From 43ca5879e619fceb4511a3d7c4ffdc9c929bf2c7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Arne=20J=C3=B8rgensen?= Date: Mon, 13 Jan 2020 15:42:55 +0100 Subject: [PATCH] Harden code against non existing variables * It is not given that watchers are present in the environment * Wrong usage of variable `$project` should be `$jira_project` --- src/SyncCommand.php | 11 ++++++++--- 1 file changed, 8 insertions(+), 3 deletions(-) diff --git a/src/SyncCommand.php b/src/SyncCommand.php index 3159717..39657c7 100644 --- a/src/SyncCommand.php +++ b/src/SyncCommand.php @@ -81,7 +81,12 @@ protected function execute(InputInterface $input, OutputInterface $output) $github_repo = getenv('GITHUB_REPOSITORY'); $issue_type = getenv('JIRA_ISSUE_TYPE'); - $watchers = explode("\n", getenv('JIRA_WATCHERS')) ?? []; + + $watchers = []; + if (is_string(getenv('JIRA_WATCHERS'))) { + $watchers = explode("\n", getenv('JIRA_WATCHERS')) ?? []; + } + $res_group = getenv('JIRA_RESTRICTED_GROUP'); $res_comment = getenv('JIRA_RESTRICTED_COMMENT'); @@ -126,7 +131,7 @@ protected function execute(InputInterface $input, OutputInterface $output) $issue->setField('restricted_comment', $res_comment ?? []); $timestamp = gmdate(DATE_ISO8601); - $this->log($output, "{$timestamp} - {$project} - {$package}:{$vulnerableVersionRange} - "); + $this->log($output, "{$timestamp} - {$jira_project} - {$package}:{$vulnerableVersionRange} - "); // Determine whether there is an issue for this alert already. try { @@ -151,7 +156,7 @@ protected function execute(InputInterface $input, OutputInterface $output) } $this->logLine($output, "Created issue {$key}"); } else { - $this->logLine($output, "Would have created an issue in {$project} if not a dry run."); + $this->logLine($output, "Would have created an issue in {$jira_project} if not a dry run."); } } }