Closed LukasReschke closed 2 years ago
Quite some stuff to fix:
Humbug running test suite to generate logs and code coverage data...
Humbug has completed the initial test run successfully.
Tests: 25 Line Coverage: 98.67%
Humbug is analysing source files...
Mutation Testing is commencing on 1 files...
(.: killed, M: escaped, S: uncovered, E: fatal error, T: timed out)
M.M....................MMM...........................MM..T.. | 60 (0/1)
.....MM....
71 mutations were generated:
61 mutants were killed
0 mutants were not covered by tests
9 covered mutants were not detected
0 fatal errors were encountered
1 time outs were encountered
Metrics:
Mutation Score Indicator (MSI): 87%
Mutation Code Coverage: 100%
Covered Code MSI: 87%
Remember that some mutants will inevitably be harmless (i.e. false positives).
Time: 20.66 seconds Memory: 12.75MB
Humbug results are being logged as JSON to: humbuglog.json
Humbug results are being logged as TEXT to: humbuglog.txt
------
Escapes
------
1) \Humbug\Mutator\ConditionalBoundary\LessThan
Diff on \u2flib_server\U2F::__construct() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
public function __construct($appId, $attestDir = null) {
- if(OPENSSL_VERSION_NUMBER < 0x10000000) {
+ if(OPENSSL_VERSION_NUMBER <= 0x10000000) {
throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL);
}
$this->appId = $appId;
$this->attestDir = $attestDir;
}
2) \Humbug\Mutator\Number\IntegerValue
Diff on \u2flib_server\U2F::__construct() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
public function __construct($appId, $attestDir = null) {
- if(OPENSSL_VERSION_NUMBER < 0x10000000) {
+ if(OPENSSL_VERSION_NUMBER < 1) {
throw new Error('OpenSSL has to be at least version 1.0.0, this is ' . OPENSSL_VERSION_TEXT, ERR_OLD_OPENSSL);
}
$this->appId = $appId;
$this->attestDir = $attestDir;
}
3) \Humbug\Mutator\Number\IntegerValue
Diff on \u2flib_server\U2F::doRegister() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
$pemCert = "-----BEGIN CERTIFICATE-----\r\n";
- $pemCert .= chunk_split(base64_encode($rawCert), 64);
+ $pemCert .= chunk_split(base64_encode($rawCert), 65);
$pemCert .= "-----END CERTIFICATE-----";
if($includeCert) {
$registration->certificate = base64_encode($rawCert);
}
if($this->attestDir) {
if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
4) \Humbug\Mutator\Arithmetic\Subtraction
Diff on \u2flib_server\U2F::doRegister() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
if($this->attestDir) {
- if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
+ if(openssl_x509_checkpurpose($pemCert, +1, $this->get_certs()) !== true) {
throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION );
}
}
if(!openssl_pkey_get_public($pemCert)) {
throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
5) \Humbug\Mutator\Number\IntegerValue
Diff on \u2flib_server\U2F::doRegister() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
if($this->attestDir) {
- if(openssl_x509_checkpurpose($pemCert, -1, $this->get_certs()) !== true) {
+ if(openssl_x509_checkpurpose($pemCert, -0, $this->get_certs()) !== true) {
throw new Error('Attestation certificate can not be validated', ERR_ATTESTATION_VERIFICATION );
}
}
if(!openssl_pkey_get_public($pemCert)) {
throw new Error('Decoding of public key failed', ERR_PUBKEY_DECODE );
6) \Humbug\Mutator\Number\IntegerValue
Diff on \u2flib_server\U2F::doAuthenticate() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
if(openssl_verify($dataToVerify, $signature, $pemKey, 'sha256') === 1) {
- $ctr = unpack("Nctr", substr($signData, 1, 4));
+ $ctr = unpack("Nctr", substr($signData, 1, 5));
$counter = $ctr['ctr'];
/* TODO: wrap-around should be handled somehow.. */
if($counter > $reg->counter) {
$reg->counter = $counter;
return $reg;
} else {
7) \Humbug\Mutator\ConditionalBoundary\GreaterThan
Diff on \u2flib_server\U2F::doAuthenticate() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
/* TODO: wrap-around should be handled somehow.. */
- if($counter > $reg->counter) {
+ if($counter >= $reg->counter) {
$reg->counter = $counter;
return $reg;
} else {
throw new Error('Counter too low.', ERR_COUNTER_TOO_LOW );
}
} else {
8) \Humbug\Mutator\Number\IntegerValue
Diff on \u2flib_server\U2F::pubkey_to_pem() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
$pem = "-----BEGIN PUBLIC KEY-----\r\n";
- $pem .= chunk_split(base64_encode($der), 64);
+ $pem .= chunk_split(base64_encode($der), 65);
$pem .= "-----END PUBLIC KEY-----";
return $pem;
}
/**
9) \Humbug\Mutator\Number\IntegerValue
Diff on \u2flib_server\U2F::createChallenge() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
private static function createChallenge() {
- $challenge = openssl_random_pseudo_bytes(32, $crypto_strong );
+ $challenge = openssl_random_pseudo_bytes(33, $crypto_strong );
if( $crypto_strong !== true ) {
throw new Error('Unable to obtain a good source of randomness', ERR_BAD_RANDOM);
}
$challenge = U2F::base64u_encode( $challenge );
------
Timeouts
------
1) \Humbug\Mutator\Boolean\FalseValue
Diff on \u2flib_server\U2F::get_certs() in /home/lreschke/php-u2flib-server/src/u2flib_server/U2F.php:
--- Original
+++ New
@@ @@
if ($dir && $handle = opendir($dir)) {
- while(false !== ($entry = readdir($handle))) {
+ while(true !== ($entry = readdir($handle))) {
if(is_file("$dir/$entry")) {
$files[] = "$dir/$entry";
}
}
closedir($handle);
}
Thank you for the effort, but since the U2F API is now obsolete we're archiving this repository and ceasing maintenance of the library.
Ref https://github.com/padraic/humbug – I will see when I get time for this.