Issues in CronTask.php (develop) - Issues in develop - ci-bonfire/Sprint - Measure and Improve Code Quality continuously with Scrutinizer

Issues (423)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

myth/Cron/CronTask.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace Myth\Cron;
/**
 * Sprint
 *
 * A set of power tools to enhance the CodeIgniter framework and provide consistent workflow.
 *
 * Permission is hereby granted, free of charge, to any person obtaining a copy
 * of this software and associated documentation files (the "Software"), to deal
 * in the Software without restriction, including without limitation the rights
 * to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
 * copies of the Software, and to permit persons to whom the Software is
 * furnished to do so, subject to the following conditions:
 *
 * The above copyright notice and this permission notice shall be included in
 * all copies or substantial portions of the Software.
 *
 * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
 * IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
 * FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
 * AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
 * LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
 * OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
 * THE SOFTWARE.
 *
 * @package     Sprint
 * @author      Lonnie Ezell
 * @copyright   Copyright 2014-2015, New Myth Media, LLC (http://newmythmedia.com)
 * @license     http://opensource.org/licenses/MIT  (MIT)
 * @link        http://sprintphp.com
 * @since       Version 1.0
 */

/**
 * Class CronTask
 *
 * Represents a single scheduled item.
 *
 * Used by Myth\Cron\CronManager.
 *
 * Inspired by: https://github.com/mtdowling/cron-expression
 *
 * todo: Support time + string formats (like "3am second Friday")
 *
 * @package Myth\Cron
 */
class CronTask {

    /**
     * The original scheduled string.
     * Any valid relative time string.
     * http://php.net/manual/en/datetime.formats.relative.php
     *
     * @var
     */
    protected $schedule;

    /**
     * Stores the callable or library name:method to run.
     *
     * @var
     */
    protected $task;

    //--------------------------------------------------------------------

    /**
     * Stores our scheduled string and actual task.
     *
     * @param $schedule
     * @param callable $task
     */
    public function __construct($schedule, $task)
    {
        $this->schedule = $schedule;

        // If $task is not callable, it should be a library:method
        // string that we can parse. But it must have the colon in the string.
        if (! is_callable($task) && strpos($task, ':') === false)
        {
            throw new \RuntimeException( lang('cron.invalid_task') );
        }

        $this->task = $task;
    }

    //--------------------------------------------------------------------

    /**
     * Calculates the next date this task is supposed to run.
     *
     * @param int|'now' $current_time
     *
     * @return timestamp|null
     */
    public function nextRunDate($current_time='now')
    {
        $current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);

        $scheduleType = $this->determineScheduleType($this->schedule);

        switch ($scheduleType)
        {
            case 'time':
                return $this->findDateInterval($this->schedule, 'next', $current_time);
                break;
            case 'ordinal':
                return strtotime($this->schedule, $current_time);
                break;
            case 'increment':
                return strtotime($this->schedule, $current_time);
                break;
        }

        return null;
    }
    
    //--------------------------------------------------------------------

    /**
     * Calculates the last time the task should have ran.
     *
     * @param int|'now' $current_time
     *
     * @return timestamp|null
     */
    public function previousRunDate($current_time='now')
    {
        $current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);

        $scheduleType = $this->determineScheduleType($this->schedule);

        switch ($scheduleType)
        {
            case 'time':
                return $this->findDateInterval($this->schedule, 'prev', $current_time);
                break;
            case 'ordinal':
                return $this->findPreviousOrdinal($this->schedule, $current_time);
                break;
            case 'increment':
                return strtotime('-1 '. $this->schedule, $current_time);
                break;
        }

        return null;
    }

    //--------------------------------------------------------------------

    /**
     * Determines if the task is due to be run now.
     *
     * @param string $current_time
     * @internal param $ int|'now' $current_time
     *
     * @return bool
     */
    public function isDue($current_time='now')
    {
        $current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);

        // For easier matching, and I can't imagine people needing cronjob
        // accuracy to the seconds, we'll just take the current minute.
        return date('Y-m-d H:i', $current_time) == date('Y-m-d H:i', $this->nextRunDate($current_time) );
    }
    
    //--------------------------------------------------------------------

    /**
     * Formats the timestamp produced by nextRunDate and previousRunDate
     * into any format available to date.
     *
     * @param $format_string
     * @return bool|string
     */
    public function format($format_string)
    {
        return date($format_string, strtotime($this->schedule));
    }

    //--------------------------------------------------------------------

    /**
     * Gets the associated task.
     *
     * return callable|string
     */
    public function task()
    {
        return $this->task;
    }

    //--------------------------------------------------------------------

    /**
     * Gets the original schedule string.
     */
    public function schedule()
    {
        return $this->schedule;
    }

    //--------------------------------------------------------------------

    /**
     * Checks the schedule text and determines how we have to treat
     * the schedule when determining next and previous values.
     *
     * Potential Types are:
     *
     *  - increment         Can simply add a +x/-x to the front to get the value.
     *  - time              Something like "every 5 minutes"
     *  - ordinal           Like "first", "second", etc.
     *
     * @param $schedule
     * @return null|string
     */
    public function determineScheduleType($schedule)
    {
        $incs = ['sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'sun', 'mon', 'tue',
                'wed', 'thu', 'fri', 'sat', 'weekday', 'weekdays', 'midnight', 'noon'];
        $bigger_incs = [ 'back of', 'front of', 'first day of', 'last day of'];
        $ordinals = ['first', 'second', 'third', 'fourth', 'fifth', 'sixth', 'seventh', 'eighth', 'ninth', 'tenth', 'eleventh', 'twelfth'];
        $schedule = trim( strtolower($schedule) );

        $multiple_words = strpos($schedule, ' ');
        $first_word = substr($schedule, 0, $multiple_words ? $multiple_words : strlen($schedule));

        // Is the first character a number? Then it's a time
        if ( is_numeric( $first_word ) )
        {
            return 'time';
        }


        // First, try the shorter increments. We do increments in
        // two passes becuase this should be faster than the loop.
        if (in_array($first_word, $incs))
        {
            return 'increment';
        }

        // But we have to loop before checking ordinals since
        // ordinals may have same first word as these phrases.
        foreach ($bigger_incs as $test)
        {
            if (strpos($schedule, $test) === 0)
            {
                return 'increment';
            }
        }

        if (in_array($first_word, $ordinals))
        {
            return 'ordinal';
        }

        return null;
    }

    //--------------------------------------------------------------------

    /**
     * Determines the correct time for 'time' type intervals where
     * the timestamp is expected to happen every 'x period', like
     * 'every 5 minutes', every 3 days, etc.
     *
     * @param $schedule
     * @param $type
     * @return float|int|null
     */
    public function findDateInterval($schedule, $type, $current_time='now')
    {
        $current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);

//        list($int, $period) = explode(' ', $schedule);


        $diff = strtotime($schedule, $current_time) - $current_time;

        $return = null;

        switch ($type)
        {
            case 'next':
                $next = floor($current_time / $diff) * $diff;

                // Does next already match the current time?
                if (date('Y-m-d H:i', $next) == date('Y-m-d H:i', $current_time))
                {
                    $return = $next;
                }
                else {
                    $return = $next + $diff;
                }
                break;
            case 'prev':
                $next = ceil($current_time / $diff) * $diff;
                $return = $next - $diff;
                break;
        }

        if (is_numeric($return))
        {
            $return = (int)$return;
        }

        return $return;
    }

    //--------------------------------------------------------------------

    /**
     * Determines the timestamp of the previous ordinal-based time, like
     * 'second Monday'.
     *
     * @param $schedule
     * @param string $current_time
     * @return int|null
     */
    public function findPreviousOrdinal($schedule, $current_time='now')
    {
        $current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);

        if (empty($schedule)) return null;

        // Loop through months in reverse, checking each one to
        // see if the ordinal is in the past. If so - wer'e done.
        foreach ([0, -1, -2, -3, -4, -5, -6, -7, -8, -9, -10, -11, -12] as $i)
        {
            $lastmonth = strtotime("last day of {$i} month", $current_time);

            $test = strtotime($schedule, $lastmonth);

            if ($test <= $current_time)
            {
                return $test;
            }
        }

        return null;
    }

    //--------------------------------------------------------------------

}


GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

myth/Cron/CronTask.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php namespace Myth\Cron;
2		/**
3		* Sprint
4		*
5		* A set of power tools to enhance the CodeIgniter framework and provide consistent workflow.
6		*
7		* Permission is hereby granted, free of charge, to any person obtaining a copy
8		* of this software and associated documentation files (the "Software"), to deal
9		* in the Software without restriction, including without limitation the rights
10		* to use, copy, modify, merge, publish, distribute, sublicense, and/or sell
11		* copies of the Software, and to permit persons to whom the Software is
12		* furnished to do so, subject to the following conditions:
13		*
14		* The above copyright notice and this permission notice shall be included in
15		* all copies or substantial portions of the Software.
16		*
17		* THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, EXPRESS OR
18		* IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF MERCHANTABILITY,
19		* FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN NO EVENT SHALL THE
20		* AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM, DAMAGES OR OTHER
21		* LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR OTHERWISE, ARISING FROM,
22		* OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN
23		* THE SOFTWARE.
24		*
25		* @package Sprint
26		* @author Lonnie Ezell
27		* @copyright Copyright 2014-2015, New Myth Media, LLC (http://newmythmedia.com)
28		* @license http://opensource.org/licenses/MIT (MIT)
29		* @link http://sprintphp.com
30		* @since Version 1.0
31		*/
32
33		/**
34		* Class CronTask
35		*
36		* Represents a single scheduled item.
37		*
38		* Used by Myth\Cron\CronManager.
39		*
40		* Inspired by: https://github.com/mtdowling/cron-expression
41		*
42		* todo: Support time + string formats (like "3am second Friday")
43		*
44		* @package Myth\Cron
45		*/
46		class CronTask {
47
48		/**
49		* The original scheduled string.
50		* Any valid relative time string.
51		* http://php.net/manual/en/datetime.formats.relative.php
52		*
53		* @var
54		*/
55		protected $schedule;
56
57		/**
58		* Stores the callable or library name:method to run.
59		*
60		* @var
61		*/
62		protected $task;
63
64		//--------------------------------------------------------------------
65
66		/**
67		* Stores our scheduled string and actual task.
68		*
69		* @param $schedule
70		* @param callable $task
71		*/
72		public function __construct($schedule, $task)
73		{
74		$this->schedule = $schedule;
75
76		// If $task is not callable, it should be a library:method
77		// string that we can parse. But it must have the colon in the string.
78		if (! is_callable($task) && strpos($task, ':') === false)
79		{
80		throw new \RuntimeException( lang('cron.invalid_task') );
81		}
82
83		$this->task = $task;
84		}
85
86		//--------------------------------------------------------------------
87
88		/**
89		* Calculates the next date this task is supposed to run.
90		*
91		* @param int\|'now' $current_time
92		*
93		* @return timestamp\|null
94		*/
95	View Code Duplication	public function nextRunDate($current_time='now')
96		{
97		$current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);
98
99		$scheduleType = $this->determineScheduleType($this->schedule);
100
101		switch ($scheduleType)
102		{
103		case 'time':
104		return $this->findDateInterval($this->schedule, 'next', $current_time);
105		break;
106		case 'ordinal':
107		return strtotime($this->schedule, $current_time);
108		break;
109		case 'increment':
110		return strtotime($this->schedule, $current_time);
111		break;
112		}
113
114		return null;
115		}
116
117		//--------------------------------------------------------------------
118
119		/**
120		* Calculates the last time the task should have ran.
121		*
122		* @param int\|'now' $current_time
123		*
124		* @return timestamp\|null
125		*/
126	View Code Duplication	public function previousRunDate($current_time='now')
127		{
128		$current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);
129
130		$scheduleType = $this->determineScheduleType($this->schedule);
131
132		switch ($scheduleType)
133		{
134		case 'time':
135		return $this->findDateInterval($this->schedule, 'prev', $current_time);
136		break;
137		case 'ordinal':
138		return $this->findPreviousOrdinal($this->schedule, $current_time);
139		break;
140		case 'increment':
141		return strtotime('-1 '. $this->schedule, $current_time);
142		break;
143		}
144
145		return null;
146		}
147
148		//--------------------------------------------------------------------
149
150		/**
151		* Determines if the task is due to be run now.
152		*
153		* @param string $current_time
154		* @internal param $ int\|'now' $current_time
155		*
156		* @return bool
157		*/
158		public function isDue($current_time='now')
159		{
160		$current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);
161
162		// For easier matching, and I can't imagine people needing cronjob
163		// accuracy to the seconds, we'll just take the current minute.
164		return date('Y-m-d H:i', $current_time) == date('Y-m-d H:i', $this->nextRunDate($current_time) );
165		}
166
167		//--------------------------------------------------------------------
168
169		/**
170		* Formats the timestamp produced by nextRunDate and previousRunDate
171		* into any format available to date.
172		*
173		* @param $format_string
174		* @return bool\|string
175		*/
176		public function format($format_string)
177		{
178		return date($format_string, strtotime($this->schedule));
179		}
180
181		//--------------------------------------------------------------------
182
183		/**
184		* Gets the associated task.
185		*
186		* return callable\|string
187		*/
188		public function task()
189		{
190		return $this->task;
191		}
192
193		//--------------------------------------------------------------------
194
195		/**
196		* Gets the original schedule string.
197		*/
198		public function schedule()
199		{
200		return $this->schedule;
201		}
202
203		//--------------------------------------------------------------------
204
205		/**
206		* Checks the schedule text and determines how we have to treat
207		* the schedule when determining next and previous values.
208		*
209		* Potential Types are:
210		*
211		* - increment Can simply add a +x/-x to the front to get the value.
212		* - time Something like "every 5 minutes"
213		* - ordinal Like "first", "second", etc.
214		*
215		* @param $schedule
216		* @return null\|string
217		*/
218		public function determineScheduleType($schedule)
219		{
220		$incs = ['sunday', 'monday', 'tuesday', 'wednesday', 'thursday', 'friday', 'saturday', 'sun', 'mon', 'tue',
221		'wed', 'thu', 'fri', 'sat', 'weekday', 'weekdays', 'midnight', 'noon'];
222		$bigger_incs = [ 'back of', 'front of', 'first day of', 'last day of'];
223		$ordinals = ['first', 'second', 'third', 'fourth', 'fifth', 'sixth', 'seventh', 'eighth', 'ninth', 'tenth', 'eleventh', 'twelfth'];
224		$schedule = trim( strtolower($schedule) );
225
226		$multiple_words = strpos($schedule, ' ');
227		$first_word = substr($schedule, 0, $multiple_words ? $multiple_words : strlen($schedule));
228
229		// Is the first character a number? Then it's a time
230		if ( is_numeric( $first_word ) )
231		{
232		return 'time';
233		}
234
235
236		// First, try the shorter increments. We do increments in
237		// two passes becuase this should be faster than the loop.
238		if (in_array($first_word, $incs))
239		{
240		return 'increment';
241		}
242
243		// But we have to loop before checking ordinals since
244		// ordinals may have same first word as these phrases.
245		foreach ($bigger_incs as $test)
246		{
247		if (strpos($schedule, $test) === 0)
248		{
249		return 'increment';
250		}
251		}
252
253		if (in_array($first_word, $ordinals))
254		{
255		return 'ordinal';
256		}
257
258		return null;
259		}
260
261		//--------------------------------------------------------------------
262
263		/**
264		* Determines the correct time for 'time' type intervals where
265		* the timestamp is expected to happen every 'x period', like
266		* 'every 5 minutes', every 3 days, etc.
267		*
268		* @param $schedule
269		* @param $type
270		* @return float\|int\|null
271		*/
272		public function findDateInterval($schedule, $type, $current_time='now')
273		{
274		$current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);
275
276		// list($int, $period) = explode(' ', $schedule);
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-02-16 16:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this `64%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
277
278		$diff = strtotime($schedule, $current_time) - $current_time;
279
280		$return = null;
281
282		switch ($type)
283		{
284		case 'next':
285		$next = floor($current_time / $diff) * $diff;
286
287		// Does next already match the current time?
288		if (date('Y-m-d H:i', $next) == date('Y-m-d H:i', $current_time))
289		{
290		$return = $next;
291		}
292		else {
293		$return = $next + $diff;
294		}
295		break;
296		case 'prev':
297		$next = ceil($current_time / $diff) * $diff;
298		$return = $next - $diff;
299		break;
300		}
301
302		if (is_numeric($return))
303		{
304		$return = (int)$return;
305		}
306
307		return $return;
308		}
309
310		//--------------------------------------------------------------------
311
312		/**
313		* Determines the timestamp of the previous ordinal-based time, like
314		* 'second Monday'.
315		*
316		* @param $schedule
317		* @param string $current_time
318		* @return int\|null
319		*/
320		public function findPreviousOrdinal($schedule, $current_time='now')
321		{
322		$current_time = is_numeric($current_time) ? (int)$current_time : strtotime($current_time);
323
324		if (empty($schedule)) return null;
325
326		// Loop through months in reverse, checking each one to
327		// see if the ordinal is in the past. If so - wer'e done.
328		foreach ([0, -1, -2, -3, -4, -5, -6, -7, -8, -9, -10, -11, -12] as $i)
329		{
330		$lastmonth = strtotime("last day of {$i} month", $current_time);
331
332		$test = strtotime($schedule, $lastmonth);
333
334		if ($test <= $current_time)
335		{
336		return $test;
337		}
338		}
339
340		return null;
341		}
342
343		//--------------------------------------------------------------------
344
345		}
346

ci-bonfire / Sprint

GitHub Access Token became invalid

Issues (423)

Security Analysis not enabled

myth/Cron/CronTask.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like