From 47fd1da865f419d1b3daa482178acfe624c79e9e Mon Sep 17 00:00:00 2001
From: Yahe <hello@yahe.sh>
Date: Thu, 31 Oct 2024 11:55:27 +0100
Subject: [PATCH] improve config type checks (#58)

---
 CHANGELOG.md                                |  9 +++----
 end-to-end-encryption/recover.php           | 23 +++++++++++++++++-
 server-side-encryption/recover.php          | 17 +++++++++++---
 tests/src/end-to-end-encryption/config.php  | 26 +++++++++++++++++++++
 tests/src/server-side-encryption/config.php | 11 +++++++++
 5 files changed, 78 insertions(+), 8 deletions(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 1833ca8..def42a2 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -6,18 +6,19 @@
 * [add skip_files tests (#53)](https://github.com/nextcloud/encryption-recovery-tools/pull/53)
 * [update CHANGELOG.md (#54)](https://github.com/nextcloud/encryption-recovery-tools/pull/54)
 * [increase decryption block size (#55)](https://github.com/nextcloud/encryption-recovery-tools/pull/55)
+* [improve config type checks (#58)](https://github.com/nextcloud/encryption-recovery-tools/pull/58)
 
 ## v29.0.0 (2024-05-31)
 
-* [add Nextcloud29 test (#50)](https://github.com/nextcloud/encryption-recovery-tools/pull/50)
-* [Nextcloud 29 release (#49)](https://github.com/nextcloud/encryption-recovery-tools/pull/49)
-* [improve startup sequence (#48)](https://github.com/nextcloud/encryption-recovery-tools/pull/48)
-* [fix another typo (#47)](https://github.com/nextcloud/encryption-recovery-tools/pull/47)
 * [improve description of how to configure the recover.php scripts (#41)](https://github.com/nextcloud/encryption-recovery-tools/pull/41)
 * [fix typo (#43)](https://github.com/nextcloud/encryption-recovery-tools/pull/43)
 * [be more verbose on startup (#44)](https://github.com/nextcloud/encryption-recovery-tools/pull/44)
 * [document debug mode (#45)](https://github.com/nextcloud/encryption-recovery-tools/pull/45)
 * [align CHANGELOG.md with the release notes (#46)](https://github.com/nextcloud/encryption-recovery-tools/pull/46)
+* [fix another typo (#47)](https://github.com/nextcloud/encryption-recovery-tools/pull/47)
+* [improve startup sequence (#48)](https://github.com/nextcloud/encryption-recovery-tools/pull/48)
+* [Nextcloud 29 release (#49)](https://github.com/nextcloud/encryption-recovery-tools/pull/49)
+* [add Nextcloud29 test (#50)](https://github.com/nextcloud/encryption-recovery-tools/pull/50)
 
 ## v28.0.0 (2024-01-19)
 
diff --git a/end-to-end-encryption/recover.php b/end-to-end-encryption/recover.php
index 41c20db..32d6ade 100755
--- a/end-to-end-encryption/recover.php
+++ b/end-to-end-encryption/recover.php
@@ -249,6 +249,16 @@ function config($key, $value) {
 			if (false !== getenv($key)) {
 				// handle specific environment variables differently
 				switch ($key) {
+					// handle as integers
+					case "BLOCKSIZE":
+					case "TAGSIZE":
+					case "VERSION_1":
+						$tmp = filter_var(getenv($key), FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
+						if ((null !== $tmp) && (0 < $tmp)) {
+							$value = $tmp;
+						}
+						break;
+
 					// handle as arrays
 					case "EXTERNAL_STORAGES":
 						$value   = [];
@@ -265,7 +275,10 @@ function config($key, $value) {
 					// handle as booleans
 					case "DEBUG_MODE":
 					case "DEBUG_MODE_VERBOSE":
-						$value = filter_var(getenv($key), FILTER_VALIDATE_BOOLEAN);
+						$tmp = filter_var(getenv($key), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+						if (null !== $tmp) {
+							$value = $tmp;
+						}
 						break;
 
 					// handle user mnemonics specifically
@@ -285,6 +298,14 @@ function config($key, $value) {
 						}
 						break;
 
+					// handle as float
+					case "VERSION_12":
+						$tmp = filter_var(getenv($key), FILTER_VALIDATE_FLOAT, FILTER_NULL_ON_FAILURE);
+						if ((null !== $tmp) && (0 < $tmp)) {
+							$value = $tmp;
+						}
+						break;
+
 					default:
 						$value = getenv($key);
 				}
diff --git a/server-side-encryption/recover.php b/server-side-encryption/recover.php
index cf24134..5d3a847 100755
--- a/server-side-encryption/recover.php
+++ b/server-side-encryption/recover.php
@@ -323,6 +323,14 @@ function config($key, $value) {
 			if (false !== getenv($key)) {
 				// handle specific environment variables differently
 				switch ($key) {
+					// handle as integers
+					case "BLOCKSIZE":
+						$tmp = filter_var(getenv($key), FILTER_VALIDATE_INT, FILTER_NULL_ON_FAILURE);
+						if ((null !== $tmp) && (0 < $tmp)) {
+							$value = $tmp;
+						}
+						break;
+
 					// handle as associative array of integers
 					case "CIPHER_SUPPORT":
 						$value   = [];
@@ -331,8 +339,8 @@ function config($key, $value) {
 							if (false !== strpos($entry, "=")) {
 								$left  = substr($entry, 0, strpos($entry, "="));
 								$right = substr($entry, strpos($entry, "=")+1);
-								$right = filter_var($right, FILTER_VALIDATE_INT, ["flags" => FILTER_FLAG_ALLOW_OCTAL | FILTER_FLAG_ALLOW_HEX]);
-								if (false !== $right) {
+								$right = filter_var($right, FILTER_VALIDATE_INT, FILTER_FLAG_ALLOW_OCTAL | FILTER_FLAG_ALLOW_HEX | FILTER_NULL_ON_FAILURE);
+								if ((null !== $right) && (0 < $right)) {
 									$value[$left] = $right;
 								}
 							}
@@ -343,7 +351,10 @@ function config($key, $value) {
 					case "DEBUG_MODE":
 					case "DEBUG_MODE_VERBOSE":
 					case "SUPPORT_MISSING_HEADERS":
-						$value = filter_var(getenv($key), FILTER_VALIDATE_BOOLEAN);
+						$tmp = filter_var(getenv($key), FILTER_VALIDATE_BOOLEAN, FILTER_NULL_ON_FAILURE);
+						if (null !== $tmp) {
+							$value = $tmp;
+						}
 						break;
 
 					// handle as associative array of strings
diff --git a/tests/src/end-to-end-encryption/config.php b/tests/src/end-to-end-encryption/config.php
index 4ec7510..a73ff41 100644
--- a/tests/src/end-to-end-encryption/config.php
+++ b/tests/src/end-to-end-encryption/config.php
@@ -57,4 +57,30 @@ public function test_putenv() {
 		config("USER_MNEMONICS", []);
 		self::assertSame($expected, USER_MNEMONICS);
 	}
+
+	public function test_putenv_overwrite_float() {
+		define("TESTING", true);
+
+		$expected = 1.2;
+		putenv("VERSION_12=K");
+
+		include(__DIR__."/../../../end-to-end-encryption/recover.php");
+
+		self::assertSame($expected, VERSION_12);
+	}
+
+	public function test_putenv_overwrite_int() {
+		define("TESTING", true);
+
+		$expected1 = 8192;
+		putenv("BLOCKSIZE=K");
+
+		$expected2 = 16;
+		putenv("TAGSIZE=K");
+
+		include(__DIR__."/../../../end-to-end-encryption/recover.php");
+
+		self::assertSame($expected1, BLOCKSIZE);
+		self::assertSame($expected2, TAGSIZE);
+	}
 }
diff --git a/tests/src/server-side-encryption/config.php b/tests/src/server-side-encryption/config.php
index 5dce5f3..a569f81 100644
--- a/tests/src/server-side-encryption/config.php
+++ b/tests/src/server-side-encryption/config.php
@@ -95,6 +95,17 @@ public function test_putenv_overwrite_hex() {
 		self::assertSame($expected, CIPHER_SUPPORT);
 	}
 
+	public function test_putenv_overwrite_int() {
+		define("TESTING", true);
+
+		$expected = 8192;
+		putenv("BLOCKSIZE=K");
+
+		include(__DIR__."/../../../server-side-encryption/recover.php");
+
+		self::assertSame($expected, BLOCKSIZE);
+	}
+
 	public function test_putenv_overwrite_oct() {
 		define("TESTING", true);