From 9d2e282772e609683aa1c5dbf9c47d3963082ce8 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 25 Mar 2017 09:17:04 +0100 Subject: [PATCH 01/17] removing unused function --- js/privatebin.js | 13 ------------- 1 file changed, 13 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index c55a0271..28e08e44 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -107,19 +107,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) { return [v, 'month']; } - /** - * checks if a string is valid text (and not onyl whitespace) - * - * @name Helper.isValidText - * @function - * @param {string} string - * @return {bool} - */ - me.isValidText = function(string) - { - return (string.length > 0 && $.trim(string) !== '') - } - /** * text range selection * From 2a19b42b15906cfbe9e3bb7a43bf14cac0c03625 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 25 Mar 2017 09:41:24 +0100 Subject: [PATCH 02/17] making I18n class testable, adding minimal test --- js/privatebin.js | 13 ++++++++++++- js/test.js | 24 +++++++++++++++++++++++- 2 files changed, 35 insertions(+), 2 deletions(-) diff --git a/js/privatebin.js b/js/privatebin.js index 28e08e44..74b2211e 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -538,6 +538,18 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) { }); } + /** + * resets state, used for unit testing + * + * @name I18n.reset + * @function + */ + me.reset = function() + { + language = null; + translations = {}; + } + return me; })(window, document); @@ -810,7 +822,6 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) { $cipherData = $templates = id = symmetricKey = null; } - /** * init navigation manager * diff --git a/js/test.js b/js/test.js index 2d5a544c..3999158a 100644 --- a/js/test.js +++ b/js/test.js @@ -270,7 +270,8 @@ describe('Helper', function () { cookieArray = [], count = 0; labels.forEach(function(item, i) { - var key = item.replace(/[\s;,=]/g, 'x'), + // deliberatly using a non-ascii key for replacing invalid characters + var key = item.replace(/[\s;,=]/g, '£'), value = (values[i] || values[0]).replace(/[\s;,=]/g, ''); cookieArray.push(key + '=' + value); if (Math.random() < 1 / i) @@ -325,6 +326,27 @@ describe('Helper', function () { }); }); +describe('I18n', function () { + describe('translate', function () { + before(function () { + $.PrivateBin.I18n.reset(); + }); + + jsc.property( + 'returns message ID unchanged if no translation found', + 'string', + function (messageId) { + var result = $.PrivateBin.I18n.translate(messageId); + $.PrivateBin.I18n.reset(); + var alias = $.PrivateBin.I18n._(messageId); + $.PrivateBin.I18n.reset(); + return messageId === result && + messageId === alias; + } + ); + }); +}); + describe('Model', function () { describe('getPasteId', function () { before(function () { From e15e86ac3f37beb90b3f7ca4aaf48f418f451434 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 25 Mar 2017 10:18:28 +0100 Subject: [PATCH 03/17] improving coverage of existing tests --- js/test.js | 66 ++++++++++++++++++++++++++++++++++++++++++++--- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 3 files changed, 65 insertions(+), 5 deletions(-) diff --git a/js/test.js b/js/test.js index 3999158a..b2e41073 100644 --- a/js/test.js +++ b/js/test.js @@ -271,7 +271,7 @@ describe('Helper', function () { count = 0; labels.forEach(function(item, i) { // deliberatly using a non-ascii key for replacing invalid characters - var key = item.replace(/[\s;,=]/g, '£'), + var key = item.replace(/[\s;,=]/g, Array(i+2).join('£')), value = (values[i] || values[0]).replace(/[\s;,=]/g, ''); cookieArray.push(key + '=' + value); if (Math.random() < 1 / i) @@ -340,8 +340,24 @@ describe('I18n', function () { $.PrivateBin.I18n.reset(); var alias = $.PrivateBin.I18n._(messageId); $.PrivateBin.I18n.reset(); - return messageId === result && - messageId === alias; + return messageId === result && messageId === alias; + } + ); + jsc.property( + 'replaces %s in strings with first given parameter', + 'string', + '(small nearray) string', + 'string', + function (prefix, params, postfix) { + var prefix = prefix.replace(/%(s|d)/g, '%%'), + postfix = postfix.replace(/%(s|d)/g, '%%'), + translation = prefix + params[0] + postfix; + params.unshift(prefix + '%s' + postfix); + var result = $.PrivateBin.I18n.translate.apply(this, params); + $.PrivateBin.I18n.reset(); + var alias = $.PrivateBin.I18n._.apply(this, params); + $.PrivateBin.I18n.reset(); + return translation === result && translation === alias; } ); }); @@ -371,6 +387,28 @@ describe('Model', function () { return queryString === result; } ); + jsc.property( + 'throws exception on empty query string', + jsc.nearray(jsc.elements(a2zString)), + jsc.nearray(jsc.elements(a2zString)), + 'string', + function (schema, address, fragment) { + var clean = jsdom('', { + url: schema.join('') + '://' + address.join('') + + '/#' + fragment + }), + result = false; + try { + $.PrivateBin.Model.getPasteId(); + } + catch(err) { + result = true; + } + $.PrivateBin.Model.reset(); + clean(); + return result; + } + ); }); describe('getPasteKey', function () { @@ -411,5 +449,27 @@ describe('Model', function () { return fragmentString === result; } ); + jsc.property( + 'throws exception on empty fragment of the URL', + jsc.nearray(jsc.elements(a2zString)), + jsc.nearray(jsc.elements(a2zString)), + jsc.array(jsc.elements(queryString)), + function (schema, address, query) { + var clean = jsdom('', { + url: schema.join('') + '://' + address.join('') + + '/?' + query.join('') + }), + result = false; + try { + $.PrivateBin.Model.getPasteKey(); + } + catch(err) { + result = true; + } + $.PrivateBin.Model.reset(); + clean(); + return result; + } + ); }); }); diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index 5381863b..d47e8235 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -69,7 +69,7 @@ if ($MARKDOWN): - + diff --git a/tpl/page.php b/tpl/page.php index 18d60e32..85cdf7cf 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -47,7 +47,7 @@ if ($MARKDOWN): - + From 145cfccfcb0f915309bc9bc7299af70c85b53727 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sat, 25 Mar 2017 10:47:12 +0100 Subject: [PATCH 04/17] corrections for rngState 82b19a3e7604cf825d --- js/test.js | 41 +++++++++++++++++++++++------------------ 1 file changed, 23 insertions(+), 18 deletions(-) diff --git a/js/test.js b/js/test.js index b2e41073..f328b51d 100644 --- a/js/test.js +++ b/js/test.js @@ -195,9 +195,10 @@ describe('Helper', function () { '(small nearray) string', 'string', function (prefix, params, postfix) { - var prefix = prefix.replace(/%(s|d)/g, '%%'), - postfix = postfix.replace(/%(s|d)/g, '%%'), - result = prefix + params[0] + postfix; + prefix = prefix.replace(/%(s|d)/g, '%%'); + params[0] = params[0].replace(/%(s|d)/g, '%%'); + postfix = postfix.replace(/%(s|d)/g, '%%'); + var result = prefix + params[0] + postfix; params.unshift(prefix + '%s' + postfix); return result === $.PrivateBin.Helper.sprintf.apply(this, params); } @@ -208,9 +209,9 @@ describe('Helper', function () { '(small nearray) nat', 'string', function (prefix, params, postfix) { - var prefix = prefix.replace(/%(s|d)/g, '%%'), - postfix = postfix.replace(/%(s|d)/g, '%%'), - result = prefix + params[0] + postfix; + prefix = prefix.replace(/%(s|d)/g, '%%'); + postfix = postfix.replace(/%(s|d)/g, '%%'); + var result = prefix + params[0] + postfix; params.unshift(prefix + '%d' + postfix); return result === $.PrivateBin.Helper.sprintf.apply(this, params); } @@ -221,9 +222,9 @@ describe('Helper', function () { '(small nearray) falsy', 'string', function (prefix, params, postfix) { - var prefix = prefix.replace(/%(s|d)/g, '%%'), - postfix = postfix.replace(/%(s|d)/g, '%%'), - result = prefix + '0' + postfix; + prefix = prefix.replace(/%(s|d)/g, '%%'); + postfix = postfix.replace(/%(s|d)/g, '%%'); + var result = prefix + '0' + postfix; params.unshift(prefix + '%d' + postfix); return result === $.PrivateBin.Helper.sprintf.apply(this, params) } @@ -236,9 +237,10 @@ describe('Helper', function () { 'string', 'string', function (prefix, uint, middle, string, postfix) { - var prefix = prefix.replace(/%(s|d)/g, '%%'), - postfix = postfix.replace(/%(s|d)/g, '%%'), - params = [prefix + '%d' + middle + '%s' + postfix, uint, string], + prefix = prefix.replace(/%(s|d)/g, '%%'); + middle = middle.replace(/%(s|d)/g, '%%'); + postfix = postfix.replace(/%(s|d)/g, '%%'); + var params = [prefix + '%d' + middle + '%s' + postfix, uint, string], result = prefix + uint + middle + string + postfix; return result === $.PrivateBin.Helper.sprintf.apply(this, params); } @@ -251,9 +253,10 @@ describe('Helper', function () { 'string', 'string', function (prefix, uint, middle, string, postfix) { - var prefix = prefix.replace(/%(s|d)/g, '%%'), - postfix = postfix.replace(/%(s|d)/g, '%%'), - params = [prefix + '%s' + middle + '%d' + postfix, string, uint], + prefix = prefix.replace(/%(s|d)/g, '%%'); + middle = middle.replace(/%(s|d)/g, '%%'); + postfix = postfix.replace(/%(s|d)/g, '%%'); + var params = [prefix + '%s' + middle + '%d' + postfix, string, uint], result = prefix + string + middle + uint + postfix; return result === $.PrivateBin.Helper.sprintf.apply(this, params); } @@ -336,6 +339,7 @@ describe('I18n', function () { 'returns message ID unchanged if no translation found', 'string', function (messageId) { + messageId = messageId.replace(/%(s|d)/g, '%%'); var result = $.PrivateBin.I18n.translate(messageId); $.PrivateBin.I18n.reset(); var alias = $.PrivateBin.I18n._(messageId); @@ -349,9 +353,10 @@ describe('I18n', function () { '(small nearray) string', 'string', function (prefix, params, postfix) { - var prefix = prefix.replace(/%(s|d)/g, '%%'), - postfix = postfix.replace(/%(s|d)/g, '%%'), - translation = prefix + params[0] + postfix; + prefix = prefix.replace(/%(s|d)/g, '%%'); + params[0] = params[0].replace(/%(s|d)/g, '%%'); + postfix = postfix.replace(/%(s|d)/g, '%%'); + var translation = prefix + params[0] + postfix; params.unshift(prefix + '%s' + postfix); var result = $.PrivateBin.I18n.translate.apply(this, params); $.PrivateBin.I18n.reset(); From e1ea14627f8a4dafba4e6db5023b991d0ef6c89c Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 26 Mar 2017 06:47:57 +0200 Subject: [PATCH 05/17] handling JSVerify RNG state 88caf85079d32e416b --- js/test.js | 2 +- tst/README.md | 69 ++++++++++++++++++++++++++++++++++++++++++++++++--- 2 files changed, 66 insertions(+), 5 deletions(-) diff --git a/js/test.js b/js/test.js index f328b51d..6f193f1d 100644 --- a/js/test.js +++ b/js/test.js @@ -277,7 +277,7 @@ describe('Helper', function () { var key = item.replace(/[\s;,=]/g, Array(i+2).join('£')), value = (values[i] || values[0]).replace(/[\s;,=]/g, ''); cookieArray.push(key + '=' + value); - if (Math.random() < 1 / i) + if (Math.random() < 1 / i || selectedKey === key) { selectedKey = key; selectedValue = value; diff --git a/tst/README.md b/tst/README.md index 76e69ee1..e11bc495 100644 --- a/tst/README.md +++ b/tst/README.md @@ -2,7 +2,7 @@ Running PHP unit tests ====================== In order to run these tests, you will need to install the following packages -and its dependencies: +and their dependencies: * phpunit * php-gd * php-sqlite3 @@ -13,12 +13,30 @@ Example for Debian and Ubuntu: $ sudo apt install phpunit php-gd php-sqlite php-xdebug ``` -To run the tests, just change into this directory and run phpunit: +To run the tests, change into the `tst` directory and run phpunit: ```console $ cd PrivateBin/tst $ phpunit ``` +Additionally there is the `ConfigurationTestGenerator`. Based on the +configurations defined in its constructor, it generates the unit test file +`tst/ConfigurationCombinationsTest.php`, containing all possible combinations +of these configurations and tests for (most of the) valid combinations. Some of +combinations can't be tested with this method, i.e. a valid option combined with +an invalid one. Other very specific test cases (i.e. to trigger multiple errors) +are covered in `tst/PrivateBinTest.php`. Here is how to generate the +configuration test and run it: + +```console +$ cd PrivateBin/tst +$ php ConfigurationTestGenerator.php +$ phpunit ConfigurationCombinationsTest.php +``` + +Note that it can take an hour or longer to run the several thousand tests. + + Running JavaScript unit tests ============================= @@ -36,8 +54,8 @@ $ cd PrivateBin/js $ npm install jsverify jsdom jsdom-global ``` -Example for Debian and Ubuntu, including steps to allow current user to install -node modules globally: +Example for Debian and Ubuntu, including steps to allow the current user to +install node modules globally: ```console $ sudo apt install npm $ sudo mkdir /usr/local/lib/node_modules @@ -54,3 +72,46 @@ $ cd PrivateBin/js $ istanbul cover _mocha ``` +Property based unit testing +--------------------------- + +In the JavaScript unit tests we use the JSVerify library to leverage property +based unit testing. Instead of artificially creating specific test cases to +cover all relevant paths of the tested code (with the generated coverage reports +providing means to check the tested paths), property based testing allows us to +describe the patterns of data that are valid input. + +With each run of the tests, for each `jsc.property` 100 random inputs are +generated and tested. For example we tell the test to generate random strings, +which will include empty strings, numeric strings, long strings, unicode +sequences, etc. This is great for finding corner cases that one might not think +of when explicitly writing one test case at a time. + +There is another benefit, too: When an error is found, JSVerify will try to find +the smallest, still failing test case for you and print this out including the +associated random number generator (RNG) state, so you can reproduce it easily: + +```console +[...] + + 30 passing (3s) + 1 failing + + 1) Helper getCookie returns the requested cookie: + Error: Failed after 30 tests and 11 shrinks. rngState: 88caf85079d32e416b; Counterexample: ["{", "9", "9", "YD8%fT"]; [" ", "_|K:"]; + +[...] +``` + +Of course it may just be that you need to adjust a test case if the random +pattern generated is ambiguous. In the above example the cookie string would +contain two identical keys "9", something that may not be valid, but that our +code could encounter and needs to be able to handle. + +After you adjusted the code of the library or the test you can rerun the test +with the same RNG state as follows: + +```console +$ istanbul cover _mocha -- test.js --jsverifyRngState 88caf85079d32e416b +``` + From 37f5d99bc4d2d4853a4f134ff2cd85825d9f0a41 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 26 Mar 2017 09:24:42 +0200 Subject: [PATCH 06/17] finalizing tests for I18n class, AJAX loading of translations needs to be tested in browser, mocked for now --- .gitignore | 1 + js/privatebin.js | 10 +++---- js/test.js | 76 ++++++++++++++++++++++++++++++++++++++++++++--- tpl/bootstrap.php | 2 +- tpl/page.php | 2 +- 5 files changed, 80 insertions(+), 11 deletions(-) diff --git a/.gitignore b/.gitignore index a752f8cc..c17e3b4a 100644 --- a/.gitignore +++ b/.gitignore @@ -30,6 +30,7 @@ vendor/**/build_phar.php # Ignore local node modules, unit testing logs, api docs and eclipse project files js/node_modules/ +js/test.log tst/log/ tst/ConfigurationCombinationsTest.php .settings diff --git a/js/privatebin.js b/js/privatebin.js index 17b4457d..8cf76831 100644 --- a/js/privatebin.js +++ b/js/privatebin.js @@ -306,7 +306,7 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) { * @param {object} document * @class */ - var I18n = (function (window, document) { + var I18n = (function () { var me = {}; /** @@ -544,14 +544,14 @@ jQuery.PrivateBin = function($, sjcl, Base64, RawDeflate) { * @name I18n.reset * @function */ - me.reset = function() + me.reset = function(mockLanguage, mockTranslations) { - language = null; - translations = {}; + language = mockLanguage || null; + translations = mockTranslations || {}; } return me; - })(window, document); + })(); /** * handles everything related to en/decryption diff --git a/js/test.js b/js/test.js index 6f193f1d..462d6ff1 100644 --- a/js/test.js +++ b/js/test.js @@ -13,7 +13,9 @@ var jsc = require('jsverify'), }) ), // schemas supported by the whatwg-url library - schemas = ['ftp','gopher','http','https','ws','wss']; + schemas = ['ftp','gopher','http','https','ws','wss'], + supportedLanguages = ['de', 'es', 'fr', 'it', 'no', 'pl', 'pt', 'oc', 'ru', 'sl', 'zh'], + logFile = require('fs').createWriteStream('test.log'); global.$ = global.jQuery = require('./jquery-3.1.1'); global.sjcl = require('./sjcl-1.0.6'); @@ -22,6 +24,11 @@ global.RawDeflate = require('./rawdeflate-0.5'); require('./rawinflate-0.3'); require('./privatebin'); +// redirect console messages to log file +console.warn = console.error = function (msg) { + logFile.write(msg + '\n'); +} + describe('Helper', function () { describe('secondsToHuman', function () { after(function () { @@ -339,12 +346,30 @@ describe('I18n', function () { 'returns message ID unchanged if no translation found', 'string', function (messageId) { - messageId = messageId.replace(/%(s|d)/g, '%%'); - var result = $.PrivateBin.I18n.translate(messageId); + messageId = messageId.replace(/%(s|d)/g, '%%'); + var plurals = [messageId, messageId + 's'], + fake = [messageId], + result = $.PrivateBin.I18n.translate(messageId); $.PrivateBin.I18n.reset(); + var alias = $.PrivateBin.I18n._(messageId); $.PrivateBin.I18n.reset(); - return messageId === result && messageId === alias; + + var p_result = $.PrivateBin.I18n.translate(plurals); + $.PrivateBin.I18n.reset(); + + var p_alias = $.PrivateBin.I18n._(plurals); + $.PrivateBin.I18n.reset(); + + var f_result = $.PrivateBin.I18n.translate(fake); + $.PrivateBin.I18n.reset(); + + var f_alias = $.PrivateBin.I18n._(fake); + $.PrivateBin.I18n.reset(); + + return messageId === result && messageId === alias && + messageId === p_result && messageId === p_alias && + messageId === f_result && messageId === f_alias; } ); jsc.property( @@ -366,6 +391,49 @@ describe('I18n', function () { } ); }); + + describe('getPluralForm', function () { + before(function () { + $.PrivateBin.I18n.reset(); + }); + + jsc.property( + 'returns valid key for plural form', + jsc.elements(supportedLanguages), + 'integer', + function(language, n) { + $.PrivateBin.I18n.reset(language); + var result = $.PrivateBin.I18n.getPluralForm(n); + // arabic seems to have the highest plural count with 6 forms + return result >= 0 && result <= 5; + } + ); + }); + + // loading of JSON via AJAX needs to be tested in the browser, this just mocks it + // TODO: This needs to be tested using a browser. + describe('loadTranslations', function () { + before(function () { + $.PrivateBin.I18n.reset(); + }); + + jsc.property( + 'downloads and handles any supported language', + jsc.elements(supportedLanguages), + function(language) { + var clean = jsdom('', {url: 'https://privatebin.net/', cookie: ['lang=' + language]}); + + $.PrivateBin.I18n.reset('en'); + $.PrivateBin.I18n.loadTranslations(); + $.PrivateBin.I18n.reset(language, require('../i18n/' + language + '.json')); + var result = $.PrivateBin.I18n.translate('en'), + alias = $.PrivateBin.I18n._('en'); + + clean(); + return language === result && language === alias; + } + ); + }); }); describe('Model', function () { diff --git a/tpl/bootstrap.php b/tpl/bootstrap.php index c55a766f..6fc01bd1 100644 --- a/tpl/bootstrap.php +++ b/tpl/bootstrap.php @@ -69,7 +69,7 @@ if ($MARKDOWN): - + diff --git a/tpl/page.php b/tpl/page.php index 6316a182..46b8df14 100644 --- a/tpl/page.php +++ b/tpl/page.php @@ -47,7 +47,7 @@ if ($MARKDOWN): - + From cdb62b44c768616f31d81228e51082eb650480af Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 26 Mar 2017 11:34:19 +0200 Subject: [PATCH 07/17] basic tests for CryptTool classes encryption and compression functions --- js/test.js | 31 ++++++++++++++++++++++++++++--- 1 file changed, 28 insertions(+), 3 deletions(-) diff --git a/js/test.js b/js/test.js index 462d6ff1..5625710f 100644 --- a/js/test.js +++ b/js/test.js @@ -2,6 +2,9 @@ var jsc = require('jsverify'), jsdom = require('jsdom-global'), cleanup = jsdom(), + base64lib = require('./base64-2.1.9'), + rawdeflatelib = require('./rawdeflate-0.5'), + rawinflatelib = require('./rawinflate-0.3'), a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m', 'n','o','p','q','r','s','t','u','v','w','x','y','z'], @@ -19,9 +22,9 @@ var jsc = require('jsverify'), global.$ = global.jQuery = require('./jquery-3.1.1'); global.sjcl = require('./sjcl-1.0.6'); -global.Base64 = require('./base64-2.1.9'); -global.RawDeflate = require('./rawdeflate-0.5'); -require('./rawinflate-0.3'); +global.Base64 = base64lib.Base64; +global.RawDeflate = rawdeflatelib.RawDeflate; +global.RawDeflate.inflate = rawinflatelib.RawDeflate.inflate; require('./privatebin'); // redirect console messages to log file @@ -436,6 +439,28 @@ describe('I18n', function () { }); }); +describe('CryptTool', function () { + describe('cipher & decipher', function () { + this.timeout(20000); + it('can en- and decrypt any message', function () { + jsc.check(jsc.forall( + 'string', + 'string', + 'string', + function (key, password, message) { + return message === $.PrivateBin.CryptTool.decipher( + key, + password, + $.PrivateBin.CryptTool.cipher(key, password, message) + ); + } + ), + // reducing amount of checks as running 100 takes about 5 minutes + {tests: 5, quiet: true}); + }); + }); +}); + describe('Model', function () { describe('getPasteId', function () { before(function () { From 3cf005c8ae3f2e73360a953c25bc2a7b762c7a99 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Sun, 26 Mar 2017 16:16:15 +0200 Subject: [PATCH 08/17] added test with hardcoded v1 pastes to ensure decryption of the original paste format still works, even when the format is changed in the future --- js/test.js | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) diff --git a/js/test.js b/js/test.js index 5625710f..c355be82 100644 --- a/js/test.js +++ b/js/test.js @@ -458,6 +458,27 @@ describe('CryptTool', function () { // reducing amount of checks as running 100 takes about 5 minutes {tests: 5, quiet: true}); }); + + // The below static unit test is included to ensure deciphering of "classic" + // SJCL based pastes still works + it('supports v1 ciphertext (SJCL)', function () { + // Of course you can easily decipher the following texts, if you like. + // Bonus points for finding their sources and hidden meanings. + var paste1 = $.PrivateBin.CryptTool.decipher( + '6t2qsmLyfXIokNCL+3/yl15rfTUBQvm5SOnFPvNE7Q8=', + // -- "That's amazing. I've got the same combination on my luggage." + Array.apply(0, Array(6)).map(function(_,b) { return b + 1; }).join(''), + '{"iv":"4HNFIl7eYbCh6HuShctTIA==","v":1,"iter":10000,"ks":256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","salt":"u0lQvePq6L0=","ct":"fGPUVrDyaVr1ZDGb+kqQ3CPEW8x4YKGfzHDmA0Vjkh250aWNe7Cnigkps9aaFVMX9AaerrTp3yZbojJtNqVGMfLdUTu+53xmZHqRKxCCqSfDNSNoW4Oxk5OVgAtRyuG4bXHDsWTXDNz2xceqzVFqhkwTwlUchrV7uuFK/XUKTNjPFM744moivIcBbfM2FOeKlIFs8RYPYuvqQhp2rMLlNGwwKh//4kykQsHMQDeSDuJl8stMQzgWR/btUBZuwNZEydkMH6IPpTdf5WTSrZ+wC2OK0GutCm4UaEe6txzaTMfu+WRVu4PN6q+N+2zljWJ1XdpVcN/i0Sv4QVMym0Xa6y0eccEhj/69o47PmExmMMeEwExImPalMNT9JUSiZdOZJ/GdzwrwoIuq1mdQR6vSH+XJ/8jXJQ7bjjJVJYXTcT0Di5jixArI2Kpp1GGlGVFbLgPugwU1wczg+byqeDOAECXRRnQcogeaJtVcRwXwfy4j3ORFcblYMilxyHqKBewcYPRVBGtBs50cVjSIkAfR84rnc1nfvnxK/Gmm+4VBNHI6ODWNpRolVMCzXjbKYnV3Are5AgSpsTqaGl41VJGpcco6cAwi4K0Bys1seKR+bLSdUgqRrkEqSRSdu3/VTu9HhEk8an0rjTE4CBB5/LMn16p0TGLoOb32odKFIEtpanVvLjeyiVMvSxcgYLNnTi/5FiaAC4pJxRD+AZHedU1FICUeEXxIcac/4E5qjkHjX9SpQtLl80QLIVnjNliZm7QLB/nKu7W8Jb0+/CiTdV3Q9LhxlH4ciprnX+W0B00BKYFHnL9jRVzKdXhf1EHydbXMAfpCjHAXIVCkFakJinQBDIIw/SC6Yig0u0ddEID2B7LYAP1iE4RZwzTrxCB+ke2jQr8c20Jj6u6ShFOPC9DCw9XupZ4HAalVG00kSgjus+b8zrVji3/LKEhb4EBzp1ctBJCFTeXwej8ZETLoXTylev5dlwZSYAbuBPPcbFR/xAIPx3uDabd1E1gTqUc68ICIGhd197Mb2eRWiSvHr5SPsASerMxId6XA6+iQlRiI+NDR+TGVNmCnfxSlyPFMOHGTmslXOGIqGfBR8l4ft8YVZ70lCwmwTuViGc75ULSf9mM57/LmRzQFMYQtvI8IFK9JaQEMY5xz0HLtR4iyQUUdwR9e0ytBNdWF2a2WPDEnJuY/QJo4GzTlgv4QUxMXI5htsn2rf0HxCFu7Po8DNYLxTS+67hYjDIYWYaEIc8LXWMLyDm9C5fARPJ4F2BIWgzgzkNj+dVjusft2XnziamWdbS5u3kuRlVuz5LQj+R5imnqQAincdZTkTT1nYx+DatlOLllCYIHffpI="}' + ), + paste2 = $.PrivateBin.CryptTool.decipher( + 's9pmKZKOBN7EVvHpTA8jjLFH3Xlz/0l8lB4+ONPACrM=', + '', // no password + '{"iv":"WA42mdxIVXUwBqZu7JYNiw==","v":1,"iter":10000,"ks":256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","salt":"jN6CjbQMJCM=","ct":"kYYMo5DFG1+w0UHiYXT5pdV0IUuXxzOlslkW/c3DRCbGFROCVkAskHce7HoRczee1N9c5MhHjVMJUIZE02qIS8UyHdJ/GqcPVidTUcj9rnDNWsTXkjVv8jCwHS/cwmAjDTWpwp5ThECN+ov/wNp/NdtTj8Qj7f/T3rfZIOCWfwLH9s4Des35UNcUidfPTNQ1l0Gm0X+r98CCUSYZjQxkZc6hRZBLPQ8EaNVooUwd5eP4GiYlmSDNA0wOSA+5isPYxomVCt+kFf58VBlNhpfNi7BLYAUTPpXT4SfH5drR9+C7NTeZ+tTCYjbU94PzYItOpu8vgnB1/a6BAM5h3m9w+giUb0df4hgTWeZnZxLjo5BN8WV+kdTXMj3/Vv0gw0DQrDcCuX/cBAjpy3lQGwlAN1vXoOIyZJUjMpQRrOLdKvLB+zcmVNtGDbgnfP2IYBzk9NtodpUa27ne0T0ZpwOPlVwevsIVZO224WLa+iQmmHOWDFFpVDlS0t0fLfOk7Hcb2xFsTxiCIiyKMho/IME1Du3X4e6BVa3hobSSZv0rRtNgY1KcyYPrUPW2fxZ+oik3y9SgGvb7XpjVIta8DWlDWRfZ9kzoweWEYqz9IA8Xd373RefpyuWI25zlHoX3nwljzsZU6dC//h/Dt2DNr+IAvKO3+u23cWoB9kgcZJ2FJuqjLvVfCF+OWcig7zs2pTYJW6Rg6lqbBCxiUUlae6xJrjfv0pzD2VYCLY7v1bVTagppwKzNI3WaluCOrdDYUCxUSe56yd1oAoLPRVbYvomRboUO6cjQhEknERyvt45og2kORJOEJayHW+jZgR0Y0jM3Nk17ubpij2gHxNx9kiLDOiCGSV5mn9mV7qd3HHcOMSykiBgbyzjobi96LT2dIGLeDXTIdPOog8wyobO4jWq0GGs0vBB8oSYXhHvixZLcSjX2KQuHmEoWzmJcr3DavdoXZmAurGWLKjzEdJc5dSD/eNr99gjHX7wphJ6umKMM+fn6PcbYJkhDh2GlJL5COXjXfm/5aj/vuyaRRWZMZtmnYpGAtAPg7AUG"}' + ); + if (!paste1.includes('securely packed in iron') || !paste2.includes('Sol is right')) { + throw Error('v1 (SJCL based) pastes could not be deciphered'); + } + }); }); }); From 2d4c75be8519ccad916f1acc0f43f37ecb716df0 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Tue, 4 Apr 2017 07:43:41 +0200 Subject: [PATCH 09/17] added tests for entropy checks and key generation, added base64 experiment, showing we could replace Base64.js v2.1.9 with other options, but still need to find a way to handle v1.7 format and UTF16 to UTF8 conversion (btou / utob functions) --- js/test.js | 74 +++++++++++++++++++++++++++++++++++++++++++----------- 1 file changed, 60 insertions(+), 14 deletions(-) diff --git a/js/test.js b/js/test.js index c355be82..3f035088 100644 --- a/js/test.js +++ b/js/test.js @@ -2,9 +2,6 @@ var jsc = require('jsverify'), jsdom = require('jsdom-global'), cleanup = jsdom(), - base64lib = require('./base64-2.1.9'), - rawdeflatelib = require('./rawdeflate-0.5'), - rawinflatelib = require('./rawinflate-0.3'), a2zString = ['a','b','c','d','e','f','g','h','i','j','k','l','m', 'n','o','p','q','r','s','t','u','v','w','x','y','z'], @@ -22,9 +19,9 @@ var jsc = require('jsverify'), global.$ = global.jQuery = require('./jquery-3.1.1'); global.sjcl = require('./sjcl-1.0.6'); -global.Base64 = base64lib.Base64; -global.RawDeflate = rawdeflatelib.RawDeflate; -global.RawDeflate.inflate = rawinflatelib.RawDeflate.inflate; +global.Base64 = require('./base64-2.1.9').Base64; +global.RawDeflate = require('./rawdeflate-0.5').RawDeflate; +global.RawDeflate.inflate = require('./rawinflate-0.3').RawDeflate.inflate; require('./privatebin'); // redirect console messages to log file @@ -441,7 +438,7 @@ describe('I18n', function () { describe('CryptTool', function () { describe('cipher & decipher', function () { - this.timeout(20000); + this.timeout(30000); it('can en- and decrypt any message', function () { jsc.check(jsc.forall( 'string', @@ -461,10 +458,12 @@ describe('CryptTool', function () { // The below static unit test is included to ensure deciphering of "classic" // SJCL based pastes still works - it('supports v1 ciphertext (SJCL)', function () { - // Of course you can easily decipher the following texts, if you like. - // Bonus points for finding their sources and hidden meanings. - var paste1 = $.PrivateBin.CryptTool.decipher( + it( + 'supports v1 ciphertext (SJCL)', + function () { + // Of course you can easily decipher the following texts, if you like. + // Bonus points for finding their sources and hidden meanings. + var paste1 = $.PrivateBin.CryptTool.decipher( '6t2qsmLyfXIokNCL+3/yl15rfTUBQvm5SOnFPvNE7Q8=', // -- "That's amazing. I've got the same combination on my luggage." Array.apply(0, Array(6)).map(function(_,b) { return b + 1; }).join(''), @@ -475,10 +474,57 @@ describe('CryptTool', function () { '', // no password '{"iv":"WA42mdxIVXUwBqZu7JYNiw==","v":1,"iter":10000,"ks":256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","salt":"jN6CjbQMJCM=","ct":"kYYMo5DFG1+w0UHiYXT5pdV0IUuXxzOlslkW/c3DRCbGFROCVkAskHce7HoRczee1N9c5MhHjVMJUIZE02qIS8UyHdJ/GqcPVidTUcj9rnDNWsTXkjVv8jCwHS/cwmAjDTWpwp5ThECN+ov/wNp/NdtTj8Qj7f/T3rfZIOCWfwLH9s4Des35UNcUidfPTNQ1l0Gm0X+r98CCUSYZjQxkZc6hRZBLPQ8EaNVooUwd5eP4GiYlmSDNA0wOSA+5isPYxomVCt+kFf58VBlNhpfNi7BLYAUTPpXT4SfH5drR9+C7NTeZ+tTCYjbU94PzYItOpu8vgnB1/a6BAM5h3m9w+giUb0df4hgTWeZnZxLjo5BN8WV+kdTXMj3/Vv0gw0DQrDcCuX/cBAjpy3lQGwlAN1vXoOIyZJUjMpQRrOLdKvLB+zcmVNtGDbgnfP2IYBzk9NtodpUa27ne0T0ZpwOPlVwevsIVZO224WLa+iQmmHOWDFFpVDlS0t0fLfOk7Hcb2xFsTxiCIiyKMho/IME1Du3X4e6BVa3hobSSZv0rRtNgY1KcyYPrUPW2fxZ+oik3y9SgGvb7XpjVIta8DWlDWRfZ9kzoweWEYqz9IA8Xd373RefpyuWI25zlHoX3nwljzsZU6dC//h/Dt2DNr+IAvKO3+u23cWoB9kgcZJ2FJuqjLvVfCF+OWcig7zs2pTYJW6Rg6lqbBCxiUUlae6xJrjfv0pzD2VYCLY7v1bVTagppwKzNI3WaluCOrdDYUCxUSe56yd1oAoLPRVbYvomRboUO6cjQhEknERyvt45og2kORJOEJayHW+jZgR0Y0jM3Nk17ubpij2gHxNx9kiLDOiCGSV5mn9mV7qd3HHcOMSykiBgbyzjobi96LT2dIGLeDXTIdPOog8wyobO4jWq0GGs0vBB8oSYXhHvixZLcSjX2KQuHmEoWzmJcr3DavdoXZmAurGWLKjzEdJc5dSD/eNr99gjHX7wphJ6umKMM+fn6PcbYJkhDh2GlJL5COXjXfm/5aj/vuyaRRWZMZtmnYpGAtAPg7AUG"}' ); - if (!paste1.includes('securely packed in iron') || !paste2.includes('Sol is right')) { - throw Error('v1 (SJCL based) pastes could not be deciphered'); + if (!paste1.includes('securely packed in iron') || !paste2.includes('Sol is right')) { + throw Error('v1 (SJCL based) pastes could not be deciphered'); + } } - }); + ); + }); + + describe('isEntropyReady & addEntropySeedListener', function () { + it( + 'lets us know that enough entropy is collected or make us wait for it', + function(done) { + if ($.PrivateBin.CryptTool.isEntropyReady()) { + done(); + } else { + $.PrivateBin.CryptTool.addEntropySeedListener(function() { + done(); + }); + } + } + ); + }); + + describe('getSymmetricKey', function () { + var keys = []; + + // the parameter is used to ensure the test is run more then one time + jsc.property( + 'returns random, non-empty keys', + 'nat', + function(n) { + var key = $.PrivateBin.CryptTool.getSymmetricKey(), + result = (key !== '' && keys.indexOf(key) === -1); + keys.push(key); + return result; + } + ); + }); + + describe('Base64.js vs SJCL.js vs abab.js', function () { + var btoa = require('abab').btoa; + + jsc.property( + 'these all return the same base64 string', + 'string', + function(string) { + var base64 = Base64.toBase64(string), + sjcl = global.sjcl.codec.base64.fromBits(global.sjcl.codec.utf8String.toBits(string)), + abab = btoa(Base64.utob(string)); + return base64 === sjcl && sjcl === abab; + } + ); }); }); From 8f6c1ee079c973b3f9c058fdd79cc80d6e64c574 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 5 Apr 2017 06:46:21 +0200 Subject: [PATCH 10/17] added a check for the ZeroBin paste format (uses Base64.js v1.7) --- js/test.js | 39 +++++++++++++++++++++++++++++++++++++-- 1 file changed, 37 insertions(+), 2 deletions(-) diff --git a/js/test.js b/js/test.js index 3f035088..88dcf58e 100644 --- a/js/test.js +++ b/js/test.js @@ -456,10 +456,10 @@ describe('CryptTool', function () { {tests: 5, quiet: true}); }); - // The below static unit test is included to ensure deciphering of "classic" + // The below static unit tests are included to ensure deciphering of "classic" // SJCL based pastes still works it( - 'supports v1 ciphertext (SJCL)', + 'supports PrivateBin v1 ciphertext (SJCL & Base64 2.1.9)', function () { // Of course you can easily decipher the following texts, if you like. // Bonus points for finding their sources and hidden meanings. @@ -474,6 +474,40 @@ describe('CryptTool', function () { '', // no password '{"iv":"WA42mdxIVXUwBqZu7JYNiw==","v":1,"iter":10000,"ks":256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","salt":"jN6CjbQMJCM=","ct":"kYYMo5DFG1+w0UHiYXT5pdV0IUuXxzOlslkW/c3DRCbGFROCVkAskHce7HoRczee1N9c5MhHjVMJUIZE02qIS8UyHdJ/GqcPVidTUcj9rnDNWsTXkjVv8jCwHS/cwmAjDTWpwp5ThECN+ov/wNp/NdtTj8Qj7f/T3rfZIOCWfwLH9s4Des35UNcUidfPTNQ1l0Gm0X+r98CCUSYZjQxkZc6hRZBLPQ8EaNVooUwd5eP4GiYlmSDNA0wOSA+5isPYxomVCt+kFf58VBlNhpfNi7BLYAUTPpXT4SfH5drR9+C7NTeZ+tTCYjbU94PzYItOpu8vgnB1/a6BAM5h3m9w+giUb0df4hgTWeZnZxLjo5BN8WV+kdTXMj3/Vv0gw0DQrDcCuX/cBAjpy3lQGwlAN1vXoOIyZJUjMpQRrOLdKvLB+zcmVNtGDbgnfP2IYBzk9NtodpUa27ne0T0ZpwOPlVwevsIVZO224WLa+iQmmHOWDFFpVDlS0t0fLfOk7Hcb2xFsTxiCIiyKMho/IME1Du3X4e6BVa3hobSSZv0rRtNgY1KcyYPrUPW2fxZ+oik3y9SgGvb7XpjVIta8DWlDWRfZ9kzoweWEYqz9IA8Xd373RefpyuWI25zlHoX3nwljzsZU6dC//h/Dt2DNr+IAvKO3+u23cWoB9kgcZJ2FJuqjLvVfCF+OWcig7zs2pTYJW6Rg6lqbBCxiUUlae6xJrjfv0pzD2VYCLY7v1bVTagppwKzNI3WaluCOrdDYUCxUSe56yd1oAoLPRVbYvomRboUO6cjQhEknERyvt45og2kORJOEJayHW+jZgR0Y0jM3Nk17ubpij2gHxNx9kiLDOiCGSV5mn9mV7qd3HHcOMSykiBgbyzjobi96LT2dIGLeDXTIdPOog8wyobO4jWq0GGs0vBB8oSYXhHvixZLcSjX2KQuHmEoWzmJcr3DavdoXZmAurGWLKjzEdJc5dSD/eNr99gjHX7wphJ6umKMM+fn6PcbYJkhDh2GlJL5COXjXfm/5aj/vuyaRRWZMZtmnYpGAtAPg7AUG"}' ); + + if (!paste1.includes('securely packed in iron') || !paste2.includes('Sol is right')) { + throw Error('v1 (SJCL based) pastes could not be deciphered'); + } + } + ); + + it( + 'supports ZeroBin ciphertext (SJCL & Base64 1.7)', + function () { + var newBase64 = global.Base64; + global.Base64 = require('./base64-1.7').Base64; + jsdom(); + delete require.cache[require.resolve('./privatebin')]; + require('./privatebin'); + + // Of course you can easily decipher the following texts, if you like. + // Bonus points for finding their sources and hidden meanings. + var paste1 = $.PrivateBin.CryptTool.decipher( + '6t2qsmLyfXIokNCL+3/yl15rfTUBQvm5SOnFPvNE7Q8=', + // -- "That's amazing. I've got the same combination on my luggage." + Array.apply(0, Array(6)).map(function(_,b) { return b + 1; }).join(''), + '{"iv":"aTnR2qBL1CAmLX8FdWe3VA==","v":1,"iter":10000,"ks":256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","salt":"u0lQvePq6L0=","ct":"A3nBTvICZtYy6xqbIJE0c8Veored5lMJUGgGUm4581wjrPFlU0Q0tUZSf+RUUoZj2jqDa4kiyyZ5YNMe30hNMV0oVSalNhRgD9svVMnPuF162IbyhVCwr7ULjT981CHxVlGNqGqmIU6L/XixgdArxAA8x1GCrfAkBWWGeq8Qw5vJPG/RCHpwR4Wy3azrluqeyERBzmaOQjO/kM35TiI6IrLYFyYyL7upYlxAaxS0XBMZvN8QU8Lnerwvh5JVC6OkkKrhogajTJIKozCF79yI78c50LUh7tTuI3Yoh7+fXxhoODvQdYFmoiUlrutN7Y5ZMRdITvVu8fTYtX9c7Fiufmcq5icEimiHp2g1bvfpOaGOsFT+XNFgC9215jcp5mpBdN852xs7bUtw+nDrf+LsDEX6iRpRZ+PYgLDN5xQT1ByEtYbeP+tO38pnx72oZdIB3cj8UkOxnxdNiZM5YB5egn4jUj1fHot1I69WoTiUJipZ5PIATv7ScymRB+AYzjxjurQ9lVfX9QtAbEH2dhdmoUo3IDRSXpWNCe9RC1aUIyWfZO7oI7FEohNscHNTLEcT+wFnFUPByLlXmjNZ7FKeNpvUm3jTY4t4sbZH8o2dUl624PAw1INcJ6FKqWGWwoFT2j1MYC+YV/LkLTdjuWfayvwLMh27G/FfKCRbW36vqinegqpPDylsx9+3oFkEw3y5Z8+44oN91rE/4Md7JhPJeRVlFC9TNCj4dA+EVhbbQqscvSnIH2uHkMw7mNNo7xba/YT9KoPDaniqnYqb+q2pX1WNWE7dLS2wfroMAS3kh8P22DAV37AeiNoD2PcI6ZcHbRdPa+XRrRcJhSPPW7UQ0z4OvBfjdu/w390QxAxSxvZewoh49fKKB6hTsRnZb4tpHkjlww=="}' + ), + paste2 = $.PrivateBin.CryptTool.decipher( + 's9pmKZKOBN7EVvHpTA8jjLFH3Xlz/0l8lB4+ONPACrM=', + '', // no password + '{"iv":"Z7lAZQbkrqGMvruxoSm6Pw==","v":1,"iter":10000,"ks":256,"ts":128,"mode":"gcm","adata":"","cipher":"aes","salt":"jN6CjbQMJCM=","ct":"PuOPWB3i2FPcreSrLYeQf84LdE8RHjsc+MGtiOr4b7doNyWKYtkNorbRadxaPnEee2/Utrp1MIIfY5juJSy8RGwEPX5ciWcYe6EzsXWznsnvhmpKNj9B7eIIrfSbxfy8E2e/g7xav1nive+ljToka3WT1DZ8ILQd/NbnJeHWaoSEOfvz8+d8QJPb1tNZvs7zEY95DumQwbyOsIMKAvcZHJ9OJNpujXzdMyt6DpcFcqlldWBZ/8q5rAUTw0HNx/rCgbhAxRYfNoTLIcMM4L0cXbPSgCjwf5FuO3EdE13mgEDhcClW79m0QvcnIh8xgzYoxLbp0+AwvC/MbZM8savN/0ieWr2EKkZ04ggiOIEyvfCUuNprQBYO+y8kKduNEN6by0Yf4LRCPfmwN+GezDLuzTnZIMhPbGqUAdgV6ExqK2ULEEIrQEMoOuQIxfoMhqLlzG79vXGt2O+BY+4IiYfvmuRLks4UXfyHqxPXTJg48IYbGs0j4TtJPUgp3523EyYLwEGyVTAuWhYAmVIwd/hoV7d7tmfcF73w9dufDFI3LNca2KxzBnWNPYvIZKBwWbq8ncxkb191dP6mjEi7NnhqVk5A6vIBbu4AC5PZf76l6yep4xsoy/QtdDxCMocCXeAML9MQ9uPQbuspOKrBvMfN5igA1kBqasnxI472KBNXsdZnaDddSVUuvhTcETM="}' + ); + + global.Base64 = newBase64; + jsdom(); + delete require.cache[require.resolve('./privatebin')]; + require('./privatebin'); if (!paste1.includes('securely packed in iron') || !paste2.includes('Sol is right')) { throw Error('v1 (SJCL based) pastes could not be deciphered'); } @@ -532,6 +566,7 @@ describe('Model', function () { describe('getPasteId', function () { before(function () { $.PrivateBin.Model.reset(); + cleanup(); }); jsc.property( From 41701bbfe4b1e89eb56967905552099a296624b0 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Wed, 5 Apr 2017 06:55:20 +0200 Subject: [PATCH 11/17] trying to fix unit test execution in Travis --- js/test.js | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/js/test.js b/js/test.js index 88dcf58e..c6e5c7a6 100644 --- a/js/test.js +++ b/js/test.js @@ -547,15 +547,13 @@ describe('CryptTool', function () { }); describe('Base64.js vs SJCL.js vs abab.js', function () { - var btoa = require('abab').btoa; - jsc.property( 'these all return the same base64 string', 'string', function(string) { var base64 = Base64.toBase64(string), sjcl = global.sjcl.codec.base64.fromBits(global.sjcl.codec.utf8String.toBits(string)), - abab = btoa(Base64.utob(string)); + abab = window.btoa(Base64.utob(string)); return base64 === sjcl && sjcl === abab; } ); From ab2e789aee069601b0a5c4f2fcda2aa158b3e280 Mon Sep 17 00:00:00 2001 From: rugk Date: Tue, 11 Apr 2017 12:45:51 +0200 Subject: [PATCH 12/17] Add JS refactor to credits --- CREDITS.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/CREDITS.md b/CREDITS.md index 1c7ec3cc..cc63cde8 100644 --- a/CREDITS.md +++ b/CREDITS.md @@ -3,7 +3,7 @@ ## Active contributors Simon Rupf - current developer and maintainer -rugk - security review, doc improvment & various other stuff +rugk - security review, doc improvment, JS refactoring & various other stuff ## Past contributions From f54036976a486d3f7c83e52fd37ea357fd4e7a62 Mon Sep 17 00:00:00 2001 From: El RIDO Date: Tue, 11 Apr 2017 17:23:26 +0200 Subject: [PATCH 13/17] added instantburnafterreading option to address #174 --- cfg/conf.ini.sample | 4 ++++ lib/Configuration.php | 1 + lib/Model/Paste.php | 5 +++++ tst/PrivateBinTest.php | 31 +++++++++++++++++++++++++++++++ tst/README.md | 2 +- 5 files changed, 42 insertions(+), 1 deletion(-) diff --git a/cfg/conf.ini.sample b/cfg/conf.ini.sample index 0d251c18..d457b890 100644 --- a/cfg/conf.ini.sample +++ b/cfg/conf.ini.sample @@ -21,6 +21,10 @@ fileupload = false ; preselect the burn-after-reading feature, defaults to false burnafterreadingselected = false +; delete a burn after reading paste immediatly after it is first accessed from +; the server and do not wait for a successful decryption +instantburnafterreading = false + ; which display mode to preselect by default, defaults to "plaintext" ; make sure the value exists in [formatter_options] defaultformatter = "plaintext" diff --git a/lib/Configuration.php b/lib/Configuration.php index 4130a22e..b6b9f6f4 100644 --- a/lib/Configuration.php +++ b/lib/Configuration.php @@ -42,6 +42,7 @@ class Configuration 'password' => true, 'fileupload' => false, 'burnafterreadingselected' => false, + 'instantburnafterreading' => false, 'defaultformatter' => 'plaintext', 'syntaxhighlightingtheme' => null, 'sizelimit' => 2097152, diff --git a/lib/Model/Paste.php b/lib/Model/Paste.php index 8f171fe1..fae808ea 100644 --- a/lib/Model/Paste.php +++ b/lib/Model/Paste.php @@ -48,6 +48,11 @@ class Paste extends AbstractModel $data->meta->remaining_time = $data->meta->expire_date - time(); } + // check if non-expired burn after reading paste needs to be deleted + if (property_exists($data->meta, 'burnafterreading') && $data->meta->burnafterreading && $this->_conf->getKey('instantburnafterreading')) { + $this->delete(); + } + // set formatter for for the view. if (!property_exists($data->meta, 'formatter')) { // support < 0.21 syntax highlighting diff --git a/tst/PrivateBinTest.php b/tst/PrivateBinTest.php index a8aad11a..44df563f 100644 --- a/tst/PrivateBinTest.php +++ b/tst/PrivateBinTest.php @@ -822,6 +822,37 @@ class PrivateBinTest extends PHPUnit_Framework_TestCase $content, 'outputs data correctly' ); + // by default it will be deleted after encryption by the JS + $this->assertTrue($this->_model->exists(Helper::getPasteId()), 'paste exists after reading'); + } + + /** + * @runInSeparateProcess + */ + public function testReadInstantBurn() + { + $this->reset(); + $options = parse_ini_file(CONF, true); + $options['main']['instantburnafterreading'] = 1; + Helper::confBackup(); + Helper::createIniFile(CONF, $options); + $burnPaste = Helper::getPaste(array('burnafterreading' => true)); + $this->_model->create(Helper::getPasteId(), $burnPaste); + $_SERVER['QUERY_STRING'] = Helper::getPasteId(); + ob_start(); + new PrivateBin; + $content = ob_get_contents(); + ob_end_clean(); + unset($burnPaste['meta']['salt']); + $this->assertRegExp( + '#
]*>' . + preg_quote(htmlspecialchars(Helper::getPasteAsJson($burnPaste['meta']), ENT_NOQUOTES)) . + '
#', + $content, + 'outputs data correctly' + ); + // in this case the changed configuration deletes it instantly + $this->assertFalse($this->_model->exists(Helper::getPasteId()), 'paste exists after reading'); } /** diff --git a/tst/README.md b/tst/README.md index e11bc495..77b03528 100644 --- a/tst/README.md +++ b/tst/README.md @@ -10,7 +10,7 @@ and their dependencies: Example for Debian and Ubuntu: ```console -$ sudo apt install phpunit php-gd php-sqlite php-xdebug +$ sudo apt install phpunit php-gd php-sqlite3 php-xdebug ``` To run the tests, change into the `tst` directory and run phpunit: From f514381aa573fa5de2e35e1ec641395860cc68e4 Mon Sep 17 00:00:00 2001 From: rugk Date: Wed, 19 Apr 2017 00:09:41 +0200 Subject: [PATCH 14/17] Correct license We do not use the acknowledge version. Cf.: Without ack.: https://spdx.org/licenses/Zlib.html#licenseText With ack.: https://spdx.org/licenses/zlib-acknowledgement.html#licenseText --- composer.json | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/composer.json b/composer.json index 4248b5f4..2a363a66 100644 --- a/composer.json +++ b/composer.json @@ -4,7 +4,7 @@ "type": "project", "keywords": ["private", "secure", "end-to-end-encrypted", "e2e", "paste", "pastebin", "zero", "zero-knowledge", "encryption", "encrypted", "AES"], "homepage": "https://github.com/PrivateBin", - "license":"zlib-acknowledgement", + "license":"zlib", "support": { "issues": "https://github.com/PrivateBin/PrivateBin/issues", "wiki": "https://github.com/PrivateBin/PrivateBin/wiki", From fa2dde0b1f59fdfbd07c1d3a3bfe5a4c47002a6e Mon Sep 17 00:00:00 2001 From: rugk Date: Wed, 19 Apr 2017 00:49:59 +0200 Subject: [PATCH 15/17] Use SQL highlighting --- INSTALL.md | 62 ++++++++++++++++++++++++++++-------------------------- 1 file changed, 32 insertions(+), 30 deletions(-) diff --git a/INSTALL.md b/INSTALL.md index b627bc9e..8132bb8d 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -64,7 +64,7 @@ process (see also > #### PATH Example > Your PrivateBin installation lives in a subfolder called "paste" inside of > your document root. The URL looks like this: -> http://example.com/paste/ +> https://example.com/paste/ > > The full path of PrivateBin on your webserver is: > /home/example.com/htdocs/paste @@ -118,32 +118,34 @@ For reference or if you want to create the table schema for yourself (replace `prefix_` with your own table prefix and create the table schema with phpMyAdmin or the MYSQL console): - CREATE TABLE prefix_paste ( - dataid CHAR(16) NOT NULL, - data BLOB, - postdate INT, - expiredate INT, - opendiscussion INT, - burnafterreading INT, - meta TEXT, - attachment MEDIUMBLOB, - attachmentname BLOB, - PRIMARY KEY (dataid) - ); - - CREATE TABLE prefix_comment ( - dataid CHAR(16), - pasteid CHAR(16), - parentid CHAR(16), - data BLOB, - nickname BLOB, - vizhash BLOB, - postdate INT, - PRIMARY KEY (dataid) - ); - CREATE INDEX parent ON prefix_comment(pasteid); - - CREATE TABLE prefix_config ( - id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id) - ); - INSERT INTO prefix_config VALUES('VERSION', '1.1'); +```sql +CREATE TABLE prefix_paste ( + dataid CHAR(16) NOT NULL, + data BLOB, + postdate INT, + expiredate INT, + opendiscussion INT, + burnafterreading INT, + meta TEXT, + attachment MEDIUMBLOB, + attachmentname BLOB, + PRIMARY KEY (dataid) +); + +CREATE TABLE prefix_comment ( + dataid CHAR(16), + pasteid CHAR(16), + parentid CHAR(16), + data BLOB, + nickname BLOB, + vizhash BLOB, + postdate INT, + PRIMARY KEY (dataid) +); +CREATE INDEX parent ON prefix_comment(pasteid); + +CREATE TABLE prefix_config ( + id CHAR(16) NOT NULL, value TEXT, PRIMARY KEY (id) +); +INSERT INTO prefix_config VALUES('VERSION', '1.1'); +``` From 0ae952e63f37d0d4d44f49b80ff7012888c75895 Mon Sep 17 00:00:00 2001 From: rugk Date: Thu, 4 May 2017 16:49:16 +0200 Subject: [PATCH 16/17] Add note about PostgreSQL see https://github.com/PrivateBin/PrivateBin/issues/227 --- INSTALL.md | 3 +++ vendor/composer/autoload_classmap.php | 1 + vendor/composer/autoload_static.php | 1 + 3 files changed, 5 insertions(+) diff --git a/INSTALL.md b/INSTALL.md index 8132bb8d..ffd5d39a 100644 --- a/INSTALL.md +++ b/INSTALL.md @@ -149,3 +149,6 @@ CREATE TABLE prefix_config ( ); INSERT INTO prefix_config VALUES('VERSION', '1.1'); ``` + +In PostgreSQL the attachment column needs to be TEXT and not BLOB or MEDIUMBLOB. + diff --git a/vendor/composer/autoload_classmap.php b/vendor/composer/autoload_classmap.php index ceb98f99..8f36d522 100644 --- a/vendor/composer/autoload_classmap.php +++ b/vendor/composer/autoload_classmap.php @@ -23,6 +23,7 @@ return array( 'PrivateBin\\Model\\Comment' => $baseDir . '/lib/Model/Comment.php', 'PrivateBin\\Model\\Paste' => $baseDir . '/lib/Model/Paste.php', 'PrivateBin\\Persistence\\AbstractPersistence' => $baseDir . '/lib/Persistence/AbstractPersistence.php', + 'PrivateBin\\Persistence\\DataStore' => $baseDir . '/lib/Persistence/DataStore.php', 'PrivateBin\\Persistence\\PurgeLimiter' => $baseDir . '/lib/Persistence/PurgeLimiter.php', 'PrivateBin\\Persistence\\ServerSalt' => $baseDir . '/lib/Persistence/ServerSalt.php', 'PrivateBin\\Persistence\\TrafficLimiter' => $baseDir . '/lib/Persistence/TrafficLimiter.php', diff --git a/vendor/composer/autoload_static.php b/vendor/composer/autoload_static.php index 001a248f..bc6ffd2f 100644 --- a/vendor/composer/autoload_static.php +++ b/vendor/composer/autoload_static.php @@ -52,6 +52,7 @@ class ComposerStaticInitDontChange 'PrivateBin\\Model\\Comment' => __DIR__ . '/../..' . '/lib/Model/Comment.php', 'PrivateBin\\Model\\Paste' => __DIR__ . '/../..' . '/lib/Model/Paste.php', 'PrivateBin\\Persistence\\AbstractPersistence' => __DIR__ . '/../..' . '/lib/Persistence/AbstractPersistence.php', + 'PrivateBin\\Persistence\\DataStore' => __DIR__ . '/../..' . '/lib/Persistence/DataStore.php', 'PrivateBin\\Persistence\\PurgeLimiter' => __DIR__ . '/../..' . '/lib/Persistence/PurgeLimiter.php', 'PrivateBin\\Persistence\\ServerSalt' => __DIR__ . '/../..' . '/lib/Persistence/ServerSalt.php', 'PrivateBin\\Persistence\\TrafficLimiter' => __DIR__ . '/../..' . '/lib/Persistence/TrafficLimiter.php', From c23c65f1f4f4c8e28c69e5c8a9fc99b43f48c10a Mon Sep 17 00:00:00 2001 From: Angristan Date: Wed, 10 May 2017 22:06:19 +0200 Subject: [PATCH 17/17] Corrections and missing translations --- i18n/fr.json | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/i18n/fr.json b/i18n/fr.json index 10c36a4e..5ac34244 100644 --- a/i18n/fr.json +++ b/i18n/fr.json @@ -1,7 +1,7 @@ { "PrivateBin": "PrivateBin", "%s is a minimalist, open source online pastebin where the server has zero knowledge of pasted data. Data is encrypted/decrypted in the browser using 256 bits AES. More information on the project page.": - "%s est un 'pastebin' (ou gestionnaire d'extraits de texte et de code source) minimaliste et open source, dans lequel le serveur n'a aucune connaissance des données envoyées. Les données sont chiffrées/déchiffrées dans le navigateur par un chiffrage AES 256 bits. Plus d'informations sur la page du projet.", + "%s est un 'pastebin' (ou gestionnaire d'extraits de texte et de code source) minimaliste et open source, dans lequel le serveur n'a aucune connaissance des données envoyées. Les données sont chiffrées/déchiffrées dans le navigateur par un chiffrement AES 256 bits. Plus d'informations sur la page du projet.", "Because ignorance is bliss": "Parce que l'ignorance c'est le bonheur", "en": "fr", @@ -123,7 +123,7 @@ "Could not create paste: %s": "Impossible de créer le paste : %s", "Cannot decrypt paste: Decryption key missing in URL (Did you use a redirector or an URL shortener which strips part of the URL?)": - "Impossible de déchiffrer le paste : Clé de déchiffrage manquante dans l'URL (Avez-vous utilisé un redirecteur ou un site de réduction d'URL qui supprime une partie de l'URL ?)", + "Impossible de déchiffrer le paste : Clé de déchiffrement manquante dans l'URL (Avez-vous utilisé un redirecteur ou un site de réduction d'URL qui supprime une partie de l'URL ?)", "B": "o", "KiB": "Kio", "MiB": "Mio", @@ -156,8 +156,8 @@ "Enter password": "Entrez le mot de passe", "Loading…": "Chargement…", - "Decrypting paste…": "Decrypting paste…", - "Preparing new paste…": "Preparing new paste…", + "Decrypting paste…": "Déchiffrement du paste…", + "Preparing new paste…": "Préparation du paste…", "In case this message never disappears please have a look at this FAQ for information to troubleshoot.": "Si ce message ne disparaîssait pas, jetez un oeil à cette FAQ pour des idées de résolution (en Anglais).", "+++ no paste text +++": "+++ no paste text +++"