[D8] Build hooks

Thank you for your contribution! I added the PAReview checklist. Reviewers will soon check the code and report here what they found out.

If you still haven't done it, please check what reported from the PAReview checklist. There could be some false positives; be careful of not changing code that should not be.

@vermario There are alot issue with your code. Please fix them specially naming convention to avoid name clashes in build_hooks.module file. Follow best drupal practice for code. First fix pareview error https://pareview.sh/pareview/https-git.drupal.org-project-build_hooks.git

build_hooks.links.action.yml: the entity type name "frontend_environment" does not contain the module name, so that could be very confusing where this entity type is coming from.

function getLogItemsSinceTimestamp(): This is vulnerable to SQL injections. Never concatenate variables into SQL where() strings. Use the condition() method to pass variables as parameters to the database API. See https://www.drupal.org/docs/8/api/database-api/dynamic-queries/introduct... and https://www.drupal.org/docs/8/security/writing-secure-code-for-drupal-8

I think it is currently hard for an attacker to exploit the SQL injection since the timestamp is not directly read from user input but from the State API. Still, as a security precaution I would block this application until that is resolved. I also saw that the module already has a stable release, so probably best to create a security release once fixed and warn users about this attack vector.

And please don't remove the security tag, we keep that for statistics and to show examples of security problems.

getLogItemsSinceTimestamp(): the foreach() can be removed if you use fetchCol() from the database API.

Thanks, otherwise looks good! Do not use \Drupal in classes like FrontendEnvironmentPluginCollection where you should use dependency injection instead.

Please also mark the recent release as security update once you get approved. If you can't do that from your end then please contact someone from the security team to help you with that.

Thank you for your contribution! I am going to update your account.

These are some recommended readings to help with excellent maintainership:

• Dries' post on Responsible maintainers
• Best practices for creating and maintaining projects
• Maintaining a drupal.org project with Git
• Commit messages - providing history and credit
• Release naming conventions.
• Helping maintainers in the issue queues

You can find more contributors chatting on the IRC #drupal-contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.

I thank all the dedicated reviewers as well.

Only the Security Team can mark a release as security update.