update file privilege checker

technodelight · Jun 13, 2024 · 0388ba1 · 0388ba1
1 parent 3dd7b25
commit 0388ba1
Show file tree

Hide file tree

Showing 2 changed files with 15 additions and 9 deletions.
diff --git a/src/Technodelight/Jira/Console/Configuration/FilePrivilegeErrorException.php b/src/Technodelight/Jira/Console/Configuration/FilePrivilegeErrorException.php
@@ -11,9 +11,11 @@ public static function fromUnreadablePath($path)
         return $exc;
     }
 
-    public static function fromInvalidPermAndPath($perms, $path)
+    public static function fromInvalidPermAndFilePath($perms, $path)
     {
-        $exc = new self(sprintf('Configuration cannot be readable by others! %s should be 0600)', $perms));
+        $exc = new self(
+            sprintf('Configuration %s cannot be readable by others! 0%o should be 0600)', $path, $perms)
+    );
         $exc->setPath($path);
         return $exc;
     }

diff --git a/src/Technodelight/Jira/Console/Configuration/Loader.php b/src/Technodelight/Jira/Console/Configuration/Loader.php
@@ -35,20 +35,24 @@ function (SplFileInfo $fileInfo) {
 
     private function loadConfigurationYaml(SplFileInfo $splFileInfo): array
     {
-        static $noticeTriggered = false;
+        // there can be multiple config files and we must track it by absolute path
+        static $noticeTriggered = [];
 
+        $absFilePath = $splFileInfo->getPathname() . DIRECTORY_SEPARATOR . $splFileInfo->getFilename();
         if ($splFileInfo->isReadable() === false && $splFileInfo->getRealPath() !== false) {
-            throw FilePrivilegeErrorException::fromUnreadablePath($splFileInfo->getPathname());
+            throw FilePrivilegeErrorException::fromUnreadablePath(
+                $absFilePath
+            );
         }
 
-        $perms = substr(sprintf('%04o', $splFileInfo->getPerms() & 07777), -4);
-        if ($perms !== '0600' && !$noticeTriggered) {
+        $perms = $splFileInfo->getPerms() & 0777;
+        if (!isset($noticeTriggered[$absFilePath]) && (0600 !== $perms)) {
             // treat this as a warning instead of fatal error
-            $e = FilePrivilegeErrorException::fromInvalidPermAndPath(
-                $splFileInfo->getPerms(), $splFileInfo->getPathname()
+            $e = FilePrivilegeErrorException::fromInvalidPermAndFilePath(
+                $perms, $absFilePath
             );
             user_error($e->getMessage(), E_USER_NOTICE);
-            $noticeTriggered = true;
+            $noticeTriggered[$absFilePath] = true;
         }
 
         return $this->handleImports(Yaml::parse(file_get_contents($splFileInfo->getRealPath())), $splFileInfo->getRealPath());