Issues in MatchResult.php (master) - Issues in master - DASPRiD/Dash - Measure and Improve Code Quality continuously with Scrutinizer

Issues (7)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/MatchResult.php (3 issues)

Labels

Documentation 3

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Dash
 *
 * @link      http://github.com/DASPRiD/Dash For the canonical source repository
 * @copyright 2013-2015 Ben Scholzen 'DASPRiD'
 * @license   http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
 */

namespace Dash;

use Dash\Exception\DomainException;
use Psr\Http\Message\UriInterface;

final class MatchResult
{
    /**
     * @var string
     */
    private $type;

    /**
     * @var string
     */
    private $routeName;

    /**
     * @var array
     */
    private $params;

    /**
     * @var array
     */
    private $allowedMethods;

    /**
     * @var UriInterface
     */
    private $absoluteUri;

    /**
     * Match result may only be created through static methods.
     */
    private function __construct()
    {
    }

    /**
     * Creates a success match result.
     *
     * @param  array $params
     * @return self
     */
    public static function fromSuccess(array $params)
    {
        $matchResult = new self();
        $matchResult->type = 'success';
        $matchResult->params = $params;
        return $matchResult;
    }

    /**
     * Creates a method failure match reuslt.
     *
     * @param  array $allowedMethods
     * @return self
     */
    public static function fromMethodFailure(array $allowedMethods)
    {
        $matchResult = new self();
        $matchResult->type = 'methodFailure';
        $matchResult->allowedMethods = $allowedMethods;
        return $matchResult;
    }

    /**
     * Creates a scheme failure match result.
     *
     * @param  UriInterface $absoluteUri
     * @return self
     */
    public static function fromSchemeFailure(UriInterface $absoluteUri)
    {
        $matchResult = new self();
        $matchResult->type = 'schemeFailure';
        $matchResult->absoluteUri = $absoluteUri;
        return $matchResult;
    }

    /**
     * Creates a match failure match result.
     *
     * @return self
     */
    public static function fromMatchFailure()
    {
        $matchResult = new self();
        $matchResult->type = 'matchFailure';
        return $matchResult;
    }

    /**
     * Creates a new match result from a child match.
     *
     * @param  self   $childMatchResult

     * @param  array  $parentParams
     * @param  string $childRouteName
     * @return self
     * @throws DomainException
     */
    public static function fromChildMatch(self $childMatchResult, $parentParams, $childRouteName)
    {
        if (!$childMatchResult->isSuccess()) {
            throw new DomainException('Child match must be a successful match result');
        }

        $matchResult = self::fromSuccess($childMatchResult->getParams() + $parentParams);
        $matchResult->routeName = $childRouteName;

        if (null !== $childMatchResult->getRouteName()) {
            $matchResult->routeName .= '/' . $childMatchResult->getRouteName();
        }

        return $matchResult;
    }

    /**
     * Merges two method failure match results.
     *
     * @param  self $firstMatchResult

     * @param  self $secondMatchResult

     * @return self
     * @throws DomainException
     */
    public static function mergeMethodFailures(self $firstMatchResult, self $secondMatchResult)
    {
        if (!$firstMatchResult->isMethodFailure() || !$secondMatchResult->isMethodFailure()) {
            throw new DomainException('Both match results must be method failures');
        }

        return self::fromMethodFailure(array_unique(
            array_merge($firstMatchResult->getAllowedMethods(), $secondMatchResult->getAllowedMethods())
        ));
    }

    /**
     * Returns whether the result is a success.
     *
     * In case of success, you can retrieve the matched route name via {@link MatchResult::getRouteName()} and all route
     * parameters via {@link MatchResult::getParams()}.
     *
     * @return bool
     */
    public function isSuccess()
    {
        return 'success' === $this->type;
    }

    /**
     * Returns whether the result is a method failure.
     *
     * In case of a method failure, it is advised to return a 405 response with an "Allow" header, listing the allowed
     * methods supplied by {@link MatchResult::getAllowedMethods()}.
     *
     * @return bool
     */
    public function isMethodFailure()
    {
        return 'methodFailure' === $this->type;
    }

    /**
     * Returns whether the result is a scheme failure.
     *
     * In case of a scheme failure, it is advised to return a 308 response, redirecting the user to the URI specified by
     * {@link MatchResult::getAbsoluteUri()}.
     *
     * @return bool
     */
    public function isSchemeFailure()
    {
        return 'schemeFailure' === $this->type;
    }

    /**
     * Returns the matched route name.
     *
     * @return string
     * @throws DomainException
     */
    public function getRouteName()
    {
        if (!$this->isSuccess()) {
            throw new DomainException('Route name is only available on successful match');
        }

        return $this->routeName;
    }

    /**
     * Returns the route parameters.
     *
     * @return array
     * @throws DomainException
     */
    public function getParams()
    {
        if (!$this->isSuccess()) {
            throw new DomainException('Params are only available on successful match');
        }

        return $this->params;
    }

    /**
     * Returns the allowed methods for the matched route.
     *
     * @return array
     * @throws DomainException
     */
    public function getAllowedMethods()
    {
        if (!$this->isMethodFailure()) {
            throw new DomainException('Allowed methods are only available on method failure');
        }

        return $this->allowedMethods;
    }

    /**
     * Returns the absolute URI pointing to the matched route.
     *
     * @return UriInterface
     * @throws DomainException
     */
    public function getAbsoluteUri()
    {
        if (!$this->isSchemeFailure()) {
            throw new DomainException('Absolute URI is only available on scheme failure');
        }

        return $this->absoluteUri;
    }
}


1			<?php
2			/**
3			* Dash
4			*
5			* @link http://github.com/DASPRiD/Dash For the canonical source repository
6			* @copyright 2013-2015 Ben Scholzen 'DASPRiD'
7			* @license http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
8			*/
9
10			namespace Dash;
11
12			use Dash\Exception\DomainException;
13			use Psr\Http\Message\UriInterface;
14
15			final class MatchResult
16			{
17			/**
18			* @var string
19			*/
20			private $type;
21
22			/**
23			* @var string
24			*/
25			private $routeName;
26
27			/**
28			* @var array
29			*/
30			private $params;
31
32			/**
33			* @var array
34			*/
35			private $allowedMethods;
36
37			/**
38			* @var UriInterface
39			*/
40			private $absoluteUri;
41
42			/**
43			* Match result may only be created through static methods.
44			*/
45			private function __construct()
46			{
47			}
48
49			/**
50			* Creates a success match result.
51			*
52			* @param array $params
53			* @return self
54			*/
55			public static function fromSuccess(array $params)
56			{
57			$matchResult = new self();
58			$matchResult->type = 'success';
59			$matchResult->params = $params;
60			return $matchResult;
61			}
62
63			/**
64			* Creates a method failure match reuslt.
65			*
66			* @param array $allowedMethods
67			* @return self
68			*/
69			public static function fromMethodFailure(array $allowedMethods)
70			{
71			$matchResult = new self();
72			$matchResult->type = 'methodFailure';
73			$matchResult->allowedMethods = $allowedMethods;
74			return $matchResult;
75			}
76
77			/**
78			* Creates a scheme failure match result.
79			*
80			* @param UriInterface $absoluteUri
81			* @return self
82			*/
83			public static function fromSchemeFailure(UriInterface $absoluteUri)
84			{
85			$matchResult = new self();
86			$matchResult->type = 'schemeFailure';
87			$matchResult->absoluteUri = $absoluteUri;
88			return $matchResult;
89			}
90
91			/**
92			* Creates a match failure match result.
93			*
94			* @return self
95			*/
96			public static function fromMatchFailure()
97			{
98			$matchResult = new self();
99			$matchResult->type = 'matchFailure';
100			return $matchResult;
101			}
102
103			/**
104			* Creates a new match result from a child match.
105			*
106			* @param self $childMatchResult
			0 ignored issues – show Documentation introduced 2016-02-09 20:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$childMatchResult` not be `\self`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
107			* @param array $parentParams
108			* @param string $childRouteName
109			* @return self
110			* @throws DomainException
111			*/
112			public static function fromChildMatch(self $childMatchResult, $parentParams, $childRouteName)
113			{
114			if (!$childMatchResult->isSuccess()) {
115			throw new DomainException('Child match must be a successful match result');
116			}
117
118			$matchResult = self::fromSuccess($childMatchResult->getParams() + $parentParams);
119			$matchResult->routeName = $childRouteName;
120
121			if (null !== $childMatchResult->getRouteName()) {
122			$matchResult->routeName .= '/' . $childMatchResult->getRouteName();
123			}
124
125			return $matchResult;
126			}
127
128			/**
129			* Merges two method failure match results.
130			*
131			* @param self $firstMatchResult
			0 ignored issues – show Documentation introduced 2016-02-09 20:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$firstMatchResult` not be `\self`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
132			* @param self $secondMatchResult
			0 ignored issues – show Documentation introduced 2016-02-09 20:04 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$secondMatchResult` not be `\self`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
133			* @return self
134			* @throws DomainException
135			*/
136			public static function mergeMethodFailures(self $firstMatchResult, self $secondMatchResult)
137			{
138			if (!$firstMatchResult->isMethodFailure() \|\| !$secondMatchResult->isMethodFailure()) {
139			throw new DomainException('Both match results must be method failures');
140			}
141
142			return self::fromMethodFailure(array_unique(
143			array_merge($firstMatchResult->getAllowedMethods(), $secondMatchResult->getAllowedMethods())
144			));
145			}
146
147			/**
148			* Returns whether the result is a success.
149			*
150			* In case of success, you can retrieve the matched route name via {@link MatchResult::getRouteName()} and all route
151			* parameters via {@link MatchResult::getParams()}.
152			*
153			* @return bool
154			*/
155			public function isSuccess()
156			{
157			return 'success' === $this->type;
158			}
159
160			/**
161			* Returns whether the result is a method failure.
162			*
163			* In case of a method failure, it is advised to return a 405 response with an "Allow" header, listing the allowed
164			* methods supplied by {@link MatchResult::getAllowedMethods()}.
165			*
166			* @return bool
167			*/
168			public function isMethodFailure()
169			{
170			return 'methodFailure' === $this->type;
171			}
172
173			/**
174			* Returns whether the result is a scheme failure.
175			*
176			* In case of a scheme failure, it is advised to return a 308 response, redirecting the user to the URI specified by
177			* {@link MatchResult::getAbsoluteUri()}.
178			*
179			* @return bool
180			*/
181			public function isSchemeFailure()
182			{
183			return 'schemeFailure' === $this->type;
184			}
185
186			/**
187			* Returns the matched route name.
188			*
189			* @return string
190			* @throws DomainException
191			*/
192			public function getRouteName()
193			{
194			if (!$this->isSuccess()) {
195			throw new DomainException('Route name is only available on successful match');
196			}
197
198			return $this->routeName;
199			}
200
201			/**
202			* Returns the route parameters.
203			*
204			* @return array
205			* @throws DomainException
206			*/
207			public function getParams()
208			{
209			if (!$this->isSuccess()) {
210			throw new DomainException('Params are only available on successful match');
211			}
212
213			return $this->params;
214			}
215
216			/**
217			* Returns the allowed methods for the matched route.
218			*
219			* @return array
220			* @throws DomainException
221			*/
222			public function getAllowedMethods()
223			{
224			if (!$this->isMethodFailure()) {
225			throw new DomainException('Allowed methods are only available on method failure');
226			}
227
228			return $this->allowedMethods;
229			}
230
231			/**
232			* Returns the absolute URI pointing to the matched route.
233			*
234			* @return UriInterface
235			* @throws DomainException
236			*/
237			public function getAbsoluteUri()
238			{
239			if (!$this->isSchemeFailure()) {
240			throw new DomainException('Absolute URI is only available on scheme failure');
241			}
242
243			return $this->absoluteUri;
244			}
245			}
246

DASPRiD / Dash

Issues (7)

Security Analysis no request data

src/MatchResult.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like