To get the source for OWASP ESAPI PHP:
svn checkout http://owasp-esapi-php.googlecode.com/svn/trunk/ owasp-esapi-php-read-only
Make sure phpunit is installed with PEAR. To run the unit tests:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test
Security configuration file does not exist.PHP Fatal error: Call to a member function xpath()
on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
To get a better error message:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R 'Security conf' .
./src/reference/DefaultSecurityConfiguration.php: throw new Exception("Security configuration file does not exist.");
Edit ‘src/refererence/DefaultSecurityConfiguration.php’ and replace “Security configuration file does not exist.” with “Security configuration file ‘$path’ does not exist.”
Try again:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test
Security configuration file '/home/jj5/Desktop/owasp-esapi-php-read-only/test/filters/../../testresources/ESAPI.xml' does not exist.PHP Fatal error: Call to a member function xpath() on a non-object in /home/jj5/Desktop/owasp-esapi-php-read-only/src/reference/DefaultSecurityConfiguration.php on line 226
So the problem is a misconfigured path to the ESAPI.xml file,
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# grep -R \\.\\.\\/testres .
./test/filters/SafeRequestTest.php: $ESAPI = new ESAPI(dirname(__FILE__) . '/../../testresources/ESAPI.xml');
...
Edit the SafeRequestTest.php file:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# vim test/filters/SafeRequestTest.php
On line 58 change “/../../testresources” to “/../testresources”.
Now our tests will run:
root@mercy:/home/jj5/Desktop/owasp-esapi-php-read-only# phpunit test