Support PHP8.2 (#110)

TheNorthMemory · web-flow · commit c3a51160975c · 2022-12-06T06:34:24.000+08:00
* Officially support PHP8.2 * Drop `OPENSSL_SSLV23_PADDING` test cases, because it was removed via openssl3 see openssl/openssl#14216, openssl/openssl#14283, shivammathur/setup-php#658 * Add `SECURITY.md` guideline and mentioning that TSRC is the right place for the security issues
diff --git a/.gitattributes b/.gitattributes
@@ -4,6 +4,8 @@
 .gitignore             export-ignore
 /docs/                 export-ignore
 /phpstan.neon.dist     export-ignore
+/phpstan.v7.1.neon     export-ignore
+/phpstan.v8.2.neon     export-ignore
 /phpunit.xml.dist      export-ignore
 /tests/                export-ignore
 /Makefile              export-ignore
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
@@ -4,22 +4,24 @@ on: [push, pull_request]
 
 jobs:
   ci:
+    defaults:
+      run:
+        shell: bash
     name: CI
     strategy:
       fail-fast: false
       matrix:
-        php-version: ['7.1', '7.2', '7.3', '7.4', '8.0', '8.1']
+        php-version: ['7.1', '7.2', '7.3', '7.4', '8.0', '8.1', '8.2']
         os: [ubuntu-latest, macOS-latest, windows-latest]
     runs-on: ${{ matrix.os }}
     steps:
       - name: Set git config
-        shell: bash
         run: |
           git config --global core.autocrlf false
           git config --global core.symlinks true
         if: runner.os == 'Windows'
 
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Setup PHP${{ matrix.php-version }}@${{ matrix.os }}
         uses: shivammathur/setup-php@v2
@@ -33,12 +35,12 @@ jobs:
 
       - name: Get composer cache directory
         id: composer-cache
-        run: echo "::set-output name=dir::$(composer config cache-files-dir)"
+        run: echo "dir=$(composer config cache-files-dir)" >> $GITHUB_OUTPUT
 
       - name: Cache dependencies on PHP(=7.1)@${{ matrix.os }}
         if: matrix.php-version == '7.1'
         id: dependencies-cache-71
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ matrix.os }}-php${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
@@ -48,7 +50,7 @@ jobs:
       - name: Cache dependencies on PHP(=7.2)@${{ matrix.os }}
         if: matrix.php-version == '7.2'
         id: dependencies-cache-72
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ matrix.os }}-php${{ matrix.php-version }}-${{ hashFiles('**/composer.lock') }}
@@ -58,7 +60,7 @@ jobs:
       - name: Cache dependencies on PHP(>7.2)@${{ matrix.os }}
         if: matrix.php-version > 7.2
         id: dependencies-cache
-        uses: actions/cache@v2
+        uses: actions/cache@v3
         with:
           path: ${{ steps.composer-cache.outputs.dir }}
           key: ${{ matrix.os }}-php-${{ hashFiles('**/composer.lock') }}
@@ -68,7 +70,24 @@ jobs:
       - name: Install dependencies
         run: composer install --no-interaction --no-progress
 
-      - run: vendor/bin/phpstan analyse --no-progress
+      - name: Environments
+        run: |
+          openssl version
+          php --ri openssl
+          php --ri libxml
+          php --ri curl
+
+      - run: vendor/bin/phpstan analyse --no-progress --memory-limit=-1 -c phpstan.v7.1.neon
+        if: matrix.php-version == '7.1'
+        id: phpstan-php-7_1
+
+      - run: vendor/bin/phpstan analyse --no-progress --memory-limit=-1
+        if: 7.1 < matrix.php-version && matrix.php-version < 8.2
+        id: phpstan-php-7_2-8_1
+
+      - run: vendor/bin/phpstan analyse --no-progress --memory-limit=-1 -c phpstan.v8.2.neon
+        if: matrix.php-version == '8.2'
+        id: phpstan-php-8_2
 
       - run: |
           make keygen
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,11 @@
 # 变更历史
 
+## [1.4.7](../../compare/v1.4.6...v1.4.7) - 2022-12-05
+
+- 对PHP8.2的官方支持，如下PHP8.2的特性需要被提及：
+  - ext-openssl 有若干调整，已知在 `OpenSSL3.0` 上，常量 `RSA_SSLV23_PADDING` 被删除(详细可阅读 openssl/openssl#14216, openssl/openssl#14283)，PHP做了兼容处理，如果扩展依赖的是`OpenSSL3.0`，则对应的`OPENSSL_SSLV23_PADDING`常量将不存在，进而影响到了「非对称加解密混合填充模式的测试用例」的覆盖(详情可阅读 shivammathur/setup-php#658)。本类库并不支持此填充模式，删除对`OPENSSL_SSLV23_PADDING`的测试断言，向前兼容；
+  - 对象动态属性的废弃提示([Deprecate dynamic properties](https://wiki.php.net/rfc/deprecate_dynamic_properties))，本类库实例构造的是`ArrayIterator`的一个“伪”动态属性结构体，对象属性访问实则访问的是`ArrayObject`内置`__storage`属性，形似动态属性实则不是；此废弃提示对本类库本身无影响；
+
 ## [1.4.6](../../compare/v1.4.5...v1.4.6) - 2022-08-19
 
 - 取消 `APIv2` 上的`trigger_error`提醒，以消除不必要的恐慌;
diff --git a/README.md b/README.md
@@ -15,7 +15,7 @@
 
 ### 功能介绍
 
-1. 微信支付 APIv2 和 APIv3 的 Guzzle HTTP 客户端，支持 [同步](#同步请求) 或[异步](#异步请求) 发送请求，并自动进行请求签名和应答验签
+1. 微信支付 APIv2 和 APIv3 的 Guzzle HTTP 客户端，支持 [同步](#同步请求) 或 [异步](#异步请求) 发送请求，并自动进行请求签名和应答验签
 
 1. [链式实现的 URI Template](#链式-uri-template)
 
@@ -25,7 +25,7 @@
 
 ## 项目状态
 
-当前版本为 `1.4.6` 测试版本。
+当前版本为 `1.4.7` 测试版本。
 项目版本遵循 [语义化版本号](https://semver.org/lang/zh-CN/)。
 如果你使用的版本 `<=v1.3.2`，升级前请参考 [升级指南](UPGRADING.md)。
 
@@ -36,7 +36,7 @@
 + Guzzle 7.0，PHP >= 7.2.5
 + Guzzle 6.5，PHP >= 7.1.2
 
-项目已支持 PHP 8。我们推荐使用目前处于 [Active Support](https://www.php.net/supported-versions.php) 阶段的 PHP 8.0 和 Guzzle 7。
+我们推荐使用目前处于 [Active Support](https://www.php.net/supported-versions.php) 阶段的 PHP 8 和 Guzzle 7。
 
 ## 安装
 
diff --git a/SECURITY.md b/SECURITY.md
@@ -0,0 +1,30 @@
+# Security Policy
+
+## Supported Versions
+
+| Version | Supported          |
+| ------- | ------------------ |
+| 1.x     | :white_check_mark: |
+
+## Reporting a Vulnerability
+
+Please do not open GitHub issues or pull requests - this makes the problem immediately visible to everyone, including malicious actors.
+
+Security issues in this open source project can be safely reported to [TSRC](https://security.tencent.com).
+
+## 报告漏洞
+
+请不要使用 GitHub issues 或 pull request —— 这会让漏洞立即暴露给所有人，包括恶意人员。
+
+请将本开源项目的安全问题报告给 [腾讯安全应急响应中心](https://security.tencent.com).
+
+---
+
+另外，你可能需要关注影响本SDK运行时行为的主要的PHP扩展缺陷列表：
+
++ [OpenSSL](https://www.openssl.org/news/vulnerabilities.html)
++ [libxml2](https://gitlab.gnome.org/GNOME/libxml2/-/blob/master/NEWS)
++ [curl](https://curl.se/docs/security.html)
+
+当你准备在报告安全问题时，请先对照如上列表，确认是否存在已知运行时环境安全问题。
+当你尝试升级主要扩展至最新版本之后，如若问题依旧存在，请将本开源项目的安全问题报告给 [TSRC腾讯安全应急响应中心](https://security.tencent.com)，致谢。
diff --git a/composer.json b/composer.json
@@ -1,6 +1,6 @@
 {
     "name": "wechatpay/wechatpay",
-    "version": "1.4.6",
+    "version": "1.4.7",
     "description": "[A]Sync Chainable WeChatPay v2&v3's OpenAPI SDK for PHP",
     "type": "library",
     "keywords": [
diff --git a/phpstan.v7.1.neon b/phpstan.v7.1.neon
@@ -0,0 +1,39 @@
+includes:
+	- phpstan.neon.dist
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Cannot access offset 'v2/pay/micropay' on WeChatPay\\\\BuilderChainable\\.$#"
+			count: 1
+			path: tests/BuilderTest.php
+
+		-
+			message: "#^Cannot access offset 'v2/pay/refundquery' on WeChatPay\\\\BuilderChainable\\.$#"
+			count: 1
+			path: tests/BuilderTest.php
+
+		-
+			message: "#^Parameter \\#2 \\$array of static method PHPUnit\\\\Framework\\\\Assert\\:\\:assertArrayHasKey\\(\\) expects array\\|ArrayAccess, array\\<string, string\\>\\|false given\\.$#"
+			count: 1
+			path: tests/BuilderTest.php
+
+		-
+			message: "#^Parameter \\#2 \\$array of static method PHPUnit\\\\Framework\\\\Assert\\:\\:assertArrayHasKey\\(\\) expects array\\|ArrayAccess, array\\<string, string\\>\\|false given\\.$#"
+			count: 1
+			path: tests/ClientDecoratorTest.php
+
+		-
+			message: "#^Parameter \\#2 \\$array of static method PHPUnit\\\\Framework\\\\Assert\\:\\:assertArrayHasKey\\(\\) expects array\\|ArrayAccess, array\\<string, string\\>\\|false given\\.$#"
+			count: 1
+			path: tests/Crypto/AesEcbTest.php
+
+		-
+			message: "#^Parameter \\#1 \\$string of function strlen expects string, string\\|null given\\.$#"
+			count: 1
+			path: tests/Crypto/HashTest.php
+
+		-
+			message: "#^Parameter \\#2 \\$string of static method PHPUnit\\\\Framework\\\\Assert\\:\\:assertRegExp\\(\\) expects string, string\\|null given\\.$#"
+			count: 1
+			path: tests/Crypto/HashTest.php
+
diff --git a/phpstan.v8.2.neon b/phpstan.v8.2.neon
@@ -0,0 +1,8 @@
+includes:
+	- phpstan.neon.dist
+parameters:
+	ignoreErrors:
+		-
+			message: "#^Access to an undefined property.*WeChatPay\\\\BuilderChainable\\:\\:\\$v3\\.$#"
+			count: 1
+			path: tests/BuilderTest.php
diff --git a/src/ClientDecoratorInterface.php b/src/ClientDecoratorInterface.php
@@ -14,7 +14,7 @@ interface ClientDecoratorInterface
     /**
      * @var string - This library version
      */
-    public const VERSION = '1.4.6';
+    public const VERSION = '1.4.7';
 
     /**
      * @var string - The HTTP transfer `xml` based protocol
diff --git a/tests/BuilderTest.php b/tests/BuilderTest.php
@@ -78,9 +78,9 @@ public function testFactory(string $mchid, $privateKey, $publicKey, string $mchS
         self::assertIsArray($map);
         self::assertNotEmpty($map);
 
-        self::assertArrayHasKey(BuilderChainable::class, is_array($map) ? $map : []);
+        self::assertArrayHasKey(BuilderChainable::class, $map);
         if (method_exists($this, 'assertContainsEquals')) {
-            $this->assertContainsEquals(BuilderChainable::class, is_array($map) ? $map : []);
+            $this->assertContainsEquals(BuilderChainable::class, $map);
         }
 
         self::assertInstanceOf(ArrayAccess::class, $instance);
@@ -90,7 +90,7 @@ public function testFactory(string $mchid, $privateKey, $publicKey, string $mchS
 
         self::assertIsArray($traits);
         self::assertNotEmpty($traits);
-        self::assertContains(\WeChatPay\BuilderTrait::class, is_array($traits) ? $traits : []);
+        self::assertContains(\WeChatPay\BuilderTrait::class, $traits);
 
         self::assertInstanceOf(BuilderChainable::class, $instance->v3);
         /** @phpstan-ignore-next-line */
@@ -100,9 +100,7 @@ public function testFactory(string $mchid, $privateKey, $publicKey, string $mchS
         /** @phpstan-ignore-next-line */
         self::assertInstanceOf(BuilderChainable::class, $instance->v3->marketing->busifavor->users['{openid}/coupons/{coupon_code}']->appids['{appid}']);
 
-        /** @phpstan-ignore-next-line */
         self::assertInstanceOf(BuilderChainable::class, $instance['v2/pay/micropay']);
-        /** @phpstan-ignore-next-line */
         self::assertInstanceOf(BuilderChainable::class, $instance['v2/pay/refundquery']);
 
         self::assertInstanceOf(BuilderChainable::class, $instance->chain('what_ever_endpoints/with-anyDepths_segments/also/contains/{uri_template}/{blah}/blah/'));
diff --git a/tests/ClientDecoratorTest.php b/tests/ClientDecoratorTest.php
@@ -50,9 +50,9 @@ public function testImplementsClientDecoratorInterface(): void
 
         self::assertIsArray($map);
         self::assertNotEmpty($map);
-        self::assertArrayHasKey(ClientDecoratorInterface::class, is_array($map) ? $map : []);
+        self::assertArrayHasKey(ClientDecoratorInterface::class, $map);
         if (method_exists($this, 'assertContainsEquals')) {
-            $this->assertContainsEquals(ClientDecoratorInterface::class, is_array($map) ? $map : []);
+            $this->assertContainsEquals(ClientDecoratorInterface::class, $map);
         }
     }
 
@@ -62,8 +62,8 @@ public function testClassUsesTraits(): void
 
         self::assertIsArray($traits);
         self::assertNotEmpty($traits);
-        self::assertContains(\WeChatPay\ClientJsonTrait::class, is_array($traits) ? $traits : []);
-        self::assertContains(\WeChatPay\ClientXmlTrait::class, is_array($traits) ? $traits : []);
+        self::assertContains(\WeChatPay\ClientJsonTrait::class, $traits);
+        self::assertContains(\WeChatPay\ClientXmlTrait::class, $traits);
     }
 
     public function testClassConstants(): void
diff --git a/tests/Crypto/AesEcbTest.php b/tests/Crypto/AesEcbTest.php
@@ -22,9 +22,9 @@ public function testImplementsAesInterface(): void
 
         self::assertIsArray($map);
         self::assertNotEmpty($map);
-        self::assertArrayHasKey(AesInterface::class, is_array($map) ? $map : []);
+        self::assertArrayHasKey(AesInterface::class, $map);
         if (method_exists($this, 'assertContainsEquals')) {
-            $this->assertContainsEquals(AesInterface::class, is_array($map) ? $map : []);
+            $this->assertContainsEquals(AesInterface::class, $map);
         }
     }
 
diff --git a/tests/Crypto/HashTest.php b/tests/Crypto/HashTest.php
@@ -213,12 +213,12 @@ public function testSign(string $thing, string $key, string $type, string $excep
             self::assertIsString($digest);
             self::assertNotEmpty($digest);
             self::assertNotEquals($thing, $digest);
-            self::assertEquals(is_null($digest) ? 0 : strlen($digest), $length);
+            self::assertEquals(strlen($digest), $length);
             self::{$action}($digest, $excepted);
             if (method_exists($this, 'assertMatchesRegularExpression')) {
-                $this->assertMatchesRegularExpression('#[A-Z]+#', is_null($digest) ? '' : $digest);
+                $this->assertMatchesRegularExpression('#[A-Z]+#', $digest);
             } else {
-                self::assertRegExp('#[A-Z]+#', is_null($digest) ? '' : $digest);
+                self::assertRegExp('#[A-Z]+#', $digest);
             }
         }
     }
diff --git a/tests/Crypto/RsaTest.php b/tests/Crypto/RsaTest.php
@@ -5,7 +5,6 @@
 use const PHP_MAJOR_VERSION;
 use const OPENSSL_PKCS1_OAEP_PADDING;
 use const OPENSSL_PKCS1_PADDING;
-use const OPENSSL_SSLV23_PADDING;
 
 use function file_get_contents;
 use function method_exists;
@@ -286,24 +285,9 @@ public function crossPaddingPhrasesProvider(): array
             'encrypted as OPENSSL_PKCS1_OAEP_PADDING, and decrpted as OPENSSL_PKCS1_PADDING'  => [
                 random_bytes(32), [$publicKey, OPENSSL_PKCS1_OAEP_PADDING], [$privateKey, OPENSSL_PKCS1_PADDING], UnexpectedValueException::class
             ],
-            'encrypted as OPENSSL_PKCS1_OAEP_PADDING, and decrpted as OPENSSL_SSLV23_PADDING' => [
-                random_bytes(32), [$publicKey, OPENSSL_PKCS1_OAEP_PADDING], [$privateKey, OPENSSL_SSLV23_PADDING], UnexpectedValueException::class
-            ],
             'encrypted as OPENSSL_PKCS1_PADDING, and decrpted as OPENSSL_PKCS1_OAEP_PADDING'  => [
                 random_bytes(32), [$publicKey, OPENSSL_PKCS1_PADDING], [$privateKey, OPENSSL_PKCS1_OAEP_PADDING], UnexpectedValueException::class
             ],
-            'encrypted as OPENSSL_PKCS1_PADDING, and decrpted as OPENSSL_SSLV23_PADDING'      => [
-                random_bytes(32), [$publicKey, OPENSSL_PKCS1_PADDING], [$privateKey, OPENSSL_SSLV23_PADDING], UnexpectedValueException::class
-            ],
-            'encrypted as OPENSSL_SSLV23_PADDING, and decrpted as OPENSSL_PKCS1_PADDING'      => [
-                random_bytes(32), [$publicKey, OPENSSL_SSLV23_PADDING], [$privateKey, OPENSSL_PKCS1_PADDING], UnexpectedValueException::class
-            ],
-            'encrypted as OPENSSL_SSLV23_PADDING, and decrpted as OPENSSL_PKCS1_OAEP_PADDING' => [
-                random_bytes(32), [$publicKey, OPENSSL_SSLV23_PADDING], [$privateKey, OPENSSL_PKCS1_OAEP_PADDING], UnexpectedValueException::class
-            ],
-            'encrypted as OPENSSL_SSLV23_PADDING, and decrpted as OPENSSL_SSLV23_PADDING'  => [
-                random_bytes(32), [$publicKey, OPENSSL_SSLV23_PADDING], [$privateKey, OPENSSL_SSLV23_PADDING], UnexpectedValueException::class
-            ],
             'encrypted as OPENSSL_PKCS1_OAEP_PADDING, and decrpted as OPENSSL_PKCS1_OAEP_PADDING'  => [
                 random_bytes(32), [$publicKey, OPENSSL_PKCS1_OAEP_PADDING], [$privateKey, OPENSSL_PKCS1_OAEP_PADDING], null
             ],

Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "wechatpay/wechatpay",`
`3`		`- "version": "1.4.6",`
	`3`	`+ "version": "1.4.7",`
`4`	`4`	`"description": "[A]Sync Chainable WeChatPay v2&v3's OpenAPI SDK for PHP",`
`5`	`5`	`"type": "library",`
`6`	`6`	`"keywords": [`