Merge pull request #836 from nextcloud/php7.1

Add PHP 7.1 drone tests

.drone.yml

@@ -15,6 +15,12 @@ build:
       - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
       - git submodule update --init
       - NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite
+  nodb-php7.1:
+    image: nextcloudci/php7.1:php7.1-3
+    commands:
+      - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
+      - git submodule update --init
+      - NOCOVERAGE=true TEST_SELECTION=NODB ./autotest.sh sqlite
   sqlite-php5.6:
     image: nextcloudci/php5.6:php5.6-2
     commands:
@@ -27,6 +33,12 @@ build:
       - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
       - git submodule update --init
       - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite
+  sqlite-php7.1:
+    image: nextcloudci/php7.1:php7.1-3
+    commands:
+      - rm -rf data/* config/config.php # TODO: remove this - temporary fix for CI issues
+      - git submodule update --init
+      - NOCOVERAGE=true TEST_SELECTION=DB ./autotest.sh sqlite
   mysql-php5.6:
     image: nextcloudci/php5.6:php5.6-2
     commands:

3rdparty

@@ -1 +1 @@
-Subproject commit a7109f7505ce8ab1775f54ff723b72e4e65c13d2
+Subproject commit 700cba55e9483e7514d36ea43ddac36de63c3697

build/OCPSinceChecker.php

@@ -111,7 +111,7 @@ $errors = [];
 foreach($Regex as $file) {
 	$stmts = $parser->parse(file_get_contents($file[0]));
 
-	$visitor = new SinceTagCheckVisitor($this->blackListedClassNames);
+	$visitor = new SinceTagCheckVisitor();
 	$traverser = new \PhpParser\NodeTraverser();
 	$traverser->addVisitor($visitor);
 	$traverser->traverse($stmts);

lib/private/App/InfoParser.php

@@ -156,7 +156,7 @@ class InfoParser {
 			$totalElement = count($xml->{$element});
 
 			if (!isset($array[$element])) {
-				$array[$element] = "";
+				$array[$element] = $totalElement > 1 ? [] : "";
 			}
 			/** @var \SimpleXMLElement $node */
 			// Has attributes

lib/private/IntegrityCheck/Checker.php

@@ -249,6 +249,8 @@ class Checker {
 
 		$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
 		$privateKey->setMGFHash('sha512');
+		// See https://tools.ietf.org/html/rfc3447#page-38
+		$privateKey->setSaltLength(0);
 		$signature = $privateKey->sign(json_encode($hashes));
 
 		return [
@@ -343,7 +345,7 @@ class Checker {
 		// Verify if certificate has proper CN. "core" CN is always trusted.
 		if($x509->getDN(X509::DN_OPENSSL)['CN'] !== $certificateCN && $x509->getDN(X509::DN_OPENSSL)['CN'] !== 'core') {
 			throw new InvalidSignatureException(
-					sprintf('Certificate is not valid for required scope. (Requested: %s, current: %s)', $certificateCN, $x509->getDN(true))
+					sprintf('Certificate is not valid for required scope. (Requested: %s, current: CN=%s)', $certificateCN, $x509->getDN(true)['CN'])
 			);
 		}
 
@@ -352,6 +354,8 @@ class Checker {
 		$rsa->loadKey($x509->currentCert['tbsCertificate']['subjectPublicKeyInfo']['subjectPublicKey']);
 		$rsa->setSignatureMode(RSA::SIGNATURE_PSS);
 		$rsa->setMGFHash('sha512');
+		// See https://tools.ietf.org/html/rfc3447#page-38
+		$rsa->setSaltLength(0);
 		if(!$rsa->verify(json_encode($expectedHashes), $signature)) {
 			throw new InvalidSignatureException('Signature could not get verified.');
 		}

settings/Controller/SecuritySettingsController.php

@@ -61,7 +61,7 @@ class SecuritySettingsController extends Controller {
 	 * @return array
 	 */
 	public function trustedDomains($newTrustedDomain) {
-		$trustedDomains = $this->config->getSystemValue('trusted_domains');
+		$trustedDomains = $this->config->getSystemValue('trusted_domains', []);
 		$trustedDomains[] = $newTrustedDomain;
 		$this->config->setSystemValue('trusted_domains', $trustedDomains);
 

tests/Settings/Controller/SecuritySettingsControllerTest.php

@@ -57,8 +57,8 @@ class SecuritySettingsControllerTest extends \PHPUnit_Framework_TestCase {
 		$this->container['Config']
 			->expects($this->once())
 			->method('getSystemValue')
-			->with('trusted_domains')
-			->will($this->returnValue(''));
+			->with($this->equalTo('trusted_domains'), $this->equalTo([]))
+			->willReturn([]);
 
 		$response = $this->securitySettingsController->trustedDomains('newdomain.com');
 		$expectedResponse = array('status' => 'success');

tests/lib/IntegrityCheck/CheckerTest.php

@@ -102,8 +102,13 @@ class CheckerTest extends TestCase {
 			->expects($this->once())
 			->method('file_put_contents')
 			->with(
-					\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json',
-					$expectedSignatureFileData
+					$this->equalTo(\OC::$SERVERROOT . '/tests/data/integritycheck/app//appinfo/signature.json'),
+					$this->callback(function($signature) use ($expectedSignatureFileData) {
+						$expectedArray = json_decode($expectedSignatureFileData, true);
+						$actualArray = json_decode($signature, true);
+						$this->assertEquals($expectedArray, $actualArray);
+						return true;
+					})
 			);
 
 		$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/SomeApp.crt');
@@ -456,7 +461,12 @@ class CheckerTest extends TestCase {
 				->method('file_put_contents')
 				->with(
 						\OC::$SERVERROOT . '/tests/data/integritycheck/app//core/signature.json',
-						$expectedSignatureFileData
+						$this->callback(function($signature) use ($expectedSignatureFileData) {
+						$expectedArray = json_decode($expectedSignatureFileData, true);
+						$actualArray = json_decode($signature, true);
+						$this->assertEquals($expectedArray, $actualArray);
+						return true;
+						})
 				);
 
 		$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
@@ -486,7 +496,12 @@ class CheckerTest extends TestCase {
 				->method('file_put_contents')
 				->with(
 						\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessUnmodified//core/signature.json',
-						$expectedSignatureFileData
+					$this->callback(function($signature) use ($expectedSignatureFileData) {
+						$expectedArray = json_decode($expectedSignatureFileData, true);
+						$actualArray = json_decode($signature, true);
+						$this->assertEquals($expectedArray, $actualArray);
+						return true;
+					})
 				);
 
 		$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
@@ -511,7 +526,12 @@ class CheckerTest extends TestCase {
 				->method('file_put_contents')
 				->with(
 						\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithInvalidModifiedContent//core/signature.json',
-						$expectedSignatureFileData
+					$this->callback(function($signature) use ($expectedSignatureFileData) {
+						$expectedArray = json_decode($expectedSignatureFileData, true);
+						$actualArray = json_decode($signature, true);
+						$this->assertEquals($expectedArray, $actualArray);
+						return true;
+					})
 				);
 
 		$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');
@@ -542,7 +562,12 @@ class CheckerTest extends TestCase {
 				->method('file_put_contents')
 				->with(
 						\OC::$SERVERROOT . '/tests/data/integritycheck/htaccessWithValidModifiedContent/core/signature.json',
-						$expectedSignatureFileData
+					$this->callback(function($signature) use ($expectedSignatureFileData) {
+						$expectedArray = json_decode($expectedSignatureFileData, true);
+						$actualArray = json_decode($signature, true);
+						$this->assertEquals($expectedArray, $actualArray);
+						return true;
+					})
 				);
 
 		$keyBundle = file_get_contents(__DIR__ .'/../../data/integritycheck/core.crt');