From d3b257ecc58c63a788ee75f58c0e0a78e3c2bc30 Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Wed, 21 Aug 2019 23:42:16 -0400 Subject: [PATCH 1/2] Fix double quote errors --- bin/create-client.php | 2 +- bin/replicate.php | 2 +- src/Chronicle/Chronicle.php | 13 ++++++++++++- src/Chronicle/Handlers/Register.php | 2 +- src/Chronicle/Process/CrossSign.php | 13 ++++++++----- src/Chronicle/Process/Replicate.php | 5 ++++- 6 files changed, 27 insertions(+), 10 deletions(-) diff --git a/bin/create-client.php b/bin/create-client.php index a54ca7d..f2db810 100644 --- a/bin/create-client.php +++ b/bin/create-client.php @@ -119,7 +119,7 @@ $db->beginTransaction(); $db->insert( - Chronicle::getTableName('clients', $isSQLite), + Chronicle::getTableNameUnquoted('clients', $isSQLite), [ 'isAdmin' => !empty($admin), 'publicid' => $newPublicId, diff --git a/bin/replicate.php b/bin/replicate.php index 581e6a3..7b7528d 100644 --- a/bin/replicate.php +++ b/bin/replicate.php @@ -94,7 +94,7 @@ } $db->beginTransaction(); -$db->insert(Chronicle::getTableName('replication_sources', true), [ +$db->insert(Chronicle::getTableNameUnquoted('replication_sources', true), [ 'name' => $name, 'uniqueid' => Base64UrlSafe::encode(random_bytes(33)), 'publickey' => $publicKey, diff --git a/src/Chronicle/Chronicle.php b/src/Chronicle/Chronicle.php index b5d28c8..39255be 100644 --- a/src/Chronicle/Chronicle.php +++ b/src/Chronicle/Chronicle.php @@ -81,6 +81,17 @@ public static function getTableName(string $name, bool $dontEscape = false) ); } + /** + * @param string $name + * @param bool $dontEscape + * @return string + * @throws InvalidInstanceException + */ + public static function getTableNameUnquoted(string $name, bool $dontEscape = false) + { + return trim(self::getTableName($name, $dontEscape), '"'); + } + /** * This extends the Blakechain with an arbitrary message, signature, and * public key. @@ -150,7 +161,7 @@ public static function extendBlakechain( self::normalize($db->getDriver(), $fields); // Insert new row into the database: - $db->insert(self::getTableName('chain', true), $fields); + $db->insert(self::getTableNameUnquoted('chain', true), $fields); if (!$db->commit()) { $db->rollBack(); throw new ChainAppendException('Could not commit new hash to database'); diff --git a/src/Chronicle/Handlers/Register.php b/src/Chronicle/Handlers/Register.php index fc77016..f76d211 100644 --- a/src/Chronicle/Handlers/Register.php +++ b/src/Chronicle/Handlers/Register.php @@ -185,7 +185,7 @@ protected function createClient(array $post): string $db->beginTransaction(); $db->insert( - Chronicle::getTableName('clients', true), + Chronicle::getTableNameUnquoted('clients', true), [ 'publicid' => $clientId, 'publickey' => $post['publickey'], diff --git a/src/Chronicle/Process/CrossSign.php b/src/Chronicle/Process/CrossSign.php index dfb77ac..290baff 100644 --- a/src/Chronicle/Process/CrossSign.php +++ b/src/Chronicle/Process/CrossSign.php @@ -6,10 +6,7 @@ use GuzzleHttp\Exception\GuzzleException; use ParagonIE\Chronicle\Chronicle; use ParagonIE\Chronicle\Error\ConfigurationError; -use ParagonIE\Chronicle\Exception\{ - FilesystemException, - TargetNotFound -}; +use ParagonIE\Chronicle\Exception\{FilesystemException, InvalidInstanceException, TargetNotFound}; use ParagonIE\ConstantTime\Base64UrlSafe; use ParagonIE\EasyDB\EasyDB; use ParagonIE\Sapient\Adapter\Guzzle; @@ -67,6 +64,7 @@ class CrossSign * @param SigningPublicKey $publicKey * @param array $policy * @param array $lastRun + * @throws \Exception */ public function __construct( int $id, @@ -95,6 +93,7 @@ public function __construct( * @param int $id * @return self * + * @throws InvalidInstanceException * @throws TargetNotFound */ public static function byId(int $id): self @@ -127,6 +126,7 @@ public static function byId(int $id): self * @return bool * * @throws ConfigurationError + * @throws InvalidInstanceException */ public function needsToCrossSign(): bool { @@ -179,6 +179,7 @@ public function needsToCrossSign(): bool * @throws InvalidMessageException * @throws GuzzleException * @throws FilesystemException + * @throws InvalidInstanceException */ public function performCrossSign(): bool { @@ -229,6 +230,7 @@ protected function sendToPeer(array $message): ResponseInterface * * @param EasyDB $db * @return array + * @throws InvalidInstanceException */ protected function getEndOfChain(EasyDB $db): array { @@ -248,12 +250,13 @@ protected function getEndOfChain(EasyDB $db): array * @param array $response * @param array $message * @return bool + * @throws InvalidInstanceException */ protected function updateLastRun(EasyDB $db, array $response, array $message): bool { $db->beginTransaction(); $db->update( - Chronicle::getTableName('xsign_targets'), + Chronicle::getTableNameUnquoted('xsign_targets'), [ 'lastrun' => \json_encode([ 'id' => $message['id'], diff --git a/src/Chronicle/Process/Replicate.php b/src/Chronicle/Process/Replicate.php index 2015423..ca818cc 100644 --- a/src/Chronicle/Process/Replicate.php +++ b/src/Chronicle/Process/Replicate.php @@ -53,6 +53,7 @@ class Replicate * @param string $name * @param string $url * @param SigningPublicKey $publicKey + * @throws \Exception */ public function __construct( int $id, @@ -76,6 +77,7 @@ public function __construct( * @param int $id * @return self * + * @throws InvalidInstanceException * @throws ReplicationSourceNotFound */ public static function byId(int $id): self @@ -104,6 +106,7 @@ public static function byId(int $id): self * @return void * * @throws GuzzleException + * @throws InvalidInstanceException * @throws InvalidMessageException * @throws SecurityViolation * @throws \SodiumException @@ -196,7 +199,7 @@ protected function appendToChain(array $entry): bool } /* Enter the new row to the replication table */ - $db->insert(Chronicle::getTableName('replication_chain', true), [ + $db->insert(Chronicle::getTableNameUnquoted('replication_chain', true), [ 'source' => $this->id, 'data' => $entry['contents'], 'prevhash' => $prevhash, From c92c2428fb7b76be5e072474bd79cd15d461eaab Mon Sep 17 00:00:00 2001 From: Paragon Initiative Enterprises Date: Thu, 12 Sep 2019 07:22:07 -0400 Subject: [PATCH 2/2] Suppress Psalm false positives --- src/Chronicle/Chronicle.php | 1 + src/Chronicle/Handlers/Register.php | 4 +++- 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/src/Chronicle/Chronicle.php b/src/Chronicle/Chronicle.php index 39255be..8ce18d0 100644 --- a/src/Chronicle/Chronicle.php +++ b/src/Chronicle/Chronicle.php @@ -103,6 +103,7 @@ public static function getTableNameUnquoted(string $name, bool $dontEscape = fal * * @throws BaseException * @throws \SodiumException + * @psalm-suppress MixedTypeCoercion */ public static function extendBlakechain( string $body, diff --git a/src/Chronicle/Handlers/Register.php b/src/Chronicle/Handlers/Register.php index f76d211..3e98ffa 100644 --- a/src/Chronicle/Handlers/Register.php +++ b/src/Chronicle/Handlers/Register.php @@ -166,6 +166,8 @@ public function __invoke( * @throws \Exception * @throws InvalidInstanceException * @throws SecurityViolation + * + * @psalm-suppress MixedTypeCoercion */ protected function createClient(array $post): string { @@ -189,7 +191,7 @@ protected function createClient(array $post): string [ 'publicid' => $clientId, 'publickey' => $post['publickey'], - 'comment' => $post['comment'] ?? '', + 'comment' => (string) ($post['comment'] ?? ''), 'isAdmin' => false, 'created' => $now, 'modified' => $now