Issues in AbstractParser.php (master) - Issues in master - ARCANEDEV/EmbedVideo - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Parsers/AbstractParser.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php namespace Arcanedev\EmbedVideo\Parsers;

use Arcanedev\EmbedVideo\Contracts\Parser;
use Arcanedev\EmbedVideo\Entities\Iframe;
use Illuminate\Support\Arr;

/**
 * Class     AbstractParser
 *
 * @package  Arcanedev\EmbedVideo\Parsers
 * @author   ARCANEDEV <[email protected]>
 */
abstract class AbstractParser implements Parser
{
    /* -----------------------------------------------------------------
     |  Properties
     | -----------------------------------------------------------------
     */
    /**
     * The given URL to be parsed.
     *
     * @var string|null
     */
    protected $url;

    /**
     * The parser's URL patterns.
     *
     * @var array
     */
    protected $patterns   = [];

    /**
     * The iframe attribute.
     *
     * @var array
     */
    protected $attributes = [];

    /**
     * @var array
     */
    protected $cachedMatches;

    /**
     * Use a secure HTTP Protocol.
     *
     * @var bool
     */
    protected $useSecure = true;

    /**
     * The HTTP Protocol.
     *
     * @var string
     */
    protected $protocol = 'https';

    /**
     * Timestamp pattern and param.
     *
     * @var array
     */
    protected $timestamp = [
        'pattern' => null,
        'param'   => null,
    ];

    /**
     * The URL Queries.
     *
     * @var array
     */
    protected $queries = [];

    /* -----------------------------------------------------------------
     |  Constructor
     | -----------------------------------------------------------------
     */
    /**
     * AbstractParser constructor.
     *
     * @param  array  $options
     */
    public function __construct(array $options)
    {
        $this->queries  = $this->defaultQueries();
        $this->patterns = Arr::get($options, 'patterns', []);

        $this->setAttributes(Arr::get($options, 'attributes', []));
    }

    /* -----------------------------------------------------------------
     |  Getters & Setters
     | -----------------------------------------------------------------
     */
    /**
     * Get the URL.
     *
     * @return string|null
     */
    public function url()
    {
        return $this->url;
    }

    /**
     * Set the URL.
     *
     * @param  string  $url
     *
     * @return self
     */
    public function setUrl($url)
    {
        $this->url = $url;
        $this->reset();

        return $this;
    }

    /**
     * Get the attributes.
     *
     * @return array
     */
    public function attributes()
    {
        return $this->attributes;
    }

    /**
     * Set a attribute.
     *
     * @param  string  $key
     * @param  mixed   $value
     *
     * @return self
     */
    public function setAttribute($key, $value)
    {
        Arr::set($this->attributes, $key, $value);

        return $this;
    }

    /**
     * Set the attributes.
     *
     * @param  array  $attributes
     *
     * @return self
     */
    public function setAttributes(array $attributes)
    {
        $this->attributes = $attributes;

        return $this;
    }

    /**
     * Get the URL queries.
     *
     * @return array
     */
    public function queries()
    {
        return $this->queries;
    }

    /**
     * Set a query parameter.
     *
     * @param  string  $key
     * @param  mixed   $value
     *
     * @return self
     */
    public function setQuery($key, $value = null)
    {
        $this->queries = Arr::set($this->queries, $key, $value);

        return $this;
    }

    /**
     * Prepend a query parameter.
     *
     * @param  string  $key
     * @param  mixed   $value
     *
     * @return self
     */
    protected function prependQuery($key, $value)
    {
        $this->queries = Arr::prepend($this->queries, $value, $key);

        return $this;
    }

    /**
     * Get the default URL queries.
     *
     * @return array
     */
    abstract protected function defaultQueries();

    /**
     * Get value from cached matches.
     *
     * @param  int         $key
     * @param  mixed|null  $default
     *
     * @return mixed
     */
    public function getCached($key, $default = null)
    {
        return Arr::get($this->cachedMatches, $key, $default);
    }

    /**
     * Get the iframe pattern.
     *
     * @return string
     */
    abstract protected function getIframePattern();

    /**
     * Get the iframe replace.
     *
     * @return array
     */
    abstract protected function getIframeReplacer();

    /* -----------------------------------------------------------------
     |  Main method
     | -----------------------------------------------------------------
     */
    /**
     * Parse the given url.
     *
     * @param  string  $url
     *
     * @return bool
     */
    public function parse($url = null)
    {
        if ( ! is_null($url)) $this->setUrl($url);

        foreach ($this->patterns as $pattern) {
            if (preg_match('~'.$pattern.'~imu', $this->url, $matches)) {
                $this->cachedMatches = $matches;
                $this->parseProtocol();
                $this->parseTimestamp();
                $this->parseCustomParsing();

                return true;
            }
        }

        return false;
    }

    /**
     * Create an iframe entity.
     *
     * @return \Arcanedev\EmbedVideo\Entities\Iframe
     */
    public function iframe()
    {
        return new Iframe(
            $this->getIframePattern(),
            $this->getIframeReplacer(),
            $this->queries(),
            $this->attributes()
        );
    }

    /* -----------------------------------------------------------------
     |  Other Methods
     | -----------------------------------------------------------------
     */
    /**
     * Parse the HTTP protocol.
     *
     * @throws \Exception
     */
    private function parseProtocol()
    {
        $protocol = $this->cachedMatches[1];

        if ( ! in_array($protocol, ['http://', 'https://']))
            $protocol = 'http://';

        if (is_null($this->url))
            throw new \Exception('Cannot detect protocol if URL or provider were not set.');

        $this->protocol = ($this->useSecure || $protocol === 'https://') ? 'https' : 'http';
    }

    /**
     * Parse the timestamp.
     */
    protected function parseTimestamp()
    {
        if ( ! $this->hasTimestampOption()) return;

        if (preg_match('~'.$this->timestamp['pattern'].'~imu', $this->url, $matches)) {
            unset($matches[0]);
            $multipliers = [3600, 60, 1];
            $timestamp   = 0;
            foreach (array_values($matches) as $key => $match) {
                $timestamp += (int) $match * $multipliers[$key];
            }
            $this->queries[$this->timestamp['param']] = $timestamp;
        }
    }

    /**
     * Check if the parser has a defined timestamp parsing.
     *
     * @return bool
     */
    protected function hasTimestampOption()
    {
        return is_string(Arr::get($this->timestamp, 'pattern'))
            && is_string(Arr::get($this->timestamp, 'param'));
    }

    /**
     * Enable to perform custom parsing.
     */
    protected function parseCustomParsing()
    {
        //
    }

    /**
     * Reset the parser.
     */
    private function reset()
    {
        $this->cachedMatches = [];
        $this->queries       = $this->defaultQueries();
    }
}


1		<?php namespace Arcanedev\EmbedVideo\Parsers;
2
3		use Arcanedev\EmbedVideo\Contracts\Parser;
4		use Arcanedev\EmbedVideo\Entities\Iframe;
5		use Illuminate\Support\Arr;
6
7		/**
8		* Class AbstractParser
9		*
10		* @package Arcanedev\EmbedVideo\Parsers
11		* @author ARCANEDEV <[email protected]>
12		*/
13		abstract class AbstractParser implements Parser
14		{
15		/* -----------------------------------------------------------------
16		\| Properties
17		\| -----------------------------------------------------------------
18		*/
19		/**
20		* The given URL to be parsed.
21		*
22		* @var string\|null
23		*/
24		protected $url;
25
26		/**
27		* The parser's URL patterns.
28		*
29		* @var array
30		*/
31		protected $patterns = [];
32
33		/**
34		* The iframe attribute.
35		*
36		* @var array
37		*/
38		protected $attributes = [];
39
40		/**
41		* @var array
42		*/
43		protected $cachedMatches;
44
45		/**
46		* Use a secure HTTP Protocol.
47		*
48		* @var bool
49		*/
50		protected $useSecure = true;
51
52		/**
53		* The HTTP Protocol.
54		*
55		* @var string
56		*/
57		protected $protocol = 'https';
58
59		/**
60		* Timestamp pattern and param.
61		*
62		* @var array
63		*/
64		protected $timestamp = [
65		'pattern' => null,
66		'param' => null,
67		];
68
69		/**
70		* The URL Queries.
71		*
72		* @var array
73		*/
74		protected $queries = [];
75
76		/* -----------------------------------------------------------------
77		\| Constructor
78		\| -----------------------------------------------------------------
79		*/
80		/**
81		* AbstractParser constructor.
82		*
83		* @param array $options
84		*/
85	81	public function __construct(array $options)
86		{
87	81	$this->queries = $this->defaultQueries();
88	81	$this->patterns = Arr::get($options, 'patterns', []);
		0 ignored issues – show Documentation Bug introduced 2017-03-18 19:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Illuminate\Support\Arr:...s, 'patterns', array())` of type `*` is incompatible with the declared type `array` of property `$patterns`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
89	81	$this->setAttributes(Arr::get($options, 'attributes', []));
90	81	}
91
92		/* -----------------------------------------------------------------
93		\| Getters & Setters
94		\| -----------------------------------------------------------------
95		*/
96		/**
97		* Get the URL.
98		*
99		* @return string\|null
100		*/
101	21	public function url()
102		{
103	21	return $this->url;
104		}
105
106		/**
107		* Set the URL.
108		*
109		* @param string $url
110		*
111		* @return self
112		*/
113	69	public function setUrl($url)
114		{
115	69	$this->url = $url;
116	69	$this->reset();
117
118	69	return $this;
119		}
120
121		/**
122		* Get the attributes.
123		*
124		* @return array
125		*/
126	57	public function attributes()
127		{
128	57	return $this->attributes;
129		}
130
131		/**
132		* Set a attribute.
133		*
134		* @param string $key
135		* @param mixed $value
136		*
137		* @return self
138		*/
139	9	public function setAttribute($key, $value)
140		{
141	9	Arr::set($this->attributes, $key, $value);
142
143	9	return $this;
144		}
145
146		/**
147		* Set the attributes.
148		*
149		* @param array $attributes
150		*
151		* @return self
152		*/
153	81	public function setAttributes(array $attributes)
154		{
155	81	$this->attributes = $attributes;
156
157	81	return $this;
158		}
159
160		/**
161		* Get the URL queries.
162		*
163		* @return array
164		*/
165	42	public function queries()
166		{
167	42	return $this->queries;
168		}
169
170		/**
171		* Set a query parameter.
172		*
173		* @param string $key
174		* @param mixed $value
175		*
176		* @return self
177		*/
178	3	public function setQuery($key, $value = null)
179		{
180	3	$this->queries = Arr::set($this->queries, $key, $value);
181
182	3	return $this;
183		}
184
185		/**
186		* Prepend a query parameter.
187		*
188		* @param string $key
189		* @param mixed $value
190		*
191		* @return self
192		*/
193	3	protected function prependQuery($key, $value)
194		{
195	3	$this->queries = Arr::prepend($this->queries, $value, $key);
196
197	3	return $this;
198		}
199
200		/**
201		* Get the default URL queries.
202		*
203		* @return array
204		*/
205		abstract protected function defaultQueries();
206
207		/**
208		* Get value from cached matches.
209		*
210		* @param int $key
211		* @param mixed\|null $default
212		*
213		* @return mixed
214		*/
215	48	public function getCached($key, $default = null)
216		{
217	48	return Arr::get($this->cachedMatches, $key, $default);
218		}
219
220		/**
221		* Get the iframe pattern.
222		*
223		* @return string
224		*/
225		abstract protected function getIframePattern();
226
227		/**
228		* Get the iframe replace.
229		*
230		* @return array
231		*/
232		abstract protected function getIframeReplacer();
233
234		/* -----------------------------------------------------------------
235		\| Main method
236		\| -----------------------------------------------------------------
237		*/
238		/**
239		* Parse the given url.
240		*
241		* @param string $url
242		*
243		* @return bool
244		*/
245	66	public function parse($url = null)
246		{
247	66	if ( ! is_null($url)) $this->setUrl($url);
248
249	66	foreach ($this->patterns as $pattern) {
250	66	if (preg_match('~'.$pattern.'~imu', $this->url, $matches)) {
251	66	$this->cachedMatches = $matches;
252	66	$this->parseProtocol();
253	66	$this->parseTimestamp();
254	66	$this->parseCustomParsing();
255
256	66	return true;
257		}
258	5	}
259
260	9	return false;
261		}
262
263		/**
264		* Create an iframe entity.
265		*
266		* @return \Arcanedev\EmbedVideo\Entities\Iframe
267		*/
268	30	public function iframe()
269		{
270	30	return new Iframe(
271	30	$this->getIframePattern(),
272	30	$this->getIframeReplacer(),
273	30	$this->queries(),
274	30	$this->attributes()
275	10	);
276		}
277
278		/* -----------------------------------------------------------------
279		\| Other Methods
280		\| -----------------------------------------------------------------
281		*/
282		/**
283		* Parse the HTTP protocol.
284		*
285		* @throws \Exception
286		*/
287	66	private function parseProtocol()
288		{
289	66	$protocol = $this->cachedMatches[1];
290
291	66	if ( ! in_array($protocol, ['http://', 'https://']))
292	22	$protocol = 'http://';
293
294	66	if (is_null($this->url))
295	22	throw new \Exception('Cannot detect protocol if URL or provider were not set.');
296
297	66	$this->protocol = ($this->useSecure \|\| $protocol === 'https://') ? 'https' : 'http';
298	66	}
299
300		/**
301		* Parse the timestamp.
302		*/
303	66	protected function parseTimestamp()
304		{
305	66	if ( ! $this->hasTimestampOption()) return;
306
307	36	if (preg_match('~'.$this->timestamp['pattern'].'~imu', $this->url, $matches)) {
308	21	unset($matches[0]);
309	21	$multipliers = [3600, 60, 1];
310	21	$timestamp = 0;
311	21	foreach (array_values($matches) as $key => $match) {
312	21	$timestamp += (int) $match * $multipliers[$key];
313	7	}
314	21	$this->queries[$this->timestamp['param']] = $timestamp;
315	7	}
316	36	}
317
318		/**
319		* Check if the parser has a defined timestamp parsing.
320		*
321		* @return bool
322		*/
323	66	protected function hasTimestampOption()
324		{
325	66	return is_string(Arr::get($this->timestamp, 'pattern'))
326	66	&& is_string(Arr::get($this->timestamp, 'param'));
327		}
328
329		/**
330		* Enable to perform custom parsing.
331		*/
332	66	protected function parseCustomParsing()
333		{
334		//
335	66	}
336
337		/**
338		* Reset the parser.
339		*/
340	69	private function reset()
341		{
342	69	$this->cachedMatches = [];
343	69	$this->queries = $this->defaultQueries();
344	69	}
345		}
346

ARCANEDEV / EmbedVideo

Issues (1)

Security Analysis no request data

src/Parsers/AbstractParser.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like