Icinga · yhabteab · Sep 1, 2023 · Jun 19, 2023 · Aug 16, 2023 · Aug 16, 2023
diff --git a/.github/workflows/php.yml b/.github/workflows/php.yml
@@ -31,12 +31,21 @@ jobs:
  tools: phpcs
 
  - name: Setup dependencies
- run: composer require -n --no-progress overtrue/phplint
+ run: |
+ composer require -n --no-progress overtrue/phplint
+ git clone --depth 1 https://github.com/Icinga/icingaweb2.git vendor/icingaweb2
+ git clone --depth 1 https://github.com/Icinga/icingaweb2-module-director.git vendor/director
+ git clone --depth 1 -b snapshot/nightly https://github.com/Icinga/icinga-php-library.git vendor/icinga-php-library
+ git clone --depth 1 -b snapshot/nightly https://github.com/Icinga/icinga-php-thirdparty.git vendor/icinga-php-thirdparty
 
  - name: PHP Lint
- if: success() || matrix.allow_failure
+ if: ${{ ! cancelled() }}
  run: ./vendor/bin/phplint -n --exclude={^vendor/.*} -- .
 
  - name: PHP CodeSniffer
- if: success() || matrix.allow_failure
+ if: ${{ ! cancelled() }}
  run: phpcs
+
+ - name: PHPStan
+ if: ${{ ! cancelled() }}
+ uses: php-actions/phpstan@v3
diff --git a/application/clicommands/CheckCommand.php b/application/clicommands/CheckCommand.php
@@ -4,20 +4,18 @@
 
 namespace Icinga\Module\X509\Clicommands;
 
+use DateInterval;
 use DateTime;
+use DateTimeInterface;
 use Icinga\Application\Logger;
 use Icinga\Module\X509\Command;
 use Icinga\Module\X509\Model\X509Certificate;
-use Icinga\Module\X509\Model\X509CertificateChain;
 use Icinga\Module\X509\Model\X509Target;
 use ipl\Sql\Expression;
 use ipl\Stdlib\Filter;
 
 class CheckCommand extends Command
 {
- public const UNIT_PERCENT = 'percent';
- public const UNIT_INTERVAL = 'interval';
-
  /**
  * Check a host's certificate
  *
@@ -127,8 +125,8 @@ public function hostAction()
  }
 
  $allowSelfSigned = (bool) $this->params->get('allow-self-signed', false);
- list($warningThreshold, $warningUnit) = $this->splitThreshold($this->params->get('warning', '25%'));
- list($criticalThreshold, $criticalUnit) = $this->splitThreshold($this->params->get('critical', '10%'));
+ $warningThreshold = $this->splitThreshold($this->params->get('warning', '25%'));
+ $criticalThreshold = $this->splitThreshold($this->params->get('critical', '10%'));
 
  $output = [];
  $perfData = [];
@@ -144,8 +142,8 @@ public function hostAction()
  $now = new DateTime();
  $validFrom = DateTime::createFromFormat('U.u', sprintf('%F', $target->valid_from / 1000.0));
  $validTo = DateTime::createFromFormat('U.u', sprintf('%F', $target->valid_to / 1000.0));
- $criticalAfter = $this->thresholdToDateTime($validFrom, $validTo, $criticalThreshold, $criticalUnit);
- $warningAfter = $this->thresholdToDateTime($validFrom, $validTo, $warningThreshold, $warningUnit);
+ $criticalAfter = $this->thresholdToDateTime($validFrom, $validTo, $criticalThreshold);
+ $warningAfter = $this->thresholdToDateTime($validFrom, $validTo, $warningThreshold);
 
  if ($now > $criticalAfter) {
  $state = 2;
@@ -203,11 +201,11 @@ public function hostAction()
  /**
  * Parse the given threshold definition
  *
- * @param  string  $threshold
+ * @param string $threshold
  *
- * @return  array
+ * @return int|DateInterval
  */
- protected function splitThreshold($threshold)
+ protected function splitThreshold(string $threshold)
  {
  $match = preg_match('/(\d+)([%\w]{1})/', $threshold, $matches);
  if (! $match) {
@@ -217,7 +215,7 @@ protected function splitThreshold($threshold)
 
  switch ($matches[2]) {
  case '%':
- return [(int) $matches[1], self::UNIT_PERCENT];
+ return (int) $matches[1];
  case 'y':
  case 'Y':
  $intervalSpec = 'P' . $matches[1] . 'Y';
@@ -245,27 +243,26 @@ protected function splitThreshold($threshold)
  exit(3);
  }
 
- return [new \DateInterval($intervalSpec), self::UNIT_INTERVAL];
+ return new DateInterval($intervalSpec);
  }
 
  /**
  * Convert the given threshold information to a DateTime object
  *
  * @param DateTime $from
  * @param DateTime $to
- * @param int|\DateInterval $thresholdValue
- * @param string $thresholdUnit
+ * @param int|DateInterval $thresholdValue
  *
- * @return  DateTime
+ * @return DateTimeInterface
  */
- protected function thresholdToDateTime(DateTime $from, DateTime $to, $thresholdValue, $thresholdUnit)
+ protected function thresholdToDateTime(DateTime $from, DateTime $to, $thresholdValue): DateTimeInterface
  {
  $to = clone $to;
- if ($thresholdUnit === self::UNIT_INTERVAL) {
+ if ($thresholdValue instanceof DateInterval) {
  return $to->sub($thresholdValue);
  }
 
  $coveredDays = (int) round($from->diff($to)->days * ($thresholdValue / 100));
- return $to->sub(new \DateInterval('P' . $coveredDays . 'D'));
+ return $to->sub(new DateInterval('P' . $coveredDays . 'D'));
  }
 }
diff --git a/application/controllers/CertificateController.php b/application/controllers/CertificateController.php
@@ -27,6 +27,7 @@ public function indexAction()
  return;
  }
 
+ /** @var ?X509Certificate $cert */
  $cert = X509Certificate::on($conn)
  ->filter(Filter::equal('id', $certId))
  ->first();

diff --git a/application/controllers/ChainController.php b/application/controllers/ChainController.php
@@ -29,6 +29,7 @@ public function indexAction()
  return;
  }
 
+ /** @var ?X509CertificateChain $chain */
  $chain = X509CertificateChain::on($conn)
  ->with(['target'])
  ->filter(Filter::equal('id', $id))

diff --git a/application/controllers/JobsController.php b/application/controllers/JobsController.php
@@ -11,6 +11,7 @@
 use ipl\Scheduler\Contract\Frequency;
 use ipl\Scheduler\Cron;
 use ipl\Web\Compat\CompatController;
+use stdClass;
 
 class JobsController extends CompatController
 {
@@ -89,12 +90,12 @@ protected function prepareForm(bool $isNew = false)
  if (! $isNew) {
  $name = $this->params->getRequired('name');
  $query = $repo->select()->where('name', $name);
-
- if (! $query->hasResult()) {
+ /** @var false|stdClass $data */
+ $data = $query->fetchRow();
+ if ($data === false) {
  $this->httpNotFound($this->translate('Job not found'));
  }
 
- $data = $query->fetchRow();
  if (! isset($data->frequencyType) && ! empty($data->schedule)) {
  $frequency = new Cron($data->schedule);
  } elseif (! empty($data->schedule)) {

diff --git a/library/X509/CertificateUtils.php b/library/X509/CertificateUtils.php
@@ -11,6 +11,7 @@
 use Icinga\Module\X509\Model\X509CertificateSubjectAltName;
 use Icinga\Module\X509\Model\X509Dn;
 use Icinga\Module\X509\Model\X509Target;
+use ipl\Orm\Model;
 use ipl\Sql\Connection;
 use ipl\Sql\Expression;
 use ipl\Sql\Select;
@@ -244,7 +245,7 @@ public static function findOrInsertCert(Connection $db, $cert)
  if (! isset($certInfo['subject']['CN']) && ! empty($sans)) {
  $subject = current($sans)[0];
  } else {
- $subject = static::shortNameFromDN($certInfo['subject']);
+ $subject = self::shortNameFromDN($certInfo['subject']);
  }
 
  // TODO: https://github.com/Icinga/ipl-orm/pull/78
@@ -330,7 +331,7 @@ private static function findOrInsertDn($db, $certInfo, $type)
  }
 
  foreach ($values as $value) {
- $data .= "{$key}=${value}, ";
+ $data .= "$key=$value, ";
  }
  }
  $hash = hash('sha256', $data, true);
@@ -442,7 +443,7 @@ public static function verifyCertificates(Connection $db)
  ));
 
  $contents = [];
-
+ /** @var Model $ca */
  foreach ($cas as $ca) {
  $contents[] = $ca->certificate;
  }

diff --git a/library/X509/Common/JobUtils.php b/library/X509/Common/JobUtils.php
@@ -123,9 +123,9 @@ public static function addrToNumber(string $addr): ?GMP
  * @param $num
  * @param bool $ipv6
  *
- * @return ?string
+ * @return false|string
  */
- public static function numberToAddr($num, bool $ipv6 = true): ?string
+ public static function numberToAddr($num, bool $ipv6 = true)
  {
  if ($ipv6) {
  return inet_ntop(str_pad(gmp_export($num), 16, "\0", STR_PAD_LEFT));

diff --git a/library/X509/Controller.php b/library/X509/Controller.php
@@ -18,9 +18,7 @@
 class Controller extends CompatController
 {
  use Database;
- use SearchControls {
- SearchControls::createSearchBar as private webCreateSearchBar;
- }
+ use SearchControls;
 
  /** @var Filter\Rule */
  protected $filter;

diff --git a/library/X509/Hook/SniHook.php b/library/X509/Hook/SniHook.php
@@ -27,8 +27,8 @@ public static function getAll()
  // the caller is expected to handle it as map of sequences though
  $sni = [];
 
+ /** @var self $hook */
  foreach (Hook::all('X509\Sni') as $hook) {
- /** @var self $hook */
  foreach ($hook->getHosts() as $ip => $hostname) {
  $sni[$ip][$hostname] = $hostname;
  }

diff --git a/library/X509/Job.php b/library/X509/Job.php
@@ -62,10 +62,10 @@ class Job implements Task
  /** @var DateTime A formatted date time of this job start time */
  protected $jobRunStart;
 
- /** @var array A list of excluded IP addresses and host names */
+ /** @var ?array A list of excluded IP addresses and host names */
  protected $excludedTargets = null;
 
- /** @var DateTime Since last scan threshold used to filter out scan targets */
+ /** @var ?DateTime Since last scan threshold used to filter out scan targets */
  protected $sinceLastScan;
 
  /** @var bool Whether job run should only perform a rescan */
@@ -358,14 +358,14 @@ private function startNextTarget()
  $this->pendingTargets++;
 
  $url = "tls://[{$target->ip}]:{$target->port}";
- Logger::debug("Connecting to %s", static::formatTarget($target));
+ Logger::debug("Connecting to %s", self::formatTarget($target));
 
  /** @var ConnectorInterface $connector */
  /** @var StreamOptsCaptureConnector $streamCapture */
  list($connector, $streamCapture) = $this->getConnector($target->hostname);
  $connector->connect($url)->then(
  function (ConnectionInterface $conn) use ($target, $streamCapture) {
- Logger::info("Connected to %s", static::formatTarget($target));
+ Logger::info("Connected to %s", self::formatTarget($target));
 
  // Close connection in order to capture stream context options
  $conn->close();
@@ -465,7 +465,9 @@ public function run(): Promise\ExtendedPromiseInterface
  }
  });
 
- return $this->deferred->promise();
+ /** @var Promise\ExtendedPromiseInterface $promise */
+ $promise = $this->deferred->promise();
+ return $promise;
  }
 
  protected function processChain($target, $chain)
@@ -540,7 +542,7 @@ protected function processChain($target, $chain)
  $chainUptodate = $currentFingerprints === $lastFingerprintsArr;
  }
 
- if ($chainUptodate) {
+ if ($lastChain && $chainUptodate) {
  $chainId = $lastChain->id;
  } else {
  // TODO: https://github.com/Icinga/ipl-orm/pull/78

diff --git a/library/X509/ProvidedHook/HostsImportSource.php b/library/X509/ProvidedHook/HostsImportSource.php
@@ -37,6 +37,7 @@ public function fetchData()
 
  $results = [];
  $foundDupes = [];
+ /** @var X509Target $target */
  foreach ($targets as $target) {
  $isV6 = Job::isIPV6($target->ip);
  $target->host_ip = $target->ip;

diff --git a/library/X509/ProvidedHook/ServicesImportSource.php b/library/X509/ProvidedHook/ServicesImportSource.php
@@ -88,6 +88,7 @@ public function fetchData()
  $targets->withColumns(['cert_subject_alt_name' => new Sql\Expression("$select", null, ...$values)]);
 
  $results = [];
+ /** @var X509Target $target */
  foreach ($targets as $target) {
  $isV6 = Job::isIPV6($target->ip);
  $target->host_ip = $target->ip;

diff --git a/library/X509/SortAdapter.php b/library/X509/SortAdapter.php
diff --git a/library/X509/Web/Control/SearchBar/ObjectSuggestions.php b/library/X509/Web/Control/SearchBar/ObjectSuggestions.php
@@ -33,6 +33,7 @@ class ObjectSuggestions extends Suggestions
  public function setModel($model): self
  {
  if (is_string($model)) {
+ /** @var Model $model */
  $model = new $model();
  }
 
@@ -168,8 +169,8 @@ public static function collectFilterColumns(Model $model, Resolver $resolver)
  self::collectRelations($resolver, $model, $models, []);
  }
 
+ /** @var Model $targetModel */
  foreach ($models as $path => $targetModel) {
- /** @var Model $targetModel */
  foreach ($resolver->getColumnDefinitions($targetModel) as $columnName => $definition) {
  yield "$path.$columnName" => $definition->getLabel();
  }