Issues in Command.php (master) - Issues in master - z-song/lumen-swoole - Measure and Improve Code Quality continuously with Scrutinizer

Issues (7)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Command.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Encore\LumenSwoole;

use Error;
use ErrorException;
use Laravel\Lumen\Exceptions\Handler;
use Symfony\Component\Console\Output\ConsoleOutput;
use Symfony\Component\Debug\Exception\FatalErrorException;
use Symfony\Component\Debug\Exception\FatalThrowableError;

/**
 * Class Command.
 */
class Command
{
    /**
     * Pid file.
     *
     * @var string
     */
    protected $pidFile;

    /**
     * Command options.
     *
     * @var array
     */
    protected $options = [];

    /**
     * Server host.
     *
     * @var string
     */
    protected $host = '127.0.0.1';

    /**
     * Server port.
     *
     * @var int
     */
    protected $port = 8083;

    /**
     * Application bootstrap file.
     *
     * @var string
     */
    protected $bootstrap = 'bootstrap/app.php';

    /**
     * Http server options.
     *
     * @var array
     */
    protected $serverOptions = [];

    /**
     * Create a new Command instance.
     */
    public function __construct()
    {
        $this->registerErrorHandling();
    }

    /**
     * Main access.
     *
     * @param $argv
     *
     * @return mixed
     */
    public static function main($argv)
    {
        $command = new static();

        return $command->run($argv);
    }

    /**
     * Run up the server.
     *
     * @param string $argv
     *
     * @throws \Exception
     */
    public function run($argv)
    {
        if ($this->handleAction($argv)) {
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
            return;
        }

        if (!$this->handleArguments()) {
            return;
        }

        echo "Swoole http server started on http://{$this->host}:{$this->port}/\r\n";

        $server = new Server($this->host, $this->port);
        $server->setApplication(require $this->bootstrap);

        $server->options($this->serverOptions)->run();
    }

    /**
     * Handle command action.
     *
     * @param array $argv
     *
     * @return bool
     */
    public function handleAction($argv)
    {
        if (count($argv) < 2) {
            return false;
        }

        if (in_array($argv[1], ['stop', 'reload', 'restart'])) {
            call_user_func([$this, $argv[1]]);

            return true;
        }

        return false;
    }

    /**
     * Handle Command arguments.
     *
     * @return bool
     */
    public function handleArguments()
    {
        $serverOptions = array_map(function ($option) {
            return "$option:";
        }, Server::$validServerOptions);

        $longOptions = array_merge(['host:', 'port:', 'help', 'version'], $serverOptions);

        $options = getopt('dvp:h::s:', $longOptions);

        foreach ($options as $option => $value) {
            switch ($option) {
                case 'h':
                case 'host':
                    if ($value) {
                        $this->host = $value;
                    } else {
                        $this->usage();

                        return false;
                    }
                    break;

                case 'help':
                    $this->usage();

                    return false;

                case 'p':
                case 'port':
                    if ($value) {
                        $this->port = (int) $value;
                    }
                    break;

                case 's':
                    if ($value) {
                        $this->bootstrap = $value;
                    }
                    break;

                case 'd':
                    $this->serverOptions['daemonize'] = true;
                    break;

                case 'v':
                case 'version':
                    echo Server::VERSION, "\r\n";

                    return false;

                default:
                    if (in_array($option, Server::$validServerOptions) && $value) {
                        $this->serverOptions[$option] = $value;
                    }
                    break;
            }
        }

        return true;
    }

    /**
     * Show usage.
     */
    public function usage()
    {
        $this->printVersionString();

        echo <<<'EOT'

Usage: vendor/bin/lumen-swoole {stop|restart|reload}

  -h <hostname>      Server hostname (default: 127.0.0.1).
  -p <port>          Server port (default: 6379).
  -s <script>        Application script.
  -d <daemon>        Run server in daemon mode.
  -v <version>       Output version and exit.

  --host             Server hostname (default: 127.0.0.1).
  --port             Server port (default: 6379).
  --help             Output this help and exit.
  --version          Output version and exit.

Examples:
  vendor/bin/lumen-swoole -d
  vendor/bin/lumen-swoole -h 127.0.0.1 -p 80 -d
  vendor/bin/lumen-swoole -h 127.0.0.1 -p 80 -d
  vendor/bin/lumen-swoole -s path/to/bootstrap/script.php

  vendor/bin/lumen-swoole restart
  vendor/bin/lumen-swoole reload
  vendor/bin/lumen-swoole restart

Other options please see http://wiki.swoole.com/wiki/page/274.html.

EOT;
    }

    /**
     * Print version string.
     */
    public function printVersionString()
    {
        echo Server::VERSION, "\r\n";
    }

    /**
     * Stop the server.
     *
     * @throws \Exception
     *
     * @return void
     */
    public function stop()
    {
        $pid = $this->getPid();

        echo "Server is stopping...\r\n";

        posix_kill($pid, SIGTERM);

        usleep(500);

        posix_kill($pid, SIGKILL);

        unlink($this->pidFile);
    }

    /**
     * Reload the server.
     *
     * @throws \Exception
     *
     * @return void
     */
    public function reload()
    {
        posix_kill($this->getPid(), SIGUSR1);
    }

    /**
     * Restart the server.
     *
     * @throws \Exception
     *
     * @return void
     */
    public function restart()
    {
        $pid = $this->getPid();

        $cmd = exec("ps -p $pid -o args | grep lumen-swoole");

        if (empty($cmd)) {
            throw new \Exception('Cannot find server process.');
        }

        $this->stop();

        usleep(2000);

        echo "Server is starting...\r\n";

        exec($cmd);
    }

    /**
     * Get process identifier of this server.
     *
     * @throws \Exception
     *
     * @return string|false
     */
    protected function getPid()
    {
        $app = require $this->bootstrap;

        $this->pidFile = $app->storagePath('lumen-swoole.pid');

        if (!file_exists($this->pidFile)) {
            throw new \Exception('The Server is not running.');
        }

        $pid = file_get_contents($this->pidFile);

        if (posix_getpgid($pid)) {
            return $pid;
        }

        unlink($this->pidFile);

        return false;
    }

    /**
     * Set the error handling for the application.
     *
     * @return void
     */
    protected function registerErrorHandling()
    {
        error_reporting(-1);

        set_error_handler(function ($level, $message, $file = '', $line = 0) {
            if (error_reporting() & $level) {
                throw new ErrorException($message, 0, $level, $file, $line);
            }
        });

        set_exception_handler(function ($e) {
            $this->handleUncaughtException($e);
        });

        register_shutdown_function(function () {
            $this->handleShutdown();
        });
    }

    /**
     * Handle an uncaught exception instance.
     *
     * @param \Exception $e
     *
     * @return void
     */
    protected function handleUncaughtException($e)
    {
        if ($e instanceof Error) {
            $e = new FatalThrowableError($e);
        }

        (new Handler())->renderForConsole(new ConsoleOutput(), $e);
    }

    /**
     * Handle the application shutdown routine.
     *
     * @return void
     */
    protected function handleShutdown()
    {
        if (!is_null($error = error_get_last()) && $this->isFatalError($error['type'])) {
            $this->handleUncaughtException(new FatalErrorException(
                $error['message'],
                $error['type'],
                0,
                $error['file'],
                $error['line']
            ));
        }
    }

    /**
     * Determine if the error type is fatal.
     *
     * @param int $type
     *
     * @return bool
     */
    protected function isFatalError($type)
    {
        $errorCodes = [E_ERROR, E_CORE_ERROR, E_COMPILE_ERROR, E_PARSE];

        if (defined('FATAL_ERROR')) {
            $errorCodes[] = FATAL_ERROR;
        }

        return in_array($type, $errorCodes);
    }
}


1			<?php
2
3			namespace Encore\LumenSwoole;
4
5			use Error;
6			use ErrorException;
7			use Laravel\Lumen\Exceptions\Handler;
8			use Symfony\Component\Console\Output\ConsoleOutput;
9			use Symfony\Component\Debug\Exception\FatalErrorException;
10			use Symfony\Component\Debug\Exception\FatalThrowableError;
11
12			/**
13			* Class Command.
14			*/
15			class Command
16			{
17			/**
18			* Pid file.
19			*
20			* @var string
21			*/
22			protected $pidFile;
23
24			/**
25			* Command options.
26			*
27			* @var array
28			*/
29			protected $options = [];
30
31			/**
32			* Server host.
33			*
34			* @var string
35			*/
36			protected $host = '127.0.0.1';
37
38			/**
39			* Server port.
40			*
41			* @var int
42			*/
43			protected $port = 8083;
44
45			/**
46			* Application bootstrap file.
47			*
48			* @var string
49			*/
50			protected $bootstrap = 'bootstrap/app.php';
51
52			/**
53			* Http server options.
54			*
55			* @var array
56			*/
57			protected $serverOptions = [];
58
59			/**
60			* Create a new Command instance.
61			*/
62			public function __construct()
63			{
64			$this->registerErrorHandling();
65			}
66
67			/**
68			* Main access.
69			*
70			* @param $argv
71			*
72			* @return mixed
73			*/
74			public static function main($argv)
75			{
76			$command = new static();
77
78			return $command->run($argv);
79			}
80
81			/**
82			* Run up the server.
83			*
84			* @param string $argv
85			*
86			* @throws \Exception
87			*/
88			public function run($argv)
89			{
90			if ($this->handleAction($argv)) {
			0 ignored issues – show Documentation introduced 2016-09-29 03:06 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$argv` is of type `string`, but the function expects a `array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
91			return;
92			}
93
94			if (!$this->handleArguments()) {
95			return;
96			}
97
98			echo "Swoole http server started on http://{$this->host}:{$this->port}/\r\n";
99
100			$server = new Server($this->host, $this->port);
101			$server->setApplication(require $this->bootstrap);
102
103			$server->options($this->serverOptions)->run();
104			}
105
106			/**
107			* Handle command action.
108			*
109			* @param array $argv
110			*
111			* @return bool
112			*/
113			public function handleAction($argv)
114			{
115			if (count($argv) < 2) {
116			return false;
117			}
118
119			if (in_array($argv[1], ['stop', 'reload', 'restart'])) {
120			call_user_func([$this, $argv[1]]);
121
122			return true;
123			}
124
125			return false;
126			}
127
128			/**
129			* Handle Command arguments.
130			*
131			* @return bool
132			*/
133			public function handleArguments()
134			{
135			$serverOptions = array_map(function ($option) {
136			return "$option:";
137			}, Server::$validServerOptions);
138
139			$longOptions = array_merge(['host:', 'port:', 'help', 'version'], $serverOptions);
140
141			$options = getopt('dvp:h::s:', $longOptions);
142
143			foreach ($options as $option => $value) {
144			switch ($option) {
145			case 'h':
146			case 'host':
147			if ($value) {
148			$this->host = $value;
149			} else {
150			$this->usage();
151
152			return false;
153			}
154			break;
155
156			case 'help':
157			$this->usage();
158
159			return false;
160
161			case 'p':
162			case 'port':
163			if ($value) {
164			$this->port = (int) $value;
165			}
166			break;
167
168			case 's':
169			if ($value) {
170			$this->bootstrap = $value;
171			}
172			break;
173
174			case 'd':
175			$this->serverOptions['daemonize'] = true;
176			break;
177
178			case 'v':
179			case 'version':
180			echo Server::VERSION, "\r\n";
181
182			return false;
183
184			default:
185			if (in_array($option, Server::$validServerOptions) && $value) {
186			$this->serverOptions[$option] = $value;
187			}
188			break;
189			}
190			}
191
192			return true;
193			}
194
195			/**
196			* Show usage.
197			*/
198			public function usage()
199			{
200			$this->printVersionString();
201
202			echo <<<'EOT'
203
204			Usage: vendor/bin/lumen-swoole {stop\|restart\|reload}
205
206			-h <hostname> Server hostname (default: 127.0.0.1).
207			-p <port> Server port (default: 6379).
208			-s <script> Application script.
209			-d <daemon> Run server in daemon mode.
210			-v <version> Output version and exit.
211
212			--host Server hostname (default: 127.0.0.1).
213			--port Server port (default: 6379).
214			--help Output this help and exit.
215			--version Output version and exit.
216
217			Examples:
218			vendor/bin/lumen-swoole -d
219			vendor/bin/lumen-swoole -h 127.0.0.1 -p 80 -d
220			vendor/bin/lumen-swoole -h 127.0.0.1 -p 80 -d
221			vendor/bin/lumen-swoole -s path/to/bootstrap/script.php
222
223			vendor/bin/lumen-swoole restart
224			vendor/bin/lumen-swoole reload
225			vendor/bin/lumen-swoole restart
226
227			Other options please see http://wiki.swoole.com/wiki/page/274.html.
228
229			EOT;
230			}
231
232			/**
233			* Print version string.
234			*/
235			public function printVersionString()
236			{
237			echo Server::VERSION, "\r\n";
238			}
239
240			/**
241			* Stop the server.
242			*
243			* @throws \Exception
244			*
245			* @return void
246			*/
247			public function stop()
248			{
249			$pid = $this->getPid();
250
251			echo "Server is stopping...\r\n";
252
253			posix_kill($pid, SIGTERM);
254
255			usleep(500);
256
257			posix_kill($pid, SIGKILL);
258
259			unlink($this->pidFile);
260			}
261
262			/**
263			* Reload the server.
264			*
265			* @throws \Exception
266			*
267			* @return void
268			*/
269			public function reload()
270			{
271			posix_kill($this->getPid(), SIGUSR1);
272			}
273
274			/**
275			* Restart the server.
276			*
277			* @throws \Exception
278			*
279			* @return void
280			*/
281			public function restart()
282			{
283			$pid = $this->getPid();
284
285			$cmd = exec("ps -p $pid -o args \| grep lumen-swoole");
286
287			if (empty($cmd)) {
288			throw new \Exception('Cannot find server process.');
289			}
290
291			$this->stop();
292
293			usleep(2000);
294
295			echo "Server is starting...\r\n";
296
297			exec($cmd);
298			}
299
300			/**
301			* Get process identifier of this server.
302			*
303			* @throws \Exception
304			*
305			* @return string\|false
306			*/
307			protected function getPid()
308			{
309			$app = require $this->bootstrap;
310
311			$this->pidFile = $app->storagePath('lumen-swoole.pid');
312
313			if (!file_exists($this->pidFile)) {
314			throw new \Exception('The Server is not running.');
315			}
316
317			$pid = file_get_contents($this->pidFile);
318
319			if (posix_getpgid($pid)) {
320			return $pid;
321			}
322
323			unlink($this->pidFile);
324
325			return false;
326			}
327
328			/**
329			* Set the error handling for the application.
330			*
331			* @return void
332			*/
333			protected function registerErrorHandling()
334			{
335			error_reporting(-1);
336
337			set_error_handler(function ($level, $message, $file = '', $line = 0) {
338			if (error_reporting() & $level) {
339			throw new ErrorException($message, 0, $level, $file, $line);
340			}
341			});
342
343			set_exception_handler(function ($e) {
344			$this->handleUncaughtException($e);
345			});
346
347			register_shutdown_function(function () {
348			$this->handleShutdown();
349			});
350			}
351
352			/**
353			* Handle an uncaught exception instance.
354			*
355			* @param \Exception $e
356			*
357			* @return void
358			*/
359			protected function handleUncaughtException($e)
360			{
361			if ($e instanceof Error) {
362			$e = new FatalThrowableError($e);
363			}
364
365			(new Handler())->renderForConsole(new ConsoleOutput(), $e);
366			}
367
368			/**
369			* Handle the application shutdown routine.
370			*
371			* @return void
372			*/
373			protected function handleShutdown()
374			{
375			if (!is_null($error = error_get_last()) && $this->isFatalError($error['type'])) {
376			$this->handleUncaughtException(new FatalErrorException(
377			$error['message'],
378			$error['type'],
379			0,
380			$error['file'],
381			$error['line']
382			));
383			}
384			}
385
386			/**
387			* Determine if the error type is fatal.
388			*
389			* @param int $type
390			*
391			* @return bool
392			*/
393			protected function isFatalError($type)
394			{
395			$errorCodes = [E_ERROR, E_CORE_ERROR, E_COMPILE_ERROR, E_PARSE];
396
397			if (defined('FATAL_ERROR')) {
398			$errorCodes[] = FATAL_ERROR;
399			}
400
401			return in_array($type, $errorCodes);
402			}
403			}
404

z-song / lumen-swoole

Issues (7)

Security Analysis not enabled

src/Command.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like