From dd8014a0f45946195da725522f0be32e8cae106c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Jean-Fran=C3=A7ois=20Simon?= Date: Tue, 30 Jul 2013 14:08:17 +0200 Subject: [PATCH] Replace sha1 and md5 hashing with sha256 algorithm --- .../AbstractDoctrineExtension.php | 2 +- .../Bridge/Doctrine/Form/Type/DoctrineType.php | 2 +- .../DependencyInjection/FrameworkExtension.php | 2 +- .../ClassLoader/ClassCollectionLoader.php | 2 +- .../DependencyInjection/Loader/XmlFileLoader.php | 4 ++-- .../Form/Extension/Core/Type/ChoiceType.php | 2 +- .../Session/Storage/MockArraySessionStorage.php | 2 +- .../Component/HttpKernel/HttpCache/Store.php | 4 ++-- .../Component/HttpKernel/Profiler/Profiler.php | 2 +- .../Fragment/HIncludeFragmentRendererTest.php | 2 +- .../HttpKernel/Tests/HttpCache/HttpCacheTest.php | 2 +- .../HttpKernel/Tests/HttpCache/StoreTest.php | 16 ++++++++-------- src/Symfony/Component/HttpKernel/UriSigner.php | 2 +- .../Component/Templating/Asset/UrlPackage.php | 2 +- .../Component/Templating/Loader/CacheLoader.php | 2 +- src/Symfony/Component/Templating/PhpEngine.php | 2 +- 16 files changed, 25 insertions(+), 25 deletions(-) diff --git a/src/Symfony/Bridge/Doctrine/DependencyInjection/AbstractDoctrineExtension.php b/src/Symfony/Bridge/Doctrine/DependencyInjection/AbstractDoctrineExtension.php index e23b59b6fa..5fd3090a79 100644 --- a/src/Symfony/Bridge/Doctrine/DependencyInjection/AbstractDoctrineExtension.php +++ b/src/Symfony/Bridge/Doctrine/DependencyInjection/AbstractDoctrineExtension.php @@ -368,7 +368,7 @@ abstract class AbstractDoctrineExtension extends Extension if (!isset($cacheDriver['namespace'])) { // generate a unique namespace for the given application - $cacheDriver['namespace'] = 'sf2'.$this->getMappingResourceExtension().'_'.$objectManager['name'].'_'.md5($container->getParameter('kernel.root_dir').$container->getParameter('kernel.environment')); + $cacheDriver['namespace'] = 'sf2'.$this->getMappingResourceExtension().'_'.$objectManager['name'].'_'.hash('sha256',($container->getParameter('kernel.root_dir').$container->getParameter('kernel.environment'))); } $cacheDef->addMethodCall('setNamespace', array($cacheDriver['namespace'])); diff --git a/src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php b/src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php index 81623966c1..d3ea2a2906 100644 --- a/src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php +++ b/src/Symfony/Bridge/Doctrine/Form/Type/DoctrineType.php @@ -109,7 +109,7 @@ abstract class DoctrineType extends AbstractType ? spl_object_hash($options['group_by']) : $options['group_by']; - $hash = md5(json_encode(array( + $hash = hash('sha256', json_encode(array( spl_object_hash($options['em']), $options['class'], $propertyHash, diff --git a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php index dbcc8304ea..f0460c1a85 100644 --- a/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php +++ b/src/Symfony/Bundle/FrameworkBundle/DependencyInjection/FrameworkExtension.php @@ -624,7 +624,7 @@ class FrameworkExtension extends Extension ->replaceArgument(1, new Reference('validator.mapping.cache.'.$config['cache'])); $container->setParameter( 'validator.mapping.cache.prefix', - 'validator_'.md5($container->getParameter('kernel.root_dir')) + 'validator_'.hash('sha256', $container->getParameter('kernel.root_dir')) ); } } diff --git a/src/Symfony/Component/ClassLoader/ClassCollectionLoader.php b/src/Symfony/Component/ClassLoader/ClassCollectionLoader.php index be1c7e2b55..b2be33ad88 100644 --- a/src/Symfony/Component/ClassLoader/ClassCollectionLoader.php +++ b/src/Symfony/Component/ClassLoader/ClassCollectionLoader.php @@ -53,7 +53,7 @@ class ClassCollectionLoader $classes = array_diff($classes, $declared); // the cache is different depending on which classes are already declared - $name = $name.'-'.substr(md5(implode('|', $classes)), 0, 5); + $name = $name.'-'.substr(hash('sha256', implode('|', $classes)), 0, 5); } $classes = array_unique($classes); diff --git a/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php b/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php index 3e3fa9d738..f9a1c2a2eb 100644 --- a/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php +++ b/src/Symfony/Component/DependencyInjection/Loader/XmlFileLoader.php @@ -233,7 +233,7 @@ class XmlFileLoader extends FileLoader if (false !== $nodes = $xml->xpath('//container:argument[@type="service"][not(@id)]|//container:property[@type="service"][not(@id)]')) { foreach ($nodes as $node) { // give it a unique name - $id = sprintf('%s_%d', md5($file), ++$count); + $id = sprintf('%s_%d', hash('sha256', $file), ++$count); $node['id'] = $id; $definitions[$id] = array($node->service, $file, false); @@ -245,7 +245,7 @@ class XmlFileLoader extends FileLoader if (false !== $nodes = $xml->xpath('//container:services/container:service[not(@id)]')) { foreach ($nodes as $node) { // give it a unique name - $id = sprintf('%s_%d', md5($file), ++$count); + $id = sprintf('%s_%d', hash('sha256', $file), ++$count); $node['id'] = $id; $definitions[$id] = array($node, $file, true); diff --git a/src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php b/src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php index 9a3fdef12b..d26ee5f72a 100644 --- a/src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php +++ b/src/Symfony/Component/Form/Extension/Core/Type/ChoiceType.php @@ -164,7 +164,7 @@ class ChoiceType extends AbstractType $choices = null !== $options['choices'] ? $options['choices'] : array(); // Reuse existing choice lists in order to increase performance - $hash = md5(json_encode(array($choices, $options['preferred_choices']))); + $hash = hash('sha256', json_encode(array($choices, $options['preferred_choices']))); if (!isset($choiceListCache[$hash])) { $choiceListCache[$hash] = new SimpleChoiceList($choices, $options['preferred_choices']); diff --git a/src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php b/src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php index a1fcf539f8..d2d4244e25 100644 --- a/src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php +++ b/src/Symfony/Component/HttpFoundation/Session/Storage/MockArraySessionStorage.php @@ -249,7 +249,7 @@ class MockArraySessionStorage implements SessionStorageInterface */ protected function generateId() { - return sha1(uniqid(mt_rand())); + return hash('sha256', uniqid(mt_rand())); } protected function loadSession() diff --git a/src/Symfony/Component/HttpKernel/HttpCache/Store.php b/src/Symfony/Component/HttpKernel/HttpCache/Store.php index a1cda1fd27..acddb82652 100644 --- a/src/Symfony/Component/HttpKernel/HttpCache/Store.php +++ b/src/Symfony/Component/HttpKernel/HttpCache/Store.php @@ -214,7 +214,7 @@ class Store implements StoreInterface */ protected function generateContentDigest(Response $response) { - return 'en'.sha1($response->getContent()); + return 'en'.hash('sha256', $response->getContent()); } /** @@ -377,7 +377,7 @@ class Store implements StoreInterface return $this->keyCache[$request]; } - return $this->keyCache[$request] = 'md'.sha1($request->getUri()); + return $this->keyCache[$request] = 'md'.hash('sha256', $request->getUri()); } /** diff --git a/src/Symfony/Component/HttpKernel/Profiler/Profiler.php b/src/Symfony/Component/HttpKernel/Profiler/Profiler.php index 49f3137e15..d5bad876a0 100644 --- a/src/Symfony/Component/HttpKernel/Profiler/Profiler.php +++ b/src/Symfony/Component/HttpKernel/Profiler/Profiler.php @@ -204,7 +204,7 @@ class Profiler return; } - $profile = new Profile(substr(sha1(uniqid(mt_rand(), true)), 0, 6)); + $profile = new Profile(substr(hash('sha256', uniqid(mt_rand(), true)), 0, 6)); $profile->setTime(time()); $profile->setUrl($request->getUri()); $profile->setIp($request->getClientIp()); diff --git a/src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php b/src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php index 92434c6b6d..2251638c66 100644 --- a/src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/Fragment/HIncludeFragmentRendererTest.php @@ -31,7 +31,7 @@ class HIncludeFragmentRendererTest extends \PHPUnit_Framework_TestCase { $strategy = new HIncludeFragmentRenderer(null, new UriSigner('foo')); - $this->assertEquals('', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent()); + $this->assertEquals('', $strategy->render(new ControllerReference('main_controller', array(), array()), Request::create('/'))->getContent()); } public function testRenderWithUri() diff --git a/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php b/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php index 9a13780c23..a2b38bd807 100644 --- a/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/HttpCache/HttpCacheTest.php @@ -623,7 +623,7 @@ class HttpCacheTest extends HttpCacheTestCase $r = new \ReflectionObject($this->store); $m = $r->getMethod('save'); $m->setAccessible(true); - $m->invoke($this->store, 'md'.sha1('http://localhost/'), serialize($tmp)); + $m->invoke($this->store, 'md'.hash('sha256', 'http://localhost/'), serialize($tmp)); // build subsequent request; should be found but miss due to freshness $this->request('GET', '/'); diff --git a/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php b/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php index b0c38423d8..d8cf75ff7a 100644 --- a/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php +++ b/src/Symfony/Component/HttpKernel/Tests/HttpCache/StoreTest.php @@ -89,7 +89,7 @@ class StoreTest extends \PHPUnit_Framework_TestCase $entries = $this->getStoreMetadata($cacheKey); list ($req, $res) = $entries[0]; - $this->assertEquals('ena94a8fe5ccb19ba61c4c0873d391e987982fbbd3', $res['x-content-digest'][0]); + $this->assertEquals('en9f86d081884c7d659a2feaa0c55ad015a3bf4f1b2b0b822cd15d6c15b0f00a08', $res['x-content-digest'][0]); } public function testFindsAStoredEntryWithLookup() @@ -139,7 +139,7 @@ class StoreTest extends \PHPUnit_Framework_TestCase { $this->storeSimpleEntry(); $response = $this->store->lookup($this->request); - $this->assertEquals($this->getStorePath('en'.sha1('test')), $response->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test')), $response->getContent()); } public function testInvalidatesMetaAndEntityStoreEntriesWithInvalidate() @@ -182,9 +182,9 @@ class StoreTest extends \PHPUnit_Framework_TestCase $res3 = new Response('test 3', 200, array('Vary' => 'Foo Bar')); $this->store->write($req3, $res3); - $this->assertEquals($this->getStorePath('en'.sha1('test 3')), $this->store->lookup($req3)->getContent()); - $this->assertEquals($this->getStorePath('en'.sha1('test 2')), $this->store->lookup($req2)->getContent()); - $this->assertEquals($this->getStorePath('en'.sha1('test 1')), $this->store->lookup($req1)->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 3')), $this->store->lookup($req3)->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 2')), $this->store->lookup($req2)->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 1')), $this->store->lookup($req1)->getContent()); $this->assertCount(3, $this->getStoreMetadata($key)); } @@ -194,17 +194,17 @@ class StoreTest extends \PHPUnit_Framework_TestCase $req1 = Request::create('/test', 'get', array(), array(), array(), array('HTTP_FOO' => 'Foo', 'HTTP_BAR' => 'Bar')); $res1 = new Response('test 1', 200, array('Vary' => 'Foo Bar')); $key = $this->store->write($req1, $res1); - $this->assertEquals($this->getStorePath('en'.sha1('test 1')), $this->store->lookup($req1)->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 1')), $this->store->lookup($req1)->getContent()); $req2 = Request::create('/test', 'get', array(), array(), array(), array('HTTP_FOO' => 'Bling', 'HTTP_BAR' => 'Bam')); $res2 = new Response('test 2', 200, array('Vary' => 'Foo Bar')); $this->store->write($req2, $res2); - $this->assertEquals($this->getStorePath('en'.sha1('test 2')), $this->store->lookup($req2)->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 2')), $this->store->lookup($req2)->getContent()); $req3 = Request::create('/test', 'get', array(), array(), array(), array('HTTP_FOO' => 'Foo', 'HTTP_BAR' => 'Bar')); $res3 = new Response('test 3', 200, array('Vary' => 'Foo Bar')); $key = $this->store->write($req3, $res3); - $this->assertEquals($this->getStorePath('en'.sha1('test 3')), $this->store->lookup($req3)->getContent()); + $this->assertEquals($this->getStorePath('en'.hash('sha256', 'test 3')), $this->store->lookup($req3)->getContent()); $this->assertCount(2, $this->getStoreMetadata($key)); } diff --git a/src/Symfony/Component/HttpKernel/UriSigner.php b/src/Symfony/Component/HttpKernel/UriSigner.php index 665e99e2ef..7ede0c32f7 100644 --- a/src/Symfony/Component/HttpKernel/UriSigner.php +++ b/src/Symfony/Component/HttpKernel/UriSigner.php @@ -67,6 +67,6 @@ class UriSigner private function computeHash($uri) { - return urlencode(base64_encode(hash_hmac('sha1', $uri, $this->secret, true))); + return urlencode(base64_encode(hash_hmac('sha256', $uri, $this->secret, true))); } } diff --git a/src/Symfony/Component/Templating/Asset/UrlPackage.php b/src/Symfony/Component/Templating/Asset/UrlPackage.php index a21a6b4848..da5c0830fb 100644 --- a/src/Symfony/Component/Templating/Asset/UrlPackage.php +++ b/src/Symfony/Component/Templating/Asset/UrlPackage.php @@ -73,7 +73,7 @@ class UrlPackage extends Package return $this->baseUrls[0]; default: - return $this->baseUrls[fmod(hexdec(substr(md5($path), 0, 10)), $count)]; + return $this->baseUrls[fmod(hexdec(substr(hash('sha256', $path), 0, 10)), $count)]; } } } diff --git a/src/Symfony/Component/Templating/Loader/CacheLoader.php b/src/Symfony/Component/Templating/Loader/CacheLoader.php index 9fcb6bf767..3829bbbaad 100644 --- a/src/Symfony/Component/Templating/Loader/CacheLoader.php +++ b/src/Symfony/Component/Templating/Loader/CacheLoader.php @@ -50,7 +50,7 @@ class CacheLoader extends Loader */ public function load(TemplateReferenceInterface $template) { - $key = md5($template->getLogicalName()); + $key = hash('sha256', $template->getLogicalName()); $dir = $this->dir.DIRECTORY_SEPARATOR.substr($key, 0, 2); $file = substr($key, 2).'.tpl'; $path = $dir.DIRECTORY_SEPARATOR.$file; diff --git a/src/Symfony/Component/Templating/PhpEngine.php b/src/Symfony/Component/Templating/PhpEngine.php index 9cd4eee2a6..1da7f46ed9 100644 --- a/src/Symfony/Component/Templating/PhpEngine.php +++ b/src/Symfony/Component/Templating/PhpEngine.php @@ -86,7 +86,7 @@ class PhpEngine implements EngineInterface, \ArrayAccess public function render($name, array $parameters = array()) { $storage = $this->load($name); - $key = md5(serialize($storage)); + $key = hash('sha256', serialize($storage)); $this->current = $key; $this->parents[$key] = null;