Issues in Task.php (dev-1817) - Issues in dev-1817 - phingofficial/phing - Measure and Improve Code Quality continuously with Scrutinizer

Issues (557)

Security Analysis not enabled

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Phing/Task.php (1 issue)

Labels

Bug 1

Severity

Major 1

<?php

/**
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
 * A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
 * OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
 * SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
 * LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
 * DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
 * THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
 * (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
 * OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
 *
 * This software consists of voluntary contributions made by many individuals
 * and is licensed under the LGPL. For more information please see
 * <http://phing.info>.
 */

namespace Phing;

use Error;
use Exception;
use Phing\Dispatch\DispatchUtils;
use Phing\Exception\BuildException;
use Phing\Listener\BuildEvent;
use Phing\Listener\BuildListener;
use Phing\Util\Register;
use Phing\Util\RegisterSlot;

/**
 * The base class for all Tasks.
 *
 * Use {@link Project#createTask} to register a new Task.
 *
 * @author    Andreas Aderhold <[email protected]>
 * @copyright 2001,2002 THYRELL. All rights reserved
 *
 * @see       Project#createTask()
 */
abstract class Task extends ProjectComponent
{
    /**
     * Owning Target object.
     *
     * @var Target
     */
    protected $target;

    /**
     * Internal taskname (req).
     *
     * @var string
     */
    protected $taskType;

    /**
     * Taskname for logger.
     *
     * @var string
     */
    protected $taskName;

    /**
     * Wrapper of the task.
     *
     * @var RuntimeConfigurable
     */
    protected $wrapper;
    private $invalid;
    /**
     * Replacement element used if this task is invalidated.
     *
     * @var UnknownElement
     */
    private $replacement;

    /**
     * @return RuntimeConfigurable
     */
    public function getWrapper()
    {
        return $this->wrapper;
    }

    /**
     * Provides a project level log event to the task.
     *
     * @param string $msg   The message to log
     * @param int    $level The priority of the message
     *
     * @see   BuildEvent
     * @see   BuildListener
     */
    public function log($msg, $level = Project::MSG_INFO, ?Exception $t = null)
    {
        if (null !== $this->getProject()) {
            $this->getProject()->logObject($this, $msg, $level, $t);
        } else {
            parent::log($msg, $level);
        }
    }

    /**
     * Called by the parser to let the task initialize properly.
     * Should throw a BuildException if something goes wrong with the build.
     *
     * This is abstract here, but may not be overloaded by subclasses.
     *
     * @throws BuildException
     */
    public function init()
    {
    }

    /**
     *  Called by the project to let the task do it's work. This method may be
     *  called more than once, if the task is invoked more than once. For
     *  example, if target1 and target2 both depend on target3, then running
     *  <em>phing target1 target2</em> will run all tasks in target3 twice.
     *
     *  Should throw a BuildException if someting goes wrong with the build
     *
     *  This is abstract here. Must be overloaded by real tasks.
     */
    abstract public function main();

    /**
     * Returns the wrapper object for runtime configuration.
     *
     * @return RuntimeConfigurable The wrapper object used by this task
     */
    public function getRuntimeConfigurableWrapper()
    {
        if (null === $this->wrapper) {
            $this->wrapper = new RuntimeConfigurable($this, $this->getTaskName());
        }

        return $this->wrapper;
    }

    /**
     * Returns the name of task, used only for log messages.
     *
     * @return string Name of this task
     */
    public function getTaskName()
    {
        if (null === $this->taskName) {
            // if no task name is set, then it's possible
            // this task was created from within another task.  We don't
            // therefore know the XML tag name for this task, so we'll just
            // use the class name stripped of "task" suffix.  This is only
            // for log messages, so we don't have to worry much about accuracy.
            return preg_replace('/task$/i', '', get_class($this));
        }

        return $this->taskName;
    }

    /**
     * Sets the name of this task for log messages.
     *
     * @param string $name
     */
    public function setTaskName($name)
    {
        $this->taskName = (string) $name;
    }

    /**
     * Marks this task as invalid. Any further use of this task
     * will go through a replacement with the updated definition.
     */
    public function markInvalid()
    {
        $this->invalid = true;
    }

    /**
     * Perfrom this task.
     *
     * @throws BuildException
     * @throws Error
     */
    public function perform(): void
    {
        if ($this->invalid) {
            $this->getReplacement()->getTask()->perform();
        } else {
            $reason = null;

            try { // try executing task
                $this->project->fireTaskStarted($this);
                $this->maybeConfigure();
                DispatchUtils::main($this);
            } catch (BuildException $ex) {
                $loc = $ex->getLocation();
                if (null === $loc || '' === (string) $loc) {
                    $ex->setLocation($this->getLocation());
                }
                $reason = $ex;

                throw $ex;
            } catch (Exception $ex) {
                $reason = $ex;
                $be = new BuildException($ex);
                $be->setLocation($this->getLocation());

                throw $be;
            } catch (Error $ex) {
                $reason = $ex;

                throw $ex;
            } finally {
                $this->project->fireTaskFinished($this, $reason);
            }
        }
    }

    /**
     *  Configure this task if it hasn't been done already.
     */
    public function maybeConfigure()
    {
        if ($this->invalid) {
            $this->getReplacement();
        } elseif (null !== $this->wrapper) {
            $this->wrapper->maybeConfigure($this->project);
        }
    }

    /**
     * Force the task to be reconfigured from its RuntimeConfigurable.
     */
    public function reconfigure()
    {
        if (null !== $this->wrapper) {
            $this->wrapper->reconfigure($this->getProject());
        }
    }

    /**
     * Sets the owning target this task belongs to.
     *
     * @param Target Reference to owning target
filter:
    dependency_paths: ["lib/*"]
     */
    public function setOwningTarget(Target $target): void
    {
        $this->target = $target;
    }

    /**
     *  Sets the wrapper object this task should use for runtime
     *  configurable elements.
     *
     * @param RuntimeConfigurable $wrapper The wrapper object this task should use
     */
    public function setRuntimeConfigurableWrapper(RuntimeConfigurable $wrapper): void
    {
        $this->wrapper = $wrapper;
    }

    /**
     * Bind a task to another; use this when configuring a newly created
     * task to do work on behalf of another.
     * Project, OwningTarget, TaskName, Location and Description are all copied.
     *
     * Important: this method does not call {@link Task#init()}.
     * If you are creating a task to delegate work to, call {@link Task#init()}
     * to initialize it.
     *
     * @param Task $owner owning target
     */
    public function bindToOwner(Task $owner): void
    {
        $this->setProject($owner->getProject());
        $this->setOwningTarget($owner->getOwningTarget());
        $this->setTaskName($owner->getTaskName());
        $this->setDescription($owner->getDescription());
        $this->setLocation($owner->getLocation());
        $this->setTaskType($owner->getTaskType());
    }

    /**
     * Returns the owning target of this task.
     *
     * @return Target The target object that owns this task
     */
    public function getOwningTarget()
    {
        return $this->target;
    }

    /**
     * Returns the name of the task under which it was invoked,
     * usually the XML tagname.
     *
     * @return string The type of this task (XML Tag)
     */
    public function getTaskType()
    {
        return $this->taskType;
    }

    /**
     * Sets the type of the task. Usually this is the name of the XML tag.
     *
     * @param string $name The type of this task (XML Tag)
     */
    public function setTaskType($name)
    {
        $this->taskType = (string) $name;
    }

    /**
     * Returns a name.
     *
     * @param string $slotName
     *
     * @return RegisterSlot
     */
    protected function getRegisterSlot($slotName)
    {
        return Register::getSlot('task.' . $this->getTaskName() . '.' . $slotName);
    }

    /**
     * Has this task been marked invalid?
     *
     * @return bool true if this task is no longer valid. A new task should be
     *              configured in this case.
     */
    protected function isInvalid()
    {
        return $this->invalid;
    }

    private function getReplacement(): UnknownElement
    {
        if (null === $this->replacement) {
            $this->replacement = new UnknownElement($this->taskType);
            $this->replacement->setProject($this->getProject());
            $this->replacement->setTaskType($this->taskType);
            $this->replacement->setTaskName($this->taskName);
            $this->replacement->setLocation($this->getLocation());
            $this->replacement->setOwningTarget($this->target);
            $this->replacement->setRuntimeConfigurableWrapper($this->wrapper);
            $this->wrapper->setProxy($this->replacement);
            $this->replaceChildren($this->wrapper, $this->replacement);
            $this->target->replaceChild($this, $this->replacement);
            $this->replacement->maybeConfigure();
        }

        return $this->replacement;
    }

    /**
     * Recursively adds an UnknownElement instance for each child
     * element of replacement.
     */
    private function replaceChildren(RuntimeConfigurable $wrapper, UnknownElement $parentElement): void
    {
        foreach ($wrapper->getChildren() as $childWrapper) {
            $childElement = new UnknownElement($childWrapper->getElementTag());
            $parentElement->addChild($childElement);
            $childElement->setProject($this->getProject());
            $childElement->setRuntimeConfigurableWrapper($childWrapper);
            $childWrapper->setProxy($childElement);
            $this->replaceChildren($childWrapper, $childElement);
        }
    }
}


1		<?php
2
3		/**
4		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
5		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
6		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR
7		* A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT
8		* OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
9		* SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT
10		* LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE,
11		* DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY
12		* THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT
13		* (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE
14		* OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
15		*
16		* This software consists of voluntary contributions made by many individuals
17		* and is licensed under the LGPL. For more information please see
18		* <http://phing.info>.
19		*/
20
21		namespace Phing;
22
23		use Error;
24		use Exception;
25		use Phing\Dispatch\DispatchUtils;
26		use Phing\Exception\BuildException;
27		use Phing\Listener\BuildEvent;
28		use Phing\Listener\BuildListener;
29		use Phing\Util\Register;
30		use Phing\Util\RegisterSlot;
31
32		/**
33		* The base class for all Tasks.
34		*
35		* Use {@link Project#createTask} to register a new Task.
36		*
37		* @author Andreas Aderhold <[email protected]>
38		* @copyright 2001,2002 THYRELL. All rights reserved
39		*
40		* @see Project#createTask()
41		*/
42		abstract class Task extends ProjectComponent
43		{
44		/**
45		* Owning Target object.
46		*
47		* @var Target
48		*/
49		protected $target;
50
51		/**
52		* Internal taskname (req).
53		*
54		* @var string
55		*/
56		protected $taskType;
57
58		/**
59		* Taskname for logger.
60		*
61		* @var string
62		*/
63		protected $taskName;
64
65		/**
66		* Wrapper of the task.
67		*
68		* @var RuntimeConfigurable
69		*/
70		protected $wrapper;
71		private $invalid;
72		/**
73		* Replacement element used if this task is invalidated.
74		*
75		* @var UnknownElement
76		*/
77		private $replacement;
78
79		/**
80		* @return RuntimeConfigurable
81		*/
82	767	public function getWrapper()
83		{
84	767	return $this->wrapper;
85		}
86
87		/**
88		* Provides a project level log event to the task.
89		*
90		* @param string $msg The message to log
91		* @param int $level The priority of the message
92		*
93		* @see BuildEvent
94		* @see BuildListener
95		*/
96	622	public function log($msg, $level = Project::MSG_INFO, ?Exception $t = null)
97		{
98	622	if (null !== $this->getProject()) {
99	620	$this->getProject()->logObject($this, $msg, $level, $t);
100		} else {
101	3	parent::log($msg, $level);
102		}
103		}
104
105		/**
106		* Called by the parser to let the task initialize properly.
107		* Should throw a BuildException if something goes wrong with the build.
108		*
109		* This is abstract here, but may not be overloaded by subclasses.
110		*
111		* @throws BuildException
112		*/
113	713	public function init()
114		{
115	713	}
116
117		/**
118		* Called by the project to let the task do it's work. This method may be
119		* called more than once, if the task is invoked more than once. For
120		* example, if target1 and target2 both depend on target3, then running
121		* <em>phing target1 target2</em> will run all tasks in target3 twice.
122		*
123		* Should throw a BuildException if someting goes wrong with the build
124		*
125		* This is abstract here. Must be overloaded by real tasks.
126		*/
127		abstract public function main();
128
129		/**
130		* Returns the wrapper object for runtime configuration.
131		*
132		* @return RuntimeConfigurable The wrapper object used by this task
133		*/
134	33	public function getRuntimeConfigurableWrapper()
135		{
136	33	if (null === $this->wrapper) {
137		$this->wrapper = new RuntimeConfigurable($this, $this->getTaskName());
138		}
139
140	33	return $this->wrapper;
141		}
142
143		/**
144		* Returns the name of task, used only for log messages.
145		*
146		* @return string Name of this task
147		*/
148	108	public function getTaskName()
149		{
150	108	if (null === $this->taskName) {
151		// if no task name is set, then it's possible
152		// this task was created from within another task. We don't
153		// therefore know the XML tag name for this task, so we'll just
154		// use the class name stripped of "task" suffix. This is only
155		// for log messages, so we don't have to worry much about accuracy.
156		return preg_replace('/task$/i', '', get_class($this));
157		}
158
159	108	return $this->taskName;
160		}
161
162		/**
163		* Sets the name of this task for log messages.
164		*
165		* @param string $name
166		*/
167	901	public function setTaskName($name)
168		{
169	901	$this->taskName = (string) $name;
170		}
171
172		/**
173		* Marks this task as invalid. Any further use of this task
174		* will go through a replacement with the updated definition.
175		*/
176		public function markInvalid()
177		{
178		$this->invalid = true;
179		}
180
181		/**
182		* Perfrom this task.
183		*
184		* @throws BuildException
185		* @throws Error
186		*/
187	770	public function perform(): void
188		{
189	770	if ($this->invalid) {
190		$this->getReplacement()->getTask()->perform();
191		} else {
192	770	$reason = null;
193
194		try { // try executing task
195	770	$this->project->fireTaskStarted($this);
196	770	$this->maybeConfigure();
197	769	DispatchUtils::main($this);
198	181	} catch (BuildException $ex) {
199	170	$loc = $ex->getLocation();
200	170	if (null === $loc \|\| '' === (string) $loc) {
201	161	$ex->setLocation($this->getLocation());
202		}
203	170	$reason = $ex;
204
205	170	throw $ex;
206	11	} catch (Exception $ex) {
207	11	$reason = $ex;
208	11	$be = new BuildException($ex);
209	11	$be->setLocation($this->getLocation());
210
211	11	throw $be;
212		} catch (Error $ex) {
213		$reason = $ex;
214
215		throw $ex;
216		} finally {
217	770	$this->project->fireTaskFinished($this, $reason);
218		}
219		}
220		}
221
222		/**
223		* Configure this task if it hasn't been done already.
224		*/
225	765	public function maybeConfigure()
226		{
227	765	if ($this->invalid) {
228		$this->getReplacement();
229	765	} elseif (null !== $this->wrapper) {
230	762	$this->wrapper->maybeConfigure($this->project);
231		}
232		}
233
234		/**
235		* Force the task to be reconfigured from its RuntimeConfigurable.
236		*/
237		public function reconfigure()
238		{
239		if (null !== $this->wrapper) {
240		$this->wrapper->reconfigure($this->getProject());
241		}
242		}
243
244		/**
245		* Sets the owning target this task belongs to.
246		*
247		* @param Target Reference to owning target
		0 ignored issues – show Bug introduced 2021-01-24 21:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The type `Phing\Reference` was not found. Maybe you did not declare it correctly or list all dependencies? The issue could also be caused by a filter entry in the build configuration. If the path has been excluded in your configuration, e.g. `excluded_paths: ["lib/"]`, you can move it to the dependency path list as follows: filter: dependency_paths: ["lib/"] For further information see https://scrutinizer-ci.com/docs/tools/php/php-scrutinizer/#list-dependency-paths Loading history...
248		*/
249	904	public function setOwningTarget(Target $target): void
250		{
251	904	$this->target = $target;
252		}
253
254		/**
255		* Sets the wrapper object this task should use for runtime
256		* configurable elements.
257		*
258		* @param RuntimeConfigurable $wrapper The wrapper object this task should use
259		*/
260	901	public function setRuntimeConfigurableWrapper(RuntimeConfigurable $wrapper): void
261		{
262	901	$this->wrapper = $wrapper;
263		}
264
265		/**
266		* Bind a task to another; use this when configuring a newly created
267		* task to do work on behalf of another.
268		* Project, OwningTarget, TaskName, Location and Description are all copied.
269		*
270		* Important: this method does not call {@link Task#init()}.
271		* If you are creating a task to delegate work to, call {@link Task#init()}
272		* to initialize it.
273		*
274		* @param Task $owner owning target
275		*/
276	14	public function bindToOwner(Task $owner): void
277		{
278	14	$this->setProject($owner->getProject());
279	14	$this->setOwningTarget($owner->getOwningTarget());
280	14	$this->setTaskName($owner->getTaskName());
281	14	$this->setDescription($owner->getDescription());
282	14	$this->setLocation($owner->getLocation());
283	14	$this->setTaskType($owner->getTaskType());
284		}
285
286		/**
287		* Returns the owning target of this task.
288		*
289		* @return Target The target object that owns this task
290		*/
291	773	public function getOwningTarget()
292		{
293	773	return $this->target;
294		}
295
296		/**
297		* Returns the name of the task under which it was invoked,
298		* usually the XML tagname.
299		*
300		* @return string The type of this task (XML Tag)
301		*/
302	22	public function getTaskType()
303		{
304	22	return $this->taskType;
305		}
306
307		/**
308		* Sets the type of the task. Usually this is the name of the XML tag.
309		*
310		* @param string $name The type of this task (XML Tag)
311		*/
312	901	public function setTaskType($name)
313		{
314	901	$this->taskType = (string) $name;
315		}
316
317		/**
318		* Returns a name.
319		*
320		* @param string $slotName
321		*
322		* @return RegisterSlot
323		*/
324	59	protected function getRegisterSlot($slotName)
325		{
326	59	return Register::getSlot('task.' . $this->getTaskName() . '.' . $slotName);
327		}
328
329		/**
330		* Has this task been marked invalid?
331		*
332		* @return bool true if this task is no longer valid. A new task should be
333		* configured in this case.
334		*/
335		protected function isInvalid()
336		{
337		return $this->invalid;
338		}
339
340		private function getReplacement(): UnknownElement
341		{
342		if (null === $this->replacement) {
343		$this->replacement = new UnknownElement($this->taskType);
344		$this->replacement->setProject($this->getProject());
345		$this->replacement->setTaskType($this->taskType);
346		$this->replacement->setTaskName($this->taskName);
347		$this->replacement->setLocation($this->getLocation());
348		$this->replacement->setOwningTarget($this->target);
349		$this->replacement->setRuntimeConfigurableWrapper($this->wrapper);
350		$this->wrapper->setProxy($this->replacement);
351		$this->replaceChildren($this->wrapper, $this->replacement);
352		$this->target->replaceChild($this, $this->replacement);
353		$this->replacement->maybeConfigure();
354		}
355
356		return $this->replacement;
357		}
358
359		/**
360		* Recursively adds an UnknownElement instance for each child
361		* element of replacement.
362		*/
363		private function replaceChildren(RuntimeConfigurable $wrapper, UnknownElement $parentElement): void
364		{
365		foreach ($wrapper->getChildren() as $childWrapper) {
366		$childElement = new UnknownElement($childWrapper->getElementTag());
367		$parentElement->addChild($childElement);
368		$childElement->setProject($this->getProject());
369		$childElement->setRuntimeConfigurableWrapper($childWrapper);
370		$childWrapper->setProxy($childElement);
371		$this->replaceChildren($childWrapper, $childElement);
372		}
373		}
374		}
375

phingofficial / phing

Issues (557)

Security Analysis not enabled

src/Phing/Task.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like