Merge pull request #237 from moebrowne/feature/weak-cipher-warning

Warn When Using Weak Ciphers

Author: sebastianfeldmann

src/Backup/Crypter/OpenSSL.php

@@ -4,6 +4,7 @@
 use phpbu\App\Backup\Restore\Plan;
 use phpbu\App\Backup\Target;
 use phpbu\App\Cli\Executable;
+use phpbu\App\Result;
 use phpbu\App\Util;
 
 /**
@@ -54,6 +55,79 @@ class OpenSSL extends Abstraction implements Simulator, Restorable
      */
     private $keepUncrypted;
 
+    private $weakAlgorithms = [
+        'rc2'          => true,
+        'rc2-40'       => true,
+        'rc2-64'       => true,
+        'rc2-128'      => true,
+        'rc2-40-cbc'   => true,
+        'rc2-64-cbc'   => true,
+        'rc2-cbc'      => true,
+        'rc2-cfb'      => true,
+        'rc2-ecb'      => true,
+        'rc2-ofb'      => true,
+        'rc4'          => true,
+        'rc4-40'       => true,
+        'des'          => true,
+        'des-cbc'      => true,
+        'des-cfb'      => true,
+        'des-ecb'      => true,
+        'des-ede'      => true,
+        'des-ede-cbc'  => true,
+        'des-ede-cfb'  => true,
+        'des-ede-ofb'  => true,
+        'des-ede3'     => true,
+        'des-ede3-cbc' => true,
+        'des-ede3-cfb' => true,
+        'des-ede3-ofb' => true,
+        'des-ofb'      => true,
+        'des3'         => true,
+        'desx'         => true,
+        'seed'         => true,
+        'seed-cbc'     => true,
+        'seed-cfb'     => true,
+        'seed-ecb'     => true,
+        'seed-ofb'     => true,
+    ];
+
+    /**
+     * @inheritDoc
+     */
+    public function crypt(Target $target, Result $result)
+    {
+        if ($this->isUsingWeakAlgorithm()) {
+            $name = strtolower(get_class($this));
+
+            $result->warn($name . ': The ' . $this->algorithm . ' algorithm is considered weak');
+        }
+
+        return parent::crypt($target, $result);
+    }
+
+
+    /**
+     * @inheritDoc
+     */
+    public function simulate(Target $target, Result $result)
+    {
+        if ($this->isUsingWeakAlgorithm()) {
+            $name = strtolower(get_class($this));
+
+            $result->warn($name . ': The ' . $this->algorithm . ' algorithm is considered weak');
+        }
+
+        return parent::simulate($target, $result);
+    }
+
+    public function isUsingWeakAlgorithm(): bool
+    {
+        if (null === $this->algorithm) {
+            throw new Exception('algorithm is not set');
+        }
+
+        return isset($this->weakAlgorithms[$this->algorithm]);
+    }
+
     /**
      * Setup
      *

src/Event/Warning.php

@@ -0,0 +1,47 @@
+<?php
+namespace phpbu\App\Event;
+
+/**
+ * Debug Event
+ *
+ * @package    phpbu
+ * @subpackage Event
+ * @author     MoeBrowne <moebrowne@users.noreply.github.com>
+ * @license    https://opensource.org/licenses/MIT The MIT License (MIT)
+ * @link       http://phpbu.de/
+ * @since      Class available since Release 6.0.0
+ */
+class Warning
+{
+    /**
+     * Event name
+     */
+    const NAME = 'phpbu.warning';
+
+    /**
+     * Warning message
+     *
+     * @var string
+     */
+    protected $message;
+
+    /**
+     * Constructor.
+     *
+     * @param string $message
+     */
+    public function __construct(string $message)
+    {
+        $this->message = $message;
+    }
+
+    /**
+     * Message getter.
+     *
+     * @return string
+     */
+    public function getMessage() : string
+    {
+        return $this->message;
+    }
+}

src/Result.php

@@ -572,4 +572,15 @@ public function debug($msg) : void
         $event = new Event\Debug($msg);
         $this->eventDispatcher->dispatch(Event\Debug::NAME, $event);
     }
+
+    /**
+     * Warning
+     *
+     * @param string $msg
+     */
+    public function warn($msg) : void
+    {
+        $event = new Event\Warning($msg);
+        $this->eventDispatcher->dispatch(Event\Warning::NAME, $event);
+    }
 }

src/Result/PrinterCli.php

@@ -110,6 +110,7 @@ public static function getSubscribedEvents(): array
     {
         return [
             'phpbu.debug'           => 'onDebug',
+            'phpbu.warning'         => 'onWarning',
             'phpbu.app_start'       => 'onPhpbuStart',
             'phpbu.backup_start'    => 'onBackupStart',
             'phpbu.backup_failed'   => 'onBackupFailed',
@@ -406,6 +407,16 @@ public function onDebug(Event\Debug $event)
         }
     }
 
+    /**
+     * Warnings.
+     *
+     * @param \phpbu\App\Event\Warning $event
+     */
+    public function onWarning(Event\Warning $event)
+    {
+        $this->writeWithColor('fg-black, bg-yellow', $event->getMessage() . PHP_EOL);
+    }
+
     /**
      * phpbu end event.
      *

tests/phpbu/Backup/Crypter/OpenSSLTest.php

@@ -171,4 +171,23 @@ public function testGetSuffix()
         $suffix  = $openSSL->getSuffix();
         $this->assertEquals('enc', $suffix);
     }
+
+    /**
+     * Tests that a warning is emitted for weak algorithms
+     */
+    public function testWeakAlgorithmsCauseWarnings()
+    {
+        $runner = $this->getRunnerMock();
+        $runner->expects($this->once())
+            ->method('run')
+            ->willReturn($this->getRunnerResultMock(0, 'openssl'));
+
+        $target    = $this->createTargetMock(__FILE__);
+        $appResult = $this->getAppResultMock();
+        $appResult->expects($this->once())->method('warn');
+
+        $openSSL = new OpenSSL($runner);
+        $openSSL->setup(['pathToOpenSSL' => PHPBU_TEST_BIN, 'password' => 'fooBarBaz', 'algorithm' => 'des']);
+        $openSSL->crypt($target, $appResult);
+    }
 }