Closed (fixed)
Project:
Drupal.org security advisory coverage applications
Component:
module
Priority:
Normal
Category:
Task
Assigned:
Issue tags:
Reporter:
Created:
27 Apr 2020 at 13:14 UTC
Updated:
30 Dec 2022 at 17:24 UTC
Jump to comment: Most recent, Most recent file
Comments
Comment #2
prashant mishra commentedComment #3
shaktikHi Prashant Mishra,
Kindly fix some coding standards issues.
Comment #4
ankush_03Hi Prashant,
Thanks for your contribution !
Fix below issue : cloudfront_cache_path_invalidate.module line no. 266
Call to deprecated function db_or(): in drupal:8.0.0 and is removed from drupal:9.0.0. Create a \Drupal\Core\Database\Query\Condition object, specifying an OR conjunction: new Condition('OR');
Comment #5
ankush_03Comment #6
avpadernoThank you for applying! I added the Git instructions for non-maintainer users and the PAReview checklist link.
If you haven't done it, yet, please check the PAReview report and fix what needs to be fixed. There could be some false positives; verify that what reported is correct, before making any change.
Comment #7
prashant mishra commentedHi shaktik,
I'm not able to find those coding standard issue as given in #3. I'm also using Drupal Coder so please let me know your tool so that i can reproduce that coding standard issue.
Thanks ankushgautam76@gmail.com and shaktik for review.
Comment #8
avpadernoComment #9
avpadernoWhat reported about the comment not starting with a capital letter is caused from the comment containing
{@inheritDoc}instead of{@inheritdoc}. The warning message is not clear, probably because PAReview first checks the comment contains{@inheritdoc}(in a case-sensitive way) and then checks if the first character in the comment is a capital letter. ({ isn't a capital letter.)The same is true for the other warning message (comment short description must end with a full stop).
In short, change the comment to the following, and the warnings will go away.
Comment #11
avpadernoThe task of reviewers is pointing out what needs to be fixed, not providing patches to fix what they think should be changed, or what other users reported that should be changed.
Comment #12
prashant mishra commentedAll the above issues fixed.
Comment #13
avpaderno@Prashant Mishra If you fixed everything reviewers reported, please change the status to Needs review or reviewers will not know the project is ready to be reviewed again.
Comment #14
avpadernoComment #15
prashant mishra commentedComment #16
rajveergangwarHi,
It seems all issues has been fixed.
Comment #17
rajveergangwarComment #18
avpadernoI ordered the reports basing on the importance of the issue. They aren't ordered basing on the file containing the code.
Instead of concatenating strings, the code should use placeholders, which allow to sanitize the dynamic part of the string.
The URL is in progress. doesn't make sense; it's the operation on that URL that is in progress. The log purpose is probably showing which URLs are handled, not informing they are being processed; in that case, I would rather use The URL %url is invalidated.
The string passed to
$this->logger->error()is correct, as it uses placeholders which allow to sanitize the exception message to insert it into HTML markup . The module name isn't necessary, as the log messages go to a specific channel used from the module (cloudfront_cache_path_invalidate). I would also use a less generic phrase, for example An error occurred while […]: @message.The same string used for
$this->logger->error()should be passed as first argument to$this->messenger->addMessage().To check if
$current_user</em> is an object for the anonymous user, it's enough to call <a href="https://api.drupal.org/api/drupal/core%21lib%21Drupal%21Core%21Session%21AccountInterface.php/function/AccountInterface%3A%3AisAnonymous/8.9.x"><code>$current_user->isAnonymous().introduced isn't necessary: 'The Cloudfront URL isn't valid.
catch()</em> sections can return; it's useless to set <code>$catchand then check that variable isn't initialized.I removed the comments since it's clear what the next line is doing.
(It's also useless to have code that specifically handles the case of an array with a single item.
foreach ($paths as $value) { }works also for arrays with a single item or empty arrays.)The string passed to
error()isn't using placeholders.The document code is wrong: The hook is
hook_entity_insert().While in some cases the ternary operator can replace an
if()statement, that is a case where it doesn't make sense. It's better to use anif()statement.If that is a hook implementation, the document comment should simply be Implements hook_entity_actions(). In this case, it should not be called as a normal function as the module does. I take that isn't really a hook implementation, and the short documentation line should be different from Hook Entity action cache clear common code.
The README.txt file should explain why those settings are necessary and explain if those are eventually test values the users can use to test the module. (I find hard to believe that all the users using this module should need to use the same secret key which, at this point, isn't a secret key anymore.)
I have seen many similar implementations. Showing the README.txt or README.md file when the module is already installed doesn't make much sense, as that file is usually supposed to give information necessary before installing the module (for example, the dependencies necessary to run the module), which isn't anymore necessary when the module is installed.
If then the users don't have the Markdown module installed, what they see in the page is rather "ugly."
While it's possible to define which roles the users accessing a route needs to have to, it's rather preferable to use a permission the users need to have, especially when the role is created from the installation profile. If users are using a different installation profile which doesn't create that role, or future Drupal versions remove that role, the module would not be usable.
Comment #19
prashant mishra commentedComment #20
prashant mishra commentedComment #21
avpadernoUntil the role isn't given, the application isn't fixed.
Comment #22
prashant mishra commentedHi kiamlaluno,
The role issue is fixed
Comment #23
prashant mishra commentedComment #24
avpadernoNo, you don't have the vetted role.
If you aren't interested anymore in getting the vetted role and be able to opt into security coverage for the projects you create/created, that's fine. In that case, the status is Closed (won't fix), not Fixed.
Comment #25
prashant mishra commentedComment #26
ritviktak commentedPlease ignore this patch.
Comment #27
ritviktak commentedPatch for module upgrade to make it compatible with drupal 9 & 10.
Comment #28
avpadernoThe user who created this application closed it, which means he was not anymore interested in proceeding with it.
Comment #29
prashant mishra commentedComment #30
prashant mishra commentedComment #31
avpadernoComment #32
avpadernoThank you for your contribution! I am going to update your account.
These are some recommended readings to help with excellent maintainership:
You can find more contributors chatting on the Slack #contribute channel. So, come hang out and stay involved.
Thank you, also, for your patience with the review process.
Anyone is welcome to participate in the review process. Please consider reviewing other projects that are pending review. I encourage you to learn more about that process and join the group of reviewers.
I thank all the reviewers.
Comment #33
avpadernoComment #34
avpaderno