This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Spatie\Ssh; |
||
4 | |||
5 | use Closure; |
||
6 | use Exception; |
||
7 | use Symfony\Component\Process\Process; |
||
8 | |||
9 | class Ssh |
||
10 | { |
||
11 | protected string $user; |
||
0 ignored issues
–
show
Bug
introduced
by
Loading history...
|
|||
12 | |||
13 | protected string $host; |
||
14 | |||
15 | protected string $pathToPrivateKey = ''; |
||
16 | |||
17 | protected ?int $port; |
||
18 | |||
19 | protected bool $enableStrictHostChecking = true; |
||
20 | |||
21 | protected Closure $processConfigurationClosure; |
||
22 | |||
23 | protected Closure $onOutput; |
||
24 | |||
25 | public function __construct(string $user, string $host, int $port = null) |
||
26 | { |
||
27 | $this->user = $user; |
||
28 | |||
29 | $this->host = $host; |
||
30 | |||
31 | $this->port = $port; |
||
32 | |||
33 | $this->processConfigurationClosure = fn(Process $process) => null; |
||
34 | |||
35 | $this->onOutput = fn($type, $line) => null; |
||
36 | } |
||
37 | |||
38 | public static function create(...$args): self |
||
39 | { |
||
40 | return new static(...$args); |
||
41 | } |
||
42 | |||
43 | public function usePrivateKey(string $pathToPrivateKey): self |
||
44 | { |
||
45 | $this->pathToPrivateKey = $pathToPrivateKey; |
||
46 | |||
47 | return $this; |
||
48 | } |
||
49 | |||
50 | public function usePort(int $port): self |
||
51 | { |
||
52 | if ($port < 0) { |
||
53 | throw new Exception('Port must be a positive integer.'); |
||
54 | } |
||
55 | $this->port = $port; |
||
56 | |||
57 | return $this; |
||
58 | } |
||
59 | |||
60 | public function configureProcess(Closure $processConfigurationClosure): self |
||
61 | { |
||
62 | $this->processConfigurationClosure = $processConfigurationClosure; |
||
63 | |||
64 | return $this; |
||
65 | } |
||
66 | |||
67 | public function onOutput(Closure $onOutput): self |
||
68 | { |
||
69 | $this->onOutput = $onOutput; |
||
70 | |||
71 | return $this; |
||
72 | } |
||
73 | |||
74 | public function enableStrictHostKeyChecking(): self |
||
75 | { |
||
76 | $this->enableStrictHostChecking = true; |
||
77 | |||
78 | return $this; |
||
79 | } |
||
80 | |||
81 | public function disableStrictHostKeyChecking(): self |
||
82 | { |
||
83 | $this->enableStrictHostChecking = false; |
||
84 | |||
85 | return $this; |
||
86 | } |
||
87 | |||
88 | /** |
||
89 | * @param string|array $command |
||
90 | * |
||
91 | * @return string |
||
92 | */ |
||
93 | public function getExecuteCommand($command): string |
||
94 | { |
||
95 | $commands = $this->wrapArray($command); |
||
96 | |||
97 | $extraOptions = $this->getExtraSshOptions(); |
||
98 | |||
99 | $commandString = implode(PHP_EOL, $commands); |
||
100 | |||
101 | $delimiter = 'EOF-SPATIE-SSH'; |
||
102 | |||
103 | $target = $this->getTarget(); |
||
104 | |||
105 | return "ssh {$extraOptions} {$target} 'bash -se' << \\$delimiter".PHP_EOL |
||
106 | .$commandString.PHP_EOL |
||
107 | .$delimiter; |
||
108 | } |
||
109 | |||
110 | /** |
||
111 | * @param string|array $command |
||
112 | * |
||
113 | * @return \Symfony\Component\Process\Process |
||
114 | */ |
||
115 | public function execute($command): Process |
||
116 | { |
||
117 | $sshCommand = $this->getExecuteCommand($command); |
||
118 | |||
119 | return $this->run($sshCommand); |
||
120 | } |
||
121 | |||
122 | /** |
||
123 | * @param string|array $command |
||
124 | * |
||
125 | * @return \Symfony\Component\Process\Process |
||
126 | */ |
||
127 | public function executeAsync($command): Process |
||
128 | { |
||
129 | $sshCommand = $this->getExecuteCommand($command); |
||
130 | |||
131 | return $this->run($sshCommand, 'start'); |
||
132 | } |
||
133 | |||
134 | public function getDownloadCommand(string $sourcePath, string $destinationPath): string |
||
135 | { |
||
136 | return "scp {$this->getExtraScpOptions()} {$this->getTarget()}:$sourcePath $destinationPath"; |
||
137 | } |
||
138 | |||
139 | public function download(string $sourcePath, string $destinationPath): Process |
||
140 | { |
||
141 | $downloadCommand = $this->getDownloadCommand($sourcePath, $destinationPath); |
||
142 | |||
143 | return $this->run($downloadCommand); |
||
144 | } |
||
145 | |||
146 | public function getUploadCommand(string $sourcePath, string $destinationPath): string |
||
147 | { |
||
148 | return "scp {$this->getExtraScpOptions()} $sourcePath {$this->getTarget()}:$destinationPath"; |
||
149 | } |
||
150 | |||
151 | public function upload(string $sourcePath, string $destinationPath): Process |
||
152 | { |
||
153 | $uploadCommand = $this->getUploadCommand($sourcePath, $destinationPath); |
||
154 | |||
155 | return $this->run($uploadCommand); |
||
156 | } |
||
157 | |||
158 | protected function getExtraSshOptions(): string |
||
159 | { |
||
160 | $extraOptions = $this->getExtraOptions(); |
||
161 | |||
162 | if (! is_null($this->port)) { |
||
163 | $extraOptions[] = "-p {$this->port}"; |
||
164 | } |
||
165 | |||
166 | return implode(' ', $extraOptions); |
||
167 | } |
||
168 | |||
169 | protected function getExtraScpOptions(): string |
||
170 | { |
||
171 | $extraOptions = $this->getExtraOptions(); |
||
172 | |||
173 | $extraOptions[] = '-r'; |
||
174 | |||
175 | if (! is_null($this->port)) { |
||
176 | $extraOptions[] = "-P {$this->port}"; |
||
177 | } |
||
178 | |||
179 | return implode(' ', $extraOptions); |
||
180 | } |
||
181 | |||
182 | private function getExtraOptions(): array |
||
183 | { |
||
184 | $extraOptions = []; |
||
185 | |||
186 | if ($this->pathToPrivateKey) { |
||
187 | $extraOptions[] = "-i {$this->pathToPrivateKey}"; |
||
188 | } |
||
189 | |||
190 | if (! $this->enableStrictHostChecking) { |
||
191 | $extraOptions[] = '-o StrictHostKeyChecking=no'; |
||
192 | $extraOptions[] = '-o UserKnownHostsFile=/dev/null'; |
||
193 | } |
||
194 | |||
195 | return $extraOptions; |
||
196 | } |
||
197 | |||
198 | protected function wrapArray($arrayOrString): array |
||
199 | { |
||
200 | return (array) $arrayOrString; |
||
201 | } |
||
202 | |||
203 | protected function run(string $command, string $method = 'run'): Process |
||
204 | { |
||
205 | $process = Process::fromShellCommandline($command); |
||
206 | |||
207 | $process->setTimeout(0); |
||
208 | |||
209 | ($this->processConfigurationClosure)($process); |
||
210 | |||
211 | $process->{$method}($this->onOutput); |
||
212 | |||
213 | return $process; |
||
214 | } |
||
215 | |||
216 | protected function getTarget(): string |
||
217 | { |
||
218 | return "{$this->user}@{$this->host}"; |
||
219 | } |
||
220 | } |
||
221 |