You are here

class PharMetaDataInterceptor in Drupal 7

@internal Experimental implementation of checking against serialized objects in Phar meta-data @internal This functionality has not been 100% pentested...

Hierarchy

Expanded class hierarchy of PharMetaDataInterceptor

File

misc/typo3/phar-stream-wrapper/src/Interceptor/PharMetaDataInterceptor.php, line 24

Namespace

TYPO3\PharStreamWrapper\Interceptor
View source
class PharMetaDataInterceptor implements Assertable {

  /**
   * Determines whether the according Phar archive contains
   * (potential insecure) serialized objects.
   *
   * @param string $path
   * @param string $command
   * @return bool
   * @throws Exception
   */
  public function assert($path, $command) {
    if ($this
      ->baseFileDoesNotHaveMetaDataIssues($path)) {
      return true;
    }
    throw new Exception(sprintf('Problematic meta-data in "%s"', $path), 1539632368);
  }

  /**
   * @param string $path
   * @return bool
   */
  private function baseFileDoesNotHaveMetaDataIssues($path) {
    $invocation = Manager::instance()
      ->resolve($path);
    if ($invocation === null) {
      return false;
    }

    // directly return in case invocation was checked before
    if ($invocation
      ->getVariable(__CLASS__) === true) {
      return true;
    }

    // otherwise analyze meta-data
    try {
      $reader = new Reader($invocation
        ->getBaseName());
      $reader
        ->resolveContainer()
        ->getManifest()
        ->deserializeMetaData();
      $invocation
        ->setVariable(__CLASS__, true);
    } catch (DeserializationException $exception) {
      return false;
    }
    return true;
  }

}

Members

Namesort descending Modifiers Type Description Overrides
PharMetaDataInterceptor::assert public function Determines whether the according Phar archive contains (potential insecure) serialized objects. Overrides Assertable::assert
PharMetaDataInterceptor::baseFileDoesNotHaveMetaDataIssues private function