•  
      request #9969 Two suspicious code fragments
    Infos
    #9969
    AppChecker (appchecker)
    2017-02-17 09:56
    2017-02-16 22:31
    10259
    Details
    Two suspicious code fragments

    Hi.

     

    We've checked your project with static analysis tool AppChecker. It found two suspicious code fragments:

    1) https://github.com/Enalean/tuleap/blob/d0053a4e617d11eb8fe3f6fa9641959f77875c83/plugins/docman/include/Docman_VersionDao.class.php#L340

    $sql = 'SELECT v.id, v.number, v.item_id, v.user_id, v.label, v.changelog,'.
    ' v.create_date as date, v.filename, v.filesize, v.filetype, v.path '.
    ' FROM plugin_docman_version_deleted v '.
    ' WHERE v.item_id = ' . $this->da->quoteSmart($itemId);
    ' AND purge_date IS NULL';

     

    Last string ' AND purge_date IS NULL' is not concatenated to SQL query

     

    2) http://https://github.com/Enalean/tuleap/blob/e9c822b4042af43e80dcf98b2c35b58db147ea78/src/common/wiki/phpwiki/lib/HtmlParser.php#L353

     

    if (!$alignment and preg_match("/float(right|left)/i",$css_class,$m));
      $alignment = $m[1];

    Body of if statement actually is empty. Probably there is an extra semicolon.

     

     

    AppChecker web-page - https://cnpo.ru/en/solutions/appchecker.php

    Empty
    Empty
    Empty
    • [ ] enhancement
    • [ ] internal improvement
    Empty
    Stage
    Empty
    Acknowledged
    Empty
    Attachments
    Empty
    References
    References list is empty

    Follow-ups