Today I learned how to Exclude .svn directories from grep:
grep -R --exclude-dir=".svn" search .
Today I learned how to Exclude .svn directories from grep:
grep -R --exclude-dir=".svn" search .
To get the source for OWASP ESAPI PHP:
svn checkout http://owasp-esapi-php.googlecode.com/svn/trunk/ owasp-esapi-php-read-only
Make sure phpunit is installed with PEAR. To run the unit tests:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test Security configuration file does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
To get a better error message:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R 'Security conf' . ./src/reference/DefaultSecurityConfiguration.php: throw new Exception("Security configuration file does not exist.");
Edit ‘src/refererence/DefaultSecurityConfiguration.php’ and replace “Security configuration file does not exist.” with “Security configuration file ‘$path’ does not exist.”
Try again:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test Security configuration file '/home/jj5/Desktop/owasp-esapi-php-read-only/test/filters/../../testresources/ESAPI.xml' does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
So the problem is a misconfigured path to the ESAPI.xml file,
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R \\.\\.\\/testres . ./test/filters/SafeRequestTest.php: $ESAPI = new ESAPI(dirname(__FILE__) . '/../../testresources/ESAPI.xml'); ...
Edit the SafeRequestTest.php file:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# vim test/filters/SafeRequestTest.php
On line 58 change “/../../testresources” to “/../testresources”.
Now our tests will run:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test
To install PHPUnit on Debian with PEAR:
sudo pear channel-discover pear.phpunit.de sudo pear install --alldeps phpunit/PHPUnit
To see which path the command-line utility ‘phpunit’ was installed:
sudo pear config-get bin_dir which phpunit
Today I read Salted Password Hashing – Doing it Right which was a good run-down on how to do password hashing. The article linked to phpass: Portable PHP password hashing framework which is a library for hashing passwords.
I was trying to run ‘pear’ but I accidentally typed ‘pair’ and got command not found even though I knew ‘php-pear’ was installed. Traps for young players! I bet I’m not the last person to make that mistake…