padraic · enfoqueNativo · May 21, 2015 · May 22, 2015 · Jun 1, 2015 · Nov 4, 2015
diff --git a/.gitignore b/.gitignore
@@ -1,3 +1,6 @@
 vendor
-test.php
-composer.lock
+*.iml
+.log.git
+composer.lock
+nbproject/*
+.idea
diff --git a/composer.json b/composer.json
@@ -1,5 +1,5 @@
 {
-    "name": "padraic/security-multitool",
+    "name": "siu/security-multitool",
     "description": "A multitool library offering access to recommended security related libraries, standardised implementations of security defences, and secure implementations of commonly performed tasks.",
     "keywords": ["library", "security", "escaping", "sanitisation", "sanitization", "csrf", "xss", "ssl", "tls", "PRNG", "RNG", "random", "htmlpurifier"],
     "homepage": "http://github.com/padraic/SecurityMultiTool",
@@ -14,14 +14,14 @@
     ],
     "require": {
         "ezyang/htmlpurifier": ">=4.5.0",
-        "ircmaxell/random-lib": "dev-master@dev",
-        "ircmaxell/security-lib": "dev-master@dev",
-        "dflydev/markdown": ">=1.0.2",
+        "paragonie/random-lib": "~2.0",
+        "ircmaxell/security-lib": "1.1.*@dev",
+        "michelf/php-markdown": ">=1.0.2",
         "mjohnson/decoda": ">=5.1.2",
-        "zendframework/zend-uri": "2.2.*"
+        "laminas/laminas-uri": "2.7.*"
     },
     "require-dev": {
-        "mockery/mockery": "dev-master@dev"
+        "mockery/mockery": "~1.3"
     },
     "autoload": {
         "psr-0": { "SecurityMultiTool": "library/" }

diff --git a/library/SecurityMultiTool/Csrf/FormDecorator.php b/library/SecurityMultiTool/Csrf/FormDecorator.php
@@ -39,7 +39,7 @@ public function decorate($form)
             }
         } else {
             throw new Exception\RuntimeException(
-                'Unable to decorate as the given argument does not appear to '
+                'Unable to decorate as the given argument does not appear to '.
                 'contain valid HTML form markup'
             );
         }

diff --git a/library/SecurityMultiTool/Csrf/Provider.php b/library/SecurityMultiTool/Csrf/Provider.php
@@ -16,7 +16,7 @@ class Provider extends Common\AbstractOptions implements Common\OptionsInterface
         'token_name_prefix' => 'CSRFToken',
         'name' => '',
         'timeout' => 3600
-    )
+    );
 
     public function __construct(array $options = null)
     {
@@ -88,7 +88,7 @@ protected function storeTokenToSession()
         }
         $_SESSION[$this->getTokenName()] = array(
             'token' => $this->getToken(),
-            'expire' => $expire;
+            'expire' => $expire
         );
     }
 

diff --git a/library/SecurityMultiTool/Http/Redirector.php b/library/SecurityMultiTool/Http/Redirector.php
@@ -6,7 +6,7 @@
 use SecurityMultiTool\Http\HostDetector;
 use SecurityMultiTool\Http\Header;
 use SecurityMultiTool\Exception;
-use Zend\Uri\Uri;
+use Laminas\Uri\Uri;
 
 class Redirector
 {

diff --git a/library/SecurityMultiTool/Markdown/Parser.php b/library/SecurityMultiTool/Markdown/Parser.php
@@ -2,7 +2,7 @@
 
 namespace SecurityMultiTool\Markdown;
 
-use dflydev\markdown\MarkdownParser;
+use Michelf\Markdown;
 use SecurityMultiTool\Html\Sanitizer;
 use SecurityMultiTool\Exception;
 use SecurityMultiTool\Common;
@@ -20,12 +20,12 @@ public function __construct($cachePath, array $options = null)
     {
         $this->sanitizer = new Sanitizer($cachePath, $options);
         //$this->sanitizer->setOption('HTML.Allowed', $this->filter);
-        $this->parser = new MarkdownParser;
+        $this->parser = new Markdown;
     }
 
     public function parse($markdown, $filter = null)
     {
-        $unsanitized = $this->parser->transformMarkdown($markdown);
+        $unsanitized = $this->parser->transform($markdown);
         $sanitized = $this->sanitizer->sanitize($unsanitized, $filter);
         return $sanitized;
     }

diff --git a/library/SecurityMultiTool/Random/Source/HashTiming.php b/library/SecurityMultiTool/Random/Source/HashTiming.php
@@ -51,6 +51,11 @@ public static function getStrength()
         return new Strength(Strength::VERYLOW);
     }
 
+    public static function isSupported()
+    {
+        return (function_exists('mt_rand') && function_exists('microtime') && function_exists('sha1'));
+    }
+
     public function generate($size)
     {
         $result = '';

diff --git a/tests/SecurityMultiTool/BBCode/ParserTest.php b/tests/SecurityMultiTool/BBCode/ParserTest.php
@@ -22,7 +22,7 @@
 use SecurityMultiTool\BBCode\Parser;
 use Mockery as M;
 
-class BBCodeParserTest extends \PHPUnit_Framework_TestCase
+class BBCodeParserTest extends PHPUnit\Framework\TestCase
 {
 
     public $cache = '';
@@ -36,7 +36,7 @@ public function setup()
 
     public function testParserCreationThrowsExceptionIfCacheDirectoryNotExists()
     {
-        $this->setExpectedException('\SecurityMultiTool\Exception\RuntimeException');
+        $this->expectException('\SecurityMultiTool\Exception\RuntimeException');
         $parser = new Parser('/does/not/exist');
     }
 
@@ -75,6 +75,7 @@ public function testParsingCallsHtmlPurifier()
         $sanitizer->shouldReceive('sanitize')->once()->with("foo", null);
         $this->parser->setSanitizer($sanitizer);
         $this->parser->parse('foo');
+		M::close();
     }
 
     public function testCanRestSanitizer()
@@ -83,6 +84,7 @@ public function testCanRestSanitizer()
         $sanitizer->shouldReceive('reset')->once();
         $this->parser->setSanitizer($sanitizer);
         $this->parser->resetSanitizer();
+		M::close();
     }
 
 }
diff --git a/tests/SecurityMultiTool/Html/EscaperTest.php b/tests/SecurityMultiTool/Html/EscaperTest.php
@@ -21,7 +21,7 @@
 
 use SecurityMultiTool\Html\Escaper;
 
-class EscaperTest extends \PHPUnit_Framework_TestCase
+class EscaperTest extends PHPUnit\Framework\TestCase
 {
 
     /**

diff --git a/tests/SecurityMultiTool/Html/SanitizerTest.php b/tests/SecurityMultiTool/Html/SanitizerTest.php
@@ -22,7 +22,7 @@
 use SecurityMultiTool\Html\Sanitizer;
 use Mockery as M;
 
-class SanitizerTest extends \PHPUnit_Framework_TestCase
+class SanitizerTest extends PHPUnit\Framework\TestCase
 {
 
     protected $cache = '';
@@ -37,7 +37,7 @@ public function setup()
 
     public function testSanitizerCreationThrowsExceptionIfCacheDirectoryNotExists()
     {
-        $this->setExpectedException('\SecurityMultiTool\Exception\RuntimeException');
+        $this->expectException('\SecurityMultiTool\Exception\RuntimeException');
         $sanitizer = new Sanitizer('/does/not/exist');
     }
 
@@ -97,6 +97,7 @@ public function testSanitizeMethodCallsHtmlPurifier()
         $purifier->shouldReceive('purify')->once()->with('html', null);
         $this->sanitizer->setHtmlPurifier($purifier);
         $this->sanitizer->sanitize('html');
+		M::close();
     }
 
     public function testOptionsMapToHtmlPurifierConfigObject()
@@ -117,6 +118,7 @@ public function testOptionsMapToHtmlPurifierConfigObject()
         $this->assertEquals('baz', $this->sanitizer->getOption('foo'));
         $this->assertEquals('baz1', $this->sanitizer->getOption('foo1'));
         $this->assertEquals('baz2', $this->sanitizer->getOption('foo2'));
+		M::close();
     }
 
 }
diff --git a/tests/SecurityMultiTool/Http/Header/CsrfTokenTest.php b/tests/SecurityMultiTool/Http/Header/CsrfTokenTest.php
@@ -20,9 +20,8 @@
  */
 
 use SecurityMultiTool\Http\Header\CsrfToken;
-use Mockery as M;
 
-class CsrfTokenTest extends \PHPUnit_Framework_TestCase
+class CsrfTokenTest extends PHPUnit\Framework\TestCase
 {
 
     public function testImplementsOptionsInterfaceAndAbstractClass()
@@ -48,7 +47,7 @@ public function testHeaderConstruction()
 
     public function testThrowsExceptionOnInvalidOptionName()
     {
-        $this->setExpectedException('SecurityMultiTool\Exception\InvalidArgumentException');
+        $this->expectException('SecurityMultiTool\Exception\InvalidArgumentException');
         $header = new CsrfToken(array('foo'=>'bar'));
     }
 

diff --git a/tests/SecurityMultiTool/Http/Header/StrictTransportSecurityTest.php b/tests/SecurityMultiTool/Http/Header/StrictTransportSecurityTest.php
@@ -21,7 +21,7 @@
 
 use SecurityMultiTool\Http\Header\StrictTransportSecurity;
 
-class StrictTransportSecurityTest extends \PHPUnit_Framework_TestCase
+class StrictTransportSecurityTest extends PHPUnit\Framework\TestCase
 {
 
     public function testImplementsOptionsInterfaceAndAbstractClass()
@@ -56,7 +56,7 @@ public function testHeaderConstructionWithIncludeSubdomains()
 
     public function testThrowsExceptionOnInvalidOptionName()
     {
-        $this->setExpectedException('SecurityMultiTool\Exception\InvalidArgumentException');
+        $this->expectException('SecurityMultiTool\Exception\InvalidArgumentException');
         $header = new StrictTransportSecurity(array('foo'=>'bar'));
     }
 

diff --git a/tests/SecurityMultiTool/Http/HeadersTest.php b/tests/SecurityMultiTool/Http/HeadersTest.php
@@ -23,7 +23,7 @@
 use SecurityMultiTool\Http\Header;
 use Mockery as M;
 
-class HeadersTest extends \PHPUnit_Framework_TestCase
+class HeadersTest extends PHPUnit\Framework\TestCase
 {
 
     public function testOptionSetting()
@@ -54,8 +54,12 @@ public function testHeadersAreSent()
         $h1->shouldReceive('send')->once()->with(false);
         $h2->shouldReceive('send')->once()->with(false);
         $headers = new Headers;
-        $headers->addHeader($h1)->addHeader($h2);
+        //$headers->addHeader($h1)->addHeader($h2);             Daisychaining won't work because the name is the same on both headers.
+        $headers->addHeader($h1);
         $headers->send();
+        $headers->addHeader($h2);
+        $headers->send();
+		M::close();
     }
 
 }
diff --git a/tests/SecurityMultiTool/Http/HttpsDetectorTest.php b/tests/SecurityMultiTool/Http/HttpsDetectorTest.php
@@ -21,7 +21,7 @@
 
 use SecurityMultiTool\Http\HttpsDetector;
 
-class HttpsDetectorTest extends \PHPUnit_Framework_TestCase
+class HttpsDetectorTest extends PHPUnit\Framework\TestCase
 {
 
     public function setup()

diff --git a/tests/SecurityMultiTool/Http/RedirectorTest.php b/tests/SecurityMultiTool/Http/RedirectorTest.php
@@ -21,7 +21,7 @@
 
 use SecurityMultiTool\Http\Redirector;
 
-class RedirectorTest extends \PHPUnit_Framework_TestCase
+class RedirectorTest extends PHPUnit\Framework\TestCase
 {
 
     protected $httpHost = null;

diff --git a/tests/SecurityMultiTool/LoaderTest.php b/tests/SecurityMultiTool/LoaderTest.php
@@ -19,7 +19,7 @@
  * @license    http://github.com/padraic/SecurityMultiTool/blob/master/LICENSE New BSD License
  */
 
-class SecurityMultiTool_LoaderTest extends PHPUnit_Framework_TestCase
+class SecurityMultiTool_LoaderTest extends PHPUnit\Framework\TestCase
 {
 
     public function setUp()

diff --git a/tests/SecurityMultiTool/Markdown/ParserTest.php b/tests/SecurityMultiTool/Markdown/ParserTest.php
@@ -22,7 +22,7 @@
 use SecurityMultiTool\Markdown\Parser;
 use Mockery as M;
 
-class ParserTest extends \PHPUnit_Framework_TestCase
+class ParserTest extends PHPUnit\Framework\TestCase
 {
 
     public $cache = '';
@@ -36,7 +36,7 @@ public function setup()
 
     public function testParserCreationThrowsExceptionIfCacheDirectoryNotExists()
     {
-        $this->setExpectedException('\SecurityMultiTool\Exception\RuntimeException');
+        $this->expectException('\SecurityMultiTool\Exception\RuntimeException');
         $parser = new Parser('/does/not/exist');
     }
 
@@ -75,6 +75,7 @@ public function testParsingCallsHtmlPurifier()
         $sanitizer->shouldReceive('sanitize')->once()->with("<p>foo</p>\n", null);
         $this->parser->setSanitizer($sanitizer);
         $this->parser->parse('foo');
+		M::close();
     }
 
     public function testCanRestSanitizer()
@@ -83,6 +84,7 @@ public function testCanRestSanitizer()
         $sanitizer->shouldReceive('reset')->once();
         $this->parser->setSanitizer($sanitizer);
         $this->parser->resetSanitizer();
+		M::close();
     }
 
 }
diff --git a/tests/SecurityMultiTool/Random/GeneratorTest.php b/tests/SecurityMultiTool/Random/GeneratorTest.php
@@ -21,9 +21,8 @@
 
 use SecurityMultiTool\Random\Generator;
 use SecurityMultiTool\Random\Source;
-use Mockery as M;
 
-class GeneratorTest extends \PHPUnit_Framework_TestCase
+class GeneratorTest extends PHPUnit\Framework\TestCase
 {
 
     public function setup()
@@ -105,7 +104,7 @@ public function testRandInteger($num, $valid, $cycles, $tot, $min, $max, $strong
 
     public function testIntegerRangeFail()
     {
-        $this->setExpectedException(
+        $this->expectException(
             '\DomainException'
         );
         $rand = $this->rand->getInteger(100, 0);

diff --git a/tests/SecurityMultiTool/String/FixedTimeComparisonTest.php b/tests/SecurityMultiTool/String/FixedTimeComparisonTest.php
@@ -22,7 +22,7 @@
 use SecurityMultiTool\String\FixedTimeComparison;
 use SecurityMultiTool\Random\Generator;
 
-class FixedTimeComparisonTest extends \PHPUnit_Framework_TestCase
+class FixedTimeComparisonTest extends PHPUnit\Framework\TestCase
 {
 
     public function testCompareShouldReturnTrueOnMatchingStrings()
@@ -76,8 +76,8 @@ public function testCompareStringsWithFixedTime()
          * factor of 100 (could use 512 but a 100 is enough to prove the fixed
          * time comparison is working given we're using completely random bytes)
          */
-        $this->assertTrue(($t3-$t2) > ($t2-$t1));
-        $this->assertTrue(($t3-$t2) > (($t2-$t1)*100));
+        $this->assertTrue(round($t3-$t2) > round($t2-$t1));
+        $this->assertTrue(round($t3-$t2) > round(($t2-$t1)*100));
     }
 
 }
-Original file line number
+Diff line change
@@ Expand Up / @@ -21,7 +21,7 @@ @@
     use SecurityMultiTool\Html\Escaper;
-    class EscaperTest extends \PHPUnit_Framework_TestCase
+    class EscaperTest extends PHPUnit\Framework\TestCase
     {
         /**
@@ Expand Down @@