-
Notifications
You must be signed in to change notification settings - Fork 111
Conversation
@weierophinney ping |
@Slamdunk instead of copy the |
139570f
to
5a3d360
Compare
@ezimuel Ok for centralizing the code, but how to test it?
class StreamSocketTest extends PHPUnit_Framework_TestCase
{
public function testTlsVersion()
{
$cryptoMethod = STREAM_CRYPTO_METHOD_TLS_CLIENT;
if (defined('STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT')) {
$cryptoMethod |= STREAM_CRYPTO_METHOD_TLSv1_2_CLIENT;
$cryptoMethod |= STREAM_CRYPTO_METHOD_TLSv1_1_CLIENT;
}
$this->assertSame($cryptoMethod, StreamSocket::getCryptoMethod());
}
} |
@Slamdunk for the unit test we should check that using PHP 5.6.7+ the crypto constants are ok. We can use the PHPUnit annotation Moreover, I suggested to use a Trait and not a static function of a new class. You can use a name like |
@ezimuel A test was added in the way that I found the most worthwhile. I left the code in a new class because traits can easily get bypassed: https://3v4l.org/3DrmE . Do you have particular reasons for using them in this case? |
@Slamdunk the unit test looks perfect! Regarding the Trait I think this is a perfect fit because we just need to share the same code across different classes that does not extends or implements a shared interface. |
@ezimuel I believe the code should protect itself in every scenario: you should be able to change the internal code of a library only if you become aware of every reason behide the already written lines. With a Trait you are able to modify/override the code and get the tests pass without alteration: this would be a security hole. Instead, if in the future some evidence will require this code to be altered, you can't skip reading and understanding the current reasons. |
@Slamdunk IMHO I don't see any security issue using a Trait. Again, if someone wants to override the Anyway, I would like to have a different feedback on this, @weierophinney what do you think? |
Indeed 👍 |
@Slamdunk I'm failing to see how this would present a security issue. Composing a trait is equivalent to compile-time copy-and-paste, and any changes to the trait would be reflected in changes in behavior, and thus captured in the test suite already. Using a final static class places a hard dependency within the classes using this instead, and a change to that is also reflected in the test suite results. My point is: It's not a security issue; it's an issue of preference. As a project, we've generally preferred usage of traits vs static methods for code since we updated to PHP 5.6 as our minimum supported version. |
@weierophinney The issue here is that we are not testing this bug+bugfix. In order to test this bug we should create a (mock) socket listener and try to connect to it in different cases with different parameters for every Since we can't do this, suppose the Trait is written and used; it's passed a year, and someone creates a PR like this: // class Smtp
+private function getCryptoMethod()
+{
+ return STREAM_CRYPTO_METHOD_TLS_CLIENT;
+}
+
+public function createTlsSocket($resource)
+{
+ return stream_socket_enable_crypto($resource, true, $this->getCryptoMethod());
+} This would actually break I see only two choises:
|
@Slamdunk Again, in that case, we'd see the addition of the new method during review, giving us time to consider its impact. It's not much different than changing the argument to Which brings me to what I feel is your most important point — that tests do not exist yet to verify that these calls are happening appropriately. This is the crux of the matter, and is not solved with just creating a static class method that you've tested; we need to test that the adapters are passing these flags. You can mock functions with tools like Mockery and/or by recreating the functions within the same namespace within which they are invoked in order to determine what arguments are passed. While these take some effort, they also ensure that no breaking changes are introduced later. |
Maybe I wasn't clear in my example.
By the way, I have to admit that I'm a bit confused: stated that I am a TDD-nazi, I feel like you are saying that a stronger and more defensive solution I am proposing isn't good, and that I have to changing it to make it weaker or I have to implement all the tests that this library is missing from the day it was created, and all this for a security issue that usually need to be merged as soon as possible, since PFS and GCM offered in TLSv1.2 is now negated. I would like to implement all the tests, but I can't in the next few days; likely not before mid june I'll be available for such a huge step. |
@Slamdunk — Regarding this:
This is simply not true: a pull request would be introducing a new method in the class, which would be noticeable. Moreover, it would only affect the one class, not every class composing the trait, which limits the impact to only consumers of that single adapter, should we choose to merge such a patch.
We're not saying that the solution you propose is not good, or proposing you make it weaker; we're proposing that you modify it to be more consistent with styles and approaches we use throughout the ZF project. What your patch has demonstrated is that we were missing tests, which was highlighted by the fact that making the changes you did did not result in any test breakage. The proper approach is to add those tests to ensure when a change like this occurs in the future, we can evaluate it properly for backwards compatibility impact. The approach you suggest has the benefit of being simpler to test. However, if somebody were to modify any of the calls to |
I've rewritten the PR to accomplish your wish. I have to note that I'm against this very implementation, and I've followed what you requested only because it's a right point to have project standards. About testing |
@Slamdunk thanks for your work! I think we can definitely improve the unit tests of zend-mail and a possible solution is the one that you suggested. I'll let you know if will be the case. |
- A number of entries had been accidentally added to the 2.7.3 release notes, when they were intended for 2.7.4. These have now been moved to 2.8.0, as no 2.7.4 release is planned. - Added a note for #144 to the changelog.
Since PHP 5.6.7 the constant
STREAM_CRYPTO_METHOD_TLS_CLIENT
doesn't refer to any TLS version, but only to TLS 1.0.As of yet every zend-mail users are forced to use TLS 1.0 version, and TLS 1.1 and TLS 1.2 are excluded.
We need to readd them manually.
I consider this a very urgent fix.