search

sandhje / vscode-phpmd

VSCode PHP Mess Detector extension
MIT License
15 stars 4 forks source link

False-negative test on Linux with "&" characters in the path #61

Closed sotnikov123 closed 3 years ago

sotnikov123 commented 3 years ago

[andrew@localhost ~]$ uname -a Linux localhost.localdomain 5.10.13-200.fc33.x86_64 #1 SMP Thu Feb 4 14:54:51 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux [andrew@localhost ~]$

Test file: fun&joyTest.php <?php function test($test=false){}

There is 2 problems, but:

Save by Ctrl-S in "/home/andrew/fun&joyTest.php" triple run one by one (1-0-1 problems was found): [Info - 21:03:02] Document saved, starting validation. [Info - 21:03:02] PHP Mess Detector validation started for file:///home/andrew/fun%26joyTest.php [Info - 21:03:02] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:03:02] Building phpmd version command: phpmd --version [Info - 21:03:02] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:03:02] File /home/andrew/fun&joyTest.php test successful [Info - 21:03:02] Running phpmd command with options ""/home/andrew/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:03:02] Building phpmd command: phpmd "/home/andrew/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:03:02] PHP Mess Detector validation completed for file:///home/andrew/fun%26joyTest.php. 1 problems found [Info - 21:03:02] Document validation after save completed successfully [Info - 21:03:06] Document saved, starting validation. [Info - 21:03:06] PHP Mess Detector validation started for file:///home/andrew/fun%26joyTest.php [Info - 21:03:06] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:03:06] Building phpmd version command: phpmd --version [Info - 21:03:06] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:03:06] File /home/andrew/fun&joyTest.php test successful [Info - 21:03:06] Running phpmd command with options ""/home/andrew/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:03:06] Building phpmd command: phpmd "/home/andrew/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:03:06] PHP Mess Detector validation completed for file:///home/andrew/fun%26joyTest.php. 0 problems found [Info - 21:03:06] Document validation after save completed successfully [Info - 21:03:10] Document saved, starting validation. [Info - 21:03:10] PHP Mess Detector validation started for file:///home/andrew/fun%26joyTest.php [Info - 21:03:10] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:03:10] Building phpmd version command: phpmd --version [Info - 21:03:10] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:03:10] File /home/andrew/fun&joyTest.php test successful [Info - 21:03:10] Running phpmd command with options ""/home/andrew/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:03:10] Building phpmd command: phpmd "/home/andrew/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:03:10] PHP Mess Detector validation completed for file:///home/andrew/fun%26joyTest.php. 1 problems found [Info - 21:03:10] Document validation after save completed successfully

Then save by Ctrl-S in "/home/andrew/fun-joyTest.php" triple run one by one (2-2-2 problems was found): [Info - 21:05:58] Document saved, starting validation. [Info - 21:05:58] PHP Mess Detector validation started for file:///home/andrew/fun-joyTest.php [Info - 21:05:58] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:05:58] Building phpmd version command: phpmd --version [Info - 21:05:58] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:05:58] File /home/andrew/fun-joyTest.php test successful [Info - 21:05:58] Running phpmd command with options ""/home/andrew/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:05:58] Building phpmd command: phpmd "/home/andrew/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:05:58] PHP Mess Detector validation completed for file:///home/andrew/fun-joyTest.php. 2 problems found [Info - 21:05:58] Document validation after save completed successfully [Info - 21:06:02] Document saved, starting validation. [Info - 21:06:02] PHP Mess Detector validation started for file:///home/andrew/fun-joyTest.php [Info - 21:06:02] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:06:02] Building phpmd version command: phpmd --version [Info - 21:06:02] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:06:02] File /home/andrew/fun-joyTest.php test successful [Info - 21:06:02] Running phpmd command with options ""/home/andrew/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:06:02] Building phpmd command: phpmd "/home/andrew/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:06:03] PHP Mess Detector validation completed for file:///home/andrew/fun-joyTest.php. 2 problems found [Info - 21:06:03] Document validation after save completed successfully [Info - 21:06:05] Document saved, starting validation. [Info - 21:06:05] PHP Mess Detector validation started for file:///home/andrew/fun-joyTest.php [Info - 21:06:05] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:06:05] Building phpmd version command: phpmd --version [Info - 21:06:05] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:06:05] File /home/andrew/fun-joyTest.php test successful [Info - 21:06:05] Running phpmd command with options ""/home/andrew/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:06:05] Building phpmd command: phpmd "/home/andrew/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:06:05] PHP Mess Detector validation completed for file:///home/andrew/fun-joyTest.php. 2 problems found [Info - 21:06:05] Document validation after save completed successfully

Console run of phpmd (2-2-2 problems was found in both cases): [andrew@localhost ~]$ phpmd "/home/andrew/fun&joyTest.php" text "cleancode,codesize,controversial,design,unusedcode,naming" /home/andrew/fun&joyTest.php:2 The method test has a boolean flag argument $test, which is a certain sign of a Single Responsibility Principle violation. /home/andrew/fun&joyTest.php:2 Avoid unused parameters such as '$test'.

[andrew@localhost ~]$ phpmd "/home/andrew/fun-joyTest.php" text "cleancode,codesize,controversial,design,unusedcode,naming" /home/andrew/fun-joyTest.php:2 The method test has a boolean flag argument $test, which is a certain sign of a Single Responsibility Principle violation. /home/andrew/fun-joyTest.php:2 Avoid unused parameters such as '$test'. [andrew@localhost ~]$

Other tests: Save by Ctrl-S in "/home/andrew/Рабочий стол/fun&joyTest.php" triple run one by one (0-1-0 problems was found): [Info - 21:10:34] PHP Mess Detector validation started for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun%26joyTest.php [Info - 21:10:34] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:10:34] Building phpmd version command: phpmd --version [Info - 21:10:34] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:10:34] File /home/andrew/Рабочий стол/fun&joyTest.php test successful [Info - 21:10:34] Running phpmd command with options ""/home/andrew/Рабочий стол/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:10:34] Building phpmd command: phpmd "/home/andrew/Рабочий стол/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:10:35] PHP Mess Detector validation completed for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun%26joyTest.php. 0 problems found [Info - 21:10:35] Document validation after open completed successfully [Info - 21:10:37] Document saved, starting validation. [Info - 21:10:37] PHP Mess Detector validation started for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun%26joyTest.php [Info - 21:10:37] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:10:37] Building phpmd version command: phpmd --version [Info - 21:10:37] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:10:37] File /home/andrew/Рабочий стол/fun&joyTest.php test successful [Info - 21:10:37] Running phpmd command with options ""/home/andrew/Рабочий стол/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:10:37] Building phpmd command: phpmd "/home/andrew/Рабочий стол/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:10:38] PHP Mess Detector validation completed for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun%26joyTest.php. 1 problems found [Info - 21:10:38] Document validation after save completed successfully [Info - 21:10:42] Document saved, starting validation. [Info - 21:10:42] PHP Mess Detector validation started for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun%26joyTest.php [Info - 21:10:42] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:10:42] Building phpmd version command: phpmd --version [Info - 21:10:42] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:10:42] File /home/andrew/Рабочий стол/fun&joyTest.php test successful [Info - 21:10:42] Running phpmd command with options ""/home/andrew/Рабочий стол/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:10:42] Building phpmd command: phpmd "/home/andrew/Рабочий стол/fun&joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:10:42] PHP Mess Detector validation completed for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun%26joyTest.php. 0 problems found [Info - 21:10:42] Document validation after save completed successfully

Save by Ctrl-S in "/home/andrew/Рабочий стол/fun-joyTest.php" triple run one by one (2-2-2 problems was found): [Info - 21:11:04] PHP Mess Detector validation started for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun-joyTest.php [Info - 21:11:04] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:11:04] Building phpmd version command: phpmd --version [Info - 21:11:04] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:11:04] File /home/andrew/Рабочий стол/fun-joyTest.php test successful [Info - 21:11:04] Running phpmd command with options ""/home/andrew/Рабочий стол/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:11:04] Building phpmd command: phpmd "/home/andrew/Рабочий стол/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:11:04] PHP Mess Detector validation completed for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun-joyTest.php. 2 problems found [Info - 21:11:04] Document validation after open completed successfully [Info - 21:11:17] Document saved, starting validation. [Info - 21:11:17] PHP Mess Detector validation started for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun-joyTest.php [Info - 21:11:17] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:11:17] Building phpmd version command: phpmd --version [Info - 21:11:17] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:11:17] File /home/andrew/Рабочий стол/fun-joyTest.php test successful [Info - 21:11:17] Running phpmd command with options ""/home/andrew/Рабочий стол/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:11:17] Building phpmd command: phpmd "/home/andrew/Рабочий стол/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:11:17] PHP Mess Detector validation completed for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun-joyTest.php. 2 problems found [Info - 21:11:17] Document validation after save completed successfully [Info - 21:11:22] Document saved, starting validation. [Info - 21:11:22] PHP Mess Detector validation started for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun-joyTest.php [Info - 21:11:22] PHP Mess Detector command not using global PHP, skipping PHP test [Info - 21:11:22] Building phpmd version command: phpmd --version [Info - 21:11:22] PHP Mess Detector test successful (PHPMD 2.9.1) [Info - 21:11:22] File /home/andrew/Рабочий стол/fun-joyTest.php test successful [Info - 21:11:22] Running phpmd command with options ""/home/andrew/Рабочий стол/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming"" [Info - 21:11:22] Building phpmd command: phpmd "/home/andrew/Рабочий стол/fun-joyTest.php" xml "cleancode,codesize,controversial,design,unusedcode,naming" [Info - 21:11:22] PHP Mess Detector validation completed for file:///home/andrew/%D0%A0%D0%B0%D0%B1%D0%BE%D1%87%D0%B8%D0%B9%20%D1%81%D1%82%D0%BE%D0%BB/fun-joyTest.php. 2 problems found [Info - 21:11:22] Document validation after save completed successfully

Something wrong with "&" char in path Maybe it doesn't always need to be htmlspecialcharsed? <script> alert "hackers are everywhere!!!!!1" </script>

sandhje commented 3 years ago

This is caused by the ampersand being echoed in the phpmd result XML. Parsing an XML with an ampersand in an attribute value throws an error. I will fix this with escaping in the upcoming release.

sandhje commented 3 years ago

Fixed in version 1.3.0