Path: blob/master/src/applications/auth/constants/PhabricatorCommonPasswords.php
12256 views
<?php12/**3* Check if a password is extremely common. Preventing use of the most common4* passwords is an attempt to mitigate slow botnet attacks against an entire5* userbase. See T4143 for discussion.6*7* @task common Checking Common Passwords8*/9final class PhabricatorCommonPasswords extends Phobject {101112/* -( Checking Common Passwords )------------------------------------------ */131415/**16* Check if a password is extremely common.17*18* @param string Password to test.19* @return bool True if the password is pathologically weak.20*21* @task common22*/23public static function isCommonPassword($password) {24static $list;25if ($list === null) {26$list = self::loadWordlist();27}2829return isset($list[strtolower($password)]);30}313233/**34* Load the common password wordlist.35*36* @return map<string, bool> Map of common passwords.37*38* @task common39*/40private static function loadWordlist() {41$root = dirname(phutil_get_library_root('phabricator'));42$file = $root.'/externals/wordlist/password.lst';43$data = Filesystem::readFile($file);4445$words = phutil_split_lines($data, $retain_endings = false);4647$map = array();48foreach ($words as $key => $word) {49// The wordlist file has some comments at the top, strip those out.50if (preg_match('/^#!comment:/', $word)) {51continue;52}53$map[strtolower($word)] = true;54}5556// Add in some application-specific passwords.57$map += array(58'phabricator' => true,59'phab' => true,60'devtools' => true,61'differential' => true,62'codereview' => true,63'review' => true,64);6566return $map;67}6869}707172