Issues in remote.php - All Issues - Inspection of "Merge pull request #2684 from nextcloud/add-tests-..." - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — stable10 ( 7732c4...9ed3f6 )

by Roeland

created 2016-12-15 09:54 UTC

remote.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Brice Maron <[email protected]>
 * @author Christopher Schäpers <[email protected]>
 * @author Joas Schilling <[email protected]>
 * @author Jörn Friedrich Dreyer <[email protected]>
 * @author Lukas Reschke <[email protected]>
 * @author Robin Appelman <[email protected]>
 * @author Robin McCorkell <[email protected]>
 * @author Thomas Müller <[email protected]>
 * @author Vincent Petry <[email protected]>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
use Sabre\DAV\Exception\ServiceUnavailable;
use Sabre\DAV\Server;

/**
 * Class RemoteException
 * Dummy exception class to be use locally to identify certain conditions
 * Will not be logged to avoid DoS
 */
class RemoteException extends Exception {
}

/**
 * @param Exception | Error $e
 */
function handleException($e) {
	$request = \OC::$server->getRequest();
	// in case the request content type is text/xml - we assume it's a WebDAV request
	$isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
	if ($isXmlContentType === 0) {
		// fire up a simple server to properly process the exception
		$server = new Server();
		if (!($e instanceof RemoteException)) {
			// we shall not log on RemoteException
			$server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->getLogger()));
		}
		$server->on('beforeMethod', function () use ($e) {
			if ($e instanceof RemoteException) {
				switch ($e->getCode()) {
					case OC_Response::STATUS_SERVICE_UNAVAILABLE:
						throw new ServiceUnavailable($e->getMessage());
					case OC_Response::STATUS_NOT_FOUND:
						throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
				}
			}
			$class = get_class($e);
			$msg = $e->getMessage();
			throw new ServiceUnavailable("$class: $msg");
		});
		$server->exec();
	} else {
		$statusCode = OC_Response::STATUS_INTERNAL_SERVER_ERROR;
		if ($e instanceof \OC\ServiceUnavailableException ) {
			$statusCode = OC_Response::STATUS_SERVICE_UNAVAILABLE;
		}
		if ($e instanceof RemoteException) {
			// we shall not log on RemoteException
			OC_Response::setStatus($e->getCode());
			OC_Template::printErrorPage($e->getMessage());
		} else {
			\OC::$server->getLogger()->logException($e, ['app' => 'remote']);
			OC_Response::setStatus($statusCode);
			OC_Template::printExceptionErrorPage($e);
		}
	}
}

/**
 * @param $service
 * @return string
 */
function resolveService($service) {
	$services = [
		'webdav' => 'dav/appinfo/v1/webdav.php',
		'dav' => 'dav/appinfo/v2/remote.php',
		'caldav' => 'dav/appinfo/v1/caldav.php',
		'calendar' => 'dav/appinfo/v1/caldav.php',
		'carddav' => 'dav/appinfo/v1/carddav.php',
		'contacts' => 'dav/appinfo/v1/carddav.php',
		'files' => 'dav/appinfo/v1/webdav.php',
	];
	if (isset($services[$service])) {
		return $services[$service];
	}

	return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
}

try {
	require_once __DIR__ . '/lib/base.php';

	// All resources served via the DAV endpoint should have the strictest possible
	// policy. Exempted from this is the SabreDAV browser plugin which overwrites
	// this policy with a softer one if debug mode is enabled.
	header("Content-Security-Policy: default-src 'none';");

	if (\OCP\Util::needUpgrade()) {
		// since the behavior of apps or remotes are unpredictable during
		// an upgrade, return a 503 directly
		throw new RemoteException('Service unavailable', OC_Response::STATUS_SERVICE_UNAVAILABLE);
	}

	$request = \OC::$server->getRequest();
	$pathInfo = $request->getPathInfo();
	if ($pathInfo === false || $pathInfo === '') {
		throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
	}
	if (!$pos = strpos($pathInfo, '/', 1)) {
		$pos = strlen($pathInfo);
	}
	$service=substr($pathInfo, 1, $pos-1);

	$file = resolveService($service);

	if(is_null($file)) {
		throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
	}

	// force language as given in the http request
	\OC::$server->getL10NFactory()->setLanguageFromRequest();

	$file=ltrim($file, '/');

	$parts=explode('/', $file, 2);
	$app=$parts[0];

	// Load all required applications
	\OC::$REQUESTEDAPP = $app;
	OC_App::loadApps(array('authentication'));
	OC_App::loadApps(array('filesystem', 'logging'));

	switch ($app) {
		case 'core':
			$file =  OC::$SERVERROOT .'/'. $file;
			break;
		default:
			if (!\OC::$server->getAppManager()->isInstalled($app)) {
				throw new RemoteException('App not installed: ' . $app);
			}
			OC_App::loadApp($app);
			$file = OC_App::getAppPath($app) .'/'. $parts[1];
			break;
	}
	$baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
	require_once $file;

} catch (Exception $ex) {
	handleException($ex);
} catch (Error $e) {

	handleException($e);
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2016, ownCloud, Inc.
4			*
5			* @author Brice Maron <[email protected]>
6			* @author Christopher Schäpers <[email protected]>
7			* @author Joas Schilling <[email protected]>
8			* @author Jörn Friedrich Dreyer <[email protected]>
9			* @author Lukas Reschke <[email protected]>
10			* @author Robin Appelman <[email protected]>
11			* @author Robin McCorkell <[email protected]>
12			* @author Thomas Müller <[email protected]>
13			* @author Vincent Petry <[email protected]>
14			*
15			* @license AGPL-3.0
16			*
17			* This code is free software: you can redistribute it and/or modify
18			* it under the terms of the GNU Affero General Public License, version 3,
19			* as published by the Free Software Foundation.
20			*
21			* This program is distributed in the hope that it will be useful,
22			* but WITHOUT ANY WARRANTY; without even the implied warranty of
23			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24			* GNU Affero General Public License for more details.
25			*
26			* You should have received a copy of the GNU Affero General Public License, version 3,
27			* along with this program. If not, see <http://www.gnu.org/licenses/>
28			*
29			*/
30
31			use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
32			use Sabre\DAV\Exception\ServiceUnavailable;
33			use Sabre\DAV\Server;
34
35			/**
36			* Class RemoteException
37			* Dummy exception class to be use locally to identify certain conditions
38			* Will not be logged to avoid DoS
39			*/
40			class RemoteException extends Exception {
41			}
42
43			/**
44			* @param Exception \| Error $e
45			*/
46			function handleException($e) {
47			$request = \OC::$server->getRequest();
48			// in case the request content type is text/xml - we assume it's a WebDAV request
49			$isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
50			if ($isXmlContentType === 0) {
51			// fire up a simple server to properly process the exception
52			$server = new Server();
53			if (!($e instanceof RemoteException)) {
54			// we shall not log on RemoteException
55			$server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->getLogger()));
56			}
57			$server->on('beforeMethod', function () use ($e) {
58			if ($e instanceof RemoteException) {
59			switch ($e->getCode()) {
60			case OC_Response::STATUS_SERVICE_UNAVAILABLE:
61			throw new ServiceUnavailable($e->getMessage());
62			case OC_Response::STATUS_NOT_FOUND:
63			throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
64			}
65			}
66			$class = get_class($e);
67			$msg = $e->getMessage();
68			throw new ServiceUnavailable("$class: $msg");
69			});
70			$server->exec();
71			} else {
72			$statusCode = OC_Response::STATUS_INTERNAL_SERVER_ERROR;
73			if ($e instanceof \OC\ServiceUnavailableException ) {
74			$statusCode = OC_Response::STATUS_SERVICE_UNAVAILABLE;
75			}
76			if ($e instanceof RemoteException) {
77			// we shall not log on RemoteException
78			OC_Response::setStatus($e->getCode());
79			OC_Template::printErrorPage($e->getMessage());
80			} else {
81			\OC::$server->getLogger()->logException($e, ['app' => 'remote']);
82			OC_Response::setStatus($statusCode);
83			OC_Template::printExceptionErrorPage($e);
84			}
85			}
86			}
87
88			/**
89			* @param $service
90			* @return string
91			*/
92			function resolveService($service) {
93			$services = [
94			'webdav' => 'dav/appinfo/v1/webdav.php',
95			'dav' => 'dav/appinfo/v2/remote.php',
96			'caldav' => 'dav/appinfo/v1/caldav.php',
97			'calendar' => 'dav/appinfo/v1/caldav.php',
98			'carddav' => 'dav/appinfo/v1/carddav.php',
99			'contacts' => 'dav/appinfo/v1/carddav.php',
100			'files' => 'dav/appinfo/v1/webdav.php',
101			];
102			if (isset($services[$service])) {
103			return $services[$service];
104			}
105
106			return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
107			}
108
109			try {
110			require_once __DIR__ . '/lib/base.php';
111
112			// All resources served via the DAV endpoint should have the strictest possible
113			// policy. Exempted from this is the SabreDAV browser plugin which overwrites
114			// this policy with a softer one if debug mode is enabled.
115			header("Content-Security-Policy: default-src 'none';");
116
117			if (\OCP\Util::needUpgrade()) {
118			// since the behavior of apps or remotes are unpredictable during
119			// an upgrade, return a 503 directly
120			throw new RemoteException('Service unavailable', OC_Response::STATUS_SERVICE_UNAVAILABLE);
121			}
122
123			$request = \OC::$server->getRequest();
124			$pathInfo = $request->getPathInfo();
125			if ($pathInfo === false \|\| $pathInfo === '') {
126			throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
127			}
128			if (!$pos = strpos($pathInfo, '/', 1)) {
129			$pos = strlen($pathInfo);
130			}
131			$service=substr($pathInfo, 1, $pos-1);
132
133			$file = resolveService($service);
134
135			if(is_null($file)) {
136			throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
137			}
138
139			// force language as given in the http request
140			\OC::$server->getL10NFactory()->setLanguageFromRequest();
141
142			$file=ltrim($file, '/');
143
144			$parts=explode('/', $file, 2);
145			$app=$parts[0];
146
147			// Load all required applications
148			\OC::$REQUESTEDAPP = $app;
149			OC_App::loadApps(array('authentication'));
150			OC_App::loadApps(array('filesystem', 'logging'));
151
152			switch ($app) {
153			case 'core':
154			$file = OC::$SERVERROOT .'/'. $file;
155			break;
156			default:
157			if (!\OC::$server->getAppManager()->isInstalled($app)) {
158			throw new RemoteException('App not installed: ' . $app);
159			}
160			OC_App::loadApp($app);
161			$file = OC_App::getAppPath($app) .'/'. $parts[1];
162			break;
163			}
164			$baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
165			require_once $file;
166
167			} catch (Exception $ex) {
168			handleException($ex);
169			} catch (Error $e) {
			0 ignored issues – show Bug introduced 2016-06-09 12:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Error` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
170			handleException($e);
171			}
172

nextcloud / server

Push — stable10 ( 7732c4...9ed3f6 )

remote.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like