBytes = random_bytes(self::STD_DEC_HDR_SIZE);
} catch (\Exception $e) {
throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e);
}
// Initialize again since the generated bytes were encrypted. // Initialize again since the generated bytes were encrypted.
$password = $this->entry->getPassword(); $password = $this->entry->getPassword();

7
src/PhpZip/Crypto/WinZipAesEngine.php
View File

@@ -8,7 +8,6 @@ use PhpZip\Exception\ZipCryptoException;
use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipException;
use PhpZip\Extra\Fields\WinZipAesEntryExtraField; use PhpZip\Extra\Fields\WinZipAesEntryExtraField;
use PhpZip\Model\ZipEntry; use PhpZip\Model\ZipEntry;
use PhpZip\Util\CryptoUtil;
/** /**
* WinZip Aes Encryption Engine. * WinZip Aes Encryption Engine.
@@ -262,7 +261,11 @@ class WinZipAesEngine implements ZipEncryptionEngine
); );
$keyStrengthBytes = $keyStrengthBits / 8; $keyStrengthBytes = $keyStrengthBits / 8;
$salt = CryptoUtil::randomBytes($keyStrengthBytes / 2); try {
$salt = random_bytes($keyStrengthBytes / 2);
} catch (\Exception $e) {
throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e);
}
$keyParam = hash_pbkdf2( $keyParam = hash_pbkdf2(
'sha1', 'sha1',

26
src/PhpZip/Util/CryptoUtil.php
View File

@@ -2,10 +2,10 @@
namespace PhpZip\Util; namespace PhpZip\Util;
use PhpZip\Exception\RuntimeException;
/** /**
* Crypto Utils. * Crypto Utils.
*
* @deprecated
*/ */
class CryptoUtil class CryptoUtil
{ {
@@ -14,26 +14,14 @@ class CryptoUtil
* *
* @param int $length * @param int $length
* *
* @throws \Exception
*
* @return string * @return string
*
* @deprecated Use random_bytes()
*/ */
final public static function randomBytes($length) final public static function randomBytes($length)
{ {
$length = (int) $length; return random_bytes($length);
if (\function_exists('random_bytes')) {
try {
return random_bytes($length);
} catch (\Exception $e) {
throw new \RuntimeException('Could not generate a random string.');
}
} elseif (\function_exists('openssl_random_pseudo_bytes')) {
/** @noinspection PhpComposerExtensionStubsInspection */
return openssl_random_pseudo_bytes($length);
} elseif (\function_exists('mcrypt_create_iv')) {
/** @noinspection PhpComposerExtensionStubsInspection */
return mcrypt_create_iv($length);
} else {
throw new RuntimeException('Extension openssl or mcrypt not loaded');
}
} }
} }

4
tests/PhpZip/Issue24Test.php
View File

@@ -3,7 +3,6 @@
namespace PhpZip; namespace PhpZip;
use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipException;
use PhpZip\Util\CryptoUtil;
/** /**
* @internal * @internal
@@ -22,10 +21,11 @@ class Issue24Test extends ZipTestCase
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testDummyFS() public function testDummyFS()
{ {
$fileContents = str_repeat(base64_encode(CryptoUtil::randomBytes(12000)), 100); $fileContents = str_repeat(base64_encode(random_bytes(12000)), 100);
// create zip file // create zip file
$zip = new ZipFile(); $zip = new ZipFile();

11
tests/PhpZip/ZipAlignTest.php
View File

@@ -3,7 +3,6 @@
namespace PhpZip; namespace PhpZip;
use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipException;
use PhpZip\Util\CryptoUtil;
/** /**
* Test ZipAlign. * Test ZipAlign.
@@ -53,7 +52,7 @@ class ZipAlignTest extends ZipTestCase
for ($i = 0; $i < 100; $i++) { for ($i = 0; $i < 100; $i++) {
$zipFile->addFromString( $zipFile->addFromString(
'entry' . $i . '.txt', 'entry' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)), random_bytes(mt_rand(100, 4096)),
ZipFile::METHOD_STORED ZipFile::METHOD_STORED
); );
} }
@@ -87,6 +86,7 @@ class ZipAlignTest extends ZipTestCase
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testZipAlignNewFiles() public function testZipAlignNewFiles()
{ {
@@ -94,7 +94,7 @@ class ZipAlignTest extends ZipTestCase
for ($i = 0; $i < 100; $i++) { for ($i = 0; $i < 100; $i++) {
$zipFile->addFromString( $zipFile->addFromString(
'entry' . $i . '.txt', 'entry' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)), random_bytes(mt_rand(100, 4096)),
ZipFile::METHOD_STORED ZipFile::METHOD_STORED
); );
} }
@@ -115,6 +115,7 @@ class ZipAlignTest extends ZipTestCase
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testZipAlignFromModifiedZipArchive() public function testZipAlignFromModifiedZipArchive()
{ {
@@ -122,7 +123,7 @@ class ZipAlignTest extends ZipTestCase
for ($i = 0; $i < 100; $i++) { for ($i = 0; $i < 100; $i++) {
$zipFile->addFromString( $zipFile->addFromString(
'entry' . $i . '.txt', 'entry' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)), random_bytes(mt_rand(100, 4096)),
ZipFile::METHOD_STORED ZipFile::METHOD_STORED
); );
} }
@@ -147,7 +148,7 @@ class ZipAlignTest extends ZipTestCase
$zipFile->addFromString( $zipFile->addFromString(
'entry_new_' . ($isStored ? 'stored' : 'deflated') . '_' . $i . '.txt', 'entry_new_' . ($isStored ? 'stored' : 'deflated') . '_' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)), random_bytes(mt_rand(100, 4096)),
$isStored ? $isStored ?
ZipFile::METHOD_STORED : ZipFile::METHOD_STORED :
ZipFile::METHOD_DEFLATED ZipFile::METHOD_DEFLATED

60
tests/PhpZip/ZipFileTest.php
View File

@@ -8,7 +8,6 @@ use PhpZip\Exception\ZipException;
use PhpZip\Exception\ZipUnsupportMethodException; use PhpZip\Exception\ZipUnsupportMethodException;
use PhpZip\Model\ZipEntry; use PhpZip\Model\ZipEntry;
use PhpZip\Model\ZipInfo; use PhpZip\Model\ZipInfo;
use PhpZip\Util\CryptoUtil;
use PhpZip\Util\FilesUtil; use PhpZip\Util\FilesUtil;
use Psr\Http\Message\ResponseInterface; use Psr\Http\Message\ResponseInterface;
use Zend\Diactoros\Response; use Zend\Diactoros\Response;
@@ -68,6 +67,7 @@ class ZipFileTest extends ZipTestCase
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testOpenFileInvalidZip() public function testOpenFileInvalidZip()
{ {
@@ -76,7 +76,7 @@ class ZipFileTest extends ZipTestCase
'Expected Local File Header or (ZIP64) End Of Central Directory Record' 'Expected Local File Header or (ZIP64) End Of Central Directory Record'
); );
static::assertNotFalse(file_put_contents($this->outputFilename, CryptoUtil::randomBytes(255))); static::assertNotFalse(file_put_contents($this->outputFilename, random_bytes(255)));
$zipFile = new ZipFile(); $zipFile = new ZipFile();
$zipFile->openFile($this->outputFilename); $zipFile->openFile($this->outputFilename);
} }
@@ -105,6 +105,7 @@ class ZipFileTest extends ZipTestCase
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testOpenFromStringInvalidZip() public function testOpenFromStringInvalidZip()
{ {
@@ -114,7 +115,7 @@ class ZipFileTest extends ZipTestCase
); );
$zipFile = new ZipFile(); $zipFile = new ZipFile();
$zipFile->openFromString(CryptoUtil::randomBytes(255)); $zipFile->openFromString(random_bytes(255));
} }
/** /**
@@ -224,6 +225,7 @@ class ZipFileTest extends ZipTestCase
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testOpenFromStreamInvalidZip() public function testOpenFromStreamInvalidZip()
{ {
@@ -233,7 +235,7 @@ class ZipFileTest extends ZipTestCase
); );
$fp = fopen($this->outputFilename, 'w+b'); $fp = fopen($this->outputFilename, 'w+b');
fwrite($fp, CryptoUtil::randomBytes(255)); fwrite($fp, random_bytes(255));
$zipFile = new ZipFile(); $zipFile = new ZipFile();
$zipFile->openFromStream($fp); $zipFile->openFromStream($fp);
} }
@@ -800,32 +802,33 @@ class ZipFileTest extends ZipTestCase
* Test zip entry comment. * Test zip entry comment.
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testEntryComment() public function testEntryComment()
{ {
$entries = [ $entries = [
'文件1.txt' => [ '文件1.txt' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'comment' => '這是註釋的條目。', 'comment' => '這是註釋的條目。',
], ],
'file2.txt' => [ 'file2.txt' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'comment' => null, 'comment' => null,
], ],
'file3.txt' => [ 'file3.txt' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'comment' => CryptoUtil::randomBytes(255), 'comment' => random_bytes(255),
], ],
'file4.txt' => [ 'file4.txt' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'comment' => 'Комментарий файла', 'comment' => 'Комментарий файла',
], ],
'file5.txt' => [ 'file5.txt' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'comment' => 'ไฟล์แสดงความคิดเห็น', 'comment' => 'ไฟล์แสดงความคิดเห็น',
], ],
'file6 emoji 🙍🏼.txt' => [ 'file6 emoji 🙍🏼.txt' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'comment' => 'Emoji comment file - 😀 ⛈ ❤️ 🤴🏽', 'comment' => 'Emoji comment file - 😀 ⛈ ❤️ 🤴🏽',
], ],
]; ];
@@ -903,17 +906,18 @@ class ZipFileTest extends ZipTestCase
* Test all available support compression methods. * Test all available support compression methods.
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testCompressionMethod() public function testCompressionMethod()
{ {
$entries = [ $entries = [
'1' => [ '1' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'method' => ZipFile::METHOD_STORED, 'method' => ZipFile::METHOD_STORED,
'expected' => 'No compression', 'expected' => 'No compression',
], ],
'2' => [ '2' => [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'method' => ZipFile::METHOD_DEFLATED, 'method' => ZipFile::METHOD_DEFLATED,
'expected' => 'Deflate', 'expected' => 'Deflate',
], ],
@@ -921,7 +925,7 @@ class ZipFileTest extends ZipTestCase
if (\extension_loaded('bz2')) { if (\extension_loaded('bz2')) {
$entries['3'] = [ $entries['3'] = [
'data' => CryptoUtil::randomBytes(255), 'data' => random_bytes(255),
'method' => ZipFile::METHOD_BZIP2, 'method' => ZipFile::METHOD_BZIP2,
'expected' => 'Bzip2', 'expected' => 'Bzip2',
]; ];
@@ -976,13 +980,14 @@ class ZipFileTest extends ZipTestCase
* Test extract all files. * Test extract all files.
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testExtract() public function testExtract()
{ {
$entries = [ $entries = [
'test1.txt' => CryptoUtil::randomBytes(255), 'test1.txt' => random_bytes(255),
'test2.txt' => CryptoUtil::randomBytes(255), 'test2.txt' => random_bytes(255),
'test/test 2/test3.txt' => CryptoUtil::randomBytes(255), 'test/test 2/test3.txt' => random_bytes(255),
'test empty/dir' => null, 'test empty/dir' => null,
]; ];
@@ -1022,17 +1027,18 @@ class ZipFileTest extends ZipTestCase
* Test extract some files. * Test extract some files.
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testExtractSomeFiles() public function testExtractSomeFiles()
{ {
$entries = [ $entries = [
'test1.txt' => CryptoUtil::randomBytes(255), 'test1.txt' => random_bytes(255),
'test2.txt' => CryptoUtil::randomBytes(255), 'test2.txt' => random_bytes(255),
'test3.txt' => CryptoUtil::randomBytes(255), 'test3.txt' => random_bytes(255),
'test4.txt' => CryptoUtil::randomBytes(255), 'test4.txt' => random_bytes(255),
'test5.txt' => CryptoUtil::randomBytes(255), 'test5.txt' => random_bytes(255),
'test/test/test.txt' => CryptoUtil::randomBytes(255), 'test/test/test.txt' => random_bytes(255),
'test/test/test 2.txt' => CryptoUtil::randomBytes(255), 'test/test/test 2.txt' => random_bytes(255),
'test empty/dir/' => null, 'test empty/dir/' => null,
'test empty/dir2/' => null, 'test empty/dir2/' => null,
]; ];
@@ -1684,13 +1690,14 @@ class ZipFileTest extends ZipTestCase
* Test `ZipFile` implemented \ArrayAccess, \Countable and |iterator. * Test `ZipFile` implemented \ArrayAccess, \Countable and |iterator.
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testZipFileArrayAccessAndCountableAndIterator() public function testZipFileArrayAccessAndCountableAndIterator()
{ {
$files = []; $files = [];
$numFiles = mt_rand(20, 100); $numFiles = mt_rand(20, 100);
for ($i = 0; $i < $numFiles; $i++) { for ($i = 0; $i < $numFiles; $i++) {
$files['file' . $i . '.txt'] = CryptoUtil::randomBytes(255); $files['file' . $i . '.txt'] = random_bytes(255);
} }
$methods = [ZipFile::METHOD_STORED, ZipFile::METHOD_DEFLATED]; $methods = [ZipFile::METHOD_STORED, ZipFile::METHOD_DEFLATED];
@@ -1799,13 +1806,14 @@ class ZipFileTest extends ZipTestCase
/** /**
* @throws Exception\ZipEntryNotFoundException * @throws Exception\ZipEntryNotFoundException
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testUnknownCompressionMethod() public function testUnknownCompressionMethod()
{ {
$zipFile = new ZipFile(); $zipFile = new ZipFile();
$zipFile->addFromString('file', 'content', ZipEntry::UNKNOWN); $zipFile->addFromString('file', 'content', ZipEntry::UNKNOWN);
$zipFile->addFromString('file2', base64_encode(CryptoUtil::randomBytes(512)), ZipEntry::UNKNOWN); $zipFile->addFromString('file2', base64_encode(random_bytes(512)), ZipEntry::UNKNOWN);
static::assertSame($zipFile->getEntryInfo('file')->getMethodName(), 'Unknown'); static::assertSame($zipFile->getEntryInfo('file')->getMethodName(), 'Unknown');
static::assertSame($zipFile->getEntryInfo('file2')->getMethodName(), 'Unknown'); static::assertSame($zipFile->getEntryInfo('file2')->getMethodName(), 'Unknown');

6
tests/PhpZip/ZipMatcherTest.php
View File

@@ -5,7 +5,6 @@ namespace PhpZip;
use PHPUnit\Framework\TestCase; use PHPUnit\Framework\TestCase;
use PhpZip\Model\ZipEntryMatcher; use PhpZip\Model\ZipEntryMatcher;
use PhpZip\Model\ZipInfo; use PhpZip\Model\ZipInfo;
use PhpZip\Util\CryptoUtil;
/** /**
* @internal * @internal
@@ -73,11 +72,14 @@ class ZipMatcherTest extends TestCase
$zipFile->close(); $zipFile->close();
} }
/**
* @throws \Exception
*/
public function testDocsExample() public function testDocsExample()
{ {
$zipFile = new ZipFile(); $zipFile = new ZipFile();
for ($i = 0; $i < 100; $i++) { for ($i = 0; $i < 100; $i++) {
$zipFile['file_' . $i . '.jpg'] = CryptoUtil::randomBytes(100); $zipFile['file_' . $i . '.jpg'] = random_bytes(100);
} }
$renameEntriesArray = [ $renameEntriesArray = [

13
tests/PhpZip/ZipPasswordTest.php
View File

@@ -7,7 +7,6 @@ use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Exception\ZipEntryNotFoundException; use PhpZip\Exception\ZipEntryNotFoundException;
use PhpZip\Exception\ZipException; use PhpZip\Exception\ZipException;
use PhpZip\Model\ZipInfo; use PhpZip\Model\ZipInfo;
use PhpZip\Util\CryptoUtil;
/** /**
* Tests with zip password. * Tests with zip password.
@@ -22,6 +21,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
* Test archive password. * Test archive password.
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
* @noinspection PhpRedundantCatchClauseInspection * @noinspection PhpRedundantCatchClauseInspection
*/ */
public function testSetPassword() public function testSetPassword()
@@ -33,7 +33,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
); );
} }
$password = base64_encode(CryptoUtil::randomBytes(100)); $password = base64_encode(random_bytes(100));
$badPassword = 'bad password'; $badPassword = 'bad password';
// create encryption password with ZipCrypto // create encryption password with ZipCrypto
@@ -121,6 +121,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
/** /**
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testTraditionalEncryption() public function testTraditionalEncryption()
{ {
@@ -131,7 +132,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
); );
} }
$password = base64_encode(CryptoUtil::randomBytes(50)); $password = base64_encode(random_bytes(50));
$zip = new ZipFile(); $zip = new ZipFile();
$zip->addDirRecursive($this->outputDirname); $zip->addDirRecursive($this->outputDirname);
@@ -161,10 +162,11 @@ class ZipPasswordTest extends ZipFileAddDirTest
* @param int $bitSize * @param int $bitSize
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testWinZipAesEncryption($encryptionMethod, $bitSize) public function testWinZipAesEncryption($encryptionMethod, $bitSize)
{ {
$password = base64_encode(CryptoUtil::randomBytes(50)); $password = base64_encode(random_bytes(50));
$zip = new ZipFile(); $zip = new ZipFile();
$zip->addDirRecursive($this->outputDirname); $zip->addDirRecursive($this->outputDirname);
@@ -415,11 +417,12 @@ class ZipPasswordTest extends ZipFileAddDirTest
* @see https://github.com/Ne-Lexa/php-zip/issues/9 * @see https://github.com/Ne-Lexa/php-zip/issues/9
* *
* @throws ZipException * @throws ZipException
* @throws \Exception
*/ */
public function testIssues9() public function testIssues9()
{ {
$contents = str_pad('', 1000, 'test;test2;test3' . \PHP_EOL, \STR_PAD_RIGHT); $contents = str_pad('', 1000, 'test;test2;test3' . \PHP_EOL, \STR_PAD_RIGHT);
$password = base64_encode(CryptoUtil::randomBytes(20)); $password = base64_encode(random_bytes(20));
$encryptMethod = ZipFile::ENCRYPTION_METHOD_WINZIP_AES_256; $encryptMethod = ZipFile::ENCRYPTION_METHOD_WINZIP_AES_256;
$zipFile = new ZipFile(); $zipFile = new ZipFile();

1
tests/PhpZip/ZipTestCase.php
View File

@@ -63,6 +63,7 @@ abstract class ZipTestCase extends TestCase
$command .= ' -P ' . escapeshellarg($password); $command .= ' -P ' . escapeshellarg($password);
} }
$command .= ' -t ' . escapeshellarg($filename); $command .= ' -t ' . escapeshellarg($filename);
$command .= ' 2>&1';
exec($command, $output, $returnCode); exec($command, $output, $returnCode);
$output = implode(\PHP_EOL, $output); $output = implode(\PHP_EOL, $output);