class PharMetaDataInterceptor

class PharMetaDataInterceptor implements Assertable {
  
  /**
   * Determines whether the according Phar archive contains
   * (potential insecure) serialized objects.
   *
   * @param string $path
   * @param string $command
   * @return bool
   * @throws Exception
   */
  public function assert($path, $command) {
    if ($this->baseFileDoesNotHaveMetaDataIssues($path)) {
      return true;
    }
    throw new Exception(sprintf('Problematic meta-data in "%s"', $path), 1539632368);
  }
  
  /**
   * @param string $path
   * @return bool
   */
  private function baseFileDoesNotHaveMetaDataIssues($path) {
    $invocation = Manager::instance()->resolve($path);
    if ($invocation === null) {
      return false;
    }
    // directly return in case invocation was checked before
    if ($invocation->getVariable(__CLASS__) === true) {
      return true;
    }
    // otherwise analyze meta-data
    try {
      $reader = new Reader($invocation->getBaseName());
      $reader->resolveContainer()
        ->getManifest()
        ->deserializeMetaData();
      $invocation->setVariable(__CLASS__, true);
    } catch (DeserializationException $exception) {
      return false;
    }
    return true;
  }

}