v2: require Symfony 5 (#1)

v2: require Symfony 5

.github/CODEOWNERS

@@ -0,0 +1,2 @@
+# LTE: JZ + KE
+* @apfelbox @keichinger

.github/pull_request_template.md

@@ -0,0 +1,10 @@
+| Q             | A
+| ------------- | --------------------------------------------------------------------- |
+| Bug fix?      | yes/no                                                                |
+| New feature?  | yes/no <!-- don't forget to update CHANGELOG.md -->                   |
+| Improvement?  | yes/no <!-- improves an existing feature, not adding a new one -->    |
+| BC breaks?    | yes/no                                                                |
+| Deprecations? | yes/no <!-- don't forget to update UPGRADE.md and CHANGELOG.md -->    |
+| Docs PR       | **missing** <!-- insert URL here -->                                  |
+
+<!-- describe your changes below -->

.gitignore

@@ -1,2 +1,6 @@
+/.php_cs.cache
+/.phpunit.result.cache
 /composer.lock
 /vendor
+/vendor-bin/*/composer.lock
+/vendor-bin/*/vendor

.travis.yml

@@ -1,20 +1,26 @@
 language: php
+sudo: false
 
 git:
     depth: 1
 
 php:
-    - 7.1
+    - "7.3"
 
 before_install:
-    - composer require php-coveralls/php-coveralls
     - composer self-update --stable
+    - composer require php-coveralls/php-coveralls
+    - composer global require localheinz/composer-normalize bamarni/composer-bin-plugin --prefer-dist --no-interaction --no-progress
 
 install:
-    - composer install
+    - composer install --prefer-dist --no-interaction --no-progress
+    - composer bin all install --prefer-dist --no-interaction --no-progress
+    - mkdir -p build/logs
 
 script:
-    - mkdir -p build/logs
+    - composer normalize --indent-size 4 --indent-style space --dry-run
+    - ./vendor/bin/php-cs-fixer fix --diff --config vendor-bin/test/vendor/becklyn/php-cs/.php_cs.dist --dry-run --no-interaction
+    - ./vendor/bin/phpstan analyse -l 4 --memory-limit 4G --ansi -c vendor-bin/test/vendor/becklyn/php-cs/phpstan/lib.neon . --no-interaction --no-progress
     - ./vendor/bin/simple-phpunit -c phpunit.xml --coverage-clover build/logs/clover.xml
 
 after_script:

CHANGELOG.md

@@ -0,0 +1,10 @@
+2.0.0
+=====
+
+*   Require Symfony 5.
+
+
+1.0.0
+=====
+
+Initial Release `\o/`

UPGRADE.md

@@ -0,0 +1,4 @@
+1.x to 2.0
+==========
+
+*   The only significant change is the bump to Symfony 5.

composer.json

@@ -1,31 +1,36 @@
 {
-    "name":         "becklyn/security-bundle",
-    "description":  "Security related helpers for symfony apps.",
-    "type":         "symfony-bundle",
-    "homepage":     "https://github.com/Becklyn/SecurityBundle.git",
-    "license":      "BSD-3-Clause",
-    "authors": [{
-        "name":     "Becklyn Studios",
-        "homepage": "http://becklyn.com/"
-    }],
+    "name": "becklyn/security-bundle",
+    "type": "symfony-bundle",
+    "description": "Security related helpers for symfony apps.",
+    "homepage": "https://github.com/Becklyn/SecurityBundle.git",
+    "license": "BSD-3-Clause",
+    "authors": [
+        {
+            "name": "Becklyn Studios",
+            "homepage": "http://becklyn.com/"
+        }
+    ],
     "require": {
-        "php": "^7.1",
-        "symfony/config": "^3.3|^4.0",
-        "symfony/dependency-injection": "^3.3|^4.0",
-        "symfony/http-kernel": "^3.3|^4.0",
-        "symfony/monolog-bundle": "^3.1"
+        "php": "^7.3",
+        "symfony/config": "^5.0",
+        "symfony/dependency-injection": "^5.0",
+        "symfony/http-kernel": "^5.0"
     },
     "require-dev": {
-        "symfony/phpunit-bridge": "^3.3|^4.0",
-        "phpunit/phpunit": "^6.5"
+        "roave/security-advisories": "dev-master",
+        "symfony/phpunit-bridge": "^5.0"
+    },
+    "config": {
+        "sort-packages": true
     },
     "autoload": {
-        "psr-4": { "Becklyn\\SecurityBundle\\": "" }
+        "psr-4": {
+            "Becklyn\\SecurityBundle\\": "src/"
+        }
     },
     "autoload-dev": {
-        "psr-4": { "Tests\\Becklyn\\SecurityBundle\\": "Tests/" }
-    },
-    "config": {
-        "sort-packages": true
+        "psr-4": {
+            "Tests\\Becklyn\\SecurityBundle\\": "Tests/"
+        }
     }
 }

phpunit.xml

@@ -1,29 +1,32 @@
 <?xml version="1.0" encoding="UTF-8"?>
-
-<!-- http://phpunit.de/manual/5.0/en/appendixes.configuration.html -->
 <phpunit xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:noNamespaceSchemaLocation="http://schema.phpunit.de/5.0/phpunit.xsd"
-         backupGlobals="false"
+         xsi:noNamespaceSchemaLocation="https://schema.phpunit.de/8.4/phpunit.xsd"
          colors="true"
          bootstrap="vendor/autoload.php"
 >
     <php>
         <ini name="error_reporting" value="-1" />
+        <server name="APP_ENV" value="test" force="true" />
+        <server name="SHELL_VERBOSITY" value="-1" />
+        <server name="SYMFONY_PHPUNIT_REMOVE" value="" />
+        <server name="SYMFONY_PHPUNIT_VERSION" value="7.5" />
+        <env name="SYMFONY_DEPRECATIONS_HELPER" value="max[direct]=0"/>
     </php>
 
     <testsuites>
-        <testsuite name="BecklynSecurityBundle">
-            <directory>Tests</directory>
+        <testsuite name="Bundle tests">
+            <directory>tests</directory>
+            <exclude>tests/fixtures</exclude>
         </testsuite>
     </testsuites>
 
     <filter>
         <whitelist>
-            <directory suffix=".php">.</directory>
-            <exclude>
-                <directory>Tests/</directory>
-                <directory>vendor/</directory>
-            </exclude>
+            <directory>src/</directory>
         </whitelist>
     </filter>
+
+    <listeners>
+        <listener class="Symfony\Bridge\PhpUnit\SymfonyTestsListener" />
+    </listeners>
 </phpunit>

BecklynSecurityBundle.php → src/BecklynSecurityBundle.php

@@ -1,11 +1,10 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Becklyn\SecurityBundle;
 
 use Becklyn\SecurityBundle\DependencyInjection\BecklynSecurityExtension;
 use Symfony\Component\HttpKernel\Bundle\Bundle;
 
-
 class BecklynSecurityBundle extends Bundle
 {
     /**

DependencyInjection/BecklynSecurityExtension.php → src/DependencyInjection/BecklynSecurityExtension.php

@@ -1,4 +1,4 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Becklyn\SecurityBundle\DependencyInjection;
 
@@ -7,13 +7,12 @@
 use Symfony\Component\DependencyInjection\Loader\YamlFileLoader;
 use Symfony\Component\HttpKernel\DependencyInjection\Extension;
 
-
 class BecklynSecurityExtension extends Extension
 {
     /**
      * @inheritdoc
      */
-    public function load (array $configs, ContainerBuilder $container)
+    public function load (array $configs, ContainerBuilder $container) : void
     {
         // load services
         $loader = new YamlFileLoader(

Html/HtmlNonceInjector.php → src/Html/HtmlNonceInjector.php

@@ -1,11 +1,9 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Becklyn\SecurityBundle\Html;
 
-
 use Psr\Log\LoggerInterface;
 
-
 class HtmlNonceInjector
 {
     /**
@@ -15,7 +13,6 @@ class HtmlNonceInjector
 
 
     /**
-     * @param LoggerInterface $logger
      */
     public function __construct (LoggerInterface $logger)
     {
@@ -25,9 +22,6 @@ public function __construct (LoggerInterface $logger)
 
     /**
      * Injects a nonce in the HTML, if it is a full HTML response (i.e. if there is a closing body tag).
-     *
-     * @param string $html
-     * @return string
      */
     public function injectNonce (string $html) : string
     {
@@ -40,11 +34,11 @@ public function injectNonce (string $html) : string
                 return $html;
             }
 
-            $randomData = random_bytes(25);
-            $nonce = substr(base64_encode($randomData), 0, random_int(1, 32));
+            $randomData = \random_bytes(25);
+            $nonce = \substr(\base64_encode($randomData), 0, \random_int(1, 32));
             $nonceSnippet = "<!-- {$nonce} -->";
 
-            return substr($html, 0, $pos) . $nonceSnippet . substr($html, $pos);
+            return \substr($html, 0, $pos) . $nonceSnippet . \substr($html, $pos);
         }
         catch (\Exception $e)
         {

Mitigation/Breach/BreachResponseListener.php → src/Mitigation/Breach/BreachResponseListener.php

@@ -1,4 +1,4 @@
-<?php
+<?php declare(strict_types=1);
 
 namespace Becklyn\SecurityBundle\Mitigation\Breach;
 
@@ -8,10 +8,9 @@
 use Symfony\Component\HttpFoundation\JsonResponse;
 use Symfony\Component\HttpFoundation\RedirectResponse;
 use Symfony\Component\HttpFoundation\StreamedResponse;
-use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
 use Symfony\Component\HttpKernel\KernelEvents;
 
-
 /**
  * Tries to mitigate the BREACH SSL + deflate attack.
  *
@@ -29,7 +28,6 @@ class BreachResponseListener implements EventSubscriberInterface
 
 
     /**
-     * @param HtmlNonceInjector $nonceInjector
      */
     public function __construct (HtmlNonceInjector $nonceInjector)
     {
@@ -38,9 +36,8 @@ public function __construct (HtmlNonceInjector $nonceInjector)
 
 
     /**
-     * @param FilterResponseEvent $event
      */
-    public function onResponse (FilterResponseEvent $event) : void
+    public function onResponse (ResponseEvent $event) : void
     {
         if (!$event->isMasterRequest() || !$event->getRequest()->isSecure())
         {

Tests/Mitigation/Breach/BreachResponseListenerTest.php → tests/Mitigation/BreachResponseListenerTest.php

@@ -4,11 +4,13 @@
 
 use Becklyn\SecurityBundle\Html\HtmlNonceInjector;
 use Becklyn\SecurityBundle\Mitigation\Breach\BreachResponseListener;
+use PHPUnit\Framework\MockObject\MockObject;
 use PHPUnit\Framework\TestCase;
 use Symfony\Component\HttpFoundation\Request;
 use Symfony\Component\HttpFoundation\Response;
-use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
-
+use Symfony\Component\HttpKernel\Event\ResponseEvent;
+use Symfony\Component\HttpKernel\HttpKernelInterface;
+use Symfony\Component\HttpKernel\KernelInterface;
 
 class BreachResponseListenerTest extends TestCase
 {
@@ -22,13 +24,15 @@ class BreachResponseListenerTest extends TestCase
      */
     private function buildServices (HtmlNonceInjector $nonceInjector, bool $isMasterRequest, bool $isSecure) : array
     {
-        $event = $this->getMockBuilder(FilterResponseEvent::class)
-            ->disableOriginalConstructor()
-            ->getMock();
+        $response = $this->createMock(Response::class);
+        $request = $this->createMock(Request::class);
 
-        $request = $this->getMockBuilder(Request::class)
-            ->disableOriginalConstructor()
-            ->getMock();
+        $event = new ResponseEvent(
+            $this->createMock(KernelInterface::class),
+            $request,
+            $isMasterRequest ? HttpKernelInterface::MASTER_REQUEST : HttpKernelInterface::SUB_REQUEST,
+            $response
+        );
 
         if ($isMasterRequest)
         {
@@ -38,23 +42,6 @@ private function buildServices (HtmlNonceInjector $nonceInjector, bool $isMaster
                 ->willReturn($isSecure);
         }
 
-        $response = $this->getMockBuilder(Response::class)
-            ->disableOriginalConstructor()
-            ->getMock();
-
-        $event
-            ->expects(self::once())
-            ->method("isMasterRequest")
-            ->willReturn($isMasterRequest);
-
-        $event
-            ->method("getRequest")
-            ->willReturn($request);
-
-        $event
-            ->method("getResponse")
-            ->willReturn($response);
-
         return [
             new BreachResponseListener($nonceInjector),
             $event,
@@ -115,15 +102,14 @@ public function testEventRegistration ()
 
         /**
          * @type BreachResponseListener $listener
-         * @type \PHPUnit_Framework_MockObject_MockObject $event
-         * @type \PHPUnit_Framework_MockObject_MockObject $response
+         * @type ResponseEvent $event
+         * @type MockObject $response
          */
         [$listener, $event, $response] = $this->buildServices($nonceInjector, true, true);
 
         $rawHtml = '<html>content</html>';
         $injectedHtml = '<html>content<!-- injected --></html>';
 
-
         $nonceInjector
             ->expects(self::once())
             ->method("injectNonce")

vendor-bin/test/composer.json

@@ -0,0 +1,5 @@
+{
+    "require": {
+        "becklyn/php-cs": "^3.0.3"
+    }
+}