ClamavValidator::validateFileWithClamAv() - Code Metrics - Inspection of "Ability to validate multiple files in one request..." - sunspikes/clamav-validator - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( d9d81a...2cc3e5 )

by Krishnaprasad

created 2021-04-21 15:13 UTC

ClamavValidator::validateFileWithClamAv() A

↳ Parent: ClamavValidator

Complexity

Conditions	4
Paths	6

Size

Total Lines

Duplication

Lines	0
Ratio	0 %

Code Coverage

Tests	10
CRAP Score	4.074

Importance

Changes

Metric	Value
dl	0
loc	22
ccs	10
cts	12
cp	0.8333
rs	9.568
c	0
b	0
f	0
cc	4
nc	6
nop	1
crap	4.074

<?php

namespace Sunspikes\ClamavValidator;

use Illuminate\Contracts\Translation\Translator;
use Illuminate\Support\Arr;
use Illuminate\Support\Facades\Config;
use Illuminate\Validation\Validator;
use Xenolope\Quahog\Client as QuahogClient;
use Socket\Raw\Factory as SocketFactory;
use Symfony\Component\HttpFoundation\File\UploadedFile;

class ClamavValidator extends Validator
{
    /**
     * Creates a new instance of ClamavValidator.
     *
     * ClamavValidator constructor.
     * @param Translator $translator
     * @param array      $data
     * @param array      $rules
     * @param array      $messages
     * @param array      $customAttributes
     */
    public function __construct(
        Translator $translator,
        array $data,
        array $rules,
        array $messages = [],
        array $customAttributes = []
    ) {
        parent::__construct($translator, $data, $rules, $messages, $customAttributes);
    }

    /**
     * Validate the uploaded file for virus/malware with ClamAV.
     *
     * @param  $attribute   string
     * @param  $value       mixed
     * @param  $parameters  array
     *
     * @return boolean
     * @throws ClamavValidatorException
     */
    public function validateClamav($attribute, $value, $parameters)

    {
        if (true === Config::get('clamav.skip_validation')) {
            return true;
        }

        if(is_array($value)) {
        	$result = true;
        	foreach($value as $file) {
        		$result &= $this->validateFileWithClamAv($file);
			}

        	return $result;
		}

		return $this->validateFileWithClamAv($value);
	}

	/**
	 * Validate the single uploaded file for virus/malware with ClamAV.
	 *
	 * @param $value mixed
	 *
	 * @return bool
	 * @throws ClamavValidatorException
	 */
	protected function validateFileWithClamAv($value)
	{
        $file = $this->getFilePath($value);
        if (! is_readable($file)) {
            throw ClamavValidatorException::forNonReadableFile($file);
        }

        try {
            $socket  = $this->getClamavSocket();
            $scanner = $this->createQuahogScannerClient($socket);
            $result  = $scanner->scanResourceStream(fopen($file, 'rb'));
        } catch (\Exception $exception) {
            throw ClamavValidatorException::forClientException($exception);
        }

        if (QuahogClient::RESULT_ERROR === $result['status']) {
            throw ClamavValidatorException::forScanResult($result);
        }

        // Check if scan result is clean
        return QuahogClient::RESULT_OK === $result['status'];
    }

    /**
     * Guess the ClamAV socket.
     *
     * @return string
     */
    protected function getClamavSocket()
    {
        $preferredSocket = Config::get('clamav.preferred_socket');

        if ($preferredSocket === 'unix_socket') {
            $unixSocket = Config::get('clamav.unix_socket');
            if (file_exists($unixSocket)) {
                return 'unix://' . $unixSocket;
            }
        }

        // We use the tcp_socket as fallback as well
        return Config::get('clamav.tcp_socket');
    }

    /**
     * Return the file path from the passed object.
     *
     * @param mixed $file
     * @return string
     */
    protected function getFilePath($file)
    {
        // if were passed an instance of UploadedFile, return the path
        if ($file instanceof UploadedFile) {
            return $file->getPathname();
        }

        // if we're passed a PHP file upload array, return the "tmp_name"
        if (is_array($file) && null !== Arr::get($file, 'tmp_name')) {
            return $file['tmp_name'];
        }

        // fallback: we were likely passed a path already
        return $file;
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
    }

    /**
     * Create a new quahog ClamAV scanner client.
     *
     * @param string $socket
     * @return QuahogClient
     */
    protected function createQuahogScannerClient($socket)
    {
        // Create a new client socket instance
        $client = (new SocketFactory())->createClient($socket);

        return new QuahogClient($client, Config::get('clamav.socket_read_timeout'), PHP_NORMAL_READ);
    }
}


1		<?php
2
3		namespace Sunspikes\ClamavValidator;
4
5		use Illuminate\Contracts\Translation\Translator;
6		use Illuminate\Support\Arr;
7		use Illuminate\Support\Facades\Config;
8		use Illuminate\Validation\Validator;
9		use Xenolope\Quahog\Client as QuahogClient;
10		use Socket\Raw\Factory as SocketFactory;
11		use Symfony\Component\HttpFoundation\File\UploadedFile;
12
13		class ClamavValidator extends Validator
14		{
15		/**
16		* Creates a new instance of ClamavValidator.
17		*
18		* ClamavValidator constructor.
19		* @param Translator $translator
20		* @param array $data
21		* @param array $rules
22		* @param array $messages
23		* @param array $customAttributes
24		*/
25	6	public function __construct(
26		Translator $translator,
27		array $data,
28		array $rules,
29		array $messages = [],
30		array $customAttributes = []
31		) {
32	6	parent::__construct($translator, $data, $rules, $messages, $customAttributes);
33	6	}
34
35		/**
36		* Validate the uploaded file for virus/malware with ClamAV.
37		*
38		* @param $attribute string
39		* @param $value mixed
40		* @param $parameters array
41		*
42		* @return boolean
43		* @throws ClamavValidatorException
44		*/
45	5	public function validateClamav($attribute, $value, $parameters)
		0 ignored issues – show Unused Code introduced 2018-01-31 10:13 UTC by Report Bug Copy Issue Report The parameter `$attribute` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2018-01-31 10:13 UTC by Report Bug Copy Issue Report The parameter `$parameters` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
46		{
47	5	if (true === Config::get('clamav.skip_validation')) {
48		return true;
49		}
50
51	5	if(is_array($value)) {
52	2	$result = true;
53	2	foreach($value as $file) {
54	2	$result &= $this->validateFileWithClamAv($file);
55	2	}
56
57	2	return $result;
58		}
59
60	3	return $this->validateFileWithClamAv($value);
61		}
62
63		/**
64		* Validate the single uploaded file for virus/malware with ClamAV.
65		*
66		* @param $value mixed
67		*
68		* @return bool
69		* @throws ClamavValidatorException
70		*/
71	5	protected function validateFileWithClamAv($value)
72		{
73	5	$file = $this->getFilePath($value);
74	5	if (! is_readable($file)) {
75	1	throw ClamavValidatorException::forNonReadableFile($file);
76		}
77
78		try {
79	4	$socket = $this->getClamavSocket();
80	4	$scanner = $this->createQuahogScannerClient($socket);
81	4	$result = $scanner->scanResourceStream(fopen($file, 'rb'));
82	4	} catch (\Exception $exception) {
83		throw ClamavValidatorException::forClientException($exception);
84		}
85
86	4	if (QuahogClient::RESULT_ERROR === $result['status']) {
87		throw ClamavValidatorException::forScanResult($result);
88		}
89
90		// Check if scan result is clean
91	4	return QuahogClient::RESULT_OK === $result['status'];
92		}
93
94		/**
95		* Guess the ClamAV socket.
96		*
97		* @return string
98		*/
99	4	protected function getClamavSocket()
100		{
101	4	$preferredSocket = Config::get('clamav.preferred_socket');
102
103	4	if ($preferredSocket === 'unix_socket') {
104	4	$unixSocket = Config::get('clamav.unix_socket');
105	4	if (file_exists($unixSocket)) {
106	4	return 'unix://' . $unixSocket;
107		}
108		}
109
110		// We use the tcp_socket as fallback as well
111		return Config::get('clamav.tcp_socket');
112		}
113
114		/**
115		* Return the file path from the passed object.
116		*
117		* @param mixed $file
118		* @return string
119		*/
120	5	protected function getFilePath($file)
121		{
122		// if were passed an instance of UploadedFile, return the path
123	5	if ($file instanceof UploadedFile) {
124		return $file->getPathname();
125		}
126
127		// if we're passed a PHP file upload array, return the "tmp_name"
128	5	if (is_array($file) && null !== Arr::get($file, 'tmp_name')) {
129		return $file['tmp_name'];
130		}
131
132		// fallback: we were likely passed a path already
133	5	return $file;
		0 ignored issues – show Bug Best Practice introduced 2019-09-27 10:31 UTC by Report Bug Copy Issue Report The return type of `return $file;` (`object\|integer\|double\|string\|null\|boolean\|array`) is incompatible with the return type documented by `Sunspikes\ClamavValidato...vValidator::getFilePath` of type `string`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
134		}
135
136		/**
137		* Create a new quahog ClamAV scanner client.
138		*
139		* @param string $socket
140		* @return QuahogClient
141		*/
142	4	protected function createQuahogScannerClient($socket)
143		{
144		// Create a new client socket instance
145	4	$client = (new SocketFactory())->createClient($socket);
146
147	4	return new QuahogClient($client, Config::get('clamav.socket_read_timeout'), PHP_NORMAL_READ);
148		}
149		}
150

sunspikes / clamav-validator

Push — master ( d9d81a...2cc3e5 )

ClamavValidator::validateFileWithClamAv() A

Complexity

Size

Duplication

Code Coverage

Importance

Duplication Side-by-Side

Filter issues like