Issues in RunCommand.php (develop) - Issues in develop - phpDocumentor/phpDocumentor - Measure and Improve Code Quality continuously with Scrutinizer

Issues (387)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Console/Command/Project/RunCommand.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types=1);

/**
 * This file is part of phpDocumentor.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @author    Mike van Riel <[email protected]>
 * @copyright 2010-2018 Mike van Riel / Naenius (http://www.naenius.com)
 * @license   http://www.opensource.org/licenses/mit-license.php MIT
 * @link      http://phpdoc.org
 */

namespace phpDocumentor\Console\Command\Project;

use League\Pipeline\Pipeline;
use phpDocumentor\Descriptor\ProjectDescriptorBuilder;
use phpDocumentor\Event\Dispatcher;
use phpDocumentor\Parser\Event\PreFileEvent;
use phpDocumentor\Parser\Event\PreParsingEvent;
use phpDocumentor\Transformer\Event\PostTransformationEvent;
use phpDocumentor\Transformer\Event\PreTransformEvent;
use phpDocumentor\Transformer\Transformer;
use Psr\Log\LoggerInterface;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Helper\ProgressBar;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;

/**
 * Parse and transform the given directory (-d|-f) to the given location (-t).
 *
 * phpDocumentor creates documentation from PHP source files. The simplest way
 * to use it is:
 *
 *     $ phpdoc run -d <directory to parse> -t <output directory>
 *
 * This will parse every file ending with .php, .php3 and .phtml in <directory
 * to parse> and then output a HTML site containing easily readable documentation
 * in <output directory>.
 *
 * phpDocumentor will try to look for a phpdoc.dist.xml or phpdoc.xml file in your
 * current working directory and use that to override the default settings if
 * present. In the configuration file can you specify the same settings (and
 * more) as the command line provides.
 */
class RunCommand extends Command
{
    /** @var ProjectDescriptorBuilder */
    private $projectDescriptorBuilder;

    /** @var Pipeline */
    private $pipeline;

    /** @var ProgressBar */
    private $progressBar;

    /** @var ProgressBar */
    private $transformerProgressBar;

    /** @var LoggerInterface */
    private $logger;

    /**
     * RunCommand constructor.
     */
    public function __construct(
        ProjectDescriptorBuilder $projectDescriptorBuilder,
        Pipeline $pipeline,
        LoggerInterface $logger
    ) {
        parent::__construct('project:run');

        $this->projectDescriptorBuilder = $projectDescriptorBuilder;
        $this->pipeline = $pipeline;
        $this->logger = $logger;
    }

    /**
     * Initializes this command and sets the name, description, options and
     * arguments.
     */
    protected function configure(): void
    {
        $this->setName('project:run')
            ->setAliases(['run'])
            ->setDescription(
                'Parses and transforms the given files to a specified location'
            )
            ->setHelp(
                <<<HELP
                phpDocumentor creates documentation from PHP source files. The simplest way
                to use it is:
                
                    <info>$ phpdoc run -d [directory to parse] -t [output directory]</info>
                
                This will parse every file ending with .php, .php3 and .phtml in <directory
                to parse> and then output a HTML site containing easily readable documentation
                in <output directory>.
                
                phpDocumentor will try to look for a phpdoc.dist.xml or phpdoc.xml file in your
                current working directory and use that to override the default settings if
                present. In the configuration file can you specify the same settings (and
                more) as the command line provides.
                
                <comment>Other commands</comment>
                In addition to this command phpDocumentor also supports additional commands:
                
                <comment>Available commands:</comment>
                <info>  help
                  list
                  parse
                  run
                  transform
                <comment>project</comment>
                  project:parse
                  project:run
                  project:transform
                <comment>template</comment>
                  template:generate
                  template:list
                  template:package</info>
                
                You can get a more detailed listing of the commands using the <info>list</info>
                command and get help by prepending the word <info>help</info> to the command
                name.
HELP
            )
            ->addOption(
                'target',
                't',
                InputOption::VALUE_OPTIONAL,
                'Path where to store the generated output'
            )
            ->addOption(
                'cache-folder',
                null,
                InputOption::VALUE_OPTIONAL,
                'Path where to store the cache files'
            )
            ->addOption(
                'filename',
                'f',
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Comma-separated list of files to parse. The wildcards ? and * are supported'
            )
            ->addOption(
                'directory',
                'd',
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Comma-separated list of directories to (recursively) parse'
            )
            ->addOption(
                'encoding',
                null,
                InputOption::VALUE_OPTIONAL,
                'encoding to be used to interpret source files with'
            )
            ->addOption(
                'extensions',
                null,
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Comma-separated list of extensions to parse, defaults to php, php3 and phtml'
            )
            ->addOption(
                'ignore',
                'i',
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Comma-separated list of file(s) and directories (relative to the source-code directory) that will be '
                . 'ignored. Wildcards * and ? are supported'
            )
            ->addOption(
                'ignore-tags',
                null,
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Comma-separated list of tags that will be ignored, defaults to none. package, subpackage and ignore '
                . 'may not be ignored.'
            )
            ->addOption(
                'hidden',
                null,
                InputOption::VALUE_NONE,
                'Use this option to tell phpDocumentor to parse files and directories that begin with a period (.), '
                . 'by default these are ignored'
            )
            ->addOption(
                'ignore-symlinks',
                null,
                InputOption::VALUE_NONE,
                'Ignore symlinks to other files or directories, default is on'
            )
            ->addOption(
                'markers',
                'm',
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Comma-separated list of markers/tags to filter'
            )
            ->addOption(
                'title',
                null,
                InputOption::VALUE_OPTIONAL,
                'Sets the title for this project; default is the phpDocumentor logo'
            )
            ->addOption(
                'force',
                null,
                InputOption::VALUE_NONE,
                'Forces a full build of the documentation, does not increment existing documentation'
            )
            ->addOption(
                'validate',
                null,
                InputOption::VALUE_NONE,
                'Validates every processed file using PHP Lint, costs a lot of performance'
            )
            ->addOption(
                'visibility',
                null,
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Specifies the parse visibility that should be displayed in the documentation (comma separated e.g. '
                . '"public,protected")'
            )
            ->addOption(
                'defaultpackagename',
                null,
                InputOption::VALUE_OPTIONAL,
                'Name to use for the default package.',
                'Default'
            )
            ->addOption(
                'sourcecode',
                null,
                InputOption::VALUE_NONE,
                'Whether to include syntax highlighted source code'
            )
            ->addOption(
                'template',
                null,
                InputOption::VALUE_OPTIONAL | InputOption::VALUE_IS_ARRAY,
                'Name of the template to use (optional)'
            )
            ->addOption(
                'parseprivate',
                null,
                InputOption::VALUE_NONE,
                'Whether to parse DocBlocks marked with @internal tag'
            );

        parent::configure();
    }

    /**
     * Executes the business logic involved with this command.
     */
    protected function execute(InputInterface $input, OutputInterface $output): int
    {
        $output->writeln('phpDocumentor ' . $this->getApplication()->getVersion());
        $output->writeln('');

        $this->observeProgressToShowProgressBars($output);

        $pipeLine = $this->pipeline;
        $pipeLine($input->getOptions());

        if ($output->getVerbosity() === OutputInterface::VERBOSITY_DEBUG) {
            file_put_contents('ast.dump', serialize($this->projectDescriptorBuilder->getProjectDescriptor()));
        }

        $output->writeln('');
        $output->writeln('All done!');

        return 0;
    }

    private function observeProgressToShowProgressBars(OutputInterface $output): void
    {
        if ($output->getVerbosity() !== OutputInterface::VERBOSITY_NORMAL) {
            return;
        }

        Dispatcher::getInstance()->addListener(
            'parser.pre',
            function (PreParsingEvent $event) use ($output) {
                $output->writeln('Parsing files');
                $this->progressBar = new ProgressBar($output, $event->getFileCount());
            }
        );
        Dispatcher::getInstance()->addListener(
            'parser.file.pre',
            function (PreFileEvent $event) {

                $this->progressBar->advance();
            }
        );
        Dispatcher::getInstance()->addListener(
            Transformer::EVENT_PRE_TRANSFORM,
            function (PreTransformEvent $event) use ($output) {
                $output->writeln('');
                $output->writeln('Applying transformations (can take a while)');
                $this->transformerProgressBar = new ProgressBar(
                    $output,
                    count($event->getSubject()->getTemplates()->getTransformations())
                );
            }
        );
        Dispatcher::getInstance()->addListener(
            Transformer::EVENT_POST_TRANSFORMATION,
            function (PostTransformationEvent $event) {

                $this->transformerProgressBar->advance();
            }
        );
    }
}


1			<?php
2			declare(strict_types=1);
3
4			/**
5			* This file is part of phpDocumentor.
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*
10			* @author Mike van Riel <[email protected]>
11			* @copyright 2010-2018 Mike van Riel / Naenius (http://www.naenius.com)
12			* @license http://www.opensource.org/licenses/mit-license.php MIT
13			* @link http://phpdoc.org
14			*/
15
16			namespace phpDocumentor\Console\Command\Project;
17
18			use League\Pipeline\Pipeline;
19			use phpDocumentor\Descriptor\ProjectDescriptorBuilder;
20			use phpDocumentor\Event\Dispatcher;
21			use phpDocumentor\Parser\Event\PreFileEvent;
22			use phpDocumentor\Parser\Event\PreParsingEvent;
23			use phpDocumentor\Transformer\Event\PostTransformationEvent;
24			use phpDocumentor\Transformer\Event\PreTransformEvent;
25			use phpDocumentor\Transformer\Transformer;
26			use Psr\Log\LoggerInterface;
27			use Symfony\Component\Console\Command\Command;
28			use Symfony\Component\Console\Helper\ProgressBar;
29			use Symfony\Component\Console\Input\InputInterface;
30			use Symfony\Component\Console\Input\InputOption;
31			use Symfony\Component\Console\Output\OutputInterface;
32
33			/**
34			* Parse and transform the given directory (-d\|-f) to the given location (-t).
35			*
36			* phpDocumentor creates documentation from PHP source files. The simplest way
37			* to use it is:
38			*
39			* $ phpdoc run -d <directory to parse> -t <output directory>
40			*
41			* This will parse every file ending with .php, .php3 and .phtml in <directory
42			* to parse> and then output a HTML site containing easily readable documentation
43			* in <output directory>.
44			*
45			* phpDocumentor will try to look for a phpdoc.dist.xml or phpdoc.xml file in your
46			* current working directory and use that to override the default settings if
47			* present. In the configuration file can you specify the same settings (and
48			* more) as the command line provides.
49			*/
50			class RunCommand extends Command
51			{
52			/** @var ProjectDescriptorBuilder */
53			private $projectDescriptorBuilder;
54
55			/** @var Pipeline */
56			private $pipeline;
57
58			/** @var ProgressBar */
59			private $progressBar;
60
61			/** @var ProgressBar */
62			private $transformerProgressBar;
63
64			/** @var LoggerInterface */
65			private $logger;
66
67			/**
68			* RunCommand constructor.
69			*/
70			public function __construct(
71			ProjectDescriptorBuilder $projectDescriptorBuilder,
72			Pipeline $pipeline,
73			LoggerInterface $logger
74			) {
75			parent::__construct('project:run');
76
77			$this->projectDescriptorBuilder = $projectDescriptorBuilder;
78			$this->pipeline = $pipeline;
79			$this->logger = $logger;
80			}
81
82			/**
83			* Initializes this command and sets the name, description, options and
84			* arguments.
85			*/
86			protected function configure(): void
87			{
88			$this->setName('project:run')
89			->setAliases(['run'])
90			->setDescription(
91			'Parses and transforms the given files to a specified location'
92			)
93			->setHelp(
94			<<<HELP
95			phpDocumentor creates documentation from PHP source files. The simplest way
96			to use it is:
97
98			<info>$ phpdoc run -d [directory to parse] -t [output directory]</info>
99
100			This will parse every file ending with .php, .php3 and .phtml in <directory
101			to parse> and then output a HTML site containing easily readable documentation
102			in <output directory>.
103
104			phpDocumentor will try to look for a phpdoc.dist.xml or phpdoc.xml file in your
105			current working directory and use that to override the default settings if
106			present. In the configuration file can you specify the same settings (and
107			more) as the command line provides.
108
109			<comment>Other commands</comment>
110			In addition to this command phpDocumentor also supports additional commands:
111
112			<comment>Available commands:</comment>
113			<info> help
114			list
115			parse
116			run
117			transform
118			<comment>project</comment>
119			project:parse
120			project:run
121			project:transform
122			<comment>template</comment>
123			template:generate
124			template:list
125			template:package</info>
126
127			You can get a more detailed listing of the commands using the <info>list</info>
128			command and get help by prepending the word <info>help</info> to the command
129			name.
130			HELP
131			)
132			->addOption(
133			'target',
134			't',
135			InputOption::VALUE_OPTIONAL,
136			'Path where to store the generated output'
137			)
138			->addOption(
139			'cache-folder',
140			null,
141			InputOption::VALUE_OPTIONAL,
142			'Path where to store the cache files'
143			)
144			->addOption(
145			'filename',
146			'f',
147			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
148			'Comma-separated list of files to parse. The wildcards ? and * are supported'
149			)
150			->addOption(
151			'directory',
152			'd',
153			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
154			'Comma-separated list of directories to (recursively) parse'
155			)
156			->addOption(
157			'encoding',
158			null,
159			InputOption::VALUE_OPTIONAL,
160			'encoding to be used to interpret source files with'
161			)
162			->addOption(
163			'extensions',
164			null,
165			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
166			'Comma-separated list of extensions to parse, defaults to php, php3 and phtml'
167			)
168			->addOption(
169			'ignore',
170			'i',
171			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
172			'Comma-separated list of file(s) and directories (relative to the source-code directory) that will be '
173			. 'ignored. Wildcards * and ? are supported'
174			)
175			->addOption(
176			'ignore-tags',
177			null,
178			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
179			'Comma-separated list of tags that will be ignored, defaults to none. package, subpackage and ignore '
180			. 'may not be ignored.'
181			)
182			->addOption(
183			'hidden',
184			null,
185			InputOption::VALUE_NONE,
186			'Use this option to tell phpDocumentor to parse files and directories that begin with a period (.), '
187			. 'by default these are ignored'
188			)
189			->addOption(
190			'ignore-symlinks',
191			null,
192			InputOption::VALUE_NONE,
193			'Ignore symlinks to other files or directories, default is on'
194			)
195			->addOption(
196			'markers',
197			'm',
198			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
199			'Comma-separated list of markers/tags to filter'
200			)
201			->addOption(
202			'title',
203			null,
204			InputOption::VALUE_OPTIONAL,
205			'Sets the title for this project; default is the phpDocumentor logo'
206			)
207			->addOption(
208			'force',
209			null,
210			InputOption::VALUE_NONE,
211			'Forces a full build of the documentation, does not increment existing documentation'
212			)
213			->addOption(
214			'validate',
215			null,
216			InputOption::VALUE_NONE,
217			'Validates every processed file using PHP Lint, costs a lot of performance'
218			)
219			->addOption(
220			'visibility',
221			null,
222			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
223			'Specifies the parse visibility that should be displayed in the documentation (comma separated e.g. '
224			. '"public,protected")'
225			)
226			->addOption(
227			'defaultpackagename',
228			null,
229			InputOption::VALUE_OPTIONAL,
230			'Name to use for the default package.',
231			'Default'
232			)
233			->addOption(
234			'sourcecode',
235			null,
236			InputOption::VALUE_NONE,
237			'Whether to include syntax highlighted source code'
238			)
239			->addOption(
240			'template',
241			null,
242			InputOption::VALUE_OPTIONAL \| InputOption::VALUE_IS_ARRAY,
243			'Name of the template to use (optional)'
244			)
245			->addOption(
246			'parseprivate',
247			null,
248			InputOption::VALUE_NONE,
249			'Whether to parse DocBlocks marked with @internal tag'
250			);
251
252			parent::configure();
253			}
254
255			/**
256			* Executes the business logic involved with this command.
257			*/
258			protected function execute(InputInterface $input, OutputInterface $output): int
259			{
260			$output->writeln('phpDocumentor ' . $this->getApplication()->getVersion());
261			$output->writeln('');
262
263			$this->observeProgressToShowProgressBars($output);
264
265			$pipeLine = $this->pipeline;
266			$pipeLine($input->getOptions());
267
268			if ($output->getVerbosity() === OutputInterface::VERBOSITY_DEBUG) {
269			file_put_contents('ast.dump', serialize($this->projectDescriptorBuilder->getProjectDescriptor()));
270			}
271
272			$output->writeln('');
273			$output->writeln('All done!');
274
275			return 0;
276			}
277
278			private function observeProgressToShowProgressBars(OutputInterface $output): void
279			{
280			if ($output->getVerbosity() !== OutputInterface::VERBOSITY_NORMAL) {
281			return;
282			}
283
284			Dispatcher::getInstance()->addListener(
285			'parser.pre',
286			function (PreParsingEvent $event) use ($output) {
287			$output->writeln('Parsing files');
288			$this->progressBar = new ProgressBar($output, $event->getFileCount());
289			}
290			);
291			Dispatcher::getInstance()->addListener(
292			'parser.file.pre',
293			function (PreFileEvent $event) {
			0 ignored issues – show Unused Code introduced 2019-02-22 20:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$event` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
294			$this->progressBar->advance();
295			}
296			);
297			Dispatcher::getInstance()->addListener(
298			Transformer::EVENT_PRE_TRANSFORM,
299			function (PreTransformEvent $event) use ($output) {
300			$output->writeln('');
301			$output->writeln('Applying transformations (can take a while)');
302			$this->transformerProgressBar = new ProgressBar(
303			$output,
304			count($event->getSubject()->getTemplates()->getTransformations())
305			);
306			}
307			);
308			Dispatcher::getInstance()->addListener(
309			Transformer::EVENT_POST_TRANSFORMATION,
310			function (PostTransformationEvent $event) {
			0 ignored issues – show Unused Code introduced 2019-02-22 20:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$event` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
311			$this->transformerProgressBar->advance();
312			}
313			);
314			}
315			}
316

phpDocumentor / phpDocumentor

Issues (387)

Security Analysis no request data

Console/Command/Project/RunCommand.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like