Issues in Request.php (master) - Issues in master - FloKnapp/faulancer - Measure and Improve Code Quality continuously with Scrutinizer

Issues (56)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Http/Request.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Class Request
 *
 * @package Faulancer\Http
 * @author Florian Knapp <[email protected]>
 */
namespace Faulancer\Http;

use Faulancer\Exception\InvalidArgumentException;

/**
 * Class Request
 */
class Request extends AbstractHttp
{

    /**
     * The current scheme
     * @var string
     */
    protected $scheme = '';

    /**
     * The current host
     * @var string
     */
    protected $host = '';

    /**
     * The current path string
     * @var string
     */
    protected $path = '';

    /**
     * The current uri
     * @var string
     */
    protected $uri = '';

    /**
     * The current method
     * @var string
     */
    protected $method = '';

    /**
     * Custom headers
     * @var array
     */
    protected $headers = [];

    /**
     * The current query string
     * @var string
     */
    protected $query = '';

    /**
     * @var string
     */
    protected $body = '';

    /**
     * @var array
     */
    protected $get = [];

    /**
     * @var array
     */
    protected $post = [];

    /**
     * Set attributes automatically
     *
     * @return self
     */
    public function createFromHeaders()
    {
        $path = $_SERVER['REQUEST_URI'];

        if (strpos($_SERVER['REQUEST_URI'], '?') !== false) {
            $path = explode('?', $_SERVER['REQUEST_URI']);
            $this->setQuery($path[1]);
            $path = $path[0];
        }

        $this->setScheme(!empty($_SERVER['HTTPS']) ? 'https://' : 'http://');
        $this->setHost($_SERVER['HTTP_HOST']);
        $this->setPath($path);
        $this->setMethod($_SERVER['REQUEST_METHOD']);

        return $this;
    }

    /**
     * Set the request scheme
     *
     * @param string $scheme
     */
    public function setScheme(string $scheme = '')
    {
        $this->scheme = $scheme;
    }

    /**
     * Get the request scheme
     *
     * @return string
     */
    public function getScheme()
    {
        return $this->scheme;
    }

    /**
     * @param array $headers
     */
    public function setHeaders(array $headers = [])
    {
        $this->headers = $headers;
    }

    /**
     * @return array
     */
    public function getHeaders()
    {
        return $this->headers;
    }

    /**
     * @param string $host
     */
    public function setHost(string $host = '')
    {
        $this->host = $host;
    }

    /**
     * @return string
     */
    public function getHost()
    {
        return $this->host;
    }

    /**
     * Set uri path
     *
     * @param string $path
     */
    public function setPath(string $path)

    {
        if (strpos($path, '?') !== false) {
            $path = explode('?', $path);
            $this->setQuery($path[1]);
            $path = $path[0];
        }

        $this->path = $path;
    }

    /**
     * Get uri path
     *
     * @return string
     */
    public function getPath() :string
    {
        return $this->path;
    }

    /**
     * Set uri path
     *
     * @param string $uri
     */
    public function setUri(string $uri)

    {
        if (strpos($uri, '?') !== false) {
            $path = explode('?', $uri);
            $this->setQuery($path[1]);
            $uri = $path[0];
        }

        $this->uri = $uri;
    }

    /**
     * Get uri path
     *
     * @return string
     */
    public function getUri() :string
    {
        return $this->uri;
    }

    /**
     * Set method
     *
     * @param string $method
     */
    public function setMethod(string $method)
    {
        $this->method = $method;
    }

    /**
     * Get method
     *
     * @return string
     */
    public function getMethod() :string
    {
        $serverRequestMethod = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
        return empty($this->method) ? $serverRequestMethod : $this->method;
    }

    /**
     * Set query string
     *
     * @param string $query
     */
    public function setQuery(string $query)
    {
        $this->query = $query;
    }

    /**
     * Get query string
     *
     * @return string
     */
    public function getQuery() :string
    {
        return $this->query;
    }

    /**
     * @param array $body
     */
    public function setBody($body)
    {
       $this->body = $body;

    }

    /**
     * @return string
     */
    public function getBody()
    {
        return $this->body;
    }

    /**
     * Determine if it's a post request
     *
     * @return boolean
     */
    public function isPost() :bool
    {
        return $this->getMethod() === 'POST';
    }

    /**
     * Determine if it's a get request
     *
     * @return boolean
     */
    public function isGet() :bool
    {
        return $this->getMethod() === 'GET';
    }

    /**
     * @param string $key
     *
     * @return mixed
     */
    public function getParam(string $key)
    {
        $this->post  = !empty($_POST) ? array_merge($_POST, $this->post) : [];
        $this->get   = !empty($_GET) ? array_merge($_GET, $this->get) : [];

        if (!empty($this->getQuery())) {

            $query = [];
            parse_str($this->getQuery(), $query);

            if (!empty($query[$key])) {
                return $query[$key];
            }

        }

        $combined = array_merge($this->post, $this->get);

        if (!empty($combined[$key])) {
            return $combined[$key];
        }

        return null;
    }

    /**
     * Return the post data
     *
     * @return array
     */
    public function getPostData() :array
    {
        return empty($_POST) ? [] : $_POST;
    }

    /**
     * @param $data
     * @return void
     */
    public function setPostData($data)
    {
        $_POST = $data;
    }

}

1		<?php
2		/**
3		* Class Request
4		*
5		* @package Faulancer\Http
6		* @author Florian Knapp <[email protected]>
7		*/
8		namespace Faulancer\Http;
9
10		use Faulancer\Exception\InvalidArgumentException;
11
12		/**
13		* Class Request
14		*/
15		class Request extends AbstractHttp
16		{
17
18		/**
19		* The current scheme
20		* @var string
21		*/
22		protected $scheme = '';
23
24		/**
25		* The current host
26		* @var string
27		*/
28		protected $host = '';
29
30		/**
31		* The current path string
32		* @var string
33		*/
34		protected $path = '';
35
36		/**
37		* The current uri
38		* @var string
39		*/
40		protected $uri = '';
41
42		/**
43		* The current method
44		* @var string
45		*/
46		protected $method = '';
47
48		/**
49		* Custom headers
50		* @var array
51		*/
52		protected $headers = [];
53
54		/**
55		* The current query string
56		* @var string
57		*/
58		protected $query = '';
59
60		/**
61		* @var string
62		*/
63		protected $body = '';
64
65		/**
66		* @var array
67		*/
68		protected $get = [];
69
70		/**
71		* @var array
72		*/
73		protected $post = [];
74
75		/**
76		* Set attributes automatically
77		*
78		* @return self
79		*/
80		public function createFromHeaders()
81		{
82		$path = $_SERVER['REQUEST_URI'];
83
84		if (strpos($_SERVER['REQUEST_URI'], '?') !== false) {
85		$path = explode('?', $_SERVER['REQUEST_URI']);
86		$this->setQuery($path[1]);
87		$path = $path[0];
88		}
89
90		$this->setScheme(!empty($_SERVER['HTTPS']) ? 'https://' : 'http://');
91		$this->setHost($_SERVER['HTTP_HOST']);
92		$this->setPath($path);
93		$this->setMethod($_SERVER['REQUEST_METHOD']);
94
95		return $this;
96		}
97
98		/**
99		* Set the request scheme
100		*
101		* @param string $scheme
102		*/
103		public function setScheme(string $scheme = '')
104		{
105		$this->scheme = $scheme;
106		}
107
108		/**
109		* Get the request scheme
110		*
111		* @return string
112		*/
113		public function getScheme()
114		{
115		return $this->scheme;
116		}
117
118		/**
119		* @param array $headers
120		*/
121		public function setHeaders(array $headers = [])
122		{
123		$this->headers = $headers;
124		}
125
126		/**
127		* @return array
128		*/
129		public function getHeaders()
130		{
131		return $this->headers;
132		}
133
134		/**
135		* @param string $host
136		*/
137		public function setHost(string $host = '')
138		{
139		$this->host = $host;
140		}
141
142		/**
143		* @return string
144		*/
145		public function getHost()
146		{
147		return $this->host;
148		}
149
150		/**
151		* Set uri path
152		*
153		* @param string $path
154		*/
155	View Code Duplication	public function setPath(string $path)
		0 ignored issues – show Duplication introduced 2017-10-25 16:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
156		{
157		if (strpos($path, '?') !== false) {
158		$path = explode('?', $path);
159		$this->setQuery($path[1]);
160		$path = $path[0];
161		}
162
163		$this->path = $path;
164		}
165
166		/**
167		* Get uri path
168		*
169		* @return string
170		*/
171		public function getPath() :string
172		{
173		return $this->path;
174		}
175
176		/**
177		* Set uri path
178		*
179		* @param string $uri
180		*/
181	View Code Duplication	public function setUri(string $uri)
		0 ignored issues – show Duplication introduced 2017-10-25 16:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
182		{
183		if (strpos($uri, '?') !== false) {
184		$path = explode('?', $uri);
185		$this->setQuery($path[1]);
186		$uri = $path[0];
187		}
188
189		$this->uri = $uri;
190		}
191
192		/**
193		* Get uri path
194		*
195		* @return string
196		*/
197		public function getUri() :string
198		{
199		return $this->uri;
200		}
201
202		/**
203		* Set method
204		*
205		* @param string $method
206		*/
207		public function setMethod(string $method)
208		{
209		$this->method = $method;
210		}
211
212		/**
213		* Get method
214		*
215		* @return string
216		*/
217		public function getMethod() :string
218		{
219		$serverRequestMethod = isset($_SERVER['REQUEST_METHOD']) ? $_SERVER['REQUEST_METHOD'] : '';
220		return empty($this->method) ? $serverRequestMethod : $this->method;
221		}
222
223		/**
224		* Set query string
225		*
226		* @param string $query
227		*/
228		public function setQuery(string $query)
229		{
230		$this->query = $query;
231		}
232
233		/**
234		* Get query string
235		*
236		* @return string
237		*/
238		public function getQuery() :string
239		{
240		return $this->query;
241		}
242
243		/**
244		* @param array $body
245		*/
246		public function setBody($body)
247		{
248		$this->body = $body;
		0 ignored issues – show Documentation Bug introduced 2017-08-04 14:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$body` of type `array` is incompatible with the declared type `string` of property `$body`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
249		}
250
251		/**
252		* @return string
253		*/
254		public function getBody()
255		{
256		return $this->body;
257		}
258
259		/**
260		* Determine if it's a post request
261		*
262		* @return boolean
263		*/
264		public function isPost() :bool
265		{
266		return $this->getMethod() === 'POST';
267		}
268
269		/**
270		* Determine if it's a get request
271		*
272		* @return boolean
273		*/
274		public function isGet() :bool
275		{
276		return $this->getMethod() === 'GET';
277		}
278
279		/**
280		* @param string $key
281		*
282		* @return mixed
283		*/
284		public function getParam(string $key)
285		{
286		$this->post = !empty($_POST) ? array_merge($_POST, $this->post) : [];
287		$this->get = !empty($_GET) ? array_merge($_GET, $this->get) : [];
288
289		if (!empty($this->getQuery())) {
290
291		$query = [];
292		parse_str($this->getQuery(), $query);
293
294		if (!empty($query[$key])) {
295		return $query[$key];
296		}
297
298		}
299
300		$combined = array_merge($this->post, $this->get);
301
302		if (!empty($combined[$key])) {
303		return $combined[$key];
304		}
305
306		return null;
307		}
308
309		/**
310		* Return the post data
311		*
312		* @return array
313		*/
314		public function getPostData() :array
315		{
316		return empty($_POST) ? [] : $_POST;
317		}
318
319		/**
320		* @param $data
321		* @return void
322		*/
323		public function setPostData($data)
324		{
325		$_POST = $data;
326		}
327
328		}

FloKnapp / faulancer

Issues (56)

Security Analysis not enabled

src/Http/Request.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like