Issues in remote.php - All Issues - Inspection of "[tx-robot] updated from transifex" - nextcloud/server - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — stable13 ( ad102f...cfc711 )

unknown

created 2018-09-23 00:12 UTC

remote.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
 * @author Brice Maron <[email protected]>
 * @author Christopher Schäpers <[email protected]>
 * @author Joas Schilling <[email protected]>
 * @author Jörn Friedrich Dreyer <[email protected]>
 * @author Lukas Reschke <[email protected]>
 * @author Robin Appelman <[email protected]>
 * @author Robin McCorkell <[email protected]>
 * @author Thomas Müller <[email protected]>
 * @author Vincent Petry <[email protected]>
 *
 * @license AGPL-3.0
 *
 * This code is free software: you can redistribute it and/or modify
 * it under the terms of the GNU Affero General Public License, version 3,
 * as published by the Free Software Foundation.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
 * GNU Affero General Public License for more details.
 *
 * You should have received a copy of the GNU Affero General Public License, version 3,
 * along with this program.  If not, see <http://www.gnu.org/licenses/>
 *
 */

require_once __DIR__ . '/lib/versioncheck.php';

use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
use Sabre\DAV\Exception\ServiceUnavailable;
use Sabre\DAV\Server;

/**
 * Class RemoteException
 * Dummy exception class to be use locally to identify certain conditions
 * Will not be logged to avoid DoS
 */
class RemoteException extends Exception {
}

/**
 * @param Exception|Error $e
 */
function handleException($e) {
	$request = \OC::$server->getRequest();
	// in case the request content type is text/xml - we assume it's a WebDAV request
	$isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
	if ($isXmlContentType === 0) {
		// fire up a simple server to properly process the exception
		$server = new Server();
		if (!($e instanceof RemoteException)) {
			// we shall not log on RemoteException
			$server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->getLogger()));
		}
		$server->on('beforeMethod', function () use ($e) {
			if ($e instanceof RemoteException) {
				switch ($e->getCode()) {
					case OC_Response::STATUS_SERVICE_UNAVAILABLE:
						throw new ServiceUnavailable($e->getMessage());
					case OC_Response::STATUS_NOT_FOUND:
						throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
				}
			}
			$class = get_class($e);
			$msg = $e->getMessage();
			throw new ServiceUnavailable("$class: $msg");
		});
		$server->exec();
	} else {
		$statusCode = OC_Response::STATUS_INTERNAL_SERVER_ERROR;
		if ($e instanceof \OC\ServiceUnavailableException ) {
			$statusCode = OC_Response::STATUS_SERVICE_UNAVAILABLE;
		}
		if ($e instanceof RemoteException) {
			// we shall not log on RemoteException
			OC_Response::setStatus($e->getCode());
			OC_Template::printErrorPage($e->getMessage());
		} else {
			\OC::$server->getLogger()->logException($e, ['app' => 'remote']);
			OC_Response::setStatus($statusCode);
			OC_Template::printExceptionErrorPage($e);
		}
	}
}

/**
 * @param $service
 * @return string
 */
function resolveService($service) {
	$services = [
		'webdav' => 'dav/appinfo/v1/webdav.php',
		'dav' => 'dav/appinfo/v2/remote.php',
		'caldav' => 'dav/appinfo/v1/caldav.php',
		'calendar' => 'dav/appinfo/v1/caldav.php',
		'carddav' => 'dav/appinfo/v1/carddav.php',
		'contacts' => 'dav/appinfo/v1/carddav.php',
		'files' => 'dav/appinfo/v1/webdav.php',
	];
	if (isset($services[$service])) {
		return $services[$service];
	}

	return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
}

try {
	require_once __DIR__ . '/lib/base.php';

	// All resources served via the DAV endpoint should have the strictest possible
	// policy. Exempted from this is the SabreDAV browser plugin which overwrites
	// this policy with a softer one if debug mode is enabled.
	header("Content-Security-Policy: default-src 'none';");

	if (\OCP\Util::needUpgrade()) {
		// since the behavior of apps or remotes are unpredictable during
		// an upgrade, return a 503 directly
		throw new RemoteException('Service unavailable', OC_Response::STATUS_SERVICE_UNAVAILABLE);
	}

	$request = \OC::$server->getRequest();
	$pathInfo = $request->getPathInfo();
	if ($pathInfo === false || $pathInfo === '') {
		throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
	}
	if (!$pos = strpos($pathInfo, '/', 1)) {
		$pos = strlen($pathInfo);
	}
	$service=substr($pathInfo, 1, $pos-1);

	$file = resolveService($service);

	if(is_null($file)) {
		throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
	}

	$file=ltrim($file, '/');

	$parts=explode('/', $file, 2);
	$app=$parts[0];

	// Load all required applications
	\OC::$REQUESTEDAPP = $app;
	OC_App::loadApps(array('authentication'));
	OC_App::loadApps(array('filesystem', 'logging'));

	switch ($app) {
		case 'core':
			$file =  OC::$SERVERROOT .'/'. $file;
			break;
		default:
			if (!\OC::$server->getAppManager()->isInstalled($app)) {
				throw new RemoteException('App not installed: ' . $app);
			}
			OC_App::loadApp($app);
			$file = OC_App::getAppPath($app) .'/'. $parts[1];
			break;
	}
	$baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
	require_once $file;

} catch (Exception $ex) {
	handleException($ex);
} catch (Error $e) {

	handleException($e);
}


1			<?php
2			/**
3			* @copyright Copyright (c) 2016, ownCloud, Inc.
4			*
5			* @author Brice Maron <[email protected]>
6			* @author Christopher Schäpers <[email protected]>
7			* @author Joas Schilling <[email protected]>
8			* @author Jörn Friedrich Dreyer <[email protected]>
9			* @author Lukas Reschke <[email protected]>
10			* @author Robin Appelman <[email protected]>
11			* @author Robin McCorkell <[email protected]>
12			* @author Thomas Müller <[email protected]>
13			* @author Vincent Petry <[email protected]>
14			*
15			* @license AGPL-3.0
16			*
17			* This code is free software: you can redistribute it and/or modify
18			* it under the terms of the GNU Affero General Public License, version 3,
19			* as published by the Free Software Foundation.
20			*
21			* This program is distributed in the hope that it will be useful,
22			* but WITHOUT ANY WARRANTY; without even the implied warranty of
23			* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
24			* GNU Affero General Public License for more details.
25			*
26			* You should have received a copy of the GNU Affero General Public License, version 3,
27			* along with this program. If not, see <http://www.gnu.org/licenses/>
28			*
29			*/
30
31			require_once __DIR__ . '/lib/versioncheck.php';
32
33			use OCA\DAV\Connector\Sabre\ExceptionLoggerPlugin;
34			use Sabre\DAV\Exception\ServiceUnavailable;
35			use Sabre\DAV\Server;
36
37			/**
38			* Class RemoteException
39			* Dummy exception class to be use locally to identify certain conditions
40			* Will not be logged to avoid DoS
41			*/
42			class RemoteException extends Exception {
43			}
44
45			/**
46			* @param Exception\|Error $e
47			*/
48			function handleException($e) {
49			$request = \OC::$server->getRequest();
50			// in case the request content type is text/xml - we assume it's a WebDAV request
51			$isXmlContentType = strpos($request->getHeader('Content-Type'), 'text/xml');
52			if ($isXmlContentType === 0) {
53			// fire up a simple server to properly process the exception
54			$server = new Server();
55			if (!($e instanceof RemoteException)) {
56			// we shall not log on RemoteException
57			$server->addPlugin(new ExceptionLoggerPlugin('webdav', \OC::$server->getLogger()));
58			}
59			$server->on('beforeMethod', function () use ($e) {
60			if ($e instanceof RemoteException) {
61			switch ($e->getCode()) {
62			case OC_Response::STATUS_SERVICE_UNAVAILABLE:
63			throw new ServiceUnavailable($e->getMessage());
64			case OC_Response::STATUS_NOT_FOUND:
65			throw new \Sabre\DAV\Exception\NotFound($e->getMessage());
66			}
67			}
68			$class = get_class($e);
69			$msg = $e->getMessage();
70			throw new ServiceUnavailable("$class: $msg");
71			});
72			$server->exec();
73			} else {
74			$statusCode = OC_Response::STATUS_INTERNAL_SERVER_ERROR;
75			if ($e instanceof \OC\ServiceUnavailableException ) {
76			$statusCode = OC_Response::STATUS_SERVICE_UNAVAILABLE;
77			}
78			if ($e instanceof RemoteException) {
79			// we shall not log on RemoteException
80			OC_Response::setStatus($e->getCode());
81			OC_Template::printErrorPage($e->getMessage());
82			} else {
83			\OC::$server->getLogger()->logException($e, ['app' => 'remote']);
84			OC_Response::setStatus($statusCode);
85			OC_Template::printExceptionErrorPage($e);
86			}
87			}
88			}
89
90			/**
91			* @param $service
92			* @return string
93			*/
94			function resolveService($service) {
95			$services = [
96			'webdav' => 'dav/appinfo/v1/webdav.php',
97			'dav' => 'dav/appinfo/v2/remote.php',
98			'caldav' => 'dav/appinfo/v1/caldav.php',
99			'calendar' => 'dav/appinfo/v1/caldav.php',
100			'carddav' => 'dav/appinfo/v1/carddav.php',
101			'contacts' => 'dav/appinfo/v1/carddav.php',
102			'files' => 'dav/appinfo/v1/webdav.php',
103			];
104			if (isset($services[$service])) {
105			return $services[$service];
106			}
107
108			return \OC::$server->getConfig()->getAppValue('core', 'remote_' . $service);
109			}
110
111			try {
112			require_once __DIR__ . '/lib/base.php';
113
114			// All resources served via the DAV endpoint should have the strictest possible
115			// policy. Exempted from this is the SabreDAV browser plugin which overwrites
116			// this policy with a softer one if debug mode is enabled.
117			header("Content-Security-Policy: default-src 'none';");
118
119			if (\OCP\Util::needUpgrade()) {
120			// since the behavior of apps or remotes are unpredictable during
121			// an upgrade, return a 503 directly
122			throw new RemoteException('Service unavailable', OC_Response::STATUS_SERVICE_UNAVAILABLE);
123			}
124
125			$request = \OC::$server->getRequest();
126			$pathInfo = $request->getPathInfo();
127			if ($pathInfo === false \|\| $pathInfo === '') {
128			throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
129			}
130			if (!$pos = strpos($pathInfo, '/', 1)) {
131			$pos = strlen($pathInfo);
132			}
133			$service=substr($pathInfo, 1, $pos-1);
134
135			$file = resolveService($service);
136
137			if(is_null($file)) {
138			throw new RemoteException('Path not found', OC_Response::STATUS_NOT_FOUND);
139			}
140
141			$file=ltrim($file, '/');
142
143			$parts=explode('/', $file, 2);
144			$app=$parts[0];
145
146			// Load all required applications
147			\OC::$REQUESTEDAPP = $app;
148			OC_App::loadApps(array('authentication'));
149			OC_App::loadApps(array('filesystem', 'logging'));
150
151			switch ($app) {
152			case 'core':
153			$file = OC::$SERVERROOT .'/'. $file;
154			break;
155			default:
156			if (!\OC::$server->getAppManager()->isInstalled($app)) {
157			throw new RemoteException('App not installed: ' . $app);
158			}
159			OC_App::loadApp($app);
160			$file = OC_App::getAppPath($app) .'/'. $parts[1];
161			break;
162			}
163			$baseuri = OC::$WEBROOT . '/remote.php/'.$service.'/';
164			require_once $file;
165
166			} catch (Exception $ex) {
167			handleException($ex);
168			} catch (Error $e) {
			0 ignored issues – show Bug introduced 2016-06-09 12:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Error` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
169			handleException($e);
170			}
171

nextcloud / server

Push — stable13 ( ad102f...cfc711 )

remote.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like