Issues in Rsync.php (master) - Issues in master - consolidation/robo - Measure and Improve Code Quality continuously with Scrutinizer

Issues (569)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Task/Remote/Rsync.php (1 issue)

Labels

Severity

Minor 1

Peter Gasser 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Robo\Task\Remote;

use Robo\Contract\CommandInterface;
use Robo\Task\BaseTask;
use Robo\Exception\TaskException;

/**
 * Executes rsync in a flexible manner.
 *
 * ``` php
 * $this->taskRsync()
 *   ->fromPath('src/')
 *   ->toHost('localhost')
 *   ->toUser('dev')
 *   ->toPath('/var/www/html/app/')
 *   ->remoteShell('ssh -i public_key')
 *   ->recursive()
 *   ->excludeVcs()
 *   ->checksum()
 *   ->wholeFile()
 *   ->verbose()
 *   ->progress()
 *   ->humanReadable()
 *   ->stats()
 *   ->run();
 * ```
 *
 * You could also clone the task and do a dry-run first:
 *
 * ``` php
 * $rsync = $this->taskRsync()
 *   ->fromPath('src/')
 *   ->toPath('example.com:/var/www/html/app/')
 *   ->archive()
 *   ->excludeVcs()
 *   ->progress()
 *   ->stats();
 *
 * $dryRun = clone $rsync;
 * $dryRun->dryRun()->run();
 * if ('y' === $this->ask('Do you want to run (y/n)')) {
 *   $rsync->run();
 * }
 * ```
 */
class Rsync extends BaseTask implements CommandInterface
{
    use \Robo\Common\ExecOneCommand;

    /**
     * @var string
     */
    protected $command;

    /**
     * @var string
     */
    protected $fromUser;

    /**
     * @var string
     */
    protected $fromHost;

    /**
     * @var string
     */
    protected $fromPath;

    /**
     * @var string
     */
    protected $toUser;

    /**
     * @var string
     */
    protected $toHost;

    /**
     * @var string
     */
    protected $toPath;

    /**
     * @return static
     */
    public static function init()
    {
        return new static();
    }

    public function __construct()
    {
        $this->command = 'rsync';
    }

    /**
     * This can either be a full rsync path spec (user@host:path) or just a path.
     * In case of the former do not specify host and user.
     *
     * @param string|array $path
     *
     * @return $this
     */
    public function fromPath($path)
    {
        $this->fromPath = $path;
class Id
{
    public $id;

    public function __construct($id)
    {
        $this->id = $id;
    }

}

class Account
{
    /** @var  Id $id */
    public $id;
}

$account_id = false;

if (starsAreRight()) {
    $account_id = new Id(42);
}

$account = new Account();
if ($account instanceof Id)
{
    $account->id = $account_id;
}

        return $this;
    }

    /**
     * This can either be a full rsync path spec (user@host:path) or just a path.
     * In case of the former do not specify host and user.
     *
     * @param string $path
     *
     * @return $this
     */
    public function toPath($path)
    {
        $this->toPath = $path;

        return $this;
    }

    /**
     * @param string $fromUser
     *
     * @return $this
     */
    public function fromUser($fromUser)
    {
        $this->fromUser = $fromUser;
        return $this;
    }

    /**
     * @param string $fromHost
     *
     * @return $this
     */
    public function fromHost($fromHost)
    {
        $this->fromHost = $fromHost;
        return $this;
    }

    /**
     * @param string $toUser
     *
     * @return $this
     */
    public function toUser($toUser)
    {
        $this->toUser = $toUser;
        return $this;
    }

    /**
     * @param string $toHost
     *
     * @return $this
     */
    public function toHost($toHost)
    {
        $this->toHost = $toHost;
        return $this;
    }

    /**
     * @return $this
     */
    public function progress()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function stats()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function recursive()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function verbose()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function checksum()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function archive()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function compress()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function owner()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function group()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function times()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @return $this
     */
    public function delete()
    {
        $this->option(__FUNCTION__);

        return $this;
    }

    /**
     * @param int $seconds
     *
     * @return $this
     */
    public function timeout($seconds)
    {
        $this->option(__FUNCTION__, $seconds);

        return $this;
    }

    /**
     * @return $this
     */
    public function humanReadable()
    {
        $this->option('human-readable');

        return $this;
    }

    /**
     * @return $this
     */
    public function wholeFile()
    {
        $this->option('whole-file');

        return $this;
    }

    /**
     * @return $this
     */
    public function dryRun()
    {
        $this->option('dry-run');

        return $this;
    }

    /**
     * @return $this
     */
    public function itemizeChanges()
    {
        $this->option('itemize-changes');

        return $this;
    }

    /**
     * Excludes .git, .svn and .hg items at any depth.
     *
     * @return $this
     */
    public function excludeVcs()
    {
        return $this->exclude([
            '.git',
            '.svn',
            '.hg',
        ]);
    }

    /**
     * @param array|string $pattern
     *
     * @return $this
     */
    public function exclude($pattern)
    {
        return $this->optionList(__FUNCTION__, $pattern);
    }

    /**
     * @param string $file
     *
     * @return $this
     *
     * @throws \Robo\Exception\TaskException
     */
    public function excludeFrom($file)
    {
        if (!is_readable($file)) {
            throw new TaskException($this, "Exclude file $file is not readable");
        }

        return $this->option('exclude-from', $file);
    }

    /**
     * @param array|string $pattern
     *
     * @return $this
     */
    public function includeFilter($pattern)
    {
        return $this->optionList('include', $pattern);
    }

    /**
     * @param array|string $pattern
     *
     * @return $this
     */
    public function filter($pattern)
    {
        return $this->optionList(__FUNCTION__, $pattern);
    }

    /**
     * @param string $file
     *
     * @return $this
     *
     * @throws \Robo\Exception\TaskException
     */
    public function filesFrom($file)
    {
        if (!is_readable($file)) {
            throw new TaskException($this, "Files-from file $file is not readable");
        }

        return $this->option('files-from', $file);
    }

    /**
     * @param string $command
     *
     * @return $this
     */
    public function remoteShell($command)
    {
        $this->option('rsh', "$command");

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function run()
    {
        $command = $this->getCommand();

        return $this->executeCommand($command);
    }

    /**
     * Returns command that can be executed.
     * This method is used to pass generated command from one task to another.
     *
     * @return string
     */
    public function getCommand()
    {
        foreach ((array)$this->fromPath as $from) {
            $this->option(null, $this->getFromPathSpec($from));
        }
        $this->option(null, $this->getToPathSpec());

        return $this->command . $this->arguments;
    }

    /**
     * @param string $from
     *
     * @return string
     */
    protected function getFromPathSpec($from)
    {
        return $this->getPathSpec($this->fromHost, $this->fromUser, $from);
    }

    /**
     * @return string
     */
    protected function getToPathSpec()
    {
        return $this->getPathSpec($this->toHost, $this->toUser, $this->toPath);
    }

    /**
     * @param string $host
     * @param string $user
     * @param string $path
     *
     * @return string
     */
    protected function getPathSpec($host, $user, $path)
    {
        $spec = isset($path) ? $path : '';
        if (!empty($host)) {
            $spec = "{$host}:{$spec}";
        }
        if (!empty($user)) {
            $spec = "{$user}@{$spec}";
        }

        return $spec;
    }
}


1			<?php
2
3			namespace Robo\Task\Remote;
4
5			use Robo\Contract\CommandInterface;
6			use Robo\Task\BaseTask;
7			use Robo\Exception\TaskException;
8
9			/**
10			* Executes rsync in a flexible manner.
11			*
12			* ``` php
13			* $this->taskRsync()
14			* ->fromPath('src/')
15			* ->toHost('localhost')
16			* ->toUser('dev')
17			* ->toPath('/var/www/html/app/')
18			* ->remoteShell('ssh -i public_key')
19			* ->recursive()
20			* ->excludeVcs()
21			* ->checksum()
22			* ->wholeFile()
23			* ->verbose()
24			* ->progress()
25			* ->humanReadable()
26			* ->stats()
27			* ->run();
28			* ```
29			*
30			* You could also clone the task and do a dry-run first:
31			*
32			* ``` php
33			* $rsync = $this->taskRsync()
34			* ->fromPath('src/')
35			* ->toPath('example.com:/var/www/html/app/')
36			* ->archive()
37			* ->excludeVcs()
38			* ->progress()
39			* ->stats();
40			*
41			* $dryRun = clone $rsync;
42			* $dryRun->dryRun()->run();
43			* if ('y' === $this->ask('Do you want to run (y/n)')) {
44			* $rsync->run();
45			* }
46			* ```
47			*/
48			class Rsync extends BaseTask implements CommandInterface
49			{
50			use \Robo\Common\ExecOneCommand;
51
52			/**
53			* @var string
54			*/
55			protected $command;
56
57			/**
58			* @var string
59			*/
60			protected $fromUser;
61
62			/**
63			* @var string
64			*/
65			protected $fromHost;
66
67			/**
68			* @var string
69			*/
70			protected $fromPath;
71
72			/**
73			* @var string
74			*/
75			protected $toUser;
76
77			/**
78			* @var string
79			*/
80			protected $toHost;
81
82			/**
83			* @var string
84			*/
85			protected $toPath;
86
87			/**
88			* @return static
89			*/
90			public static function init()
91			{
92			return new static();
93			}
94
95			public function __construct()
96			{
97			$this->command = 'rsync';
98			}
99
100			/**
101			* This can either be a full rsync path spec (user@host:path) or just a path.
102			* In case of the former do not specify host and user.
103			*
104			* @param string\|array $path
105			*
106			* @return $this
107			*/
108			public function fromPath($path)
109			{
110			$this->fromPath = $path;
			0 ignored issues – show Documentation Bug introduced 2016-11-15 00:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$path` can also be of type `array`. However, the property `$fromPath` is declared as type `string`. Maybe add an additional type check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a mixed type is assigned to a property that is type hinted more strictly. For example, imagine you have a variable `$accountId` that can either hold an Id object or false (if there is no account id yet). Your code now assigns that value to the `id` property of an instance of the `Account` class. This class holds a proper account, so the id value must no longer be false. Either this assignment is in error or a type check should be added for that assignment. class Id { public $id; public function __construct($id) { $this->id = $id; } } class Account { /** @var Id $id */ public $id; } $account_id = false; if (starsAreRight()) { $account_id = new Id(42); } $account = new Account(); if ($account instanceof Id) { $account->id = $account_id; } Loading history...
111
112			return $this;
113			}
114
115			/**
116			* This can either be a full rsync path spec (user@host:path) or just a path.
117			* In case of the former do not specify host and user.
118			*
119			* @param string $path
120			*
121			* @return $this
122			*/
123			public function toPath($path)
124			{
125			$this->toPath = $path;
126
127			return $this;
128			}
129
130			/**
131			* @param string $fromUser
132			*
133			* @return $this
134			*/
135			public function fromUser($fromUser)
136			{
137			$this->fromUser = $fromUser;
138			return $this;
139			}
140
141			/**
142			* @param string $fromHost
143			*
144			* @return $this
145			*/
146			public function fromHost($fromHost)
147			{
148			$this->fromHost = $fromHost;
149			return $this;
150			}
151
152			/**
153			* @param string $toUser
154			*
155			* @return $this
156			*/
157			public function toUser($toUser)
158			{
159			$this->toUser = $toUser;
160			return $this;
161			}
162
163			/**
164			* @param string $toHost
165			*
166			* @return $this
167			*/
168			public function toHost($toHost)
169			{
170			$this->toHost = $toHost;
171			return $this;
172			}
173
174			/**
175			* @return $this
176			*/
177			public function progress()
178			{
179			$this->option(__FUNCTION__);
180
181			return $this;
182			}
183
184			/**
185			* @return $this
186			*/
187			public function stats()
188			{
189			$this->option(__FUNCTION__);
190
191			return $this;
192			}
193
194			/**
195			* @return $this
196			*/
197			public function recursive()
198			{
199			$this->option(__FUNCTION__);
200
201			return $this;
202			}
203
204			/**
205			* @return $this
206			*/
207			public function verbose()
208			{
209			$this->option(__FUNCTION__);
210
211			return $this;
212			}
213
214			/**
215			* @return $this
216			*/
217			public function checksum()
218			{
219			$this->option(__FUNCTION__);
220
221			return $this;
222			}
223
224			/**
225			* @return $this
226			*/
227			public function archive()
228			{
229			$this->option(__FUNCTION__);
230
231			return $this;
232			}
233
234			/**
235			* @return $this
236			*/
237			public function compress()
238			{
239			$this->option(__FUNCTION__);
240
241			return $this;
242			}
243
244			/**
245			* @return $this
246			*/
247			public function owner()
248			{
249			$this->option(__FUNCTION__);
250
251			return $this;
252			}
253
254			/**
255			* @return $this
256			*/
257			public function group()
258			{
259			$this->option(__FUNCTION__);
260
261			return $this;
262			}
263
264			/**
265			* @return $this
266			*/
267			public function times()
268			{
269			$this->option(__FUNCTION__);
270
271			return $this;
272			}
273
274			/**
275			* @return $this
276			*/
277			public function delete()
278			{
279			$this->option(__FUNCTION__);
280
281			return $this;
282			}
283
284			/**
285			* @param int $seconds
286			*
287			* @return $this
288			*/
289			public function timeout($seconds)
290			{
291			$this->option(__FUNCTION__, $seconds);
292
293			return $this;
294			}
295
296			/**
297			* @return $this
298			*/
299			public function humanReadable()
300			{
301			$this->option('human-readable');
302
303			return $this;
304			}
305
306			/**
307			* @return $this
308			*/
309			public function wholeFile()
310			{
311			$this->option('whole-file');
312
313			return $this;
314			}
315
316			/**
317			* @return $this
318			*/
319			public function dryRun()
320			{
321			$this->option('dry-run');
322
323			return $this;
324			}
325
326			/**
327			* @return $this
328			*/
329			public function itemizeChanges()
330			{
331			$this->option('itemize-changes');
332
333			return $this;
334			}
335
336			/**
337			* Excludes .git, .svn and .hg items at any depth.
338			*
339			* @return $this
340			*/
341			public function excludeVcs()
342			{
343			return $this->exclude([
344			'.git',
345			'.svn',
346			'.hg',
347			]);
348			}
349
350			/**
351			* @param array\|string $pattern
352			*
353			* @return $this
354			*/
355			public function exclude($pattern)
356			{
357			return $this->optionList(__FUNCTION__, $pattern);
358			}
359
360			/**
361			* @param string $file
362			*
363			* @return $this
364			*
365			* @throws \Robo\Exception\TaskException
366			*/
367			public function excludeFrom($file)
368			{
369			if (!is_readable($file)) {
370			throw new TaskException($this, "Exclude file $file is not readable");
371			}
372
373			return $this->option('exclude-from', $file);
374			}
375
376			/**
377			* @param array\|string $pattern
378			*
379			* @return $this
380			*/
381			public function includeFilter($pattern)
382			{
383			return $this->optionList('include', $pattern);
384			}
385
386			/**
387			* @param array\|string $pattern
388			*
389			* @return $this
390			*/
391			public function filter($pattern)
392			{
393			return $this->optionList(__FUNCTION__, $pattern);
394			}
395
396			/**
397			* @param string $file
398			*
399			* @return $this
400			*
401			* @throws \Robo\Exception\TaskException
402			*/
403			public function filesFrom($file)
404			{
405			if (!is_readable($file)) {
406			throw new TaskException($this, "Files-from file $file is not readable");
407			}
408
409			return $this->option('files-from', $file);
410			}
411
412			/**
413			* @param string $command
414			*
415			* @return $this
416			*/
417			public function remoteShell($command)
418			{
419			$this->option('rsh', "$command");
420
421			return $this;
422			}
423
424			/**
425			* {@inheritdoc}
426			*/
427			public function run()
428			{
429			$command = $this->getCommand();
430
431			return $this->executeCommand($command);
432			}
433
434			/**
435			* Returns command that can be executed.
436			* This method is used to pass generated command from one task to another.
437			*
438			* @return string
439			*/
440			public function getCommand()
441			{
442			foreach ((array)$this->fromPath as $from) {
443			$this->option(null, $this->getFromPathSpec($from));
444			}
445			$this->option(null, $this->getToPathSpec());
446
447			return $this->command . $this->arguments;
448			}
449
450			/**
451			* @param string $from
452			*
453			* @return string
454			*/
455			protected function getFromPathSpec($from)
456			{
457			return $this->getPathSpec($this->fromHost, $this->fromUser, $from);
458			}
459
460			/**
461			* @return string
462			*/
463			protected function getToPathSpec()
464			{
465			return $this->getPathSpec($this->toHost, $this->toUser, $this->toPath);
466			}
467
468			/**
469			* @param string $host
470			* @param string $user
471			* @param string $path
472			*
473			* @return string
474			*/
475			protected function getPathSpec($host, $user, $path)
476			{
477			$spec = isset($path) ? $path : '';
478			if (!empty($host)) {
479			$spec = "{$host}:{$spec}";
480			}
481			if (!empty($user)) {
482			$spec = "{$user}@{$spec}";
483			}
484
485			return $spec;
486			}
487			}
488

consolidation / robo

Issues (569)

Security Analysis not enabled

src/Task/Remote/Rsync.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like