mirror_php/php-zip
1
0
Fork 0
mirror of https://github.com/Ne-Lexa/php-zip.git synced 2025-01-17 04:38:20 +01:00
Code Issues Releases Wiki Activity

use random_compat

Browse Source
This commit is contained in:
wapplay 2019-12-06 23:23:44 +03:00
parent 95e3312e60
commit a20e9e054d
11 changed files with 75 additions and 70 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
.travis.yml
View File

@ -10,12 +10,6 @@ php:
- '7.3'
- '7.4'
# cache vendor dirs
cache:
directories:
- vendor
- $HOME/.composer/cache
install:
- travis_retry composer self-update && composer --version
- travis_retry composer install --no-interaction

3
composer.json
View File

@ -23,7 +23,8 @@
"require": {
"php": "^5.5 || ^7.0",
"ext-zlib": "*",
"psr/http-message": "^1.0"
"psr/http-message": "^1.0",
"paragonie/random_compat": ">=1 <9.99"
},
"require-dev": {
"phpunit/phpunit": "^4.8|^5.7",

8
src/PhpZip/Crypto/TraditionalPkwareEncryptionEngine.php
View File

@ -6,7 +6,6 @@ use PhpZip\Exception\RuntimeException;
use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Exception\ZipCryptoException;
use PhpZip\Model\ZipEntry;
use PhpZip\Util\CryptoUtil;
use PhpZip\Util\PackUtil;
/**
@ -430,7 +429,12 @@ class TraditionalPkwareEncryptionEngine implements ZipEncryptionEngine
$crc = $this->entry->isDataDescriptorRequired() ?
($this->entry->getDosTime() & 0x0000ffff) << 16 :
$this->entry->getCrc();
$headerBytes = CryptoUtil::randomBytes(self::STD_DEC_HDR_SIZE);
try {
$headerBytes = random_bytes(self::STD_DEC_HDR_SIZE);
} catch (\Exception $e) {
throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e);
}
// Initialize again since the generated bytes were encrypted.
$password = $this->entry->getPassword();

7
src/PhpZip/Crypto/WinZipAesEngine.php
View File

@ -8,7 +8,6 @@ use PhpZip\Exception\ZipCryptoException;
use PhpZip\Exception\ZipException;
use PhpZip\Extra\Fields\WinZipAesEntryExtraField;
use PhpZip\Model\ZipEntry;
use PhpZip\Util\CryptoUtil;
/**
* WinZip Aes Encryption Engine.
@ -262,7 +261,11 @@ class WinZipAesEngine implements ZipEncryptionEngine
);
$keyStrengthBytes = $keyStrengthBits / 8;
$salt = CryptoUtil::randomBytes($keyStrengthBytes / 2);
try {
$salt = random_bytes($keyStrengthBytes / 2);
} catch (\Exception $e) {
throw new \RuntimeException('Oops, our server is bust and cannot generate any random data.', 1, $e);
}
$keyParam = hash_pbkdf2(
'sha1',

26
src/PhpZip/Util/CryptoUtil.php
View File

@ -2,10 +2,10 @@
namespace PhpZip\Util;
use PhpZip\Exception\RuntimeException;
/**
* Crypto Utils.
*
* @deprecated
*/
class CryptoUtil
{
@ -14,26 +14,14 @@ class CryptoUtil
*
* @param int $length
*
* @throws \Exception
*
* @return string
*
* @deprecated Use random_bytes()
*/
final public static function randomBytes($length)
{
$length = (int) $length;
if (\function_exists('random_bytes')) {
try {
return random_bytes($length);
} catch (\Exception $e) {
throw new \RuntimeException('Could not generate a random string.');
}
} elseif (\function_exists('openssl_random_pseudo_bytes')) {
/** @noinspection PhpComposerExtensionStubsInspection */
return openssl_random_pseudo_bytes($length);
} elseif (\function_exists('mcrypt_create_iv')) {
/** @noinspection PhpComposerExtensionStubsInspection */
return mcrypt_create_iv($length);
} else {
throw new RuntimeException('Extension openssl or mcrypt not loaded');
}
return random_bytes($length);
}
}

4
tests/PhpZip/Issue24Test.php
View File

@ -3,7 +3,6 @@
namespace PhpZip;
use PhpZip\Exception\ZipException;
use PhpZip\Util\CryptoUtil;
/**
* @internal
@ -22,10 +21,11 @@ class Issue24Test extends ZipTestCase
/**
* @throws ZipException
* @throws \Exception
*/
public function testDummyFS()
{
$fileContents = str_repeat(base64_encode(CryptoUtil::randomBytes(12000)), 100);
$fileContents = str_repeat(base64_encode(random_bytes(12000)), 100);
// create zip file
$zip = new ZipFile();

11
tests/PhpZip/ZipAlignTest.php
View File

@ -3,7 +3,6 @@
namespace PhpZip;
use PhpZip\Exception\ZipException;
use PhpZip\Util\CryptoUtil;
/**
* Test ZipAlign.
@ -53,7 +52,7 @@ class ZipAlignTest extends ZipTestCase
for ($i = 0; $i < 100; $i++) {
$zipFile->addFromString(
'entry' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)),
random_bytes(mt_rand(100, 4096)),
ZipFile::METHOD_STORED
);
}
@ -87,6 +86,7 @@ class ZipAlignTest extends ZipTestCase
/**
* @throws ZipException
* @throws \Exception
*/
public function testZipAlignNewFiles()
{
@ -94,7 +94,7 @@ class ZipAlignTest extends ZipTestCase
for ($i = 0; $i < 100; $i++) {
$zipFile->addFromString(
'entry' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)),
random_bytes(mt_rand(100, 4096)),
ZipFile::METHOD_STORED
);
}
@ -115,6 +115,7 @@ class ZipAlignTest extends ZipTestCase
/**
* @throws ZipException
* @throws \Exception
*/
public function testZipAlignFromModifiedZipArchive()
{
@ -122,7 +123,7 @@ class ZipAlignTest extends ZipTestCase
for ($i = 0; $i < 100; $i++) {
$zipFile->addFromString(
'entry' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)),
random_bytes(mt_rand(100, 4096)),
ZipFile::METHOD_STORED
);
}
@ -147,7 +148,7 @@ class ZipAlignTest extends ZipTestCase
$zipFile->addFromString(
'entry_new_' . ($isStored ? 'stored' : 'deflated') . '_' . $i . '.txt',
CryptoUtil::randomBytes(mt_rand(100, 4096)),
random_bytes(mt_rand(100, 4096)),
$isStored ?
ZipFile::METHOD_STORED :
ZipFile::METHOD_DEFLATED

60
tests/PhpZip/ZipFileTest.php
View File

@ -8,7 +8,6 @@ use PhpZip\Exception\ZipException;
use PhpZip\Exception\ZipUnsupportMethodException;
use PhpZip\Model\ZipEntry;
use PhpZip\Model\ZipInfo;
use PhpZip\Util\CryptoUtil;
use PhpZip\Util\FilesUtil;
use Psr\Http\Message\ResponseInterface;
use Zend\Diactoros\Response;
@ -68,6 +67,7 @@ class ZipFileTest extends ZipTestCase
/**
* @throws ZipException
* @throws \Exception
*/
public function testOpenFileInvalidZip()
{
@ -76,7 +76,7 @@ class ZipFileTest extends ZipTestCase
'Expected Local File Header or (ZIP64) End Of Central Directory Record'
);
static::assertNotFalse(file_put_contents($this->outputFilename, CryptoUtil::randomBytes(255)));
static::assertNotFalse(file_put_contents($this->outputFilename, random_bytes(255)));
$zipFile = new ZipFile();
$zipFile->openFile($this->outputFilename);
}
@ -105,6 +105,7 @@ class ZipFileTest extends ZipTestCase
/**
* @throws ZipException
* @throws \Exception
*/
public function testOpenFromStringInvalidZip()
{
@ -114,7 +115,7 @@ class ZipFileTest extends ZipTestCase
);
$zipFile = new ZipFile();
$zipFile->openFromString(CryptoUtil::randomBytes(255));
$zipFile->openFromString(random_bytes(255));
}
/**
@ -224,6 +225,7 @@ class ZipFileTest extends ZipTestCase
/**
* @throws ZipException
* @throws \Exception
*/
public function testOpenFromStreamInvalidZip()
{
@ -233,7 +235,7 @@ class ZipFileTest extends ZipTestCase
);
$fp = fopen($this->outputFilename, 'w+b');
fwrite($fp, CryptoUtil::randomBytes(255));
fwrite($fp, random_bytes(255));
$zipFile = new ZipFile();
$zipFile->openFromStream($fp);
}
@ -800,32 +802,33 @@ class ZipFileTest extends ZipTestCase
* Test zip entry comment.
*
* @throws ZipException
* @throws \Exception
*/
public function testEntryComment()
{
$entries = [
'文件1.txt' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'comment' => '這是註釋的條目。',
],
'file2.txt' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'comment' => null,
],
'file3.txt' => [
'data' => CryptoUtil::randomBytes(255),
'comment' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'comment' => random_bytes(255),
],
'file4.txt' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'comment' => 'Комментарий файла',
],
'file5.txt' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'comment' => 'ไฟล์แสดงความคิดเห็น',
],
'file6 emoji 🙍🏼.txt' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'comment' => 'Emoji comment file - 😀 ⛈ ❤️ 🤴🏽',
],
];
@ -903,17 +906,18 @@ class ZipFileTest extends ZipTestCase
* Test all available support compression methods.
*
* @throws ZipException
* @throws \Exception
*/
public function testCompressionMethod()
{
$entries = [
'1' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'method' => ZipFile::METHOD_STORED,
'expected' => 'No compression',
],
'2' => [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'method' => ZipFile::METHOD_DEFLATED,
'expected' => 'Deflate',
],
@ -921,7 +925,7 @@ class ZipFileTest extends ZipTestCase
if (\extension_loaded('bz2')) {
$entries['3'] = [
'data' => CryptoUtil::randomBytes(255),
'data' => random_bytes(255),
'method' => ZipFile::METHOD_BZIP2,
'expected' => 'Bzip2',
];
@ -976,13 +980,14 @@ class ZipFileTest extends ZipTestCase
* Test extract all files.
*
* @throws ZipException
* @throws \Exception
*/
public function testExtract()
{
$entries = [
'test1.txt' => CryptoUtil::randomBytes(255),
'test2.txt' => CryptoUtil::randomBytes(255),
'test/test 2/test3.txt' => CryptoUtil::randomBytes(255),
'test1.txt' => random_bytes(255),
'test2.txt' => random_bytes(255),
'test/test 2/test3.txt' => random_bytes(255),
'test empty/dir' => null,
];
@ -1022,17 +1027,18 @@ class ZipFileTest extends ZipTestCase
* Test extract some files.
*
* @throws ZipException
* @throws \Exception
*/
public function testExtractSomeFiles()
{
$entries = [
'test1.txt' => CryptoUtil::randomBytes(255),
'test2.txt' => CryptoUtil::randomBytes(255),
'test3.txt' => CryptoUtil::randomBytes(255),
'test4.txt' => CryptoUtil::randomBytes(255),
'test5.txt' => CryptoUtil::randomBytes(255),
'test/test/test.txt' => CryptoUtil::randomBytes(255),
'test/test/test 2.txt' => CryptoUtil::randomBytes(255),
'test1.txt' => random_bytes(255),
'test2.txt' => random_bytes(255),
'test3.txt' => random_bytes(255),
'test4.txt' => random_bytes(255),
'test5.txt' => random_bytes(255),
'test/test/test.txt' => random_bytes(255),
'test/test/test 2.txt' => random_bytes(255),
'test empty/dir/' => null,
'test empty/dir2/' => null,
];
@ -1684,13 +1690,14 @@ class ZipFileTest extends ZipTestCase
* Test `ZipFile` implemented \ArrayAccess, \Countable and |iterator.
*
* @throws ZipException
* @throws \Exception
*/
public function testZipFileArrayAccessAndCountableAndIterator()
{
$files = [];
$numFiles = mt_rand(20, 100);
for ($i = 0; $i < $numFiles; $i++) {
$files['file' . $i . '.txt'] = CryptoUtil::randomBytes(255);
$files['file' . $i . '.txt'] = random_bytes(255);
}
$methods = [ZipFile::METHOD_STORED, ZipFile::METHOD_DEFLATED];
@ -1799,13 +1806,14 @@ class ZipFileTest extends ZipTestCase
/**
* @throws Exception\ZipEntryNotFoundException
* @throws ZipException
* @throws \Exception
*/
public function testUnknownCompressionMethod()
{
$zipFile = new ZipFile();
$zipFile->addFromString('file', 'content', ZipEntry::UNKNOWN);
$zipFile->addFromString('file2', base64_encode(CryptoUtil::randomBytes(512)), ZipEntry::UNKNOWN);
$zipFile->addFromString('file2', base64_encode(random_bytes(512)), ZipEntry::UNKNOWN);
static::assertSame($zipFile->getEntryInfo('file')->getMethodName(), 'Unknown');
static::assertSame($zipFile->getEntryInfo('file2')->getMethodName(), 'Unknown');

6
tests/PhpZip/ZipMatcherTest.php
View File

@ -5,7 +5,6 @@ namespace PhpZip;
use PHPUnit\Framework\TestCase;
use PhpZip\Model\ZipEntryMatcher;
use PhpZip\Model\ZipInfo;
use PhpZip\Util\CryptoUtil;
/**
* @internal
@ -73,11 +72,14 @@ class ZipMatcherTest extends TestCase
$zipFile->close();
}
/**
* @throws \Exception
*/
public function testDocsExample()
{
$zipFile = new ZipFile();
for ($i = 0; $i < 100; $i++) {
$zipFile['file_' . $i . '.jpg'] = CryptoUtil::randomBytes(100);
$zipFile['file_' . $i . '.jpg'] = random_bytes(100);
}
$renameEntriesArray = [

13
tests/PhpZip/ZipPasswordTest.php
View File

@ -7,7 +7,6 @@ use PhpZip\Exception\ZipAuthenticationException;
use PhpZip\Exception\ZipEntryNotFoundException;
use PhpZip\Exception\ZipException;
use PhpZip\Model\ZipInfo;
use PhpZip\Util\CryptoUtil;
/**
* Tests with zip password.
@ -22,6 +21,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
* Test archive password.
*
* @throws ZipException
* @throws \Exception
* @noinspection PhpRedundantCatchClauseInspection
*/
public function testSetPassword()
@ -33,7 +33,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
);
}
$password = base64_encode(CryptoUtil::randomBytes(100));
$password = base64_encode(random_bytes(100));
$badPassword = 'bad password';
// create encryption password with ZipCrypto
@ -121,6 +121,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
/**
* @throws ZipException
* @throws \Exception
*/
public function testTraditionalEncryption()
{
@ -131,7 +132,7 @@ class ZipPasswordTest extends ZipFileAddDirTest
);
}
$password = base64_encode(CryptoUtil::randomBytes(50));
$password = base64_encode(random_bytes(50));
$zip = new ZipFile();
$zip->addDirRecursive($this->outputDirname);
@ -161,10 +162,11 @@ class ZipPasswordTest extends ZipFileAddDirTest
* @param int $bitSize
*
* @throws ZipException
* @throws \Exception
*/
public function testWinZipAesEncryption($encryptionMethod, $bitSize)
{
$password = base64_encode(CryptoUtil::randomBytes(50));
$password = base64_encode(random_bytes(50));
$zip = new ZipFile();
$zip->addDirRecursive($this->outputDirname);
@ -415,11 +417,12 @@ class ZipPasswordTest extends ZipFileAddDirTest
* @see https://github.com/Ne-Lexa/php-zip/issues/9
*
* @throws ZipException
* @throws \Exception
*/
public function testIssues9()
{
$contents = str_pad('', 1000, 'test;test2;test3' . \PHP_EOL, \STR_PAD_RIGHT);
$password = base64_encode(CryptoUtil::randomBytes(20));
$password = base64_encode(random_bytes(20));
$encryptMethod = ZipFile::ENCRYPTION_METHOD_WINZIP_AES_256;
$zipFile = new ZipFile();

1
tests/PhpZip/ZipTestCase.php
View File

@ -63,6 +63,7 @@ abstract class ZipTestCase extends TestCase
$command .= ' -P ' . escapeshellarg($password);
}
$command .= ' -t ' . escapeshellarg($filename);
$command .= ' 2>&1';
exec($command, $output, $returnCode);
$output = implode(\PHP_EOL, $output);