feat: add SecurityException static consructors

Author: kenjis

system/Filters/InvalidChars.php

@@ -13,7 +13,7 @@
 
 use CodeIgniter\HTTP\RequestInterface;
 use CodeIgniter\HTTP\ResponseInterface;
-use RuntimeException;
+use CodeIgniter\Security\Exceptions\SecurityException;
 
 /**
  * InvalidChars filter.
@@ -89,9 +89,7 @@ protected function checkEncoding($value)
             return $value;
         }
 
-        throw new RuntimeException(
-            'Invalid UTF-8 characters in ' . $this->source . ': ' . $value
-        );
+        throw SecurityException::forInvalidUTF8Chars($this->source, $value);
     }
 
     /**
@@ -113,8 +111,6 @@ protected function checkControl($value)
             return $value;
         }
 
-        throw new RuntimeException(
-            'Invalid Control characters in ' . $this->source . ': ' . $value
-        );
+        throw SecurityException::forInvalidControlChars($this->source, $value);
     }
 }

system/Security/Exceptions/SecurityException.php

@@ -20,6 +20,22 @@ public static function forDisallowedAction()
         return new static(lang('Security.disallowedAction'), 403);
     }
 
+    public static function forInvalidUTF8Chars(string $source, string $string)
+    {
+        return new static(
+            'Invalid UTF-8 characters in ' . $source . ': ' . $string,
+            400
+        );
+    }
+
+    public static function forInvalidControlChars(string $source, string $string)
+    {
+        return new static(
+            'Invalid Control characters in ' . $source . ': ' . $string,
+            400
+        );
+    }
+
     /**
      * @deprecated Use `CookieException::forInvalidSameSite()` instead.
      *

tests/system/Filters/InvalidCharsTest.php

@@ -15,9 +15,9 @@
 use CodeIgniter\HTTP\IncomingRequest;
 use CodeIgniter\HTTP\URI;
 use CodeIgniter\HTTP\UserAgent;
+use CodeIgniter\Security\Exceptions\SecurityException;
 use CodeIgniter\Test\CIUnitTestCase;
 use CodeIgniter\Test\Mock\MockAppConfig;
-use RuntimeException;
 
 /**
  * @internal
@@ -92,7 +92,7 @@ public function testBeforeValidString()
 
     public function testBeforeInvalidUTF8StringCausesException()
     {
-        $this->expectException(RuntimeException::class);
+        $this->expectException(SecurityException::class);
         $this->expectExceptionMessage('Invalid UTF-8 characters in post:');
 
         $sjisString   = mb_convert_encoding('SJISの文字列です。', 'SJIS');
@@ -106,7 +106,7 @@ public function testBeforeInvalidUTF8StringCausesException()
 
     public function testBeforeInvalidControllCharCausesException()
     {
-        $this->expectException(RuntimeException::class);
+        $this->expectException(SecurityException::class);
         $this->expectExceptionMessage('Invalid Control characters in cookie:');
 
         $stringWithNullChar = "String contains null char and line break.\0\n";
@@ -147,7 +147,7 @@ public function stringWithLineBreakAndTabProvider()
      */
     public function testCheckControlStringWithControlCharsCausesException($input)
     {
-        $this->expectException(RuntimeException::class);
+        $this->expectException(SecurityException::class);
         $this->expectExceptionMessage('Invalid Control characters in get:');
 
         $_GET['val'] = $input;