Issues (7)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/MatchResult.php (3 issues)

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
/**
3
 * Dash
4
 *
5
 * @link      http://github.com/DASPRiD/Dash For the canonical source repository
6
 * @copyright 2013-2015 Ben Scholzen 'DASPRiD'
7
 * @license   http://opensource.org/licenses/BSD-2-Clause Simplified BSD License
8
 */
9
10
namespace Dash;
11
12
use Dash\Exception\DomainException;
13
use Psr\Http\Message\UriInterface;
14
15
final class MatchResult
16
{
17
    /**
18
     * @var string
19
     */
20
    private $type;
21
22
    /**
23
     * @var string
24
     */
25
    private $routeName;
26
27
    /**
28
     * @var array
29
     */
30
    private $params;
31
32
    /**
33
     * @var array
34
     */
35
    private $allowedMethods;
36
37
    /**
38
     * @var UriInterface
39
     */
40
    private $absoluteUri;
41
42
    /**
43
     * Match result may only be created through static methods.
44
     */
45
    private function __construct()
46
    {
47
    }
48
49
    /**
50
     * Creates a success match result.
51
     *
52
     * @param  array $params
53
     * @return self
54
     */
55
    public static function fromSuccess(array $params)
56
    {
57
        $matchResult = new self();
58
        $matchResult->type = 'success';
59
        $matchResult->params = $params;
60
        return $matchResult;
61
    }
62
63
    /**
64
     * Creates a method failure match reuslt.
65
     *
66
     * @param  array $allowedMethods
67
     * @return self
68
     */
69
    public static function fromMethodFailure(array $allowedMethods)
70
    {
71
        $matchResult = new self();
72
        $matchResult->type = 'methodFailure';
73
        $matchResult->allowedMethods = $allowedMethods;
74
        return $matchResult;
75
    }
76
77
    /**
78
     * Creates a scheme failure match result.
79
     *
80
     * @param  UriInterface $absoluteUri
81
     * @return self
82
     */
83
    public static function fromSchemeFailure(UriInterface $absoluteUri)
84
    {
85
        $matchResult = new self();
86
        $matchResult->type = 'schemeFailure';
87
        $matchResult->absoluteUri = $absoluteUri;
88
        return $matchResult;
89
    }
90
91
    /**
92
     * Creates a match failure match result.
93
     *
94
     * @return self
95
     */
96
    public static function fromMatchFailure()
97
    {
98
        $matchResult = new self();
99
        $matchResult->type = 'matchFailure';
100
        return $matchResult;
101
    }
102
103
    /**
104
     * Creates a new match result from a child match.
105
     *
106
     * @param  self   $childMatchResult
0 ignored issues
show
Should the type for parameter $childMatchResult not be \self?

This check looks for @param annotations where the type inferred by our type inference engine differs from the declared type.

It makes a suggestion as to what type it considers more descriptive.

Most often this is a case of a parameter that can be null in addition to its declared types.

Loading history...
107
     * @param  array  $parentParams
108
     * @param  string $childRouteName
109
     * @return self
110
     * @throws DomainException
111
     */
112
    public static function fromChildMatch(self $childMatchResult, $parentParams, $childRouteName)
113
    {
114
        if (!$childMatchResult->isSuccess()) {
115
            throw new DomainException('Child match must be a successful match result');
116
        }
117
118
        $matchResult = self::fromSuccess($childMatchResult->getParams() + $parentParams);
119
        $matchResult->routeName = $childRouteName;
120
121
        if (null !== $childMatchResult->getRouteName()) {
122
            $matchResult->routeName .= '/' . $childMatchResult->getRouteName();
123
        }
124
125
        return $matchResult;
126
    }
127
128
    /**
129
     * Merges two method failure match results.
130
     *
131
     * @param  self $firstMatchResult
0 ignored issues
show
Should the type for parameter $firstMatchResult not be \self?

This check looks for @param annotations where the type inferred by our type inference engine differs from the declared type.

It makes a suggestion as to what type it considers more descriptive.

Most often this is a case of a parameter that can be null in addition to its declared types.

Loading history...
132
     * @param  self $secondMatchResult
0 ignored issues
show
Should the type for parameter $secondMatchResult not be \self?

This check looks for @param annotations where the type inferred by our type inference engine differs from the declared type.

It makes a suggestion as to what type it considers more descriptive.

Most often this is a case of a parameter that can be null in addition to its declared types.

Loading history...
133
     * @return self
134
     * @throws DomainException
135
     */
136
    public static function mergeMethodFailures(self $firstMatchResult, self $secondMatchResult)
137
    {
138
        if (!$firstMatchResult->isMethodFailure() || !$secondMatchResult->isMethodFailure()) {
139
            throw new DomainException('Both match results must be method failures');
140
        }
141
142
        return self::fromMethodFailure(array_unique(
143
            array_merge($firstMatchResult->getAllowedMethods(), $secondMatchResult->getAllowedMethods())
144
        ));
145
    }
146
147
    /**
148
     * Returns whether the result is a success.
149
     *
150
     * In case of success, you can retrieve the matched route name via {@link MatchResult::getRouteName()} and all route
151
     * parameters via {@link MatchResult::getParams()}.
152
     *
153
     * @return bool
154
     */
155
    public function isSuccess()
156
    {
157
        return 'success' === $this->type;
158
    }
159
160
    /**
161
     * Returns whether the result is a method failure.
162
     *
163
     * In case of a method failure, it is advised to return a 405 response with an "Allow" header, listing the allowed
164
     * methods supplied by {@link MatchResult::getAllowedMethods()}.
165
     *
166
     * @return bool
167
     */
168
    public function isMethodFailure()
169
    {
170
        return 'methodFailure' === $this->type;
171
    }
172
173
    /**
174
     * Returns whether the result is a scheme failure.
175
     *
176
     * In case of a scheme failure, it is advised to return a 308 response, redirecting the user to the URI specified by
177
     * {@link MatchResult::getAbsoluteUri()}.
178
     *
179
     * @return bool
180
     */
181
    public function isSchemeFailure()
182
    {
183
        return 'schemeFailure' === $this->type;
184
    }
185
186
    /**
187
     * Returns the matched route name.
188
     *
189
     * @return string
190
     * @throws DomainException
191
     */
192
    public function getRouteName()
193
    {
194
        if (!$this->isSuccess()) {
195
            throw new DomainException('Route name is only available on successful match');
196
        }
197
198
        return $this->routeName;
199
    }
200
201
    /**
202
     * Returns the route parameters.
203
     *
204
     * @return array
205
     * @throws DomainException
206
     */
207
    public function getParams()
208
    {
209
        if (!$this->isSuccess()) {
210
            throw new DomainException('Params are only available on successful match');
211
        }
212
213
        return $this->params;
214
    }
215
216
    /**
217
     * Returns the allowed methods for the matched route.
218
     *
219
     * @return array
220
     * @throws DomainException
221
     */
222
    public function getAllowedMethods()
223
    {
224
        if (!$this->isMethodFailure()) {
225
            throw new DomainException('Allowed methods are only available on method failure');
226
        }
227
228
        return $this->allowedMethods;
229
    }
230
231
    /**
232
     * Returns the absolute URI pointing to the matched route.
233
     *
234
     * @return UriInterface
235
     * @throws DomainException
236
     */
237
    public function getAbsoluteUri()
238
    {
239
        if (!$this->isSchemeFailure()) {
240
            throw new DomainException('Absolute URI is only available on scheme failure');
241
        }
242
243
        return $this->absoluteUri;
244
    }
245
}
246