StaticConfig::getIpRange() - Code Metrics - Inspection of "- make IP ranges available through API for edit pa..." - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 190821...979295 )

by François

created 2016-02-20 10:25 UTC

StaticConfig::getIpRange() A

↳ Parent: StaticConfig

Complexity

Conditions	1
Paths	1

Size

Total Lines	4
Code Lines	2

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	4
rs	10
cc	1
eloc	2
nc	1
nop	0

<?php
/**
 * Copyright 2015 François Kooman <[email protected]>.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
namespace fkooman\VPN\Server;

use fkooman\Json\Json;
use RuntimeException;

/**
 * Manage static configuration for configurations.
 * Features:
 * - disable a configuration based on CN
 * - set static IPv4/IPv6 address for a CN.
 */
class StaticConfig
{
    /** @var string */
    private $staticConfigDir;

    /** @var IP */
    private $ipRange;

    /** @var IP */
    private $poolRange;

    public function __construct($staticConfigDir, IP $ipRange, IP $poolRange)
    {
        $this->staticConfigDir = $staticConfigDir;
        $this->ipRange = $ipRange;
        $this->poolRange = $poolRange;
    }

    public function getIpRange()
    {
        return $this->ipRange;
    }

    public function getPoolRange()
    {
        return $this->poolRange;
    }

    private function parseConfig($commonName)
    {
        $commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);
        // XXX do something if file does not exist
        try {
            return Json::decodeFile($commonNamePath);
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
        } catch (RuntimeException $e) {
            return [];
        }
    }

    public function disableCommonName($commonName)

    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);
        if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
            // already disabled
            return false;
        }

        $clientConfig['disable'] = true;
        $this->writeFile($commonName, $clientConfig);

        return true;
    }

    public function enableCommonName($commonName)

    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);
        if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
            // it is disabled, enable it
            $clientConfig['disable'] = false;
            $this->writeFile($commonName, $clientConfig);

            return true;
        }

        // it is not disabled
        return false;
    }

    public function isDisabled($commonName)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);

        return array_key_exists('disable', $clientConfig) && $clientConfig['disable'];
    }

    public function getDisabledCommonNames($userId = null)
    {
        if (!is_null($userId)) {
            Utils::validateUserId($userId);
        }

        $disabledCommonNames = array();
        $pathFilter = sprintf('%s/*', $this->staticConfigDir);
        if (!is_null($userId)) {
            $pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
        }

        foreach (glob($pathFilter) as $commonNamePath) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            $commonName = basename($commonNamePath);

            if ($this->isDisabled($commonName)) {
                $disabledCommonNames[] = $commonName;
            }
        }

        return $disabledCommonNames;
    }

    public function getStaticAddresses($userId = null)
    {
        if (!is_null($userId)) {
            Utils::validateUserId($userId);
        }

        $staticAddresses = array();
        $pathFilter = sprintf('%s/*', $this->staticConfigDir);
        if (!is_null($userId)) {
            $pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
        }

        foreach (glob($pathFilter) as $commonNamePath) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            $commonName = basename($commonNamePath);
            $ip = $this->getStaticAddress($commonName);
            if (!is_null($ip['v4'])) {
                $staticAddresses[$commonName] = $ip;
            }
        }

        return $staticAddresses;
    }

    public function getStaticAddress($commonName)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseConfig($commonName);

        $v4 = null;
        if (array_key_exists('v4', $clientConfig)) {
            $v4 = $clientConfig['v4'];
        }

        return array(
            'v4' => $v4,
        );
    }

    public function setStaticAddresses($commonName, $v4)
    {
        Utils::validateCommonName($commonName);
        if (!is_null($v4)) {
            Utils::validateAddress($v4);

            // IP MUST be in ipRange
            if (!$this->ipRange->inRange($v4)) {
                throw new RuntimeException('IP is out of range');
            }

            // IP MUST NOT be in poolRange (including network and broadcast
            if ($this->poolRange->inRange($v4, true)) {
                throw new RuntimeException('IP cannot be in poolRange');
            }

            // cannot be server IP (we assume for now firstHost is server IP
            if ($v4 === $this->ipRange->getFirstHost()) {
                throw new RuntimeException('IP cannot be server IP');
            }

            // XXX make sure it is not already in use by another config, it is
            // okay if it is this config!
            $staticAddresses = $this->getStaticAddresses();
            foreach ($staticAddresses as $cn => $c) {
                if ($c['v4'] === $v4) {
                    if ($commonName === $cn) {
                        // the commonName is allowed to have the same address,
                        // i.e. when setting the same IPv4 address that was 
                        // already assigned to that CN
                        continue;
                    }

                    throw new RuntimeException(sprintf('IP address already in use by "%s"', $cn));
                }
            }
        }   
        $clientConfig = $this->parseConfig($commonName);
        $clientConfig['v4'] = $v4;
        $this->writeFile($commonName, $clientConfig);

        return true;
    }

    private function writeFile($commonName, array $clientConfig)
    {
        $commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);

        if (false === @file_put_contents($commonNamePath, Json::encode($clientConfig))) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            throw new RuntimeException('unable to write to static configuration file');
        }
    }
}


GitHub Access Token became invalid

Push — master ( 190821...979295 )

StaticConfig::getIpRange() A

Complexity

Size

Duplication

Importance

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

1		<?php
2		/**
3		* Copyright 2015 François Kooman <[email protected]>.
4		*
5		* Licensed under the Apache License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		namespace fkooman\VPN\Server;
18
19		use fkooman\Json\Json;
20		use RuntimeException;
21
22		/**
23		* Manage static configuration for configurations.
24		* Features:
25		* - disable a configuration based on CN
26		* - set static IPv4/IPv6 address for a CN.
27		*/
28		class StaticConfig
29		{
30		/** @var string */
31		private $staticConfigDir;
32
33		/** @var IP */
34		private $ipRange;
35
36		/** @var IP */
37		private $poolRange;
38
39		public function __construct($staticConfigDir, IP $ipRange, IP $poolRange)
40		{
41		$this->staticConfigDir = $staticConfigDir;
42		$this->ipRange = $ipRange;
43		$this->poolRange = $poolRange;
44		}
45
46		public function getIpRange()
47		{
48		return $this->ipRange;
49		}
50
51		public function getPoolRange()
52		{
53		return $this->poolRange;
54		}
55
56		private function parseConfig($commonName)
57		{
58		$commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);
59		// XXX do something if file does not exist
60		try {
61		return Json::decodeFile($commonNamePath);
		0 ignored issues – show Security File Exposure introduced 2016-02-17 15:35 UTC by Report Bug Copy Issue Report `$commonNamePath` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
62		} catch (RuntimeException $e) {
63		return [];
64		}
65		}
66
67	View Code Duplication	public function disableCommonName($commonName)
		0 ignored issues – show Duplication introduced 2016-02-17 15:35 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
68		{
69		Utils::validateCommonName($commonName);
70
71		$clientConfig = $this->parseConfig($commonName);
72		if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
73		// already disabled
74		return false;
75		}
76
77		$clientConfig['disable'] = true;
78		$this->writeFile($commonName, $clientConfig);
79
80		return true;
81		}
82
83	View Code Duplication	public function enableCommonName($commonName)
		0 ignored issues – show Duplication introduced 2016-02-17 15:35 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
84		{
85		Utils::validateCommonName($commonName);
86
87		$clientConfig = $this->parseConfig($commonName);
88		if (array_key_exists('disable', $clientConfig) && $clientConfig['disable']) {
89		// it is disabled, enable it
90		$clientConfig['disable'] = false;
91		$this->writeFile($commonName, $clientConfig);
92
93		return true;
94		}
95
96		// it is not disabled
97		return false;
98		}
99
100		public function isDisabled($commonName)
101		{
102		Utils::validateCommonName($commonName);
103
104		$clientConfig = $this->parseConfig($commonName);
105
106		return array_key_exists('disable', $clientConfig) && $clientConfig['disable'];
107		}
108
109		public function getDisabledCommonNames($userId = null)
110		{
111		if (!is_null($userId)) {
112		Utils::validateUserId($userId);
113		}
114
115		$disabledCommonNames = array();
116		$pathFilter = sprintf('%s/*', $this->staticConfigDir);
117		if (!is_null($userId)) {
118		$pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
119		}
120
121		foreach (glob($pathFilter) as $commonNamePath) {
		0 ignored issues – show Security File Exposure introduced 2016-02-17 15:35 UTC by Report Bug Copy Issue Report `$pathFilter` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
122		$commonName = basename($commonNamePath);
123
124		if ($this->isDisabled($commonName)) {
125		$disabledCommonNames[] = $commonName;
126		}
127		}
128
129		return $disabledCommonNames;
130		}
131
132		public function getStaticAddresses($userId = null)
133		{
134		if (!is_null($userId)) {
135		Utils::validateUserId($userId);
136		}
137
138		$staticAddresses = array();
139		$pathFilter = sprintf('%s/*', $this->staticConfigDir);
140		if (!is_null($userId)) {
141		$pathFilter = sprintf('%s/%s_*', $this->staticConfigDir, $userId);
142		}
143
144		foreach (glob($pathFilter) as $commonNamePath) {
		0 ignored issues – show Security File Exposure introduced 2016-02-17 22:09 UTC by Report Bug Copy Issue Report `$pathFilter` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
145		$commonName = basename($commonNamePath);
146		$ip = $this->getStaticAddress($commonName);
147		if (!is_null($ip['v4'])) {
148		$staticAddresses[$commonName] = $ip;
149		}
150		}
151
152		return $staticAddresses;
153		}
154
155		public function getStaticAddress($commonName)
156		{
157		Utils::validateCommonName($commonName);
158
159		$clientConfig = $this->parseConfig($commonName);
160
161		$v4 = null;
162		if (array_key_exists('v4', $clientConfig)) {
163		$v4 = $clientConfig['v4'];
164		}
165
166		return array(
167		'v4' => $v4,
168		);
169		}
170
171		public function setStaticAddresses($commonName, $v4)
172		{
173		Utils::validateCommonName($commonName);
174		if (!is_null($v4)) {
175		Utils::validateAddress($v4);
176
177		// IP MUST be in ipRange
178		if (!$this->ipRange->inRange($v4)) {
179		throw new RuntimeException('IP is out of range');
180		}
181
182		// IP MUST NOT be in poolRange (including network and broadcast
183		if ($this->poolRange->inRange($v4, true)) {
184		throw new RuntimeException('IP cannot be in poolRange');
185		}
186
187		// cannot be server IP (we assume for now firstHost is server IP
188		if ($v4 === $this->ipRange->getFirstHost()) {
189		throw new RuntimeException('IP cannot be server IP');
190		}
191
192		// XXX make sure it is not already in use by another config, it is
193		// okay if it is this config!
194		$staticAddresses = $this->getStaticAddresses();
195		foreach ($staticAddresses as $cn => $c) {
196		if ($c['v4'] === $v4) {
197		if ($commonName === $cn) {
198		// the commonName is allowed to have the same address,
199		// i.e. when setting the same IPv4 address that was
200		// already assigned to that CN
201		continue;
202		}
203
204		throw new RuntimeException(sprintf('IP address already in use by "%s"', $cn));
205		}
206		}
207		}
208		$clientConfig = $this->parseConfig($commonName);
209		$clientConfig['v4'] = $v4;
210		$this->writeFile($commonName, $clientConfig);
211
212		return true;
213		}
214
215		private function writeFile($commonName, array $clientConfig)
216		{
217		$commonNamePath = sprintf('%s/%s', $this->staticConfigDir, $commonName);
218
219		if (false === @file_put_contents($commonNamePath, Json::encode($clientConfig))) {
		0 ignored issues – show Security File Manipulation introduced 2016-02-17 15:35 UTC by Report Bug Copy Issue Report `$commonNamePath` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
220		throw new RuntimeException('unable to write to static configuration file');
221		}
222		}
223		}
224

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( 190821...979295 )

StaticConfig::getIpRange() A

Complexity

Size

Duplication

Importance

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like