Issues in DNCommit.php (master) - Issues in master - silverstripe/deploynaut - Measure and Improve Code Quality continuously with Scrutinizer

Issues (524)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

code/model/DNCommit.php (1 issue)

Labels

Unused Code 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
class DNCommit extends ViewableData {

	/**
	 * @var Gitonomy\Git\Commit
	 */
	protected $commit = null;

	protected $name = null;


	protected $references = null;

	/**
	 * @var string
	 */
	protected $ownerBranchName = null;

	/**
	 * @var string
	 */
	protected $buildname;

	/**
	 * @var DNProject
	 */
	protected $project;

	/**
	 * @var DNData
	 */
	protected $data;

	/**
	 * @var string
	 */
	protected $subjectMessage;

	/**
	 * @var string
	 */
	protected $bodyMessage;

	/**
	 * @var array
	 */
	private static $casting = array(

		'Name' => 'Text',
		'SubjectMessage' => 'Text',
		'Message' => 'Text',
		'BodyMessage' => 'Text',
		'Fullname' => 'Text',
		'Filename' => 'Text',
		'References' => 'Text',
		'ownerBranchName' => 'Text'
	);

	/**
	 * @param Gitonomy\Git\Commit $commit
	 * @param DNProject $project
	 * @param DNData $data
	 * @param string|null $ownerBranchName
	 */
	public function __construct(Gitonomy\Git\Commit $commit, DNProject $project, DNData $data, $ownerBranchName = null) {
		$this->commit = $commit;
		$this->buildname = $commit->getHash();
		$this->project = $project;
		$this->data = $data;
		$this->ownerBranchName = $ownerBranchName;
	}

	/**
	 * Return the hash of the commit, used to name this commit.
	 * @return string
	 */
	public function Name() {
		if($this->name == null) {
			$this->name = $this->commit->getFixedShortHash(8);
		}

		return htmlentities($this->name);
	}

	/**
	 * Return the full SHA of the commit.
	 * @return string
	 */
	public function SHA() {
		return htmlentities($this->commit->getHash());
	}

	/**
	 * Return the first line of the commit message.
	 * @return string
	 */
	public function SubjectMessage() {
		if($this->subjectMessage == null) {
			$this->subjectMessage = $this->commit->getSubjectMessage();
		}

		return htmlentities($this->subjectMessage);
	}

	public function BodyMessage() {
		if($this->bodyMessage == null) {
			$this->bodyMessage = $this->commit->getBodyMessage();
		}

		return htmlentities($this->bodyMessage);
	}

	/**
	 * @return ArrayList
	 */
	public function References() {
		if($this->references !== null) {
			return $this->references;
		}
		$this->references = new ArrayList();

		// Add tags
		foreach($this->commit->resolveReferences() as $reference) {
			if($reference instanceof \Gitonomy\Git\Reference\Tag) {
				$this->references->push(new ArrayData(array(
					'Name' => $reference->getName(),
					'Type' => 'Tag',
				)));
			}
		}

		return $this->references;
	}

	/**
	 * @return string
	 */
	public function FullName() {
		return htmlentities($this->commit->getHash());
	}

	/**
	 * @return string
	 */
	public function Filename() {
		return htmlentities($this->commit->getHash());
	}

	/**
	 * @return ArrayList
	 */
	public function CurrentlyDeployedTo() {
		$environments = $this->project->Environments();
		$envList = new ArrayList();
		foreach($environments as $environment) {
			$deployments = DNDeployment::get()
				->filter('State', 'Completed')
				->filter('EnvironmentID', $environment->ID)
				->sort('LastEdited DESC');
			if(!$deployments->count()) {
				continue;
			}
			$latest = $deployments->first();
			if($latest->SHA === $this->commit->getHash()) {
				$envList->push($environment);
			}
		}
		return $envList;
	}

	/**
	 * @param string $environmentName
	 * @return boolean True if this release has ever been deployed to the given environment
	 */
	public function EverDeployedTo($environmentName) {
		$environments = $this->project->Environments()->filter('Name', $environmentName);
		if(!$environments->count()) {
			return false;
		}

		$environment = $environments->first();

		$deployments = DNDeployment::get()
				->filter('State', 'Completed')
				->filter('EnvironmentID', $environment->ID);

		if($deployments->count()) {
			return true;
		}

		return false;
	}

	/**
	 * @return SS_Datetime
	 */
	public function Created() {
		$created = $this->commit->getCommitterDate();

		$created->setTimezone(new DateTimeZone(date_default_timezone_get()));

		$d = SS_Datetime::create();
		$d->setValue($created->format('Y-m-d H:i:s'));

		return $d;
	}

}


1			<?php
2			class DNCommit extends ViewableData {
3
4			/**
5			* @var Gitonomy\Git\Commit
6			*/
7			protected $commit = null;
8
9			protected $name = null;
10
11
12			protected $references = null;
13
14			/**
15			* @var string
16			*/
17			protected $ownerBranchName = null;
18
19			/**
20			* @var string
21			*/
22			protected $buildname;
23
24			/**
25			* @var DNProject
26			*/
27			protected $project;
28
29			/**
30			* @var DNData
31			*/
32			protected $data;
33
34			/**
35			* @var string
36			*/
37			protected $subjectMessage;
38
39			/**
40			* @var string
41			*/
42			protected $bodyMessage;
43
44			/**
45			* @var array
46			*/
47			private static $casting = array(
			0 ignored issues – show Unused Code introduced 2016-02-21 21:44 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$casting` is not used and could be removed. This check marks private properties in classes that are never used. Those properties can be removed. Loading history...
48			'Name' => 'Text',
49			'SubjectMessage' => 'Text',
50			'Message' => 'Text',
51			'BodyMessage' => 'Text',
52			'Fullname' => 'Text',
53			'Filename' => 'Text',
54			'References' => 'Text',
55			'ownerBranchName' => 'Text'
56			);
57
58			/**
59			* @param Gitonomy\Git\Commit $commit
60			* @param DNProject $project
61			* @param DNData $data
62			* @param string\|null $ownerBranchName
63			*/
64			public function __construct(Gitonomy\Git\Commit $commit, DNProject $project, DNData $data, $ownerBranchName = null) {
65			$this->commit = $commit;
66			$this->buildname = $commit->getHash();
67			$this->project = $project;
68			$this->data = $data;
69			$this->ownerBranchName = $ownerBranchName;
70			}
71
72			/**
73			* Return the hash of the commit, used to name this commit.
74			* @return string
75			*/
76			public function Name() {
77			if($this->name == null) {
78			$this->name = $this->commit->getFixedShortHash(8);
79			}
80
81			return htmlentities($this->name);
82			}
83
84			/**
85			* Return the full SHA of the commit.
86			* @return string
87			*/
88			public function SHA() {
89			return htmlentities($this->commit->getHash());
90			}
91
92			/**
93			* Return the first line of the commit message.
94			* @return string
95			*/
96			public function SubjectMessage() {
97			if($this->subjectMessage == null) {
98			$this->subjectMessage = $this->commit->getSubjectMessage();
99			}
100
101			return htmlentities($this->subjectMessage);
102			}
103
104			public function BodyMessage() {
105			if($this->bodyMessage == null) {
106			$this->bodyMessage = $this->commit->getBodyMessage();
107			}
108
109			return htmlentities($this->bodyMessage);
110			}
111
112			/**
113			* @return ArrayList
114			*/
115			public function References() {
116			if($this->references !== null) {
117			return $this->references;
118			}
119			$this->references = new ArrayList();
120
121			// Add tags
122			foreach($this->commit->resolveReferences() as $reference) {
123			if($reference instanceof \Gitonomy\Git\Reference\Tag) {
124			$this->references->push(new ArrayData(array(
125			'Name' => $reference->getName(),
126			'Type' => 'Tag',
127			)));
128			}
129			}
130
131			return $this->references;
132			}
133
134			/**
135			* @return string
136			*/
137			public function FullName() {
138			return htmlentities($this->commit->getHash());
139			}
140
141			/**
142			* @return string
143			*/
144			public function Filename() {
145			return htmlentities($this->commit->getHash());
146			}
147
148			/**
149			* @return ArrayList
150			*/
151			public function CurrentlyDeployedTo() {
152			$environments = $this->project->Environments();
153			$envList = new ArrayList();
154			foreach($environments as $environment) {
155			$deployments = DNDeployment::get()
156			->filter('State', 'Completed')
157			->filter('EnvironmentID', $environment->ID)
158			->sort('LastEdited DESC');
159			if(!$deployments->count()) {
160			continue;
161			}
162			$latest = $deployments->first();
163			if($latest->SHA === $this->commit->getHash()) {
164			$envList->push($environment);
165			}
166			}
167			return $envList;
168			}
169
170			/**
171			* @param string $environmentName
172			* @return boolean True if this release has ever been deployed to the given environment
173			*/
174			public function EverDeployedTo($environmentName) {
175			$environments = $this->project->Environments()->filter('Name', $environmentName);
176			if(!$environments->count()) {
177			return false;
178			}
179
180			$environment = $environments->first();
181
182			$deployments = DNDeployment::get()
183			->filter('State', 'Completed')
184			->filter('EnvironmentID', $environment->ID);
185
186			if($deployments->count()) {
187			return true;
188			}
189
190			return false;
191			}
192
193			/**
194			* @return SS_Datetime
195			*/
196			public function Created() {
197			$created = $this->commit->getCommitterDate();
198
199			$created->setTimezone(new DateTimeZone(date_default_timezone_get()));
200
201			$d = SS_Datetime::create();
202			$d->setValue($created->format('Y-m-d H:i:s'));
203
204			return $d;
205			}
206
207			}
208

silverstripe / deploynaut

Issues (524)

Security Analysis not enabled

code/model/DNCommit.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like