private function loadAndParseFile($fileName, $rootDir)
{
$rootDir = realpath($rootDir);
$fullPath = realpath($rootDir . '/' . $fileName);
if (is_readable($fullPath) === false) {
return false;
}
// Prevent LFI directory traversal attacks
if (!$this->configuration->isDirectoryTraversalAllowed() && substr($fullPath, 0, strlen($rootDir)) !== $rootDir) {
return false;
}
$cacheKey = md5($fullPath);
// cache based on file name, prevents including/parsing the same file multiple times
if (isset($this->cachedFiles[$cacheKey])) {
return $this->cachedFiles[$cacheKey];
}
$fileExtension = pathinfo($fileName, PATHINFO_EXTENSION);
if (in_array($fileExtension, ['yaml', 'yml', 'raml'])) {
$rootDir = dirname($rootDir . '/' . $fileName);
// RAML and YAML files are always parsed
$fileData = $this->parseRamlString(file_get_contents($fullPath), $rootDir);
$fileData = $this->includeAndParseFiles($fileData, $rootDir);
} else {
if (in_array($fileExtension, array_keys($this->fileLoaders))) {
$loader = $this->fileLoaders[$fileExtension];
} else {
$loader = $this->fileLoaders['*'];
}
$fileData = $loader->loadFile($fullPath);
$this->cachedFilesPaths[md5($fileData)] = $fullPath;
}
// cache before returning
$this->cachedFiles[$cacheKey] = $fileData;
return $fileData;
}