Issues in deploy.php (master) - Issues in master - DakuTree/manga-tracker - Measure and Improve Code Quality continuously with Scrutinizer

Issues (128)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

_scripts/deploy.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/** https://deployer.org/
 *
 * Call via: dep -f=_scripts/deploy.php deploy
 *
 */
namespace Deployer;

if(basename(getcwd()) !== 'manga-tracker') die('Bad CWD: Call from manga-tracker with dep -f=_scripts/deploy.php deploy');

require 'recipe/cachetool.php'; //requires deployer/recipes
require 'recipe/codeigniter.php';

// Project name
set('application', 'trackr.moe');

// Project repository
set('repository', '[email protected]:DakuTree/manga-tracker.git');

// [Optional] Allocate tty for git clone. Default value is false.
set('git_tty', FALSE);

// Fix bug on windows
set('ssh_multiplexing', false);

set('clear_paths', [
	'.docker',
	'.git',
	'.github',
	'.idea'
]);

add('copy_files', [
	'_scripts/config.ini',
	'application/config/_secure/email.php',
	'application/config/_secure/mailgun.php',
	'application/config/_secure/monolog.php',
	'application/config/_secure/recaptcha.php',
	'application/config/_secure/sites.php',
	'application/config/production/database_password.php'
]);
add('shared_dirs', []);

// Writable dirs by web server 
add('writable_dirs', []);

set('allow_anonymous_stats', false);

// Hosts
host('trackr.moe')
	->user('deployer')
	->identityFile('~/.ssh/deploy.ppk')
	->set('deploy_path', '/var/www/trackr.moe');

// Tasks
//task('deploy:symlink', function() {}); //Uncomment when testing.
//task('cleanup', function() {});        //Uncomment when testing.

task('deploy:compile_assets', function() {
	// less
	//// themes
	writeln('➤➤ <comment>Compiling Themes</comment>');
	runS('( \
		cd {{release_path}}/public/assets/less && \
		exec lessc \
		--csscomb \
		--modify-var=themeLocation=common\\\\themes\\\\light \
		main.less \
		../css/main.light.css \
	)');
	runS('( \
		cd {{release_path}}/public/assets/less && \
		exec lessc \
		--csscomb \
		--modify-var=themeLocation=common\\\\themes\\\\dark \
		main.less \
		../css/main.dark.css \
	)');
	//// userscript css
	writeln('➤➤ <comment>Compiling Userscript CSS</comment>');
	runS('( \
		cd {{release_path}}/public/userscripts/assets/ && \
		exec lessc \
		--csscomb \
		main.less \
		main.css \
	)');

	//js
	writeln('➤➤ <comment>Compiling JavaScript</comment>');
	runS('( \
		cd {{release_path}}/public/assets/js && \
		exec google-closure-compiler-js \
		--compilationLevel SIMPLE_OPTIMIZATIONS \
		{{release_path}}/public/assets/js/main.js \
		{{release_path}}/public/assets/js/pages/*.js \
		> {{release_path}}/public/assets/js/compiled.min.js \
	)');

	//icons
	writeln('➤➤ <comment>Compiling Icons</comment>');
	runS('( \
		cd {{release_path}} && \
		php -r "include \'_scripts/SpritesheetGenerator.php\'; (new SpriteSheet(\'site\', FALSE))->generate();" && \
		php -r "include \'_scripts/SpritesheetGenerator.php\'; (new SpriteSheet(\'time\', FALSE))->generate();"
	)');

	// userscript .meta.js
	writeln('➤➤ <comment>Compiling Userscript .meta.js</comment>');
	runS('( \
		cd {{release_path}} && \
		userscript-utils get-updateblock -du -i public/userscripts/manga-tracker.user.js -o public/userscripts/manga-tracker.meta.js \
	)');
	// userscript version constant
	writeln('➤➤ <comment>Tweaking Userscript Version Constant</comment>');
	runS('( \
		cd {{release_path}} && \
		USERSCRIPT_VERSION=$(grep -oP \'@version[\s]*\K([0-9\.]+)\' public/userscripts/manga-tracker.meta.js); \
		sed -i -r "s/define\(\'USERSCRIPT_VERSION\', \'[0-9\.]+\'\);/define\(\'USERSCRIPT_VERSION\', \'$USERSCRIPT_VERSION\'\);/g" application/config/constants.php \
	)');
});

task('deploy:copy_files', function () {
	$sharedPath = '{{deploy_path}}/shared';
	foreach (get('copy_files') as $file) {
		$dirname = dirname(parse($file));
		// Create dir of shared file
		runS("mkdir -p $sharedPath/" . $dirname);
		// Check if shared file does not exist in shared.
		// and file exist in release
		if (!test("[ -f $sharedPath/$file ]") && test("[ -f {{release_path}}/$file ]")) {

			// Copy file in shared dir if not present
			runS("cp -rv {{release_path}}/$file $sharedPath/$file");
		}
		// Remove from source.
		runS("if [ -f $(echo {{release_path}}/$file) ]; then rm -rf {{release_path}}/$file; fi");
		// Ensure dir is available in release
		runS("if [ ! -d $(echo {{release_path}}/$dirname) ]; then mkdir -p {{release_path}}/$dirname;fi");
		// Touch shared
		runS("touch $sharedPath/$file");

		runS("cp $sharedPath/$file {{release_path}}/$file");
	}
});

task('deploy:migrate_db', function () {
	// Migration is disabled by default on production, so we need to toggle it temporally.
	runS('( \
		cd {{release_path}} && \
		sed -i -r "s/(migration_enabled.*?)FALSE/\1TRUE/g" application/config/production/migration.php && \
		CI_ENV="production" php public/index.php admin/migrate && \
		sed -i -r "s/(migration_enabled.*?)TRUE/\1FALSE/g" application/config/production/migration.php \
	)');
});

task('deploy:maintenance_enable', function () {
	//define('MAINTENANCE', FALSE);
	runS('( \
		cd {{previous_release}} && \
		sed -i -r "s/(\'MAINTENANCE\',) FALSE/\1 TRUE/" public/index.php \
	)');
	runS('( \
		cd {{release_path}} && \
		sed -i -r "s/(\'MAINTENANCE\',) FALSE/\1 TRUE/" public/index.php \
	)');
});
task('deploy:maintenance_disable', function () {
	//define('MAINTENANCE', FALSE);
	runS('( \
		cd {{release_path}} && \
		sed -i -r "s/(\'MAINTENANCE\',) TRUE/\1 FALSE/" public/index.php \
	)');
});

// Events
after('deploy:vendors', 'deploy:compile_assets');
after('deploy:vendors', 'deploy:clear_paths');

after('deploy:shared', 'deploy:copy_files');

before('deploy:symlink', 'deploy:maintenance_enable');
after('deploy:maintenance_enable', 'cachetool:clear:opcache');
after('deploy:symlink', 'deploy:migrate_db');

after('deploy', 'deploy:maintenance_disable');
after('deploy:maintenance_disable', 'cachetool:clear:opcache');
after('deploy:failed', 'deploy:unlock'); // [Optional] if deploy fails automatically unlock.

//TODO: After deploy:success, ask if we want to send a tweet and/or update notices?
//      https://deployer.org/docs/api

function runS(string $runCommand) : void {
	$runCommand = preg_replace("/\r\n/", "\n", $runCommand);
	run($runCommand);
}


1			<?php
2			/** https://deployer.org/
3			*
4			* Call via: dep -f=_scripts/deploy.php deploy
5			*
6			*/
7			namespace Deployer;
8
9			if(basename(getcwd()) !== 'manga-tracker') die('Bad CWD: Call from manga-tracker with dep -f=_scripts/deploy.php deploy');
10
11			require 'recipe/cachetool.php'; //requires deployer/recipes
12			require 'recipe/codeigniter.php';
13
14			// Project name
15			set('application', 'trackr.moe');
16
17			// Project repository
18			set('repository', '[email protected]:DakuTree/manga-tracker.git');
19
20			// [Optional] Allocate tty for git clone. Default value is false.
21			set('git_tty', FALSE);
22
23			// Fix bug on windows
24			set('ssh_multiplexing', false);
25
26			set('clear_paths', [
27			'.docker',
28			'.git',
29			'.github',
30			'.idea'
31			]);
32
33			add('copy_files', [
34			'_scripts/config.ini',
35			'application/config/_secure/email.php',
36			'application/config/_secure/mailgun.php',
37			'application/config/_secure/monolog.php',
38			'application/config/_secure/recaptcha.php',
39			'application/config/_secure/sites.php',
40			'application/config/production/database_password.php'
41			]);
42			add('shared_dirs', []);
43
44			// Writable dirs by web server
45			add('writable_dirs', []);
46
47			set('allow_anonymous_stats', false);
48
49			// Hosts
50			host('trackr.moe')
51			->user('deployer')
52			->identityFile('~/.ssh/deploy.ppk')
53			->set('deploy_path', '/var/www/trackr.moe');
54
55			// Tasks
56			//task('deploy:symlink', function() {}); //Uncomment when testing.
57			//task('cleanup', function() {}); //Uncomment when testing.
58
59			task('deploy:compile_assets', function() {
60			// less
61			//// themes
62			writeln('➤➤ <comment>Compiling Themes</comment>');
63			runS('( \
64			cd {{release_path}}/public/assets/less && \
65			exec lessc \
66			--csscomb \
67			--modify-var=themeLocation=common\\\\themes\\\\light \
68			main.less \
69			../css/main.light.css \
70			)');
71			runS('( \
72			cd {{release_path}}/public/assets/less && \
73			exec lessc \
74			--csscomb \
75			--modify-var=themeLocation=common\\\\themes\\\\dark \
76			main.less \
77			../css/main.dark.css \
78			)');
79			//// userscript css
80			writeln('➤➤ <comment>Compiling Userscript CSS</comment>');
81			runS('( \
82			cd {{release_path}}/public/userscripts/assets/ && \
83			exec lessc \
84			--csscomb \
85			main.less \
86			main.css \
87			)');
88
89			//js
90			writeln('➤➤ <comment>Compiling JavaScript</comment>');
91			runS('( \
92			cd {{release_path}}/public/assets/js && \
93			exec google-closure-compiler-js \
94			--compilationLevel SIMPLE_OPTIMIZATIONS \
95			{{release_path}}/public/assets/js/main.js \
96			{{release_path}}/public/assets/js/pages/*.js \
97			> {{release_path}}/public/assets/js/compiled.min.js \
98			)');
99
100			//icons
101			writeln('➤➤ <comment>Compiling Icons</comment>');
102			runS('( \
103			cd {{release_path}} && \
104			php -r "include \'_scripts/SpritesheetGenerator.php\'; (new SpriteSheet(\'site\', FALSE))->generate();" && \
105			php -r "include \'_scripts/SpritesheetGenerator.php\'; (new SpriteSheet(\'time\', FALSE))->generate();"
106			)');
107
108			// userscript .meta.js
109			writeln('➤➤ <comment>Compiling Userscript .meta.js</comment>');
110			runS('( \
111			cd {{release_path}} && \
112			userscript-utils get-updateblock -du -i public/userscripts/manga-tracker.user.js -o public/userscripts/manga-tracker.meta.js \
113			)');
114			// userscript version constant
115			writeln('➤➤ <comment>Tweaking Userscript Version Constant</comment>');
116			runS('( \
117			cd {{release_path}} && \
118			USERSCRIPT_VERSION=$(grep -oP \'@version[\s]*\K([0-9\.]+)\' public/userscripts/manga-tracker.meta.js); \
119			sed -i -r "s/define\(\'USERSCRIPT_VERSION\', \'[0-9\.]+\'\);/define\(\'USERSCRIPT_VERSION\', \'$USERSCRIPT_VERSION\'\);/g" application/config/constants.php \
120			)');
121			});
122
123			task('deploy:copy_files', function () {
124			$sharedPath = '{{deploy_path}}/shared';
125			foreach (get('copy_files') as $file) {
126			$dirname = dirname(parse($file));
127			// Create dir of shared file
128			runS("mkdir -p $sharedPath/" . $dirname);
129			// Check if shared file does not exist in shared.
130			// and file exist in release
131			if (!test("[ -f $sharedPath/$file ]") && test("[ -f {{release_path}}/$file ]")) {
			0 ignored issues – show Unused Code introduced 2019-03-23 19:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `test()` has too many arguments starting with `"[ -f {$sharedPath}/{$file} ]"`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history... Unused Code introduced 2019-03-23 19:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `test()` has too many arguments starting with `"[ -f {{release_path}}/{$file} ]"`. This check compares calls to functions or methods with their respective definitions. If the call has more arguments than are defined, it raises an issue. If a function is defined several times with a different number of parameters, the check may pick up the wrong definition and report false positives. One codebase where this has been known to happen is Wordpress. In this case you can add the `@ignore` PhpDoc annotation to the duplicate definition and it will be ignored. Loading history...
132			// Copy file in shared dir if not present
133			runS("cp -rv {{release_path}}/$file $sharedPath/$file");
134			}
135			// Remove from source.
136			runS("if [ -f $(echo {{release_path}}/$file) ]; then rm -rf {{release_path}}/$file; fi");
137			// Ensure dir is available in release
138			runS("if [ ! -d $(echo {{release_path}}/$dirname) ]; then mkdir -p {{release_path}}/$dirname;fi");
139			// Touch shared
140			runS("touch $sharedPath/$file");
141
142			runS("cp $sharedPath/$file {{release_path}}/$file");
143			}
144			});
145
146			task('deploy:migrate_db', function () {
147			// Migration is disabled by default on production, so we need to toggle it temporally.
148			runS('( \
149			cd {{release_path}} && \
150			sed -i -r "s/(migration_enabled.*?)FALSE/\1TRUE/g" application/config/production/migration.php && \
151			CI_ENV="production" php public/index.php admin/migrate && \
152			sed -i -r "s/(migration_enabled.*?)TRUE/\1FALSE/g" application/config/production/migration.php \
153			)');
154			});
155
156			task('deploy:maintenance_enable', function () {
157			//define('MAINTENANCE', FALSE);
158			runS('( \
159			cd {{previous_release}} && \
160			sed -i -r "s/(\'MAINTENANCE\',) FALSE/\1 TRUE/" public/index.php \
161			)');
162			runS('( \
163			cd {{release_path}} && \
164			sed -i -r "s/(\'MAINTENANCE\',) FALSE/\1 TRUE/" public/index.php \
165			)');
166			});
167			task('deploy:maintenance_disable', function () {
168			//define('MAINTENANCE', FALSE);
169			runS('( \
170			cd {{release_path}} && \
171			sed -i -r "s/(\'MAINTENANCE\',) TRUE/\1 FALSE/" public/index.php \
172			)');
173			});
174
175			// Events
176			after('deploy:vendors', 'deploy:compile_assets');
177			after('deploy:vendors', 'deploy:clear_paths');
178
179			after('deploy:shared', 'deploy:copy_files');
180
181			before('deploy:symlink', 'deploy:maintenance_enable');
182			after('deploy:maintenance_enable', 'cachetool:clear:opcache');
183			after('deploy:symlink', 'deploy:migrate_db');
184
185			after('deploy', 'deploy:maintenance_disable');
186			after('deploy:maintenance_disable', 'cachetool:clear:opcache');
187			after('deploy:failed', 'deploy:unlock'); // [Optional] if deploy fails automatically unlock.
188
189			//TODO: After deploy:success, ask if we want to send a tweet and/or update notices?
190			// https://deployer.org/docs/api
191
192			function runS(string $runCommand) : void {
193			$runCommand = preg_replace("/\r\n/", "\n", $runCommand);
194			run($runCommand);
195			}
196

DakuTree / manga-tracker

Issues (128)

Security Analysis not enabled

_scripts/deploy.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like