[OWASP-ESAPI] New PHP checkin. If you're a contributor, please check it out
Andrew van der Stock
vanderaj at owasp.org
Fri Mar 13 03:11:15 EDT 2009
For those of you working on the PHP port, there's a new check in. If
you haven't been allocated a class yet, please checkout the current
source, and state what you'd like to work on:
* ESAPI main class - AJV (done)
* Test framework ported to SimpleTest - AJV (mostly done)
* Exceptions - AJV (mostly done)
* Logger / Intrusion detector essentials - AJV (partially done)
* ESAPI configuration essentials - AJV (my next sprint)
* AccessController essentials - AJV
Where essentials are ... just enough to make it go and no more.
Milestone one doesn't need a lot of the stuff that Milestones two and
Unclaimed (I think) Backlog:
* AccessReferenceMap (easy)
* IntegerAccessReferenceMap (easy)
* RandomAccessReferenceMap (easy)
* Encoder and all codecs (moderate)
* HTTPUtilities (moderate)
* StringUtilities (easy)
* Validator (hard) - must do *after* Encoder
The primary method to work is to set up your PHP IDE (I use Ganymede
with PHP Eclipse and Subclipse, PHP 5.2.9, and MySQL 5.1 GA). Grab the
source to both this project and the J2EE from Google Code SVN.
Pick your class and tell me about it. That's your sprint backlog for
the next month.
Start with the tests. Port the tests from the J2EE source tree to PHP.
Then start coding so that your code passes the tests. I would only use
the J2EE source as a guide as to how it's done. There's so many
differences between J2EE and PHP that a line for line port will only
work for a minority of code. For example, we don't need a push back
string as PHP's string handling is very strong.
Once you're done with your class and you have passed all the tests,
come and ask me for more work for the next sprint.
Tip: Search the PHP quick reference to see if there's functions ready
to go. For example, PHP has a session token regeneration function, so
HTTPUtilities :: ChangeSessionIdentifier becomes a one line wrapper
around session_regenerate_id(). There are gems like this throughout
PHP. Please search for them before cutting code.
Tip 2: We are targeting 5.2.x. Use SPL for basic data structures such
as queues and heaps, iterators and other design patterns. They are
fast and work well.
Don't hesitate to throw SPL exceptions, too, just document your use of
-------------- next part --------------
An HTML attachment was scrubbed...
More information about the OWASP-ESAPI