GeneralSecurityCollector - Code Metrics - startwind/inventorio-command-line - Measure and Improve Code Quality continuously with Scrutinizer

GeneralSecurityCollector A
last analyzed 2025-06-27 06:56 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	102
Duplicated Lines	0 %

Importance

Changes	2
Bugs	0	Features	0

Metric	Value
eloc	53
c	2
b	0
f	0
dl	0
loc	102
rs	10
wmc	19

4 Methods

Rating	Name	Size	Complexity
A	isUnattendedUpgradesUsable()	11	3
A	isUnattendedUpgradesEnabled()	20	4
A	collect()	18	2
B	checkSshKeyOnlyLogin()	43	10

<?php

namespace Startwind\Inventorio\Collector\System\Security;

use Startwind\Inventorio\Collector\BasicCollector;
use Startwind\Inventorio\Exec\Runner;
use Startwind\Inventorio\Exec\System;

class GeneralSecurityCollector extends BasicCollector
{
    protected string $identifier = 'SystemSecurity';

    public function collect(): array
    {
        $available = $this->isUnattendedUpgradesUsable();
        $enabled = false;
        if ($available) {
            $enabled = $this->isUnattendedUpgradesEnabled();
        }

        $sshOnlyConfig = $this->checkSshKeyOnlyLogin();

        $result = [
            'unattendedUpgradesAvailable' => $available,
            'unattendedUpgradesEnabled' => $enabled,
            'sshKeyOnlyAvailable' => $sshOnlyConfig['supported'],
            'sshKeyOnlyEnabled' => $sshOnlyConfig['enforced'],
        ];

        return $result;
    }

    private function isUnattendedUpgradesEnabled(): bool
    {
        $configFile = '/etc/apt/apt.conf.d/20auto-upgrades';

        $runner = Runner::getInstance();

        if (!$runner->fileExists($configFile)) {
            return false;
        }

        $content = $runner->getFileContents($configFile);

        if ($content === false) {

            return false;
        }

        $updateListEnabled = preg_match('/APT::Periodic::Update-Package-Lists\s+"1";/', $content);
        $unattendedUpgradeEnabled = preg_match('/APT::Periodic::Unattended-Upgrade\s+"1";/', $content);

        return $updateListEnabled && $unattendedUpgradeEnabled;
    }

    private function isUnattendedUpgradesUsable(): bool
    {
        if (stripos(strtolower(System::getInstance()->getPlatform()), 'linux') === false) {
            return false;
        }

        $runner = Runner::getInstance();

        if (!$runner->commandExists('apt')) return false;

        return !empty($runner->run('apt-cache show unattended-upgrades 2>/dev/null')->getOutput());
    }

    function checkSshKeyOnlyLogin(): array

    {
        $result = ['supported' => false, 'enforced' => false];

        if (stripos(strtolower(System::getInstance()->getPlatform()), 'linux') === false) {
            return $result;
        }

        $runner = Runner::getInstance();

        $configPath = '/etc/ssh/sshd_config';
        if (!$runner->fileExists($configPath)) {
            return $result;
        }

        $result['supported'] = true;

        $config = $runner->getFileContents($configPath);
        if ($config === false) {

            return $result;
        }

        $lines = preg_split('/\r\n|\r|\n/', $config);
        $settings = [];

        foreach ($lines as $line) {
            $line = trim(preg_replace('/#.*/', '', $line)); // Kommentare entfernen
            if ($line === '') continue;

            if (preg_match('/^\s*(\w+)\s+(yes|no)\s*$/i', $line, $matches)) {
                $key = strtolower($matches[1]);
                $value = strtolower($matches[2]);
                $settings[$key] = $value;
            }
        }

        $passwordOff = isset($settings['passwordauthentication']) && $settings['passwordauthentication'] === 'no';
        $challengeOff = isset($settings['challengeresponseauthentication']) && $settings['challengeresponseauthentication'] === 'no';

        $usePamOff = isset($settings['usepam']) && $settings['usepam'] === 'no';


        $result['enforced'] = $passwordOff; // && $challengeOff && $usePamOff;

        return $result;
    }
}


1			<?php
2
3			namespace Startwind\Inventorio\Collector\System\Security;
4
5			use Startwind\Inventorio\Collector\BasicCollector;
6			use Startwind\Inventorio\Exec\Runner;
7			use Startwind\Inventorio\Exec\System;
8
9			class GeneralSecurityCollector extends BasicCollector
10			{
11			protected string $identifier = 'SystemSecurity';
12
13			public function collect(): array
14			{
15			$available = $this->isUnattendedUpgradesUsable();
16			$enabled = false;
17			if ($available) {
18			$enabled = $this->isUnattendedUpgradesEnabled();
19			}
20
21			$sshOnlyConfig = $this->checkSshKeyOnlyLogin();
22
23			$result = [
24			'unattendedUpgradesAvailable' => $available,
25			'unattendedUpgradesEnabled' => $enabled,
26			'sshKeyOnlyAvailable' => $sshOnlyConfig['supported'],
27			'sshKeyOnlyEnabled' => $sshOnlyConfig['enforced'],
28			];
29
30			return $result;
31			}
32
33			private function isUnattendedUpgradesEnabled(): bool
34			{
35			$configFile = '/etc/apt/apt.conf.d/20auto-upgrades';
36
37			$runner = Runner::getInstance();
38
39			if (!$runner->fileExists($configFile)) {
40			return false;
41			}
42
43			$content = $runner->getFileContents($configFile);
44
45			if ($content === false) {
			0 ignored issues – show introduced 2025-06-06 19:18 UTC by Report Bug Copy Issue Report The condition `$content === false` is always `false`. Loading history...
46			return false;
47			}
48
49			$updateListEnabled = preg_match('/APT::Periodic::Update-Package-Lists\s+"1";/', $content);
50			$unattendedUpgradeEnabled = preg_match('/APT::Periodic::Unattended-Upgrade\s+"1";/', $content);
51
52			return $updateListEnabled && $unattendedUpgradeEnabled;
53			}
54
55			private function isUnattendedUpgradesUsable(): bool
56			{
57			if (stripos(strtolower(System::getInstance()->getPlatform()), 'linux') === false) {
58			return false;
59			}
60
61			$runner = Runner::getInstance();
62
63			if (!$runner->commandExists('apt')) return false;
64
65			return !empty($runner->run('apt-cache show unattended-upgrades 2>/dev/null')->getOutput());
66			}
67
68			function checkSshKeyOnlyLogin(): array
			0 ignored issues – show Best Practice introduced 2025-04-30 10:55 UTC by Report Bug Copy Issue Report It is generally recommended to explicitly declare the visibility for methods. Adding explicit visibility (`private`, `protected`, or `public`) is generally recommend to communicate to other developers how, and from where this method is intended to be used. Loading history...
69			{
70			$result = ['supported' => false, 'enforced' => false];
71
72			if (stripos(strtolower(System::getInstance()->getPlatform()), 'linux') === false) {
73			return $result;
74			}
75
76			$runner = Runner::getInstance();
77
78			$configPath = '/etc/ssh/sshd_config';
79			if (!$runner->fileExists($configPath)) {
80			return $result;
81			}
82
83			$result['supported'] = true;
84
85			$config = $runner->getFileContents($configPath);
86			if ($config === false) {
			0 ignored issues – show introduced 2025-06-06 19:18 UTC by Report Bug Copy Issue Report The condition `$config === false` is always `false`. Loading history...
87			return $result;
88			}
89
90			$lines = preg_split('/\r\n\|\r\|\n/', $config);
91			$settings = [];
92
93			foreach ($lines as $line) {
94			$line = trim(preg_replace('/#.*/', '', $line)); // Kommentare entfernen
95			if ($line === '') continue;
96
97			if (preg_match('/^\s(\w+)\s+(yes\|no)\s$/i', $line, $matches)) {
98			$key = strtolower($matches[1]);
99			$value = strtolower($matches[2]);
100			$settings[$key] = $value;
101			}
102			}
103
104			$passwordOff = isset($settings['passwordauthentication']) && $settings['passwordauthentication'] === 'no';
105			$challengeOff = isset($settings['challengeresponseauthentication']) && $settings['challengeresponseauthentication'] === 'no';
			0 ignored issues – show Unused Code introduced 2025-06-06 19:18 UTC by Report Bug Copy Issue Report The assignment to `$challengeOff` is dead and can be removed. Loading history...
106			$usePamOff = isset($settings['usepam']) && $settings['usepam'] === 'no';
			0 ignored issues – show Unused Code introduced 2025-06-06 19:18 UTC by Report Bug Copy Issue Report The assignment to `$usePamOff` is dead and can be removed. Loading history...
107
108			$result['enforced'] = $passwordOff; // && $challengeOff && $usePamOff;
109
110			return $result;
111			}
112			}
113

startwind / inventorio-command-line

GeneralSecurityCollector A last analyzed 2025-06-27 06:56 UTC

Complexity

Size/Duplication

Importance

4 Methods

Duplication Side-by-Side

Filter issues like

GeneralSecurityCollector A
last analyzed 2025-06-27 06:56 UTC