From e26d61ec0ac0659244ac68ccb0f832e89f043c7a Mon Sep 17 00:00:00 2001
From: logmanoriginal <logmanoriginal@users.noreply.github.com>
Date: Sat, 10 Nov 2018 22:26:56 +0100
Subject: [PATCH] core: Refactor bridge whitelisting

- Move all whitelisting functionality inside Bridge.php
- Set default whitelist once in index.php using Bridge::setWhitelist()
- Include bridge sanitizing inside Bridge.php
    Bridge::sanitizeBridgeName($name)

Bridge.php now maintains the whitelist internally.
---
 index.php          | 28 +++------------
 lib/Bridge.php     | 87 ++++++++++++++++++++++++++++++++++++++++++----
 lib/BridgeList.php |  8 ++---
 3 files changed, 89 insertions(+), 34 deletions(-)

diff --git a/index.php b/index.php
index d57de89b..40d242d6 100644
--- a/index.php
+++ b/index.php
@@ -50,22 +50,7 @@ $whitelist_default = array(
 
 try {
 
-	if(!file_exists(WHITELIST)) {
-		$whitelist_selection = $whitelist_default;
-		$whitelist_write = implode("\n", $whitelist_default);
-		file_put_contents(WHITELIST, $whitelist_write);
-	} else {
-
-		$whitelist_file_content = file_get_contents(WHITELIST);
-		if($whitelist_file_content != "*\n") {
-			$whitelist_selection = explode("\n", $whitelist_file_content);
-		} else {
-			$whitelist_selection = Bridge::listBridges();
-		}
-
-		// Prepare for case-insensitive match
-		$whitelist_selection = array_map('strtolower', $whitelist_selection);
-	}
+	Bridge::setWhitelist($whitelist_default);
 
 	$showInactive = filter_input(INPUT_GET, 'show_inactive', FILTER_VALIDATE_BOOLEAN);
 	$action = array_key_exists('action', $params) ? $params['action'] : null;
@@ -92,7 +77,7 @@ try {
 
 			}
 
-			$status = Bridge::isWhitelisted($whitelist_selection, strtolower($bridgeName)) ? 'active' : 'inactive';
+			$status = Bridge::isWhitelisted($bridgeName) ? 'active' : 'inactive';
 
 			$list->bridges[$bridgeName] = array(
 				'status' => $status,
@@ -112,11 +97,6 @@ try {
 		echo json_encode($list, JSON_PRETTY_PRINT);
 
 	} elseif($action === 'display' && !empty($bridge)) {
-		// DEPRECATED: 'nameBridge' scheme is replaced by 'name' in bridge parameter values
-		//             this is to keep compatibility until futher complete removal
-		if(($pos = strpos($bridge, 'Bridge')) === (strlen($bridge) - strlen('Bridge'))) {
-			$bridge = substr($bridge, 0, $pos);
-		}
 
 		$format = $params['format']
 			or returnClientError('You must specify a format!');
@@ -128,7 +108,7 @@ try {
 		}
 
 		// whitelist control
-		if(!Bridge::isWhitelisted($whitelist_selection, strtolower($bridge))) {
+		if(!Bridge::isWhitelisted($bridge)) {
 			throw new \HttpException('This bridge is not whitelisted', 401);
 			die;
 		}
@@ -287,7 +267,7 @@ try {
 			die(buildTransformException($e, $bridge));
 		}
 	} else {
-		echo BridgeList::create($whitelist_selection, $showInactive);
+		echo BridgeList::create($showInactive);
 	}
 } catch(HttpException $e) {
 	error_log($e);
diff --git a/lib/Bridge.php b/lib/Bridge.php
index e0010dfb..84b9901a 100644
--- a/lib/Bridge.php
+++ b/lib/Bridge.php
@@ -4,6 +4,12 @@ class Bridge {
 
 	static protected $dirBridge;
 
+	/**
+	 * Holds the active whitelist.
+	 * Use Bridge::getWhitelist() instead of accessing this parameter directly!
+	 */
+	private static $whitelist = array();
+
 	public function __construct(){
 		throw new \LogicException('Please use ' . __CLASS__ . '::create for new object.');
 	}
@@ -78,11 +84,80 @@ EOD;
 		return $listBridge;
 	}
 
-	static public function isWhitelisted($whitelist, $name){
-		return in_array($name, $whitelist)
-		|| in_array($name . '.php', $whitelist)
-		|| in_array($name . 'bridge', $whitelist) // DEPRECATED
-		|| in_array($name . 'bridge.php', $whitelist) // DEPRECATED
-		|| (count($whitelist) === 1 && trim($whitelist[0]) === '*');
+	/**
+	 * @return bool Returns true if the given bridge is whitelisted.
+	 */
+	static public function isWhitelisted($name){
+		return in_array(Bridge::sanitizeBridgeName($name), Bridge::getWhitelist());
+	}
+
+	/**
+	 * On first call reads the whitelist from WHITELIST. Each line in the file
+	 * specifies one bridge that will be placed on the whitelist. An empty file
+	 * disables all bridges. '*' enables all bridges.
+	 *
+	 * @return array Returns a list of whitelisted bridges
+	 */
+	public static function getWhitelist() {
+
+		static $firstCall = true; // Initialized on first call
+
+		if($firstCall) {
+
+			// Create initial whitelist or load from disk
+			if (!file_exists(WHITELIST) && !empty(Bridge::$whitelist)) {
+				file_put_contents(WHITELIST, implode("\n", Bridge::$whitelist));
+			} else {
+
+				$contents = trim(file_get_contents(WHITELIST));
+
+				if($contents === '*') { // Whitelist all bridges
+					Bridge::$whitelist = Bridge::listBridges();
+				} else {
+					Bridge::$whitelist = array_map('Bridge::sanitizeBridgeName', explode("\n", $contents));
+				}
+
+			}
+
+		}
+
+		return Bridge::$whitelist;
+
+	}
+
+	public static function setWhitelist($default = array()) {
+		Bridge::$whitelist = array_map('Bridge::sanitizeBridgeName', $default);
+	}
+
+	/**
+	 * @return string Returns a sanitized bridge name if the given name has been
+	 * found valid, null otherwise.
+	 */
+	private static function sanitizeBridgeName($name) {
+
+		if(is_string($name)) {
+
+			// Trim trailing '.php' if exists
+			if(preg_match('/(.+)(?:\.php)/', $name, $matches)) {
+				$name = $matches[1];
+			}
+
+			// Trim trailing 'Bridge' if exists
+			if(preg_match('/(.+)(?:Bridge)/i', $name, $matches)) {
+				$name = $matches[1];
+			}
+
+			// The name is valid if a corresponding bridge file is found on disk
+			if(in_array(strtolower($name), array_map('strtolower', Bridge::listBridges()))) {
+				$index = array_search(strtolower($name), array_map('strtolower', Bridge::listBridges()));
+				return Bridge::listBridges()[$index];
+			}
+
+			Debug::log('Invalid bridge name specified: "' . $name . '"!');
+
+		}
+
+		return null; // Bad parameter
+
 	}
 }
diff --git a/lib/BridgeList.php b/lib/BridgeList.php
index b9454c37..4a612a4e 100644
--- a/lib/BridgeList.php
+++ b/lib/BridgeList.php
@@ -22,7 +22,7 @@ final class BridgeList {
 EOD;
 	}
 
-	private static function getBridges($whitelist, $showInactive, &$totalBridges, &$totalActiveBridges) {
+	private static function getBridges($showInactive, &$totalBridges, &$totalActiveBridges) {
 
 		$body = '';
 		$totalActiveBridges = 0;
@@ -35,7 +35,7 @@ EOD;
 
 		foreach($bridgeList as $bridgeName) {
 
-			if(Bridge::isWhitelisted($whitelist, strtolower($bridgeName))) {
+			if(Bridge::isWhitelisted($bridgeName)) {
 
 				$body .= BridgeCard::displayBridgeCard($bridgeName, $formats);
 				$totalActiveBridges++;
@@ -131,7 +131,7 @@ EOD;
 EOD;
 	}
 
-	static function create($whitelist, $showInactive = true) {
+	static function create($showInactive = true) {
 
 		$totalBridges = 0;
 		$totalActiveBridges = 0;
@@ -141,7 +141,7 @@ EOD;
 		. '<body onload="search()">'
 		. BridgeList::getHeader()
 		. BridgeList::getSearchbar()
-		. BridgeList::getBridges($whitelist, $showInactive, $totalBridges, $totalActiveBridges)
+		. BridgeList::getBridges($showInactive, $totalBridges, $totalActiveBridges)
 		. BridgeList::getFooter($totalBridges, $totalActiveBridges, $showInactive)
 		. '</body></html>';