Use better random number generator #29

composer.json

@@ -18,7 +18,8 @@
         }
     ],
     "require": {
-        "php": "^5.2.6 || ^7.0"
+        "php": "^5.2.6 || ^7.0",
+        "paragonie/random_compat": "^2.0"
     },
     "require-dev": {
         "codacy/coverage": "dev-master",

lib/Persistence/ServerSalt.php

@@ -26,6 +26,15 @@ use Exception;
  */
 class ServerSalt extends AbstractPersistence
 {
+    /**
+     * file where salt is saved to
+     *
+     * @access private
+     * @static
+     * @var    string
+     */
+    private static $_file = 'salt.php';
+
     /**
      * generated salt
      *
@@ -44,16 +53,7 @@ class ServerSalt extends AbstractPersistence
      */
     public static function generate()
     {
-        $randomSalt = '';
-        if (function_exists('mcrypt_create_iv')) {
-            $randomSalt = bin2hex(mcrypt_create_iv(256, MCRYPT_DEV_URANDOM));
-        } else {
-            // fallback to mt_rand()
-
-            for ($i = 0; $i < 256; ++$i) {
-                $randomSalt .= base_convert(mt_rand(), 10, 16);
-            }
-        }
+        $randomSalt = bin2hex(random_bytes(256));
         return $randomSalt;
     }
 
@@ -71,19 +71,18 @@ class ServerSalt extends AbstractPersistence
             return self::$_salt;
         }
 
-        $file = 'salt.php';
-        if (self::_exists($file)) {
-            if (is_readable(self::getPath($file))) {
-                $items = explode('|', file_get_contents(self::getPath($file)));
+        if (self::_exists(self::$_file)) {
+            if (is_readable(self::getPath(self::$_file))) {
+                $items = explode('|', file_get_contents(self::getPath(self::$_file)));
             }
             if (!isset($items) || !is_array($items) || count($items) != 3) {
-                throw new Exception('unable to read file ' . self::getPath($file), 20);
+                throw new Exception('unable to read file ' . self::getPath(self::$_file), 20);
             }
             self::$_salt = $items[1];
         } else {
             self::$_salt = self::generate();
             self::_store(
-                $file,
+                self::$_file,
                 '<?php /* |' . self::$_salt . '| */ ?>'
             );
         }

tst/Persistence/ServerSaltTest.php

@@ -43,26 +43,6 @@ class ServerSaltTest extends PHPUnit_Framework_TestCase
         ServerSalt::setPath($this->_path);
         $salt = ServerSalt::get();
 
-        // mcrypt mock
-        if (!function_exists('mcrypt_create_iv')) {
-            if (!defined('MCRYPT_DEV_URANDOM')) {
-                define('MCRYPT_DEV_URANDOM', 1);
-            }
-            function mcrypt_create_iv($int, $flag)
-            {
-                $randomSalt = '';
-                for ($i = 0; $i < $int; ++$i) {
-                    $randomSalt .= base_convert(mt_rand(), 10, 16);
-                }
-                // hex2bin requires an even length, pad if necessary
-                if (strlen($randomSalt) % 2) {
-                    $randomSalt = '0' . $randomSalt;
-                }
-                return hex2bin($randomSalt);
-            }
-            $this->assertNotEquals($salt, ServerSalt::generate());
-        }
-
         // try setting a different path and resetting it
         ServerSalt::setPath($this->_otherPath);
         $this->assertNotEquals($salt, ServerSalt::get());

vendor/composer/autoload_classmap.php

@@ -5,4 +5,24 @@
 $vendorDir = dirname(dirname(__FILE__));
 $baseDir = dirname($vendorDir);
 
-return array();
+return array(
+    'PrivateBin\\Configuration' => $baseDir . '/lib/Configuration.php',
+    'PrivateBin\\Data\\AbstractData' => $baseDir . '/lib/Data/AbstractData.php',
+    'PrivateBin\\Data\\Database' => $baseDir . '/lib/Data/Database.php',
+    'PrivateBin\\Data\\Filesystem' => $baseDir . '/lib/Data/Filesystem.php',
+    'PrivateBin\\Filter' => $baseDir . '/lib/Filter.php',
+    'PrivateBin\\I18n' => $baseDir . '/lib/I18n.php',
+    'PrivateBin\\Model' => $baseDir . '/lib/Model.php',
+    'PrivateBin\\Model\\AbstractModel' => $baseDir . '/lib/Model/AbstractModel.php',
+    'PrivateBin\\Model\\Paste' => $baseDir . '/lib/Model/Paste.php',
+    'PrivateBin\\Persistence\\AbstractPersistence' => $baseDir . '/lib/Persistence/AbstractPersistence.php',
+    'PrivateBin\\Persistence\\PurgeLimiter' => $baseDir . '/lib/Persistence/PurgeLimiter.php',
+    'PrivateBin\\Persistence\\ServerSalt' => $baseDir . '/lib/Persistence/ServerSalt.php',
+    'PrivateBin\\Persistence\\TrafficLimiter' => $baseDir . '/lib/Persistence/TrafficLimiter.php',
+    'PrivateBin\\PrivateBin' => $baseDir . '/lib/PrivateBin.php',
+    'PrivateBin\\Request' => $baseDir . '/lib/Request.php',
+    'PrivateBin\\Sjcl' => $baseDir . '/lib/Sjcl.php',
+    'PrivateBin\\View' => $baseDir . '/lib/View.php',
+    'PrivateBin\\Vizhash16x16' => $baseDir . '/lib/Vizhash16x16.php',
+    'PrivateBin\\model\\Comment' => $baseDir . '/lib/Model/Comment.php',
+);

vendor/composer/autoload_files.php

@@ -5,4 +5,6 @@
 $vendorDir = dirname(dirname(__FILE__));
 $baseDir = dirname($vendorDir);
 
-return array();
+return array(
+    '5255c38a0faeba867671b61dfda6d864' => $vendorDir . '/paragonie/random_compat/lib/random.php',
+);

vendor/composer/autoload_namespaces.php

@@ -6,10 +6,4 @@ $vendorDir = dirname(dirname(__FILE__));
 $baseDir = dirname($vendorDir);
 
 return array(
-    'Psr\\Log\\' => array($vendorDir . '/psr/log'),
-    'Prophecy\\' => array($vendorDir . '/phpspec/prophecy/src'),
-    'Guzzle\\Tests' => array($vendorDir . '/guzzle/guzzle/tests'),
-    'Guzzle' => array($vendorDir . '/guzzle/guzzle/src'),
-    'CodeClimate\\Component' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
-    'CodeClimate\\Bundle' => array($vendorDir . '/codeclimate/php-test-reporter/src'),
 );

vendor/composer/autoload_static.php

@@ -6,7 +6,9 @@ namespace Composer\Autoload;
 
 class ComposerStaticInitDontChange
 {
-    public static $files = array ();
+    public static $files = array (
+        '5255c38a0faeba867671b61dfda6d864' => __DIR__ . '/..' . '/paragonie/random_compat/lib/random.php',
+    );
 
     public static $prefixLengthsPsr4 = array (
         'P' => 
@@ -22,16 +24,33 @@ class ComposerStaticInitDontChange
         ),
     );
 
-    public static $prefixesPsr0 = array ();
-
-    public static $classMap = array ();
+    public static $classMap = array (
+        'PrivateBin\\Configuration' => __DIR__ . '/../..' . '/lib/Configuration.php',
+        'PrivateBin\\Data\\AbstractData' => __DIR__ . '/../..' . '/lib/Data/AbstractData.php',
+        'PrivateBin\\Data\\Database' => __DIR__ . '/../..' . '/lib/Data/Database.php',
+        'PrivateBin\\Data\\Filesystem' => __DIR__ . '/../..' . '/lib/Data/Filesystem.php',
+        'PrivateBin\\Filter' => __DIR__ . '/../..' . '/lib/Filter.php',
+        'PrivateBin\\I18n' => __DIR__ . '/../..' . '/lib/I18n.php',
+        'PrivateBin\\Model' => __DIR__ . '/../..' . '/lib/Model.php',
+        'PrivateBin\\Model\\AbstractModel' => __DIR__ . '/../..' . '/lib/Model/AbstractModel.php',
+        'PrivateBin\\Model\\Paste' => __DIR__ . '/../..' . '/lib/Model/Paste.php',
+        'PrivateBin\\Persistence\\AbstractPersistence' => __DIR__ . '/../..' . '/lib/Persistence/AbstractPersistence.php',
+        'PrivateBin\\Persistence\\PurgeLimiter' => __DIR__ . '/../..' . '/lib/Persistence/PurgeLimiter.php',
+        'PrivateBin\\Persistence\\ServerSalt' => __DIR__ . '/../..' . '/lib/Persistence/ServerSalt.php',
+        'PrivateBin\\Persistence\\TrafficLimiter' => __DIR__ . '/../..' . '/lib/Persistence/TrafficLimiter.php',
+        'PrivateBin\\PrivateBin' => __DIR__ . '/../..' . '/lib/PrivateBin.php',
+        'PrivateBin\\Request' => __DIR__ . '/../..' . '/lib/Request.php',
+        'PrivateBin\\Sjcl' => __DIR__ . '/../..' . '/lib/Sjcl.php',
+        'PrivateBin\\View' => __DIR__ . '/../..' . '/lib/View.php',
+        'PrivateBin\\Vizhash16x16' => __DIR__ . '/../..' . '/lib/Vizhash16x16.php',
+        'PrivateBin\\model\\Comment' => __DIR__ . '/../..' . '/lib/Model/Comment.php',
+    );
 
     public static function getInitializer(ClassLoader $loader)
     {
         return \Closure::bind(function () use ($loader) {
             $loader->prefixLengthsPsr4 = ComposerStaticInitDontChange::$prefixLengthsPsr4;
             $loader->prefixDirsPsr4 = ComposerStaticInitDontChange::$prefixDirsPsr4;
-            $loader->prefixesPsr0 = ComposerStaticInitDontChange::$prefixesPsr0;
             $loader->classMap = ComposerStaticInitDontChange::$classMap;
 
         }, null, ClassLoader::class);

vendor/composer/installed.json

@@ -1 +1,52 @@
-[]
+[
+    {
+        "name": "paragonie/random_compat",
+        "version": "v2.0.2",
+        "version_normalized": "2.0.2.0",
+        "source": {
+            "type": "git",
+            "url": "https://github.com/paragonie/random_compat.git",
+            "reference": "088c04e2f261c33bed6ca5245491cfca69195ccf"
+        },
+        "dist": {
+            "type": "zip",
+            "url": "https://api.github.com/repos/paragonie/random_compat/zipball/088c04e2f261c33bed6ca5245491cfca69195ccf",
+            "reference": "088c04e2f261c33bed6ca5245491cfca69195ccf",
+            "shasum": ""
+        },
+        "require": {
+            "php": ">=5.2.0"
+        },
+        "require-dev": {
+            "phpunit/phpunit": "4.*|5.*"
+        },
+        "suggest": {
+            "ext-libsodium": "Provides a modern crypto API that can be used to generate random bytes."
+        },
+        "time": "2016-04-03 06:00:07",
+        "type": "library",
+        "installation-source": "dist",
+        "autoload": {
+            "files": [
+                "lib/random.php"
+            ]
+        },
+        "notification-url": "https://packagist.org/downloads/",
+        "license": [
+            "MIT"
+        ],
+        "authors": [
+            {
+                "name": "Paragon Initiative Enterprises",
+                "email": "security@paragonie.com",
+                "homepage": "https://paragonie.com"
+            }
+        ],
+        "description": "PHP 5.x polyfill for random_bytes() and random_int() from PHP 7",
+        "keywords": [
+            "csprng",
+            "pseudorandom",
+            "random"
+        ]
+    }
+]