Issues in ClamavValidator.php - Fixed Issues - Inspection of "Remove the var_dump" - sunspikes/clamav-validator - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 9b02dd...65291a )

by Krishnaprasad

created 2018-04-26 07:36 UTC

src/ClamavValidator/ClamavValidator.php (1 issue)

Showing only issues like (Show All)

Check for forgotten debug code

Debugging Code Security Critical

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace Sunspikes\ClamavValidator;

use Illuminate\Validation\Validator;
use Xenolope\Quahog\Client;
use Socket\Raw\Factory;
use Symfony\Component\HttpFoundation\File\UploadedFile;

class ClamavValidator extends Validator
{
    /**
     * @const string CLAMAV_STATUS_OK
     */
    const CLAMAV_STATUS_OK = 'OK';

    /**
     * @const string CLAMAV_STATUS_ERROR
     */
    const CLAMAV_STATUS_ERROR = 'ERROR';

    /**
     * @const string CLAMAV_UNIX_SOCKET
     */
    const CLAMAV_UNIX_SOCKET = '/var/run/clamav/clamd.ctl';

    /**
     * @const string CLAMAV_LOCAL_TCP_SOCKET
     */
    const CLAMAV_LOCAL_TCP_SOCKET = 'tcp://127.0.0.1:3310';

    /**
     * @const string CLAMAV_SOCKET_READ_TIMEOUT
     */
    const CLAMAV_SOCKET_READ_TIMEOUT = 30;

    /**
     * Creates a new instance of ClamavValidator
     */
    public function __construct($translator, $data, $rules, $messages)
    {
        parent::__construct($translator, $data, $rules, $messages);
    }

    /**
     * Validate the uploaded file for virus/malware with ClamAV
     *
     * @param  $attribute   string
     * @param  $value       mixed
     * @param  $parameters  array
     *
     * @return boolean
     * @throws ClamavValidatorException
     */
    public function validateClamav($attribute, $value, $parameters)
    {
        $file = $this->getFilePath($value);
        $clamavSocket = $this->getClamavSocket();

        // Create a new socket instance
        $socket = (new Factory())->createClient($clamavSocket);

        // Create a new instance of the Client
        $quahog = new Client($socket, self::CLAMAV_SOCKET_READ_TIMEOUT, PHP_NORMAL_READ);

        // Scan the file
        $result = $quahog->scanFile($file);
        var_dump([$file, $result]);


        if (self::CLAMAV_STATUS_ERROR === $result['status']) {
            throw new ClamavValidatorException($result['reason']);
        }

        // Check if scan result is not clean
        return !(self::CLAMAV_STATUS_OK !== $result['status']);
    }

    /**
     * Guess the ClamAV socket
     *
     * @return string
     */
    protected function getClamavSocket()
    {
        if (file_exists(env('CLAMAV_UNIX_SOCKET', self::CLAMAV_UNIX_SOCKET))) {
            return 'unix://' . env('CLAMAV_UNIX_SOCKET', self::CLAMAV_UNIX_SOCKET);
        }

        return env('CLAMAV_TCP_SOCKET', self::CLAMAV_LOCAL_TCP_SOCKET);
    }

    /**
     * Return the file path from the passed object
     *
     * @param $file mixed
     * @return string
     */
    protected function getFilePath($file)
    {
        // if were passed an instance of UploadedFile, return the path
        if ($file instanceof UploadedFile) {
            return $file->getPathname();
        }

        // if we're passed a PHP file upload array, return the "tmp_name"
        if (is_array($file) && null !== array_get($file, 'tmp_name')) {
            return $file['tmp_name'];
        }

        // fallback: we were likely passed a path already
        return $file;
    }
}


1		<?php namespace Sunspikes\ClamavValidator;
2
3		use Illuminate\Validation\Validator;
4		use Xenolope\Quahog\Client;
5		use Socket\Raw\Factory;
6		use Symfony\Component\HttpFoundation\File\UploadedFile;
7
8		class ClamavValidator extends Validator
9		{
10		/**
11		* @const string CLAMAV_STATUS_OK
12		*/
13		const CLAMAV_STATUS_OK = 'OK';
14
15		/**
16		* @const string CLAMAV_STATUS_ERROR
17		*/
18		const CLAMAV_STATUS_ERROR = 'ERROR';
19
20		/**
21		* @const string CLAMAV_UNIX_SOCKET
22		*/
23		const CLAMAV_UNIX_SOCKET = '/var/run/clamav/clamd.ctl';
24
25		/**
26		* @const string CLAMAV_LOCAL_TCP_SOCKET
27		*/
28		const CLAMAV_LOCAL_TCP_SOCKET = 'tcp://127.0.0.1:3310';
29
30		/**
31		* @const string CLAMAV_SOCKET_READ_TIMEOUT
32		*/
33		const CLAMAV_SOCKET_READ_TIMEOUT = 30;
34
35		/**
36		* Creates a new instance of ClamavValidator
37		*/
38	4	public function __construct($translator, $data, $rules, $messages)
39		{
40	4	parent::__construct($translator, $data, $rules, $messages);
41	4	}
42
43		/**
44		* Validate the uploaded file for virus/malware with ClamAV
45		*
46		* @param $attribute string
47		* @param $value mixed
48		* @param $parameters array
49		*
50		* @return boolean
51		* @throws ClamavValidatorException
52		*/
53	3	public function validateClamav($attribute, $value, $parameters)
54		{
55	3	$file = $this->getFilePath($value);
56	3	$clamavSocket = $this->getClamavSocket();
57
58		// Create a new socket instance
59	3	$socket = (new Factory())->createClient($clamavSocket);
60
61		// Create a new instance of the Client
62	3	$quahog = new Client($socket, self::CLAMAV_SOCKET_READ_TIMEOUT, PHP_NORMAL_READ);
63
64		// Scan the file
65	3	$result = $quahog->scanFile($file);
66	3	var_dump([$file, $result]);
		0 ignored issues – show Security Debugging Code introduced 2018-04-26 07:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this `var_dump(array($file, $result));` looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data. Loading history...
67
68	3	if (self::CLAMAV_STATUS_ERROR === $result['status']) {
69	1	throw new ClamavValidatorException($result['reason']);
70		}
71
72		// Check if scan result is not clean
73	2	return !(self::CLAMAV_STATUS_OK !== $result['status']);
74		}
75
76		/**
77		* Guess the ClamAV socket
78		*
79		* @return string
80		*/
81	3	protected function getClamavSocket()
82		{
83	3	if (file_exists(env('CLAMAV_UNIX_SOCKET', self::CLAMAV_UNIX_SOCKET))) {
84	3	return 'unix://' . env('CLAMAV_UNIX_SOCKET', self::CLAMAV_UNIX_SOCKET);
85		}
86
87		return env('CLAMAV_TCP_SOCKET', self::CLAMAV_LOCAL_TCP_SOCKET);
88		}
89
90		/**
91		* Return the file path from the passed object
92		*
93		* @param $file mixed
94		* @return string
95		*/
96	3	protected function getFilePath($file)
97		{
98		// if were passed an instance of UploadedFile, return the path
99	3	if ($file instanceof UploadedFile) {
100		return $file->getPathname();
101		}
102
103		// if we're passed a PHP file upload array, return the "tmp_name"
104	3	if (is_array($file) && null !== array_get($file, 'tmp_name')) {
105		return $file['tmp_name'];
106		}
107
108		// fallback: we were likely passed a path already
109	3	return $file;
110		}
111		}
112

sunspikes / clamav-validator

Push — master ( 9b02dd...65291a )

src/ClamavValidator/ClamavValidator.php (1 issue)

Showing only issues like (Show All)

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like