LumenerController - Code Metrics - Inspection of "Add known-issues patching" - HeshamMeneisi/Lumener - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 2416bc...c76436 )

by Hesham

created 2019-05-03 04:58 UTC

LumenerController B

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	198
Duplicated Lines	0 %

Importance

Changes

Metric	Value
wmc	43
eloc	97
dl	0
loc	198
rs	8.96
c	0
b	0
f	0

13 Methods

Rating	Name	Size	Complexity
A	getResource()	15	3
A	index()	18	5
A	__construct()	15	3
A	__call()	7	2
A	update()	4	1
A	isDBBlocked()	11	4
B	_verifyAdminerRequest()	7	7
A	_setupErrorHandling()	13	2
A	_patchAdminerRequest()	4	2
A	_runAdminer()	17	2
A	_runGetBuffer()	24	6
A	_handleAdminerAutoLogin()	10	5
A	_stopErrorHandling()	3	1

How to fix Complexity

<?php
namespace Lumener\Controllers;

use Illuminate\Routing\Controller;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Artisan;

class LumenerController extends Controller
{
    protected $adminer;
    protected $adminer_object;
    protected $plugins_path;
    protected $allowed_dbs;
    protected $protected_dbs;
    protected $request;

    public function __construct(Request $request)
    {
        if (method_exists(\Route::class, 'hasMiddlewareGroup')
        && \Route::hasMiddlewareGroup('lumener')) {
            $this->middleware('lumener');
        }
        // LumenerServiceProvider::register holds the middleware register
        // so it does not need to be addeed manually.
        // User-defined middleware is handled during route definition for Lumen
        $this->allowed_dbs = config('lumener.security.allowed_db');
        $this->protected_dbs = config('lumener.security.protected_db');
        $this->adminer = LUMENER_STORAGE.'/adminer.php';
        $this->adminer_object = __DIR__.'/../logic/adminer_object.php';
        $this->plugins_path = LUMENER_STORAGE.'/plugins';
        $this->request = $request;
    }

    public function __call($method, $params)
    {
        if (strncasecmp($method, "get", 3) === 0) {
            $var = preg_replace_callback('/[A-Z]/', function ($c) {
                return '_'.strtolower($c[0]);
            }, lcfirst(substr($method, 3)));
            return $this->$var;
        }
    }

    public function index()
    {
        if ($this->request->cookie('adminer_logged_out')
            && config('lumener.logout_redirect')) {
            return redirect(config('lumener.logout_redirect'));
        }
        if (isset($_POST['logout'])) {
            $t = encrypt(time());
            $h = "Set-Cookie: adminer_logged_out={$t}; expires=".gmdate(
                "D, d M Y H:i:s",
                time() + config('lumener.logout_cooldown', 10)
            )." GMT; path=".preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]);
            header($h);
        }
        if (file_exists($this->adminer)) {
            return $this->_runAdminer();
        } else {
            return '<div style="text-align:center;color: red;
                                margin-top: 200px;font-weight:bold;">
                      Adminer was NOT found.
                      Run <span style="color:lightgreen;background:black;
                                       padding: 5px;border: 5px dashed white;">
                                       php artisan lumener:update --force</span>
                                       to fix any issues.
                    </div>
            ';
        }
    }

    public function update()
    {
        Artisan::call('lumener:update');
        return nl2br(Artisan::output());
    }

    public function getResource()
    {
        $file = $this->request->get('file');
        $path = realpath(LUMENER_STORAGE."/{$file}");
        // Prevent risky file fetching
        // This check is very important, it's a major security risk to allow
        // Fetching files outside the LUMENER_STORAGE directory
        if (
            $path === false
            || strncmp($path, LUMENER_STORAGE, strlen(LUMENER_STORAGE)) !== 0
        ) {
            abort(403);
        }
        $type = $this->request->get('type', mime_content_type($path));
        return response()->download($path, $file, ["Content-Type"=>$type]);
    }

    public function isDBBlocked($db)
    {
        return
        (
            $this->allowed_dbs !== null
            && !in_array($db, $this->allowed_dbs)
        )
        ||
        (
            $this->protected_dbs !== null
            && in_array($db, $this->protected_dbs)
        );
    }

    private function _runAdminer()
    {
        $this->_handleAdminerAutoLogin();

        // Known Issues
        $this->_patchAdminerRequest();

        // Security Check
        $this->_verifyAdminerRequest();

        $content =
            $this->_runGetBuffer([$this->adminer_object, $this->adminer]);

        if (strpos($content, "<!DOCTYPE html>") === false) {
            die($content);
        }
        return $content;
    }

    private function _handleAdminerAutoLogin()
    {
        if (!isset($_GET['username']) && !isset($_POST['auth'])
            && config('lumener.auto_login')
            && !$this->request->cookie('adminer_logged_out')) {
            // Skip login screen
            $_GET['username'] =
                config('lumener.db.username', env("DB_USERNAME"));
            $_GET['db'] =
                config('lumener.db.database', env("DB_DATABASE"));
            // Password is set in the adminer extension
        }
    }

    private function _verifyAdminerRequest()
    {
        if ((isset($_GET['db']) && $_GET['db']
            && $this->isDBBlocked($_GET['db']))
        || (isset($_POST['auth']['db']) && $_POST['auth']['db']
            && $this->isDBBlocked($_POST['auth']['db']))) {
            abort(403);
        }
    }

    private function _patchAdminerRequest()
    {
        if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
            $_SERVER['HTTP_IF_MODIFIED_SINCE'] = null;
        }
    }

    private function _runGetBuffer($files, $allowed_errors=[E_WARNING])
    {
        // Prepare for unhandled errors
        $this->_setupErrorHandling();
        // Require files
        ob_implicit_flush(0);
        ob_start();
        try {
            foreach ($files as $file) {
                // require because include will not throw the adminer_exit error
                require($file);
            }
        } catch (\ErrorException $e) {
            if (config('lumener.debug')
            || !in_array($e->getSeverity(), $allowed_errors)) {
                throw $e;
            }
        }
        $this->_stopErrorHandling();
        $content = "";
        while ($level = ob_get_clean()) {
            $content = $level . $content;
        }
        return $content;
    }

    private function _setupErrorHandling()
    {
        set_error_handler(function ($err_severity, $err_msg, $err_file, $err_line) {
            // Check if suppressed with the @-operator
            if (0 === error_reporting()) {
                return false;
            }
            throw new \ErrorException(
                $err_msg,
                0,
                $err_severity,
                $err_file,
                $err_line
            );
        });
    }

    private function _stopErrorHandling()
    {
        set_error_handler(null);
    }
}


1			<?php
2			namespace Lumener\Controllers;
3
4			use Illuminate\Routing\Controller;
5			use Illuminate\Http\Request;
6			use Illuminate\Support\Facades\Artisan;
7
8			class LumenerController extends Controller
9			{
10			protected $adminer;
11			protected $adminer_object;
12			protected $plugins_path;
13			protected $allowed_dbs;
14			protected $protected_dbs;
15			protected $request;
16
17			public function __construct(Request $request)
18			{
19			if (method_exists(\Route::class, 'hasMiddlewareGroup')
20			&& \Route::hasMiddlewareGroup('lumener')) {
21			$this->middleware('lumener');
22			}
23			// LumenerServiceProvider::register holds the middleware register
24			// so it does not need to be addeed manually.
25			// User-defined middleware is handled during route definition for Lumen
26			$this->allowed_dbs = config('lumener.security.allowed_db');
27			$this->protected_dbs = config('lumener.security.protected_db');
28			$this->adminer = LUMENER_STORAGE.'/adminer.php';
29			$this->adminer_object = __DIR__.'/../logic/adminer_object.php';
30			$this->plugins_path = LUMENER_STORAGE.'/plugins';
31			$this->request = $request;
32			}
33
34			public function __call($method, $params)
35			{
36			if (strncasecmp($method, "get", 3) === 0) {
37			$var = preg_replace_callback('/[A-Z]/', function ($c) {
38			return '_'.strtolower($c[0]);
39			}, lcfirst(substr($method, 3)));
40			return $this->$var;
41			}
42			}
43
44			public function index()
45			{
46			if ($this->request->cookie('adminer_logged_out')
47			&& config('lumener.logout_redirect')) {
48			return redirect(config('lumener.logout_redirect'));
49			}
50			if (isset($_POST['logout'])) {
51			$t = encrypt(time());
52			$h = "Set-Cookie: adminer_logged_out={$t}; expires=".gmdate(
53			"D, d M Y H:i:s",
54			time() + config('lumener.logout_cooldown', 10)
55			)." GMT; path=".preg_replace('~\?.*~', '', $_SERVER["REQUEST_URI"]);
56			header($h);
57			}
58			if (file_exists($this->adminer)) {
59			return $this->_runAdminer();
60			} else {
61			return '<div style="text-align:center;color: red;
62			margin-top: 200px;font-weight:bold;">
63			Adminer was NOT found.
64			Run <span style="color:lightgreen;background:black;
65			padding: 5px;border: 5px dashed white;">
66			php artisan lumener:update --force</span>
67			to fix any issues.
68			</div>
69			';
70			}
71			}
72
73			public function update()
74			{
75			Artisan::call('lumener:update');
76			return nl2br(Artisan::output());
77			}
78
79			public function getResource()
80			{
81			$file = $this->request->get('file');
82			$path = realpath(LUMENER_STORAGE."/{$file}");
83			// Prevent risky file fetching
84			// This check is very important, it's a major security risk to allow
85			// Fetching files outside the LUMENER_STORAGE directory
86			if (
87			$path === false
88			\|\| strncmp($path, LUMENER_STORAGE, strlen(LUMENER_STORAGE)) !== 0
89			) {
90			abort(403);
91			}
92			$type = $this->request->get('type', mime_content_type($path));
93			return response()->download($path, $file, ["Content-Type"=>$type]);
94			}
95
96			public function isDBBlocked($db)
97			{
98			return
99			(
100			$this->allowed_dbs !== null
101			&& !in_array($db, $this->allowed_dbs)
102			)
103			\|\|
104			(
105			$this->protected_dbs !== null
106			&& in_array($db, $this->protected_dbs)
107			);
108			}
109
110			private function _runAdminer()
111			{
112			$this->_handleAdminerAutoLogin();
113
114			// Known Issues
115			$this->_patchAdminerRequest();
116
117			// Security Check
118			$this->_verifyAdminerRequest();
119
120			$content =
121			$this->_runGetBuffer([$this->adminer_object, $this->adminer]);
122
123			if (strpos($content, "<!DOCTYPE html>") === false) {
124			die($content);
125			}
126			return $content;
127			}
128
129			private function _handleAdminerAutoLogin()
130			{
131			if (!isset($_GET['username']) && !isset($_POST['auth'])
132			&& config('lumener.auto_login')
133			&& !$this->request->cookie('adminer_logged_out')) {
134			// Skip login screen
135			$_GET['username'] =
136			config('lumener.db.username', env("DB_USERNAME"));
137			$_GET['db'] =
138			config('lumener.db.database', env("DB_DATABASE"));
139			// Password is set in the adminer extension
140			}
141			}
142
143			private function _verifyAdminerRequest()
144			{
145			if ((isset($_GET['db']) && $_GET['db']
146			&& $this->isDBBlocked($_GET['db']))
147			\|\| (isset($_POST['auth']['db']) && $_POST['auth']['db']
148			&& $this->isDBBlocked($_POST['auth']['db']))) {
149			abort(403);
150			}
151			}
152
153			private function _patchAdminerRequest()
154			{
155			if (!isset($_SERVER['HTTP_IF_MODIFIED_SINCE'])) {
156			$_SERVER['HTTP_IF_MODIFIED_SINCE'] = null;
157			}
158			}
159
160			private function _runGetBuffer($files, $allowed_errors=[E_WARNING])
161			{
162			// Prepare for unhandled errors
163			$this->_setupErrorHandling();
164			// Require files
165			ob_implicit_flush(0);
166			ob_start();
167			try {
168			foreach ($files as $file) {
169			// require because include will not throw the adminer_exit error
170			require($file);
171			}
172			} catch (\ErrorException $e) {
173			if (config('lumener.debug')
174			\|\| !in_array($e->getSeverity(), $allowed_errors)) {
175			throw $e;
176			}
177			}
178			$this->_stopErrorHandling();
179			$content = "";
180			while ($level = ob_get_clean()) {
181			$content = $level . $content;
182			}
183			return $content;
184			}
185
186			private function _setupErrorHandling()
187			{
188			set_error_handler(function ($err_severity, $err_msg, $err_file, $err_line) {
189			// Check if suppressed with the @-operator
190			if (0 === error_reporting()) {
191			return false;
192			}
193			throw new \ErrorException(
194			$err_msg,
195			0,
196			$err_severity,
197			$err_file,
198			$err_line
199			);
200			});
201			}
202
203			private function _stopErrorHandling()
204			{
205			set_error_handler(null);
206			}
207			}
208

HeshamMeneisi / Lumener

Push — master ( 2416bc...c76436 )

LumenerController B

Complexity

Size/Duplication

Importance

13 Methods

How to fix Complexity

Complex Class

Duplication Side-by-Side

Filter issues like