Issues in HackedProjectWebDownloader.php - New Issues - Inspection of "code review" - smalot/drush-cerbere - Measure and Improve Code Quality continuously with Scrutinizer

Completed

Push — master ( c60cf3...36f595 )

by Sebastien

created 2015-11-26 14:50 UTC

Model/Hacked/HackedProjectWebDownloader.php (4 issues)

Labels

Severity

Major 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Cerbere\Model\Hacked;

use Cerbere\Model\Project;

/**
 * Base class for downloading remote versions of projects.
 */
class HackedProjectWebDownloader {
  /**
   * @var Project
   */
  protected $project;

  /**
   * Constructor, pass in the project this downloaded is expected to download.
   * @param Project $project
   */
  public function __construct(Project $project) {
    $this->project = $project;
  }

  /**
   * Returns a temp directory to work in.
   *
   * @param string $namespace
   *   The optional namespace of the temp directory, defaults to the classname.
   * @return string
   */
  protected function getTempDirectory($namespace = NULL) {
    if (null === $namespace) {
      $namespace = get_class($this);
    }

    $dir = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'hacked-cache';

    if (!empty($namespace)) {
      $dir .= DIRECTORY_SEPARATOR . preg_replace('/[^0-9A-Z\-_]/i', '', $namespace);
    }

    @mkdir($dir, 0775, TRUE);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

    return $dir;
  }

  /**
   * Returns a directory to save the downloaded project into.
   * @return string
   */
  protected function getDestination() {
    $type = $this->project->getProjectType();
    $name = $this->project->getProject();
    $version = $this->project->getVersion();

    $dir = $this->getTempDirectory() . DIRECTORY_SEPARATOR . $type . DIRECTORY_SEPARATOR . $name;

    // Build the destination folder tree if it doesn't already exists.
    @mkdir($dir, 0775, TRUE);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

    return $dir . DIRECTORY_SEPARATOR . $version;
  }

  /**
   * Returns the final destination of the unpacked project.
   * @return string
   */
  public function getFinalDestination() {
    $dir = $this->getDestination();

    return $dir;
  }

  /**
   * Download the remote files to the local filesystem.
   * @return bool
   */
  public function downloadFile() {
    return true;
  }

  /**
   * Recursively delete all files and folders in the specified filepath, then
   * delete the containing folder.
   *
   * Note that this only deletes visible files with write permission.
   *
   * @param string $path
   *   A filepath relative to file_directory_path.
   */
  protected function removeDir($path) {
    if (is_file($path) || is_link($path)) {
      @unlink($path);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    }
    elseif (is_dir($path)) {
      $d = dir($path);

      while (($entry = $d->read()) !== FALSE) {
        if ($entry == '.' || $entry == '..') {
          continue;
        }
        $entry_path = $path . DIRECTORY_SEPARATOR . $entry;
        $this->removeDir($entry_path);
      }

      $d->close();
      @rmdir($path);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
    }
  }
}


1			<?php
2
3			namespace Cerbere\Model\Hacked;
4
5			use Cerbere\Model\Project;
6
7			/**
8			* Base class for downloading remote versions of projects.
9			*/
10			class HackedProjectWebDownloader {
11			/**
12			* @var Project
13			*/
14			protected $project;
15
16			/**
17			* Constructor, pass in the project this downloaded is expected to download.
18			* @param Project $project
19			*/
20			public function __construct(Project $project) {
21			$this->project = $project;
22			}
23
24			/**
25			* Returns a temp directory to work in.
26			*
27			* @param string $namespace
28			* The optional namespace of the temp directory, defaults to the classname.
29			* @return string
30			*/
31			protected function getTempDirectory($namespace = NULL) {
32			if (null === $namespace) {
33			$namespace = get_class($this);
34			}
35
36			$dir = sys_get_temp_dir() . DIRECTORY_SEPARATOR . 'hacked-cache';
37
38			if (!empty($namespace)) {
39			$dir .= DIRECTORY_SEPARATOR . preg_replace('/[^0-9A-Z\-_]/i', '', $namespace);
40			}
41
42			@mkdir($dir, 0775, TRUE);
			0 ignored issues – show Security Best Practice introduced 2015-11-26 14:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
43
44			return $dir;
45			}
46
47			/**
48			* Returns a directory to save the downloaded project into.
49			* @return string
50			*/
51			protected function getDestination() {
52			$type = $this->project->getProjectType();
53			$name = $this->project->getProject();
54			$version = $this->project->getVersion();
55
56			$dir = $this->getTempDirectory() . DIRECTORY_SEPARATOR . $type . DIRECTORY_SEPARATOR . $name;
57
58			// Build the destination folder tree if it doesn't already exists.
59			@mkdir($dir, 0775, TRUE);
			0 ignored issues – show Security Best Practice introduced 2015-11-26 14:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
60
61			return $dir . DIRECTORY_SEPARATOR . $version;
62			}
63
64			/**
65			* Returns the final destination of the unpacked project.
66			* @return string
67			*/
68			public function getFinalDestination() {
69			$dir = $this->getDestination();
70
71			return $dir;
72			}
73
74			/**
75			* Download the remote files to the local filesystem.
76			* @return bool
77			*/
78			public function downloadFile() {
79			return true;
80			}
81
82			/**
83			* Recursively delete all files and folders in the specified filepath, then
84			* delete the containing folder.
85			*
86			* Note that this only deletes visible files with write permission.
87			*
88			* @param string $path
89			* A filepath relative to file_directory_path.
90			*/
91			protected function removeDir($path) {
92			if (is_file($path) \|\| is_link($path)) {
93			@unlink($path);
			0 ignored issues – show Security Best Practice introduced 2015-11-26 14:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
94			}
95			elseif (is_dir($path)) {
96			$d = dir($path);
97
98			while (($entry = $d->read()) !== FALSE) {
99			if ($entry == '.' \|\| $entry == '..') {
100			continue;
101			}
102			$entry_path = $path . DIRECTORY_SEPARATOR . $entry;
103			$this->removeDir($entry_path);
104			}
105
106			$d->close();
107			@rmdir($path);
			0 ignored issues – show Security Best Practice introduced 2015-11-26 14:57 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
108			}
109			}
110			}
111

smalot / drush-cerbere

Push — master ( c60cf3...36f595 )

Model/Hacked/HackedProjectWebDownloader.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like