Issues in Cron.php (develop) - Issues in develop - FriendsOfAkeneo/FOACronBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (19)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Manager/Cron.php (3 issues)

Labels

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace FOA\CronBundle\Manager;

use FOA\CronBundle\Validator\Constraints as CronAsserts;

/**
 * Cron represents a cron command. It holds:
 * - time data
 * - command
 * - comment
 * - log files
 * - cron execution status
 *
 * @author Novikov Viktor
 */
class Cron
{
    /**
     * @var string
     * @CronAsserts\CronMinuteFormat
     */
    protected $minute = '*';

    /**
     * @var string
     * @CronAsserts\CronHourFormat
     */
    protected $hour = '*';

    /**
     * @var string
     * @CronAsserts\CronDayOfMonthFormat
     */
    protected $dayOfMonth = '*';

    /**
     * @var string
     * @CronAsserts\CronMonthFormat
     */
    protected $month = '*';

    /**
     * @var string
     * @CronAsserts\CronDayOfWeekFormat
     */
    protected $dayOfWeek = '*';

    /**
     * @var string
     * @CronAsserts\CliCommandPath
     */
    protected $command;

    /**
     * @var string
     * @CronAsserts\LogFile()
     */
    protected $logFile = null;

    /**
     * The size of the log file
     *
     * @var string
     */
    protected $logSize = null;

    /**
     * @var string
     * @CronAsserts\LogFile()
     */
    protected $errorFile = null;

    /**
     * The size of the error file
     *
     * @var string
     */
    protected $errorSize = null;

    /**
     * The last run time based on when log files have been written
     *
     * @var int
     */
    protected $lastRunTime = null;

    /**
     * The status of the cron, based on the log files
     *
     * @var string
     */
    protected $status;

    /**
     * @var string
     */
    protected $comment;

    /**
     * @var boolean
     */
    protected $isSuspended = false;

    /**
     * Parses a cron line into a Cron instance
     *
     * @static
     *
     * @param string $cron The cron line
     *
     * @return Cron
     */
    public static function parse($cron)
    {
        if (substr($cron, 0, 12) == '#suspended: ') {
            $cron = substr($cron, 12);
            $isSuspended = true;
        }

        $parts = explode(' ', $cron);

        $command = implode(' ', array_slice($parts, 5));

        // extract comment
        if (strpos($command, '#')) {
            list($command, $comment) = explode('#', $command);
            $comment = trim($comment);
        }

        // extract error file
        if (strpos($command, '2>')) {
            list($command, $errorFile) = explode('2>', $command);
            $errorFile = trim($errorFile);
        }

        // extract log file
        if (strpos($command, '>')) {
            list($command, $logFile) = explode('>', $command);
            $logFile = trim($logFile);
        }

        // compute last run time, and file size
        $lastRunTime = null;
        $logSize = null;
        $errorSize = null;
        if (isset($logFile) && file_exists($logFile)) {
            $lastRunTime = filemtime($logFile);
            $logSize = filesize($logFile);
        }
        if (isset($errorFile) && file_exists($errorFile)) {
            $lastRunTime = max($lastRunTime ?: 0, filemtime($errorFile));
            $errorSize = filesize($errorFile);
        }

        // compute status
        $status = 'error';
        if (!$logSize && !$errorSize) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
            $status = 'unknown';
        } elseif (!$errorSize || $errorSize == 0) {
0   == false // true
0   == null  // true
123 == false // false
123 == null  // false

// It is often better to use strict comparison
0 === false // false
0 === null  // false
            $status = 'success';
        }

        // create cron instance
        $cron = new self();
        $cron->setMinute($parts[0])
            ->setHour($parts[1])
            ->setDayOfMonth($parts[2])
            ->setMonth($parts[3])
            ->setDayOfWeek($parts[4])
            ->setCommand(\trim($command))
            ->setLastRunTime($lastRunTime)
            ->setLogSize($logSize)
            ->setErrorSize($errorSize)
            ->setStatus($status);

        if (isset($isSuspended)) {
            $cron->setSuspended($isSuspended);
        }
        if (isset($comment)) {
            $cron->setComment($comment);
        }
        if (isset($logFile)) {
            $cron->setLogFile($logFile);
        }
        if (isset($errorFile)) {
            $cron->setErrorFile($errorFile);
        }

        return $cron;
    }

    /**
     * @param string $command
     *
     * @return $this
     */
    public function setCommand($command)
    {
        $this->command = $command;

        return $this;
    }

    /**
     * @return string
     */
    public function getCommand()
    {
        return $this->command;
    }

    /**
     * @param string $dayOfMonth
     *
     * @return $this
     */
    public function setDayOfMonth($dayOfMonth)
    {
        $this->dayOfMonth = $dayOfMonth;

        return $this;
    }

    /**
     * @return string
     */
    public function getDayOfMonth()
    {
        return $this->dayOfMonth;
    }

    /**
     * @param string $dayOfWeek
     *
     * @return $this
     */
    public function setDayOfWeek($dayOfWeek)
    {
        $this->dayOfWeek = $dayOfWeek;

        return $this;
    }

    /**
     * @return string
     */
    public function getDayOfWeek()
    {
        return $this->dayOfWeek;
    }

    /**
     * @param string $hour
     *
     * @return $this
     */
    public function setHour($hour)
    {
        $this->hour = $hour;

        return $this;
    }

    /**
     * @return string
     */
    public function getHour()
    {
        return $this->hour;
    }

    /**
     * @param string $minute
     *
     * @return $this
     */
    public function setMinute($minute)
    {
        $this->minute = $minute;

        return $this;
    }

    /**
     * @return string
     */
    public function getMinute()
    {
        return $this->minute;
    }

    /**
     * @param string $month
     *
     * @return $this
     */
    public function setMonth($month)
    {
        $this->month = $month;

        return $this;
    }

    /**
     * @return string
     */
    public function getMonth()
    {
        return $this->month;
    }

    /**
     * @param string $comment
     *
     * @return $this
     */
    public function setComment($comment)
    {
        $this->comment = $comment;

        return $this;
    }

    /**
     * @return string
     */
    public function getComment()
    {
        return $this->comment;
    }

    /**
     * @param string $logFile
     *
     * @return $this
     */
    public function setLogFile($logFile)
    {
        $this->logFile = $logFile;

        return $this;
    }

    /**
     * @return string
     */
    public function getLogFile()
    {
        return $this->logFile;
    }

    /**
     * @param string $errorFile
     *
     * @return $this
     */
    public function setErrorFile($errorFile)
    {
        $this->errorFile = $errorFile;

        return $this;
    }

    /**
     * @return string
     */
    public function getErrorFile()
    {
        return $this->errorFile;
    }

    /**
     * @param int $lastRunTime
     *
     * @return $this
     */
    public function setLastRunTime($lastRunTime)
    {
        $this->lastRunTime = $lastRunTime;

        return $this;
    }

    /**
     * @return int
     */
    public function getLastRunTime()
    {
        return $this->lastRunTime;
    }

    /**
     * @param string $errorSize
     *
     * @return $this
     */
    public function setErrorSize($errorSize)
    {
        $this->errorSize = $errorSize;

        return $this;
    }

    /**
     * @return string
     */
    public function getErrorSize()
    {
        return $this->errorSize;
    }

    /**
     * @param string $logSize
     *
     * @return $this
     */
    public function setLogSize($logSize)
    {
        $this->logSize = $logSize;

        return $this;
    }

    /**
     * @return string
     */
    public function getLogSize()
    {
        return $this->logSize;
    }

    /**
     * @param string $status
     *
     * @return $this
     */
    public function setStatus($status)
    {
        $this->status = $status;

        return $this;
    }

    /**
     * @return string
     */
    public function getStatus()
    {
        return $this->status;
    }

    /**
     * Concatenate time data to get the time expression
     *
     * @return string
     */
    public function getExpression()
    {
        return sprintf('%s %s %s %s %s', $this->minute, $this->hour, $this->dayOfMonth, $this->month, $this->dayOfWeek);
    }

    /**
     * Gets the value of isSuspended
     *
     * @return boolean
     */
    public function isSuspended()
    {
        return $this->isSuspended;
    }

    /**
     * Sets the value of isSuspended
     *
     * @param boolean $isSuspended status
     *
     * @return Cron
     */
    public function setSuspended($isSuspended = true)
    {
        if ($this->isSuspended != $isSuspended) {
            $this->isSuspended = $isSuspended;
        }

        return $this;
    }

    /**
     * Transforms the cron instance into a cron line
     *
     * @return string
     */
    public function __toString()
    {
        $cronLine = '';
        if ($this->isSuspended()) {
            $cronLine .= '#suspended: ';
        }

        $cronLine .= $this->getExpression() . ' ' . $this->command;
        if ('' != $this->logFile) {
            $cronLine .= ' > ' . $this->logFile;
        }
        if ('' != $this->errorFile) {
            $cronLine .= ' 2> ' . $this->errorFile;
        }
        if ('' != $this->comment) {
            $cronLine .= ' #' . $this->comment;
        }

        return $cronLine;
    }
}


1			<?php
2
3			namespace FOA\CronBundle\Manager;
4
5			use FOA\CronBundle\Validator\Constraints as CronAsserts;
6
7			/**
8			* Cron represents a cron command. It holds:
9			* - time data
10			* - command
11			* - comment
12			* - log files
13			* - cron execution status
14			*
15			* @author Novikov Viktor
16			*/
17			class Cron
18			{
19			/**
20			* @var string
21			* @CronAsserts\CronMinuteFormat
22			*/
23			protected $minute = '*';
24
25			/**
26			* @var string
27			* @CronAsserts\CronHourFormat
28			*/
29			protected $hour = '*';
30
31			/**
32			* @var string
33			* @CronAsserts\CronDayOfMonthFormat
34			*/
35			protected $dayOfMonth = '*';
36
37			/**
38			* @var string
39			* @CronAsserts\CronMonthFormat
40			*/
41			protected $month = '*';
42
43			/**
44			* @var string
45			* @CronAsserts\CronDayOfWeekFormat
46			*/
47			protected $dayOfWeek = '*';
48
49			/**
50			* @var string
51			* @CronAsserts\CliCommandPath
52			*/
53			protected $command;
54
55			/**
56			* @var string
57			* @CronAsserts\LogFile()
58			*/
59			protected $logFile = null;
60
61			/**
62			* The size of the log file
63			*
64			* @var string
65			*/
66			protected $logSize = null;
67
68			/**
69			* @var string
70			* @CronAsserts\LogFile()
71			*/
72			protected $errorFile = null;
73
74			/**
75			* The size of the error file
76			*
77			* @var string
78			*/
79			protected $errorSize = null;
80
81			/**
82			* The last run time based on when log files have been written
83			*
84			* @var int
85			*/
86			protected $lastRunTime = null;
87
88			/**
89			* The status of the cron, based on the log files
90			*
91			* @var string
92			*/
93			protected $status;
94
95			/**
96			* @var string
97			*/
98			protected $comment;
99
100			/**
101			* @var boolean
102			*/
103			protected $isSuspended = false;
104
105			/**
106			* Parses a cron line into a Cron instance
107			*
108			* @static
109			*
110			* @param string $cron The cron line
111			*
112			* @return Cron
113			*/
114			public static function parse($cron)
115			{
116			if (substr($cron, 0, 12) == '#suspended: ') {
117			$cron = substr($cron, 12);
118			$isSuspended = true;
119			}
120
121			$parts = explode(' ', $cron);
122
123			$command = implode(' ', array_slice($parts, 5));
124
125			// extract comment
126			if (strpos($command, '#')) {
127			list($command, $comment) = explode('#', $command);
128			$comment = trim($comment);
129			}
130
131			// extract error file
132			if (strpos($command, '2>')) {
133			list($command, $errorFile) = explode('2>', $command);
134			$errorFile = trim($errorFile);
135			}
136
137			// extract log file
138			if (strpos($command, '>')) {
139			list($command, $logFile) = explode('>', $command);
140			$logFile = trim($logFile);
141			}
142
143			// compute last run time, and file size
144			$lastRunTime = null;
145			$logSize = null;
146			$errorSize = null;
147			if (isset($logFile) && file_exists($logFile)) {
148			$lastRunTime = filemtime($logFile);
149			$logSize = filesize($logFile);
150			}
151			if (isset($errorFile) && file_exists($errorFile)) {
152			$lastRunTime = max($lastRunTime ?: 0, filemtime($errorFile));
153			$errorSize = filesize($errorFile);
154			}
155
156			// compute status
157			$status = 'error';
158			if (!$logSize && !$errorSize) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-25 21:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$logSize` of type `integer\|null` is loosely compared to `false`; this is ambiguous if the integer can be zero. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history... Bug Best Practice introduced 2015-12-25 21:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$errorSize` of type `integer\|null` is loosely compared to `false`; this is ambiguous if the integer can be zero. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
159			$status = 'unknown';
160			} elseif (!$errorSize \|\| $errorSize == 0) {
			0 ignored issues – show Bug Best Practice introduced 2015-12-25 21:12 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$errorSize` of type `integer\|null` is loosely compared to `false`; this is ambiguous if the integer can be zero. You might want to explicitly use `=== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `integer` values, zero is a special case, in particular the following results might be unexpected: 0 == false // true 0 == null // true 123 == false // false 123 == null // false // It is often better to use strict comparison 0 === false // false 0 === null // false Loading history...
161			$status = 'success';
162			}
163
164			// create cron instance
165			$cron = new self();
166			$cron->setMinute($parts[0])
167			->setHour($parts[1])
168			->setDayOfMonth($parts[2])
169			->setMonth($parts[3])
170			->setDayOfWeek($parts[4])
171			->setCommand(\trim($command))
172			->setLastRunTime($lastRunTime)
173			->setLogSize($logSize)
174			->setErrorSize($errorSize)
175			->setStatus($status);
176
177			if (isset($isSuspended)) {
178			$cron->setSuspended($isSuspended);
179			}
180			if (isset($comment)) {
181			$cron->setComment($comment);
182			}
183			if (isset($logFile)) {
184			$cron->setLogFile($logFile);
185			}
186			if (isset($errorFile)) {
187			$cron->setErrorFile($errorFile);
188			}
189
190			return $cron;
191			}
192
193			/**
194			* @param string $command
195			*
196			* @return $this
197			*/
198			public function setCommand($command)
199			{
200			$this->command = $command;
201
202			return $this;
203			}
204
205			/**
206			* @return string
207			*/
208			public function getCommand()
209			{
210			return $this->command;
211			}
212
213			/**
214			* @param string $dayOfMonth
215			*
216			* @return $this
217			*/
218			public function setDayOfMonth($dayOfMonth)
219			{
220			$this->dayOfMonth = $dayOfMonth;
221
222			return $this;
223			}
224
225			/**
226			* @return string
227			*/
228			public function getDayOfMonth()
229			{
230			return $this->dayOfMonth;
231			}
232
233			/**
234			* @param string $dayOfWeek
235			*
236			* @return $this
237			*/
238			public function setDayOfWeek($dayOfWeek)
239			{
240			$this->dayOfWeek = $dayOfWeek;
241
242			return $this;
243			}
244
245			/**
246			* @return string
247			*/
248			public function getDayOfWeek()
249			{
250			return $this->dayOfWeek;
251			}
252
253			/**
254			* @param string $hour
255			*
256			* @return $this
257			*/
258			public function setHour($hour)
259			{
260			$this->hour = $hour;
261
262			return $this;
263			}
264
265			/**
266			* @return string
267			*/
268			public function getHour()
269			{
270			return $this->hour;
271			}
272
273			/**
274			* @param string $minute
275			*
276			* @return $this
277			*/
278			public function setMinute($minute)
279			{
280			$this->minute = $minute;
281
282			return $this;
283			}
284
285			/**
286			* @return string
287			*/
288			public function getMinute()
289			{
290			return $this->minute;
291			}
292
293			/**
294			* @param string $month
295			*
296			* @return $this
297			*/
298			public function setMonth($month)
299			{
300			$this->month = $month;
301
302			return $this;
303			}
304
305			/**
306			* @return string
307			*/
308			public function getMonth()
309			{
310			return $this->month;
311			}
312
313			/**
314			* @param string $comment
315			*
316			* @return $this
317			*/
318			public function setComment($comment)
319			{
320			$this->comment = $comment;
321
322			return $this;
323			}
324
325			/**
326			* @return string
327			*/
328			public function getComment()
329			{
330			return $this->comment;
331			}
332
333			/**
334			* @param string $logFile
335			*
336			* @return $this
337			*/
338			public function setLogFile($logFile)
339			{
340			$this->logFile = $logFile;
341
342			return $this;
343			}
344
345			/**
346			* @return string
347			*/
348			public function getLogFile()
349			{
350			return $this->logFile;
351			}
352
353			/**
354			* @param string $errorFile
355			*
356			* @return $this
357			*/
358			public function setErrorFile($errorFile)
359			{
360			$this->errorFile = $errorFile;
361
362			return $this;
363			}
364
365			/**
366			* @return string
367			*/
368			public function getErrorFile()
369			{
370			return $this->errorFile;
371			}
372
373			/**
374			* @param int $lastRunTime
375			*
376			* @return $this
377			*/
378			public function setLastRunTime($lastRunTime)
379			{
380			$this->lastRunTime = $lastRunTime;
381
382			return $this;
383			}
384
385			/**
386			* @return int
387			*/
388			public function getLastRunTime()
389			{
390			return $this->lastRunTime;
391			}
392
393			/**
394			* @param string $errorSize
395			*
396			* @return $this
397			*/
398			public function setErrorSize($errorSize)
399			{
400			$this->errorSize = $errorSize;
401
402			return $this;
403			}
404
405			/**
406			* @return string
407			*/
408			public function getErrorSize()
409			{
410			return $this->errorSize;
411			}
412
413			/**
414			* @param string $logSize
415			*
416			* @return $this
417			*/
418			public function setLogSize($logSize)
419			{
420			$this->logSize = $logSize;
421
422			return $this;
423			}
424
425			/**
426			* @return string
427			*/
428			public function getLogSize()
429			{
430			return $this->logSize;
431			}
432
433			/**
434			* @param string $status
435			*
436			* @return $this
437			*/
438			public function setStatus($status)
439			{
440			$this->status = $status;
441
442			return $this;
443			}
444
445			/**
446			* @return string
447			*/
448			public function getStatus()
449			{
450			return $this->status;
451			}
452
453			/**
454			* Concatenate time data to get the time expression
455			*
456			* @return string
457			*/
458			public function getExpression()
459			{
460			return sprintf('%s %s %s %s %s', $this->minute, $this->hour, $this->dayOfMonth, $this->month, $this->dayOfWeek);
461			}
462
463			/**
464			* Gets the value of isSuspended
465			*
466			* @return boolean
467			*/
468			public function isSuspended()
469			{
470			return $this->isSuspended;
471			}
472
473			/**
474			* Sets the value of isSuspended
475			*
476			* @param boolean $isSuspended status
477			*
478			* @return Cron
479			*/
480			public function setSuspended($isSuspended = true)
481			{
482			if ($this->isSuspended != $isSuspended) {
483			$this->isSuspended = $isSuspended;
484			}
485
486			return $this;
487			}
488
489			/**
490			* Transforms the cron instance into a cron line
491			*
492			* @return string
493			*/
494			public function __toString()
495			{
496			$cronLine = '';
497			if ($this->isSuspended()) {
498			$cronLine .= '#suspended: ';
499			}
500
501			$cronLine .= $this->getExpression() . ' ' . $this->command;
502			if ('' != $this->logFile) {
503			$cronLine .= ' > ' . $this->logFile;
504			}
505			if ('' != $this->errorFile) {
506			$cronLine .= ' 2> ' . $this->errorFile;
507			}
508			if ('' != $this->comment) {
509			$cronLine .= ' #' . $this->comment;
510			}
511
512			return $cronLine;
513			}
514			}
515

FriendsOfAkeneo / FOACronBundle

Issues (19)

Security Analysis not enabled

Manager/Cron.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like