Skip to content

Commit

Permalink
chore: improve cfssl validation
Browse files Browse the repository at this point in the history
- Remove the backtick operator https://www.php.net/manual/en/language.operators.execution.php
- Return more information when got error
- Validate if the command to check version return empty string
- Validate the output format of version command
- Return Runtime version

Signed-off-by: Vitor Mattos <vitor@php.rio>
  • Loading branch information
vitormattos authored and backportbot-libresign[bot] committed Nov 13, 2024
1 parent 2b35d9e commit 1219642
Showing 1 changed file with 32 additions and 5 deletions.
37 changes: 32 additions & 5 deletions lib/Handler/CertificateEngine/CfsslHandler.php
Original file line number Diff line number Diff line change
Expand Up @@ -375,25 +375,52 @@ private function checkBinaries(): array {
->setTip('Run occ libresign:install --cfssl'),
];
}
$return = [];
$version = str_replace("\n", ', ', trim(`$binary version`));
if (strpos($version, InstallService::CFSSL_VERSION) === false) {
$version = shell_exec("$binary version");
if (!is_string($version) || empty($version)) {
return [
(new ConfigureCheckHelper())
->setErrorMessage(sprintf(
'Failed to run the command "%s" with user %s',
"$binary version",
get_current_user()
))
->setResource('cfssl')
->setTip('Run occ libresign:install --cfssl')
];
}
preg_match_all('/: (?<version>.*)/', $version, $matches);
if (!$matches || !isset($matches['version']) || count($matches['version']) !== 2) {
return [
(new ConfigureCheckHelper())
->setErrorMessage(sprintf(
'Failed to identify cfssl version with command %s',
"$binary version"
))
->setResource('cfssl')
->setTip('Run occ libresign:install --cfssl')
];
}
if (strpos($matches['version'][0], InstallService::CFSSL_VERSION) === false) {
return [
(new ConfigureCheckHelper())
->setErrorMessage(sprintf(
'Invalid version. Expected: %s, actual: %s',
InstallService::CFSSL_VERSION,
$version
$matches['version'][0]
))
->setResource('cfssl')
->setTip('Run occ libresign:install --cfssl')
];
}
$return = [];
$return[] = (new ConfigureCheckHelper())
->setSuccessMessage('CFSSL binary path: ' . $binary)
->setResource('cfssl');
$return[] = (new ConfigureCheckHelper())
->setSuccessMessage('CFSSL: ' . $version)
->setSuccessMessage('CFSSL version: ' . $matches['version'][0])
->setResource('cfssl');
$return[] = (new ConfigureCheckHelper())
->setSuccessMessage('Runtime: ' . $matches['version'][1])
->setResource('cfssl');
return $return;
}
Expand Down

0 comments on commit 1219642

Please sign in to comment.