- Corrected code-smell and code style issues in \ncc\Classes > HttpClient
- Fixed MITM attack vector in `\ncc\Classes > HttpClient > prepareCurl()`
This commit is contained in:
parent
8019d8c378
commit
393078cd9e
2 changed files with 48 additions and 31 deletions
10
CHANGELOG.md
10
CHANGELOG.md
|
@ -5,6 +5,16 @@ All notable changes to this project will be documented in this file.
|
||||||
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
|
||||||
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
|
||||||
|
|
||||||
|
## [1.0.4] - Unreleased
|
||||||
|
|
||||||
|
### Fixed
|
||||||
|
- Fixed MITM attack vector in `\ncc\Classes > HttpClient > prepareCurl()`
|
||||||
|
|
||||||
|
### Changed
|
||||||
|
- Corrected code-smell and code style issues in `\ncc\Classes > HttpClient`
|
||||||
|
|
||||||
|
|
||||||
|
|
||||||
## [1.0.3] - 2023-08-16
|
## [1.0.3] - 2023-08-16
|
||||||
|
|
||||||
### Changed
|
### Changed
|
||||||
|
|
|
@ -50,29 +50,25 @@ namespace ncc\Classes;
|
||||||
curl_setopt($curl, CURLOPT_MAXREDIRS, 5);
|
curl_setopt($curl, CURLOPT_MAXREDIRS, 5);
|
||||||
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
|
curl_setopt($curl, CURLOPT_CONNECTTIMEOUT, 10);
|
||||||
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
|
curl_setopt($curl, CURLOPT_TIMEOUT, 10);
|
||||||
curl_setopt($curl, CURLOPT_SSL_VERIFYPEER, false);
|
|
||||||
curl_setopt($curl, CURLOPT_SSL_VERIFYHOST, false);
|
|
||||||
curl_setopt($curl, CURLOPT_HTTPHEADER, $request->Headers);
|
curl_setopt($curl, CURLOPT_HTTPHEADER, $request->Headers);
|
||||||
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $request->Type);
|
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, $request->Type);
|
||||||
curl_setopt($curl, CURLOPT_NOPROGRESS, false);
|
curl_setopt($curl, CURLOPT_NOPROGRESS, false);
|
||||||
curl_setopt($curl, CURLOPT_PROGRESSFUNCTION, function($curl, $downloadSize, $downloaded, $uploadSize, $uploaded) use ($request)
|
|
||||||
{
|
|
||||||
if($downloadSize > 0 && ($downloaded !== $downloadSize))
|
|
||||||
{
|
|
||||||
if(Main::getLogLevel() !== null)
|
|
||||||
{
|
|
||||||
switch(Main::getLogLevel())
|
|
||||||
{
|
|
||||||
case LogLevel::Verbose:
|
|
||||||
case LogLevel::Debug:
|
|
||||||
case LogLevel::Silent:
|
|
||||||
Console::outVerbose(sprintf(' <= %s of %s bytes downloaded', $downloaded, $downloadSize));
|
|
||||||
break;
|
|
||||||
|
|
||||||
default:
|
curl_setopt($curl, CURLOPT_PROGRESSFUNCTION, static function($curl, $downloadSize, $downloaded)
|
||||||
Console::inlineProgressBar($downloaded, $downloadSize + 1);
|
{
|
||||||
break;
|
if($downloadSize > 0 && ($downloaded !== $downloadSize) && Main::getLogLevel() !== null)
|
||||||
}
|
{
|
||||||
|
switch(Main::getLogLevel())
|
||||||
|
{
|
||||||
|
case LogLevel::Verbose:
|
||||||
|
case LogLevel::Debug:
|
||||||
|
case LogLevel::Silent:
|
||||||
|
Console::outVerbose(sprintf(' <= %s of %s bytes downloaded', $downloaded, $downloadSize));
|
||||||
|
break;
|
||||||
|
|
||||||
|
default:
|
||||||
|
Console::inlineProgressBar($downloaded, $downloadSize + 1);
|
||||||
|
break;
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
});
|
});
|
||||||
|
@ -86,13 +82,17 @@ namespace ncc\Classes;
|
||||||
case HttpRequestType::POST:
|
case HttpRequestType::POST:
|
||||||
curl_setopt($curl, CURLOPT_POST, true);
|
curl_setopt($curl, CURLOPT_POST, true);
|
||||||
if($request->Body !== null)
|
if($request->Body !== null)
|
||||||
|
{
|
||||||
curl_setopt($curl, CURLOPT_POSTFIELDS, $request->Body);
|
curl_setopt($curl, CURLOPT_POSTFIELDS, $request->Body);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case HttpRequestType::PUT:
|
case HttpRequestType::PUT:
|
||||||
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'PUT');
|
curl_setopt($curl, CURLOPT_CUSTOMREQUEST, 'PUT');
|
||||||
if($request->Body !== null)
|
if($request->Body !== null)
|
||||||
|
{
|
||||||
curl_setopt($curl, CURLOPT_POSTFIELDS, $request->Body);
|
curl_setopt($curl, CURLOPT_POSTFIELDS, $request->Body);
|
||||||
|
}
|
||||||
break;
|
break;
|
||||||
|
|
||||||
case HttpRequestType::DELETE:
|
case HttpRequestType::DELETE:
|
||||||
|
@ -110,7 +110,9 @@ namespace ncc\Classes;
|
||||||
}
|
}
|
||||||
|
|
||||||
foreach ($request->Options as $option => $value)
|
foreach ($request->Options as $option => $value)
|
||||||
|
{
|
||||||
curl_setopt($curl, $option, $value);
|
curl_setopt($curl, $option, $value);
|
||||||
|
}
|
||||||
|
|
||||||
return $curl;
|
return $curl;
|
||||||
}
|
}
|
||||||
|
@ -128,21 +130,27 @@ namespace ncc\Classes;
|
||||||
if($cache)
|
if($cache)
|
||||||
{
|
{
|
||||||
/** @var HttpResponseCache $cache */
|
/** @var HttpResponseCache $cache */
|
||||||
$cache = RuntimeCache::get(sprintf('http_cache_%s', $httpRequest->requestHash()));
|
$cache_value = RuntimeCache::get(sprintf('http_cache_%s', $httpRequest->requestHash()));
|
||||||
if($cache !== null && $cache->getTtl() > time())
|
if($cache_value !== null && $cache_value->getTtl() > time())
|
||||||
{
|
{
|
||||||
Console::outDebug(sprintf('using cached response for %s', $httpRequest->requestHash()));
|
Console::outDebug(sprintf('using cached response for %s', $httpRequest->requestHash()));
|
||||||
return $cache->getHttpResponse();
|
return $cache_value->getHttpResponse();
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
$curl = self::prepareCurl($httpRequest);
|
$curl = self::prepareCurl($httpRequest);
|
||||||
|
|
||||||
Console::outDebug(sprintf(' => %s request %s', $httpRequest->Type, $httpRequest->Url));
|
Console::outDebug(sprintf(' => %s request %s', $httpRequest->Type, $httpRequest->Url));
|
||||||
|
|
||||||
if($httpRequest->Headers !== null && count($httpRequest->Headers) > 0)
|
if($httpRequest->Headers !== null && count($httpRequest->Headers) > 0)
|
||||||
|
{
|
||||||
Console::outDebug(sprintf(' => headers: %s', implode(', ', $httpRequest->Headers)));
|
Console::outDebug(sprintf(' => headers: %s', implode(', ', $httpRequest->Headers)));
|
||||||
|
}
|
||||||
|
|
||||||
if($httpRequest->Body !== null)
|
if($httpRequest->Body !== null)
|
||||||
|
{
|
||||||
Console::outDebug(sprintf(' => body: %s', $httpRequest->Body));
|
Console::outDebug(sprintf(' => body: %s', $httpRequest->Body));
|
||||||
|
}
|
||||||
|
|
||||||
$response = curl_exec($curl);
|
$response = curl_exec($curl);
|
||||||
|
|
||||||
|
@ -162,12 +170,9 @@ namespace ncc\Classes;
|
||||||
$httpResponse->Headers = self::parseHeaders($headers);
|
$httpResponse->Headers = self::parseHeaders($headers);
|
||||||
$httpResponse->Body = $body;
|
$httpResponse->Body = $body;
|
||||||
|
|
||||||
Console::outDebug(sprintf(' <= %s response', $httpResponse->StatusCode));/** @noinspection PhpConditionAlreadyCheckedInspection */
|
Console::outDebug(sprintf(' <= %s response', $httpResponse->StatusCode));
|
||||||
if($httpResponse->Headers !== null && count($httpResponse->Headers) > 0)
|
Console::outDebug(sprintf(' <= headers: %s', (implode(', ', $httpResponse->Headers))));
|
||||||
Console::outDebug(sprintf(' <= headers: %s', implode(', ', $httpResponse->Headers)));
|
Console::outDebug(sprintf(' <= body: %s', $httpResponse->Body));
|
||||||
/** @noinspection PhpConditionAlreadyCheckedInspection */
|
|
||||||
if($httpResponse->Body !== null)
|
|
||||||
Console::outDebug(sprintf(' <= body: %s', $httpResponse->Body));
|
|
||||||
|
|
||||||
curl_close($curl);
|
curl_close($curl);
|
||||||
|
|
||||||
|
@ -194,7 +199,7 @@ namespace ncc\Classes;
|
||||||
{
|
{
|
||||||
$curl = self::prepareCurl($httpRequest);
|
$curl = self::prepareCurl($httpRequest);
|
||||||
|
|
||||||
$fp = fopen($path, 'w');
|
$fp = fopen($path, 'wb');
|
||||||
curl_setopt($curl, CURLOPT_FILE, $fp);
|
curl_setopt($curl, CURLOPT_FILE, $fp);
|
||||||
curl_setopt($curl, CURLOPT_HEADER, 0);
|
curl_setopt($curl, CURLOPT_HEADER, 0);
|
||||||
$response = curl_exec($curl);
|
$response = curl_exec($curl);
|
||||||
|
@ -222,9 +227,11 @@ namespace ncc\Classes;
|
||||||
$lines = explode("\n", $input);
|
$lines = explode("\n", $input);
|
||||||
$headers['HTTP'] = array_shift($lines);
|
$headers['HTTP'] = array_shift($lines);
|
||||||
|
|
||||||
foreach ($lines as $line) {
|
foreach ($lines as $line)
|
||||||
|
{
|
||||||
$header = explode(':', $line, 2);
|
$header = explode(':', $line, 2);
|
||||||
if (count($header) == 2) {
|
if (count($header) === 2)
|
||||||
|
{
|
||||||
$headers[trim($header[0])] = trim($header[1]);
|
$headers[trim($header[0])] = trim($header[1]);
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
Loading…
Add table
Reference in a new issue