From 65b0271cdf57b10e603256fc01d921f4f599fbb4 Mon Sep 17 00:00:00 2001
From: Vitor Mattos <vitor@php.rio>
Date: Wed, 13 Nov 2024 08:20:30 -0300
Subject: [PATCH] chore: improve cfssl validation

- Remove the backtick operator https://www.php.net/manual/en/language.operators.execution.php
- Return more information when got error
- Validate if the command to check version return empty string
- Validate the output format of version command
- Return Runtime version

Signed-off-by: Vitor Mattos <vitor@php.rio>
---
 .../CertificateEngine/CfsslHandler.php        | 37 ++++++++++++++++---
 1 file changed, 32 insertions(+), 5 deletions(-)

diff --git a/lib/Handler/CertificateEngine/CfsslHandler.php b/lib/Handler/CertificateEngine/CfsslHandler.php
index e70bfc665c..39f8516504 100644
--- a/lib/Handler/CertificateEngine/CfsslHandler.php
+++ b/lib/Handler/CertificateEngine/CfsslHandler.php
@@ -391,25 +391,52 @@ private function checkBinaries(): array {
 					->setTip('Run occ libresign:install --cfssl'),
 			];
 		}
-		$return = [];
-		$version = str_replace("\n", ', ', trim(`$binary version`));
-		if (strpos($version, InstallService::CFSSL_VERSION) === false) {
+		$version = shell_exec("$binary version");
+		if (!is_string($version) || empty($version)) {
+			return [
+				(new ConfigureCheckHelper())
+					->setErrorMessage(sprintf(
+						'Failed to run the command "%s" with user %s',
+						"$binary version",
+						get_current_user()
+					))
+					->setResource('cfssl')
+					->setTip('Run occ libresign:install --cfssl')
+			];
+		}
+		preg_match_all('/: (?<version>.*)/', $version, $matches);
+		if (!$matches || !isset($matches['version']) || count($matches['version']) !== 2) {
+			return [
+				(new ConfigureCheckHelper())
+					->setErrorMessage(sprintf(
+						'Failed to identify cfssl version with command %s',
+						"$binary version"
+					))
+					->setResource('cfssl')
+					->setTip('Run occ libresign:install --cfssl')
+			];
+		}
+		if (strpos($matches['version'][0], InstallService::CFSSL_VERSION) === false) {
 			return [
 				(new ConfigureCheckHelper())
 					->setErrorMessage(sprintf(
 						'Invalid version. Expected: %s, actual: %s',
 						InstallService::CFSSL_VERSION,
-						$version
+						$matches['version'][0]
 					))
 					->setResource('cfssl')
 					->setTip('Run occ libresign:install --cfssl')
 			];
 		}
+		$return = [];
 		$return[] = (new ConfigureCheckHelper())
 			->setSuccessMessage('CFSSL binary path: ' . $binary)
 			->setResource('cfssl');
 		$return[] = (new ConfigureCheckHelper())
-			->setSuccessMessage('CFSSL: ' . $version)
+			->setSuccessMessage('CFSSL version: ' . $matches['version'][0])
+			->setResource('cfssl');
+		$return[] = (new ConfigureCheckHelper())
+			->setSuccessMessage('Runtime: ' . $matches['version'][1])
 			->setResource('cfssl');
 		return $return;
 	}