Issues in HackedProjectWebDownloader.php - New Issues - Inspection of "remove mkdir warnings" - smalot/drush-cerbere - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( ae88e9...239819 )

by Sebastien

created 2015-12-06 13:55 UTC

Model/Hacked/HackedProjectWebDownloader.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Cerbere\Model\Hacked;

use Cerbere\Model\Project;

/**
 * Base class for downloading remote versions of projects.
 */
class HackedProjectWebDownloader
{
    /**
     * @var Project
     */
    protected $project;

    /**
     * Constructor, pass in the project this downloaded is expected to download.
     * @param Project $project
     */
    public function __construct(Project $project)
    {
        $this->project = $project;
    }

    /**
     * Returns a temp directory to work in.
     *
     * @param string $namespace
     *   The optional namespace of the temp directory, defaults to the classname.
     * @return string
     */
    protected function getTempDirectory($namespace = null)
    {
        if (null === $namespace) {
            $namespace = get_class($this);
        }

        $dir = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'hacked-cache';

        if (!empty($namespace)) {
            $dir .= DIRECTORY_SEPARATOR . preg_replace('/[^0-9A-Z\-_]/i', '', $namespace);
        }

        @mkdir($dir, 0775, true);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        return $dir;
    }

    /**
     * Returns a directory to save the downloaded project into.
     * @return string
     */
    protected function getDestination()
    {
        $type = $this->project->getProjectType();
        $name = $this->project->getProject();
        $version = $this->project->getVersion();

        $dir = $this->getTempDirectory() . DIRECTORY_SEPARATOR . $type . DIRECTORY_SEPARATOR . $name;

        // Build the destination folder tree if it doesn't already exists.
        @mkdir($dir, 0775, true);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

        return $dir . DIRECTORY_SEPARATOR . $version;
    }

    /**
     * Returns the final destination of the unpacked project.
     * @return string
     */
    public function getFinalDestination()
    {
        $dir = $this->getDestination();

        return $dir;
    }

    /**
     * Download the remote files to the local filesystem.
     * @return bool
     */
    public function downloadFile()
    {
        return true;
    }

    /**
     * Recursively delete all files and folders in the specified filepath, then
     * delete the containing folder.
     *
     * Note that this only deletes visible files with write permission.
     *
     * @param string $path
     *   A filepath relative to file_directory_path.
     */
    protected function removeDir($path)
    {
        if (is_file($path) || is_link($path)) {
            unlink($path);
        } elseif (is_dir($path)) {
            $d = dir($path);

            while (($entry = $d->read()) !== false) {
                if ($entry == '.' || $entry == '..') {
                    continue;
                }
                $entry_path = $path . DIRECTORY_SEPARATOR . $entry;
                $this->removeDir($entry_path);
            }

            $d->close();
            rmdir($path);
        }
    }
}


1			<?php
2
3			namespace Cerbere\Model\Hacked;
4
5			use Cerbere\Model\Project;
6
7			/**
8			* Base class for downloading remote versions of projects.
9			*/
10			class HackedProjectWebDownloader
11			{
12			/**
13			* @var Project
14			*/
15			protected $project;
16
17			/**
18			* Constructor, pass in the project this downloaded is expected to download.
19			* @param Project $project
20			*/
21			public function __construct(Project $project)
22			{
23			$this->project = $project;
24			}
25
26			/**
27			* Returns a temp directory to work in.
28			*
29			* @param string $namespace
30			* The optional namespace of the temp directory, defaults to the classname.
31			* @return string
32			*/
33			protected function getTempDirectory($namespace = null)
34			{
35			if (null === $namespace) {
36			$namespace = get_class($this);
37			}
38
39			$dir = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'hacked-cache';
40
41			if (!empty($namespace)) {
42			$dir .= DIRECTORY_SEPARATOR . preg_replace('/[^0-9A-Z\-_]/i', '', $namespace);
43			}
44
45			@mkdir($dir, 0775, true);
			0 ignored issues – show Security Best Practice introduced 2015-11-26 14:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
46
47			return $dir;
48			}
49
50			/**
51			* Returns a directory to save the downloaded project into.
52			* @return string
53			*/
54			protected function getDestination()
55			{
56			$type = $this->project->getProjectType();
57			$name = $this->project->getProject();
58			$version = $this->project->getVersion();
59
60			$dir = $this->getTempDirectory() . DIRECTORY_SEPARATOR . $type . DIRECTORY_SEPARATOR . $name;
61
62			// Build the destination folder tree if it doesn't already exists.
63			@mkdir($dir, 0775, true);
			0 ignored issues – show Security Best Practice introduced 2015-11-26 21:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
64
65			return $dir . DIRECTORY_SEPARATOR . $version;
66			}
67
68			/**
69			* Returns the final destination of the unpacked project.
70			* @return string
71			*/
72			public function getFinalDestination()
73			{
74			$dir = $this->getDestination();
75
76			return $dir;
77			}
78
79			/**
80			* Download the remote files to the local filesystem.
81			* @return bool
82			*/
83			public function downloadFile()
84			{
85			return true;
86			}
87
88			/**
89			* Recursively delete all files and folders in the specified filepath, then
90			* delete the containing folder.
91			*
92			* Note that this only deletes visible files with write permission.
93			*
94			* @param string $path
95			* A filepath relative to file_directory_path.
96			*/
97			protected function removeDir($path)
98			{
99			if (is_file($path) \|\| is_link($path)) {
100			unlink($path);
101			} elseif (is_dir($path)) {
102			$d = dir($path);
103
104			while (($entry = $d->read()) !== false) {
105			if ($entry == '.' \|\| $entry == '..') {
106			continue;
107			}
108			$entry_path = $path . DIRECTORY_SEPARATOR . $entry;
109			$this->removeDir($entry_path);
110			}
111
112			$d->close();
113			rmdir($path);
114			}
115			}
116			}
117

smalot / drush-cerbere

Push — master ( ae88e9...239819 )

Model/Hacked/HackedProjectWebDownloader.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like