Issues in DumpEntities.php (master) - Issues in master - wikimedia/mediawiki-extensions-Wikibase - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1401)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

repo/maintenance/DumpEntities.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Wikibase\Repo\Maintenance;

use ExtensionRegistry;
use Maintenance;
use MWException;
use Onoi\MessageReporter\ObservableMessageReporter;
use Wikibase\DataModel\Services\EntityId\EntityIdPager;
use Wikibase\DataModel\Services\Lookup\EntityLookupException;
use Wikibase\Lib\Reporting\ExceptionHandler;
use Wikibase\Lib\Reporting\ReportingExceptionHandler;
use Wikibase\Lib\WikibaseSettings;
use Wikibase\Repo\Dumpers\DumpGenerator;
use Wikibase\Repo\IO\EntityIdReader;
use Wikibase\Repo\IO\LineReader;
use Wikibase\Repo\Store\Sql\SqlEntityIdPager;
use Wikibase\Repo\Store\Sql\SqlEntityIdPagerFactory;
use Wikibase\Repo\Store\Store;
use Wikibase\Repo\WikibaseRepo;
use Wikimedia\AtEase\AtEase;

$basePath = getenv( 'MW_INSTALL_PATH' ) !== false ? getenv( 'MW_INSTALL_PATH' ) : __DIR__ . '/../../../..';

require_once $basePath . '/maintenance/Maintenance.php';

/**
 * Maintenance script for generating a dump of entities in the repository.
 *
 * @license GPL-2.0-or-later
 * @author Daniel Kinzler
 */
abstract class DumpEntities extends Maintenance {

	/**
	 * @var SqlEntityIdPagerFactory
	 */
	private $sqlEntityIdPagerFactory;

	/**
	 * @var bool|resource
	 */
	private $logFileHandle = false;

	private $existingEntityTypes = [];

	private $entityTypesToExcludeFromOutput = [];

	public function __construct() {
		parent::__construct();

		$this->addDescription( 'Generate a JSON dump from entities in the repository.' );

		$this->addOption( 'list-file', "A file containing one entity ID per line.", false, true );
		$this->addOption(
			'entity-type',
			"Only dump this kind of entity, e.g. `item` or `property`. Can be given multiple times.",
			false,
			true,
			false,
			/* $multiOccurrence */ true
		);
		$this->addOption( 'sharding-factor', "The number of shards (must be >= 1)", false, true );
		$this->addOption( 'shard', "The shard to output (must be less than the sharding-factor)", false, true );
		$this->addOption( 'batch-size', "The number of entities per processing batch", false, true );
		$this->addOption( 'output', "Output file (default is stdout). Will be overwritten.", false, true );
		$this->addOption( 'log', "Log file (default is stderr). Will be appended.", false, true );
		$this->addOption( 'quiet', "Disable progress reporting", false, false );
		$this->addOption( 'limit', "Limit how many entities are dumped.", false, true );
		$this->addOption( 'no-cache', "If this is set, don't try to read from an EntityRevisionCache.", false, false );
		$this->addOption(
			'first-page-id',
			'First page id to dump, use 1 to start with the first page. Use the reported last SqlEntityIdPager position + 1 ' .
				'to continue a previous run. Not compatible with --list-file.',
			false,
			true
		);
		$this->addOption(
			'last-page-id',
			'Page id of the last page to possibly include in the dump. Not compatible with --list-file.',
			false,
			true
		);
		$this->addOption(
			'ignore-missing',
			'Ignore missing IDs, do not report errors on them',
			false,
			false
		);
	}

	public function setDumpEntitiesServices(
		SqlEntityIdPagerFactory $sqlEntityIdPagerFactory,
		array $existingEntityTypes,
		array $entityTypesToExcludeFromOutput
	) {
		$this->sqlEntityIdPagerFactory = $sqlEntityIdPagerFactory;
		$this->existingEntityTypes = $existingEntityTypes;
		$this->entityTypesToExcludeFromOutput = $entityTypesToExcludeFromOutput;
	}

	/**
	 * Create concrete dumper instance
	 * @param resource $output
	 * @return DumpGenerator
	 */
	abstract protected function createDumper( $output );

	/**
	 * Outputs a message vis the output() method.
	 *
	 * @see MessageReporter::logMessage()
	 *
	 * @param string $message
	 */
	public function logMessage( $message ) {
		if ( $this->logFileHandle ) {
			fwrite( $this->logFileHandle, "$message\n" );
			fflush( $this->logFileHandle );
		} else {
			$this->output( "$message\n" );
		}
	}

	/**
	 * Opens the given file for use by logMessage().
	 *
	 * @param string $file use "-" as a shortcut for "php://stdout"
	 *
	 * @throws MWException
	 */
	private function openLogFile( $file ) {
		$this->closeLogFile();

		if ( $file === '-' ) {
			$file = 'php://stdout';
		}

		// wouldn't streams be nice...
		$this->logFileHandle = fopen( $file, 'a' );

		if ( !$this->logFileHandle ) {
			throw new MWException( 'Failed to open log file: ' . $file );
		}
	}

	/**
	 * Closes any currently open file opened with openLogFile().
	 */
	private function closeLogFile() {
		if ( $this->logFileHandle
			&& $this->logFileHandle !== STDERR
			&& $this->logFileHandle !== STDOUT
		) {
			fclose( $this->logFileHandle );
		}

		$this->logFileHandle = false;
	}

	/**
	 * Do the actual work. All child classes will need to implement this
	 */
	public function execute() {
		//TODO: more validation for options
		$shardingFactor = (int)$this->getOption( 'sharding-factor', 1 );
		$shard = (int)$this->getOption( 'shard', 0 );
		$batchSize = (int)$this->getOption( 'batch-size', 100 );
		$limit = (int)$this->getOption( 'limit', 0 );

		//TODO: Allow injection of an OutputStream for logging
		$this->openLogFile( $this->getOption( 'log', 'php://stderr' ) );

		$outFile = $this->getOption( 'output', 'php://stdout' );

		if ( $outFile === '-' ) {
			$outFile = 'php://stdout';
		}

		$output = fopen( $outFile, 'w' ); //TODO: Allow injection of an OutputStream

		if ( !$output ) {
			throw new MWException( 'Failed to open ' . $outFile . '!' );
		}

		if ( $this->hasOption( 'list-file' ) ) {
			$this->logMessage( "Dumping entities listed in " . $this->getOption( 'list-file' ) );
		}

		$entityTypes = $this->getEntityTypes();
		if ( empty( $entityTypes ) ) {
			$this->logMessage( "No entity types to dump" );
			$this->closeLogFile();
			return;
		}

		$this->logMessage( 'Dumping entities of type ' . implode( ', ', $entityTypes ) );

		if ( $shardingFactor ) {
			$this->logMessage( "Dumping shard $shard/$shardingFactor" );
		}

		$dumper = $this->createDumper( $output );
		$dumper->setLimit( $limit );

		$progressReporter = new ObservableMessageReporter();
		$progressReporter->registerReporterCallback( [ $this, 'logMessage' ] );
		$dumper->setProgressReporter( $progressReporter );

		$ignored = $this->hasOption( 'ignore-missing' ) ?
			[ EntityLookupException::class ] :
			[];
		$exceptionReporter = new ReportingExceptionHandler( $progressReporter, $ignored );
		$dumper->setExceptionHandler( $exceptionReporter );

		//NOTE: we filter for $entityType twice: filtering in the DB is efficient,
		//      but filtering in the dumper is needed when working from a list file.
		$dumper->setShardingFilter( $shardingFactor, $shard );
		$dumper->setEntityTypesFilter( $entityTypes );
		$dumper->setBatchSize( $batchSize );

		$idStream = $this->makeIdStream( $entityTypes, $exceptionReporter );
		AtEase::suppressWarnings();
		$dumper->generateDump( $idStream );
		AtEase::restoreWarnings();

		if ( $idStream instanceof EntityIdReader ) {
			// close stream / free resources
			$idStream->dispose();
		}

		$this->closeLogFile();
	}

	/**
	 * @inheritDoc
	 */
	public function finalSetup() {
		global $wgHooks;

		parent::finalSetup();

		if ( $this->hasOption( 'dbgroupdefault' ) ) {
			// A group was set via cli, so no need to set the default here
			return;
		}

		$wgHooks['MediaWikiServices'][] = function() {
			global $wgDBDefaultGroup;
			if ( !ExtensionRegistry::getInstance()->isLoaded( 'WikibaseRepository' ) ) {
				// Something instantiates the MediaWikiServices before Wikibase
				// is loaded, nothing we can do here.
				wfWarn( self::class . ': Can not change default DB group.' );
				return;
			}

			// Don't use WikibaseRepo here as this is run very early on, thus
			// the bootstrapping code is not ready yet (T202452).
			$settings = WikibaseSettings::getRepoSettings();
			$dumpDBDefaultGroup = $settings->getSetting( 'dumpDBDefaultGroup' );

			if ( $dumpDBDefaultGroup !== null ) {
				$wgDBDefaultGroup = $dumpDBDefaultGroup;
			}
		};
	}

	private function getEntityTypes() {
		return array_diff(
			$this->getOption( 'entity-type', $this->existingEntityTypes ),
			$this->entityTypesToExcludeFromOutput
		);
	}

	/**
	 * @param string[] $entityTypes
	 * @param ExceptionHandler|null $exceptionReporter
	 *
	 * @return EntityIdReader|SqlEntityIdPager a stream of EntityId objects
	 */
	private function makeIdStream( array $entityTypes, ExceptionHandler $exceptionReporter = null ) {
		$listFile = $this->getOption( 'list-file' );

		if ( $listFile !== null ) {
			$stream = $this->makeIdFileStream( $listFile, $exceptionReporter );
		} else {
			$stream = $this->makeIdQueryStream( $entityTypes );
		}

		return $stream;
	}

	/**
	 * Returns EntityIdPager::NO_REDIRECTS.
	 *
	 * @return mixed a EntityIdPager::XXX_REDIRECTS constant
	 */
	protected function getRedirectMode() {
		return EntityIdPager::NO_REDIRECTS;
	}

	/**
	 * Cache flag for use in Store::getEntityRevisionLookup.
	 *
	 * @return string One of Store::LOOKUP_CACHING_RETRIEVE_ONLY and Store::LOOKUP_CACHING_DISABLED
	 */
	protected function getEntityRevisionLookupCacheMode() {
		if ( $this->getOption( 'no-cache', false ) ) {
			return Store::LOOKUP_CACHING_DISABLED;
		} else {
			return Store::LOOKUP_CACHING_RETRIEVE_ONLY;
		}
	}

	/**
	 * @param string[] $entityTypes
	 *
	 * @return SqlEntityIdPager
	 */
	private function makeIdQueryStream( array $entityTypes ) {
		$sqlEntityIdPager = $this->sqlEntityIdPagerFactory->newSqlEntityIdPager( $entityTypes, $this->getRedirectMode() );

		$firstPageId = $this->getOption( 'first-page-id', null );
		if ( $firstPageId ) {
			$sqlEntityIdPager->setPosition( intval( $firstPageId ) - 1 );
		}
		$lastPageId = $this->getOption( 'last-page-id', null );
		if ( $lastPageId ) {
			$sqlEntityIdPager->setCutoffPosition( intval( $lastPageId ) );
		}

		return $sqlEntityIdPager;
	}

	/**
	 * @param string $listFile
	 * @param ExceptionHandler|null $exceptionReporter
	 *
	 * @throws MWException
	 * @return EntityIdReader
	 */
	private function makeIdFileStream( $listFile, ExceptionHandler $exceptionReporter = null ) {
		$input = fopen( $listFile, 'r' );

		if ( !$input ) {
			throw new MWException( "Failed to open ID file: $listFile" );
		}

		$stream = new EntityIdReader( new LineReader( $input ), WikibaseRepo::getDefaultInstance()->getEntityIdParser() );
		$stream->setExceptionHandler( $exceptionReporter );
function notNullable(stdClass $x) { }

// Unsafe
function withoutCheck(stdClass $x = null) {
    notNullable($x);
}

// Safe - Alternative 1: Adding Additional Type-Check
function withCheck(stdClass $x = null) {
    if ($x instanceof stdClass) {
        notNullable($x);
    }
}

// Safe - Alternative 2: Changing Parameter
function withNonNullableParam(stdClass $x) {
    notNullable($x);
}

		return $stream;
	}

}


1			<?php
2
3			namespace Wikibase\Repo\Maintenance;
4
5			use ExtensionRegistry;
6			use Maintenance;
7			use MWException;
8			use Onoi\MessageReporter\ObservableMessageReporter;
9			use Wikibase\DataModel\Services\EntityId\EntityIdPager;
10			use Wikibase\DataModel\Services\Lookup\EntityLookupException;
11			use Wikibase\Lib\Reporting\ExceptionHandler;
12			use Wikibase\Lib\Reporting\ReportingExceptionHandler;
13			use Wikibase\Lib\WikibaseSettings;
14			use Wikibase\Repo\Dumpers\DumpGenerator;
15			use Wikibase\Repo\IO\EntityIdReader;
16			use Wikibase\Repo\IO\LineReader;
17			use Wikibase\Repo\Store\Sql\SqlEntityIdPager;
18			use Wikibase\Repo\Store\Sql\SqlEntityIdPagerFactory;
19			use Wikibase\Repo\Store\Store;
20			use Wikibase\Repo\WikibaseRepo;
21			use Wikimedia\AtEase\AtEase;
22
23			$basePath = getenv( 'MW_INSTALL_PATH' ) !== false ? getenv( 'MW_INSTALL_PATH' ) : __DIR__ . '/../../../..';
24
25			require_once $basePath . '/maintenance/Maintenance.php';
26
27			/**
28			* Maintenance script for generating a dump of entities in the repository.
29			*
30			* @license GPL-2.0-or-later
31			* @author Daniel Kinzler
32			*/
33			abstract class DumpEntities extends Maintenance {
34
35			/**
36			* @var SqlEntityIdPagerFactory
37			*/
38			private $sqlEntityIdPagerFactory;
39
40			/**
41			* @var bool\|resource
42			*/
43			private $logFileHandle = false;
44
45			private $existingEntityTypes = [];
46
47			private $entityTypesToExcludeFromOutput = [];
48
49			public function __construct() {
50			parent::__construct();
51
52			$this->addDescription( 'Generate a JSON dump from entities in the repository.' );
53
54			$this->addOption( 'list-file', "A file containing one entity ID per line.", false, true );
55			$this->addOption(
56			'entity-type',
57			"Only dump this kind of entity, e.g. `item` or `property`. Can be given multiple times.",
58			false,
59			true,
60			false,
61			/* $multiOccurrence */ true
62			);
63			$this->addOption( 'sharding-factor', "The number of shards (must be >= 1)", false, true );
64			$this->addOption( 'shard', "The shard to output (must be less than the sharding-factor)", false, true );
65			$this->addOption( 'batch-size', "The number of entities per processing batch", false, true );
66			$this->addOption( 'output', "Output file (default is stdout). Will be overwritten.", false, true );
67			$this->addOption( 'log', "Log file (default is stderr). Will be appended.", false, true );
68			$this->addOption( 'quiet', "Disable progress reporting", false, false );
69			$this->addOption( 'limit', "Limit how many entities are dumped.", false, true );
70			$this->addOption( 'no-cache', "If this is set, don't try to read from an EntityRevisionCache.", false, false );
71			$this->addOption(
72			'first-page-id',
73			'First page id to dump, use 1 to start with the first page. Use the reported last SqlEntityIdPager position + 1 ' .
74			'to continue a previous run. Not compatible with --list-file.',
75			false,
76			true
77			);
78			$this->addOption(
79			'last-page-id',
80			'Page id of the last page to possibly include in the dump. Not compatible with --list-file.',
81			false,
82			true
83			);
84			$this->addOption(
85			'ignore-missing',
86			'Ignore missing IDs, do not report errors on them',
87			false,
88			false
89			);
90			}
91
92			public function setDumpEntitiesServices(
93			SqlEntityIdPagerFactory $sqlEntityIdPagerFactory,
94			array $existingEntityTypes,
95			array $entityTypesToExcludeFromOutput
96			) {
97			$this->sqlEntityIdPagerFactory = $sqlEntityIdPagerFactory;
98			$this->existingEntityTypes = $existingEntityTypes;
99			$this->entityTypesToExcludeFromOutput = $entityTypesToExcludeFromOutput;
100			}
101
102			/**
103			* Create concrete dumper instance
104			* @param resource $output
105			* @return DumpGenerator
106			*/
107			abstract protected function createDumper( $output );
108
109			/**
110			* Outputs a message vis the output() method.
111			*
112			* @see MessageReporter::logMessage()
113			*
114			* @param string $message
115			*/
116			public function logMessage( $message ) {
117			if ( $this->logFileHandle ) {
118			fwrite( $this->logFileHandle, "$message\n" );
119			fflush( $this->logFileHandle );
120			} else {
121			$this->output( "$message\n" );
122			}
123			}
124
125			/**
126			* Opens the given file for use by logMessage().
127			*
128			* @param string $file use "-" as a shortcut for "php://stdout"
129			*
130			* @throws MWException
131			*/
132			private function openLogFile( $file ) {
133			$this->closeLogFile();
134
135			if ( $file === '-' ) {
136			$file = 'php://stdout';
137			}
138
139			// wouldn't streams be nice...
140			$this->logFileHandle = fopen( $file, 'a' );
141
142			if ( !$this->logFileHandle ) {
143			throw new MWException( 'Failed to open log file: ' . $file );
144			}
145			}
146
147			/**
148			* Closes any currently open file opened with openLogFile().
149			*/
150			private function closeLogFile() {
151			if ( $this->logFileHandle
152			&& $this->logFileHandle !== STDERR
153			&& $this->logFileHandle !== STDOUT
154			) {
155			fclose( $this->logFileHandle );
156			}
157
158			$this->logFileHandle = false;
159			}
160
161			/**
162			* Do the actual work. All child classes will need to implement this
163			*/
164			public function execute() {
165			//TODO: more validation for options
166			$shardingFactor = (int)$this->getOption( 'sharding-factor', 1 );
167			$shard = (int)$this->getOption( 'shard', 0 );
168			$batchSize = (int)$this->getOption( 'batch-size', 100 );
169			$limit = (int)$this->getOption( 'limit', 0 );
170
171			//TODO: Allow injection of an OutputStream for logging
172			$this->openLogFile( $this->getOption( 'log', 'php://stderr' ) );
173
174			$outFile = $this->getOption( 'output', 'php://stdout' );
175
176			if ( $outFile === '-' ) {
177			$outFile = 'php://stdout';
178			}
179
180			$output = fopen( $outFile, 'w' ); //TODO: Allow injection of an OutputStream
181
182			if ( !$output ) {
183			throw new MWException( 'Failed to open ' . $outFile . '!' );
184			}
185
186			if ( $this->hasOption( 'list-file' ) ) {
187			$this->logMessage( "Dumping entities listed in " . $this->getOption( 'list-file' ) );
188			}
189
190			$entityTypes = $this->getEntityTypes();
191			if ( empty( $entityTypes ) ) {
192			$this->logMessage( "No entity types to dump" );
193			$this->closeLogFile();
194			return;
195			}
196
197			$this->logMessage( 'Dumping entities of type ' . implode( ', ', $entityTypes ) );
198
199			if ( $shardingFactor ) {
200			$this->logMessage( "Dumping shard $shard/$shardingFactor" );
201			}
202
203			$dumper = $this->createDumper( $output );
204			$dumper->setLimit( $limit );
205
206			$progressReporter = new ObservableMessageReporter();
207			$progressReporter->registerReporterCallback( [ $this, 'logMessage' ] );
208			$dumper->setProgressReporter( $progressReporter );
209
210			$ignored = $this->hasOption( 'ignore-missing' ) ?
211			[ EntityLookupException::class ] :
212			[];
213			$exceptionReporter = new ReportingExceptionHandler( $progressReporter, $ignored );
214			$dumper->setExceptionHandler( $exceptionReporter );
215
216			//NOTE: we filter for $entityType twice: filtering in the DB is efficient,
217			// but filtering in the dumper is needed when working from a list file.
218			$dumper->setShardingFilter( $shardingFactor, $shard );
219			$dumper->setEntityTypesFilter( $entityTypes );
220			$dumper->setBatchSize( $batchSize );
221
222			$idStream = $this->makeIdStream( $entityTypes, $exceptionReporter );
223			AtEase::suppressWarnings();
224			$dumper->generateDump( $idStream );
225			AtEase::restoreWarnings();
226
227			if ( $idStream instanceof EntityIdReader ) {
228			// close stream / free resources
229			$idStream->dispose();
230			}
231
232			$this->closeLogFile();
233			}
234
235			/**
236			* @inheritDoc
237			*/
238			public function finalSetup() {
239			global $wgHooks;
240
241			parent::finalSetup();
242
243			if ( $this->hasOption( 'dbgroupdefault' ) ) {
244			// A group was set via cli, so no need to set the default here
245			return;
246			}
247
248			$wgHooks['MediaWikiServices'][] = function() {
249			global $wgDBDefaultGroup;
250			if ( !ExtensionRegistry::getInstance()->isLoaded( 'WikibaseRepository' ) ) {
251			// Something instantiates the MediaWikiServices before Wikibase
252			// is loaded, nothing we can do here.
253			wfWarn( self::class . ': Can not change default DB group.' );
254			return;
255			}
256
257			// Don't use WikibaseRepo here as this is run very early on, thus
258			// the bootstrapping code is not ready yet (T202452).
259			$settings = WikibaseSettings::getRepoSettings();
260			$dumpDBDefaultGroup = $settings->getSetting( 'dumpDBDefaultGroup' );
261
262			if ( $dumpDBDefaultGroup !== null ) {
263			$wgDBDefaultGroup = $dumpDBDefaultGroup;
264			}
265			};
266			}
267
268			private function getEntityTypes() {
269			return array_diff(
270			$this->getOption( 'entity-type', $this->existingEntityTypes ),
271			$this->entityTypesToExcludeFromOutput
272			);
273			}
274
275			/**
276			* @param string[] $entityTypes
277			* @param ExceptionHandler\|null $exceptionReporter
278			*
279			* @return EntityIdReader\|SqlEntityIdPager a stream of EntityId objects
280			*/
281			private function makeIdStream( array $entityTypes, ExceptionHandler $exceptionReporter = null ) {
282			$listFile = $this->getOption( 'list-file' );
283
284			if ( $listFile !== null ) {
285			$stream = $this->makeIdFileStream( $listFile, $exceptionReporter );
286			} else {
287			$stream = $this->makeIdQueryStream( $entityTypes );
288			}
289
290			return $stream;
291			}
292
293			/**
294			* Returns EntityIdPager::NO_REDIRECTS.
295			*
296			* @return mixed a EntityIdPager::XXX_REDIRECTS constant
297			*/
298			protected function getRedirectMode() {
299			return EntityIdPager::NO_REDIRECTS;
300			}
301
302			/**
303			* Cache flag for use in Store::getEntityRevisionLookup.
304			*
305			* @return string One of Store::LOOKUP_CACHING_RETRIEVE_ONLY and Store::LOOKUP_CACHING_DISABLED
306			*/
307			protected function getEntityRevisionLookupCacheMode() {
308			if ( $this->getOption( 'no-cache', false ) ) {
309			return Store::LOOKUP_CACHING_DISABLED;
310			} else {
311			return Store::LOOKUP_CACHING_RETRIEVE_ONLY;
312			}
313			}
314
315			/**
316			* @param string[] $entityTypes
317			*
318			* @return SqlEntityIdPager
319			*/
320			private function makeIdQueryStream( array $entityTypes ) {
321			$sqlEntityIdPager = $this->sqlEntityIdPagerFactory->newSqlEntityIdPager( $entityTypes, $this->getRedirectMode() );
322
323			$firstPageId = $this->getOption( 'first-page-id', null );
324			if ( $firstPageId ) {
325			$sqlEntityIdPager->setPosition( intval( $firstPageId ) - 1 );
326			}
327			$lastPageId = $this->getOption( 'last-page-id', null );
328			if ( $lastPageId ) {
329			$sqlEntityIdPager->setCutoffPosition( intval( $lastPageId ) );
330			}
331
332			return $sqlEntityIdPager;
333			}
334
335			/**
336			* @param string $listFile
337			* @param ExceptionHandler\|null $exceptionReporter
338			*
339			* @throws MWException
340			* @return EntityIdReader
341			*/
342			private function makeIdFileStream( $listFile, ExceptionHandler $exceptionReporter = null ) {
343			$input = fopen( $listFile, 'r' );
344
345			if ( !$input ) {
346			throw new MWException( "Failed to open ID file: $listFile" );
347			}
348
349			$stream = new EntityIdReader( new LineReader( $input ), WikibaseRepo::getDefaultInstance()->getEntityIdParser() );
350			$stream->setExceptionHandler( $exceptionReporter );
			0 ignored issues – show Bug introduced 2016-02-04 16:59 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$exceptionReporter` defined by parameter `$exceptionReporter` on line `342` can be `null`; however, `Wikibase\Repo\IO\EntityI...::setExceptionHandler()` does not accept `null`, maybe add an additional type check? It seems like you allow that null is being passed for a parameter, however the function which is called does not seem to accept null. We recommend to add an additional type check (or disallow null for the parameter): function notNullable(stdClass $x) { } // Unsafe function withoutCheck(stdClass $x = null) { notNullable($x); } // Safe - Alternative 1: Adding Additional Type-Check function withCheck(stdClass $x = null) { if ($x instanceof stdClass) { notNullable($x); } } // Safe - Alternative 2: Changing Parameter function withNonNullableParam(stdClass $x) { notNullable($x); } Loading history...
351
352			return $stream;
353			}
354
355			}
356

wikimedia / mediawiki-extensions-Wikibase

Issues (1401)

Security Analysis no request data

repo/maintenance/DumpEntities.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like