Home Explore Help
Sign In
bachir
/
popsu-d7
1
0
Fork 0
Files Issues 0 Pull Requests 0 Wiki
Tree: cc3b64a193
Branches Tags
popsu-d7
/
misc
/
typo3
/
phar-stream-wrapper
/
src
/
Interceptor
/
PharMetaDataInterceptor.php

PharMetaDataInterceptor.php 2.1 KB
History Raw

12345678910111213141516171819202122232425262728293031323334353637383940414243444546474849505152535455565758596061626364656667686970717273 
  1. <?php
    2. 

  2. namespace TYPO3\PharStreamWrapper\Interceptor;
    3. 

  3. 

  4. /*
    5. 

  5.  * This file is part of the TYPO3 project.
    6. 

  6.  *
    7. 

  7.  * It is free software; you can redistribute it and/or modify it under the terms
    8. 

  8.  * of the MIT License (MIT). For the full copyright and license information,
    9. 

  9.  * please read the LICENSE file that was distributed with this source code.
    10. 

  10.  *
    11. 

  11.  * The TYPO3 project - inspiring people to share!
    12. 

  12.  */
    13. 

  13. 

  14. use TYPO3\PharStreamWrapper\Assertable;
    15. 

  15. use TYPO3\PharStreamWrapper\Exception;
    16. 

  16. use TYPO3\PharStreamWrapper\Manager;
    17. 

  17. use TYPO3\PharStreamWrapper\Phar\DeserializationException;
    18. 

  18. use TYPO3\PharStreamWrapper\Phar\Reader;
    19. 

  19. 

  20. /**
    21. 

  21.  * @internal Experimental implementation of checking against serialized objects in Phar meta-data
    22. 

  22.  * @internal This functionality has not been 100% pentested...
    23. 

  23.  */
    24. 

  24. class PharMetaDataInterceptor implements Assertable
    25. 

  25. {
    26. 

  26.     /**
    27. 

  27.      * Determines whether the according Phar archive contains
    28. 

  28.      * (potential insecure) serialized objects.
    29. 

  29.      *
    30. 

  30.      * @param string $path
    31. 

  31.      * @param string $command
    32. 

  32.      * @return bool
    33. 

  33.      * @throws Exception
    34. 

  34.      */
    35. 

  35.     public function assert($path, $command)
    36. 

  36.     {
    37. 

  37.         if ($this->baseFileDoesNotHaveMetaDataIssues($path)) {
    38. 

  38.             return true;
    39. 

  39.         }
    40. 

  40.         throw new Exception(
    41. 

  41.             sprintf(
    42. 

  42.                 'Problematic meta-data in "%s"',
    43. 

  43.                 $path
    44. 

  44.             ),
    45. 

  45.             1539632368
    46. 

  46.         );
    47. 

  47.     }
    48. 

  48. 

  49.     /**
    50. 

  50.      * @param string $path
    51. 

  51.      * @return bool
    52. 

  52.      */
    53. 

  53.     private function baseFileDoesNotHaveMetaDataIssues($path)
    54. 

  54.     {
    55. 

  55.         $invocation = Manager::instance()->resolve($path);
    56. 

  56.         if ($invocation === null) {
    57. 

  57.             return false;
    58. 

  58.         }
    59. 

  59.         // directly return in case invocation was checked before
    60. 

  60.         if ($invocation->getVariable(__CLASS__) === true) {
    61. 

  61.             return true;
    62. 

  62.         }
    63. 

  63.         // otherwise analyze meta-data
    64. 

  64.         try {
    65. 

  65.             $reader = new Reader($invocation->getBaseName());
    66. 

  66.             $reader->resolveContainer()->getManifest()->deserializeMetaData();
    67. 

  67.             $invocation->setVariable(__CLASS__, true);
    68. 

  68.         } catch (DeserializationException $exception) {
    69. 

  69.             return false;
    70. 

  70.         }
    71. 

  71.         return true;
    72. 

  72.     }
    73. 

  73. }
    74.