Issues in ReflectionFunctionAbstract.php (master) - Issues in master - Benoth/static-reflection - Measure and Improve Code Quality continuously with Scrutinizer

Issues (55)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Reflection/ReflectionFunctionAbstract.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Benoth\StaticReflection\Reflection;

abstract class ReflectionFunctionAbstract extends Reflection
{
    use Parts\DocCommentTrait;

    protected $parameters      = [];
    protected $staticVariables = [];
    protected $returnsByRef    = false;
    protected $isGenerator     = false;

    /**
     * Get the parameters.
     *
     * @return Benoth\StaticReflection\Reflection\ReflectionParameter[]
     */
    public function getParameters()
    {
        return $this->parameters;
    }

    /**
     * Get a parameter by its name.
     *
     * @param string $parameterSearchedName The parameter name to reflect
     *
     * @throws \ReflectionException If the parameter does not exist
     *
     * @return Benoth\StaticReflection\Reflection\ReflectionParameter
     */
    public function getParameter($parameterSearchedName)
    {
        foreach ($this->getParameters() as $parameterName => $parameter) {
            if ($parameterName === $parameterSearchedName) {

                return $parameter;
            }
        }

        throw new \ReflectionException('Method '.$parameterSearchedName.' does not exist');
    }

    /**
     * Checks whether the function returns a reference.
     *
     * @return bool
     */
    public function returnsByRef()
    {
        return $this->returnsByRef === true;
    }

    /**
     * Checks whether the function returns a reference.
     *
     * @return bool
     */
    public function returnsReference()
    {
        return $this->returnsByRef();
    }

    /**
     * Get the number of parameters that a function defines, both optional and required.
     *
     * @return int
     */
    public function getNumberOfParameters()
    {
        return count($this->getParameters());
    }

    /**
     * Get the number of required parameters that a function defines.
     *
     * @return int
     */
    public function getNumberOfRequiredParameters()
    {
        $counter = 0;

        foreach ($this->getParameters() as $parameter) {
            if ($parameter->isRequired()) {
                ++$counter;
            }
        }

        return $counter;
    }

    /**
     * Get the static variables.
     *
     * @return array An array of static variables, variable name as key, value as value
     */
    public function getStaticVariables()
    {
        return $this->staticVariables;
    }

    /**
     * Checks whether the reflected function has a return type specified.
     *
     * @return bool
     */
    public function hasReturnType()
    {
        // @todo Implement hasReturnType()
        throw new \ReflectionException('Not implemented yet');
    }

    /**
     * Checks whether the reflected function is a Closure.
     *
     * @return bool
     */
    public function isClosure()
    {
        return false; // We do not reflect closures at the moment
    }

    /**
     * Checks whether the function is deprecated.
     *
     * @return bool
     */
    public function isDeprecated()
    {
        return false; // Always false for user defined functions/methods
    }

    /**
     * Returns whether this function is a generator.
     *
     * @return bool
     */
    public function isGenerator()
    {
        return $this->isGenerator === true;
    }

    /**
     * Checks if class is defined internally by an extension, or the core.
     *
     * @return bool
     */
    public function isInternal()
    {
        return false; // Always false for user-defined classes
    }

    /**
     * Checks if class is user defined.
     *
     * @return bool
     */
    public function isUserDefined()
    {
        return true; // Always true for user-defined classes
    }

    /**
     * Checks if the function is variadic.
     *
     * @return bool
     */
    public function isVariadic()
    {
        foreach ($this->getParameters() as $parameter) {
            if ($parameter->isVariadic()) {
                return true;
            }
        }

        return false;
    }

    /**
     * Returns the scope associated to the closure.
     *
     * @throws \ReflectionException Always... Can't be implemented.
     *
     * @return bool
     */
    public function getClosureScopeClass()
    {
        throw new \ReflectionException('StaticReflection can\'t get closure');
    }

    /**
     * Returns this pointer bound to closure.
     *
     * @throws \ReflectionException Always... Can't be implemented.
     *
     * @return bool
     */
    public function getClosureThis()
    {
        throw new \ReflectionException('StaticReflection can\'t get closure');
    }

    /**
     * Returns a dynamically created closure for the method.
     *
     * @throws \ReflectionException Always... Can't be implemented.
     *
     * @return \Closure|null Returns NULL in case of an error.
     */
    public function getClosure()
    {
        throw new \ReflectionException('StaticReflection can\'t get closure');
    }

    /**
     * Invokes a reflected method.
     *
     *
     * @param object $object    The object to invoke the method on. For static methods, pass null to this parameter.
     * @param mixed  $parameter Zero or more parameters to be passed to the method. It accepts a variable number of parameters which are passed to the method.
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     *
     * @throws \ReflectionException Always... Can't be implemented.
     *
     * @return mixed The method result.
     */
    public function invoke($object)

    {
        throw new \ReflectionException('StaticReflection can\'t invoke a method');
    }

    /**
     * Invokes the reflected method and pass its arguments as array.
     *
     * @param object $object The object to invoke the method on. For static methods, pass null to this parameter.
     * @param array  $args   The parameters to be passed to the function, as an array.
     *
     * @throws \ReflectionException Always... Can't be implemented.
     *
     * @return mixed The method result.
     */
    public function invokeArgs($object, array $args)

    {
        throw new \ReflectionException('StaticReflection can\'t invoke a method');
    }

    public function addParameter(ReflectionParameter $parameter)
    {
        $this->parameters[$parameter->getShortName()] = $parameter;
        $parameter->setDeclaringFunction($this);

        return $this;
    }

    public function addStaticVariable($name, $value)
    {
        $this->staticVariables[(string) $name] = $value;

        return $this;
    }

    public function setReturnsByRef($returnsByRef)
    {
        $this->returnsByRef = (bool) $returnsByRef;

        return $this;
    }

    public function setGenerator($isGenerator)
    {
        $this->isGenerator = (bool) $isGenerator;

        return $this;
    }
}


1		<?php
2
3		namespace Benoth\StaticReflection\Reflection;
4
5		abstract class ReflectionFunctionAbstract extends Reflection
6		{
7		use Parts\DocCommentTrait;
8
9		protected $parameters = [];
10		protected $staticVariables = [];
11		protected $returnsByRef = false;
12		protected $isGenerator = false;
13
14		/**
15		* Get the parameters.
16		*
17		* @return Benoth\StaticReflection\Reflection\ReflectionParameter[]
18		*/
19	45	public function getParameters()
20		{
21	45	return $this->parameters;
22		}
23
24		/**
25		* Get a parameter by its name.
26		*
27		* @param string $parameterSearchedName The parameter name to reflect
28		*
29		* @throws \ReflectionException If the parameter does not exist
30		*
31		* @return Benoth\StaticReflection\Reflection\ReflectionParameter
32		*/
33	36	public function getParameter($parameterSearchedName)
34		{
35	36	foreach ($this->getParameters() as $parameterName => $parameter) {
36	36	if ($parameterName === $parameterSearchedName) {
		0 ignored issues – show Unused Code Bug introduced 2016-05-18 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The strict comparison `===` seems to always evaluate to `false` as the types of `$parameterName` (`integer`) and `$parameterSearchedName` (`string`) can never be identical. Maybe you want to use a loose comparison `==` instead? Loading history...
37	36	return $parameter;
38		}
39	36	}
40
41		throw new \ReflectionException('Method '.$parameterSearchedName.' does not exist');
42		}
43
44		/**
45		* Checks whether the function returns a reference.
46		*
47		* @return bool
48		*/
49	6	public function returnsByRef()
50		{
51	6	return $this->returnsByRef === true;
52		}
53
54		/**
55		* Checks whether the function returns a reference.
56		*
57		* @return bool
58		*/
59		public function returnsReference()
60		{
61		return $this->returnsByRef();
62		}
63
64		/**
65		* Get the number of parameters that a function defines, both optional and required.
66		*
67		* @return int
68		*/
69		public function getNumberOfParameters()
70		{
71		return count($this->getParameters());
72		}
73
74		/**
75		* Get the number of required parameters that a function defines.
76		*
77		* @return int
78		*/
79		public function getNumberOfRequiredParameters()
80		{
81		$counter = 0;
82
83		foreach ($this->getParameters() as $parameter) {
84		if ($parameter->isRequired()) {
85		++$counter;
86		}
87		}
88
89		return $counter;
90		}
91
92		/**
93		* Get the static variables.
94		*
95		* @return array An array of static variables, variable name as key, value as value
96		*/
97		public function getStaticVariables()
98		{
99		return $this->staticVariables;
100		}
101
102		/**
103		* Checks whether the reflected function has a return type specified.
104		*
105		* @return bool
106		*/
107		public function hasReturnType()
108		{
109		// @todo Implement hasReturnType()
110		throw new \ReflectionException('Not implemented yet');
111		}
112
113		/**
114		* Checks whether the reflected function is a Closure.
115		*
116		* @return bool
117		*/
118		public function isClosure()
119		{
120		return false; // We do not reflect closures at the moment
121		}
122
123		/**
124		* Checks whether the function is deprecated.
125		*
126		* @return bool
127		*/
128	3	public function isDeprecated()
129		{
130	3	return false; // Always false for user defined functions/methods
131		}
132
133		/**
134		* Returns whether this function is a generator.
135		*
136		* @return bool
137		*/
138	3	public function isGenerator()
139		{
140	3	return $this->isGenerator === true;
141		}
142
143		/**
144		* Checks if class is defined internally by an extension, or the core.
145		*
146		* @return bool
147		*/
148		public function isInternal()
149		{
150		return false; // Always false for user-defined classes
151		}
152
153		/**
154		* Checks if class is user defined.
155		*
156		* @return bool
157		*/
158		public function isUserDefined()
159		{
160		return true; // Always true for user-defined classes
161		}
162
163		/**
164		* Checks if the function is variadic.
165		*
166		* @return bool
167		*/
168		public function isVariadic()
169		{
170		foreach ($this->getParameters() as $parameter) {
171		if ($parameter->isVariadic()) {
172		return true;
173		}
174		}
175
176		return false;
177		}
178
179		/**
180		* Returns the scope associated to the closure.
181		*
182		* @throws \ReflectionException Always... Can't be implemented.
183		*
184		* @return bool
185		*/
186		public function getClosureScopeClass()
187		{
188		throw new \ReflectionException('StaticReflection can\'t get closure');
189		}
190
191		/**
192		* Returns this pointer bound to closure.
193		*
194		* @throws \ReflectionException Always... Can't be implemented.
195		*
196		* @return bool
197		*/
198		public function getClosureThis()
199		{
200		throw new \ReflectionException('StaticReflection can\'t get closure');
201		}
202
203		/**
204		* Returns a dynamically created closure for the method.
205		*
206		* @throws \ReflectionException Always... Can't be implemented.
207		*
208		* @return \Closure\|null Returns NULL in case of an error.
209		*/
210		public function getClosure()
211		{
212		throw new \ReflectionException('StaticReflection can\'t get closure');
213		}
214
215		/**
216		* Invokes a reflected method.
217		*
218		*
219		* @param object $object The object to invoke the method on. For static methods, pass null to this parameter.
220		* @param mixed $parameter Zero or more parameters to be passed to the method. It accepts a variable number of parameters which are passed to the method.
		0 ignored issues – show Bug introduced 2016-05-18 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$parameter`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
221		*
222		* @throws \ReflectionException Always... Can't be implemented.
223		*
224		* @return mixed The method result.
225		*/
226		public function invoke($object)
		0 ignored issues – show Unused Code introduced 2016-05-18 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$object` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
227		{
228		throw new \ReflectionException('StaticReflection can\'t invoke a method');
229		}
230
231		/**
232		* Invokes the reflected method and pass its arguments as array.
233		*
234		* @param object $object The object to invoke the method on. For static methods, pass null to this parameter.
235		* @param array $args The parameters to be passed to the function, as an array.
236		*
237		* @throws \ReflectionException Always... Can't be implemented.
238		*
239		* @return mixed The method result.
240		*/
241		public function invokeArgs($object, array $args)
		0 ignored issues – show Unused Code introduced 2016-05-18 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$object` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2016-05-18 12:13 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$args` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
242		{
243		throw new \ReflectionException('StaticReflection can\'t invoke a method');
244		}
245
246	963	public function addParameter(ReflectionParameter $parameter)
247		{
248	963	$this->parameters[$parameter->getShortName()] = $parameter;
249	963	$parameter->setDeclaringFunction($this);
250
251	963	return $this;
252		}
253
254	450	public function addStaticVariable($name, $value)
255		{
256	450	$this->staticVariables[(string) $name] = $value;
257
258	450	return $this;
259		}
260
261	1062	public function setReturnsByRef($returnsByRef)
262		{
263	1062	$this->returnsByRef = (bool) $returnsByRef;
264
265	1062	return $this;
266		}
267
268	450	public function setGenerator($isGenerator)
269		{
270	450	$this->isGenerator = (bool) $isGenerator;
271
272	450	return $this;
273		}
274		}
275

Benoth / static-reflection

Issues (55)

Security Analysis no request data

src/Reflection/ReflectionFunctionAbstract.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like