From 0acb2c038c7cd59fb59286de90f57dbfeca1158c Mon Sep 17 00:00:00 2001 From: Robert Date: Sat, 16 Dec 2023 23:03:49 -0500 Subject: [PATCH] refactoring --- app/neato.php | 2 +- app/neato_common.php | 13 +- app/neato_configure.php | 219 ++++++++++++++++--------- app/neato_danger_checker.php | 52 ++++-- app/neato_enc.php | 133 ++++++++++++--- app/neato_fns.php | 15 +- app/neato_logger.php | 8 +- deploy_files/deploy_code_sniffer.php | 7 + deploy_files/deploy_example.php | 12 +- deploy_files/deploy_mysql_ex1.php | 20 +-- deploy_files/deploy_mysql_ex2.php | 8 +- deploy_files/deploy_podman.php | 10 +- deploy_files/deploy_security_audit.php | 15 +- deploy_files/deploy_test1.php | 6 +- 14 files changed, 355 insertions(+), 165 deletions(-) create mode 100644 deploy_files/deploy_code_sniffer.php diff --git a/app/neato.php b/app/neato.php index 2218d27..3fc9b06 100644 --- a/app/neato.php +++ b/app/neato.php @@ -106,7 +106,7 @@ function Save_sha($shasum): void function Do_Harm_checker(): void { include 'neato_danger_checker.php'; - if (is_file_dangerious($GLOBALS['cwd'] . '/deploy_files/deploy_' . $GLOBALS['file'].'.php') ) { + if (isFileDangerious($GLOBALS['cwd'] . '/deploy_files/deploy_' . $GLOBALS['file'].'.php') ) { if (! $GLOBALS['auto']) { $answer = readline("Do you wish to execute this Script, anyways!! ? "); if (strtolower(trim($answer)) === "yes" ) { diff --git a/app/neato_common.php b/app/neato_common.php index dca345a..8219b7c 100644 --- a/app/neato_common.php +++ b/app/neato_common.php @@ -1,4 +1,15 @@ + * @license https://mit-license.org/ MIT License + * @link https://git.mysnippetsofcode.com/tts/neatoDeploy + */ set_time_limit(0); @@ -11,7 +22,7 @@ require 'neato_logger.php'; require 'neato_fns.php'; require 'neato_enc.php'; -configure::set('logger_time_zone', 'America/Detroit'); +Configure::set('logger_time_zone', 'America/Detroit'); Neato_Registry::set('loader', new \Neato_Auto_Loader); Neato_Registry::get('loader')->register(); diff --git a/app/neato_configure.php b/app/neato_configure.php index 66d9e28..ec5f6b6 100644 --- a/app/neato_configure.php +++ b/app/neato_configure.php @@ -1,97 +1,152 @@ + * @license https://mit-license.org/ MIT License + * @link https://git.mysnippetsofcode.com/tts/neatoDeploy + */ -final class configure { - private static $config = array(); - protected function __construct() { } +/** + * Configure your app + * + * @category Util + * @package Neato + * @author Robert S. + * @license https://mit-license.org/ MIT License + * @link https://git.mysnippetsofcode.com/tts/neatoDeploy + */ +final class Configure +{ + + /** + * This private static var holds all configuration data. + * + * @staticvar static array $config holds all system config data. + */ + private static array $_config = []; + + /** + * Deny creating instance as all methods are static here. + */ + protected function __construct() + { + } - /* - * Fetches a setting set from using Configure::set() or add or update - * - * $name The name of the setting to get - * $key [optional] The Array Key to fetch - * The setting specified by $name, or null if $name was not set - * - * return type: ?array - */ - public static function get(string $name, $key = false) { - if (isset(self::$config[strtolower($name)])) { - $a = self::$config[strtolower($name)]; - if ($key === false) { - return $a; - } - if (isset($a[$key])) { - return $a[$key]; - } + /** + * Fetches a setting set from using Configure::set() or add or update + * + * @param string $name The name of the setting to get + * @param string|false $key [optional] The Array Key to fetch + * The setting specified by $name, + * or null if $name was not set + * + * @return mixed Fetch Config data + */ + public static function get(string $name, string|false $key = false): mixed + { + if (isset(static::$_config[strtolower($name)])) { + $a = static::$_config[strtolower($name)]; + if ($key === false) { + return $a; + } + if (isset($a[$key])) { + return $a[$key]; + } + } + return null; } - return null; - } - /* - * Checks if the setting exists - * - * $name The name of the setting to check existance - * return boolean true if $name was set, false otherwise - */ - public static function exists(string $name): bool { - if (array_key_exists(strtolower($name), self::$config)) { - return true; + /** + * Checks if the setting exists + * + * @param $name The name of the setting to check existance + * + * @return boolean true if $name was set, false otherwise + */ + public static function exists(string $name): bool + { + if (array_key_exists(strtolower($name), static::$_config)) { + return true; + } + return false; } - return false; - } - /* - * Overwrite/Update/Add to $config - * $name the main key to update - * $key the sub key - * type $value the data to update - */ - public static function update(string $name, string $key, $value): void { - self::$config[strtolower($name)][strtolower($key)] = $value; - } + /** + * Overwrite/Update/Add to $config + * + * @param string $name the main key to update. + * @param string $key the sub key. + * @param mixed $value the data to update + * + * @return void not ah + */ + public static function update(string $name, string $key, mixed $value): void + { + static::$_config[strtolower($name)][strtolower($key)] = $value; + } - /* - * Add to existing data without loss... to $config - * $name the main key - * $key the sub key - * $value new data to add - */ - public static function add(string $name, string $key, $value): void { - self::$config[strtolower($name)][strtolower($key)][] = $value; - } + /** + * Add to existing data without loss... to $config + * + * @param string $name the main key + * @param string $key the sub key + * @param mixed $value new data to add + * + * @return void not ah + */ + public static function add(string $name, string $key, mixed $value): void + { + static::$_config[strtolower($name)][strtolower($key)][] = $value; + } - /* - * Frees the setting given by $name, if it exists. All settings no longer in - * use should be freed using this method whenever possible - * - * $name The name of the setting to free - */ - public static function free(string $name): void { - if (self::exists($name)) - unset(self::$config[strtolower($name)]); - } + /** + * Frees the setting given by $name, if it exists. All settings no longer in + * use should be freed using this method whenever possible. + * + * @param string $name The name of the setting to free + * + * @return void not ah + */ + public static function free(string $name): void + { + if (static::exists($name)) { + unset(static::$_config[strtolower($name)]); + } + } - /* - * Adds the given $value to the configuration using the $name given - * - * $name The name to give this setting. Use Configure::exists() - * to check for pre-existing settings with the same name - * $value The value to set - */ - public static function set(string $name, $value): void { - self::$config[strtolower($name)] = $value; - } + /** + * Adds the given $value to the configuration using the $name given + * + * @param string $name The name to give this setting. Use Configure::exists() + * to check for pre-existing settings with the same name. + * @param mixed $value The value to set + * + * @return void not ah + */ + public static function set(string $name, mixed $value): void + { + static::$_config[strtolower($name)] = $value; + } - /* - * Sets $config data from an Array - * array $a ($name => $value) - * retutns a void - */ - public static function load_array(array $a): void { - foreach ($a as $name => $value) { - self::$config[strtolower($name)] = $value; + /** + * Sets $config data from an Array + * + * @param array $a ($name => $value) + * + * @return void not ah + */ + public static function loadArray(array $a): void + { + foreach ($a as $name => $value) { + static::$_config[strtolower($name)] = $value; + } + unset($a); } - unset($a); - } } // end of configure diff --git a/app/neato_danger_checker.php b/app/neato_danger_checker.php index cc980bf..4bef477 100644 --- a/app/neato_danger_checker.php +++ b/app/neato_danger_checker.php @@ -1,7 +1,25 @@ + * @license https://mit-license.org/ MIT License + * @link https://git.mysnippetsofcode.com/tts/neatoDeploy + */ if (! function_exists('readline') ) { - function readline($question) + /** + * If built in readline does not exists for my PHP, use this one. + * + * @param string $question Prompt for this Question + * + * @return string Grab users text entered in at prompt. + */ + function readline(string $question): string { $fh = fopen('php://stdin', 'r'); echo $question; @@ -12,7 +30,15 @@ if (! function_exists('readline') ) { } } -function is_file_dangerious($file_name) : bool { +/** + * Check is PHP Script look dangerious or maybe harmful? + * + * @param string $file_name the script to check + * + * @return bool Safe? + */ +function isFileDangerious(string $file_name) : bool +{ $match_on = [ 'reflectionfunction', '`' ]; $dangerious = [ 'exec', @@ -191,20 +217,20 @@ function is_file_dangerious($file_name) : bool { $found = false; if ($handle) { while ( ($line = fgets($handle) ) !== false ) { - $line = strtolower( $line ); // make sure it matches - $line = str_replace( ' ', '', $line ); // remove white-spaces! - foreach( $dangerious as $danger ) { - if ( isStringFound( $line, $danger . "(" ) ) { - echo PHP_EOL . "Warning: Found method: {$danger} in : " . $line . PHP_EOL; - $found = true; - } + $line = strtolower($line); // make sure it matches + $line = str_replace(' ', '', $line); // remove white-spaces! + foreach ($dangerious as $danger) { + if (isStringFound($line, $danger . "(") ) { + echo PHP_EOL . "Warning: Found method: {$danger} in : " . $line . PHP_EOL; + $found = true; } - foreach( $match_on as $whole_match ) { - if ( isStringFound($line, $whole_match) ) { + } + foreach ($match_on as $whole_match) { + if (isStringFound($line, $whole_match) ) { echo PHP_EOL . "Warning: Found method: {$whole_match} in : " . $line . PHP_EOL; $found = true; - } - } + } + } } fclose($handle); } else { diff --git a/app/neato_enc.php b/app/neato_enc.php index 6380808..bf8ba48 100644 --- a/app/neato_enc.php +++ b/app/neato_enc.php @@ -1,23 +1,53 @@ + * @license https://mit-license.org/ MIT License + * @link https://git.mysnippetsofcode.com/tts/neatoDeploy + */ -class enc { +/** + * Encode and Decode secrets + * + * @category Util + * @package Neato + * @author Robert S. + * @license https://mit-license.org/ MIT License + * @link https://git.mysnippetsofcode.com/tts/neatoDeploy + */ +class Enc +{ - public static function safe_encrypt(string $message, string $my_key = "") { + /** + * SafeEncrypt make communications private + * + * @param string $message to encode + * @param string $my_key encode with a secret key + * + * @return string cipher text data + */ + public static function safeEncrypt(string $message, string $my_key = "") + { $nonce = ""; $cipher = ""; $my_key = hex2bin($my_key); $nonce = random_bytes( - SODIUM_CRYPTO_SECRETBOX_NONCEBYTES + SODIUM_CRYPTO_SECRETBOX_NONCEBYTES ); $cipher = base64_encode( - $nonce . + $nonce . sodium_crypto_secretbox( - $message, - $nonce, - $my_key + $message, + $nonce, + $my_key ) ); sodium_memzero($message); @@ -25,7 +55,18 @@ class enc { return $cipher; } - public static function safe_decrypt(string $encrypted, string $my_key = "") { + /** + * Decode secret message into plan text + * + * @param string $encrypted your cypher text + * @param string $my_key secret key used by enc... + * + * @return string of plan text message + * + * @throws \Exception + */ + public static function safeDecrypt(string $encrypted, string $my_key = ""): string + { $decoded = ""; $nonce = ""; $ciphertext = ""; @@ -34,6 +75,8 @@ class enc { $my_key = hex2bin($my_key); /** + * Use decoded and check if valid. + * * @param false|string $decoded did it base64_code? * base64_decode may return a false!!! * Ignore the error in phpstan!! It is all correct here: @@ -50,9 +93,9 @@ class enc { $ciphertext = mb_substr($decoded, SODIUM_CRYPTO_SECRETBOX_NONCEBYTES, null, "8bit"); $plain = sodium_crypto_secretbox_open( - $ciphertext, - $nonce, - $my_key + $ciphertext, + $nonce, + $my_key ); if ($plain === false) { throw new \Exception("The message was tampered with in transit!"); @@ -62,9 +105,17 @@ class enc { return $plain; } - public static function make_key_file(string $file_name): string { + /** + * Create and Save a good key for secrets later on... + * + * @param string $file_name save to this file + * + * @return string + */ + public static function makeKeyFile(string $file_name): string + { if (!file_exists($file_name)) { - $key = self::generate_key(); + $key = self::generateKey(); write_file($file_name, $key); chmod_file_or_dir($file_name, getPerms("secret")); change_owner($file_name, "root", "root"); @@ -74,22 +125,54 @@ class enc { return $key; } - public static function generate_key() { + /** + * Gereate a Good strong Key + * + * @return string New Random Key for secure crypto + */ + public static function generateKey(): string + { return bin2hex(random_bytes(SODIUM_CRYPTO_SECRETBOX_KEYBYTES)); } - public static function decode_file(string $file_name, string $key) { + /** + * Lets recover the secret stuff from a file. + * + * @param string $file_name Read crypto junk + * @param string $key your secret Key + * + * @return mixed decrypted data + */ + public static function decodeFile(string $file_name, string $key) + { $ciphertext = file_get_contents($file_name); - $ret = json_decode(base64_decode(self::safe_decrypt(self::bin_to_hex_to_string($ciphertext), $key)), false); + $ret = json_decode(base64_decode(self::safeDecrypt(self::_binToHexToString($ciphertext), $key)), false); sodium_memzero($ciphertext); return $ret; } - public static function encode_file(string $file_name, $data, string $key) { - file_put_contents($file_name, self::string_to_hex_to_bin(self::safe_encrypt(base64_encode(json_encode((object) $data)), $key))); + /** + * EncodeFile writes to file and srambles the data + * + * @param string $file_name Write to this file + * @param mixed $data My message to encode + * @param string $key your secret Key + * + * @return void not ah + */ + public static function encodeFile(string $file_name, mixed $data, string $key): void + { + file_put_contents($file_name, self::_stringToHexToBin(self::safeEncrypt(base64_encode(json_encode((object) $data)), $key))); } - - private static function string_to_hex_to_bin(string $str): string { + /** + * Convert a string into hex then into Binary... + * + * @param string $str plan text + * + * @return string Binary data + */ + private static function _stringToHexToBin(string $str): string + { $ooh = 0; $hex = ""; for ($c = 0; $c < strlen($str); $c++) { @@ -104,7 +187,15 @@ class enc { return $hex; } - private static function bin_to_hex_to_string(string $hex): string { + /** + * Convert Binary into Hex into a string again. + * + * @param string $hex semi scamble stuff + * + * @return string cleaned up stuff again + */ + private static function _binToHexToString(string $hex): string + { $decoded = ""; $my_hex = ""; $my_dec = ""; diff --git a/app/neato_fns.php b/app/neato_fns.php index b7d2568..58c8509 100644 --- a/app/neato_fns.php +++ b/app/neato_fns.php @@ -39,16 +39,16 @@ function display(array|string $data): bool if (empty($str)) { return false; } - if (configure::get('display')) { + if (Configure::get('display')) { echo $str . PHP_EOL; } - if (configure::get('syslog')) { + if (Configure::get('syslog')) { $access = date("Y/m/d H:i:s"); syslog(LOG_INFO, $access . " " . $str); } - if (configure::get('logfile')) { + if (Configure::get('logfile')) { $config_file = (defined('CONFIG_FILE')) ? '_' . CONFIG_FILE : ''; $logger = new Logger('neatoInstaller' . $config_file); $logger->write($str); @@ -178,12 +178,15 @@ function doCommand() /** * File Loop, Run File Utils * - * @param array $data command and option + * @param mixed $data Array of commands and options * - * @return boolean Success? + * @return mixed Success? */ -function fileLoop(array $data) +function fileLoop(mixed $data): mixed { + if (! is_array($data)) { + throw new Exception("fileLoop requires an Array!"); + } $retval = true; foreach ($data as $command => $v) { switch (strtolower($command)) { diff --git a/app/neato_logger.php b/app/neato_logger.php index 814a934..f8e0f40 100644 --- a/app/neato_logger.php +++ b/app/neato_logger.php @@ -20,17 +20,13 @@ define('PROJECT_LOGS_DIR', $cwd. '/log'); /** * Logs display data - - * @param mixed $input text to display - * @param mixed $options colors to use - * + * * @category Util * @package Neato * @author Robert S. * @license https://mit-license.org/ MIT License * @link https://git.mysnippetsofcode.com/tts/neatoDeploy * - * @return string ANSI text */ class Logger @@ -125,7 +121,7 @@ class Logger if ($this->_handle === false || ! is_resource($this->_handle) ) { return false; } - $tz = configure::get('logger_time_zone'); + $tz = Configure::get('logger_time_zone'); if ($tz !== false && !empty($tz)) { $tz_obj = new \DateTimeZone($tz); $dt = new \DateTime(); diff --git a/deploy_files/deploy_code_sniffer.php b/deploy_files/deploy_code_sniffer.php new file mode 100644 index 0000000..cea23e5 --- /dev/null +++ b/deploy_files/deploy_code_sniffer.php @@ -0,0 +1,7 @@ + rand(16, 26)]); +Configure::set('display', true); // Show Output +Configure::set('logfile', true); // Save to log folder +Configure::set('syslog', false); +Configure::set('passwords', ['length' => rand(16, 26)]); /** @phpstan-ignore-next-line Variable $cwd $os might not be defined */ $templates_dir = $cwd . '/templates/' . $os['name'] . '/'; -configure::set('preinstall', [ +Configure::set('preinstall', [ 'cp' => [ 'neato.php' => 'cool.junk', 'cool.junk' => 'more.junk', '/home/bob/Documents/Servers/ha.conf' => 'test.ini' ], 'mv' => [ 'more.junk' => 'mmm.junk' ], 'rm' => [ 'cool.junk' ], @@ -18,7 +18,7 @@ force_normal(); //run_once(); // only allow, this script, to run once! -$root_password = make_password(configure::get('passwords', 'length')); +$root_password = make_password(Configure::get('passwords', 'length')); //do_command('service', 'mysql', 'stop'); diff --git a/deploy_files/deploy_mysql_ex1.php b/deploy_files/deploy_mysql_ex1.php index 8886a5e..edf299a 100644 --- a/deploy_files/deploy_mysql_ex1.php +++ b/deploy_files/deploy_mysql_ex1.php @@ -1,10 +1,10 @@ rand(16, 26)]); +Configure::set('display', true); // Show Output +Configure::set('logfile', false); // Save to log folder +Configure::set('syslog', false); +Configure::set('passwords', ['length' => rand(16, 26)]); -configure::set('pre_actions', [ +Configure::set('pre_actions', [ /** @phpstan-ignore-next-line Variable $cwd might not be defined */ 'make_dir' => [$cwd . '/my_vaults'=>'', '/etc/neato_secrets'=>''], 'chmod_file_or_dir' => @@ -16,23 +16,23 @@ force_root(); //doCommand('service', 'mysql', 'stop'); -fileLoop(configure::get('pre_actions')); +fileLoop(Configure::get('pre_actions')); -$my_key = enc::make_key_file("/etc/neato_secrets/mysql_key"); +$my_key = Enc::makeKeyFile("/etc/neato_secrets/mysql_key"); /** @phpstan-ignore-next-line Variable $cwd might not be defined */ if (!file_exists($cwd . "/my_vaults/mysql_secrets")) { - $root_password = make_password(configure::get('passwords', 'length')); + $root_password = make_password(Configure::get('passwords', 'length')); $obj = new stdClass(); $obj->root = $root_password; /** @phpstan-ignore-next-line Variable $cwd might not be defined */ - enc::encode_file($cwd . "/my_vaults/mysql_secrets", $obj, $my_key); + Enc::encodeFile($cwd . "/my_vaults/mysql_secrets", $obj, $my_key); } //$my_key = read_file("/etc/neato_secrets/mysql_data"); -//$o = Enc::decode_file($cwd . "/my_vaults/my_secrets", $my_key); +//$o = Enc::decodeFile($cwd . "/my_vaults/my_secrets", $my_key); //echo $o->root; //doCommand('service', 'mysql', 'start'); diff --git a/deploy_files/deploy_mysql_ex2.php b/deploy_files/deploy_mysql_ex2.php index ef7c5b8..0a9797e 100644 --- a/deploy_files/deploy_mysql_ex2.php +++ b/deploy_files/deploy_mysql_ex2.php @@ -1,7 +1,7 @@ root; //doCommand('service', 'mysql', 'start'); diff --git a/deploy_files/deploy_podman.php b/deploy_files/deploy_podman.php index 3900180..1e67e42 100644 --- a/deploy_files/deploy_podman.php +++ b/deploy_files/deploy_podman.php @@ -1,9 +1,9 @@ ['/etc/containers'=>''], 'chmod_file_or_dir' => ['/etc/containers' => 'dir'], @@ -11,7 +11,7 @@ configure::set('pre_actions', [ force_root(); -fileLoop(configure::get('pre_actions')); +fileLoop(Configure::get('pre_actions')); $is_podman_installed = doCommand('is_installed', "podman"); if ($is_podman_installed['installed'] === false) { diff --git a/deploy_files/deploy_security_audit.php b/deploy_files/deploy_security_audit.php index 9fa135f..4fc9dc4 100644 --- a/deploy_files/deploy_security_audit.php +++ b/deploy_files/deploy_security_audit.php @@ -1,12 +1,12 @@ 'blue'])); -$remove_users = configure::get('remove_users'); -foreach($remove_users as $del_user) { - doCommand('userdel', $del_user); +$remove_users = Configure::get('remove_users'); +if (is_array($remove_users)) { + foreach($remove_users as $del_user) { + doCommand('userdel', $del_user); + } } - display(getTermColors("Removing old un-needed programs", ['color'=>'blue'])); doCommand('purge', "xinetd nis yp-tools tftpd atftpd tftpd-hpa telnetd rsh-server rsh-redone-server"); diff --git a/deploy_files/deploy_test1.php b/deploy_files/deploy_test1.php index e001028..a1c3619 100644 --- a/deploy_files/deploy_test1.php +++ b/deploy_files/deploy_test1.php @@ -1,7 +1,7 @@