class PharMetaDataInterceptor

class PharMetaDataInterceptor implements Assertable {
    
    /**
     * Determines whether the according Phar archive contains
     * (potential insecure) serialized objects.
     *
     * @param string $path
     * @param string $command
     * @return bool
     * @throws Exception
     */
    public function assert($path, $command) {
        if ($this->baseFileDoesNotHaveMetaDataIssues($path)) {
            return true;
        }
        throw new Exception(sprintf('Problematic meta-data in "%s"', $path), 1539632368);
    }
    
    /**
     * @param string $path
     * @return bool
     */
    private function baseFileDoesNotHaveMetaDataIssues($path) {
        $invocation = Manager::instance()->resolve($path);
        if ($invocation === null) {
            return false;
        }
        // directly return in case invocation was checked before
        if ($invocation->getVariable(__CLASS__) === true) {
            return true;
        }
        // otherwise analyze meta-data
        try {
            $reader = new Reader($invocation->getBaseName());
            $reader->resolveContainer()
                ->getManifest()
                ->deserializeMetaData();
            $invocation->setVariable(__CLASS__, true);
        } catch (DeserializationException $exception) {
            return false;
        }
        return true;
    }

}