Issues in Process.php (master) - Issues in master - slince/process - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Process.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Process Library
 * @author Tao <[email protected]>
 */
namespace Slince\Process;

use Slince\Process\Exception\InvalidArgumentException;
use Slince\Process\Exception\RuntimeException;

class Process implements ProcessInterface
{
    /**
     * process status,running
     * @var string
     */
    const STATUS_RUNNING = 'running';

    /**
     * process status,terminated
     * @var string
     */
    const STATUS_TERMINATED = 'terminated';

    /**
     * callback
     * @var callable
     */
    protected $callback;

    /**
     * pid
     * @var int
     */
    protected $pid;

    /**
     * Whether the process is running
     * @var bool
     */
    protected $isRunning = false;

    /**
     * signal handler
     * @var SignalHandler
     */
    protected $signalHandler;

    /**
     * current status
     * @var Status
     */
    protected $status;

    public function __construct($callback)
    {
        if (!static::isSupported()) {
            throw new RuntimeException("Process need ext-pcntl");
        }
        if (!is_callable($callback)) {
            throw new InvalidArgumentException("Process expects a callable callback");
        }
        $this->callback = $callback;
        $this->signalHandler = SignalHandler::getInstance();
    }

    /**
     * Checks whether the current environment supports this
     * @return bool
     */
    public static function isSupported()
    {
        return function_exists('pcntl_fork');
    }

    /**
     * {@inheritdoc}
     */
    public function start()
    {
        if ($this->isRunning()) {
            throw new RuntimeException("The process is already running");
        }
        $pid = pcntl_fork();
        if ($pid == -1) {
            throw new RuntimeException("Could not fork");
        } elseif ($pid) { //Records the pid of the child process
            $this->pid = $pid;
            $this->isRunning = true;
        } else {
            $this->pid = posix_getpid();
            try {
                $exitCode = call_user_func($this->callback);
            } catch (\Exception $e) {
                $exitCode  = 255;
            }
            exit(intval($exitCode));

        }
    }

    /**
     * {@inheritdoc}
     */
    public function wait()
    {
        if ($this->isRunning()) {
            $this->updateStatus(true);
        }
    }

    /**
     * Start and wait for the process to complete
     */
    public function run()
    {
        $this->start();
        $this->wait();
    }

    /**
     * {@inheritdoc}
     */
    public function stop($signal = SIGKILL)
    {
        $this->signal($signal);
        $this->updateStatus(true);
    }

    /**
     * {@inheritdoc}
     */
    public function getPid()
    {
        return $this->pid;
    }

    /**
     * {@inheritdoc}
     */
    public function signal($signal)
    {
        if (!$this->isRunning()) {
            throw new RuntimeException("The process is not currently running");
        }
        posix_kill($this->getPid(), $signal);
    }

    /**
     * {@inheritdoc}
     */
    public function isRunning()
    {
        //if process is not running, return false
        if (!$this->isRunning) {
            return false;
        }
        //if the process is running, update process status again
        $this->updateStatus(false);
        return $this->isRunning;
    }

    /**
     * Gets the signal handler
     * @return SignalHandler
     */
    public function getSignalHandler()
    {
        return $this->signalHandler;
    }

    /**
     * Gets the exit code of the process
     * @return int
     */
    public function getExitCode()
    {
        return $this->status ? $this->status->getExitCode() : null;
    }

    /**
     * Updates the status of the process
     * @param bool $blocking
     * @throws RuntimeException
     */
    protected function updateStatus($blocking = false)
    {
        if (!$this->isRunning) {
            return;
        }
        $options = $blocking ? 0 : WNOHANG | WUNTRACED;
        $result = pcntl_waitpid($this->getPid(), $status, $options);
        if ($result == -1) {
            throw new RuntimeException("Error waits on or returns the status of the process");
        } elseif ($result) {
            //The process is terminated
            $this->isRunning = false;
            //checks if the process is exited normally
            $this->status = new Status($status);
        } else {
            $this->isRunning = true;
        }
    }

    /**
     * Gets the status of the process
     * @return Status
     */
    public function getStatus()
    {
        return $this->status;
    }
}


1			<?php
2			/**
3			* Process Library
4			* @author Tao <[email protected]>
5			*/
6			namespace Slince\Process;
7
8			use Slince\Process\Exception\InvalidArgumentException;
9			use Slince\Process\Exception\RuntimeException;
10
11			class Process implements ProcessInterface
12			{
13			/**
14			* process status,running
15			* @var string
16			*/
17			const STATUS_RUNNING = 'running';
18
19			/**
20			* process status,terminated
21			* @var string
22			*/
23			const STATUS_TERMINATED = 'terminated';
24
25			/**
26			* callback
27			* @var callable
28			*/
29			protected $callback;
30
31			/**
32			* pid
33			* @var int
34			*/
35			protected $pid;
36
37			/**
38			* Whether the process is running
39			* @var bool
40			*/
41			protected $isRunning = false;
42
43			/**
44			* signal handler
45			* @var SignalHandler
46			*/
47			protected $signalHandler;
48
49			/**
50			* current status
51			* @var Status
52			*/
53			protected $status;
54
55			public function __construct($callback)
56			{
57			if (!static::isSupported()) {
58			throw new RuntimeException("Process need ext-pcntl");
59			}
60			if (!is_callable($callback)) {
61			throw new InvalidArgumentException("Process expects a callable callback");
62			}
63			$this->callback = $callback;
64			$this->signalHandler = SignalHandler::getInstance();
65			}
66
67			/**
68			* Checks whether the current environment supports this
69			* @return bool
70			*/
71			public static function isSupported()
72			{
73			return function_exists('pcntl_fork');
74			}
75
76			/**
77			* {@inheritdoc}
78			*/
79			public function start()
80			{
81			if ($this->isRunning()) {
82			throw new RuntimeException("The process is already running");
83			}
84			$pid = pcntl_fork();
85			if ($pid == -1) {
86			throw new RuntimeException("Could not fork");
87			} elseif ($pid) { //Records the pid of the child process
88			$this->pid = $pid;
89			$this->isRunning = true;
90			} else {
91			$this->pid = posix_getpid();
92			try {
93			$exitCode = call_user_func($this->callback);
94			} catch (\Exception $e) {
95			$exitCode = 255;
96			}
97			exit(intval($exitCode));
			0 ignored issues – show Coding Style Compatibility introduced 2017-04-28 03:30 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `start()` contains an exit expression. An exit expression should only be used in rare cases. For example, if you write a short command line script. In most cases however, using an `exit` expression makes the code untestable and often causes incompatibilities with other libraries. Thus, unless you are absolutely sure it is required here, we recommend to refactor your code to avoid its usage. Loading history...
98			}
99			}
100
101			/**
102			* {@inheritdoc}
103			*/
104			public function wait()
105			{
106			if ($this->isRunning()) {
107			$this->updateStatus(true);
108			}
109			}
110
111			/**
112			* Start and wait for the process to complete
113			*/
114			public function run()
115			{
116			$this->start();
117			$this->wait();
118			}
119
120			/**
121			* {@inheritdoc}
122			*/
123			public function stop($signal = SIGKILL)
124			{
125			$this->signal($signal);
126			$this->updateStatus(true);
127			}
128
129			/**
130			* {@inheritdoc}
131			*/
132			public function getPid()
133			{
134			return $this->pid;
135			}
136
137			/**
138			* {@inheritdoc}
139			*/
140			public function signal($signal)
141			{
142			if (!$this->isRunning()) {
143			throw new RuntimeException("The process is not currently running");
144			}
145			posix_kill($this->getPid(), $signal);
146			}
147
148			/**
149			* {@inheritdoc}
150			*/
151			public function isRunning()
152			{
153			//if process is not running, return false
154			if (!$this->isRunning) {
155			return false;
156			}
157			//if the process is running, update process status again
158			$this->updateStatus(false);
159			return $this->isRunning;
160			}
161
162			/**
163			* Gets the signal handler
164			* @return SignalHandler
165			*/
166			public function getSignalHandler()
167			{
168			return $this->signalHandler;
169			}
170
171			/**
172			* Gets the exit code of the process
173			* @return int
174			*/
175			public function getExitCode()
176			{
177			return $this->status ? $this->status->getExitCode() : null;
178			}
179
180			/**
181			* Updates the status of the process
182			* @param bool $blocking
183			* @throws RuntimeException
184			*/
185			protected function updateStatus($blocking = false)
186			{
187			if (!$this->isRunning) {
188			return;
189			}
190			$options = $blocking ? 0 : WNOHANG \| WUNTRACED;
191			$result = pcntl_waitpid($this->getPid(), $status, $options);
192			if ($result == -1) {
193			throw new RuntimeException("Error waits on or returns the status of the process");
194			} elseif ($result) {
195			//The process is terminated
196			$this->isRunning = false;
197			//checks if the process is exited normally
198			$this->status = new Status($status);
199			} else {
200			$this->isRunning = true;
201			}
202			}
203
204			/**
205			* Gets the status of the process
206			* @return Status
207			*/
208			public function getStatus()
209			{
210			return $this->status;
211			}
212			}
213

slince / process

Issues (1)

Security Analysis no request data

Process.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like