Issues in Dispatcher.php (master) - Issues in master - ByTIC/framework - Measure and Improve Code Quality continuously with Scrutinizer

Issues (917)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Dispatcher/Dispatcher.php (11 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Nip\Dispatcher;

use Exception;
use Nip\AutoLoader\AutoLoader;
use Nip\Controller;
use Nip\Http\Response\Response;
use Nip\Request;

/**
 * Class Dispatcher
 * @package Nip\Dispatcher
 */
class Dispatcher
{

    /**
     * @var null|Request
     */
    protected $request = null;

    protected $currentController = false;

    protected $hops = 0;

    protected $maxHops = 30;

    /**
     * @param $controller
     * @return mixed
     */
    public static function reverseControllerName($controller)
    {
        return inflector()->unclassify($controller);
    }

    /**
     * @param $name
     * @return mixed
     */
    public static function formatActionName($name)
    {
        $name = inflector()->camelize($name);
        $name[0] = strtolower($name[0]);

        return $name;
    }

    /**
     * @param Request|null $request
     * @return null|Response
     * @throws Exception
     */
    public function dispatch(Request $request = null)
    {
        if ($request) {
            $this->setRequest($request);
        } else {
            $request = $this->getRequest();
        }
        $this->hops++;

        if ($this->hops <= $this->maxHops) {
            if ($request->getControllerName() == null) {
                throw new Exception('No valid controller name in request ['.$request->getMCA().']');
function someFunction(A $objectMaybe = null)
{
    if ($objectMaybe instanceof A) {
        $objectMaybe->doSomething();
    }
}
            }

            $controller = $this->generateController($request);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}

            if ($controller instanceof Controller) {
                try {
                    $this->currentController = $controller;

                    $controller->setRequest($request);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}

                    return $controller->dispatch();
                } catch (ForwardException $e) {
                    $return = $this->dispatch();

                    return $return;
                }
            } else {
                throw new Exception('Error finding a valid controller for ['.$request->getMCA().']');
            }
        } else {
            throw new Exception("Maximum number of hops ($this->maxHops) has been reached for {$request->getMCA()}");
        }
    }

    /**
     * @return Request
     */
    public function getRequest()
    {
        return $this->request;
    }

    /**
     * @param Request|null $request
     */
    public function setRequest($request)
    {
        $this->request = $request;
    }

    /**
     * @param Request $request
     * @return Controller|null
     * @throws Exception
     */
    public function generateController($request)
    {
        $module = $this->formatModuleName($request->getModuleName());
        $controller = $this->formatControllerName($request->getControllerName());

        $namespaceClass = $this->generateFullControllerNameNamespace($module, $controller);
        if ($this->isValidControllerNamespace($namespaceClass)) {
            return $this->newController($namespaceClass);
        } else {
            $classicClass = $this->generateFullControllerNameString($module, $controller);
            if ($this->getAutoloader()->isClass($classicClass)) {
                return $this->newController($classicClass);
            }
        }
        throw new Exception(
            'Error finding a valid controller ['.$namespaceClass.']['.$classicClass.'] for ['.$request->getMCA().']'
        );
    }

    /**
     * @param $name
     * @return mixed
     */
    public function formatModuleName($name)
    {
        $name = $name ? $name : 'default';

        return inflector()->camelize($name);
    }

    /**
     * @param $name
     * @return mixed
     */
    public function formatControllerName($name)
    {
        $name = $name ? $name : 'index';

        return $this->getControllerName($name);
    }

    /**
     * @param $controller
     * @return mixed
     */
    public function getControllerName($controller)
    {
        return inflector()->classify($controller);
    }

    /**
     * @param $module
     * @param $controller
     * @return string
     */
    protected function generateFullControllerNameNamespace($module, $controller)
    {
        $name = app('app')->getRootNamespace() . 'Modules\\';
        $module = $module == 'Default' ? 'Frontend' : $module;
        $name .= $module . '\Controllers\\';
        $name .= str_replace('_', '\\', $controller) . "Controller";

        return $name;
    }

    /**
     * @param $namespaceClass
     * @return bool
     */
    protected function isValidControllerNamespace($namespaceClass)
    {
        return class_exists($namespaceClass);
//        $loader = $this->getAutoloader()->getPsr4ClassLoader();

//        $loader->load($namespaceClass);
//        if ($loader->isLoaded($namespaceClass)) {
//            return true;
//        }
//
//        return false;
    }

    /**
     * @param $class
     * @return Controller
     */
    public function newController($class)
    {
        $controller = new $class();
        /** @var Controller $controller */
        $controller->setDispatcher($this);

        return $controller;
    }

    /**
     * @param $module
     * @param $controller
     * @return string
     */
    protected function generateFullControllerNameString($module, $controller)
    {
        return $module . "_" . $controller . "Controller";
    }

    /**
     * @return AutoLoader
     */
    protected function getAutoloader()
    {
        return app('autoloader');
    }

    /**
     * @param bool $params
     */
    public function throwError($params = false)

    {
//        $this->getFrontController()->getTrace()->add($params);

        $this->setErrorController();
        $this->forward('index');
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        return;
    }

    /**
     * @return $this
     */
    public function setErrorController()
    {
        $this->getRequest()->setActionName('index');
        $this->getRequest()->setControllerName('error');
        $this->getRequest()->setModuleName('default');

        return $this;
    }

    /**
     * @param bool $action
     * @param bool $controller
     * @param bool $module
     * @param array $params
     * @throws ForwardException
     */
    public function forward($action = false, $controller = false, $module = false, $params = [])
    {
        $this->getRequest()->setActionName($action);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        if ($controller) {
            $this->getRequest()->setControllerName($controller);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        }
        if ($module) {
            $this->getRequest()->setModuleName($module);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        }

        if (is_array($params)) {
            $this->getRequest()->attributes->add($params);
        }

        throw new ForwardException;
    }

    /**
     * @return bool
     */
    public function getCurrentController()
    {
        return $this->currentController;
    }
}


GitHub Access Token became invalid

Issues (917)

Security Analysis not enabled

src/Dispatcher/Dispatcher.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		namespace Nip\Dispatcher;
4
5		use Exception;
6		use Nip\AutoLoader\AutoLoader;
7		use Nip\Controller;
8		use Nip\Http\Response\Response;
9		use Nip\Request;
10
11		/**
12		* Class Dispatcher
13		* @package Nip\Dispatcher
14		*/
15		class Dispatcher
16		{
17
18		/**
19		* @var null\|Request
20		*/
21		protected $request = null;
22
23		protected $currentController = false;
24
25		protected $hops = 0;
26
27		protected $maxHops = 30;
28
29		/**
30		* @param $controller
31		* @return mixed
32		*/
33	1	public static function reverseControllerName($controller)
34		{
35	1	return inflector()->unclassify($controller);
36		}
37
38		/**
39		* @param $name
40		* @return mixed
41		*/
42		public static function formatActionName($name)
43		{
44		$name = inflector()->camelize($name);
45		$name[0] = strtolower($name[0]);
46
47		return $name;
48		}
49
50		/**
51		* @param Request\|null $request
52		* @return null\|Response
53		* @throws Exception
54		*/
55		public function dispatch(Request $request = null)
56		{
57		if ($request) {
58		$this->setRequest($request);
59		} else {
60		$request = $this->getRequest();
61		}
62		$this->hops++;
63
64		if ($this->hops <= $this->maxHops) {
65		if ($request->getControllerName() == null) {
66		throw new Exception('No valid controller name in request ['.$request->getMCA().']');
		0 ignored issues – show Bug introduced 2017-03-05 14:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` is not always an object, but can also be of type `null`. Maybe add an additional type check? If a variable is not always an object, we recommend to add an additional type check to ensure your method call is safe: function someFunction(A $objectMaybe = null) { if ($objectMaybe instanceof A) { $objectMaybe->doSomething(); } } Loading history...
67		}
68
69		$controller = $this->generateController($request);
		0 ignored issues – show Bug introduced 2017-03-05 14:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` can be `null`; however, `generateController()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
70
71		if ($controller instanceof Controller) {
72		try {
73		$this->currentController = $controller;
		0 ignored issues – show Documentation Bug introduced 2017-03-05 14:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$controller` of type `object<Nip\Controller>` is incompatible with the declared type `boolean` of property `$currentController`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
74		$controller->setRequest($request);
		0 ignored issues – show Bug introduced 2017-03-05 14:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$request` can be `null`; however, `setRequest()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
75
76		return $controller->dispatch();
77		} catch (ForwardException $e) {
78		$return = $this->dispatch();
79
80		return $return;
81		}
82		} else {
83		throw new Exception('Error finding a valid controller for ['.$request->getMCA().']');
84		}
85		} else {
86		throw new Exception("Maximum number of hops ($this->maxHops) has been reached for {$request->getMCA()}");
87		}
88		}
89
90		/**
91		* @return Request
92		*/
93		public function getRequest()
94		{
95		return $this->request;
96		}
97
98		/**
99		* @param Request\|null $request
100		*/
101		public function setRequest($request)
102		{
103		$this->request = $request;
104		}
105
106		/**
107		* @param Request $request
108		* @return Controller\|null
109		* @throws Exception
110		*/
111		public function generateController($request)
112		{
113		$module = $this->formatModuleName($request->getModuleName());
114		$controller = $this->formatControllerName($request->getControllerName());
115
116		$namespaceClass = $this->generateFullControllerNameNamespace($module, $controller);
117		if ($this->isValidControllerNamespace($namespaceClass)) {
118		return $this->newController($namespaceClass);
119		} else {
120		$classicClass = $this->generateFullControllerNameString($module, $controller);
121		if ($this->getAutoloader()->isClass($classicClass)) {
122		return $this->newController($classicClass);
123		}
124		}
125		throw new Exception(
126		'Error finding a valid controller ['.$namespaceClass.']['.$classicClass.'] for ['.$request->getMCA().']'
127		);
128		}
129
130		/**
131		* @param $name
132		* @return mixed
133		*/
134		public function formatModuleName($name)
135		{
136		$name = $name ? $name : 'default';
137
138		return inflector()->camelize($name);
139		}
140
141		/**
142		* @param $name
143		* @return mixed
144		*/
145		public function formatControllerName($name)
146		{
147		$name = $name ? $name : 'index';
148
149		return $this->getControllerName($name);
150		}
151
152		/**
153		* @param $controller
154		* @return mixed
155		*/
156		public function getControllerName($controller)
157		{
158		return inflector()->classify($controller);
159		}
160
161		/**
162		* @param $module
163		* @param $controller
164		* @return string
165		*/
166		protected function generateFullControllerNameNamespace($module, $controller)
167		{
168		$name = app('app')->getRootNamespace() . 'Modules\\';
169		$module = $module == 'Default' ? 'Frontend' : $module;
170		$name .= $module . '\Controllers\\';
171		$name .= str_replace('_', '\\', $controller) . "Controller";
172
173		return $name;
174		}
175
176		/**
177		* @param $namespaceClass
178		* @return bool
179		*/
180		protected function isValidControllerNamespace($namespaceClass)
181		{
182		return class_exists($namespaceClass);
183		// $loader = $this->getAutoloader()->getPsr4ClassLoader();
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-07-29 13:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
184		// $loader->load($namespaceClass);
185		// if ($loader->isLoaded($namespaceClass)) {
186		// return true;
187		// }
188		//
189		// return false;
190		}
191
192		/**
193		* @param $class
194		* @return Controller
195		*/
196		public function newController($class)
197		{
198		$controller = new $class();
199		/** @var Controller $controller */
200		$controller->setDispatcher($this);
201
202		return $controller;
203		}
204
205		/**
206		* @param $module
207		* @param $controller
208		* @return string
209		*/
210		protected function generateFullControllerNameString($module, $controller)
211		{
212		return $module . "_" . $controller . "Controller";
213		}
214
215		/**
216		* @return AutoLoader
217		*/
218		protected function getAutoloader()
219		{
220		return app('autoloader');
221		}
222
223		/**
224		* @param bool $params
225		*/
226		public function throwError($params = false)
		0 ignored issues – show Unused Code introduced 2017-08-03 19:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$params` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
227		{
228		// $this->getFrontController()->getTrace()->add($params);
		0 ignored issues – show Unused Code Comprehensibility introduced 2017-03-05 14:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this `75%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
229		$this->setErrorController();
230		$this->forward('index');
		0 ignored issues – show Documentation introduced 2016-08-20 20:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `'index'` is of type `string`, but the function expects a `boolean`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
231
232		return;
233		}
234
235		/**
236		* @return $this
237		*/
238		public function setErrorController()
239		{
240		$this->getRequest()->setActionName('index');
241		$this->getRequest()->setControllerName('error');
242		$this->getRequest()->setModuleName('default');
243
244		return $this;
245		}
246
247		/**
248		* @param bool $action
249		* @param bool $controller
250		* @param bool $module
251		* @param array $params
252		* @throws ForwardException
253		*/
254		public function forward($action = false, $controller = false, $module = false, $params = [])
255		{
256		$this->getRequest()->setActionName($action);
		0 ignored issues – show Documentation introduced 2016-08-20 20:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$action` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
257
258		if ($controller) {
259		$this->getRequest()->setControllerName($controller);
		0 ignored issues – show Documentation introduced 2016-08-20 20:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$controller` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
260		}
261		if ($module) {
262		$this->getRequest()->setModuleName($module);
		0 ignored issues – show Documentation introduced 2016-08-20 20:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$module` is of type `boolean`, but the function expects a `string`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
263		}
264
265		if (is_array($params)) {
266		$this->getRequest()->attributes->add($params);
267		}
268
269		throw new ForwardException;
270		}
271
272		/**
273		* @return bool
274		*/
275		public function getCurrentController()
276		{
277		return $this->currentController;
278		}
279		}
280

ByTIC / framework

GitHub Access Token became invalid

Issues (917)

Security Analysis not enabled

src/Dispatcher/Dispatcher.php (11 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like