doubt about making new build

Question

doubt about making new build

Closed this issue 5 years ago · 8 comments

Hi! First of all thank your for this tool!

I'm trying to build a new .phar file following your process but it doesn't seem to work. So I decided just to clone your repo and try to build the same .phar and I found differences between the phar uploaded here and the phar is being created when I use the build process.

clone project && composer install
download box
run build.sh

Being more specific I found a difference in one of the depencencies: elgentos/parser.
composer.lock is pointing to 1.4.2 (5ef1c392c83d928bdb58778618c7811e24f82416) If you take a look at the FileAbstract class inside your actual phar you will see the next code (I'm not able to find this code inside elgentos/parser repository):

private function safePath(string $path): string
{
    while (($newPath = str_replace('..', '', $path)) !== $path) {
        $path = $newPath;
    }
    return $path;
}

But if you take a look at the referenced code in composer.lock FileAbstract you will notice that the code differs:

private function safePath(string $path): string
{
    while (($newPath = str_replace(['..', '//'], ['', '/'], $path)) !== $path) {
         $path = $newPath;
    }
     return str_replace(['..', '//'], ['', '/'], $path);
}

So the new builds can't find correctly the config folder (here is where it fails

Error message:

In Glob.php line 55:
 RecursiveDirectoryIterator::__construct(phar:/blablabla/dist/masquerade.phar/src/config/magento2): failed to open dir: No such file or directory

I think that maybe a rebase broke this depencency, any idea why is this happening?

Thank you in advance.

Answer 1 · 2018-11-28T14:45:29.000Z

@JeroenBoersma could you get in on this? There was a reason for this change...

Answer 2 · 2018-11-28T15:08:41.000Z

Just as additional info, with the first code you've this path:
phar:///blablabla/masquerade.phar/src/config/magento2which is working, and with the second code you get this path: phar:/blablabla/masquerade.phar/src/config/magento2

So probably cleaning the slashes // -> / is causing this behaviour.

Answer 3 · 2018-11-28T16:18:25.000Z

Yeah, this was build in the parser to make sure not path traversal was possible, I'll update to leave the double / intact which was just a cleaning, last build of @peterjaap we corrected this manually!

Will update asap and update here with a new release!

Answer 4 · 2018-11-28T16:32:33.000Z

Please update, should resolve outstanding issues, let me know if it worked: https://github.com/elgentos/parser/releases/tag/2.3.2

Answer 5 · 2018-11-29T08:43:30.000Z

Thanks a lot for the fast response @JeroenBoersma @peterjaap if i've time i'll give it a try and will let you know the result!

Answer 6 · 2018-12-03T15:51:32.000Z

Hi! I've tested this code in elgentos/parser (1.4.2) and it works like a charm

    private function safePath(string $path): string
    {
        while (($newPath = \str_replace('..', '', $path)) !== $path) {
            $path = $newPath;
        }
        return $path;
    }

However I can't upgrade to 2.3.2 as suggested because it's not compatible with masquerade. For example it tries to use a class that doesn't exist in the parser library anymore:

After build, try to run php masquerade.phar --groups --platform magento2

PHP Fatal error:  Uncaught Error: Class 'Elgentos\Parser\Matcher\MatchAll' not found in phar:///var/www/html/masquerade/dist/masquerade.phar/src/Elgentos/Masquerade/Helper/Config.php:88

So at the moment I'll stick to just patch the file for custom builds! Thanks for your help!

Answer 7 · 2018-12-04T16:37:38.000Z

Please checkout #30 should build without problems against elgentos/parser:2.4.0

Answer 8 · 2019-01-04T11:18:49.000Z

Hi! @JeroenBoersma sorry for the late response! I've tested it today and at a first glance it's working correctly! Thanks alot for your work!