search

Tuurlijk / typo3scan

Scans TYPO3 extensions for usage of deprecated and or changed code
MIT License
94 stars 17 forks source link

[BUG] HTML Twig template must escape html of code segments #23

Closed tomasnorre closed 5 years ago

tomasnorre commented 5 years ago

Hi,

I've a problem when scanning the ext:crawler https://github.com/aoepeople/crawler

$ git clone https://github.com/aoepeople/crawler
$ typo3scan scan --format html --target 9 crawler -r crawler.html

Then it only shows me the problems in the Classes/Backend/BackendModule.php and that only part of the problems.

In total the scanner says: 

Found 144 matches in 1.31s when checking for changes and deprecations in TYPO3 9

But in the BackendModule itself there are "only" 58 issues to take care of, so some files are still missing in the report.

I sort of expect it to be due to the amount of findings, because if I scan the subdirectories individually it works fine. But don't want to go through multiple reports if it works with one.

And the -vvv debug modus gives me no additional information.

Box Requirements Checker
========================

> Using PHP 7.1.28
> PHP is using the following php.ini file:
  /usr/local/etc/php/7.1/php.ini

> Checking Box requirements:
  ✔ The application requires the version ">=7.0.8" or greater.
  ✔ The application requires the extension "zlib".
  ✔ The package "nikic/php-parser" requires the extension "tokenizer".

 [OK] Your system is ready to run the application.
Tuurlijk commented 5 years ago

Using the latest version phar file I get: Found 118 matches in 3.96s when checking for changes and deprecations in TYPO3 9

I see fewer foldouts in the report, but that is because the results are grouped.

tomasnorre commented 5 years ago

ok.. Will need to check again then.. Only see one file with info, and that doesn't sum up to the amount said..

Will dig into this again, when I get back from my sick leave.

tomasnorre commented 5 years ago

It only shows the info for one file.

Screenshot 2019-05-10 at 10 11 13

Not sure what you mean by grouped?

Tuurlijk commented 5 years ago

Weird

Screenshot from 2019-05-10 10-21-50

Tuurlijk commented 5 years ago

I don't get that you get different amount of matches.

Can you send me a zip containing the phar file and the extension folder? So I can check with your code?

tomasnorre commented 5 years ago

$ typo3scan --version TYPO3Scan 1.6.1

Zip on the way (slack)

Tuurlijk commented 5 years ago 
$ php -i | grep execution
max_execution_time => 0 => 0

What does your system say?

Tuurlijk commented 5 years ago

Report generated with code from your zip:

Screenshot from 2019-05-10 10-45-19

tomasnorre commented 5 years ago 
$ php -i | grep execution
max_execution_time => 0 => 0
tomasnorre commented 5 years ago

That's strange..

I have downloaded the phar file and renamed it manually and put in into /usr/local/bin/typo3scan but that should influence anything.

tomasnorre commented 5 years ago

I've justed tried on a diffent laptop, both MacOS, there i get the same error.

Their i'm still on an old scanner 1.4.0

tomasnorre commented 5 years ago

I think it's related to the HTML in some way.

  1. A markdown report looks correct.
  2. A view-source of the HTML report looks correct too
  3. Outputting to stdout instead of file, looks correct too

I have tried to open the HTML in

All looks the same..

Tuurlijk commented 5 years ago

Fixed in 90c1727e066f6b1ede81e6a808d74096e677de17

Html template did not escape Html