CcdHandler::getStaticIpAddress() - Code Metrics - Inspection of "preliminary static IP support" - eduVPN/vpn-server-api - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 05b6dd...428430 )

by François

created 2016-02-11 13:20 UTC

CcdHandler::getStaticIpAddress() A

↳ Parent: CcdHandler::getStaticAddresses()

Complexity

Conditions	1
Paths	1

Size

Total Lines	3
Code Lines	1

Duplication

Lines	0
Ratio	0 %

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
c	1
b	0
f	0
dl	0
loc	3
rs	10
cc	1
eloc	1
nc	1
nop	1

<?php
/**
 * Copyright 2015 François Kooman <[email protected]>.
 *
 * Licensed under the Apache License, Version 2.0 (the "License");
 * you may not use this file except in compliance with the License.
 * You may obtain a copy of the License at
 *
 * http://www.apache.org/licenses/LICENSE-2.0
 *
 * Unless required by applicable law or agreed to in writing, software
 * distributed under the License is distributed on an "AS IS" BASIS,
 * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
 * See the License for the specific language governing permissions and
 * limitations under the License.
 */
namespace fkooman\VPN\Server;

use RuntimeException;

/**
 * Manage the Client Configuration Directory (CCD) used by the OpenVPN 
 * instances running on this machine. It can be used to set client specific
 * configurations based on the CN.
 */
class CcdHandler
{
    /** @var string */
    private $ccdPath;

    public function __construct($ccdPath)
    {
        $this->ccdPath = $ccdPath;
    }

    private function parseCcd($commonName)
    {
        $commonNamePath = sprintf('%s/%s', $this->ccdPath, $commonName);
        $clientConfig = array();

        $handle = @fopen($commonNamePath, 'r');
        if ($handle) {
            while (false !== $line = fgets($handle, 128)) {
                $clientConfig[] = trim($line);
            }
            fclose($handle);
        }

        return $clientConfig;
    }

    public function disableCommonName($commonName)

    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseCcd($commonName);
        foreach ($clientConfig as $k => $v) {
            if ('disable' === $v) {
                // already disabled
                return false;
            }
        }

        // not yet disabled
        $clientConfig[] = 'disable';

        $this->writeFile($commonName, $clientConfig);

        return true;
    }

    public function enableCommonName($commonName)

    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseCcd($commonName);
        foreach ($clientConfig as $k => $v) {
            if ('disable' === $v) {
                // it is disabled
                unset($clientConfig[$k]);
                $this->writeFile($commonName, $clientConfig);

                return true;
            }
        }

        // not disabled
        return false;
    }

    public function isDisabled($commonName)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseCcd($commonName);
        foreach ($clientConfig as $k => $v) {
            if ('disable' === $v) {
                // disabled
                return true;
            }
        }

        // not disabled
        return false;
    }

    public function getDisabledCommonNames($userId = null)
    {
        if (!is_null($userId)) {
            Utils::validateUserId($userId);
        }

        $disabledCommonNames = array();
        $pathFilter = sprintf('%s/*', $this->ccdPath);
        if (!is_null($userId)) {
            $pathFilter = sprintf('%s/%s_*', $this->ccdPath, $userId);
        }

        foreach (glob($pathFilter) as $commonNamePath) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            $commonName = basename($commonNamePath);

            if ($this->isDisabled($commonName)) {
                $disabledCommonNames[] = $commonName;
            }
        }

        return $disabledCommonNames;
    }

    public function getStaticAddresses($commonName)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseCcd($commonName);

        #--ifconfig-push local remote-netmask [alias] 
        #--ifconfig-ipv6-push ipv6addr/bits ipv6remote 
        $v4 = null;
        $v6 = null;

        foreach ($clientConfig as $k => $v) {
            if (0 === strpos($v, 'ifconfig-push')) {
                $v4 = trim(substr($v, 14));
            }
            if (0 === strpos($v, 'ifconfig-ipv6-push')) {
                $v6 = trim(substr($v, 19));
            }
        }

        return array(
            'v4' => $v4,
            'v6' => $v6,
        );
    }

    public function setStaticAddresses($commonName, $v4, $v6)
    {
        Utils::validateCommonName($commonName);

        $clientConfig = $this->parseCcd($commonName);
        $v4Pos = null;
        $v6Pos = null;

        foreach ($clientConfig as $k => $v) {
            if (0 === strpos($v, 'ifconfig-push')) {
                $v4Pos = $k;
            }
            if (0 === strpos($v, 'ifconfig-ipv6-push')) {
                $v6Pos = $k;
            }
        }

        // XXX clean up the stuff below...
        if (!is_null($v4Pos)) {

            if (!is_null($v4)) {
                $clientConfig[$v4Pos] = sprintf('ifconfig-push %s', $v4);
            } else {
                unset($clientConfig[$v4Pos]);
            }
        } else {
            if (!is_null($v4)) {
                $clientConfig[] = sprintf('ifconfig-push %s', $v4);
            }
        }

        if (!is_null($v6Pos)) {

            if (!is_null($v6)) {
                $clientConfig[$v6Pos] = sprintf('ifconfig-ipv6-push %s', $v6);
            } else {
                unset($clientConfig[$v6Pos]);
            }
        } else {
            if (!is_null($v6)) {
                $clientConfig[] = sprintf('ifconfig-ipv6-push %s', $v6);
            }
        }

        $this->writeFile($commonName, $clientConfig);
    }

    private function writeFile($commonName, array $clientConfig)
    {
        $commonNamePath = sprintf('%s/%s', $this->ccdPath, $commonName);

        if (false === @file_put_contents($commonNamePath, implode(PHP_EOL, $clientConfig).PHP_EOL)) {
if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) {
    throw new \InvalidArgumentException('This input is not allowed.');
}
            throw new RuntimeException('unable to write to CCD file');
        }
    }
}


GitHub Access Token became invalid

Push — master ( 05b6dd...428430 )

CcdHandler::getStaticIpAddress() A

Complexity

Size

Duplication

Importance

General Strategies to prevent injection

General Strategies to prevent injection

1		<?php
2		/**
3		* Copyright 2015 François Kooman <[email protected]>.
4		*
5		* Licensed under the Apache License, Version 2.0 (the "License");
6		* you may not use this file except in compliance with the License.
7		* You may obtain a copy of the License at
8		*
9		* http://www.apache.org/licenses/LICENSE-2.0
10		*
11		* Unless required by applicable law or agreed to in writing, software
12		* distributed under the License is distributed on an "AS IS" BASIS,
13		* WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14		* See the License for the specific language governing permissions and
15		* limitations under the License.
16		*/
17		namespace fkooman\VPN\Server;
18
19		use RuntimeException;
20
21		/**
22		* Manage the Client Configuration Directory (CCD) used by the OpenVPN
23		* instances running on this machine. It can be used to set client specific
24		* configurations based on the CN.
25		*/
26		class CcdHandler
27		{
28		/** @var string */
29		private $ccdPath;
30
31		public function __construct($ccdPath)
32		{
33		$this->ccdPath = $ccdPath;
34		}
35
36		private function parseCcd($commonName)
37		{
38		$commonNamePath = sprintf('%s/%s', $this->ccdPath, $commonName);
39		$clientConfig = array();
40
41		$handle = @fopen($commonNamePath, 'r');
42		if ($handle) {
43		while (false !== $line = fgets($handle, 128)) {
44		$clientConfig[] = trim($line);
45		}
46		fclose($handle);
47		}
48
49		return $clientConfig;
50		}
51
52	View Code Duplication	public function disableCommonName($commonName)
		0 ignored issues – show Duplication introduced 2016-02-11 12:27 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
53		{
54		Utils::validateCommonName($commonName);
55
56		$clientConfig = $this->parseCcd($commonName);
57		foreach ($clientConfig as $k => $v) {
58		if ('disable' === $v) {
59		// already disabled
60		return false;
61		}
62		}
63
64		// not yet disabled
65		$clientConfig[] = 'disable';
66
67		$this->writeFile($commonName, $clientConfig);
68
69		return true;
70		}
71
72	View Code Duplication	public function enableCommonName($commonName)
		0 ignored issues – show Duplication introduced 2016-02-11 12:27 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
73		{
74		Utils::validateCommonName($commonName);
75
76		$clientConfig = $this->parseCcd($commonName);
77		foreach ($clientConfig as $k => $v) {
78		if ('disable' === $v) {
79		// it is disabled
80		unset($clientConfig[$k]);
81		$this->writeFile($commonName, $clientConfig);
82
83		return true;
84		}
85		}
86
87		// not disabled
88		return false;
89		}
90
91		public function isDisabled($commonName)
92		{
93		Utils::validateCommonName($commonName);
94
95		$clientConfig = $this->parseCcd($commonName);
96		foreach ($clientConfig as $k => $v) {
97		if ('disable' === $v) {
98		// disabled
99		return true;
100		}
101		}
102
103		// not disabled
104		return false;
105		}
106
107		public function getDisabledCommonNames($userId = null)
108		{
109		if (!is_null($userId)) {
110		Utils::validateUserId($userId);
111		}
112
113		$disabledCommonNames = array();
114		$pathFilter = sprintf('%s/*', $this->ccdPath);
115		if (!is_null($userId)) {
116		$pathFilter = sprintf('%s/%s_*', $this->ccdPath, $userId);
117		}
118
119		foreach (glob($pathFilter) as $commonNamePath) {
		0 ignored issues – show Security File Exposure introduced 2016-01-05 12:40 UTC by Report Bug Copy Issue Report `$pathFilter` can contain request data and is used in file inclusion context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
120		$commonName = basename($commonNamePath);
121
122		if ($this->isDisabled($commonName)) {
123		$disabledCommonNames[] = $commonName;
124		}
125		}
126
127		return $disabledCommonNames;
128		}
129
130		public function getStaticAddresses($commonName)
131		{
132		Utils::validateCommonName($commonName);
133
134		$clientConfig = $this->parseCcd($commonName);
135
136		#--ifconfig-push local remote-netmask [alias]
137		#--ifconfig-ipv6-push ipv6addr/bits ipv6remote
138		$v4 = null;
139		$v6 = null;
140
141		foreach ($clientConfig as $k => $v) {
142		if (0 === strpos($v, 'ifconfig-push')) {
143		$v4 = trim(substr($v, 14));
144		}
145		if (0 === strpos($v, 'ifconfig-ipv6-push')) {
146		$v6 = trim(substr($v, 19));
147		}
148		}
149
150		return array(
151		'v4' => $v4,
152		'v6' => $v6,
153		);
154		}
155
156		public function setStaticAddresses($commonName, $v4, $v6)
157		{
158		Utils::validateCommonName($commonName);
159
160		$clientConfig = $this->parseCcd($commonName);
161		$v4Pos = null;
162		$v6Pos = null;
163
164		foreach ($clientConfig as $k => $v) {
165		if (0 === strpos($v, 'ifconfig-push')) {
166		$v4Pos = $k;
167		}
168		if (0 === strpos($v, 'ifconfig-ipv6-push')) {
169		$v6Pos = $k;
170		}
171		}
172
173		// XXX clean up the stuff below...
174	View Code Duplication	if (!is_null($v4Pos)) {
		0 ignored issues – show Duplication introduced 2016-02-11 13:22 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
175		if (!is_null($v4)) {
176		$clientConfig[$v4Pos] = sprintf('ifconfig-push %s', $v4);
177		} else {
178		unset($clientConfig[$v4Pos]);
179		}
180		} else {
181		if (!is_null($v4)) {
182		$clientConfig[] = sprintf('ifconfig-push %s', $v4);
183		}
184		}
185
186	View Code Duplication	if (!is_null($v6Pos)) {
		0 ignored issues – show Duplication introduced 2016-02-11 13:22 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
187		if (!is_null($v6)) {
188		$clientConfig[$v6Pos] = sprintf('ifconfig-ipv6-push %s', $v6);
189		} else {
190		unset($clientConfig[$v6Pos]);
191		}
192		} else {
193		if (!is_null($v6)) {
194		$clientConfig[] = sprintf('ifconfig-ipv6-push %s', $v6);
195		}
196		}
197
198		$this->writeFile($commonName, $clientConfig);
199		}
200
201		private function writeFile($commonName, array $clientConfig)
202		{
203		$commonNamePath = sprintf('%s/%s', $this->ccdPath, $commonName);
204
205		if (false === @file_put_contents($commonNamePath, implode(PHP_EOL, $clientConfig).PHP_EOL)) {
		0 ignored issues – show Security File Manipulation introduced 2016-02-11 12:27 UTC by Report Bug Copy Issue Report `$commonNamePath` can contain request data and is used in file manipulation context(s) leading to a potential security vulnerability. General Strategies to prevent injection In general, it is advisable to prevent any user-data to reach this point. This can be done by white-listing certain values: if ( ! in_array($value, array('this-is-allowed', 'and-this-too'), true)) { throw new \InvalidArgumentException('This input is not allowed.'); } For numeric data, we recommend to explicitly cast the data: $sanitized = (integer) $tainted; Loading history...
206		throw new RuntimeException('unable to write to CCD file');
207		}
208		}
209		}
210

eduVPN / vpn-server-api

GitHub Access Token became invalid

Push — master ( 05b6dd...428430 )

CcdHandler::getStaticIpAddress() A

Complexity

Size

Duplication

Importance

General Strategies to prevent injection

General Strategies to prevent injection

Duplication Side-by-Side

Filter issues like