Issues in ExecTrait.php (master) - Issues in master - consolidation/robo - Measure and Improve Code Quality continuously with Scrutinizer

Issues (569)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Common/ExecTrait.php (3 issues)

Labels

Severity

Matthew Grasmick 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Robo\Common;

use Robo\ResultData;
use Symfony\Component\Process\Process;

/**
 * Class ExecTrait
 * @package Robo\Common
 */
trait ExecTrait
{
    /**
     * @var bool
     */
    protected $background = false;

    /**
     * @var null|int
     */
    protected $timeout = null;

    /**
     * @var null|int
     */
    protected $idleTimeout = null;

    /**
     * @var null|array
     */
    protected $env = null;

    /**
     * @var Process
     */
    protected $process;

    /**
     * @var resource|string
     */
    protected $input;

    /**
     * @var boolean
     */
    protected $interactive = null;

    /**
     * @var bool
     */
    protected $isPrinted = true;

    /**
     * @var bool
     */
    protected $isMetadataPrinted = true;

    /**
     * @var string
     */
    protected $workingDirectory;

    /**
     * @return string
     */
    abstract public function getCommandDescription();

    /**
     * @see \Robo\Common\ProgressIndicatorAwareTrait
     * @see \Robo\Common\Timer
     */
    abstract protected function startTimer();

    /**
     * @see \Robo\Common\ProgressIndicatorAwareTrait
     * @see \Robo\Common\Timer
     */
    abstract protected function stopTimer();

    /**
     * @return null|float
     *
     * @see \Robo\Common\ProgressIndicatorAwareTrait
     * @see \Robo\Common\Timer
     */
    abstract protected function getExecutionTime();

    /**
     * @return bool
     *
     * @see \Robo\Common\TaskIO
     */
    abstract protected function hideTaskProgress();

    /**
     * @param bool $inProgress
     *
     * @see \Robo\Common\TaskIO
     */
    abstract protected function showTaskProgress($inProgress);

    /**
     * @param string $text
     * @param null|array $context
     *
     * @see \Robo\Common\TaskIO
     */
    abstract protected function printTaskInfo($text, $context = null);

    /**
     * @return bool
     *
     * @see \Robo\Common\VerbosityThresholdTrait
     */
    abstract public function verbosityMeetsThreshold();

    /**
     * @param string $message
     *
     * @see \Robo\Common\VerbosityThresholdTrait
     */
    abstract public function writeMessage($message);

    /**
     * Sets $this->interactive() based on posix_isatty().
     *
     * @return $this
     */
    public function detectInteractive()
    {
        // If the caller did not explicity set the 'interactive' mode,
        // and output should be produced by this task (verbosityMeetsThreshold),
        // then we will automatically set interactive mode based on whether
        // or not output was redirected when robo was executed.
        if (!isset($this->interactive) && function_exists('posix_isatty') && $this->verbosityMeetsThreshold()) {
            $this->interactive = posix_isatty(STDOUT);
        }

        return $this;
    }

    /**
     * Executes command in background mode (asynchronously)
     *
     * @param bool $arg
     *
     * @return $this
     */
    public function background($arg = true)
    {
        $this->background = $arg;
        return $this;
    }

    /**
     * Stop command if it runs longer then $timeout in seconds
     *
     * @param int $timeout
     *
     * @return $this
     */
    public function timeout($timeout)
    {
        $this->timeout = $timeout;
        return $this;
    }

    /**
     * Stops command if it does not output something for a while
     *
     * @param int $timeout
     *
     * @return $this
     */
    public function idleTimeout($timeout)
    {
        $this->idleTimeout = $timeout;
        return $this;
    }

    /**
     * Set a single environment variable, or multiple.
     *
     * @param string|array $env
     * @param bool|string $value
     *
     * @return $this
     */
    public function env($env, $value = null)
    {
        if (!is_array($env)) {
            $env = [$env => ($value ? $value : true)];
        }
        return $this->envVars($env);
    }

    /**
     * Sets the environment variables for the command
     *
     * @param array $env
     *
     * @return $this
     */
    public function envVars(array $env)
    {
        $this->env = $this->env ? $env + $this->env : $env;
        return $this;
    }

    /**
     * Pass an input to the process. Can be resource created with fopen() or string
     *
     * @param resource|string $input
     *
     * @return $this
     */
    public function setInput($input)
    {
        $this->input = $input;
        return $this;
    }

    /**
     * Attach tty to process for interactive input
     *
     * @param bool $interactive
     *
     * @return $this
     */
    public function interactive($interactive = true)
    {
        $this->interactive = $interactive;
        return $this;
    }


    /**
     * Is command printing its output to screen
     *
     * @return bool
     */
    public function getPrinted()
    {
        return $this->isPrinted;
    }

    /**
     * Changes working directory of command
     *
     * @param string $dir
     *
     * @return $this
     */
    public function dir($dir)
    {
        $this->workingDirectory = $dir;
        return $this;
    }

    /**
     * Shortcut for setting isPrinted() and isMetadataPrinted() to false.
     *
     * @param bool $arg
     *
     * @return $this
     */
    public function silent($arg)
    {
        if (is_bool($arg)) {
            $this->isPrinted = !$arg;
            $this->isMetadataPrinted = !$arg;
        }
        return $this;
    }

    /**
     * Should command output be printed
     *
     * @param bool $arg
     *
     * @return $this
     *
     * @deprecated
     */
    public function printed($arg)
    {
        $this->logger->warning("printed() is deprecated. Please use printOutput().");
class MyClass { }

$x = new MyClass();
$x->foo = true;
        return $this->printOutput($arg);
    }

    /**
     * Should command output be printed
     *
     * @param bool $arg
     *
     * @return $this
     */
    public function printOutput($arg)
    {
        if (is_bool($arg)) {
            $this->isPrinted = $arg;
        }
        return $this;
    }

    /**
     * Should command metadata be printed. I,e., command and timer.
     *
     * @param bool $arg
     *
     * @return $this
     */
    public function printMetadata($arg)
    {
        if (is_bool($arg)) {
            $this->isMetadataPrinted = $arg;
        }
        return $this;
    }

    /**
     * @param \Symfony\Component\Process\Process $process
     * @param callable $output_callback
     *
     * @return \Robo\ResultData
     */
    protected function execute($process, $output_callback = null)
    {
        $this->process = $process;

        if (!$output_callback) {
            $output_callback = function ($type, $buffer) {
                $progressWasVisible = $this->hideTaskProgress();
                $this->writeMessage($buffer);
                $this->showTaskProgress($progressWasVisible);
            };
        }

        $this->detectInteractive();

        if ($this->isMetadataPrinted) {
            $this->printAction();
        }
        $this->process->setTimeout($this->timeout);
        $this->process->setIdleTimeout($this->idleTimeout);
        if ($this->workingDirectory) {
            $this->process->setWorkingDirectory($this->workingDirectory);
        }
        if ($this->input) {
            $this->process->setInput($this->input);
        }

        if ($this->interactive && $this->isPrinted) {
            $this->process->setTty(true);
        }

        if (isset($this->env)) {
            // Symfony 4 will inherit environment variables by default, but until
            // then, manually ensure they are inherited.
            if (method_exists($this->process, 'inheritEnvironmentVariables')) {
                $this->process->inheritEnvironmentVariables();
            }
            $this->process->setEnv($this->env);
        }

        if (!$this->background && !$this->isPrinted) {

            $this->startTimer();
            $this->process->run();
            $this->stopTimer();
            $output = rtrim($this->process->getOutput());
            return new ResultData(
                $this->process->getExitCode(),
                $output,
                $this->getResultData()
            );
        }

        if (!$this->background && $this->isPrinted) {

            $this->startTimer();
            $this->process->run($output_callback);
            $this->stopTimer();
            return new ResultData(
                $this->process->getExitCode(),
                $this->process->getOutput(),
                $this->getResultData()
            );
        }

        try {
            $this->process->start();
        } catch (\Exception $e) {
            return new ResultData(
                $this->process->getExitCode(),
                $e->getMessage(),
                $this->getResultData()
            );
        }
        return new ResultData($this->process->getExitCode());
    }

    protected function stop()
    {
        if ($this->background && isset($this->process) && $this->process->isRunning()) {
            $this->process->stop();
            $this->printTaskInfo(
                "Stopped {command}",
                ['command' => $this->getCommandDescription()]
            );
        }
    }

    /**
     * @param array $context
     */
    protected function printAction($context = [])
    {
        $command = $this->getCommandDescription();
        $formatted_command = $this->formatCommandDisplay($command);

        $dir = $this->workingDirectory ? " in {dir}" : "";
        $this->printTaskInfo("Running {command}$dir", [
                'command' => $formatted_command,
                'dir' => $this->workingDirectory
            ] + $context);
    }

    /**
     * @param string $command
     *
     * @return string
     */
    protected function formatCommandDisplay($command)
    {
        $formatted_command = str_replace("&&", "&&\n", $command);
        $formatted_command = str_replace("||", "||\n", $formatted_command);

        return $formatted_command;
    }

    /**
     * Gets the data array to be passed to Result().
     *
     * @return array
     *   The data array passed to Result().
     */
    protected function getResultData()
    {
        if ($this->isMetadataPrinted) {
            return ['time' => $this->getExecutionTime()];
        }

        return [];
    }
}


1		<?php
2
3		namespace Robo\Common;
4
5		use Robo\ResultData;
6		use Symfony\Component\Process\Process;
7
8		/**
9		* Class ExecTrait
10		* @package Robo\Common
11		*/
12		trait ExecTrait
13		{
14		/**
15		* @var bool
16		*/
17		protected $background = false;
18
19		/**
20		* @var null\|int
21		*/
22		protected $timeout = null;
23
24		/**
25		* @var null\|int
26		*/
27		protected $idleTimeout = null;
28
29		/**
30		* @var null\|array
31		*/
32		protected $env = null;
33
34		/**
35		* @var Process
36		*/
37		protected $process;
38
39		/**
40		* @var resource\|string
41		*/
42		protected $input;
43
44		/**
45		* @var boolean
46		*/
47		protected $interactive = null;
48
49		/**
50		* @var bool
51		*/
52		protected $isPrinted = true;
53
54		/**
55		* @var bool
56		*/
57		protected $isMetadataPrinted = true;
58
59		/**
60		* @var string
61		*/
62		protected $workingDirectory;
63
64		/**
65		* @return string
66		*/
67		abstract public function getCommandDescription();
68
69		/**
70		* @see \Robo\Common\ProgressIndicatorAwareTrait
71		* @see \Robo\Common\Timer
72		*/
73		abstract protected function startTimer();
74
75		/**
76		* @see \Robo\Common\ProgressIndicatorAwareTrait
77		* @see \Robo\Common\Timer
78		*/
79		abstract protected function stopTimer();
80
81		/**
82		* @return null\|float
83		*
84		* @see \Robo\Common\ProgressIndicatorAwareTrait
85		* @see \Robo\Common\Timer
86		*/
87		abstract protected function getExecutionTime();
88
89		/**
90		* @return bool
91		*
92		* @see \Robo\Common\TaskIO
93		*/
94		abstract protected function hideTaskProgress();
95
96		/**
97		* @param bool $inProgress
98		*
99		* @see \Robo\Common\TaskIO
100		*/
101		abstract protected function showTaskProgress($inProgress);
102
103		/**
104		* @param string $text
105		* @param null\|array $context
106		*
107		* @see \Robo\Common\TaskIO
108		*/
109		abstract protected function printTaskInfo($text, $context = null);
110
111		/**
112		* @return bool
113		*
114		* @see \Robo\Common\VerbosityThresholdTrait
115		*/
116		abstract public function verbosityMeetsThreshold();
117
118		/**
119		* @param string $message
120		*
121		* @see \Robo\Common\VerbosityThresholdTrait
122		*/
123		abstract public function writeMessage($message);
124
125		/**
126		* Sets $this->interactive() based on posix_isatty().
127		*
128		* @return $this
129		*/
130		public function detectInteractive()
131		{
132		// If the caller did not explicity set the 'interactive' mode,
133		// and output should be produced by this task (verbosityMeetsThreshold),
134		// then we will automatically set interactive mode based on whether
135		// or not output was redirected when robo was executed.
136		if (!isset($this->interactive) && function_exists('posix_isatty') && $this->verbosityMeetsThreshold()) {
137		$this->interactive = posix_isatty(STDOUT);
138		}
139
140		return $this;
141		}
142
143		/**
144		* Executes command in background mode (asynchronously)
145		*
146		* @param bool $arg
147		*
148		* @return $this
149		*/
150		public function background($arg = true)
151		{
152		$this->background = $arg;
153		return $this;
154		}
155
156		/**
157		* Stop command if it runs longer then $timeout in seconds
158		*
159		* @param int $timeout
160		*
161		* @return $this
162		*/
163		public function timeout($timeout)
164		{
165		$this->timeout = $timeout;
166		return $this;
167		}
168
169		/**
170		* Stops command if it does not output something for a while
171		*
172		* @param int $timeout
173		*
174		* @return $this
175		*/
176		public function idleTimeout($timeout)
177		{
178		$this->idleTimeout = $timeout;
179		return $this;
180		}
181
182		/**
183		* Set a single environment variable, or multiple.
184		*
185		* @param string\|array $env
186		* @param bool\|string $value
187		*
188		* @return $this
189		*/
190		public function env($env, $value = null)
191		{
192		if (!is_array($env)) {
193		$env = [$env => ($value ? $value : true)];
194		}
195		return $this->envVars($env);
196		}
197
198		/**
199		* Sets the environment variables for the command
200		*
201		* @param array $env
202		*
203		* @return $this
204		*/
205		public function envVars(array $env)
206		{
207		$this->env = $this->env ? $env + $this->env : $env;
208		return $this;
209		}
210
211		/**
212		* Pass an input to the process. Can be resource created with fopen() or string
213		*
214		* @param resource\|string $input
215		*
216		* @return $this
217		*/
218		public function setInput($input)
219		{
220		$this->input = $input;
221		return $this;
222		}
223
224		/**
225		* Attach tty to process for interactive input
226		*
227		* @param bool $interactive
228		*
229		* @return $this
230		*/
231		public function interactive($interactive = true)
232		{
233		$this->interactive = $interactive;
234		return $this;
235		}
236
237
238		/**
239		* Is command printing its output to screen
240		*
241		* @return bool
242		*/
243		public function getPrinted()
244		{
245		return $this->isPrinted;
246		}
247
248		/**
249		* Changes working directory of command
250		*
251		* @param string $dir
252		*
253		* @return $this
254		*/
255		public function dir($dir)
256		{
257		$this->workingDirectory = $dir;
258		return $this;
259		}
260
261		/**
262		* Shortcut for setting isPrinted() and isMetadataPrinted() to false.
263		*
264		* @param bool $arg
265		*
266		* @return $this
267		*/
268		public function silent($arg)
269		{
270		if (is_bool($arg)) {
271		$this->isPrinted = !$arg;
272		$this->isMetadataPrinted = !$arg;
273		}
274		return $this;
275		}
276
277		/**
278		* Should command output be printed
279		*
280		* @param bool $arg
281		*
282		* @return $this
283		*
284		* @deprecated
285		*/
286		public function printed($arg)
287		{
288		$this->logger->warning("printed() is deprecated. Please use printOutput().");
		0 ignored issues – show Bug introduced 2017-01-26 15:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `logger` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
289		return $this->printOutput($arg);
290		}
291
292		/**
293		* Should command output be printed
294		*
295		* @param bool $arg
296		*
297		* @return $this
298		*/
299		public function printOutput($arg)
300		{
301		if (is_bool($arg)) {
302		$this->isPrinted = $arg;
303		}
304		return $this;
305		}
306
307		/**
308		* Should command metadata be printed. I,e., command and timer.
309		*
310		* @param bool $arg
311		*
312		* @return $this
313		*/
314		public function printMetadata($arg)
315		{
316		if (is_bool($arg)) {
317		$this->isMetadataPrinted = $arg;
318		}
319		return $this;
320		}
321
322		/**
323		* @param \Symfony\Component\Process\Process $process
324		* @param callable $output_callback
325		*
326		* @return \Robo\ResultData
327		*/
328		protected function execute($process, $output_callback = null)
329		{
330		$this->process = $process;
331
332		if (!$output_callback) {
333		$output_callback = function ($type, $buffer) {
334		$progressWasVisible = $this->hideTaskProgress();
335		$this->writeMessage($buffer);
336		$this->showTaskProgress($progressWasVisible);
337		};
338		}
339
340		$this->detectInteractive();
341
342		if ($this->isMetadataPrinted) {
343		$this->printAction();
344		}
345		$this->process->setTimeout($this->timeout);
346		$this->process->setIdleTimeout($this->idleTimeout);
347		if ($this->workingDirectory) {
348		$this->process->setWorkingDirectory($this->workingDirectory);
349		}
350		if ($this->input) {
351		$this->process->setInput($this->input);
352		}
353
354		if ($this->interactive && $this->isPrinted) {
355		$this->process->setTty(true);
356		}
357
358		if (isset($this->env)) {
359		// Symfony 4 will inherit environment variables by default, but until
360		// then, manually ensure they are inherited.
361		if (method_exists($this->process, 'inheritEnvironmentVariables')) {
362		$this->process->inheritEnvironmentVariables();
363		}
364		$this->process->setEnv($this->env);
365		}
366
367	View Code Duplication	if (!$this->background && !$this->isPrinted) {
		0 ignored issues – show Duplication introduced 2017-01-25 22:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
368		$this->startTimer();
369		$this->process->run();
370		$this->stopTimer();
371		$output = rtrim($this->process->getOutput());
372		return new ResultData(
373		$this->process->getExitCode(),
374		$output,
375		$this->getResultData()
376		);
377		}
378
379	View Code Duplication	if (!$this->background && $this->isPrinted) {
		0 ignored issues – show Duplication introduced 2017-01-25 22:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
380		$this->startTimer();
381		$this->process->run($output_callback);
382		$this->stopTimer();
383		return new ResultData(
384		$this->process->getExitCode(),
385		$this->process->getOutput(),
386		$this->getResultData()
387		);
388		}
389
390		try {
391		$this->process->start();
392		} catch (\Exception $e) {
393		return new ResultData(
394		$this->process->getExitCode(),
395		$e->getMessage(),
396		$this->getResultData()
397		);
398		}
399		return new ResultData($this->process->getExitCode());
400		}
401
402		protected function stop()
403		{
404		if ($this->background && isset($this->process) && $this->process->isRunning()) {
405		$this->process->stop();
406		$this->printTaskInfo(
407		"Stopped {command}",
408		['command' => $this->getCommandDescription()]
409		);
410		}
411		}
412
413		/**
414		* @param array $context
415		*/
416		protected function printAction($context = [])
417		{
418		$command = $this->getCommandDescription();
419		$formatted_command = $this->formatCommandDisplay($command);
420
421		$dir = $this->workingDirectory ? " in {dir}" : "";
422		$this->printTaskInfo("Running {command}$dir", [
423		'command' => $formatted_command,
424		'dir' => $this->workingDirectory
425		] + $context);
426		}
427
428		/**
429		* @param string $command
430		*
431		* @return string
432		*/
433		protected function formatCommandDisplay($command)
434		{
435		$formatted_command = str_replace("&&", "&&\n", $command);
436		$formatted_command = str_replace("\|\|", "\|\|\n", $formatted_command);
437
438		return $formatted_command;
439		}
440
441		/**
442		* Gets the data array to be passed to Result().
443		*
444		* @return array
445		* The data array passed to Result().
446		*/
447		protected function getResultData()
448		{
449		if ($this->isMetadataPrinted) {
450		return ['time' => $this->getExecutionTime()];
451		}
452
453		return [];
454		}
455		}
456

consolidation / robo

Issues (569)

Security Analysis not enabled

src/Common/ExecTrait.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like