Make OC\IntegrityCheck strict

Signed-off-by: Roeland Jago Douma <roeland@famdouma.nl>
6 years ago · 4d5f2e64a5
parent 7c6cc013eb
commit 4d5f2e64a5
6 changed files with 38 additions and 33 deletions
--- a/lib/private/IntegrityCheck/Checker.php
+++ b/lib/private/IntegrityCheck/Checker.php
@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -97,9 +98,9 @@ class Checker {
 	 *
 	 * @return bool
 	 */
-	public function isCodeCheckEnforced() {
+	public function isCodeCheckEnforced(): bool {
 		$notSignedChannels = [ '', 'git'];
-		if (in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
+		if (\in_array($this->environmentHelper->getChannel(), $notSignedChannels, true)) {
 			return false;
 		}

@ -108,10 +109,9 @@ class Checker {
 		 * applicable for very specific scenarios and we should not advertise it
 		 * too prominent. So please do not add it to config.sample.php.
 		 */
+		$isIntegrityCheckDisabled = false;
 		if ($this->config !== null) {
 			$isIntegrityCheckDisabled = $this->config->getSystemValue('integrity.check.disabled', false);
-		} else {
-			$isIntegrityCheckDisabled = false;
 		}
 		if ($isIntegrityCheckDisabled === true) {
 			return false;
@ -128,7 +128,7 @@ class Checker {
 	 * @return \RecursiveIteratorIterator
 	 * @throws \Exception
 	 */
-	private function getFolderIterator($folderToIterate, $root = '') {
+	private function getFolderIterator(string $folderToIterate, string $root = ''): \RecursiveIteratorIterator {
 		$dirItr = new \RecursiveDirectoryIterator(
 			$folderToIterate,
 			\RecursiveDirectoryIterator::SKIP_DOTS
@ -156,12 +156,12 @@ class Checker {
 	 * @return array Array of hashes.
 	 */
 	private function generateHashes(\RecursiveIteratorIterator $iterator,
-									$path) {
+									string $path): array {
 		$hashes = [];
 		$copiedWebserverSettingFiles = false;
 		$tmpFolder = '';

-		$baseDirectoryLength = strlen($path);
+		$baseDirectoryLength = \strlen($path);
 		foreach($iterator as $filename => $data) {
 			/** @var \DirectoryIterator $data */
 			if($data->isDir()) {
@ -220,7 +220,7 @@ class Checker {
 			if($filename === $this->environmentHelper->getServerRoot() . '/.htaccess') {
 				$fileContent = file_get_contents($tmpFolder . '/.htaccess');
 				$explodedArray = explode('#### DO NOT CHANGE ANYTHING ABOVE THIS LINE ####', $fileContent);
-				if(count($explodedArray) === 2) {
+				if(\count($explodedArray) === 2) {
 					$hashes[$relativeFileName] = hash('sha512', $explodedArray[0]);
 					continue;
 				}
@ -238,11 +238,11 @@ class Checker {
 	 * @param array $hashes
 	 * @param X509 $certificate
 	 * @param RSA $privateKey
-	 * @return string
+	 * @return array
 	 */
 	private function createSignatureData(array $hashes,
 										 X509 $certificate,
-										 RSA $privateKey) {
+										 RSA $privateKey): array {
 		ksort($hashes);

 		$privateKey->setSignatureMode(RSA::SIGNATURE_PSS);
@ -328,13 +328,13 @@ class Checker {
 	 * @throws InvalidSignatureException
 	 * @throws \Exception
 	 */
-	private function verify($signaturePath, $basePath, $certificateCN) {
+	private function verify(string $signaturePath, string $basePath, string $certificateCN): array {
 		if(!$this->isCodeCheckEnforced()) {
 			return [];
 		}

 		$signatureData = json_decode($this->fileAccessHelper->file_get_contents($signaturePath), true);
-		if(!is_array($signatureData)) {
+		if(!\is_array($signatureData)) {
 			throw new InvalidSignatureException('Signature data not found.');
 		}

@ -422,7 +422,7 @@ class Checker {
 	 *
 	 * @return bool
 	 */
-	public function hasPassedCheck() {
+	public function hasPassedCheck(): bool {
 		$results = $this->getResults();
 		if(empty($results)) {
 			return true;
@ -434,9 +434,9 @@ class Checker {
 	/**
 	 * @return array
 	 */
-	public function getResults() {
+	public function getResults(): array {
 		$cachedResults = $this->cache->get(self::CACHE_KEY);
-		if(!is_null($cachedResults)) {
+		if(!\is_null($cachedResults)) {
 			return json_decode($cachedResults, true);
 		}

@ -452,7 +452,7 @@ class Checker {
 	 * @param string $scope
 	 * @param array $result
 	 */
-	private function storeResults($scope, array $result) {
+	private function storeResults(string $scope, array $result) {
 		$resultArray = $this->getResults();
 		unset($resultArray[$scope]);
 		if(!empty($result)) {
@ -505,7 +505,7 @@ class Checker {
 	 * @param string $path Optional path. If none is given it will be guessed.
 	 * @return array
 	 */
-	public function verifyAppSignature($appId, $path = '') {
+	public function verifyAppSignature(string $appId, string $path = ''): array {
 		try {
 			if($path === '') {
 				$path = $this->appLocator->getAppPath($appId);
@ -518,7 +518,7 @@ class Checker {
 		} catch (\Exception $e) {
 			$result = [
 					'EXCEPTION' => [
-							'class' => get_class($e),
+							'class' => \get_class($e),
 							'message' => $e->getMessage(),
 					],
 			];
@ -558,7 +558,7 @@ class Checker {
 	 *
 	 * @return array
 	 */
-	public function verifyCoreSignature() {
+	public function verifyCoreSignature(): array {
 		try {
 			$result = $this->verify(
 					$this->environmentHelper->getServerRoot() . '/core/signature.json',
@ -568,7 +568,7 @@ class Checker {
 		} catch (\Exception $e) {
 			$result = [
 					'EXCEPTION' => [
-							'class' => get_class($e),
+							'class' => \get_class($e),
 							'message' => $e->getMessage(),
 					],
 			];
--- a/lib/private/IntegrityCheck/Helpers/AppLocator.php
+++ b/lib/private/IntegrityCheck/Helpers/AppLocator.php
@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -37,7 +38,7 @@ class AppLocator {
 	 * @return string
 	 * @throws \Exception If the app cannot be found
 	 */
-	public function getAppPath($appId) {
+	public function getAppPath(string $appId): string {
 		$path = \OC_App::getAppPath($appId);
 		if($path === false) {

@ -51,7 +52,7 @@ class AppLocator {
 	 *
 	 * @return array
 	 */
-	public function getAllApps() {
+	public function getAllApps(): array {
 		return \OC_App::getAllApps();
 	}
 }
--- a/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/EnvironmentHelper.php
@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -34,7 +35,7 @@ class EnvironmentHelper {
 	 *
 	 * @return string
 	 */
-	public function getServerRoot() {
+	public function getServerRoot(): string {
 		return rtrim(\OC::$SERVERROOT, '/');
 	}

@ -43,7 +44,7 @@ class EnvironmentHelper {
 	 *
 	 * @return string
 	 */
-	public function getChannel() {
+	public function getChannel(): string {
 		return \OC_Util::getChannel();
 	}
 }
--- a/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
+++ b/lib/private/IntegrityCheck/Helpers/FileAccessHelper.php
@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -36,7 +37,7 @@ class FileAccessHelper {
 	 * @param string $filename
 	 * @return string|false
 	 */
-	public function file_get_contents($filename) {
+	public function file_get_contents(string $filename) {
 		return file_get_contents($filename);
 	}

@ -46,7 +47,7 @@ class FileAccessHelper {
 	 * @param string $filename
 	 * @return bool
 	 */
-	public function file_exists($filename) {
+	public function file_exists(string $filename): bool {
 		return file_exists($filename);
 	}

@ -58,9 +59,9 @@ class FileAccessHelper {
 	 * @return int
 	 * @throws \Exception
 	 */
-	public function file_put_contents($filename, $data) {
+	public function file_put_contents(string $filename, string $data): int {
 		$bytesWritten = @file_put_contents($filename, $data);
-		if ($bytesWritten === false || $bytesWritten !== strlen($data)){
+		if ($bytesWritten === false || $bytesWritten !== \strlen($data)){
 			throw new \Exception('Failed to write into ' . $filename);
 		}
 		return $bytesWritten;
@ -70,7 +71,7 @@ class FileAccessHelper {
 	 * @param string $path
 	 * @return bool
 	 */
-	public function is_writable($path) {
+	public function is_writable(string $path): bool {
 		return is_writable($path);
 	}

@ -78,7 +79,7 @@ class FileAccessHelper {
 	 * @param string $path
 	 * @throws \Exception
 	 */
-	public function assertDirectoryExists($path) {
+	public function assertDirectoryExists(string $path) {
 		if (!is_dir($path)) {
 			throw new \Exception('Directory ' . $path . ' does not exist.');
 		}
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFileByNameFilterIterator.php
@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -52,7 +53,7 @@ class ExcludeFileByNameFilterIterator extends \RecursiveFilterIterator {
 			return true;
 		}

-		return !in_array(
+		return !\in_array(
 			$this->current()->getFilename(),
 			$this->excludedFilenames,
 			true
--- a/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
+++ b/lib/private/IntegrityCheck/Iterator/ExcludeFoldersByPathFilterIterator.php
@ -1,4 +1,5 @@
 <?php
+declare(strict_types=1);
 /**
 * @copyright Copyright (c) 2016, ownCloud, Inc.
 *
@ -24,7 +25,7 @@
 namespace OC\IntegrityCheck\Iterator;

 class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
-	private $excludedFolders = [];
+	private $excludedFolders;

 	public function __construct(\RecursiveIterator $iterator, $root = '') {
 		parent::__construct($iterator);
@ -59,7 +60,7 @@ class ExcludeFoldersByPathFilterIterator extends \RecursiveFilterIterator {
 	 * @return bool
 	 */
 	public function accept() {
-		return !in_array(
+		return !\in_array(
 			$this->current()->getPathName(),
 			$this->excludedFolders,
 			true