Issues in CronJob.php (master) - Issues in master - shopware/SwagConnect - Measure and Improve Code Quality continuously with Scrutinizer

Issues (258)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Subscribers/CronJob.php (7 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * (c) shopware AG <[email protected]>
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace ShopwarePlugins\Connect\Subscribers;

use Enlight\Event\SubscriberInterface;
use Shopware\Connect\SDK;
use Shopware\CustomModels\Connect\Attribute;
use Shopware\Models\ProductStream\ProductStream;
use ShopwarePlugins\Connect\Components\Config;
use ShopwarePlugins\Connect\Components\ErrorHandler;
use ShopwarePlugins\Connect\Components\Helper;
use ShopwarePlugins\Connect\Components\ImageImport;
use ShopwarePlugins\Connect\Components\Logger;
use ShopwarePlugins\Connect\Components\ConnectExport;
use ShopwarePlugins\Connect\Components\ProductStream\ProductSearch;
use ShopwarePlugins\Connect\Components\ProductStream\ProductStreamsAssignments;
use ShopwarePlugins\Connect\Components\ProductStream\ProductStreamService;
use Shopware\Components\DependencyInjection\Container;

/**
 * Cronjob callback
 *
 * Class CronJob
 * @package ShopwarePlugins\Connect\Subscribers
 */
class CronJob implements SubscriberInterface
{
    /**
     * @var \ShopwarePlugins\Connect\Components\Config
     */
    private $configComponent;

    /**
     * @var SDK
     */
    protected $sdk;

    /**
     * @var ProductStreamService
     */
    protected $streamService;

    /**
     * @var ConnectExport
     */
    protected $connectExport;

    /**
     * @var Helper
     */
    private $helper;

    /**
     * @var ProductSearch
     */
    private $productSearch;

    /**
     * @var Container
     */
    private $container;

    /**
     * @var ProductStreamService
     */
    private $productStreamService;

    /**
     * @param SDK $sdk
     * @param ConnectExport $connectExport
     * @param Config $configComponent
     * @param Helper $helper
     * @param Container $container
     * @param ProductStreamService $productStreamService
     */
    public function __construct(

        SDK $sdk,
        ConnectExport $connectExport,
        Config $configComponent,
        Helper $helper,
        Container $container,
        ProductStreamService $productStreamService
    ) {
        $this->connectExport = $connectExport;
        $this->sdk = $sdk;
        $this->configComponent = $configComponent;
        $this->helper = $helper;
        $this->container = $container;
        $this->productStreamService = $productStreamService;
    }

    /**
     * {@inheritdoc}
     */
    public static function getSubscribedEvents()
    {
        return [
            'Shopware_CronJob_ShopwareConnectImportImages' => 'importImages',
            'Shopware_CronJob_ShopwareConnectUpdateProducts' => 'updateProducts',
            'Shopware_CronJob_ConnectExportDynamicStreams' => 'exportDynamicStreams',
        ];
    }

    /**
     * @return ImageImport
     */
    public function getImageImport()

    {
        // do not use thumbnail_manager as a dependency!!!
        // MediaService::__construct uses Shop entity
        // this also could break the session in backend when it's used in subscriber
        return new ImageImport(
            Shopware()->Models(),
            $this->helper,
            $this->container->get('thumbnail_manager'),
            new Logger(Shopware()->Db())
        );
    }

    /**
     * Import images of new products
     *
     * @param \Shopware_Components_Cron_CronJob $job
     * @return bool
     */
    public function importImages(\Shopware_Components_Cron_CronJob $job)
    {
        $limit = $this->configComponent->getConfig('articleImagesLimitImport', 10);
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
        $this->getImageImport()->import($limit);

        return true;
    }

    /**
     * Collect all own products and send them
     * to Connect system.
     *
     * Used to update products with many variants.
     *
     * @param \Shopware_Components_Cron_CronJob $job
     * @return bool
     */
    public function updateProducts(\Shopware_Components_Cron_CronJob $job)
    {
        $sourceIds = Shopware()->Db()->fetchCol(
            'SELECT source_id FROM s_plugin_connect_items WHERE shop_id IS NULL AND cron_update = 1 AND exported = 1 LIMIT 100'
        );

        if (empty($sourceIds)) {
            return true;
        }

        $this->connectExport->processChanged($sourceIds);

        $quotedSourceIds = Shopware()->Db()->quote($sourceIds);
        Shopware()->Db()->query(
            "UPDATE s_plugin_connect_items
            SET cron_update = false
            WHERE source_id IN ($quotedSourceIds)"
        )->execute();

        return true;
    }

    /**
     * @param \Shopware_Components_Cron_CronJob $job
     */
    public function exportDynamicStreams(\Shopware_Components_Cron_CronJob $job)
    {
        $streams = $this->productStreamService->getAllExportedStreams(ProductStreamService::DYNAMIC_STREAM);
        $streamsAssignments = new ProductStreamsAssignments();

        /** @var ProductStream $stream */
        foreach ($streams as $stream) {
            $streamId = $stream->getId();
            $productSearchResult = $this->getProductSearch()->getProductFromConditionStream($stream);
            $orderNumbers = array_keys($productSearchResult->getProducts());

            //no products found
            if (!$orderNumbers) {

                //removes all products from this stream
                $this->productStreamService->markProductsToBeRemovedFromStream($streamId);
            } else {
                $articleIds = $this->helper->getArticleIdsByNumber($orderNumbers);

                $this->productStreamService->markProductsToBeRemovedFromStream($streamId);
                $this->productStreamService->createStreamRelation($streamId, $articleIds);
            }

            try {
                $streamsAssignments->merge($this->productStreamService->getAssignmentsForStream($streamId));
            } catch (\RuntimeException $e) {
                $this->productStreamService->changeStatus($streamId, ProductStreamService::STATUS_ERROR, $e->getMessage());
                continue;
            }
        }
        if (count($streamsAssignments->assignments) === 0) {
            return;
        }

        //article ids must be taken from streamsAssignments
        $exportArticleIds = $streamsAssignments->getArticleIds();

        $removeArticleIds = $streamsAssignments->getArticleIdsWithoutStreams();

        if (!empty($removeArticleIds)) {
            $this->removeArticlesFromStream($removeArticleIds);

            //filter the $exportArticleIds
            $exportArticleIds = array_diff($exportArticleIds, $removeArticleIds);
        }

        $sourceIds = $this->helper->getArticleSourceIds($exportArticleIds);

        foreach (array_chunk($sourceIds, 100, true) as $ids) {
            $errorMessages = $this->connectExport->export($ids, $streamsAssignments);
            if ($errorMessages) {

                break;
            }
        }

        if ($errorMessages) {

            $errorMessagesText = '';
            $displayedErrorTypes = [
                ErrorHandler::TYPE_DEFAULT_ERROR,
                ErrorHandler::TYPE_PRICE_ERROR
            ];

            foreach ($displayedErrorTypes as $displayedErrorType) {
                $errorMessagesText .= implode('\n', $errorMessages[$displayedErrorType]);
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
            }

            foreach ($streams as $stream) {
                $this->productStreamService->changeStatus($stream->getId(), ProductStreamService::STATUS_ERROR, $errorMessagesText);
            }
        }

        foreach ($streams as $stream) {
            $this->productStreamService->changeStatus($stream->getId(), ProductStreamService::STATUS_EXPORT);
        }
    }

    /**
     * If article is not taking part of any shopware stream it will be removed
     * @param array $articleIds
     */
    private function removeArticlesFromStream(array $articleIds)
    {
        $sourceIds = $this->helper->getArticleSourceIds($articleIds);
        $items = $this->connectExport->fetchConnectItems($sourceIds, false);

        foreach ($items as $item) {
            $this->sdk->recordDelete($item['sourceId']);
        }

        $this->productStreamService->removeMarkedStreamRelations();
        $this->connectExport->updateConnectItemsStatus($sourceIds, Attribute::STATUS_DELETE);
    }

    /**
     * @return ProductSearch
     */
    private function getProductSearch()
    {
        if (!$this->productSearch) {
            // HACK
            // do not use as a dependency!!!
            // this class uses Shopware product search which depends on shop context
            // so if it's used as dependency of subscriber, plugin returns error on deactivate
            // see CON-4922
            $this->productSearch = $this->container->get('swagconnect.product_search');
        }

        return $this->productSearch;
    }
}


Issues (258)

Security Analysis not enabled

Subscribers/CronJob.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1		<?php
2		/**
3		* (c) shopware AG <[email protected]>
4		* For the full copyright and license information, please view the LICENSE
5		* file that was distributed with this source code.
6		*/
7
8		namespace ShopwarePlugins\Connect\Subscribers;
9
10		use Enlight\Event\SubscriberInterface;
11		use Shopware\Connect\SDK;
12		use Shopware\CustomModels\Connect\Attribute;
13		use Shopware\Models\ProductStream\ProductStream;
14		use ShopwarePlugins\Connect\Components\Config;
15		use ShopwarePlugins\Connect\Components\ErrorHandler;
16		use ShopwarePlugins\Connect\Components\Helper;
17		use ShopwarePlugins\Connect\Components\ImageImport;
18		use ShopwarePlugins\Connect\Components\Logger;
19		use ShopwarePlugins\Connect\Components\ConnectExport;
20		use ShopwarePlugins\Connect\Components\ProductStream\ProductSearch;
21		use ShopwarePlugins\Connect\Components\ProductStream\ProductStreamsAssignments;
22		use ShopwarePlugins\Connect\Components\ProductStream\ProductStreamService;
23		use Shopware\Components\DependencyInjection\Container;
24
25		/**
26		* Cronjob callback
27		*
28		* Class CronJob
29		* @package ShopwarePlugins\Connect\Subscribers
30		*/
31		class CronJob implements SubscriberInterface
32		{
33		/**
34		* @var \ShopwarePlugins\Connect\Components\Config
35		*/
36		private $configComponent;
37
38		/**
39		* @var SDK
40		*/
41		protected $sdk;
42
43		/**
44		* @var ProductStreamService
45		*/
46		protected $streamService;
47
48		/**
49		* @var ConnectExport
50		*/
51		protected $connectExport;
52
53		/**
54		* @var Helper
55		*/
56		private $helper;
57
58		/**
59		* @var ProductSearch
60		*/
61		private $productSearch;
62
63		/**
64		* @var Container
65		*/
66		private $container;
67
68		/**
69		* @var ProductStreamService
70		*/
71		private $productStreamService;
72
73		/**
74		* @param SDK $sdk
75		* @param ConnectExport $connectExport
76		* @param Config $configComponent
77		* @param Helper $helper
78		* @param Container $container
79		* @param ProductStreamService $productStreamService
80		*/
81	View Code Duplication	public function __construct(
		0 ignored issues – show Duplication introduced 2017-10-18 10:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
82		SDK $sdk,
83		ConnectExport $connectExport,
84		Config $configComponent,
85		Helper $helper,
86		Container $container,
87		ProductStreamService $productStreamService
88		) {
89		$this->connectExport = $connectExport;
90		$this->sdk = $sdk;
91		$this->configComponent = $configComponent;
92		$this->helper = $helper;
93		$this->container = $container;
94		$this->productStreamService = $productStreamService;
95		}
96
97		/**
98		* {@inheritdoc}
99		*/
100		public static function getSubscribedEvents()
101		{
102		return [
103		'Shopware_CronJob_ShopwareConnectImportImages' => 'importImages',
104		'Shopware_CronJob_ShopwareConnectUpdateProducts' => 'updateProducts',
105		'Shopware_CronJob_ConnectExportDynamicStreams' => 'exportDynamicStreams',
106		];
107		}
108
109		/**
110		* @return ImageImport
111		*/
112	View Code Duplication	public function getImageImport()
		0 ignored issues – show Duplication introduced 2018-06-05 09:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
113		{
114		// do not use thumbnail_manager as a dependency!!!
115		// MediaService::__construct uses Shop entity
116		// this also could break the session in backend when it's used in subscriber
117		return new ImageImport(
118		Shopware()->Models(),
119		$this->helper,
120		$this->container->get('thumbnail_manager'),
121		new Logger(Shopware()->Db())
122		);
123		}
124
125		/**
126		* Import images of new products
127		*
128		* @param \Shopware_Components_Cron_CronJob $job
129		* @return bool
130		*/
131		public function importImages(\Shopware_Components_Cron_CronJob $job)
132		{
133		$limit = $this->configComponent->getConfig('articleImagesLimitImport', 10);
		0 ignored issues – show Bug introduced 2017-08-17 08:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$limit` is correct as `$this->configComponent->...ImagesLimitImport', 10)` (which targets `ShopwarePlugins\Connect\...nts\Config::getConfig()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
134		$this->getImageImport()->import($limit);
135
136		return true;
137		}
138
139		/**
140		* Collect all own products and send them
141		* to Connect system.
142		*
143		* Used to update products with many variants.
144		*
145		* @param \Shopware_Components_Cron_CronJob $job
146		* @return bool
147		*/
148		public function updateProducts(\Shopware_Components_Cron_CronJob $job)
149		{
150		$sourceIds = Shopware()->Db()->fetchCol(
151		'SELECT source_id FROM s_plugin_connect_items WHERE shop_id IS NULL AND cron_update = 1 AND exported = 1 LIMIT 100'
152		);
153
154		if (empty($sourceIds)) {
155		return true;
156		}
157
158		$this->connectExport->processChanged($sourceIds);
159
160		$quotedSourceIds = Shopware()->Db()->quote($sourceIds);
161		Shopware()->Db()->query(
162		"UPDATE s_plugin_connect_items
163		SET cron_update = false
164		WHERE source_id IN ($quotedSourceIds)"
165		)->execute();
166
167		return true;
168		}
169
170		/**
171		* @param \Shopware_Components_Cron_CronJob $job
172		*/
173		public function exportDynamicStreams(\Shopware_Components_Cron_CronJob $job)
174		{
175		$streams = $this->productStreamService->getAllExportedStreams(ProductStreamService::DYNAMIC_STREAM);
176		$streamsAssignments = new ProductStreamsAssignments();
177
178		/** @var ProductStream $stream */
179		foreach ($streams as $stream) {
180		$streamId = $stream->getId();
181		$productSearchResult = $this->getProductSearch()->getProductFromConditionStream($stream);
182		$orderNumbers = array_keys($productSearchResult->getProducts());
183
184		//no products found
185		if (!$orderNumbers) {
		0 ignored issues – show Bug Best Practice introduced 2017-06-21 11:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$orderNumbers` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
186		//removes all products from this stream
187		$this->productStreamService->markProductsToBeRemovedFromStream($streamId);
188		} else {
189		$articleIds = $this->helper->getArticleIdsByNumber($orderNumbers);
190
191		$this->productStreamService->markProductsToBeRemovedFromStream($streamId);
192		$this->productStreamService->createStreamRelation($streamId, $articleIds);
193		}
194
195		try {
196		$streamsAssignments->merge($this->productStreamService->getAssignmentsForStream($streamId));
197		} catch (\RuntimeException $e) {
198		$this->productStreamService->changeStatus($streamId, ProductStreamService::STATUS_ERROR, $e->getMessage());
199		continue;
200		}
201		}
202		if (count($streamsAssignments->assignments) === 0) {
203		return;
204		}
205
206		//article ids must be taken from streamsAssignments
207		$exportArticleIds = $streamsAssignments->getArticleIds();
208
209		$removeArticleIds = $streamsAssignments->getArticleIdsWithoutStreams();
210
211		if (!empty($removeArticleIds)) {
212		$this->removeArticlesFromStream($removeArticleIds);
213
214		//filter the $exportArticleIds
215		$exportArticleIds = array_diff($exportArticleIds, $removeArticleIds);
216		}
217
218		$sourceIds = $this->helper->getArticleSourceIds($exportArticleIds);
219
220		foreach (array_chunk($sourceIds, 100, true) as $ids) {
221		$errorMessages = $this->connectExport->export($ids, $streamsAssignments);
222		if ($errorMessages) {
		0 ignored issues – show Bug Best Practice introduced 2018-10-01 11:09 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$errorMessages` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
223		break;
224		}
225		}
226
227		if ($errorMessages) {
		0 ignored issues – show Bug Best Practice introduced 2017-09-08 08:02 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$errorMessages` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
228		$errorMessagesText = '';
229		$displayedErrorTypes = [
230		ErrorHandler::TYPE_DEFAULT_ERROR,
231		ErrorHandler::TYPE_PRICE_ERROR
232		];
233
234		foreach ($displayedErrorTypes as $displayedErrorType) {
235		$errorMessagesText .= implode('\n', $errorMessages[$displayedErrorType]);
		0 ignored issues – show Bug introduced 2018-10-01 13:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this The variable `$errorMessages` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
236		}
237
238		foreach ($streams as $stream) {
239		$this->productStreamService->changeStatus($stream->getId(), ProductStreamService::STATUS_ERROR, $errorMessagesText);
240		}
241		}
242
243		foreach ($streams as $stream) {
244		$this->productStreamService->changeStatus($stream->getId(), ProductStreamService::STATUS_EXPORT);
245		}
246		}
247
248		/**
249		* If article is not taking part of any shopware stream it will be removed
250		* @param array $articleIds
251		*/
252		private function removeArticlesFromStream(array $articleIds)
253		{
254		$sourceIds = $this->helper->getArticleSourceIds($articleIds);
255		$items = $this->connectExport->fetchConnectItems($sourceIds, false);
256
257		foreach ($items as $item) {
258		$this->sdk->recordDelete($item['sourceId']);
259		}
260
261		$this->productStreamService->removeMarkedStreamRelations();
262		$this->connectExport->updateConnectItemsStatus($sourceIds, Attribute::STATUS_DELETE);
263		}
264
265		/**
266		* @return ProductSearch
267		*/
268		private function getProductSearch()
269		{
270		if (!$this->productSearch) {
271		// HACK
272		// do not use as a dependency!!!
273		// this class uses Shopware product search which depends on shop context
274		// so if it's used as dependency of subscriber, plugin returns error on deactivate
275		// see CON-4922
276		$this->productSearch = $this->container->get('swagconnect.product_search');
277		}
278
279		return $this->productSearch;
280		}
281		}
282

shopware / SwagConnect

Issues (258)

Security Analysis not enabled

Subscribers/CronJob.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like