This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | /** |
||
3 | * Gallery |
||
4 | * |
||
5 | * This file is licensed under the Affero General Public License version 3 or |
||
6 | * later. See the COPYING file. |
||
7 | * |
||
8 | * @author Olivier Paroz <[email protected]> |
||
9 | * |
||
10 | * @copyright Olivier Paroz 2014-2016 |
||
11 | */ |
||
12 | |||
13 | namespace OCA\Gallery\Service; |
||
14 | |||
15 | use OCP\Files\File; |
||
16 | use OCP\Files\Folder; |
||
17 | use OCP\Files\Node; |
||
18 | use OCP\Files\StorageNotAvailableException; |
||
19 | |||
20 | /** |
||
21 | * Contains various methods to retrieve information from the filesystem |
||
22 | * |
||
23 | * @package OCA\Gallery\Service |
||
24 | */ |
||
25 | abstract class FilesService extends Service { |
||
26 | |||
27 | /** @var int */ |
||
28 | protected $virtualRootLevel = null; |
||
29 | /** @var string[] */ |
||
30 | protected $features; |
||
31 | /** @var string */ |
||
32 | protected $ignoreAlbum = '.nomedia'; |
||
33 | |||
34 | /** |
||
35 | * Retrieves all files and sub-folders contained in a folder |
||
36 | * |
||
37 | * If we can't find anything in the current folder, we throw an exception as there is no point |
||
38 | * in doing any more work, but if we're looking at a sub-folder, we return an empty array so |
||
39 | * that it can be simply ignored |
||
40 | * |
||
41 | * @param Folder $folder |
||
42 | * @param int $subDepth |
||
43 | * |
||
44 | * @return array |
||
45 | */ |
||
46 | protected function getNodes($folder, $subDepth) { |
||
47 | try { |
||
48 | $nodes = $folder->getDirectoryListing(); |
||
49 | } catch (\Exception $exception) { |
||
50 | $nodes = $this->recoverFromGetNodesError($subDepth, $exception); |
||
51 | } |
||
52 | |||
53 | return $nodes; |
||
54 | } |
||
55 | |||
56 | /** |
||
57 | * Determines if the files are hosted locally (shared or not) and can be used by the preview |
||
58 | * system |
||
59 | * |
||
60 | * isMounted() doesn't include externally hosted shares, so we need to exclude those from the |
||
61 | * non-mounted nodes |
||
62 | * |
||
63 | * @param Node $node |
||
64 | * |
||
65 | * @return bool |
||
66 | */ |
||
67 | protected function isAllowedAndAvailable($node) { |
||
68 | try { |
||
69 | return $node && $this->isAllowed($node) && $this->isAvailable($node); |
||
70 | } catch (\Exception $exception) { |
||
71 | $message = 'The folder is not available: ' . $exception->getMessage(); |
||
72 | $this->logger->error($message); |
||
73 | |||
74 | return false; |
||
75 | } |
||
76 | } |
||
77 | |||
78 | /** |
||
79 | * Returns the node type, either 'dir' or 'file' |
||
80 | * |
||
81 | * If there is a problem, we return an empty string so that the node can be ignored |
||
82 | * |
||
83 | * @param Node $node |
||
84 | * |
||
85 | * @return string |
||
86 | */ |
||
87 | protected function getNodeType($node) { |
||
88 | try { |
||
89 | $nodeType = $node->getType(); |
||
90 | } catch (\Exception $exception) { |
||
91 | return ''; |
||
92 | } |
||
93 | |||
94 | return $nodeType; |
||
95 | } |
||
96 | |||
97 | /** |
||
98 | * Returns various information about a node |
||
99 | * |
||
100 | * @param Node|File|Folder $node |
||
101 | * |
||
102 | * @return array<string,int|string|bool|array<string,int|string>> |
||
103 | */ |
||
104 | protected function getNodeData($node) { |
||
105 | $imagePath = $this->environment->getPathFromVirtualRoot($node); |
||
106 | $nodeId = $node->getId(); |
||
107 | $mTime = $node->getMTime(); |
||
108 | $etag = $node->getEtag(); |
||
109 | $size = $node->getSize(); |
||
110 | $sharedWithUser = $node->isShared(); |
||
111 | $ownerData = $this->getOwnerData($node); |
||
112 | $permissions = $node->getPermissions(); |
||
113 | |||
114 | //$this->logger->debug("Image path : {var1}", ['var1' => $imagePath]); |
||
115 | |||
116 | return $this->formatNodeData( |
||
117 | $imagePath, $nodeId, $mTime, $etag, $size, $sharedWithUser, $ownerData, $permissions |
||
118 | ); |
||
119 | } |
||
120 | |||
121 | /** |
||
122 | * Returns various information about a folder |
||
123 | * |
||
124 | * @param Folder $node |
||
125 | * |
||
126 | * @return array<string,int|string|bool|array<string,int|string>> |
||
127 | */ |
||
128 | protected function getFolderData($node) { |
||
129 | $folderData = $this->getNodeData($node); |
||
130 | $folderData['freespace'] = $node->getFreeSpace(); |
||
131 | |||
132 | return $folderData; |
||
133 | } |
||
134 | |||
135 | /** |
||
136 | * Returns the node if it's a folder we have access to |
||
137 | * |
||
138 | * @param Folder $node |
||
139 | * @param string $nodeType |
||
140 | * |
||
141 | * @return array|Folder |
||
142 | */ |
||
143 | protected function getAllowedSubFolder($node, $nodeType) { |
||
144 | if ($nodeType === 'dir') { |
||
145 | /** @var Folder $node */ |
||
146 | try { |
||
147 | if (!$node->nodeExists($this->ignoreAlbum)) { |
||
148 | return [$node]; |
||
149 | } |
||
150 | } catch (StorageNotAvailableException $e) { |
||
0 ignored issues
–
show
|
|||
151 | return []; |
||
152 | } |
||
153 | } |
||
154 | |||
155 | return []; |
||
156 | } |
||
157 | |||
158 | /** |
||
159 | * Determines if we've reached the root folder |
||
160 | * |
||
161 | * @param Folder $folder |
||
162 | * @param int $level |
||
163 | * |
||
164 | * @return bool |
||
165 | */ |
||
166 | protected function isRootFolder($folder, $level) { |
||
167 | $isRootFolder = false; |
||
168 | $rootFolder = $this->environment->getVirtualRootFolder(); |
||
169 | if ($folder->getPath() === $rootFolder->getPath()) { |
||
170 | $isRootFolder = true; |
||
171 | } |
||
172 | $virtualRootFolder = $this->environment->getPathFromVirtualRoot($folder); |
||
173 | if (empty($virtualRootFolder)) { |
||
174 | $this->virtualRootLevel = $level; |
||
175 | } |
||
176 | |||
177 | return $isRootFolder; |
||
178 | } |
||
179 | |||
180 | /** |
||
181 | * Throws an exception if this problem occurs in the current folder, otherwise just ignores the |
||
182 | * sub-folder |
||
183 | * |
||
184 | * @param int $subDepth |
||
185 | * @param \Exception $exception |
||
186 | * |
||
187 | * @return array |
||
188 | * @throws NotFoundServiceException |
||
189 | */ |
||
190 | private function recoverFromGetNodesError($subDepth, $exception) { |
||
191 | if ($subDepth === 0) { |
||
192 | throw new NotFoundServiceException($exception->getMessage()); |
||
193 | } |
||
194 | |||
195 | return []; |
||
196 | } |
||
197 | |||
198 | /** |
||
199 | * Determines if we can consider the node mounted locally or if it's been authorised to be |
||
200 | * scanned |
||
201 | * |
||
202 | * @param Node $node |
||
203 | * |
||
204 | * @return bool |
||
205 | */ |
||
206 | private function isAllowed($node) { |
||
207 | $allowed = true; |
||
208 | if ($this->isExternalShare($node)) { |
||
209 | $allowed = $this->isExternalShareAllowed(); |
||
210 | } |
||
211 | |||
212 | if ($node->isMounted()) { |
||
213 | $mount = $node->getMountPoint(); |
||
214 | $allowed = $mount && $mount->getOption('previews', true); |
||
215 | } |
||
216 | |||
217 | return $allowed; |
||
218 | } |
||
219 | |||
220 | /** |
||
221 | * Determines if the node is available, as in readable |
||
222 | * |
||
223 | * @todo Test to see by how much using file_exists slows things down |
||
224 | * |
||
225 | * @param Node $node |
||
226 | * |
||
227 | * @return bool |
||
228 | */ |
||
229 | private function isAvailable($node) { |
||
230 | return $node->isReadable(); |
||
231 | } |
||
232 | |||
233 | /** |
||
234 | * Determines if the user has allowed the use of external shares |
||
235 | * |
||
236 | * @return bool |
||
237 | */ |
||
238 | private function isExternalShareAllowed() { |
||
239 | $rootFolder = $this->environment->getVirtualRootFolder(); |
||
240 | |||
241 | return ($this->isExternalShare($rootFolder) |
||
0 ignored issues
–
show
It seems like
$rootFolder defined by $this->environment->getVirtualRootFolder() on line 239 can also be of type null ; however, OCA\Gallery\Service\File...vice::isExternalShare() does only seem to accept object<OCP\Files\Node> , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. ![]() |
|||
242 | || \in_array('external_shares', $this->features)); |
||
243 | } |
||
244 | |||
245 | /** |
||
246 | * Determines if the node is a share which is hosted externally |
||
247 | * |
||
248 | * |
||
249 | * @param Node $node |
||
250 | * |
||
251 | * @return bool |
||
252 | */ |
||
253 | private function isExternalShare($node) { |
||
254 | $sid = \explode( |
||
255 | ':', |
||
256 | $node->getStorage() |
||
257 | ->getId() |
||
258 | ); |
||
259 | |||
260 | return ($sid[0] === 'shared' && $sid[2][0] !== '/'); |
||
261 | } |
||
262 | |||
263 | /** |
||
264 | * Returns what we known about the owner of a node |
||
265 | * |
||
266 | * @param Node $node |
||
267 | * |
||
268 | * @return null|array<string,int|string> |
||
0 ignored issues
–
show
Should the return type not be
array ? Also, consider making the array more specific, something like array<String> , or String[] .
This check compares the return type specified in the If the return type contains the type array, this check recommends the use of
a more specific type like ![]() |
|||
269 | */ |
||
270 | private function getOwnerData($node) { |
||
271 | $owner = $node->getOwner(); |
||
272 | $ownerData = []; |
||
273 | if ($owner) { |
||
274 | $ownerData = [ |
||
275 | 'uid' => $owner->getUID(), |
||
276 | 'displayname' => $owner->getDisplayName() |
||
277 | ]; |
||
278 | } |
||
279 | |||
280 | return $ownerData; |
||
281 | } |
||
282 | |||
283 | /** |
||
284 | * Returns an array containing information about a node |
||
285 | * |
||
286 | * @param string $imagePath |
||
287 | * @param int $nodeId |
||
288 | * @param int $mTime |
||
289 | * @param string $etag |
||
290 | * @param int $size |
||
291 | * @param bool $sharedWithUser |
||
292 | * @param array <string,int|string> $ownerData |
||
293 | * @param int $permissions |
||
294 | * |
||
295 | * @return array |
||
296 | */ |
||
297 | private function formatNodeData( |
||
298 | $imagePath, $nodeId, $mTime, $etag, $size, $sharedWithUser, $ownerData, $permissions |
||
299 | ) { |
||
300 | return [ |
||
301 | 'path' => $imagePath, |
||
302 | 'nodeid' => $nodeId, |
||
303 | 'mtime' => $mTime, |
||
304 | 'etag' => $etag, |
||
305 | 'size' => $size, |
||
306 | 'sharedwithuser' => $sharedWithUser, |
||
307 | 'owner' => $ownerData, |
||
308 | 'permissions' => $permissions |
||
309 | ]; |
||
310 | } |
||
311 | } |
||
312 |
Scrutinizer analyzes your
composer.json
/composer.lock
file if available to determine the classes, and functions that are defined by your dependencies.It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis.