Completed
Push — master ( d9d81a...2cc3e5 )
by Krishnaprasad
04:32
created

ClamavValidator::validateFileWithClamAv()   A

Complexity

Conditions 4
Paths 6

Size

Total Lines 22

Duplication

Lines 0
Ratio 0 %

Code Coverage

Tests 10
CRAP Score 4.074

Importance

Changes 0
Metric Value
dl 0
loc 22
ccs 10
cts 12
cp 0.8333
rs 9.568
c 0
b 0
f 0
cc 4
nc 6
nop 1
crap 4.074
1
<?php
2
3
namespace Sunspikes\ClamavValidator;
4
5
use Illuminate\Contracts\Translation\Translator;
6
use Illuminate\Support\Arr;
7
use Illuminate\Support\Facades\Config;
8
use Illuminate\Validation\Validator;
9
use Xenolope\Quahog\Client as QuahogClient;
10
use Socket\Raw\Factory as SocketFactory;
11
use Symfony\Component\HttpFoundation\File\UploadedFile;
12
13
class ClamavValidator extends Validator
14
{
15
    /**
16
     * Creates a new instance of ClamavValidator.
17
     *
18
     * ClamavValidator constructor.
19
     * @param Translator $translator
20
     * @param array      $data
21
     * @param array      $rules
22
     * @param array      $messages
23
     * @param array      $customAttributes
24
     */
25 6
    public function __construct(
26
        Translator $translator,
27
        array $data,
28
        array $rules,
29
        array $messages = [],
30
        array $customAttributes = []
31
    ) {
32 6
        parent::__construct($translator, $data, $rules, $messages, $customAttributes);
33 6
    }
34
35
    /**
36
     * Validate the uploaded file for virus/malware with ClamAV.
37
     *
38
     * @param  $attribute   string
39
     * @param  $value       mixed
40
     * @param  $parameters  array
41
     *
42
     * @return boolean
43
     * @throws ClamavValidatorException
44
     */
45 5
    public function validateClamav($attribute, $value, $parameters)
0 ignored issues
show
Unused Code introduced by Krishnaprasad MG
The parameter $attribute is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
Unused Code introduced by Krishnaprasad MG
The parameter $parameters is not used and could be removed.

This check looks from parameters that have been defined for a function or method, but which are not used in the method body.

Loading history...
46
    {
47 5
        if (true === Config::get('clamav.skip_validation')) {
48
            return true;
49
        }
50
51 5
        if(is_array($value)) {
52 2
        	$result = true;
53 2
        	foreach($value as $file) {
54 2
        		$result &= $this->validateFileWithClamAv($file);
55 2
			}
56
57 2
        	return $result;
58
		}
59
60 3
		return $this->validateFileWithClamAv($value);
61
	}
62
63
	/**
64
	 * Validate the single uploaded file for virus/malware with ClamAV.
65
	 *
66
	 * @param $value mixed
67
	 *
68
	 * @return bool
69
	 * @throws ClamavValidatorException
70
	 */
71 5
	protected function validateFileWithClamAv($value)
72
	{
73 5
        $file = $this->getFilePath($value);
74 5
        if (! is_readable($file)) {
75 1
            throw ClamavValidatorException::forNonReadableFile($file);
76
        }
77
78
        try {
79 4
            $socket  = $this->getClamavSocket();
80 4
            $scanner = $this->createQuahogScannerClient($socket);
81 4
            $result  = $scanner->scanResourceStream(fopen($file, 'rb'));
82 4
        } catch (\Exception $exception) {
83
            throw ClamavValidatorException::forClientException($exception);
84
        }
85
86 4
        if (QuahogClient::RESULT_ERROR === $result['status']) {
87
            throw ClamavValidatorException::forScanResult($result);
88
        }
89
90
        // Check if scan result is clean
91 4
        return QuahogClient::RESULT_OK === $result['status'];
92
    }
93
94
    /**
95
     * Guess the ClamAV socket.
96
     *
97
     * @return string
98
     */
99 4
    protected function getClamavSocket()
100
    {
101 4
        $preferredSocket = Config::get('clamav.preferred_socket');
102
103 4
        if ($preferredSocket === 'unix_socket') {
104 4
            $unixSocket = Config::get('clamav.unix_socket');
105 4
            if (file_exists($unixSocket)) {
106 4
                return 'unix://' . $unixSocket;
107
            }
108
        }
109
110
        // We use the tcp_socket as fallback as well
111
        return Config::get('clamav.tcp_socket');
112
    }
113
114
    /**
115
     * Return the file path from the passed object.
116
     *
117
     * @param mixed $file
118
     * @return string
119
     */
120 5
    protected function getFilePath($file)
121
    {
122
        // if were passed an instance of UploadedFile, return the path
123 5
        if ($file instanceof UploadedFile) {
124
            return $file->getPathname();
125
        }
126
127
        // if we're passed a PHP file upload array, return the "tmp_name"
128 5
        if (is_array($file) && null !== Arr::get($file, 'tmp_name')) {
129
            return $file['tmp_name'];
130
        }
131
132
        // fallback: we were likely passed a path already
133 5
        return $file;
0 ignored issues
show
Bug Best Practice introduced by Krishnaprasad MG
The return type of return $file; (object|integer|double|string|null|boolean|array) is incompatible with the return type documented by Sunspikes\ClamavValidato...vValidator::getFilePath of type string.

If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design.

Let’s take a look at an example:

class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}

Our function my_function expects a Post object, and outputs the author of the post. The base class Post returns a simple string and outputting a simple string will work just fine. However, the child class BlogPost which is a sub-type of Post instead decided to return an object, and is therefore violating the SOLID principles. If a BlogPost were passed to my_function, PHP would not complain, but ultimately fail when executing the strtoupper call in its body.

Loading history...
134
    }
135
136
    /**
137
     * Create a new quahog ClamAV scanner client.
138
     *
139
     * @param string $socket
140
     * @return QuahogClient
141
     */
142 4
    protected function createQuahogScannerClient($socket)
143
    {
144
        // Create a new client socket instance
145 4
        $client = (new SocketFactory())->createClient($socket);
146
147 4
        return new QuahogClient($client, Config::get('clamav.socket_read_timeout'), PHP_NORMAL_READ);
148
    }
149
}
150