diff options
author | Roeland Jago Douma <roeland@famdouma.nl> | 2018-02-21 13:27:29 +0100 |
---|---|---|
committer | Roeland Jago Douma <roeland@famdouma.nl> | 2018-02-21 13:27:29 +0100 |
commit | 4d5f2e64a5c6b76d4c74b595b93bfcfc850f553a (patch) | |
tree | 02a717a1c87b9777dba9201cf8fa6833e9e03cc7 /lib/private/IntegrityCheck | |
parent | 7c6cc013ebec7bbdecbf9f5567d620fcfbb37212 (diff) | |
download | nextcloud-server-4d5f2e64a5c6b76d4c74b595b93bfcfc850f553a.tar.gz nextcloud-server-4d5f2e64a5c6b76d4c74b595b93bfcfc850f553a.zip |
Make OC\IntegrityCheck strict
Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
Diffstat (limited to 'lib/private/IntegrityCheck')
6 files changed, 38 insertions, 33 deletions
diff --git a/lib/private/IntegrityCheck/Checker.php b/lib/private/IntegrityCheck/Checker.php index 771ac891ab4..f1a04d0eac4 100644 --- a/lib/private/IntegrityCheck/Checker.php +++ b/lib/private/IntegrityCheck/Checker.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -97,9 +98,9 @@ class Checker { * * @return bool */ - public function isCodeCheckEnforced() { + public function isCodeCheckEnforced(): bool { $notSignedChannels = [ '', 'git']; - if (in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) { + if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) { return false; } @@ -108,10 +109,9 @@ class Checker { * applicable for very specific scenarios and we should not advertise it * too prominent. So please do not add it to config.sample.php. */ + $isIntegrityCheckDisabled = false; if ($this->config !== null) { $isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false); - } else { - $isIntegrityCheckDisabled = false; } if ($isIntegrityCheckDisabled === true) { return false; @@ -128,7 +128,7 @@ class Checker { * @return \RecursiveIteratorIterator * @throws \Exception */ - private function getFolderIterator($folderToIterate, $root = '') { + private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator { $dirItr = new \RecursiveDirectoryIterator( $folderToIterate, \RecursiveDirectoryIterator::SKIP_DOTS @@ -156,12 +156,12 @@ class Checker { * @return array Array of hashes. */ private function generateHashes(\RecursiveIteratorIterator $iterator, - $path) { + string $path): array { $hashes = []; $copiedWebserverSettingFiles = false; $tmpFolder = ''; - $baseDirectoryLength = strlen($path); + $baseDirectoryLength = \strlen($path); foreach($iterator as $filename => $data) { /** @var \DirectoryIterator $data */ if($data->isDir()) { @@ -220,7 +220,7 @@ class Checker { if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') { $fileContent = file_get_contents($tmpFolder . '/.htaccess'); $explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent); - if(count($explodedArray) === 2) { + if(\count($explodedArray) === 2) { $hashes[$relativeFileName] = hash('sha512', $explodedArray[0]); continue; } @@ -238,11 +238,11 @@ class Checker { * @param array $hashes * @param X509 $certificate * @param RSA $privateKey - * @return string + * @return array */ private function createSignatureData(array $hashes, X509 $certificate, - RSA $privateKey) { + RSA $privateKey): array { ksort($hashes); $privateKey->setSignatureMode(RSA::SIGNATURE_PSS); @@ -328,13 +328,13 @@ class Checker { * @throws InvalidSignatureException * @throws \Exception */ - private function verify($signaturePath, $basePath, $certificateCN) { + private function verify(string $signaturePath, string $basePath, string $certificateCN): array { if(!$this->isCodeCheckEnforced()) { return []; } $signatureData = json_decode($this->fileAccessHelper->file_get_contents($signaturePath), true); - if(!is_array($signatureData)) { + if(!\is_array($signatureData)) { throw new InvalidSignatureException('Signature data not found.'); } @@ -422,7 +422,7 @@ class Checker { * * @return bool */ - public function hasPassedCheck() { + public function hasPassedCheck(): bool { $results = $this->getResults(); if(empty($results)) { return true; @@ -434,9 +434,9 @@ class Checker { /** * @return array */ - public function getResults() { + public function getResults(): array { $cachedResults = $this->cache->get(self::CACHE_KEY); - if(!is_null($cachedResults)) { + if(!\is_null($cachedResults)) { return json_decode($cachedResults, true); } @@ -452,7 +452,7 @@ class Checker { * @param string $scope * @param array $result */ - private function storeResults($scope, array $result) { + private function storeResults(string $scope, array $result) { $resultArray = $this->getResults(); unset($resultArray[$scope]); if(!empty($result)) { @@ -505,7 +505,7 @@ class Checker { * @param string $path Optional path. If none is given it will be guessed. * @return array */ - public function verifyAppSignature($appId, $path = '') { + public function verifyAppSignature(string $appId, string $path = ''): array { try { if($path === '') { $path = $this->appLocator->getAppPath($appId); @@ -518,7 +518,7 @@ class Checker { } catch (\Exception $e) { $result = [ 'EXCEPTION' => [ - 'class' => get_class($e), + 'class' => \get_class($e), 'message' => $e->getMessage(), ], ]; @@ -558,7 +558,7 @@ class Checker { * * @return array */ - public function verifyCoreSignature() { + public function verifyCoreSignature(): array { try { $result = $this->verify( $this->environmentHelper->getServerRoot() . '/core/signature.json', @@ -568,7 +568,7 @@ class Checker { } catch (\Exception $e) { $result = [ 'EXCEPTION' => [ - 'class' => get_class($e), + 'class' => \get_class($e), 'message' => $e->getMessage(), ], ]; diff --git a/lib/private/IntegrityCheck/Helpers/AppLocator.php b/lib/private/IntegrityCheck/Helpers/AppLocator.php index c8d4e1b9b27..9ec5361d9d5 100644 --- a/lib/private/IntegrityCheck/Helpers/AppLocator.php +++ b/lib/private/IntegrityCheck/Helpers/AppLocator.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -37,7 +38,7 @@ class AppLocator { * @return string * @throws \Exception If the app cannot be found */ - public function getAppPath($appId) { + public function getAppPath(string $appId): string { $path = \OC_App::getAppPath($appId); if($path === false) { @@ -51,7 +52,7 @@ class AppLocator { * * @return array */ - public function getAllApps() { + public function getAllApps(): array { return \OC_App::getAllApps(); } } diff --git a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php index c5e91997130..b69af591bc2 100644 --- a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php +++ b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -34,7 +35,7 @@ class EnvironmentHelper { * * @return string */ - public function getServerRoot() { + public function getServerRoot(): string { return rtrim(\OC::$SERVERROOT, '/'); } @@ -43,7 +44,7 @@ class EnvironmentHelper { * * @return string */ - public function getChannel() { + public function getChannel(): string { return \OC_Util::getChannel(); } } diff --git a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php index ef8e8b41b3f..e73b84b73c4 100644 --- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php +++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -36,7 +37,7 @@ class FileAccessHelper { * @param string $filename * @return string|false */ - public function file_get_contents($filename) { + public function file_get_contents(string $filename) { return file_get_contents($filename); } @@ -46,7 +47,7 @@ class FileAccessHelper { * @param string $filename * @return bool */ - public function file_exists($filename) { + public function file_exists(string $filename): bool { return file_exists($filename); } @@ -58,9 +59,9 @@ class FileAccessHelper { * @return int * @throws \Exception */ - public function file_put_contents($filename, $data) { + public function file_put_contents(string $filename, string $data): int { $bytesWritten = @file_put_contents($filename, $data); - if ($bytesWritten === false || $bytesWritten !== strlen($data)){ + if ($bytesWritten === false || $bytesWritten !== \strlen($data)){ throw new \Exception('Failed to write into ' . $filename); } return $bytesWritten; @@ -70,7 +71,7 @@ class FileAccessHelper { * @param string $path * @return bool */ - public function is_writable($path) { + public function is_writable(string $path): bool { return is_writable($path); } @@ -78,7 +79,7 @@ class FileAccessHelper { * @param string $path * @throws \Exception */ - public function assertDirectoryExists($path) { + public function assertDirectoryExists(string $path) { if (!is_dir($path)) { throw new \Exception('Directory ' . $path . ' does not exist.'); } diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php index 4801d7bb748..e0ad6a550e5 100644 --- a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php +++ b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -52,7 +53,7 @@ class ExcludeFileByNameFilterIterator extends \RecursiveFilterIterator { return true; } - return !in_array( + return !\in_array( $this->current()->getFilename(), $this->excludedFilenames, true diff --git a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php index 31dd05ef312..56524abe6a0 100644 --- a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php +++ b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php @@ -1,4 +1,5 @@ <?php +declare(strict_types=1); /** * @copyright Copyright (c) 2016, ownCloud, Inc. * @@ -24,7 +25,7 @@ namespace OC\IntegrityCheck\Iterator; class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator { - private $excludedFolders = []; + private $excludedFolders; public function __construct(\RecursiveIterator $iterator, $root = '') { parent::__construct($iterator); @@ -59,7 +60,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator { * @return bool */ public function accept() { - return !in_array( + return !\in_array( $this->current()->getPathName(), $this->excludedFolders, true |