ILIAS  release_5-4 Revision v5.4.26-12-gabc799a52e6
svg-scanner.php
Go to the documentation of this file.
1 #!/usr/bin/env php
2 <?php
3 
4 /*
5  * Simple program that uses svg-sanitizer
6  * to find issues in files specified on the
7  * command line, and prints a JSON output with
8  * the issues found on exit.
9  */
10 
11 require_once( __DIR__ . '/data/AttributeInterface.php' );
12 require_once( __DIR__ . '/data/TagInterface.php' );
13 require_once( __DIR__ . '/data/AllowedAttributes.php' );
14 require_once( __DIR__ . '/data/AllowedTags.php' );
15 require_once( __DIR__ . '/Sanitizer.php' );
16 
17 
18 /*
19  * Print array as JSON and then
20  * exit program with a particular
21  * exit-code.
22  */
23 
24 function sysexit(
25  $results,
26  $status
27 ) {
28  echo json_encode(
29  $results,
30  JSON_PRETTY_PRINT
31  );
32 
33  exit( $status );
34 }
35 
36 
37 /*
38  * Main part begins
39  */
40 
41 global $argv;
42 
43 /*
44  * Set up results array, to
45  * be printed on exit.
46  */
47 $results = array(
48  'totals' => array(
49  'errors' => 0,
50  ),
51 
52  'files' => array(
53  ),
54 );
55 
56 
57 /*
58  * Catch files to scan from $argv.
59  */
60 
61 $files_to_scan = $argv;
62 unset( $files_to_scan[0] );
63 
64 $files_to_scan = array_values(
65  $files_to_scan
66 );
67 
68 /*
69  * Catch no file specified.
70  */
71 
72 if ( empty( $files_to_scan ) ) {
73  $results['totals']['errors']++;
74  $results['messages'] = array(
75  array( 'No files to scan specified' ),
76  );
77 
78  sysexit(
79  $results,
80  1
81  );
82 }
83 
84 /*
85  * Initialize the SVG scanner.
86  *
87  * Make sure to allow custom attributes,
88  * and to remove remote references.
89  */
90 $sanitizer = new enshrined\svgSanitize\Sanitizer();
91 
92 $sanitizer->removeRemoteReferences( true );
93 
94 /*
95  * Scan each file specified to be scanned.
96  */
97 
98 foreach( $files_to_scan as $file_name ) {
99  /*
100  * Read SVG file.
101  */
102  $svg_file = @file_get_contents( $file_name );
103 
104  /*
105  * If not found, report that and continue.
106  */
107  if ( false === $svg_file ) {
108  $results['totals']['errors']++;
109 
110  $results['files'][ $file_name ][] = array(
111  'errors' => 1,
112  'messages' => array(
113  array(
114  'message' => 'File specified could not be read (' . $file_name . ')',
115  'line' => null,
116  ),
117  ),
118  );
119 
120  continue;
121  }
122 
123  /*
124  * Sanitize file and get issues found.
125  */
126  $sanitize_status = $sanitizer->sanitize( $svg_file );
127 
128  $xml_issues = $sanitizer->getXmlIssues();
129 
130  /*
131  * If we find no issues, simply note that.
132  */
133  if ( empty( $xml_issues ) && ( false !== $sanitize_status ) ) {
134  $results['files'][ $file_name ] = array(
135  'errors' => 0,
136  'messages' => array()
137  );
138  }
139 
140  /*
141  * Could not sanitize the file.
142  */
143  else if (
144  ( '' === $sanitize_status ) ||
145  ( false === $sanitize_status )
146  ) {
147  $results['totals']['errors']++;
148 
149  $results['files'][ $file_name ] = array(
150  'errors' => 1,
151  'messages' => array(
152  array(
153  'message' => 'Unable to sanitize file \'' . $file_name . '\'' ,
154  'line' => null,
155  )
156  ),
157  );
158  }
159 
160  /*
161  * If we find issues, note it and update statistics.
162  */
163 
164  else {
165  $results['totals']['errors'] += count( $xml_issues );
166 
167  $results['files'][ $file_name ] = array(
168  'errors' => count( $xml_issues ),
169  'messages' => $xml_issues,
170  );
171  }
172 
173  unset( $svg_file );
174  unset( $xml_issues );
175  unset( $sanitize_status );
176 }
177 
178 
179 /*
180  * Exit with a status
181  * that reflects what issues
182  * we found.
183  */
184 sysexit(
185  $results,
186  ( $results['totals']['errors'] === 0 ? 0 : 1 )
187 );
$argv
global $argv
Definition: svg-scanner.php:41
$files_to_scan
$files_to_scan
Definition: svg-scanner.php:61
$sanitizer
if(empty( $files_to_scan)) $sanitizer
Definition: svg-scanner.php:90
sysexit
sysexit( $results, $status)
Definition: svg-scanner.php:24
exit
exit
Definition: backend.php:16
$results
$results
Definition: svg-scanner.php:47