Added tests for passwords with non alpha characters and braces (#1179)

This commit is contained in:
Jenny Tam 2020-08-13 12:22:07 -07:00 committed by GitHub
parent 6349d06fee
commit 721d8e7b04
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 155 additions and 0 deletions

View file

@ -0,0 +1,80 @@
--TEST--
Test passwords with non alphanumeric characters and braces
--DESCRIPTION--
The first two cases should fail with a message about login failures. Only the last case fails because the right curly brace was not escaped with another right brace.
--ENV--
PHPT_EXEC=true
--SKIPIF--
<?php require('skipif.inc'); ?>
--FILE--
<?php
require_once 'MsSetup.inc';
require_once 'MsCommon_mid-refactor.inc';
function generateRandomPassword($insertBraces = true, $escapeBraces = true)
{
$random = '! ;.4{X#r?o,*';
$brace = '}';
if (!$insertBraces) {
// simply return the string with non alphanumeric characters
return $random;
} else {
// randomly insert one or more braces into $random
$len = strlen($random);
$pos = rand(0, $len);
$result = substr($random, 0, $pos);
$result .= $brace;
if ($escapeBraces) {
$result .= $brace;
}
$result .= substr($random, $pos);
return $result;
}
}
try {
$randomPwd = generateRandomPassword(false);
trace($randomPwd . PHP_EOL);
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
echo "Incorrect password '$randomPwd' without right braces should have failed!" . PHP_EOL;
} catch (PDOException $e) {
$error = '*Login failed for user*';
if (!fnmatch($error, $e->getMessage())) {
echo "Expected $error but got:\n";
var_dump($e->getMessage());
}
}
try {
$randomPwd = generateRandomPassword();
trace($randomPwd . PHP_EOL);
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
echo "Incorrect password '$randomPwd' with right braces should have failed!" . PHP_EOL;
} catch (PDOException $e) {
$error = '*Login failed for user*';
if (!fnmatch($error, $e->getMessage())) {
echo "Expected $error but got:\n";
var_dump($e->getMessage());
}
}
try {
$randomPwd = generateRandomPassword(true, false);
trace($randomPwd . PHP_EOL);
$conn = new PDO("sqlsrv:Server=$server;", $uid, $randomPwd);
echo ("Shouldn't have connected without escaping braces!" . PHP_EOL);
} catch (PDOException $e) {
echo $e->getMessage() . PHP_EOL;
}
echo "Done" . PHP_EOL;
?>
--EXPECT--
SQLSTATE[IMSSP]: An unescaped right brace (}) was found in either the user name or password. All right braces must be escaped with another right brace (}}).
Done

View file

@ -0,0 +1,75 @@
--TEST--
Test passwords with non alphanumeric characters and braces
--DESCRIPTION--
The first two cases should fail with a message about login failures. Only the last case fails because the right curly brace was not escaped with another right brace.
--ENV--
PHPT_EXEC=true
--SKIPIF--
<?php require('skipif.inc'); ?>
--FILE--
<?php
sqlsrv_configure('WarningsReturnAsErrors', 0);
require_once 'MsCommon.inc';
function generateRandomPassword($insertBraces = true, $escapeBraces = true)
{
$random = '! {W#g&;.,*6';
$brace = '}';
if (!$insertBraces) {
// simply return the string with non alphanumeric characters
return $random;
} else {
// randomly insert one or more braces into $random
$len = strlen($random);
$pos = rand(0, $len);
$result = substr($random, 0, $pos);
$result .= $brace;
if ($escapeBraces) {
$result .= $brace;
}
$result .= substr($random, $pos);
return $result;
}
}
function checkErrorMessages($conn, $testCase, $randomPwd)
{
$error = '*Login failed for user*';
if (!$conn) {
if (!fnmatch($error, sqlsrv_errors()[0]['message'])) {
echo "Unexpected error for $testCase with '$randomPwd':" . PHP_EOL;
var_dump(sqlsrv_errors());
}
} else {
echo "$testCase: should have failed!" . PHP_EOL;
}
}
$randomPwd = generateRandomPassword(false);
trace($randomPwd . PHP_EOL);
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
checkErrorMessages($conn, 'Password without right braces', $randomPwd);
$randomPwd = generateRandomPassword();
trace($randomPwd . PHP_EOL);
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
checkErrorMessages($conn, 'Password with right braces', $randomPwd);
$randomPwd = generateRandomPassword(true, false);
trace($randomPwd . PHP_EOL);
$conn = sqlsrv_connect($server, array("UID" => $userName, "pwd" => $randomPwd));
if ($conn) {
echo ("Shouldn't have connected without escaping braces!" . PHP_EOL);
}
$errors = sqlsrv_errors();
echo $errors[0]["message"] . PHP_EOL;
echo "Done" . PHP_EOL;
?>
--EXPECT--
An unescaped right brace (}) was found in either the user name or password. All right braces must be escaped with another right brace (}}).
Done