Issues in Table.php (master) - Issues in master - Cysha/casino-holdem - Measure and Improve Code Quality continuously with Scrutinizer

Issues (72)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Game/Table.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Cysha\Casino\Holdem\Game;

use Cysha\Casino\Game\Client;
use Cysha\Casino\Game\Contracts\Dealer as DealerContract;
use Cysha\Casino\Game\Contracts\Player;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use Cysha\Casino\Game\Contracts\Player as PlayerContract;
use Cysha\Casino\Game\PlayerCollection;
use Cysha\Casino\Game\Table as BaseTable;
use Cysha\Casino\Holdem\Exceptions\TableException;
use Ramsey\Uuid\Uuid;

class Table extends BaseTable
{
    /**
     * @var Uuid
     */
    private $id;


    /**
     * @var Dealer
     */
    private $dealer;


    /**
     * @var PlayerCollection
     */
    private $players;


    /**
     * @var PlayerCollection
     */
    private $playersSatOut;

    /**
     * @var int
     */
    private $button = 0;

    /**
     * Table constructor.
     *
     * @param Uuid $id
     * @param DealerContract $dealer
     * @param PlayerCollection $players
     */
    private function __construct(Uuid $id, DealerContract $dealer, PlayerCollection $players)

    {
        $this->id = $id;
        $this->players = $players;
        $this->playersSatOut = PlayerCollection::make();
        $this->dealer = $dealer;
class Alien {}

class Dalek extends Alien {}

class Plot
{
    /** @var  Dalek */
    public $villain;
}

$alien = new Alien();
$plot = new Plot();
if ($alien instanceof Dalek) {
    $plot->villain = $alien;
}
    }

    /**
     * @param Uuid $id
     * @param DealerContract $dealer
     * @param PlayerCollection $players
     *
     * @return Table
     */
    public static function setUp(Uuid $id, DealerContract $dealer, PlayerCollection $players)
    {
        return new self($id, $dealer, $players);
    }

    /**
     * @return Uuid
     */
    public function id(): Uuid
    {
        return $this->id;
    }

    /**
     * @return PlayerCollection
     */
    public function players(): PlayerCollection
    {
        return $this->players;
    }

    /**
     * @return DealerContract
     */
    public function dealer(): DealerContract
    {
        return $this->dealer;
    }

    /**
     * @return int
     */
    public function button(): int
    {
        return $this->button;
    }

    /**
     * @return PlayerContract
     */
    public function locatePlayerWithButton(): PlayerContract
    {
        $buttonLocation = $this->playersSatDown()->get($this->button);
        if ($buttonLocation === null) {
            $this->button = 0;
            $buttonLocation = $this->playersSatDown()->first();
        }

        return $buttonLocation;
    }

    /**
     * @param PlayerContract $player
     */
    public function sitPlayerOut(PlayerContract $player)
    {
        $this->playersSatOut = $this->playersSatOut->push($player);
    }

    /**
     * @return PlayerCollection
     */
    public function playersSatDown(): PlayerCollection
    {
        return $this->players()->diff($this->playersSatOut)->values();
    }

    /**
     * @param PlayerContract $player
     *
     * @throws TableException
     */
    public function giveButtonToPlayer(PlayerContract $player)
    {
        $playerIndex = $this->playersSatDown()
            ->filter
            ->equals($player)
            ->keys()
            ->first();

        if ($playerIndex === null) {
            throw TableException::invalidButtonPosition();
        }

        $this->button = $playerIndex;
    }

    /**
     * Moves the button along the table seats.
     */
    public function moveButton()
    {
        $this->button = $this->button + 1;

        if ($this->button >= $this->playersSatDown()->count()) {
            $this->button = 0;
        }
    }

    /**
     * @param PlayerContract $findPlayer
     *
     * @return int
     */
    public function findSeat(PlayerContract $findPlayer): int
    {
        return $this->players()
            ->filter(function (PlayerContract $player) use ($findPlayer) {
                return $player->equals($findPlayer);
            })
            ->keys()
            ->first();
    }

    /**
     * @param string $playerName
     *
     * @return Player
     */
    public function findPlayerByName($playerName): PlayerContract
    {
        return $this->players()
            ->filter(function (PlayerContract $player) use ($playerName) {
                return $player->name() === $playerName;
            })
            ->first();
    }

    public function removePlayer(Client $client)
    {
        $player = $this->players()
            ->filter(function (Player $player) use ($client) {
                return $player->name() === $client->name();
            })
            ->first()
        ;

        if ($player === null) {
            throw TableException::notRegistered($client, $this);
        }

        $this->players = $this->players()
            ->reject(function (Player $player) use ($client) {
                return $player->name() === $client->name();
            })
            ->values();
    }
}


1		<?php
2
3		namespace Cysha\Casino\Holdem\Game;
4
5		use Cysha\Casino\Game\Client;
6		use Cysha\Casino\Game\Contracts\Dealer as DealerContract;
7		use Cysha\Casino\Game\Contracts\Player;
		0 ignored issues – show Bug introduced 2017-02-24 16:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `Cysha\Casino\Holdem\Game\Player`. Let’s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let’s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
8		use Cysha\Casino\Game\Contracts\Player as PlayerContract;
9		use Cysha\Casino\Game\PlayerCollection;
10		use Cysha\Casino\Game\Table as BaseTable;
11		use Cysha\Casino\Holdem\Exceptions\TableException;
12		use Ramsey\Uuid\Uuid;
13
14		class Table extends BaseTable
15		{
16		/**
17		* @var Uuid
18		*/
19		private $id;
		0 ignored issues – show Comprehensibility introduced 2017-03-16 22:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
20
21		/**
22		* @var Dealer
23		*/
24		private $dealer;
		0 ignored issues – show Comprehensibility introduced 2017-02-24 17:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
25
26		/**
27		* @var PlayerCollection
28		*/
29		private $players;
		0 ignored issues – show Comprehensibility introduced 2017-02-24 17:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different property name as you override a private property of the parent class. Loading history...
30
31		/**
32		* @var PlayerCollection
33		*/
34		private $playersSatOut;
35
36		/**
37		* @var int
38		*/
39		private $button = 0;
40
41		/**
42	66	* Table constructor.
43		*
44	66	* @param Uuid $id
45	66	* @param DealerContract $dealer
46	66	* @param PlayerCollection $players
47	66	*/
48		private function __construct(Uuid $id, DealerContract $dealer, PlayerCollection $players)
		0 ignored issues – show Bug introduced 2017-09-21 09:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider using a different method name as you override a private method of the parent class. Overwriting private methods is generally fine as long as you also use private visibility. It might still be preferable for understandability to use a different method name. Loading history...
49		{
50		$this->id = $id;
51		$this->players = $players;
52		$this->playersSatOut = PlayerCollection::make();
53		$this->dealer = $dealer;
		0 ignored issues – show Documentation Bug introduced 2017-02-24 22:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$dealer` is of type `object<Cysha\Casino\Game\Contracts\Dealer>`, but the property `$dealer` was declared to be of type `object<Cysha\Casino\Holdem\Game\Dealer>`. Are you sure that you always receive this specific sub-class here, or does it make sense to add an `instanceof` check? Our type inference engine has found a suspicous assignment of a value to a property. This check raises an issue when a value that can be of a given class or a super-class is assigned to a property that is type hinted more strictly. Either this assignment is in error or an instanceof check should be added for that assignment. class Alien {} class Dalek extends Alien {} class Plot { /** @var Dalek */ public $villain; } $alien = new Alien(); $plot = new Plot(); if ($alien instanceof Dalek) { $plot->villain = $alien; } Loading history...
54		}
55	66
56		/**
57	66	* @param Uuid $id
58		* @param DealerContract $dealer
59		* @param PlayerCollection $players
60		*
61		* @return Table
62		*/
63	64	public static function setUp(Uuid $id, DealerContract $dealer, PlayerCollection $players)
64		{
65	64	return new self($id, $dealer, $players);
66		}
67
68		/**
69		* @return Uuid
70		*/
71	52	public function id(): Uuid
72		{
73	52	return $this->id;
74		}
75
76		/**
77		* @return PlayerCollection
78		*/
79	46	public function players(): PlayerCollection
80		{
81	46	return $this->players;
82		}
83
84		/**
85		* @return DealerContract
86		*/
87	12	public function dealer(): DealerContract
88		{
89	12	return $this->dealer;
90		}
91
92		/**
93		* @return int
94		*/
95	9	public function button(): int
96		{
97	9	return $this->button;
98	9	}
99
100		/**
101		* @return PlayerContract
102		*/
103	61	public function locatePlayerWithButton(): PlayerContract
104		{
105	61	$buttonLocation = $this->playersSatDown()->get($this->button);
106		if ($buttonLocation === null) {
107		$this->button = 0;
108		$buttonLocation = $this->playersSatDown()->first();
109		}
110
111		return $buttonLocation;
112		}
113	3
114		/**
115	3	* @param PlayerContract $player
116	3	*/
117	3	public function sitPlayerOut(PlayerContract $player)
118	3	{
119	3	$this->playersSatOut = $this->playersSatOut->push($player);
120		}
121	3
122	1	/**
123		* @return PlayerCollection
124		*/
125	2	public function playersSatDown(): PlayerCollection
126	2	{
127		return $this->players()->diff($this->playersSatOut)->values();
128		}
129
130		/**
131	15	* @param PlayerContract $player
132		*
133	15	* @throws TableException
134		*/
135	15	public function giveButtonToPlayer(PlayerContract $player)
136	2	{
137		$playerIndex = $this->playersSatDown()
138	15	->filter
139		->equals($player)
140		->keys()
141		->first();
142
143	22	if ($playerIndex === null) {
144		throw TableException::invalidButtonPosition();
145	22	}
146
147		$this->button = $playerIndex;
148	22	}
149	22
150		/**
151	22	* Moves the button along the table seats.
152	22	*/
153		public function moveButton()
154	22	{
155		$this->button = $this->button + 1;
156
157	22	if ($this->button >= $this->playersSatDown()->count()) {
158	22	$this->button = 0;
159		}
160		}
161	22
162	22	/**
163	22	* @param PlayerContract $findPlayer
164		*
165	22	* @return int
166		*/
167		public function findSeat(PlayerContract $findPlayer): int
168		{
169		return $this->players()
170		->filter(function (PlayerContract $player) use ($findPlayer) {
171		return $player->equals($findPlayer);
172		})
173	16	->keys()
174		->first();
175	16	}
176
177	16	/**
178	16	* @param string $playerName
179	16	*
180	16	* @return Player
181		*/
182		public function findPlayerByName($playerName): PlayerContract
183		{
184		return $this->players()
185		->filter(function (PlayerContract $player) use ($playerName) {
186		return $player->name() === $playerName;
187		})
188	1	->first();
189		}
190	1
191	1	public function removePlayer(Client $client)
192	1	{
193	1	$player = $this->players()
194	1	->filter(function (Player $player) use ($client) {
195		return $player->name() === $client->name();
196		})
197		->first()
198		;
199
200		if ($player === null) {
201		throw TableException::notRegistered($client, $this);
202		}
203
204		$this->players = $this->players()
205		->reject(function (Player $player) use ($client) {
206		return $player->name() === $client->name();
207		})
208		->values();
209		}
210		}
211

Cysha / casino-holdem

Issues (72)

Security Analysis no request data

src/Game/Table.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like