Issues in ProcessUtils.php - All Issues - Inspection of "Failing test fixed by Annotated Command 2.10.2 upg..." - consolidation/robo - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( 061d1e...31cfb3 )

by Greg

created 2018-12-21 04:12 UTC

src/Common/ProcessUtils.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is derived from part of the Symfony package, which is
 * (c) Fabien Potencier <[email protected]>
 */

namespace Robo\Common;

use Symfony\Component\Process\Exception\InvalidArgumentException;

/**
 * ProcessUtils is a bunch of utility methods. We want to allow Robo 1.x
 * to work with Symfony 4.x while remaining backwards compatibility. This
 * requires us to replace some deprecated functionality removed in Symfony.
 */
class ProcessUtils
{
    /**
     * This class should not be instantiated.
     */
    private function __construct()
    {
    }

    /**
     * Escapes a string to be used as a shell argument.
     *
     * @param string $argument The argument that will be escaped
     *
     * @return string The escaped argument
     *
     * @deprecated since version 3.3, to be removed in 4.0. Use a command line array or give env vars to the `Process::start/run()` method instead.
     */
    public static function escapeArgument($argument)
    {
        @trigger_error('The '.__METHOD__.'() method is a copy of a method that was deprecated by Symfony 3.3 and removed in Symfony 4; it will be removed in Robo 2.0.', E_USER_DEPRECATED);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        //Fix for PHP bug #43784 escapeshellarg removes % from given string
        //Fix for PHP bug #49446 escapeshellarg doesn't work on Windows
        //@see https://bugs.php.net/bug.php?id=43784
        //@see https://bugs.php.net/bug.php?id=49446
        if ('\\' === DIRECTORY_SEPARATOR) {
            if ('' === $argument) {
                return escapeshellarg($argument);
            }

            $escapedArgument = '';
            $quote = false;
            foreach (preg_split('/(")/', $argument, -1, PREG_SPLIT_NO_EMPTY | PREG_SPLIT_DELIM_CAPTURE) as $part) {
                if ('"' === $part) {
                    $escapedArgument .= '\\"';
                } elseif (self::isSurroundedBy($part, '%')) {
                    // Avoid environment variable expansion
                    $escapedArgument .= '^%"'.substr($part, 1, -1).'"^%';
                } else {
                    // escape trailing backslash
                    if ('\\' === substr($part, -1)) {
                        $part .= '\\';
                    }
                    $quote = true;
                    $escapedArgument .= $part;
                }
            }
            if ($quote) {
                $escapedArgument = '"'.$escapedArgument.'"';
            }

            return $escapedArgument;
        }

        return "'".str_replace("'", "'\\''", $argument)."'";
    }

    private static function isSurroundedBy($arg, $char)
    {
        return 2 < strlen($arg) && $char === $arg[0] && $char === $arg[strlen($arg) - 1];
    }
}


1			<?php
2
3			/*
4			* This file is derived from part of the Symfony package, which is
5			* (c) Fabien Potencier <[email protected]>
6			*/
7
8			namespace Robo\Common;
9
10			use Symfony\Component\Process\Exception\InvalidArgumentException;
11
12			/**
13			* ProcessUtils is a bunch of utility methods. We want to allow Robo 1.x
14			* to work with Symfony 4.x while remaining backwards compatibility. This
15			* requires us to replace some deprecated functionality removed in Symfony.
16			*/
17			class ProcessUtils
18			{
19			/**
20			* This class should not be instantiated.
21			*/
22			private function __construct()
23			{
24			}
25
26			/**
27			* Escapes a string to be used as a shell argument.
28			*
29			* @param string $argument The argument that will be escaped
30			*
31			* @return string The escaped argument
32			*
33			* @deprecated since version 3.3, to be removed in 4.0. Use a command line array or give env vars to the `Process::start/run()` method instead.
34			*/
35			public static function escapeArgument($argument)
36			{
37			@trigger_error('The '.__METHOD__.'() method is a copy of a method that was deprecated by Symfony 3.3 and removed in Symfony 4; it will be removed in Robo 2.0.', E_USER_DEPRECATED);
			0 ignored issues – show Security Best Practice introduced 2017-12-11 21:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
38
39			//Fix for PHP bug #43784 escapeshellarg removes % from given string
40			//Fix for PHP bug #49446 escapeshellarg doesn't work on Windows
41			//@see https://bugs.php.net/bug.php?id=43784
42			//@see https://bugs.php.net/bug.php?id=49446
43			if ('\\' === DIRECTORY_SEPARATOR) {
44			if ('' === $argument) {
45			return escapeshellarg($argument);
46			}
47
48			$escapedArgument = '';
49			$quote = false;
50			foreach (preg_split('/(")/', $argument, -1, PREG_SPLIT_NO_EMPTY \| PREG_SPLIT_DELIM_CAPTURE) as $part) {
51			if ('"' === $part) {
52			$escapedArgument .= '\\"';
53			} elseif (self::isSurroundedBy($part, '%')) {
54			// Avoid environment variable expansion
55			$escapedArgument .= '^%"'.substr($part, 1, -1).'"^%';
56			} else {
57			// escape trailing backslash
58			if ('\\' === substr($part, -1)) {
59			$part .= '\\';
60			}
61			$quote = true;
62			$escapedArgument .= $part;
63			}
64			}
65			if ($quote) {
66			$escapedArgument = '"'.$escapedArgument.'"';
67			}
68
69			return $escapedArgument;
70			}
71
72			return "'".str_replace("'", "'\\''", $argument)."'";
73			}
74
75			private static function isSurroundedBy($arg, $char)
76			{
77			return 2 < strlen($arg) && $char === $arg[0] && $char === $arg[strlen($arg) - 1];
78			}
79			}
80

consolidation / robo

Push — master ( 061d1e...31cfb3 )

src/Common/ProcessUtils.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like