Issues in ConfigureCommand.php (master) - Issues in master - trivago/chapi - Measure and Improve Code Quality continuously with Scrutinizer

Issues (27)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Commands/ConfigureCommand.php (2 issues)

Labels

Coding Style 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @package: chapi
 *
 * @author:  msiebeneicher
 * @since:   2015-07-28
 *
 */

namespace Chapi\Commands;

use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\Question;
use Symfony\Component\Filesystem\Filesystem;
use Symfony\Component\Yaml\Dumper;
use Symfony\Component\Yaml\Parser;

class ConfigureCommand extends AbstractCommand
{
    /**
     * Configures the current command.
     */
    protected function configure()
    {
        $this->setName('configure')
            ->setDescription('Configure application and add necessary configs')
            ->addOption('cache_dir', 'd', InputOption::VALUE_OPTIONAL, 'Path to cache directory')

            ->addOption('chronos_url', 'u', InputOption::VALUE_OPTIONAL, 'The chronos url (inclusive port)', '')
            ->addOption('chronos_http_username', 'un', InputOption::VALUE_OPTIONAL, 'The chronos username (HTTP credentials)', '')
            ->addOption('chronos_http_password', 'p', InputOption::VALUE_OPTIONAL, 'The chronos password (HTTP credentials)', '')
            ->addOption('repository_dir', 'r', InputOption::VALUE_OPTIONAL, 'Root path to your job files', '')

            ->addOption('marathon_url', 'mu', InputOption::VALUE_OPTIONAL, 'The marathon url (inclusive port)', '')
            ->addOption('marathon_http_username', 'mun', InputOption::VALUE_OPTIONAL, 'The marathon username (HTTP credentials)', '')
            ->addOption('marathon_http_password', 'mp', InputOption::VALUE_OPTIONAL, 'The marathon password (HTTP credentials)', '')
            ->addOption('repository_dir_marathon', 'mr', InputOption::VALUE_OPTIONAL, 'Root path to the app files', '')
        ;
    }

    /**
     * @param InputInterface $input
     * @param OutputInterface $output
     * @return int
     */
    protected function execute(InputInterface $input, OutputInterface $output)
    {
        $this->input = $input;
        $this->output = $output;

        return $this->process();
    }

    /**
     * @return int
     */
    protected function process()
    {
        $parameters = $this->getInputValues();

        if ($this->hasValidateUserInput($parameters)) {
            $this->saveParameters($parameters);
            return 0;
        }

        return 1;
    }

    /**
     * @return array<string,array<string,string|boolean>>
     */
    private function getInputValues()
    {
        $result = [];

        $result['cache_dir'] = [
            'value' => $this->getInputValue('cache_dir', '[GLOBAL] Please enter a cache directory'),
            'required' => true
        ];

        $result['chronos_url'] = [
            'value' => $this->getInputValue('chronos_url', '[CHRONOS] Please enter the chronos url (inclusive port)'),
            'required' => false
        ];

        $result['chronos_http_username'] = [
            'value' => $this->getInputValue('chronos_http_username', '[CHRONOS] Please enter the username to access your chronos instance'),
            'required' => false
        ];

        $result['chronos_http_password'] = [
            'value' => $this->getInputValue('chronos_http_password', '[CHRONOS] Please enter the password to access your chronos instance', true),
            'required' => false
        ];

        $result['repository_dir'] = [
            'value' => $this->getInputValue('repository_dir', '[CHRONOS] Please enter absolute path to your local chronos jobs configurations'),
            'required' => false
        ];

        $result['marathon_url'] = [
            'value' => $this->getInputValue('marathon_url', '[MARATHON] Please enter the marathon url (inclusive port)'),
            'required' => false
        ];

        $result['marathon_http_username'] = [
            'value' => $this->getInputValue('marathon_http_username', '[MARATHON] Please enter the username to access marathon instance'),
            'required' => false
        ];

        $result['marathon_http_password'] = [
            'value' => $this->getInputValue('marathon_http_password', '[MARATHON] Please enter the password to access marathon instance', true),
            'required' => false
        ];

        $result['repository_dir_marathon'] = [
            'value' => $this->getInputValue('repository_dir_marathon', '[MARATHON] Please enter absolute path to your local marathon tasks configurations'),
            'required' => false
        ];

        return $result;
    }

    /**
     * @param string $valueKey
     * @param string $question
     * @param boolean $hideAnswer
     * @return string
     */
    private function getInputValue($valueKey, $question, $hideAnswer = false)
    {
        $_sValue = $this->input->getOption($valueKey);
        if (empty($_sValue)) {
            $_sValue = $this->printQuestion(
                $question,
                $this->getParameterValue($valueKey),
                $hideAnswer
            );
        }

        return $_sValue;
    }

    /**
     * @param array $userInput
     */
    private function saveParameters(array $userInput)
    {
        // We implemented an additional level of information
        // into the user input array: Is this field required or not?
        // To be backwards compatible we only store the value of
        // the question in the dump file.
        // With this loop we get rid of the "required" information
        // from getInputValues().
        $toStore = [];
        foreach ($userInput as $key => $value) {
            $toStore[$key] = ('null' === $value['value']) ? null : $value['value'];
        }

        $configToSave = [
            $this->getProfileName() => [
                'parameters' => $toStore
            ]
        ];

        $path = $this->getHomeDir() . DIRECTORY_SEPARATOR . $this->getParameterFileName();

        // load exiting config to merge
        $config = $this->loadConfigFile(['profiles' => []]);

        $finalConfig = [
            'profiles' => array_merge($config['profiles'], $configToSave)
        ];


        // dump final config
        $dumper = new Dumper();
        $yaml = $dumper->dump($finalConfig, 4);

        $fileSystem = new Filesystem();
        $fileSystem->dumpFile(
            $path,
            $yaml
        );
    }

    /**
     * @param array $userInput
     * @return bool
     */
    private function hasValidateUserInput(array $userInput)
    {
        foreach ($userInput as $key => $value) {
            if ($value['required'] == true && empty($value['value'])) {
                $this->output->writeln(sprintf('<error>Please add a valid value for parameter "%s"</error>', $key));
                return false;
            }
        }

        return true;
    }

    /**
     * @param string $key
     * @param mixed $defaultValue
     * @return mixed
     */
    private function getParameterValue($key, $defaultValue = null)
    {
        $parameters = $this->getParameters();

        if (isset($parameters['parameters']) && isset($parameters['parameters'][$key])) {
            return $parameters['parameters'][$key];
        }

        return $defaultValue;
    }

    /**
     * @return array
     */
    private function getParameters()
    {
        $profile = $this->getProfileName();
        $parameters = $this->loadConfigFile();

        return (isset($parameters['profiles']) && isset($parameters['profiles'][$profile]))
            ? $parameters['profiles'][$profile]
            : ['profiles' => []];
    }

    /**
     * @param mixed $defaultValue
     * @return mixed
     */
    private function loadConfigFile($defaultValue = [])
    {
        $parameterFile = $this->getHomeDir() . DIRECTORY_SEPARATOR . $this->getParameterFileName();

        if (!file_exists($parameterFile)) {
            return $defaultValue;
        }

        $parser = new Parser();

        $parameters = $parser->parse(
            file_get_contents($parameterFile)
        );

        return $parameters;
    }


    /**
     * @param string $question
     * @param null|mixed $defaultValue
     * @param boolean $hideAnswer
     * @return mixed
     */
    private function printQuestion($question, $defaultValue = null, $hideAnswer = false)
    {
        $helper = $this->getHelper('question');

        // If we have a hidden answer and the default value is not empty
        // the we will set it as empty, because we don`t want to show
        // the default value on the terminal.
        // We know that the user has to enter the password again
        // if he / she want to reconfigure something. But this
        // is an acceptable tradeoff.
        if ($hideAnswer === true && !empty($defaultValue)) {
            $defaultValue = null;

        }

        $format = (!empty($defaultValue)) ? '<comment>%s (default: %s):</comment>' : '<comment>%s:</comment>';
        $question = new Question(sprintf($format, $question, $defaultValue), $defaultValue);


        // Sensitive information (like passwords) should not be
        // visible during the configuration wizard
        if ($hideAnswer === true) {
            $question->setHidden(true);
            $question->setHiddenFallback(false);
        }

        return $helper->ask($this->input, $this->output, $question);
    }
}


GitHub Access Token became invalid

Issues (27)

Security Analysis no request data

src/Commands/ConfigureCommand.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/**
3		* @package: chapi
4		*
5		* @author: msiebeneicher
6		* @since: 2015-07-28
7		*
8		*/
9
10		namespace Chapi\Commands;
11
12		use Symfony\Component\Console\Input\InputInterface;
13		use Symfony\Component\Console\Input\InputOption;
14		use Symfony\Component\Console\Output\OutputInterface;
15		use Symfony\Component\Console\Question\Question;
16		use Symfony\Component\Filesystem\Filesystem;
17		use Symfony\Component\Yaml\Dumper;
18		use Symfony\Component\Yaml\Parser;
19
20		class ConfigureCommand extends AbstractCommand
21		{
22		/**
23		* Configures the current command.
24		*/
25	4	protected function configure()
26		{
27	4	$this->setName('configure')
28	4	->setDescription('Configure application and add necessary configs')
29	4	->addOption('cache_dir', 'd', InputOption::VALUE_OPTIONAL, 'Path to cache directory')
30
31	4	->addOption('chronos_url', 'u', InputOption::VALUE_OPTIONAL, 'The chronos url (inclusive port)', '')
32	4	->addOption('chronos_http_username', 'un', InputOption::VALUE_OPTIONAL, 'The chronos username (HTTP credentials)', '')
33	4	->addOption('chronos_http_password', 'p', InputOption::VALUE_OPTIONAL, 'The chronos password (HTTP credentials)', '')
34	4	->addOption('repository_dir', 'r', InputOption::VALUE_OPTIONAL, 'Root path to your job files', '')
35
36	4	->addOption('marathon_url', 'mu', InputOption::VALUE_OPTIONAL, 'The marathon url (inclusive port)', '')
37	4	->addOption('marathon_http_username', 'mun', InputOption::VALUE_OPTIONAL, 'The marathon username (HTTP credentials)', '')
38	4	->addOption('marathon_http_password', 'mp', InputOption::VALUE_OPTIONAL, 'The marathon password (HTTP credentials)', '')
39	4	->addOption('repository_dir_marathon', 'mr', InputOption::VALUE_OPTIONAL, 'Root path to the app files', '')
40		;
41	4	}
42
43		/**
44		* @param InputInterface $input
45		* @param OutputInterface $output
46		* @return int
47		*/
48	4	protected function execute(InputInterface $input, OutputInterface $output)
49		{
50	4	$this->input = $input;
51	4	$this->output = $output;
52
53	4	return $this->process();
54		}
55
56		/**
57		* @return int
58		*/
59	4	protected function process()
60		{
61	4	$parameters = $this->getInputValues();
62
63	4	if ($this->hasValidateUserInput($parameters)) {
64	3	$this->saveParameters($parameters);
65	3	return 0;
66		}
67
68	1	return 1;
69		}
70
71		/**
72		* @return array<string,array<string,string\|boolean>>
73		*/
74	4	private function getInputValues()
75		{
76	4	$result = [];
77
78	4	$result['cache_dir'] = [
79	4	'value' => $this->getInputValue('cache_dir', '[GLOBAL] Please enter a cache directory'),
80		'required' => true
81		];
82
83	4	$result['chronos_url'] = [
84	4	'value' => $this->getInputValue('chronos_url', '[CHRONOS] Please enter the chronos url (inclusive port)'),
85		'required' => false
86		];
87
88	4	$result['chronos_http_username'] = [
89	4	'value' => $this->getInputValue('chronos_http_username', '[CHRONOS] Please enter the username to access your chronos instance'),
90		'required' => false
91		];
92
93	4	$result['chronos_http_password'] = [
94	4	'value' => $this->getInputValue('chronos_http_password', '[CHRONOS] Please enter the password to access your chronos instance', true),
95		'required' => false
96		];
97
98	4	$result['repository_dir'] = [
99	4	'value' => $this->getInputValue('repository_dir', '[CHRONOS] Please enter absolute path to your local chronos jobs configurations'),
100		'required' => false
101		];
102
103	4	$result['marathon_url'] = [
104	4	'value' => $this->getInputValue('marathon_url', '[MARATHON] Please enter the marathon url (inclusive port)'),
105		'required' => false
106		];
107
108	4	$result['marathon_http_username'] = [
109	4	'value' => $this->getInputValue('marathon_http_username', '[MARATHON] Please enter the username to access marathon instance'),
110		'required' => false
111		];
112
113	4	$result['marathon_http_password'] = [
114	4	'value' => $this->getInputValue('marathon_http_password', '[MARATHON] Please enter the password to access marathon instance', true),
115		'required' => false
116		];
117
118	4	$result['repository_dir_marathon'] = [
119	4	'value' => $this->getInputValue('repository_dir_marathon', '[MARATHON] Please enter absolute path to your local marathon tasks configurations'),
120		'required' => false
121		];
122
123	4	return $result;
124		}
125
126		/**
127		* @param string $valueKey
128		* @param string $question
129		* @param boolean $hideAnswer
130		* @return string
131		*/
132	4	private function getInputValue($valueKey, $question, $hideAnswer = false)
133		{
134	4	$_sValue = $this->input->getOption($valueKey);
135	4	if (empty($_sValue)) {
136	3	$_sValue = $this->printQuestion(
137	3	$question,
138	3	$this->getParameterValue($valueKey),
139	3	$hideAnswer
140		);
141		}
142
143	4	return $_sValue;
144		}
145
146		/**
147		* @param array $userInput
148		*/
149	3	private function saveParameters(array $userInput)
150		{
151		// We implemented an additional level of information
152		// into the user input array: Is this field required or not?
153		// To be backwards compatible we only store the value of
154		// the question in the dump file.
155		// With this loop we get rid of the "required" information
156		// from getInputValues().
157	3	$toStore = [];
158	3	foreach ($userInput as $key => $value) {
159	3	$toStore[$key] = ('null' === $value['value']) ? null : $value['value'];
160		}
161
162		$configToSave = [
163	3	$this->getProfileName() => [
164	3	'parameters' => $toStore
165		]
166		];
167
168	3	$path = $this->getHomeDir() . DIRECTORY_SEPARATOR . $this->getParameterFileName();
169
170		// load exiting config to merge
171	3	$config = $this->loadConfigFile(['profiles' => []]);
172
173		$finalConfig = [
174	3	'profiles' => array_merge($config['profiles'], $configToSave)
175		];
176
177
178		// dump final config
179	3	$dumper = new Dumper();
180	3	$yaml = $dumper->dump($finalConfig, 4);
181
182	3	$fileSystem = new Filesystem();
183	3	$fileSystem->dumpFile(
184	3	$path,
185	3	$yaml
186		);
187	3	}
188
189		/**
190		* @param array $userInput
191		* @return bool
192		*/
193	4	private function hasValidateUserInput(array $userInput)
194		{
195	4	foreach ($userInput as $key => $value) {
196	4	if ($value['required'] == true && empty($value['value'])) {
197	1	$this->output->writeln(sprintf('<error>Please add a valid value for parameter "%s"</error>', $key));
198	4	return false;
199		}
200		}
201
202	3	return true;
203		}
204
205		/**
206		* @param string $key
207		* @param mixed $defaultValue
208		* @return mixed
209		*/
210	3	private function getParameterValue($key, $defaultValue = null)
211		{
212	3	$parameters = $this->getParameters();
213
214	3	if (isset($parameters['parameters']) && isset($parameters['parameters'][$key])) {
215		return $parameters['parameters'][$key];
216		}
217
218	3	return $defaultValue;
219		}
220
221		/**
222		* @return array
223		*/
224	3	private function getParameters()
225		{
226	3	$profile = $this->getProfileName();
227	3	$parameters = $this->loadConfigFile();
228
229	3	return (isset($parameters['profiles']) && isset($parameters['profiles'][$profile]))
230		? $parameters['profiles'][$profile]
231	3	: ['profiles' => []];
232		}
233
234		/**
235		* @param mixed $defaultValue
236		* @return mixed
237		*/
238	4	private function loadConfigFile($defaultValue = [])
239		{
240	4	$parameterFile = $this->getHomeDir() . DIRECTORY_SEPARATOR . $this->getParameterFileName();
241
242	4	if (!file_exists($parameterFile)) {
243	4	return $defaultValue;
244		}
245
246		$parser = new Parser();
247
248		$parameters = $parser->parse(
249		file_get_contents($parameterFile)
250		);
251
252		return $parameters;
253		}
254
255
256		/**
257		* @param string $question
258		* @param null\|mixed $defaultValue
259		* @param boolean $hideAnswer
260		* @return mixed
261		*/
262	3	private function printQuestion($question, $defaultValue = null, $hideAnswer = false)
263		{
264	3	$helper = $this->getHelper('question');
265
266		// If we have a hidden answer and the default value is not empty
267		// the we will set it as empty, because we don`t want to show
268		// the default value on the terminal.
269		// We know that the user has to enter the password again
270		// if he / she want to reconfigure something. But this
271		// is an acceptable tradeoff.
272	3	if ($hideAnswer === true && !empty($defaultValue)) {
273		$defaultValue = null;
		0 ignored issues – show Coding Style introduced 2017-08-04 17:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different name than the parameter `$defaultValue`. This often makes code more readable. Loading history...
274		}
275
276	3	$format = (!empty($defaultValue)) ? '<comment>%s (default: %s):</comment>' : '<comment>%s:</comment>';
277	3	$question = new Question(sprintf($format, $question, $defaultValue), $defaultValue);
		0 ignored issues – show Coding Style introduced 2017-08-04 17:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different name than the parameter `$question`. This often makes code more readable. Loading history...
278
279		// Sensitive information (like passwords) should not be
280		// visible during the configuration wizard
281	3	if ($hideAnswer === true) {
282	3	$question->setHidden(true);
283	3	$question->setHiddenFallback(false);
284		}
285
286	3	return $helper->ask($this->input, $this->output, $question);
287		}
288		}
289

trivago / chapi

GitHub Access Token became invalid

Issues (27)

Security Analysis no request data

src/Commands/ConfigureCommand.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like