Directory - Code Metrics - Inspection of "#366 Fixed wrong use of realpath() on non existing..." - PHPSocialNetwork/phpfastcache - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — V6 ( 0a67f6...23eee8 )

by Georges

created 2016-10-03 22:58 UTC

Directory A

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	116
Duplicated Lines	0 %

Coupling/Cohesion

Components	0
Dependencies	0

Importance

Changes	5
Bugs	1	Features	0

Metric	Value
dl	0
loc	116
rs	10
c	5
b	1
f	0
wmc	21
lcom	0
cbo	0

4 Methods

Rating	Name	Size	Complexity
D	rrmdir()	35	10
A	dirSize()	16	4
A	getFileCount()	15	3
A	getAbsolutePath()	18	4

<?php
/**
 *
 * This file is part of phpFastCache.
 *
 * @license MIT License (MIT)
 *
 * For full copyright and license information, please see the docs/CREDITS.txt file.
 *
 * @author Khoa Bui (khoaofgod)  <[email protected]> http://www.phpfastcache.com
 * @author Georges.L (Geolim4)  <[email protected]>
 *
 */
namespace phpFastCache\Util;

use RecursiveDirectoryIterator;
use RecursiveIteratorIterator;
use SplFileInfo;

/**
 * Class Directory
 * @package phpFastCache\Util
 */
class Directory
{
    /**
     * Get the directory size
     * @param string $directory
     * @param bool $includeDirAllocSize
     * @return integer
     */
    public static function dirSize($directory, $includeDirAllocSize = false)
    {
        $size = 0;
        foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory)) as $file) {
            /**
             * @var \SplFileInfo $file
             */
            if ($file->isFile()) {
                $size += filesize($file->getRealPath());
            } else if ($includeDirAllocSize) {
                $size += $file->getSize();
            }
        }

        return $size;
    }

    /**
     * @param string $path
     * @return int
     */
    public static function getFileCount($path)
    {
        $count = 0;
        $objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), \RecursiveIteratorIterator::SELF_FIRST);
        foreach ($objects as $object) {
            /**
             * @var \SplFileInfo $object
             */
            if ($object->isFile()) {
                $count++;
            }
        }

        return $count;
    }

    /**
     * Recursively delete a directory and all of it's contents - e.g.the equivalent of `rm -r` on the command-line.
     * Consistent with `rmdir()` and `unlink()`, an E_WARNING level error will be generated on failure.
     *
     * @param string $source absolute path to directory or file to delete.
     * @param bool $removeOnlyChildren set to true will only remove content inside directory.
     *
     * @return bool true on success; false on failure
     */
    public static function rrmdir($source, $removeOnlyChildren = false)
    {
        if (empty($source) || file_exists($source) === false) {
            return false;
        }

        if (is_file($source) || is_link($source)) {
            return unlink($source);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        }

        $files = new RecursiveIteratorIterator
        (
          new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS),
          RecursiveIteratorIterator::CHILD_FIRST
        );

        foreach ($files as $fileinfo) {
            /**
             * @var SplFileInfo $fileinfo
             */
            if ($fileinfo->isDir()) {
                if (self::rrmdir($fileinfo->getRealPath()) === false) {
                    return false;
                }
            } else if (unlink($fileinfo->getRealPath()) === false) {
                return false;
            }
        }

        if ($removeOnlyChildren === false) {
            return rmdir($source);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        }

        return true;
    }

    /**
     * Alias of realpath() but work
     * on non-existing files
     *
     * @param $path
     * @return string
     */
    public static function getAbsolutePath($path)
    {
        $path = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $path);
        $parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
        $absolutes = [];
        foreach ($parts as $part) {
            if ('.' === $part) {
                continue;
            }
            if ('..' === $part) {
                array_pop($absolutes);
            } else {
                $absolutes[] = $part;
            }
        }

        return implode(DIRECTORY_SEPARATOR, $absolutes);
    }
}

1			<?php
2			/**
3			*
4			* This file is part of phpFastCache.
5			*
6			* @license MIT License (MIT)
7			*
8			* For full copyright and license information, please see the docs/CREDITS.txt file.
9			*
10			* @author Khoa Bui (khoaofgod) <[email protected]> http://www.phpfastcache.com
11			* @author Georges.L (Geolim4) <[email protected]>
12			*
13			*/
14			namespace phpFastCache\Util;
15
16			use RecursiveDirectoryIterator;
17			use RecursiveIteratorIterator;
18			use SplFileInfo;
19
20			/**
21			* Class Directory
22			* @package phpFastCache\Util
23			*/
24			class Directory
25			{
26			/**
27			* Get the directory size
28			* @param string $directory
29			* @param bool $includeDirAllocSize
30			* @return integer
31			*/
32			public static function dirSize($directory, $includeDirAllocSize = false)
33			{
34			$size = 0;
35			foreach (new RecursiveIteratorIterator(new RecursiveDirectoryIterator($directory)) as $file) {
36			/**
37			* @var \SplFileInfo $file
38			*/
39			if ($file->isFile()) {
40			$size += filesize($file->getRealPath());
41			} else if ($includeDirAllocSize) {
42			$size += $file->getSize();
43			}
44			}
45
46			return $size;
47			}
48
49			/**
50			* @param string $path
51			* @return int
52			*/
53			public static function getFileCount($path)
54			{
55			$count = 0;
56			$objects = new RecursiveIteratorIterator(new RecursiveDirectoryIterator($path), \RecursiveIteratorIterator::SELF_FIRST);
57			foreach ($objects as $object) {
58			/**
59			* @var \SplFileInfo $object
60			*/
61			if ($object->isFile()) {
62			$count++;
63			}
64			}
65
66			return $count;
67			}
68
69			/**
70			* Recursively delete a directory and all of it's contents - e.g.the equivalent of `rm -r` on the command-line.
71			* Consistent with `rmdir()` and `unlink()`, an E_WARNING level error will be generated on failure.
72			*
73			* @param string $source absolute path to directory or file to delete.
74			* @param bool $removeOnlyChildren set to true will only remove content inside directory.
75			*
76			* @return bool true on success; false on failure
77			*/
78			public static function rrmdir($source, $removeOnlyChildren = false)
79			{
80			if (empty($source) \|\| file_exists($source) === false) {
81			return false;
82			}
83
84			if (is_file($source) \|\| is_link($source)) {
85			return unlink($source);
			0 ignored issues – show Security File Manipulation introduced 2016-07-06 07:27 UTC by Report Bug Copy Issue Report `$source` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Fetching key `HTTP_HOST` from `$_SERVER,` and `$_SERVER['HTTP_HOST']` is passed through str_replace(), and `str_replace(':', '_', $_SERVER['HTTP_HOST'])` is passed through strtolower(), and `strtolower(str_replace(':', '_', $_SERVER['HTTP_HOST']))` is passed through preg_replace(), and `$securityKey` is assigned in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 60 Data is passed through trim(), and Data is passed through preg_replace() in vendor/src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 194 `$securityKey` is assigned in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 70 `$full_path` is assigned in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 87 `$full_path` is passed through realpath() in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 104 PathSeekerTrait::getPath() returns tainted data, and `$this->getPath(true)` is passed to Directory::rrmdir() in src/phpFastCache/Drivers/Files/Driver.php on line 135 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
86			}
87
88			$files = new RecursiveIteratorIterator
89			(
90			new RecursiveDirectoryIterator($source, RecursiveDirectoryIterator::SKIP_DOTS),
91			RecursiveIteratorIterator::CHILD_FIRST
92			);
93
94			foreach ($files as $fileinfo) {
95			/**
96			* @var SplFileInfo $fileinfo
97			*/
98			if ($fileinfo->isDir()) {
99			if (self::rrmdir($fileinfo->getRealPath()) === false) {
100			return false;
101			}
102			} else if (unlink($fileinfo->getRealPath()) === false) {
103			return false;
104			}
105			}
106
107			if ($removeOnlyChildren === false) {
108			return rmdir($source);
			0 ignored issues – show Security File Manipulation introduced 2016-07-06 07:27 UTC by Report Bug Copy Issue Report `$source` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. 1 path for user data to reach this point Fetching key `HTTP_HOST` from `$_SERVER,` and `$_SERVER['HTTP_HOST']` is passed through str_replace(), and `str_replace(':', '_', $_SERVER['HTTP_HOST'])` is passed through strtolower(), and `strtolower(str_replace(':', '_', $_SERVER['HTTP_HOST']))` is passed through preg_replace(), and `$securityKey` is assigned in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 60 Data is passed through trim(), and Data is passed through preg_replace() in vendor/src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 194 `$securityKey` is assigned in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 70 `$full_path` is assigned in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 87 `$full_path` is passed through realpath() in src/phpFastCache/Core/Pool/IO/PathSeekerTrait.php on line 104 PathSeekerTrait::getPath() returns tainted data, and `$this->getPath(true)` is passed to Directory::rrmdir() in src/phpFastCache/Drivers/Files/Driver.php on line 135 General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
109			}
110
111			return true;
112			}
113
114			/**
115			* Alias of realpath() but work
116			* on non-existing files
117			*
118			* @param $path
119			* @return string
120			*/
121			public static function getAbsolutePath($path)
122			{
123			$path = str_replace(['/', '\\'], DIRECTORY_SEPARATOR, $path);
124			$parts = array_filter(explode(DIRECTORY_SEPARATOR, $path), 'strlen');
125			$absolutes = [];
126			foreach ($parts as $part) {
127			if ('.' === $part) {
128			continue;
129			}
130			if ('..' === $part) {
131			array_pop($absolutes);
132			} else {
133			$absolutes[] = $part;
134			}
135			}
136
137			return implode(DIRECTORY_SEPARATOR, $absolutes);
138			}
139			}

PHPSocialNetwork / phpfastcache

Push — V6 ( 0a67f6...23eee8 )

Directory A

Complexity

Size/Duplication

Coupling/Cohesion

Importance

4 Methods

1 path for user data to reach this point

General Strategies to prevent injection

1 path for user data to reach this point

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like