Home Explore Help
Sign In
bux
/
muzich
Watch 1
Star 0
Fork 0
Code Issues 0 Pull Requests 0 Releases 0 Wiki Activity
10 Commits
1 Branches
Tree: 79109aca04
Branches Tags
${ item.name }
Create branch ${ searchTerm }
from '79109aca04'
${ noResults }
muzich/vendor/bundles/JMS/SecurityExtraBundle/Analysis/ServiceAnalyzer.php

ServiceAnalyzer.php 8.8KB
History Raw

123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198199200201202203204205206207208209210211212213214215216217218219220221222223224225226227228229230231232233234235236237238239240241242243244245246247248249250251252253254255256257258259260261262263264265266 
  1. <?php

  2. 

  3. /*

  4.  * Copyright 2010 Johannes M. Schmitt <schmittjoh@gmail.com>

  5.  *

  6.  * Licensed under the Apache License, Version 2.0 (the "License");

  7.  * you may not use this file except in compliance with the License.

  8.  * You may obtain a copy of the License at

  9.  *

  10.  * http://www.apache.org/licenses/LICENSE-2.0

  11.  *

  12.  * Unless required by applicable law or agreed to in writing, software

  13.  * distributed under the License is distributed on an "AS IS" BASIS,

  14.  * WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.

  15.  * See the License for the specific language governing permissions and

  16.  * limitations under the License.

  17.  */

  18. 

  19. namespace JMS\SecurityExtraBundle\Analysis;

  20. 

  21. use Doctrine\Common\Annotations\Reader;

  22. 

  23. use JMS\SecurityExtraBundle\Metadata\Driver\AnnotationDriver;

  24. 

  25. use JMS\SecurityExtraBundle\Metadata\MethodMetadata;

  26. use JMS\SecurityExtraBundle\Metadata\ClassMetadata;

  27. use JMS\SecurityExtraBundle\Metadata\ServiceMetadata;

  28. use Metadata\Driver\DriverChain;

  29. use \ReflectionClass;

  30. 

  31. /**

  32.  * Analyzes a service class including parent classes. The gathered information

  33.  * is then used to built a proxy class if necessary.

  34.  *

  35.  * @author Johannes M. Schmitt <schmittjoh@gmail.com>

  36.  */

  37. class ServiceAnalyzer

  38. {

  39.     private $reflection;

  40.     private $files;

  41.     private $driver;

  42.     private $pdepend;

  43.     private $analyzed;

  44.     private $hierarchy;

  45.     private $metadata;

  46. 

  47.     public function __construct($class, Reader $reader)

  48.     {

  49.         $this->reflection = new ReflectionClass($class);

  50.         $this->files = array();

  51.         $this->hierarchy = array();

  52.         $this->driver = new DriverChain(array(

  53.             new AnnotationDriver($reader),

  54.         ));

  55.         $this->analyzed = false;

  56.     }

  57. 

  58.     public function analyze()

  59.     {

  60.         if (true === $this->analyzed) {

  61.             return;

  62.         }

  63. 

  64.         $this->collectFiles();

  65.         $this->buildClassHierarchy();

  66.         $this->collectServiceMetadata();

  67. 

  68.         if ($this->metadata->isProxyRequired()) {

  69.             $this->normalizeMetadata();

  70.             $this->analyzeControlFlow();

  71.         }

  72. 

  73.         $this->analyzed = true;

  74.     }

  75. 

  76.     public function getFiles()

  77.     {

  78.         if (!$this->analyzed) {

  79.             throw new \LogicException('Data not yet available, run analyze() first.');

  80.         }

  81. 

  82.         return $this->files;

  83.     }

  84. 

  85.     public function getMetadata()

  86.     {

  87.         if (!$this->analyzed) {

  88.             throw new \LogicException('Data not yet available, run analyze() first.');

  89.         }

  90. 

  91.         return $this->metadata;

  92.     }

  93. 

  94.     private function buildClassHierarchy()

  95.     {

  96.         $hierarchy = array();

  97.         $class = $this->reflection;

  98. 

  99.         // add classes

  100.         while (false !== $class) {

  101.             $hierarchy[] = $class;

  102.             $class = $class->getParentClass();

  103.         }

  104. 

  105.         // add interfaces

  106.         $addedInterfaces = array();

  107.         $newHierarchy = array();

  108. 

  109.         foreach (array_reverse($hierarchy) as $class) {

  110.             foreach ($class->getInterfaces() as $interface) {

  111.                 if (isset($addedInterfaces[$interface->getName()])) {

  112.                     continue;

  113.                 }

  114.                 $addedInterfaces[$interface->getName()] = true;

  115. 

  116.                 $newHierarchy[] = $interface;

  117.             }

  118. 

  119.             $newHierarchy[] = $class;

  120.         }

  121. 

  122.         $this->hierarchy = array_reverse($newHierarchy);

  123.     }

  124. 

  125.     private function collectFiles()

  126.     {

  127.         $this->files[] = $this->reflection->getFileName();

  128. 

  129.         foreach ($this->reflection->getInterfaces() as $interface) {

  130.             if (false !== $filename = $interface->getFileName()) {

  131.                 $this->files[] = $filename;

  132.             }

  133.         }

  134. 

  135.         $parent = $this->reflection;

  136.         while (false !== $parent = $parent->getParentClass()) {

  137.             if (false !== $filename = $parent->getFileName()) {

  138.                 $this->files[] = $filename;

  139.             }

  140.         }

  141.     }

  142. 

  143.     private function normalizeMetadata()

  144.     {

  145.         $secureMethods = array();

  146.         foreach ($this->metadata->classMetadata as $class) {

  147.             if ($class->reflection->isFinal()) {

  148.                 throw new \RuntimeException('Final classes cannot be secured.');

  149.             }

  150. 

  151.             foreach ($class->methodMetadata as $name => $method) {

  152.                 if ($method->reflection->isStatic() || $method->reflection->isFinal()) {

  153.                     throw new \RuntimeException('Annotations cannot be defined on final, or static methods.');

  154.                 }

  155. 

  156.                 if (!isset($secureMethods[$name])) {

  157.                     $this->metadata->addMethodMetadata($method);

  158.                     $secureMethods[$name] = $method;

  159.                 } else if ($method->reflection->isAbstract()) {

  160.                     $secureMethods[$name]->merge($method);

  161.                 } else if (false === $secureMethods[$name]->satisfiesParentSecurityPolicy

  162.                            && $method->reflection->getDeclaringClass()->getName() !== $secureMethods[$name]->reflection->getDeclaringClass()->getName()) {

  163.                     throw new \RuntimeException(sprintf('Unresolved security metadata conflict for method "%s::%s" in "%s". Please copy the respective annotations, and add @SatisfiesParentSecurityPolicy to the child method.', $secureMethods[$name]->reflection->getDeclaringClass()->getName(), $name, $secureMethods[$name]->reflection->getDeclaringClass()->getFileName()));

  164.                 }

  165.             }

  166.         }

  167. 

  168.         foreach ($secureMethods as $name => $method) {

  169.             if ($method->reflection->isAbstract()) {

  170.                 $previous = null;

  171.                 $abstractClass = $method->reflection->getDeclaringClass()->getName();

  172.                 foreach ($this->hierarchy as $refClass) {

  173.                     if ($abstractClass === $fqcn = $refClass->getName()) {

  174.                         $methodMetadata = new MethodMetadata($previous->getName(), $name);

  175.                         $methodMetadata->merge($method);

  176.                         $this->metadata->addMethodMetadata($methodMetadata);

  177. 

  178.                         continue 2;

  179.                     }

  180. 

  181.                     if (!$refClass->isInterface() && $this->hasMethod($refClass, $name)) {

  182.                         $previous = $refClass;

  183.                     }

  184.                 }

  185.             }

  186.         }

  187.     }

  188. 

  189.     /**

  190.      * We only perform a very lightweight control flow analysis. If we stumble upon

  191.      * something suspicous, we will simply break, and require additional metadata

  192.      * to resolve the situation.

  193.      *

  194.      * @throws \RuntimeException

  195.      * @return void

  196.      */

  197.     private function analyzeControlFlow()

  198.     {

  199.         $secureMethods = $this->metadata->methodMetadata;

  200.         $rootClass = $this->hierarchy[0];

  201. 

  202.         while (true) {

  203.             foreach ($rootClass->getMethods() as $method) {

  204.                 if (!$this->hasMethod($rootClass, $method->getName())) {

  205.                     continue;

  206.                 }

  207. 

  208.                 if (!isset($secureMethods[$name = $method->getName()])) {

  209.                     continue;

  210.                 }

  211. 

  212.                 if ($secureMethods[$name]->reflection->getDeclaringClass()->getName() !== $rootClass->getName()) {

  213.                     throw new \RuntimeException(sprintf(

  214.                         'You have overridden a secured method "%s::%s" in "%s". '

  215.                        .'Please copy over the applicable security metadata, and '

  216.                        .'also add @SatisfiesParentSecurityPolicy.',

  217.                         $secureMethods[$name]->reflection->getDeclaringClass()->getName(),

  218.                         $name,

  219.                         $rootClass->getName()

  220.                     ));

  221.                 }

  222. 

  223.                 unset($secureMethods[$method->getName()]);

  224.             }

  225. 

  226.             if (null === $rootClass = $rootClass->getParentClass()) {

  227.                 break;

  228.             }

  229. 

  230.             if (0 === count($secureMethods)) {

  231.                 break;

  232.             }

  233.         }

  234.     }

  235. 

  236.     private function collectServiceMetadata()

  237.     {

  238.         $this->metadata = new ServiceMetadata();

  239.         $classMetadata = null;

  240.         foreach ($this->hierarchy as $reflectionClass) {

  241.             if (null === $classMetadata) {

  242.                 $classMetadata = new ClassMetadata($reflectionClass->getName());

  243.             }

  244. 

  245.             if (null !== $aMetadata = $this->driver->loadMetadataForClass($reflectionClass)) {

  246.                 if ($reflectionClass->isInterface()) {

  247.                     $classMetadata->merge($aMetadata);

  248.                 } else {

  249.                     $this->metadata->addClassMetadata($classMetadata);

  250. 

  251.                     $classMetadata = $aMetadata;

  252.                 }

  253.             }

  254.         }

  255.         $this->metadata->addClassMetadata($classMetadata);

  256.     }

  257. 

  258.     private function hasMethod(\ReflectionClass $class, $name)

  259.     {

  260.         if (!$class->hasMethod($name)) {

  261.             return false;

  262.         }

  263. 

  264.         return $class->getName() === $class->getMethod($name)->getDeclaringClass()->getName();

  265.     }

  266. }