.ASC signature testing.

Author: Joshua Moon

src/Detectives/PlaintextDetective.php

@@ -0,0 +1,75 @@
+<?php
+
+namespace InfinityNext\Sleuth\Detectives;
+
+use InfinityNext\Sleuth\Contracts\DetectiveContract;
+use InfinityNext\Sleuth\Traits\DetectiveTrait;
+
+/**
+ * Handles files which are plain text but which may conform to container standards.
+ */
+class PlaintextDetective implements DetectiveContract
+{
+    use DetectiveTrait;
+
+    protected $pgpType = null;
+
+    const PGP_INVALID = 0;
+    const PGP_PUBKEY = 1;
+    const PGP_SIGNATURE = 2;
+    const PGP_CLEARSIGN = 3;
+
+    /**
+     * Checks if thise file is an 'Armored ASCII' PGP file.
+     *
+     * @return boolean|null
+     */
+    protected function leadASC()
+    {
+        $contents = trim($this->getFileContents());
+
+        if (mb_ereg_match("^-+BEGIN PGP PUBLIC KEY BLOCK-+.*-+END PGP PUBLIC KEY BLOCK-+$", $contents)) {
+            $this->pgpType = static::PGP_PUBKEY;
+            return $this->closeCase("asc", "text/plain");
+        }
+        elseif (mb_ereg_match("^-+BEGIN PGP SIGNED MESSAGE-+.*-+BEGIN PGP SIGNATURE-+.*-+END PGP SIGNATURE-+$", $contents)) {
+            $this->pgpType = static::PGP_CLEARSIGN;
+            return $this->closeCase("asc", "text/plain");
+        }
+        elseif (mb_ereg_match("^-+BEGIN PGP SIGNATURE-+.*-+END PGP SIGNATURE-+$", $contents)) {
+            $this->pgpType = static::PGP_SIGNATURE;
+            return $this->closeCase("asc", "text/plain");
+        }
+
+        return null;
+    }
+
+    public function isPgp()
+    {
+        return !is_null($this->pgpType);
+    }
+
+    public function getPgpType()
+    {
+        return $this->pgpType;
+    }
+
+    /**
+     * Can this file type potentially cause damage or intrude on a user's privacy?
+     * This means executable programs, or file formats that can contact remote servers in any way (even SVGs).
+     *
+     * @return boolean
+     * @throws \InfinityNext\Sleuth\Exceptions\CaseNotSolved
+     */
+    public function isRisky()
+    {
+        parent::isRisky();
+
+        return false;
+    }
+
+    public static function on()
+    {
+        return function_exists("mb_ereg_match");
+    }
+}

src/Detectives/ffmpegDetective.php

@@ -1,4 +1,6 @@
-<?php namespace InfinityNext\Sleuth\Detectives;
+<?php
+
+namespace InfinityNext\Sleuth\Detectives;
 
 use InfinityNext\Sleuth\Contracts\DetectiveContract;
 use InfinityNext\Sleuth\Traits\DetectiveTrait;

src/Detectives/svgDetective.php

@@ -6,53 +6,53 @@
 
 class svgDetective implements DetectiveContract
 {
-	use DetectiveTrait;
-
-	/**
-	 * Checks if thise file is a valid SVG.
-	 *
-	 * @return boolean|null
-	 */
-	protected function leadSVG()
-	{
-		// Create a new sanitizer instance
-		$sanitizer = new Sanitizer();
-
-		// Load the dirty svg
-		$dirtySVG = file_get_contents($this->file);
-
-		// Pass it to the sanitizer and get it back clean
-		$cleanSVG = $sanitizer->sanitize($dirtySVG);
-
-		if (is_string($cleanSVG))
-		{
-			return $this->closeCase("svg", "image/svg+xml");
-		}
-
-		return false;
-	}
-
-	/**
-	 * Can this file type potentially cause damage or intrude on a user's privacy?
-	 * This means executable programs, or file formats that can contact remote servers in any way (even SVGs).
-	 *
-	 * @return boolean
-	 * @throws \InfinityNext\Sleuth\Exceptions\CaseNotSolved
-	 */
-	public function isRisky()
-	{
-		parent::isRisky();
-
-		return true;
-	}
-
-	/**
-	 * Can the system run this Detective?
-	 *
-	 * @return boolean  True if we can run, False if not.
-	 */
-	public static function on()
-	{
-		return @class_exists(Sanitizer::class);
-	}
+    use DetectiveTrait;
+
+    /**
+     * Checks if thise file is a valid SVG.
+     *
+     * @return boolean|null
+     */
+    protected function leadSVG()
+    {
+        // Create a new sanitizer instance
+        $sanitizer = new Sanitizer();
+
+        // Load the dirty svg
+        $dirtySVG = file_get_contents($this->file);
+
+        // Pass it to the sanitizer and get it back clean
+        $cleanSVG = $sanitizer->sanitize($dirtySVG);
+
+        if (is_string($cleanSVG))
+        {
+            return $this->closeCase("svg", "image/svg+xml");
+        }
+
+        return false;
+    }
+
+    /**
+     * Can this file type potentially cause damage or intrude on a user's privacy?
+     * This means executable programs, or file formats that can contact remote servers in any way (even SVGs).
+     *
+     * @return boolean
+     * @throws \InfinityNext\Sleuth\Exceptions\CaseNotSolved
+     */
+    public function isRisky()
+    {
+        parent::isRisky();
+
+        return true;
+    }
+
+    /**
+     * Can the system run this Detective?
+     *
+     * @return boolean  True if we can run, False if not.
+     */
+    public static function on()
+    {
+        return @class_exists(Sanitizer::class);
+    }
 }

tests/DocTXTTest.php

@@ -0,0 +1,45 @@
+<?php
+
+use InfinityNext\Sleuth\Detectives\PlaintextDetective;
+use PHPUnit\Framework\TestCase;
+
+class PgpASCTest extends TestCase
+{
+    public function testClearsign()
+    {
+        $detective = new PlaintextDetective;
+        $detective->check(__DIR__ . "/files/clearsign.asc");
+        $this->assertEquals('asc', $detective->getExtension());
+        $this->assertTrue($detective->isPgp());
+        $this->assertEquals(PlaintextDetective::PGP_CLEARSIGN, $detective->getPgpType());
+    }
+
+    public function testPubkey()
+    {
+        $detective = new PlaintextDetective;
+        $detective->check(__DIR__ . "/files/pubkey.asc");
+        $this->assertEquals('asc', $detective->getExtension());
+        $this->assertTrue($detective->isPgp());
+        $this->assertEquals(PlaintextDetective::PGP_PUBKEY, $detective->getPgpType());
+    }
+
+    public function testSignature()
+    {
+        $detective = new PlaintextDetective;
+        $detective->check(__DIR__ . "/files/detached.asc");
+        $this->assertEquals('asc', $detective->getExtension());
+        $this->assertTrue($detective->isPgp());
+        $this->assertEquals(PlaintextDetective::PGP_SIGNATURE, $detective->getPgpType());
+    }
+
+    public function testNoMismatch()
+    {
+        $detective = new PlaintextDetective;
+        $detective->check(__DIR__ . "/files/clearsign.asc"); // use clearsign because it contains nested identifiers
+        $this->assertEquals('asc', $detective->getExtension());
+        $this->assertTrue($detective->isPgp());
+        $this->assertNotEquals(PlaintextDetective::PGP_INVALID, $detective->getPgpType());
+        $this->assertNotEquals(PlaintextDetective::PGP_PUBKEY, $detective->getPgpType());
+        $this->assertNotEquals(PlaintextDetective::PGP_SIGNATURE, $detective->getPgpType());
+    }
+}

tests/PgpASCTest.php

@@ -0,0 +1,20 @@
+<?php
+
+use InfinityNext\Sleuth\Detectives\PlaintextDetective;
+use InfinityNext\Sleuth\Exceptions\CaseNotSolved;
+use PHPUnit\Framework\TestCase;
+
+class PlainTXTtest extends TestCase
+{
+    ## TODO: Add actual .txt verification.
+    public function testNotPgp()
+    {
+        $this->expectException(CaseNotSolved::class);
+        $detective = new PlaintextDetective;
+        $detective->check(__DIR__ . "/files/normal.txt"); // use clearsign because it contains nested identifiers
+        $this->assertNotEquals('asc', $detective->getExtension());
+        //$this->asserFalse($detective->isPgp());
+        //$this->assertNotEquals(PlaintextDetective::PGP_INVALID, $detective->getPgpType());
+    }
+
+}

tests/PlainTXTTest.php

@@ -0,0 +1,15 @@
+-----BEGIN PGP SIGNED MESSAGE-----
+Hash: SHA256
+
+This is a signed message for the Infinity Next File Sleuth unit tests. I hope you are having a fantastic day.
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEFGcLKutf59Mtq7dqbfaGNREILy0FAl6n91UACgkQbfaGNREI
+Ly0dxggA6X2TW2UvWAvV/KWGXaFxnL7hy6czsZSEAfHQIncQtKHN4IXu5rV1QeYM
+mfvSHTNoQ2KqEaNtYHHVGsA4rYBNWug67rWl016ahyazWUB+NR0XL75mc8EF8cGN
+pKsYEKpjIlQVqDXpmgXr45yZfaH9l2ejm8Xr60AmMEcrqjImBNUyaaY/dSbuWpz0
+pYE8eHbW4zTnxeY/nU1vtVrYSCIIwQ1Y/epoutLuOlDIy7CF4UEi3qbD0cjxC4Wk
+vQ2ognjYcoblrP9ofQgUFcRmG0cNqGnbxDzaDqcGh1a3PAXPTDxnIkN7w2r3PhdB
+l22GxC0EhqFpyxDpEfs0xJGTSffe8Q==
+=x3dL
+-----END PGP SIGNATURE-----

tests/files/clearsign.asc

@@ -0,0 +1,11 @@
+-----BEGIN PGP SIGNATURE-----
+
+iQEzBAEBCAAdFiEEFGcLKutf59Mtq7dqbfaGNREILy0FAl6n91UACgkQbfaGNREI
+Ly0dxggA6X2TW2UvWAvV/KWGXaFxnL7hy6czsZSEAfHQIncQtKHN4IXu5rV1QeYM
+mfvSHTNoQ2KqEaNtYHHVGsA4rYBNWug67rWl016ahyazWUB+NR0XL75mc8EF8cGN
+pKsYEKpjIlQVqDXpmgXr45yZfaH9l2ejm8Xr60AmMEcrqjImBNUyaaY/dSbuWpz0
+pYE8eHbW4zTnxeY/nU1vtVrYSCIIwQ1Y/epoutLuOlDIy7CF4UEi3qbD0cjxC4Wk
+vQ2ognjYcoblrP9ofQgUFcRmG0cNqGnbxDzaDqcGh1a3PAXPTDxnIkN7w2r3PhdB
+l22GxC0EhqFpyxDpEfs0xJGTSffe8Q==
+=x3dL
+-----END PGP SIGNATURE-----

tests/files/detached.asc

@@ -0,0 +1,13 @@
+-----BEGIN PGP PUBLIC KEY BLOCK-----
+
+mDMEXqccThYJKwYBBAHaRw8BAQdAoBPB5EOC2Oh8rJputN437oUaFkDDIjP74BPA
+LyTnqWW0HEpvc2h1YSBNb29uIDxqb3NoQDljaGFuLm9yZz6IlgQTFggAPhYhBDbj
+e/lshXTxEPG2D5/lmW6jDNVNBQJepxxOAhsDBQkB14nSBQsJCAcCBhUKCQgLAgQW
+AgMBAh4BAheAAAoJEJ/lmW6jDNVNCBgA/REhOFOGDQHXTHjTxq82C+to/MlDSmYw
+TApi0+L01OwDAQDCVfamRi25db5k/qlVlXYNjLrk2VitVXJNf51TUbjjAbg4BF6n
+HE4SCisGAQQBl1UBBQEBB0BGxGI0dUKOhPouTW3BFk1Whg3SnXiNy7j3oH1TUUPm
+cQMBCAeIfgQYFggAJhYhBDbje/lshXTxEPG2D5/lmW6jDNVNBQJepxxOAhsMBQkB
+14nSAAoJEJ/lmW6jDNVN3+YBAM4qvladpkomsVSCHPRB84CU9JpFm2MMqiJbqXgN
+LBf7AQCqoi+MIIdCbiNAnRn5aMRAhkZLL/1aHso9ztDZZnhdDQ==
+=OlWf
+-----END PGP PUBLIC KEY BLOCK-----