LesLibres.org/Rss-Bridge
2
0
Fork 0
Code Issues Pull requests Releases Wiki Activity

core: Refactor bridge whitelisting

Browse source 
- Move all whitelisting functionality inside Bridge.php
- Set default whitelist once in index.php using Bridge::setWhitelist()
- Include bridge sanitizing inside Bridge.php
    Bridge::sanitizeBridgeName($name)

Bridge.php now maintains the whitelist internally.
This commit is contained in:
logmanoriginal 2018-11-10 22:26:56 +01:00
parent a0490e3673
commit e26d61ec0a
3 changed files with 89 additions and 34 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

28
index.php
View file

@ -50,22 +50,7 @@ $whitelist_default = array(
try { try {
if(!file_exists(WHITELIST)) { Bridge::setWhitelist($whitelist_default);
$whitelist_selection = $whitelist_default;
$whitelist_write = implode("\n", $whitelist_default);
file_put_contents(WHITELIST, $whitelist_write);
} else {
$whitelist_file_content = file_get_contents(WHITELIST);
if($whitelist_file_content != "*\n") {
$whitelist_selection = explode("\n", $whitelist_file_content);
} else {
$whitelist_selection = Bridge::listBridges();
}
// Prepare for case-insensitive match
$whitelist_selection = array_map('strtolower', $whitelist_selection);
}
$showInactive = filter_input(INPUT_GET, 'show_inactive', FILTER_VALIDATE_BOOLEAN); $showInactive = filter_input(INPUT_GET, 'show_inactive', FILTER_VALIDATE_BOOLEAN);
$action = array_key_exists('action', $params) ? $params['action'] : null; $action = array_key_exists('action', $params) ? $params['action'] : null;
@ -92,7 +77,7 @@ try {
} }
$status = Bridge::isWhitelisted($whitelist_selection, strtolower($bridgeName)) ? 'active' : 'inactive'; $status = Bridge::isWhitelisted($bridgeName) ? 'active' : 'inactive';
$list->bridges[$bridgeName] = array( $list->bridges[$bridgeName] = array(
'status' => $status, 'status' => $status,
@ -112,11 +97,6 @@ try {
echo json_encode($list, JSON_PRETTY_PRINT); echo json_encode($list, JSON_PRETTY_PRINT);
} elseif($action === 'display' && !empty($bridge)) { } elseif($action === 'display' && !empty($bridge)) {
// DEPRECATED: 'nameBridge' scheme is replaced by 'name' in bridge parameter values
// this is to keep compatibility until futher complete removal
if(($pos = strpos($bridge, 'Bridge')) === (strlen($bridge) - strlen('Bridge'))) {
$bridge = substr($bridge, 0, $pos);
}
$format = $params['format'] $format = $params['format']
or returnClientError('You must specify a format!'); or returnClientError('You must specify a format!');
@ -128,7 +108,7 @@ try {
} }
// whitelist control // whitelist control
if(!Bridge::isWhitelisted($whitelist_selection, strtolower($bridge))) { if(!Bridge::isWhitelisted($bridge)) {
throw new \HttpException('This bridge is not whitelisted', 401); throw new \HttpException('This bridge is not whitelisted', 401);
die; die;
} }
@ -287,7 +267,7 @@ try {
die(buildTransformException($e, $bridge)); die(buildTransformException($e, $bridge));
} }
} else { } else {
echo BridgeList::create($whitelist_selection, $showInactive); echo BridgeList::create($showInactive);
} }
} catch(HttpException $e) { } catch(HttpException $e) {
error_log($e); error_log($e);

87
lib/Bridge.php
View file

@ -4,6 +4,12 @@ class Bridge {
static protected $dirBridge; static protected $dirBridge;
/**
* Holds the active whitelist.
* Use Bridge::getWhitelist() instead of accessing this parameter directly!
*/
private static $whitelist = array();
public function __construct(){ public function __construct(){
throw new \LogicException('Please use ' . __CLASS__ . '::create for new object.'); throw new \LogicException('Please use ' . __CLASS__ . '::create for new object.');
} }
@ -78,11 +84,80 @@ EOD;
return $listBridge; return $listBridge;
} }
static public function isWhitelisted($whitelist, $name){ /**
return in_array($name, $whitelist) * @return bool Returns true if the given bridge is whitelisted.
|| in_array($name . '.php', $whitelist) */
|| in_array($name . 'bridge', $whitelist) // DEPRECATED static public function isWhitelisted($name){
|| in_array($name . 'bridge.php', $whitelist) // DEPRECATED return in_array(Bridge::sanitizeBridgeName($name), Bridge::getWhitelist());
|| (count($whitelist) === 1 && trim($whitelist[0]) === '*'); }
/**
* On first call reads the whitelist from WHITELIST. Each line in the file
* specifies one bridge that will be placed on the whitelist. An empty file
* disables all bridges. '*' enables all bridges.
*
* @return array Returns a list of whitelisted bridges
*/
public static function getWhitelist() {
static $firstCall = true; // Initialized on first call
if($firstCall) {
// Create initial whitelist or load from disk
if (!file_exists(WHITELIST) && !empty(Bridge::$whitelist)) {
file_put_contents(WHITELIST, implode("\n", Bridge::$whitelist));
} else {
$contents = trim(file_get_contents(WHITELIST));
if($contents === '*') { // Whitelist all bridges
Bridge::$whitelist = Bridge::listBridges();
} else {
Bridge::$whitelist = array_map('Bridge::sanitizeBridgeName', explode("\n", $contents));
}
}
}
return Bridge::$whitelist;
}
public static function setWhitelist($default = array()) {
Bridge::$whitelist = array_map('Bridge::sanitizeBridgeName', $default);
}
/**
* @return string Returns a sanitized bridge name if the given name has been
* found valid, null otherwise.
*/
private static function sanitizeBridgeName($name) {
if(is_string($name)) {
// Trim trailing '.php' if exists
if(preg_match('/(.+)(?:\.php)/', $name, $matches)) {
$name = $matches[1];
}
// Trim trailing 'Bridge' if exists
if(preg_match('/(.+)(?:Bridge)/i', $name, $matches)) {
$name = $matches[1];
}
// The name is valid if a corresponding bridge file is found on disk
if(in_array(strtolower($name), array_map('strtolower', Bridge::listBridges()))) {
$index = array_search(strtolower($name), array_map('strtolower', Bridge::listBridges()));
return Bridge::listBridges()[$index];
}
Debug::log('Invalid bridge name specified: "' . $name . '"!');
}
return null; // Bad parameter
} }
} }

8
lib/BridgeList.php
View file

@ -22,7 +22,7 @@ final class BridgeList {
EOD; EOD;
} }
private static function getBridges($whitelist, $showInactive, &$totalBridges, &$totalActiveBridges) { private static function getBridges($showInactive, &$totalBridges, &$totalActiveBridges) {
$body = ''; $body = '';
$totalActiveBridges = 0; $totalActiveBridges = 0;
@ -35,7 +35,7 @@ EOD;
foreach($bridgeList as $bridgeName) { foreach($bridgeList as $bridgeName) {
if(Bridge::isWhitelisted($whitelist, strtolower($bridgeName))) { if(Bridge::isWhitelisted($bridgeName)) {
$body .= BridgeCard::displayBridgeCard($bridgeName, $formats); $body .= BridgeCard::displayBridgeCard($bridgeName, $formats);
$totalActiveBridges++; $totalActiveBridges++;
@ -131,7 +131,7 @@ EOD;
EOD; EOD;
} }
static function create($whitelist, $showInactive = true) { static function create($showInactive = true) {
$totalBridges = 0; $totalBridges = 0;
$totalActiveBridges = 0; $totalActiveBridges = 0;
@ -141,7 +141,7 @@ EOD;
. '<body onload="search()">' . '<body onload="search()">'
. BridgeList::getHeader() . BridgeList::getHeader()
. BridgeList::getSearchbar() . BridgeList::getSearchbar()
. BridgeList::getBridges($whitelist, $showInactive, $totalBridges, $totalActiveBridges) . BridgeList::getBridges($showInactive, $totalBridges, $totalActiveBridges)
. BridgeList::getFooter($totalBridges, $totalActiveBridges, $showInactive) . BridgeList::getFooter($totalBridges, $totalActiveBridges, $showInactive)
. '</body></html>'; . '</body></html>';