Completed
Push — master ( 9b02dd...65291a )
by Krishnaprasad
03:57 queued 24s
created

src/ClamavValidator/ClamavValidator.php (1 issue)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php namespace Sunspikes\ClamavValidator;
2
3
use Illuminate\Validation\Validator;
4
use Xenolope\Quahog\Client;
5
use Socket\Raw\Factory;
6
use Symfony\Component\HttpFoundation\File\UploadedFile;
7
8
class ClamavValidator extends Validator
9
{
10
    /**
11
     * @const string CLAMAV_STATUS_OK
12
     */
13
    const CLAMAV_STATUS_OK = 'OK';
14
15
    /**
16
     * @const string CLAMAV_STATUS_ERROR
17
     */
18
    const CLAMAV_STATUS_ERROR = 'ERROR';
19
20
    /**
21
     * @const string CLAMAV_UNIX_SOCKET
22
     */
23
    const CLAMAV_UNIX_SOCKET = '/var/run/clamav/clamd.ctl';
24
25
    /**
26
     * @const string CLAMAV_LOCAL_TCP_SOCKET
27
     */
28
    const CLAMAV_LOCAL_TCP_SOCKET = 'tcp://127.0.0.1:3310';
29
30
    /**
31
     * @const string CLAMAV_SOCKET_READ_TIMEOUT
32
     */
33
    const CLAMAV_SOCKET_READ_TIMEOUT = 30;
34
35
    /**
36
     * Creates a new instance of ClamavValidator
37
     */
38 4
    public function __construct($translator, $data, $rules, $messages)
39
    {
40 4
        parent::__construct($translator, $data, $rules, $messages);
41 4
    }
42
43
    /**
44
     * Validate the uploaded file for virus/malware with ClamAV
45
     *
46
     * @param  $attribute   string
47
     * @param  $value       mixed
48
     * @param  $parameters  array
49
     *
50
     * @return boolean
51
     * @throws ClamavValidatorException
52
     */
53 3
    public function validateClamav($attribute, $value, $parameters)
54
    {
55 3
        $file = $this->getFilePath($value);
56 3
        $clamavSocket = $this->getClamavSocket();
57
58
        // Create a new socket instance
59 3
        $socket = (new Factory())->createClient($clamavSocket);
60
61
        // Create a new instance of the Client
62 3
        $quahog = new Client($socket, self::CLAMAV_SOCKET_READ_TIMEOUT, PHP_NORMAL_READ);
63
64
        // Scan the file
65 3
        $result = $quahog->scanFile($file);
66 3
        var_dump([$file, $result]);
0 ignored issues
show
Security Debugging Code introduced by Krishnaprasad MG
var_dump(array($file, $result)); looks like debug code. Are you sure you do not want to remove it? This might expose sensitive data.
Loading history...
67
68 3
        if (self::CLAMAV_STATUS_ERROR === $result['status']) {
69 1
            throw new ClamavValidatorException($result['reason']);
70
        }
71
72
        // Check if scan result is not clean
73 2
        return !(self::CLAMAV_STATUS_OK !== $result['status']);
74
    }
75
76
    /**
77
     * Guess the ClamAV socket
78
     *
79
     * @return string
80
     */
81 3
    protected function getClamavSocket()
82
    {
83 3
        if (file_exists(env('CLAMAV_UNIX_SOCKET', self::CLAMAV_UNIX_SOCKET))) {
84 3
            return 'unix://' . env('CLAMAV_UNIX_SOCKET', self::CLAMAV_UNIX_SOCKET);
85
        }
86
87
        return env('CLAMAV_TCP_SOCKET', self::CLAMAV_LOCAL_TCP_SOCKET);
88
    }
89
90
    /**
91
     * Return the file path from the passed object
92
     *
93
     * @param $file mixed
94
     * @return string
95
     */
96 3
    protected function getFilePath($file)
97
    {
98
        // if were passed an instance of UploadedFile, return the path
99 3
        if ($file instanceof UploadedFile) {
100
            return $file->getPathname();
101
        }
102
103
        // if we're passed a PHP file upload array, return the "tmp_name"
104 3
        if (is_array($file) && null !== array_get($file, 'tmp_name')) {
105
            return $file['tmp_name'];
106
        }
107
108
        // fallback: we were likely passed a path already
109 3
        return $file;
110
    }
111
}
112