From 68a564db9aef6b7c3bf86eb54bf7bd469c494b79 Mon Sep 17 00:00:00 2001 From: jmleroux Date: Fri, 10 Mar 2017 22:38:38 +0100 Subject: [PATCH 1/3] Log file validator --- Manager/Cron.php | 2 ++ Validator/Constraints/LogFile.php | 14 ++++++++ Validator/Constraints/LogFileValidator.php | 38 ++++++++++++++++++++++ 3 files changed, 54 insertions(+) create mode 100644 Validator/Constraints/LogFile.php create mode 100644 Validator/Constraints/LogFileValidator.php diff --git a/Manager/Cron.php b/Manager/Cron.php index 2d737d9..f131eb6 100755 --- a/Manager/Cron.php +++ b/Manager/Cron.php @@ -54,6 +54,7 @@ class Cron /** * @var string + * @CronAsserts\LogFile() */ protected $logFile = null; @@ -66,6 +67,7 @@ class Cron /** * @var string + * @CronAsserts\LogFile() */ protected $errorFile = null; diff --git a/Validator/Constraints/LogFile.php b/Validator/Constraints/LogFile.php new file mode 100644 index 0000000..a1a025c --- /dev/null +++ b/Validator/Constraints/LogFile.php @@ -0,0 +1,14 @@ + + */ +class LogFile extends Constraint +{ + public $message = 'Invalid log path "%string%".'; +} diff --git a/Validator/Constraints/LogFileValidator.php b/Validator/Constraints/LogFileValidator.php new file mode 100644 index 0000000..462e47e --- /dev/null +++ b/Validator/Constraints/LogFileValidator.php @@ -0,0 +1,38 @@ + + */ +class LogFileValidator extends ConstraintValidator +{ + /** @var string */ + private $appDir; + + /** + * @param string $appDir + */ + public function __construct($appDir) + { + + $this->appDir = $appDir; + } + + /** + * @param string $value + * @param Constraint $constraint + */ + public function validate($value, Constraint $constraint) + { + $allowedPattern = '#(app/logs?)|(^/tmp)#'; + if (!preg_match($allowedPattern, $value)) { + $this->context->buildViolation($constraint->message) + ->setParameter('%string%', $value) + ->addViolation(); + } + } +} From 1efa60a23e851e68edff6da5bc608c9ef62a6ad6 Mon Sep 17 00:00:00 2001 From: jmleroux Date: Fri, 10 Mar 2017 22:39:01 +0100 Subject: [PATCH 2/3] Disable display of log file --- Controller/LogController.php | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/Controller/LogController.php b/Controller/LogController.php index 67aa6be..cdeacba 100755 --- a/Controller/LogController.php +++ b/Controller/LogController.php @@ -24,7 +24,9 @@ public function fileAction($id, $type) $cronManager = $this->get('foa.cron_bundle.cron_manager'); $cron = $cronManager->getById($id); $filepath = ($type == 'log') ? $cron->getLogFile() : $cron->getErrorFile(); - $content = file_get_contents($filepath); + // TODO: re-activate when secure + // $content = file_get_contents($filepath); + $content = 'File content not displayable.'; return $this->render('FOACronBundle:Dashboard:log.html.twig', [ 'filepath' => $filepath, From 41c6b0f6de5b37b29af3486b8f19b06c99dd1fd9 Mon Sep 17 00:00:00 2001 From: jmleroux Date: Fri, 10 Mar 2017 22:44:10 +0100 Subject: [PATCH 3/3] Fix code style --- Validator/Constraints/LogFileValidator.php | 1 - 1 file changed, 1 deletion(-) diff --git a/Validator/Constraints/LogFileValidator.php b/Validator/Constraints/LogFileValidator.php index 462e47e..7a85f26 100644 --- a/Validator/Constraints/LogFileValidator.php +++ b/Validator/Constraints/LogFileValidator.php @@ -18,7 +18,6 @@ class LogFileValidator extends ConstraintValidator */ public function __construct($appDir) { - $this->appDir = $appDir; }