Issues in writable.php - New Issues - Inspection of "Avoid zombie processes in http user resolution. (#..." - deployphp/deployer - Measure and Improve Code Quality continuously with Scrutinizer

Passed

Push — master ( 2e54dc...10ba0f )

by Anton

created 2019-05-16 07:51 UTC

recipe/deploy/writable.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/* (c) Anton Medvedev <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Deployer;

desc('Make writable dirs');
task('deploy:writable', function () {
    $dirs = join(' ', get('writable_dirs'));
    $mode = get('writable_mode');
    $sudo = get('writable_use_sudo') ? 'sudo' : '';
    $httpUser = get('http_user', false);
    $runOpts = [];
    if ($sudo) {
        $runOpts['tty'] = get('writable_tty', false);
    }

    if (empty($dirs)) {
        return;
    }

    if ($httpUser === false && ! in_array($mode, ['chgrp', 'chmod'], true)) {
        // Attempt to detect http user in process list.
        $httpUserCandidates = explode("\n", run("ps axo comm,user | grep -E '[a]pache|[h]ttpd|[_]www|[w]ww-data|[n]ginx' | grep -v root | sort | awk '{print $NF}' | uniq"));

        if (count($httpUserCandidates) === 1) {
            $httpUser = $httpUserCandidates[0];
        }

        if (empty($httpUser)) {
            throw new \RuntimeException(
                "Can't detect http user name.\n" .
                "Please setup `http_user` config parameter."
            );
        }
    }

    try {
        cd('{{release_path}}');

        // Create directories if they don't exist
        run("mkdir -p $dirs");

        $recursive = get('writable_recursive') ? '-R' : '';

        if ($mode === 'chown') {
            // Change owner.
            // -R   operate on files and directories recursively
            // -L   traverse every symbolic link to a directory encountered
            run("$sudo chown -L $recursive $httpUser $dirs", $runOpts);
        } elseif ($mode === 'chgrp') {
            // Change group ownership.
            // -R   operate on files and directories recursively
            // -L   if a command line argument is a symbolic link to a directory, traverse it
            $httpGroup = get('http_group', false);
            if ($httpGroup === false) {
                throw new \RuntimeException("Please setup `http_group` config parameter.");
            }
            run("$sudo chgrp -H $recursive $httpGroup $dirs", $runOpts);
        } elseif ($mode === 'chmod') {
            // in chmod mode, defined `writable_chmod_recursive` has priority over common `writable_recursive`
            if (is_bool(get('writable_chmod_recursive'))) {
                $recursive = get('writable_chmod_recursive') ? '-R' : '';
            }
            run("$sudo chmod $recursive {{writable_chmod_mode}} $dirs", $runOpts);
        } elseif ($mode === 'acl') {
            if (strpos(run("chmod 2>&1; true"), '+a') !== false) {
                // Try OS-X specific setting of access-rights

                run("$sudo chmod +a \"$httpUser allow delete,write,append,file_inherit,directory_inherit\" $dirs", $runOpts);
                run("$sudo chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" $dirs", $runOpts);
            } elseif (commandExist('setfacl')) {
                if (!empty($sudo)) {
                    run("$sudo setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs", $runOpts);
                    run("$sudo setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs", $runOpts);
                } else {
                    // When running without sudo, exception may be thrown
                    // if executing setfacl on files created by http user (in directory that has been setfacl before).
                    // These directories/files should be skipped.
                    // Now, we will check each directory for ACL and only setfacl for which has not been set before.
                    $writeableDirs = get('writable_dirs');
                    foreach ($writeableDirs as $dir) {
                        // Check if ACL has been set or not
                        $hasfacl = run("getfacl -p $dir | grep \"^user:$httpUser:.*w\" | wc -l");
                        // Set ACL for directory if it has not been set before
                        if (!$hasfacl) {
                            run("setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
                            run("setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
                        }
                    }
                }
            } else {
                throw new \RuntimeException("Can't set writable dirs with ACL.");
            }
        } else {
            throw new \RuntimeException("Unknown writable_mode `$mode`.");
        }
    } catch (\RuntimeException $e) {
        $formatter = Deployer::get()->getHelper('formatter');

        $errorMessage = [
            "Unable to setup correct permissions for writable dirs.                  ",
            "You need to configure sudo's sudoers files to not prompt for password,",
            "or setup correct permissions manually.                                  ",
        ];
        write($formatter->formatBlock($errorMessage, 'error', true));

        throw $e;
    }
});


1		<?php
2		/* (c) Anton Medvedev <[email protected]>
3		*
4		* For the full copyright and license information, please view the LICENSE
5		* file that was distributed with this source code.
6		*/
7
8		namespace Deployer;
9
10	11	desc('Make writable dirs');
11		task('deploy:writable', function () {
12	3	$dirs = join(' ', get('writable_dirs'));
13	3	$mode = get('writable_mode');
14	3	$sudo = get('writable_use_sudo') ? 'sudo' : '';
15	3	$httpUser = get('http_user', false);
16	3	$runOpts = [];
17	3	if ($sudo) {
18		$runOpts['tty'] = get('writable_tty', false);
19		}
20
21	3	if (empty($dirs)) {
22		return;
23		}
24
25	3	if ($httpUser === false && ! in_array($mode, ['chgrp', 'chmod'], true)) {
26		// Attempt to detect http user in process list.
27		$httpUserCandidates = explode("\n", run("ps axo comm,user \| grep -E '[a]pache\|[h]ttpd\|[_]www\|[w]ww-data\|[n]ginx' \| grep -v root \| sort \| awk '{print $NF}' \| uniq"));
		0 ignored issues – show Bug introduced 2019-01-31 16:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$NF` does not exist. Did you forget to declare it? This check marks access to variables or properties that have not been declared yet. While PHP has no explicit notion of declaring a variable, accessing it before a value is assigned to it is most likely a bug. Loading history...
28		if (count($httpUserCandidates) === 1) {
29		$httpUser = $httpUserCandidates[0];
30		}
31
32		if (empty($httpUser)) {
33		throw new \RuntimeException(
34		"Can't detect http user name.\n" .
35		"Please setup `http_user` config parameter."
36		);
37		}
38		}
39
40		try {
41	3	cd('{{release_path}}');
42
43		// Create directories if they don't exist
44	3	run("mkdir -p $dirs");
45
46	3	$recursive = get('writable_recursive') ? '-R' : '';
47
48	3	if ($mode === 'chown') {
49		// Change owner.
50		// -R operate on files and directories recursively
51		// -L traverse every symbolic link to a directory encountered
52		run("$sudo chown -L $recursive $httpUser $dirs", $runOpts);
53	3	} elseif ($mode === 'chgrp') {
54		// Change group ownership.
55		// -R operate on files and directories recursively
56		// -L if a command line argument is a symbolic link to a directory, traverse it
57		$httpGroup = get('http_group', false);
58		if ($httpGroup === false) {
59		throw new \RuntimeException("Please setup `http_group` config parameter.");
60		}
61		run("$sudo chgrp -H $recursive $httpGroup $dirs", $runOpts);
62	3	} elseif ($mode === 'chmod') {
63		// in chmod mode, defined `writable_chmod_recursive` has priority over common `writable_recursive`
64		if (is_bool(get('writable_chmod_recursive'))) {
65		$recursive = get('writable_chmod_recursive') ? '-R' : '';
66		}
67		run("$sudo chmod $recursive {{writable_chmod_mode}} $dirs", $runOpts);
68	3	} elseif ($mode === 'acl') {
69	3	if (strpos(run("chmod 2>&1; true"), '+a') !== false) {
70		// Try OS-X specific setting of access-rights
71
72		run("$sudo chmod +a \"$httpUser allow delete,write,append,file_inherit,directory_inherit\" $dirs", $runOpts);
73		run("$sudo chmod +a \"`whoami` allow delete,write,append,file_inherit,directory_inherit\" $dirs", $runOpts);
74	3	} elseif (commandExist('setfacl')) {
75	3	if (!empty($sudo)) {
76		run("$sudo setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs", $runOpts);
77		run("$sudo setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dirs", $runOpts);
78		} else {
79		// When running without sudo, exception may be thrown
80		// if executing setfacl on files created by http user (in directory that has been setfacl before).
81		// These directories/files should be skipped.
82		// Now, we will check each directory for ACL and only setfacl for which has not been set before.
83	3	$writeableDirs = get('writable_dirs');
84	3	foreach ($writeableDirs as $dir) {
85		// Check if ACL has been set or not
86	3	$hasfacl = run("getfacl -p $dir \| grep \"^user:$httpUser:.*w\" \| wc -l");
87		// Set ACL for directory if it has not been set before
88	3	if (!$hasfacl) {
89	3	run("setfacl -L $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
90	3	run("setfacl -dL $recursive -m u:\"$httpUser\":rwX -m u:`whoami`:rwX $dir");
91		}
92		}
93		}
94		} else {
95	3	throw new \RuntimeException("Can't set writable dirs with ACL.");
96		}
97		} else {
98	3	throw new \RuntimeException("Unknown writable_mode `$mode`.");
99		}
100		} catch (\RuntimeException $e) {
101		$formatter = Deployer::get()->getHelper('formatter');
102
103		$errorMessage = [
104		"Unable to setup correct permissions for writable dirs. ",
105		"You need to configure sudo's sudoers files to not prompt for password,",
106		"or setup correct permissions manually. ",
107		];
108		write($formatter->formatBlock($errorMessage, 'error', true));
109
110		throw $e;
111		}
112		});
113

GitHub Access Token became invalid

Push — master ( 2e54dc...10ba0f )

recipe/deploy/writable.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

deployphp / deployer

GitHub Access Token became invalid

Push — master ( 2e54dc...10ba0f )

recipe/deploy/writable.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like