From e3a459200f3ee8cae88568c8b1a95c005c489597 Mon Sep 17 00:00:00 2001 From: xdrm-brackets Date: Thu, 7 Jul 2016 15:05:55 +0200 Subject: [PATCH] =?UTF-8?q?Ind=C3=A9pendentialisation=20du=20'manager'=20'?= =?UTF-8?q?Checker'?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- config/modules.json | 1 + manager/Checker.php | 150 +++++++++++++++++++++++++++++++ manager/ModuleRequest.php | 2 +- phpunit/tests/Database_check.php | 100 ++++++++++----------- 4 files changed, 202 insertions(+), 51 deletions(-) create mode 100644 manager/Checker.php diff --git a/config/modules.json b/config/modules.json index 54b8af7..40148c1 100755 --- a/config/modules.json +++ b/config/modules.json @@ -56,6 +56,7 @@ } }, + "authentificationDefault": { "warehouse": { "description": "Connexion de premier niveau : entrepot.", diff --git a/manager/Checker.php b/manager/Checker.php new file mode 100644 index 0000000..64b5f53 --- /dev/null +++ b/manager/Checker.php @@ -0,0 +1,150 @@ + Type que l'on veut verifier + * @value Valeur a verifier + * + * @return match Retourne si oui ou non la valeur @value est du bon type @type + * + */ + public static function run($type, $value){ + $checker = true; + + /* [0] On verifie que $value n'est pas nul + =========================================================*/ + if( is_null($value) ) return false; + + + + /* [1] Si de type VARCHAR(min, max, flags) + =========================================================*/ + if( preg_match('/^varchar\((\d+), ?(\d+)((?:, ?\w+)+)?\)$/', $type, $match) ){ + // On recupere la taille min + $min = (int) $match[1]; + // On recupere la taille max + $max = (int) $match[2]; + + // On recupere le sous-type si défini + $flags = isset($match[3]) ? explode(',', substr($match[3], 1)) : null; + + // On effectue la verification de taille + $lenCheck = $checker && is_string($value) && strlen($value) <= $max && strlen($value) >= $min; + + // On vérifie les FLAGS s'il est donné + if( is_array($flags) ) + foreach( $flags as $flag ) + $lenCheck = $lenCheck && self::run($flag, $value); + + return $lenCheck; + } + + + /* [2] Si de type ARRAY(type_elements) + =========================================================*/ + if( preg_match('/^array<(.+)>$/', $type, $match) ){ + + // Si c'est pas un tableau on retourne une erreur + if( !is_array($value) ) + return false; + + + $elements_type = $match[1]; + + // On verifie le type pour chaque element + foreach($value as $element) + // Si erreur dans au moins 1 element, on retourne que c'est incorrect + if( !self::run($elements_type, trim($element) ) ) + return false; + + // Si aucune erreur, on retourne que tout est bon + return true; + } + + + /* [n] Sinon, tous les autres types definis + =========================================================*/ + switch($type){ + // Quoi que ce soit + case 'mixed': + return $checker && !is_null($value); + break; + + // Entier positif (id dans BDD) + case 'id': + return $checker && is_numeric($value) && $value <= 2147483647 && $value >= 0; + break; + + // Code RFID + case 'rfid': + return $checker && is_string($value) && preg_match('/^[\dA-F]{2}(\-[\dA-F]{2}){3,5}$/i', $value); + break; + + // String quelconque (peut etre vide) + case 'text': + return $checker && is_string($value); + + // Adresse mail (255 caracteres max) + case 'mail': + return $checker && is_string($value) && strlen($value) <= 50 && preg_match('/^[\w\.-]+@[\w\.-]+\.[a-z]{2,4}$/i', $value); + break; + + // Hash sha1/md5 + case 'hash': + return $checker && is_string($value) && preg_match('/^[\da-f]{40}$/i', $value); + break; + + case 'alphanumeric': + case 'user.username': + case 'group.name': + return $checker && is_string($value) && preg_match('/^[\w-]+$/i', $value); + break; + + case 'user.firstname': + case 'user.lastname': + case 'letters': + return $checker && is_string($value) && preg_match('/^[a-z -]+$/i', $value); + break; + + case 'status': + return $checker && is_numeric($value) && floor($value) == $value && $value >= 0 && $value <= 100; + break; + + // Tableau non vide + case 'array': + return $checker && is_array($value) && count($value) > 0; + break; + + // Boolean + case 'boolean': + return $checker && is_bool($value); + break; + + // Objet non vide + case 'object': + return $checker && is_object($value) && count((array) $value) > 0; + break; + + // Chaine JSON (on vérifie via le parser) + case 'json': + return $checker && is_string($value) && json_decode($value, true) !== NULL; + break; + + default: + return false; + break; + } + + return $checker; + + } + + + } +?> diff --git a/manager/ModuleRequest.php b/manager/ModuleRequest.php index cdfcb5f..c9ffd17 100755 --- a/manager/ModuleRequest.php +++ b/manager/ModuleRequest.php @@ -461,7 +461,7 @@ /* (6) Si le paramètre est renseigné */ }else // Si la verification est fausse, on retourne faux - if( !Database::check($paramsdata['type'], $params[$name]) ) + if( !Checker::run($paramsdata['type'], $params[$name]) ) return false; } diff --git a/phpunit/tests/Database_check.php b/phpunit/tests/Database_check.php index 635b39f..db838b9 100755 --- a/phpunit/tests/Database_check.php +++ b/phpunit/tests/Database_check.php @@ -6,59 +6,59 @@ /* [1] AUTO_INCREMENT =========================================================*/ public function testAutoIncrementSizeInfCorrect(){ - $this->assertTrue( \manager\Database::check('auto_increment_id', -2147483647) ); + $this->assertTrue( \manager\Checker::run('auto_increment_id', -2147483647) ); } public function testAutoIncrementSizeInfStringCorrect(){ - $this->assertTrue( \manager\Database::check('auto_increment_id', '-2147483647') ); + $this->assertTrue( \manager\Checker::run('auto_increment_id', '-2147483647') ); } public function testAutoIncrementSizeSupCorrect(){ - $this->assertTrue( \manager\Database::check('auto_increment_id', 2147483647) ); + $this->assertTrue( \manager\Checker::run('auto_increment_id', 2147483647) ); } public function testAutoIncrementSizeSupStringCorrect(){ - $this->assertTrue( \manager\Database::check('auto_increment_id', '2147483647') ); + $this->assertTrue( \manager\Checker::run('auto_increment_id', '2147483647') ); } public function testAutoIncrementSizeLtInfIncorrect(){ - $this->assertFalse( \manager\Database::check('auto_increment_id', -2147483647-1) ); + $this->assertFalse( \manager\Checker::run('auto_increment_id', -2147483647-1) ); } public function testAutoIncrementSizeLtInfStringIncorrect(){ - $this->assertFalse( \manager\Database::check('auto_increment_id', '-2147483648') ); + $this->assertFalse( \manager\Checker::run('auto_increment_id', '-2147483648') ); } public function testAutoIncrementSizeGtSupIncorrect(){ - $this->assertFalse( \manager\Database::check('auto_increment_id', 2147483647+1) ); + $this->assertFalse( \manager\Checker::run('auto_increment_id', 2147483647+1) ); } public function testAutoIncrementSizeGtSupStringIncorrect(){ - $this->assertFalse( \manager\Database::check('auto_increment_id', '2147483648') ); + $this->assertFalse( \manager\Checker::run('auto_increment_id', '2147483648') ); } /* [1] Code RFID =========================================================*/ public function testUserCodeSize4(){ - $this->assertTrue( \manager\Database::check('user.code', '01-23-AB-CD') ); + $this->assertTrue( \manager\Checker::run('user.code', '01-23-AB-CD') ); } public function testUserCodeSize6(){ - $this->assertTrue( \manager\Database::check('user.code', '01-23-45-67-89-AB') ); + $this->assertTrue( \manager\Checker::run('user.code', '01-23-45-67-89-AB') ); } public function testUserCodeSize4WrongCharacter(){ - $this->assertFalse( \manager\Database::check('user.code', '01-23-AB-CG') ); + $this->assertFalse( \manager\Checker::run('user.code', '01-23-AB-CG') ); } public function testUserCodeSizeGreaterThan6(){ - $this->assertFalse( \manager\Database::check('user.code', '01-23-45-67-89-AB-CD') ); + $this->assertFalse( \manager\Checker::run('user.code', '01-23-45-67-89-AB-CD') ); } public function testUserCodeSize6WrongCharacter(){ - $this->assertFalse( \manager\Database::check('user.code', '01-23-45-67-89-AG') ); + $this->assertFalse( \manager\Checker::run('user.code', '01-23-45-67-89-AG') ); } @@ -67,91 +67,91 @@ =========================================================*/ /* (1) Type */ public function testUsernameTypeStringCorrect(){ - $this->assertTrue( \manager\Database::check('user.username', '012') ); + $this->assertTrue( \manager\Checker::run('user.username', '012') ); } public function testUsernameTypeIntIncorrect(){ - $this->assertFalse( \manager\Database::check('user.username', 012) ); + $this->assertFalse( \manager\Checker::run('user.username', 012) ); } /* (2) Content */ public function testUsernameContentCorrect(){ - $this->assertTrue( \manager\Database::check('user.username', '0123456789_-') ); - $this->assertTrue( \manager\Database::check('user.username', 'abcdefghijklmnopqrstuvwxyz') ); - $this->assertTrue( \manager\Database::check('user.username', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') ); + $this->assertTrue( \manager\Checker::run('user.username', '0123456789_-') ); + $this->assertTrue( \manager\Checker::run('user.username', 'abcdefghijklmnopqrstuvwxyz') ); + $this->assertTrue( \manager\Checker::run('user.username', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') ); } public function testUsernameContentIncorrect(){ $illegal_chars = '{}[]()=+.,\'\\"/:;|!@#$%^&* '; foreach(str_split($illegal_chars) as $char) // Teste les caracteres enonces plus haut - $this->assertFalse( \manager\Database::check('user.username', 'abc'.$char) ); + $this->assertFalse( \manager\Checker::run('user.username', 'abc'.$char) ); } /* (3) Size */ public function testUsernameSize3Correct(){ $this->assertEquals( 3, strlen('012') ); - $this->assertTrue( \manager\Database::check('user.username', '012') ); + $this->assertTrue( \manager\Checker::run('user.username', '012') ); } public function testUsernameSize30Correct(){ $this->assertEquals( 30, strlen('0123456789abcdefghijklmno_-sda') ); - $this->assertTrue( \manager\Database::check('user.username', '0123456789abcdefghijklmno_-sda') ); + $this->assertTrue( \manager\Checker::run('user.username', '0123456789abcdefghijklmno_-sda') ); } public function testUsernameSizeLt3Incorrect(){ $this->assertLessThan( 3, strlen('') ); - $this->assertFalse( \manager\Database::check('user.username', '') ); + $this->assertFalse( \manager\Checker::run('user.username', '') ); } public function testUsernameSizeGt30Incorrect(){ $this->assertGreaterThan( 30, strlen('0123456789abcdefghijklmno_-sdaa') ); - $this->assertFalse( \manager\Database::check('user.username', '0123456789abcdefghijklmno_-sdaa') ); + $this->assertFalse( \manager\Checker::run('user.username', '0123456789abcdefghijklmno_-sdaa') ); } /* [3] firstname / lastname =========================================================*/ /* (1) Type */ public function testFirstnameTypeStringCorrect(){ - $this->assertTrue( \manager\Database::check('user.firstname', 'abc') ); + $this->assertTrue( \manager\Checker::run('user.firstname', 'abc') ); } public function testFirstnameTypeIntIncorrect(){ - $this->assertFalse( \manager\Database::check('user.firstname', 01932) ); + $this->assertFalse( \manager\Checker::run('user.firstname', 01932) ); } /* (2) Content */ public function testFirstnameContentCorrect(){ - $this->assertTrue( \manager\Database::check('user.firstname', 'abcdefghijklmnopqrstuvwxyz') ); - $this->assertTrue( \manager\Database::check('user.firstname', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') ); + $this->assertTrue( \manager\Checker::run('user.firstname', 'abcdefghijklmnopqrstuvwxyz') ); + $this->assertTrue( \manager\Checker::run('user.firstname', 'ABCDEFGHIJKLMNOPQRSTUVWXYZ') ); } public function testFirstnameContentIncorrect(){ $illegal_chars = '{}[]()=_+.,\'\\"/:;|!@#$%^&*0123456789'; foreach(str_split($illegal_chars) as $char) // Teste les caracteres enonces plus haut - $this->assertFalse( \manager\Database::check('user.firstname', 'abc'.$char) ); + $this->assertFalse( \manager\Checker::run('user.firstname', 'abc'.$char) ); } /* (3) Size */ public function testFirstnameSize3Correct(){ $this->assertEquals( 3, strlen('abc') ); - $this->assertTrue( \manager\Database::check('user.firstname', 'abc') ); + $this->assertTrue( \manager\Checker::run('user.firstname', 'abc') ); } public function testFirstnameSize30Correct(){ $this->assertEquals( 30, strlen('abcdefghijklmnopqrstuvwxyz-k s') ); - $this->assertTrue( \manager\Database::check('user.firstname', 'abcdefghijklmnopqrstuvwxyz-k s') ); + $this->assertTrue( \manager\Checker::run('user.firstname', 'abcdefghijklmnopqrstuvwxyz-k s') ); } public function testFirstnameSizeLt3Incorrect(){ $this->assertLessThan( 3, strlen('ab') ); - $this->assertFalse( \manager\Database::check('user.firstname', 'ab') ); + $this->assertFalse( \manager\Checker::run('user.firstname', 'ab') ); } public function testFirstnameSizeGt30Incorrect(){ $this->assertGreaterThan( 30, strlen('abcdefghijklmnopqrstuvwxyz-k ss') ); - $this->assertFalse( \manager\Database::check('user.firstname', 'abcdefghijklmnopqrstuvwxyz-k ss') ); + $this->assertFalse( \manager\Checker::run('user.firstname', 'abcdefghijklmnopqrstuvwxyz-k ss') ); } /* [4] Adresse mail @@ -159,25 +159,25 @@ /* (1) Size */ public function testMailSizeEqCorrect(){ $this->assertLessThanOrEqual( 50, 'nom-prenom.mot@domaine-d.gouv' ); - $this->assertTrue( \manager\Database::check('user.mail', 'nom-prenom.mot@domaine-d.gouv') ); + $this->assertTrue( \manager\Checker::run('user.mail', 'nom-prenom.mot@domaine-d.gouv') ); } public function testMailSizeSupCorrect(){ $this->assertGreaterThan( 50, strlen('ab12345678901234567890nom-prenom.mot@domaine-d.gouv') ); - $this->assertFalse( \manager\Database::check('user.mail', 'ab12345678901234567890nom-prenom.mot@domaine-d.gouv') ); + $this->assertFalse( \manager\Checker::run('user.mail', 'ab12345678901234567890nom-prenom.mot@domaine-d.gouv') ); } /* (2) Content */ public function testMailContentCorrect(){ - $this->assertTrue( \manager\Database::check('user.mail', '0nom-prenom.mot@domaine-d.gouv') ); + $this->assertTrue( \manager\Checker::run('user.mail', '0nom-prenom.mot@domaine-d.gouv') ); } public function testMailContentIncorrect1(){ - $this->assertFalse( \manager\Database::check('user.mail', '0nom-prenom.mot@domaine-d.gouve') ); + $this->assertFalse( \manager\Checker::run('user.mail', '0nom-prenom.mot@domaine-d.gouve') ); } public function testMailContentIncorrect2(){ - $this->assertFalse( \manager\Database::check('user.mail', '0nom-prenom.mot@domaine-d.g') ); + $this->assertFalse( \manager\Checker::run('user.mail', '0nom-prenom.mot@domaine-d.g') ); } @@ -188,31 +188,31 @@ $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse'); $this->assertEquals( 40, strlen($password_hash) ); - $this->assertTrue( \manager\Database::check('user.password', $password_hash) ); + $this->assertTrue( \manager\Checker::run('user.password', $password_hash) ); } public function testPasswordSizeInfIncorrect(){ $password_hash = 'a'; $this->assertLessThan( 40, strlen($password_hash) ); - $this->assertFalse( \manager\Database::check('user.password', $password_hash) ); + $this->assertFalse( \manager\Checker::run('user.password', $password_hash) ); } public function testPasswordSizeSupIncorrect(){ $password_hash = \manager\sessionManager::secure_sha1('monmotdepasse').'a'; $this->assertGreaterThan( 40, strlen($password_hash) ); - $this->assertFalse( \manager\Database::check('user.password', $password_hash) ); + $this->assertFalse( \manager\Checker::run('user.password', $password_hash) ); } public function testPasswordContentCorrect(){ - $this->assertTrue( \manager\Database::check('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a99a') ); + $this->assertTrue( \manager\Checker::run('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a99a') ); } public function testPasswordContentIncorrect(){ $this->assertContains( 'g', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g' ); - $this->assertFalse( \manager\Database::check('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g') ); + $this->assertFalse( \manager\Checker::run('user.password', 'dd629d39c4576731a2bef003c72ff89d6fc2a9g') ); } @@ -221,42 +221,42 @@ =========================================================*/ /* (1) Type */ public function testStatusTypeIntCorrect(){ - $this->assertTrue( \manager\Database::check('user.status', 1) ); + $this->assertTrue( \manager\Checker::run('user.status', 1) ); } public function testStatusTypeStringCorrect(){ - $this->assertTrue( \manager\Database::check('user.status', '1') ); + $this->assertTrue( \manager\Checker::run('user.status', '1') ); } public function testStatusTypeIntIncorrect(){ - $this->assertFalse( \manager\Database::check('user.status', 1.03) ); + $this->assertFalse( \manager\Checker::run('user.status', 1.03) ); } public function testStatusTypeStringIncorrect(){ - $this->assertFalse( \manager\Database::check('user.status', '1.03') ); + $this->assertFalse( \manager\Checker::run('user.status', '1.03') ); } /* (2) Size */ public function testStatusSizeInfCorrect(){ $this->assertGreaterThanOrEqual( 0, 0 ); - $this->assertTrue( \manager\Database::check('user.status', 0) ); + $this->assertTrue( \manager\Checker::run('user.status', 0) ); } public function testStatusSizeSupCorrect(){ $this->assertLessThanOrEqual( 100, 100 ); - $this->assertTrue( \manager\Database::check('user.status', 100) ); + $this->assertTrue( \manager\Checker::run('user.status', 100) ); } public function testStatusSizeInfIncorrect(){ $this->assertLessThan( 0, -1 ); - $this->assertFalse( \manager\Database::check('user.status', -1) ); + $this->assertFalse( \manager\Checker::run('user.status', -1) ); } public function testStatusSizeSupIncorrect(){ $this->assertGreaterThan( 100, 101 ); - $this->assertFalse( \manager\Database::check('user.status', 101) ); + $this->assertFalse( \manager\Checker::run('user.status', 101) ); }