[ Index ] |
PHP Cross Reference of Joomla 4.2.2 documentation |
[Summary view] [Print] [Text view]
1 <?php 2 declare(strict_types=1); 3 namespace TYPO3\PharStreamWrapper\Interceptor; 4 5 /* 6 * This file is part of the TYPO3 project. 7 * 8 * It is free software; you can redistribute it and/or modify it under the terms 9 * of the MIT License (MIT). For the full copyright and license information, 10 * please read the LICENSE file that was distributed with this source code. 11 * 12 * The TYPO3 project - inspiring people to share! 13 */ 14 15 use TYPO3\PharStreamWrapper\Assertable; 16 use TYPO3\PharStreamWrapper\Exception; 17 use TYPO3\PharStreamWrapper\Manager; 18 use TYPO3\PharStreamWrapper\Phar\DeserializationException; 19 use TYPO3\PharStreamWrapper\Phar\Reader; 20 21 /** 22 * @internal Experimental implementation of checking against serialized objects in Phar meta-data 23 * @internal This functionality has not been 100% pentested... 24 */ 25 class PharMetaDataInterceptor implements Assertable 26 { 27 /** 28 * Determines whether the according Phar archive contains 29 * (potential insecure) serialized objects. 30 * 31 * @param string $path 32 * @param string $command 33 * @return bool 34 * @throws Exception 35 */ 36 public function assert(string $path, string $command): bool 37 { 38 if ($this->baseFileDoesNotHaveMetaDataIssues($path)) { 39 return true; 40 } 41 throw new Exception( 42 sprintf( 43 'Problematic meta-data in "%s"', 44 $path 45 ), 46 1539632368 47 ); 48 } 49 50 /** 51 * @param string $path 52 * @return bool 53 */ 54 private function baseFileDoesNotHaveMetaDataIssues(string $path): bool 55 { 56 $invocation = Manager::instance()->resolve($path); 57 if ($invocation === null) { 58 return false; 59 } 60 // directly return in case invocation was checked before 61 if ($invocation->getVariable(self::class) === true) { 62 return true; 63 } 64 // otherwise analyze meta-data 65 try { 66 $reader = new Reader($invocation->getBaseName()); 67 $reader->resolveContainer()->getManifest()->deserializeMetaData(); 68 $invocation->setVariable(self::class, true); 69 } catch (DeserializationException $exception) { 70 return false; 71 } 72 return true; 73 } 74 }
title
Description
Body
title
Description
Body
title
Description
Body
title
Body
Generated: Wed Sep 7 05:41:13 2022 | Chilli.vc Blog - For Webmaster,Blog-Writer,System Admin and Domainer |