-
Notifications
You must be signed in to change notification settings - Fork 41
Expand file tree
/
Copy pathScanCommand.php
More file actions
139 lines (126 loc) · 4.41 KB
/
ScanCommand.php
File metadata and controls
139 lines (126 loc) · 4.41 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
<?php
namespace Psecio\Parse\Command;
use Symfony\Component\Console\Command\Command;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Input\InputOption;
use Symfony\Component\Console\Input\InputArgument;
use Symfony\Component\EventDispatcher\EventDispatcher;
use Psecio\Parse\Conf\ConfFactory;
use Psecio\Parse\Subscriber\SubscriberFactory;
use Psecio\Parse\Subscriber\ExitCodeCatcher;
use Psecio\Parse\Event\Events;
use Psecio\Parse\Event\MessageEvent;
use Psecio\Parse\RuleFactory;
use Psecio\Parse\CallbackVisitor;
use Psecio\Parse\Scanner;
use Psecio\Parse\FileIterator;
use Psecio\Parse\DocComment\DocCommentFactory;
use RuntimeException;
/**
* The main command, scan paths for possible security issues
*/
class ScanCommand extends Command
{
/**
* {@inheritdoc}
*/
protected function configure()
{
$this->setName('scan')
->setDescription('Scans paths for possible security issues')
->addArgument(
'path',
InputArgument::OPTIONAL|InputArgument::IS_ARRAY,
'Path to scan'
)
->addOption(
'format',
'f',
InputOption::VALUE_REQUIRED,
'Output format (progress, dots, lines, debug or xml)'
)
->addOption(
'ignore-paths',
'i',
InputOption::VALUE_REQUIRED,
'Comma-separated list of paths to ignore'
)
->addOption(
'extensions',
'x',
InputOption::VALUE_REQUIRED,
'Comma-separated list of file extensions to parse (default: php,phps,phtml,php5)'
)
->addOption(
'whitelist-rules',
'w',
InputOption::VALUE_REQUIRED,
'Comma-separated list of rules to whitelist'
)
->addOption(
'blacklist-rules',
'b',
InputOption::VALUE_REQUIRED,
'Comma-separated list of rules to blacklist'
)
->addOption(
'disable-annotations',
'd',
InputOption::VALUE_NONE,
'Skip all annotation-based rule toggles'
)
->addOption(
'configuration',
'c',
InputOption::VALUE_REQUIRED,
'Read configuration from file'
)
->addOption(
'no-configuration',
null,
InputOption::VALUE_NONE,
'Ignore default configuration file'
)
->addOption(
'disable-annotations',
'd',
InputOption::VALUE_NONE,
'Skip all annotation-based rule toggles.'
)
->setHelp(
"Scan paths for possible security issues:\n\n <info>psecio-parse %command.name% /path/to/src</info>\n"
);
}
/**
* Execute the "scan" command
*
* @param InputInterface $input Input object
* @param OutputInterface $output Output object
* @return void
*/
protected function execute(InputInterface $input, OutputInterface $output)
{
$conf = (new ConfFactory)->createConf($input, $confFileName);
$dispatcher = new EventDispatcher;
(new SubscriberFactory($conf->getFormat(), $output))->addSubscribersTo($dispatcher);
$exitCode = new ExitCodeCatcher;
$dispatcher->addSubscriber($exitCode);
if ($confFileName) {
$dispatcher->dispatch(Events::DEBUG, new MessageEvent("Reading configurations from $confFileName"));
}
$rules = (new RuleFactory($conf->getRuleWhitelist(), $conf->getRuleBlacklist()))->createRuleCollection();
$dispatcher->dispatch(Events::DEBUG, new MessageEvent("Using ruleset: $rules"));
$docCommentFactory = new DocCommentFactory();
$scanner = new Scanner(
$dispatcher,
new CallbackVisitor(
$rules,
$docCommentFactory,
!$input->getOption('disable-annotations')
)
);
$scanner->scan(new FileIterator($conf->getPaths(), $conf->getIgnorePaths(), $conf->getExtensions()));
return $exitCode->getExitCode();
}
}