This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace PHPSA\Command; |
||
4 | |||
5 | use PhpParser\ParserFactory; |
||
6 | use PHPSA\Application; |
||
7 | use PHPSA\Compiler; |
||
8 | use PHPSA\Context; |
||
9 | use PHPSA\Definition\FileParser; |
||
10 | use RecursiveDirectoryIterator; |
||
11 | use RecursiveIteratorIterator; |
||
12 | use SplFileInfo; |
||
13 | use FilesystemIterator; |
||
14 | use Symfony\Component\Console\Input\InputArgument; |
||
15 | use Symfony\Component\Console\Input\InputInterface; |
||
16 | use Symfony\Component\Console\Input\InputOption; |
||
17 | use Symfony\Component\Console\Output\OutputInterface; |
||
18 | use Webiny\Component\EventManager\EventManager; |
||
19 | |||
20 | /** |
||
21 | * Command to run compiler on files (no analyzer) |
||
22 | */ |
||
23 | class CompileCommand extends AbstractCommand |
||
24 | { |
||
25 | /** |
||
26 | * {@inheritdoc} |
||
27 | */ |
||
28 | 1 | protected function configure() |
|
29 | { |
||
30 | $this |
||
31 | 1 | ->setName('compile') |
|
32 | 1 | ->setDescription('Runs compiler on all files in path') |
|
33 | 1 | ->addOption('config-file', null, InputOption::VALUE_REQUIRED, 'Path to the configuration file.') |
|
34 | 1 | ->addArgument('path', InputArgument::OPTIONAL, 'Path to check file or directory', '.'); |
|
35 | 1 | } |
|
36 | |||
37 | /** |
||
38 | * {@inheritdoc} |
||
39 | */ |
||
40 | protected function execute(InputInterface $input, OutputInterface $output) |
||
0 ignored issues
–
show
|
|||
41 | { |
||
42 | $output->writeln(''); |
||
43 | |||
44 | if (extension_loaded('xdebug')) { |
||
45 | /** |
||
46 | * This will disable only showing stack traces on error conditions. |
||
47 | */ |
||
48 | if (function_exists('xdebug_disable')) { |
||
49 | xdebug_disable(); |
||
50 | } |
||
51 | |||
52 | $output->writeln('<error>It is highly recommended to disable the XDebug extension before invoking this command.</error>'); |
||
53 | } |
||
54 | |||
55 | /** @var Application $application */ |
||
56 | $application = $this->getApplication(); |
||
57 | $application->compiler = new Compiler(); |
||
58 | |||
59 | $configFile = $input->getOption('config-file') ?: '.phpsa.yml'; |
||
60 | $configDir = realpath($input->getArgument('path')); |
||
61 | $application->configuration = $this->loadConfiguration($configFile, $configDir); |
||
62 | |||
63 | $parser = $this->createParser($application); |
||
0 ignored issues
–
show
$application is of type object<PHPSA\Application> , but the function expects a string .
It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { }
$x = '123'; // string "123"
// Instead of
acceptsInteger($x);
// we recommend to use
acceptsInteger((integer) $x);
Loading history...
|
|||
64 | |||
65 | $output->writeln('Used config file: ' . $application->configuration->getPath()); |
||
66 | |||
67 | $em = EventManager::getInstance(); |
||
0 ignored issues
–
show
|
|||
68 | $context = new Context($output, $application, $em); |
||
69 | |||
70 | $fileParser = new FileParser( |
||
71 | $parser, |
||
72 | $application->compiler |
||
73 | ); |
||
74 | |||
75 | $path = $input->getArgument('path'); |
||
76 | if (is_dir($path)) { |
||
77 | $directoryIterator = new RecursiveIteratorIterator( |
||
78 | new RecursiveDirectoryIterator($path, FilesystemIterator::SKIP_DOTS) |
||
79 | ); |
||
80 | $output->writeln('Scanning directory <info>' . $path . '</info>'); |
||
81 | |||
82 | $count = 0; |
||
83 | |||
84 | $ignore = $application->configuration->getValue('ignore'); |
||
85 | /** @var SplFileInfo $file */ |
||
86 | foreach ($directoryIterator as $file) { |
||
87 | $skip = 0; |
||
88 | foreach ($ignore as $item) { |
||
89 | $item = preg_replace('#/+#', '/', ($path . $item)); |
||
90 | |||
91 | if (preg_match("#$item#", $file->getPathname())) { |
||
92 | $skip = 1; |
||
93 | break; |
||
94 | } |
||
95 | } |
||
96 | |||
97 | if ($file->getExtension() !== 'php' || $skip) { |
||
98 | continue; |
||
99 | } |
||
100 | |||
101 | $context->debug($file->getPathname()); |
||
102 | $count++; |
||
103 | } |
||
104 | |||
105 | $output->writeln("Found <info>{$count} files</info>"); |
||
106 | |||
107 | if ($count > 100) { |
||
108 | $output->writeln('<comment>Caution: You are trying to scan a lot of files; this might be slow. For bigger libraries, consider setting up a dedicated platform or using ci.lowl.io.</comment>'); |
||
109 | } |
||
110 | |||
111 | $output->writeln(''); |
||
112 | |||
113 | /** @var SplFileInfo $file */ |
||
114 | foreach ($directoryIterator as $file) { |
||
115 | $skip = 0; |
||
116 | foreach ($ignore as $item) { |
||
117 | $item = preg_replace('#/+#', '/', ($path . $item)); |
||
118 | |||
119 | if (preg_match("#$item#", $file->getPathname())) { |
||
120 | $skip = 1; |
||
121 | break; |
||
122 | } |
||
123 | } |
||
124 | |||
125 | if ($file->getExtension() !== 'php' || $skip) { |
||
126 | continue; |
||
127 | } |
||
128 | |||
129 | $fileParser->parserFile($file->getPathname(), $context); |
||
130 | } |
||
131 | } elseif (is_file($path)) { |
||
132 | $fileParser->parserFile($path, $context); |
||
0 ignored issues
–
show
It seems like
$path defined by $input->getArgument('path') on line 75 can also be of type array<integer,string> or null ; however, PHPSA\Definition\FileParser::parserFile() does only seem to accept string , maybe add an additional type check?
If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /**
* @return array|string
*/
function returnsDifferentValues($x) {
if ($x) {
return 'foo';
}
return array();
}
$x = returnsDifferentValues($y);
if (is_array($x)) {
// $x is an array.
}
If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue.
Loading history...
|
|||
133 | } |
||
134 | |||
135 | |||
136 | /** |
||
137 | * Step 2 Recursive check ... |
||
138 | */ |
||
139 | $application->compiler->compile($context); |
||
140 | |||
141 | $output->writeln(''); |
||
142 | $output->writeln('Memory usage: ' . $this->getMemoryUsage(false) . ' (peak: ' . $this->getMemoryUsage(true) . ') MB'); |
||
143 | } |
||
144 | } |
||
145 |
A high number of execution paths generally suggests many nested conditional statements and make the code less readible. This can usually be fixed by splitting the method into several smaller methods.
You can also find more information in the “Code” section of your repository.