StaticConfig::getStaticAddresses() - Code Metrics - Inspection of "add OpenVpnModule tests" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( bca83a...1ac405 )

by François

created 2016-02-22 10:50 UTC

StaticConfig::getStaticAddresses() B

↳ Parent: StaticConfig

Complexity

Conditions	5
Paths	12

Size

Total Lines	22
Code Lines	13

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	22
rs	8.6737
cc	5
eloc	13
nc	12
nop	1

<?php
/**
 * Copyright 2015 François Kooman <[email protected]>.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
namespace fkooman\VPN\Server\Config;

use fkooman\Json\Json;
use RuntimeException;
use fkooman\VPN\Server\Utils;

/**
 * Manage static configuration for configurations.
 * Features:
 * - disable a configuration based on CN
 * - set static IPv4/IPv6 address for a CN.
 */
class StaticConfig
{
    /** @var string */
    private $staticConfigDir;

    /** @var IP */
    private $ipRange;

    /** @var IP */
    private $poolRange;

    public function __construct($staticConfigDir, IP $ipRange, IP $poolRange)
    {
        $this->staticConfigDir = $staticConfigDir;
        $this->ipRange = $ipRange;
        $this->poolRange = $poolRange;
    }

    public function getIpRange()
    {
        return $this->ipRange;
    }

    public function getPoolRange()
    {
        return $this->poolRange;
    }

    private function parseConfig($commonName)
    {
        $commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);
        // XXX do something if file does not exist
        try {
            return Json::decodeFile($commonNamePath);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        } catch (RuntimeException $e) {
            return [];
        }
    }

    public function disableCommonName($commonName)

    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);
        if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
            // already disabled
            return false;
        }

        $clientConfig['disable'] = true;
        $this->writeFile($commonName, $clientConfig);

        return true;
    }

    public function enableCommonName($commonName)

    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);
        if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
            // it is disabled, enable it
            $clientConfig['disable'] = false;
            $this->writeFile($commonName, $clientConfig);

            return true;
        }

        // it is not disabled
        return false;
    }

    public function isDisabled($commonName)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);

        return array_key_exists('disable', $clientConfig) && $clientConfig['disable'];
    }

    public function getDisabledCommonNames($userId = null)
    {
        if (!is_null($userId)) {
            Utils::validateUserId($userId);
        }

        $disabledCommonNames = array();
        $pathFilter = sprintf('%s/*', $this->staticConfigDir);
        if (!is_null($userId)) {
            $pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
        }

        foreach (glob($pathFilter) as $commonNamePath) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            $commonName = basename($commonNamePath);

            if ($this->isDisabled($commonName)) {
                $disabledCommonNames[] = $commonName;
            }
        }

        return $disabledCommonNames;
    }

    public function getStaticAddresses($userId = null)
    {
        if (!is_null($userId)) {
            Utils::validateUserId($userId);
        }

        $staticAddresses = array();
        $pathFilter = sprintf('%s/*', $this->staticConfigDir);
        if (!is_null($userId)) {
            $pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
        }

        foreach (glob($pathFilter) as $commonNamePath) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            $commonName = basename($commonNamePath);
            $ip = $this->getStaticAddress($commonName);
            if (!is_null($ip['v4'])) {
                $staticAddresses[$commonName] = $ip;
            }
        }

        return $staticAddresses;
    }

    public function getStaticAddress($commonName)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);

        $v4 = null;
        if (array_key_exists('v4', $clientConfig)) {
            $v4 = $clientConfig['v4'];
        }

        return array(
            'v4' => $v4,
        );
    }

    public function setStaticAddresses($commonName, $v4)
    {
        Utils::validateCommonName($commonName);
        if (!is_null($v4)) {
            Utils::validateAddress($v4);

            // IP MUST be in ipRange
            if (!$this->ipRange->inRange($v4)) {
                throw new RuntimeException('IP is out of range');
            }

            // IP MUST NOT be in poolRange (including network and broadcast
            if ($this->poolRange->inRange($v4, true)) {
                throw new RuntimeException('IP cannot be in poolRange');
            }

            // cannot be server IP (we assume for now firstHost is server IP
            if ($v4 === $this->ipRange->getFirstHost()) {
                throw new RuntimeException('IP cannot be server IP');
            }

            // XXX make sure it is not already in use by another config, it is
            // okay if it is this config!
            $staticAddresses = $this->getStaticAddresses();
            foreach ($staticAddresses as $cn => $c) {
                if ($c['v4'] === $v4) {
                    if ($commonName === $cn) {
                        // the commonName is allowed to have the same address,
                        // i.e. when setting the same IPv4 address that was 
                        // already assigned to that CN
                        continue;
                    }

                    throw new RuntimeException(sprintf('IP address already in use by "%s"', $cn));
                }
            }
        }
        $clientConfig = $this->parseConfig($commonName);
        $clientConfig['v4'] = $v4;
        $this->writeFile($commonName, $clientConfig);

        return true;
    }

    private function writeFile($commonName, array $clientConfig)
    {
        $commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);

        if (false === @file_put_contents($commonNamePath, Json::encode($clientConfig))) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            throw new RuntimeException('unable to write to static configuration file');
        }
    }
}


GitHub Access Token became invalid

Push — master ( bca83a...1ac405 )

StaticConfig::getStaticAddresses() B

Complexity

Size

Duplication

Importance

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

1		<?php
2		/**
3		* Copyright 2015 François Kooman <[email protected]>.
4		*
5		* Licensed under the Apache License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		namespace fkooman\VPN\Server\Config;
18
19		use fkooman\Json\Json;
20		use RuntimeException;
21		use fkooman\VPN\Server\Utils;
22
23		/**
24		* Manage static configuration for configurations.
25		* Features:
26		* - disable a configuration based on CN
27		* - set static IPv4/IPv6 address for a CN.
28		*/
29		class StaticConfig
30		{
31		/** @var string */
32		private $staticConfigDir;
33
34		/** @var IP */
35		private $ipRange;
36
37		/** @var IP */
38		private $poolRange;
39
40		public function __construct($staticConfigDir, IP $ipRange, IP $poolRange)
41		{
42		$this->staticConfigDir = $staticConfigDir;
43		$this->ipRange = $ipRange;
44		$this->poolRange = $poolRange;
45		}
46
47		public function getIpRange()
48		{
49		return $this->ipRange;
50		}
51
52		public function getPoolRange()
53		{
54		return $this->poolRange;
55		}
56
57		private function parseConfig($commonName)
58		{
59		$commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);
60		// XXX do something if file does not exist
61		try {
62		return Json::decodeFile($commonNamePath);
		0 ignored issues – show Security File Exposure introduced 2016-02-22 10:53 UTC by Report Bug Copy Issue Report `$commonNamePath` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
63		} catch (RuntimeException $e) {
64		return [];
65		}
66		}
67
68	View Code Duplication	public function disableCommonName($commonName)
		0 ignored issues – show Duplication introduced 2016-02-22 10:53 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
69		{
70		Utils::validateCommonName($commonName);
71
72		$clientConfig = $this->parseConfig($commonName);
73		if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
74		// already disabled
75		return false;
76		}
77
78		$clientConfig['disable'] = true;
79		$this->writeFile($commonName, $clientConfig);
80
81		return true;
82		}
83
84	View Code Duplication	public function enableCommonName($commonName)
		0 ignored issues – show Duplication introduced 2016-02-22 10:53 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
85		{
86		Utils::validateCommonName($commonName);
87
88		$clientConfig = $this->parseConfig($commonName);
89		if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
90		// it is disabled, enable it
91		$clientConfig['disable'] = false;
92		$this->writeFile($commonName, $clientConfig);
93
94		return true;
95		}
96
97		// it is not disabled
98		return false;
99		}
100
101		public function isDisabled($commonName)
102		{
103		Utils::validateCommonName($commonName);
104
105		$clientConfig = $this->parseConfig($commonName);
106
107		return array_key_exists('disable', $clientConfig) && $clientConfig['disable'];
108		}
109
110		public function getDisabledCommonNames($userId = null)
111		{
112		if (!is_null($userId)) {
113		Utils::validateUserId($userId);
114		}
115
116		$disabledCommonNames = array();
117		$pathFilter = sprintf('%s/*', $this->staticConfigDir);
118		if (!is_null($userId)) {
119		$pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
120		}
121
122		foreach (glob($pathFilter) as $commonNamePath) {
		0 ignored issues – show Security File Exposure introduced 2016-02-22 10:53 UTC by Report Bug Copy Issue Report `$pathFilter` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
123		$commonName = basename($commonNamePath);
124
125		if ($this->isDisabled($commonName)) {
126		$disabledCommonNames[] = $commonName;
127		}
128		}
129
130		return $disabledCommonNames;
131		}
132
133		public function getStaticAddresses($userId = null)
134		{
135		if (!is_null($userId)) {
136		Utils::validateUserId($userId);
137		}
138
139		$staticAddresses = array();
140		$pathFilter = sprintf('%s/*', $this->staticConfigDir);
141		if (!is_null($userId)) {
142		$pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
143		}
144
145		foreach (glob($pathFilter) as $commonNamePath) {
		0 ignored issues – show Security File Exposure introduced 2016-02-22 10:53 UTC by Report Bug Copy Issue Report `$pathFilter` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
146		$commonName = basename($commonNamePath);
147		$ip = $this->getStaticAddress($commonName);
148		if (!is_null($ip['v4'])) {
149		$staticAddresses[$commonName] = $ip;
150		}
151		}
152
153		return $staticAddresses;
154		}
155
156		public function getStaticAddress($commonName)
157		{
158		Utils::validateCommonName($commonName);
159
160		$clientConfig = $this->parseConfig($commonName);
161
162		$v4 = null;
163		if (array_key_exists('v4', $clientConfig)) {
164		$v4 = $clientConfig['v4'];
165		}
166
167		return array(
168		'v4' => $v4,
169		);
170		}
171
172		public function setStaticAddresses($commonName, $v4)
173		{
174		Utils::validateCommonName($commonName);
175		if (!is_null($v4)) {
176		Utils::validateAddress($v4);
177
178		// IP MUST be in ipRange
179		if (!$this->ipRange->inRange($v4)) {
180		throw new RuntimeException('IP is out of range');
181		}
182
183		// IP MUST NOT be in poolRange (including network and broadcast
184		if ($this->poolRange->inRange($v4, true)) {
185		throw new RuntimeException('IP cannot be in poolRange');
186		}
187
188		// cannot be server IP (we assume for now firstHost is server IP
189		if ($v4 === $this->ipRange->getFirstHost()) {
190		throw new RuntimeException('IP cannot be server IP');
191		}
192
193		// XXX make sure it is not already in use by another config, it is
194		// okay if it is this config!
195		$staticAddresses = $this->getStaticAddresses();
196		foreach ($staticAddresses as $cn => $c) {
197		if ($c['v4'] === $v4) {
198		if ($commonName === $cn) {
199		// the commonName is allowed to have the same address,
200		// i.e. when setting the same IPv4 address that was
201		// already assigned to that CN
202		continue;
203		}
204
205		throw new RuntimeException(sprintf('IP address already in use by "%s"', $cn));
206		}
207		}
208		}
209		$clientConfig = $this->parseConfig($commonName);
210		$clientConfig['v4'] = $v4;
211		$this->writeFile($commonName, $clientConfig);
212
213		return true;
214		}
215
216		private function writeFile($commonName, array $clientConfig)
217		{
218		$commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);
219
220		if (false === @file_put_contents($commonNamePath, Json::encode($clientConfig))) {
		0 ignored issues – show Security File Manipulation introduced 2016-02-22 10:53 UTC by Report Bug Copy Issue Report `$commonNamePath` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
221		throw new RuntimeException('unable to write to static configuration file');
222		}
223		}
224		}
225

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( bca83a...1ac405 )

StaticConfig::getStaticAddresses() B

Complexity

Size

Duplication

Importance

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like