This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Robo; |
||
4 | |||
5 | use Symfony\Component\Console\ConsoleEvents; |
||
6 | use Symfony\Component\Console\Event\ConsoleCommandEvent; |
||
7 | use Symfony\Component\EventDispatcher\EventSubscriberInterface; |
||
8 | use Robo\Contract\ConfigAwareInterface; |
||
9 | use Robo\Common\ConfigAwareTrait; |
||
10 | use Robo\Config\GlobalOptionDefaultValuesInterface; |
||
11 | |||
12 | class GlobalOptionsEventListener implements EventSubscriberInterface, ConfigAwareInterface |
||
13 | { |
||
14 | use ConfigAwareTrait; |
||
15 | |||
16 | /** |
||
17 | * @var \Robo\Application |
||
18 | */ |
||
19 | protected $application; |
||
20 | |||
21 | /** |
||
22 | * @var string |
||
23 | */ |
||
24 | protected $prefix; |
||
25 | |||
26 | /** |
||
27 | * GlobalOptionsEventListener listener |
||
28 | */ |
||
29 | public function __construct() |
||
30 | { |
||
31 | $this->prefix = 'options'; |
||
32 | } |
||
33 | |||
34 | /** |
||
35 | * Add a reference to the Symfony Console application object. |
||
36 | * |
||
37 | * @param \Robo\Application $application |
||
38 | * |
||
39 | * @return $this |
||
40 | */ |
||
41 | public function setApplication($application) |
||
42 | { |
||
43 | $this->application = $application; |
||
44 | return $this; |
||
45 | } |
||
46 | |||
47 | /** |
||
48 | * Stipulate the prefix to use for option injection. |
||
49 | * |
||
50 | * @param string $prefix |
||
51 | * |
||
52 | * @return $this |
||
53 | */ |
||
54 | public function setGlobalOptionsPrefix($prefix) |
||
55 | { |
||
56 | $this->prefix = $prefix; |
||
57 | return $this; |
||
58 | } |
||
59 | |||
60 | /** |
||
61 | * {@inheritdoc} |
||
62 | */ |
||
63 | public static function getSubscribedEvents() |
||
64 | { |
||
65 | return [ConsoleEvents::COMMAND => 'handleCommandEvent']; |
||
66 | } |
||
67 | |||
68 | /** |
||
69 | * Run all of our individual operations when a command event is received. |
||
70 | */ |
||
71 | public function handleCommandEvent(ConsoleCommandEvent $event) |
||
72 | { |
||
73 | $this->setGlobalOptions($event); |
||
74 | $this->setConfigurationValues($event); |
||
75 | } |
||
76 | |||
77 | /** |
||
78 | * Before a Console command runs, examine the global |
||
79 | * commandline options from the event Input, and set |
||
80 | * configuration values as appropriate. |
||
81 | * |
||
82 | * @param \Symfony\Component\Console\Event\ConsoleCommandEvent $event |
||
83 | */ |
||
84 | public function setGlobalOptions(ConsoleCommandEvent $event) |
||
85 | { |
||
86 | $config = $this->getConfig(); |
||
87 | $input = $event->getInput(); |
||
88 | |||
89 | $globalOptions = $config->get($this->prefix, []); |
||
0 ignored issues
–
show
|
|||
90 | if ($config instanceof \Consolidation\Config\GlobalOptionDefaultValuesInterface) { |
||
91 | $globalOptions += $config->getGlobalOptionDefaultValues(); |
||
92 | } |
||
93 | |||
94 | $globalOptions += $this->applicationOptionDefaultValues(); |
||
95 | |||
96 | // Set any config value that has a defined global option (e.g. --simulate) |
||
97 | foreach ($globalOptions as $option => $default) { |
||
98 | $value = $input->hasOption($option) ? $input->getOption($option) : null; |
||
99 | // Unfortunately, the `?:` operator does not differentate between `0` and `null` |
||
100 | if (!isset($value)) { |
||
101 | $value = $default; |
||
102 | } |
||
103 | $config->set($this->prefix . '.' . $option, $value); |
||
104 | } |
||
105 | } |
||
106 | |||
107 | /** |
||
108 | * Examine the commandline --define / -D options, and apply the provided |
||
109 | * values to the active configuration. |
||
110 | * |
||
111 | * @param \Symfony\Component\Console\Event\ConsoleCommandEvent $event |
||
112 | */ |
||
113 | public function setConfigurationValues(ConsoleCommandEvent $event) |
||
114 | { |
||
115 | $config = $this->getConfig(); |
||
116 | $input = $event->getInput(); |
||
117 | |||
118 | // Also set any `-Dconfig.key=value` options from the commandline. |
||
119 | if ($input->hasOption('define')) { |
||
120 | $configDefinitions = $input->getOption('define'); |
||
121 | foreach ($configDefinitions as $value) { |
||
0 ignored issues
–
show
The expression
$configDefinitions of type string|array<integer,string>|boolean|null is not guaranteed to be traversable. How about adding an additional type check?
There are different options of fixing this problem.
Loading history...
|
|||
122 | list($key, $value) = $this->splitConfigKeyValue($value); |
||
123 | $config->set($key, $value); |
||
124 | } |
||
125 | } |
||
126 | } |
||
127 | |||
128 | /** |
||
129 | * Split up the key=value config setting into its component parts. If |
||
130 | * the input string contains no '=' character, then the value will be 'true'. |
||
131 | * |
||
132 | * @param string $value |
||
133 | * |
||
134 | * @return array |
||
135 | */ |
||
136 | protected function splitConfigKeyValue($value) |
||
137 | { |
||
138 | $parts = explode('=', $value, 2); |
||
139 | $parts[] = true; |
||
140 | return $parts; |
||
141 | } |
||
142 | |||
143 | /** |
||
144 | * Get default option values from the Symfony Console application, if |
||
145 | * it is available. |
||
146 | * |
||
147 | * @return array |
||
148 | */ |
||
149 | protected function applicationOptionDefaultValues() |
||
150 | { |
||
151 | if (!$this->application) { |
||
152 | return []; |
||
153 | } |
||
154 | |||
155 | $result = []; |
||
156 | foreach ($this->application->getDefinition()->getOptions() as $key => $option) { |
||
157 | $result[$key] = $option->acceptValue() ? $option->getDefault() : null; |
||
158 | } |
||
159 | return $result; |
||
160 | } |
||
161 | } |
||
162 |
It seems like the type of the argument is not accepted by the function/method which you are calling.
In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug.
We suggest to add an explicit type cast like in the following example: