Issues in Configuration.php (master) - Issues in master - FriendsOfSymfony/FOSRestBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (48)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

DependencyInjection/Configuration.php (8 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the FOSRestBundle package.
 *
 * (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace FOS\RestBundle\DependencyInjection;

use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
use Symfony\Component\Config\Definition\Builder\TreeBuilder;
use Symfony\Component\Config\Definition\ConfigurationInterface;
use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
use Symfony\Component\HttpFoundation\Response;
use Symfony\Component\OptionsResolver\OptionsResolver;
use Symfony\Component\Serializer\Encoder\XmlEncoder;

/**
 * This class contains the configuration information for the bundle.
 *
 * This information is solely responsible for how the different configuration
 * sections are normalized, and merged.
 *
 * @author Lukas Kahwe Smith <[email protected]>
 *
 * @internal
 */
final class Configuration implements ConfigurationInterface
{
    private $debug;

    public function __construct(bool $debug)
    {
        $this->debug = $debug;
    }

    public function getConfigTreeBuilder(): TreeBuilder
    {
        $treeBuilder = new TreeBuilder('fos_rest');

        $rootNode = $treeBuilder->getRootNode();

        $rootNode
            ->children()
                ->scalarNode('disable_csrf_role')->defaultNull()->end()
                ->scalarNode('unauthorized_challenge')->defaultNull()->end()
                ->arrayNode('param_fetcher_listener')
                    ->beforeNormalization()
                        ->ifString()
                        ->then(function ($v) {
                            return ['enabled' => in_array($v, ['force', 'true']), 'force' => 'force' === $v];
                        })
                    ->end()
                    ->canBeEnabled()
                    ->children()
                        ->booleanNode('force')->defaultFalse()->end()
                        ->scalarNode('service')->defaultNull()->end()
                    ->end()
                ->end()
                ->scalarNode('cache_dir')->cannotBeEmpty()->defaultValue('%kernel.cache_dir%/fos_rest')->end()
                ->arrayNode('allowed_methods_listener')
                    ->canBeEnabled()
                    ->children()
                        ->scalarNode('service')->defaultNull()->end()
                    ->end()
                ->end()
                ->booleanNode('routing_loader')
                    ->defaultValue(false)
                    ->validate()
                        ->ifTrue()
                        ->thenInvalid('only "false" is supported')
                    ->end()
                ->end()
                ->arrayNode('body_converter')
                    ->canBeEnabled()
                    ->children()
                        ->scalarNode('validate')
                            ->defaultFalse()
                            ->beforeNormalization()
                                ->ifTrue()
                                ->then(function ($value) {
                                    if (!class_exists(OptionsResolver::class)) {
                                        throw new InvalidConfigurationException("'body_converter.validate: true' requires OptionsResolver component installation ( composer require symfony/options-resolver )");
                                    }

                                    return $value;
                                })
                            ->end()
                        ->end()
                        ->scalarNode('validation_errors_argument')->defaultValue('validationErrors')->end()
                    ->end()
                ->end()
                ->arrayNode('service')
                    ->addDefaultsIfNotSet()
                    ->children()
                        ->scalarNode('serializer')->defaultNull()->end()
                        ->scalarNode('view_handler')->defaultValue('fos_rest.view_handler.default')->end()
                        ->scalarNode('validator')->defaultValue('validator')->end()
                    ->end()
                ->end()
                ->arrayNode('serializer')
                    ->addDefaultsIfNotSet()
                    ->children()
                        ->scalarNode('version')->defaultNull()->end()
                        ->arrayNode('groups')
                            ->prototype('scalar')->end()
                        ->end()
                        ->booleanNode('serialize_null')->defaultFalse()->end()
                    ->end()
                ->end()
                ->arrayNode('zone')
                    ->cannotBeOverwritten()
                    ->prototype('array')
                    ->fixXmlConfig('ip')
                    ->children()
                        ->scalarNode('path')
                            ->defaultNull()
                            ->info('use the urldecoded format')
                            ->example('^/path to resource/')
                        ->end()
                        ->scalarNode('host')->defaultNull()->end()
                        ->arrayNode('methods')
                            ->beforeNormalization()->ifString()->then(function ($v) {
                                return preg_split('/\s*,\s*/', $v);
                            })->end()
                            ->prototype('scalar')->end()
                        ->end()
                        ->arrayNode('ips')
                            ->beforeNormalization()->ifString()->then(function ($v) {
                                return array($v);
                            })->end()
                            ->prototype('scalar')->end()
                        ->end()
                    ->end()
                ->end()
            ->end()
        ->end();

        $this->addViewSection($rootNode);

        $this->addExceptionSection($rootNode);

        $this->addBodyListenerSection($rootNode);

        $this->addFormatListenerSection($rootNode);

        $this->addVersioningSection($rootNode);


        return $treeBuilder;
    }

    private function addViewSection(ArrayNodeDefinition $rootNode): void
    {
        $rootNode
            ->children()
                ->arrayNode('view')
                    ->fixXmlConfig('format', 'formats')
                    ->fixXmlConfig('mime_type', 'mime_types')
                    ->addDefaultsIfNotSet()
                    ->children()
                        ->arrayNode('mime_types')
                            ->canBeEnabled()
                            ->beforeNormalization()
                                ->ifArray()->then(function ($v) {
                                    if (!empty($v) && empty($v['formats'])) {
                                        unset($v['enabled']);
                                        $v = ['enabled' => true, 'formats' => $v];
                                    }

                                    return $v;
                                })
                            ->end()
                            ->fixXmlConfig('format', 'formats')
                            ->children()
                                ->scalarNode('service')->defaultNull()->end()
                                ->arrayNode('formats')
                                    ->useAttributeAsKey('name')
                                    ->prototype('array')
                                        ->beforeNormalization()
                                            ->ifString()
                                            ->then(function ($v) { return array($v); })
                                        ->end()
                                        ->prototype('scalar')->end()
                                    ->end()
                                ->end()
                            ->end()
                        ->end()
                        ->arrayNode('formats')
                            ->useAttributeAsKey('name')
                            ->defaultValue(['json' => true, 'xml' => true])
                            ->prototype('boolean')->end()
                        ->end()
                        ->arrayNode('view_response_listener')
                            ->beforeNormalization()
                                ->ifString()
                                ->then(function ($v) {
                                    return ['enabled' => in_array($v, ['force', 'true']), 'force' => 'force' === $v];
                                })
                            ->end()
                            ->canBeEnabled()
                            ->children()
                                ->booleanNode('force')->defaultFalse()->end()
                                ->scalarNode('service')->defaultNull()->end()
                            ->end()
                        ->end()
                        ->scalarNode('failed_validation')->defaultValue(Response::HTTP_BAD_REQUEST)->end()
                        ->scalarNode('empty_content')->defaultValue(Response::HTTP_NO_CONTENT)->end()
                        ->booleanNode('serialize_null')->defaultFalse()->end()
                        ->arrayNode('jsonp_handler')
                            ->canBeUnset()
                            ->children()
                                ->scalarNode('callback_param')->defaultValue('callback')->end()
                                ->scalarNode('mime_type')->defaultValue('application/javascript+jsonp')->end()
                            ->end()
                        ->end()
                    ->end()
                ->end()
            ->end();
    }

    private function addBodyListenerSection(ArrayNodeDefinition $rootNode): void
    {
        $decodersDefaultValue = ['json' => 'fos_rest.decoder.json'];
        if (class_exists(XmlEncoder::class)) {
            $decodersDefaultValue['xml'] = 'fos_rest.decoder.xml';
        }
        $rootNode
            ->children()
                ->arrayNode('body_listener')
                    ->fixXmlConfig('decoder', 'decoders')
                    ->addDefaultsIfNotSet()
                    ->canBeUnset()
                    ->canBeEnabled()
                    ->children()
                        ->scalarNode('service')->defaultNull()->end()
                        ->scalarNode('default_format')->defaultNull()->end()
                        ->booleanNode('throw_exception_on_unsupported_content_type')
                            ->defaultFalse()
                        ->end()
                        ->arrayNode('decoders')
                            ->useAttributeAsKey('name')
                            ->defaultValue($decodersDefaultValue)
                            ->prototype('scalar')->end()
                        ->end()
                        ->arrayNode('array_normalizer')
                            ->addDefaultsIfNotSet()
                            ->beforeNormalization()
                                ->ifString()->then(function ($v) {
                                    return ['service' => $v];
                                })
                            ->end()
                            ->children()
                                ->scalarNode('service')->defaultNull()->end()
                                ->booleanNode('forms')->defaultFalse()->end()
                            ->end()
                        ->end()
                    ->end()
                ->end()
            ->end();
    }

    private function addFormatListenerSection(ArrayNodeDefinition $rootNode): void
    {
        $rootNode
            ->children()
                ->arrayNode('format_listener')
                    ->fixXmlConfig('rule', 'rules')
                    ->addDefaultsIfNotSet()
                    ->canBeUnset()
                    ->beforeNormalization()
                        ->ifTrue(function ($v) {
                            // check if we got an assoc array in rules
                            return isset($v['rules'])
                                && is_array($v['rules'])
                                && array_keys($v['rules']) !== range(0, count($v['rules']) - 1);
                        })
                        ->then(function ($v) {
                            $v['rules'] = [$v['rules']];

                            return $v;
                        })
                    ->end()
                    ->canBeEnabled()
                    ->children()
                        ->scalarNode('service')->defaultNull()->end()
                        ->arrayNode('rules')
                            ->performNoDeepMerging()
                            ->prototype('array')
                                ->fixXmlConfig('priority', 'priorities')
                                ->fixXmlConfig('attribute', 'attributes')
                                ->children()
                                    ->scalarNode('path')->defaultNull()->info('URL path info')->end()
                                    ->scalarNode('host')->defaultNull()->info('URL host name')->end()
                                    ->variableNode('methods')->defaultNull()->info('Method for URL')->end()
                                    ->arrayNode('attributes')
                                        ->useAttributeAsKey('name')
                                        ->prototype('variable')->end()
                                    ->end()
                                    ->booleanNode('stop')->defaultFalse()->end()
                                    ->booleanNode('prefer_extension')->defaultTrue()->end()
                                    ->scalarNode('fallback_format')->defaultValue('html')->end()
                                    ->arrayNode('priorities')
                                        ->beforeNormalization()->ifString()->then(function ($v) {
                                            return preg_split('/\s*,\s*/', $v);
                                        })->end()
                                        ->prototype('scalar')->end()
                                    ->end()
                                ->end()
                            ->end()
                        ->end()
                    ->end()
                ->end()
            ->end();
    }

    private function addVersioningSection(ArrayNodeDefinition $rootNode): void
    {
        $rootNode
        ->children()
            ->arrayNode('versioning')
                ->canBeEnabled()
                ->children()
                    ->scalarNode('default_version')->defaultNull()->end()
                    ->arrayNode('resolvers')
                        ->addDefaultsIfNotSet()
                        ->children()
                            ->arrayNode('query')
                                ->canBeDisabled()
                                ->children()
                                    ->scalarNode('parameter_name')->defaultValue('version')->end()
                                ->end()
                            ->end()
                            ->arrayNode('custom_header')
                                ->canBeDisabled()
                                ->children()
                                    ->scalarNode('header_name')->defaultValue('X-Accept-Version')->end()
                                ->end()
                            ->end()
                            ->arrayNode('media_type')
                                ->canBeDisabled()
                                ->children()
                                    ->scalarNode('regex')->defaultValue('/(v|version)=(?P<version>[0-9\.]+)/')->end()
                                ->end()
                            ->end()
                        ->end()
                    ->end()
                    ->arrayNode('guessing_order')
                        ->defaultValue(['query', 'custom_header', 'media_type'])
                        ->validate()
                            ->ifTrue(function ($v) {
                                foreach ($v as $resolver) {
                                    if (!in_array($resolver, ['query', 'custom_header', 'media_type'])) {
                                        return true;
                                    }
                                }
                            })
                            ->thenInvalid('Versioning guessing order can only contain "query", "custom_header", "media_type".')
                        ->end()
                        ->prototype('scalar')->end()
                    ->end()
                ->end()
            ->end()
        ->end();
    }

    private function addExceptionSection(ArrayNodeDefinition $rootNode): void
    {
        $rootNode
            ->children()
                ->arrayNode('exception')
                    ->fixXmlConfig('code', 'codes')
                    ->fixXmlConfig('message', 'messages')
                    ->addDefaultsIfNotSet()
                    ->canBeEnabled()
                    ->validate()
                      ->always()
                      ->then(function ($v) {
                          if (!$v['enabled']) {
                            return $v;
                          }

                          if ($v['exception_listener']) {
                              @trigger_error('Enabling the "fos_rest.exception.exception_listener" option is deprecated since FOSRestBundle 2.8.', E_USER_DEPRECATED);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
                          }
                          if ($v['serialize_exceptions']) {
                              @trigger_error('Enabling the "fos_rest.exception.serialize_exceptions" option is deprecated since FOSRestBundle 2.8.', E_USER_DEPRECATED);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}
                          }

                          return $v;
                      })
                    ->end()
                    ->children()
                        ->booleanNode('map_exception_codes')
                            ->defaultFalse()
                            ->info('Enables an event listener that maps exception codes to response status codes based on the map configured with the "fos_rest.exception.codes" option.')
                        ->end()
                        ->booleanNode('exception_listener')
                            ->defaultValue(false)
                            ->validate()
                                ->ifTrue()
                                ->thenInvalid('only "false" is supported')
                            ->end()
                        ->end()
                        ->booleanNode('serialize_exceptions')
                            ->defaultValue(false)
                            ->validate()
                                ->ifTrue()
                                ->thenInvalid('only "false" is supported')
                            ->end()
                        ->end()
                        ->enumNode('flatten_exception_format')
                            ->defaultValue('legacy')
                            ->values(['legacy', 'rfc7807'])
                        ->end()
                        ->booleanNode('serializer_error_renderer')->defaultValue(false)->end()
                        ->arrayNode('codes')
                            ->useAttributeAsKey('name')
                            ->beforeNormalization()
                                ->ifArray()
                                ->then(function (array $items) {
                                    foreach ($items as &$item) {
                                        if (is_int($item)) {
                                            continue;
                                        }

                                        if (!defined(sprintf('%s::%s', Response::class, $item))) {
                                            throw new InvalidConfigurationException(sprintf('Invalid HTTP code in fos_rest.exception.codes, see %s for all valid codes.', Response::class));
                                        }

                                        $item = constant(sprintf('%s::%s', Response::class, $item));
                                    }

                                    return $items;
                                })
                            ->end()
                            ->prototype('integer')->end()

                            ->validate()
                            ->ifArray()
                                ->then(function (array $items) {
                                    foreach ($items as $class => $code) {
                                        $this->testExceptionExists($class);
                                    }

                                    return $items;
                                })
                            ->end()
                        ->end()
                        ->arrayNode('messages')
                            ->useAttributeAsKey('name')
                            ->prototype('boolean')->end()
                            ->validate()
                                ->ifArray()
                                ->then(function (array $items) {
                                    foreach ($items as $class => $nomatter) {
                                        $this->testExceptionExists($class);
                                    }

                                    return $items;
                                })
                            ->end()
                        ->end()
                        ->booleanNode('debug')
                            ->defaultValue($this->debug)
                        ->end()
                    ->end()
                ->end()
            ->end();
    }

    private function testExceptionExists(string $throwable): void
    {
        if (!is_subclass_of($throwable, \Throwable::class)) {

            throw new InvalidConfigurationException(sprintf('FOSRestBundle exception mapper: Could not load class "%s" or the class does not extend from "%s". Most probably this is a configuration problem.', $throwable, \Throwable::class));
        }
    }
}


1			<?php
2
3			/*
4			* This file is part of the FOSRestBundle package.
5			*
6			* (c) FriendsOfSymfony <http://friendsofsymfony.github.com/>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace FOS\RestBundle\DependencyInjection;
13
14			use Symfony\Component\Config\Definition\Builder\ArrayNodeDefinition;
15			use Symfony\Component\Config\Definition\Builder\TreeBuilder;
16			use Symfony\Component\Config\Definition\ConfigurationInterface;
17			use Symfony\Component\Config\Definition\Exception\InvalidConfigurationException;
18			use Symfony\Component\HttpFoundation\Response;
19			use Symfony\Component\OptionsResolver\OptionsResolver;
20			use Symfony\Component\Serializer\Encoder\XmlEncoder;
21
22			/**
23			* This class contains the configuration information for the bundle.
24			*
25			* This information is solely responsible for how the different configuration
26			* sections are normalized, and merged.
27			*
28			* @author Lukas Kahwe Smith <[email protected]>
29			*
30			* @internal
31			*/
32			final class Configuration implements ConfigurationInterface
33			{
34			private $debug;
35
36	60		public function __construct(bool $debug)
37			{
38	60		$this->debug = $debug;
39	60		}
40
41	59		public function getConfigTreeBuilder(): TreeBuilder
42			{
43	59		$treeBuilder = new TreeBuilder('fos_rest');
44
45	59		$rootNode = $treeBuilder->getRootNode();
46
47			$rootNode
48	59		->children()
49	59		->scalarNode('disable_csrf_role')->defaultNull()->end()
50	59		->scalarNode('unauthorized_challenge')->defaultNull()->end()
51	59		->arrayNode('param_fetcher_listener')
52	59		->beforeNormalization()
53	59		->ifString()
54		View Code Duplication	->then(function ($v) {
55	1		return ['enabled' => in_array($v, ['force', 'true']), 'force' => 'force' === $v];
56	59		})
57	59		->end()
58	59		->canBeEnabled()
59	59		->children()
60	59		->booleanNode('force')->defaultFalse()->end()
61	59		->scalarNode('service')->defaultNull()->end()
62	59		->end()
63	59		->end()
64	59		->scalarNode('cache_dir')->cannotBeEmpty()->defaultValue('%kernel.cache_dir%/fos_rest')->end()
65	59		->arrayNode('allowed_methods_listener')
66	59		->canBeEnabled()
67	59		->children()
68	59		->scalarNode('service')->defaultNull()->end()
69	59		->end()
70	59		->end()
71	59		->booleanNode('routing_loader')
72	59		->defaultValue(false)
73	59		->validate()
74	59		->ifTrue()
75	59		->thenInvalid('only "false" is supported')
76	59		->end()
77	59		->end()
78	59		->arrayNode('body_converter')
79	59		->canBeEnabled()
80	59		->children()
81	59		->scalarNode('validate')
82	59		->defaultFalse()
83	59		->beforeNormalization()
84	59		->ifTrue()
85			->then(function ($value) {
86	1		if (!class_exists(OptionsResolver::class)) {
87			throw new InvalidConfigurationException("'body_converter.validate: true' requires OptionsResolver component installation ( composer require symfony/options-resolver )");
88			}
89
90	1		return $value;
91	59		})
92	59		->end()
93	59		->end()
94	59		->scalarNode('validation_errors_argument')->defaultValue('validationErrors')->end()
95	59		->end()
96	59		->end()
97	59		->arrayNode('service')
98	59		->addDefaultsIfNotSet()
99	59		->children()
100	59		->scalarNode('serializer')->defaultNull()->end()
101	59		->scalarNode('view_handler')->defaultValue('fos_rest.view_handler.default')->end()
102	59		->scalarNode('validator')->defaultValue('validator')->end()
103	59		->end()
104	59		->end()
105	59		->arrayNode('serializer')
106	59		->addDefaultsIfNotSet()
107	59		->children()
108	59		->scalarNode('version')->defaultNull()->end()
109	59		->arrayNode('groups')
110	59		->prototype('scalar')->end()
111	59		->end()
112	59		->booleanNode('serialize_null')->defaultFalse()->end()
113	59		->end()
114	59		->end()
115	59		->arrayNode('zone')
116	59		->cannotBeOverwritten()
117	59		->prototype('array')
118	59		->fixXmlConfig('ip')
119	59		->children()
120	59		->scalarNode('path')
121	59		->defaultNull()
122	59		->info('use the urldecoded format')
123	59		->example('^/path to resource/')
124	59		->end()
125	59		->scalarNode('host')->defaultNull()->end()
126	59		->arrayNode('methods')
127			->beforeNormalization()->ifString()->then(function ($v) {
128			return preg_split('/\s,\s/', $v);
129	59		})->end()
130	59		->prototype('scalar')->end()
131	59		->end()
132	59		->arrayNode('ips')
133			->beforeNormalization()->ifString()->then(function ($v) {
134	1		return array($v);
135	59		})->end()
136	59		->prototype('scalar')->end()
137	59		->end()
138	59		->end()
139	59		->end()
140	59		->end()
141	59		->end();
142
143	59		$this->addViewSection($rootNode);
			0 ignored issues – show Compatibility introduced 2018-12-14 11:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rootNode` of type `object<Symfony\Component...Builder\NodeDefinition>` is not a sub-type of `object<Symfony\Component...er\ArrayNodeDefinition>`. It seems like you assume a child class of the class `Symfony\Component\Config...\Builder\NodeDefinition` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
144	59		$this->addExceptionSection($rootNode);
			0 ignored issues – show Compatibility introduced 2018-12-14 11:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rootNode` of type `object<Symfony\Component...Builder\NodeDefinition>` is not a sub-type of `object<Symfony\Component...er\ArrayNodeDefinition>`. It seems like you assume a child class of the class `Symfony\Component\Config...\Builder\NodeDefinition` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
145	59		$this->addBodyListenerSection($rootNode);
			0 ignored issues – show Compatibility introduced 2018-12-14 11:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rootNode` of type `object<Symfony\Component...Builder\NodeDefinition>` is not a sub-type of `object<Symfony\Component...er\ArrayNodeDefinition>`. It seems like you assume a child class of the class `Symfony\Component\Config...\Builder\NodeDefinition` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
146	59		$this->addFormatListenerSection($rootNode);
			0 ignored issues – show Compatibility introduced 2018-12-14 11:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rootNode` of type `object<Symfony\Component...Builder\NodeDefinition>` is not a sub-type of `object<Symfony\Component...er\ArrayNodeDefinition>`. It seems like you assume a child class of the class `Symfony\Component\Config...\Builder\NodeDefinition` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
147	59		$this->addVersioningSection($rootNode);
			0 ignored issues – show Compatibility introduced 2018-12-14 11:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$rootNode` of type `object<Symfony\Component...Builder\NodeDefinition>` is not a sub-type of `object<Symfony\Component...er\ArrayNodeDefinition>`. It seems like you assume a child class of the class `Symfony\Component\Config...\Builder\NodeDefinition` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
148
149	59		return $treeBuilder;
150			}
151
152	59		private function addViewSection(ArrayNodeDefinition $rootNode): void
153			{
154			$rootNode
155	59		->children()
156	59		->arrayNode('view')
157	59		->fixXmlConfig('format', 'formats')
158	59		->fixXmlConfig('mime_type', 'mime_types')
159	59		->addDefaultsIfNotSet()
160	59		->children()
161	59		->arrayNode('mime_types')
162	59		->canBeEnabled()
163	59		->beforeNormalization()
164			->ifArray()->then(function ($v) {
165	1		if (!empty($v) && empty($v['formats'])) {
166	1		unset($v['enabled']);
167	1		$v = ['enabled' => true, 'formats' => $v];
168			}
169
170	1		return $v;
171	59		})
172	59		->end()
173	59		->fixXmlConfig('format', 'formats')
174	59		->children()
175	59		->scalarNode('service')->defaultNull()->end()
176	59		->arrayNode('formats')
177	59		->useAttributeAsKey('name')
178	59		->prototype('array')
179	59		->beforeNormalization()
180	59		->ifString()
181			->then(function ($v) { return array($v); })
182	59		->end()
183	59		->prototype('scalar')->end()
184	59		->end()
185	59		->end()
186	59		->end()
187	59		->end()
188	59		->arrayNode('formats')
189	59		->useAttributeAsKey('name')
190	59		->defaultValue(['json' => true, 'xml' => true])
191	59		->prototype('boolean')->end()
192	59		->end()
193	59		->arrayNode('view_response_listener')
194	59		->beforeNormalization()
195	59		->ifString()
196		View Code Duplication	->then(function ($v) {
197	4		return ['enabled' => in_array($v, ['force', 'true']), 'force' => 'force' === $v];
198	59		})
199	59		->end()
200	59		->canBeEnabled()
201	59		->children()
202	59		->booleanNode('force')->defaultFalse()->end()
203	59		->scalarNode('service')->defaultNull()->end()
204	59		->end()
205	59		->end()
206	59		->scalarNode('failed_validation')->defaultValue(Response::HTTP_BAD_REQUEST)->end()
207	59		->scalarNode('empty_content')->defaultValue(Response::HTTP_NO_CONTENT)->end()
208	59		->booleanNode('serialize_null')->defaultFalse()->end()
209	59		->arrayNode('jsonp_handler')
210	59		->canBeUnset()
211	59		->children()
212	59		->scalarNode('callback_param')->defaultValue('callback')->end()
213	59		->scalarNode('mime_type')->defaultValue('application/javascript+jsonp')->end()
214	59		->end()
215	59		->end()
216	59		->end()
217	59		->end()
218	59		->end();
219	59		}
220
221	59		private function addBodyListenerSection(ArrayNodeDefinition $rootNode): void
222			{
223	59		$decodersDefaultValue = ['json' => 'fos_rest.decoder.json'];
224	59		if (class_exists(XmlEncoder::class)) {
225	59		$decodersDefaultValue['xml'] = 'fos_rest.decoder.xml';
226			}
227			$rootNode
228	59		->children()
229	59		->arrayNode('body_listener')
230	59		->fixXmlConfig('decoder', 'decoders')
231	59		->addDefaultsIfNotSet()
232	59		->canBeUnset()
233	59		->canBeEnabled()
234	59		->children()
235	59		->scalarNode('service')->defaultNull()->end()
236	59		->scalarNode('default_format')->defaultNull()->end()
237	59		->booleanNode('throw_exception_on_unsupported_content_type')
238	59		->defaultFalse()
239	59		->end()
240	59		->arrayNode('decoders')
241	59		->useAttributeAsKey('name')
242	59		->defaultValue($decodersDefaultValue)
243	59		->prototype('scalar')->end()
244	59		->end()
245	59		->arrayNode('array_normalizer')
246	59		->addDefaultsIfNotSet()
247	59		->beforeNormalization()
248			->ifString()->then(function ($v) {
249	1		return ['service' => $v];
250	59		})
251	59		->end()
252	59		->children()
253	59		->scalarNode('service')->defaultNull()->end()
254	59		->booleanNode('forms')->defaultFalse()->end()
255	59		->end()
256	59		->end()
257	59		->end()
258	59		->end()
259	59		->end();
260	59		}
261
262	59		private function addFormatListenerSection(ArrayNodeDefinition $rootNode): void
263			{
264			$rootNode
265	59		->children()
266	59		->arrayNode('format_listener')
267	59		->fixXmlConfig('rule', 'rules')
268	59		->addDefaultsIfNotSet()
269	59		->canBeUnset()
270	59		->beforeNormalization()
271			->ifTrue(function ($v) {
272			// check if we got an assoc array in rules
273	6		return isset($v['rules'])
274	6		&& is_array($v['rules'])
275	6		&& array_keys($v['rules']) !== range(0, count($v['rules']) - 1);
276	59		})
277			->then(function ($v) {
278	1		$v['rules'] = [$v['rules']];
279
280	1		return $v;
281	59		})
282	59		->end()
283	59		->canBeEnabled()
284	59		->children()
285	59		->scalarNode('service')->defaultNull()->end()
286	59		->arrayNode('rules')
287	59		->performNoDeepMerging()
288	59		->prototype('array')
289	59		->fixXmlConfig('priority', 'priorities')
290	59		->fixXmlConfig('attribute', 'attributes')
291	59		->children()
292	59		->scalarNode('path')->defaultNull()->info('URL path info')->end()
293	59		->scalarNode('host')->defaultNull()->info('URL host name')->end()
294	59		->variableNode('methods')->defaultNull()->info('Method for URL')->end()
295	59		->arrayNode('attributes')
296	59		->useAttributeAsKey('name')
297	59		->prototype('variable')->end()
298	59		->end()
299	59		->booleanNode('stop')->defaultFalse()->end()
300	59		->booleanNode('prefer_extension')->defaultTrue()->end()
301	59		->scalarNode('fallback_format')->defaultValue('html')->end()
302	59		->arrayNode('priorities')
303			->beforeNormalization()->ifString()->then(function ($v) {
304			return preg_split('/\s,\s/', $v);
305	59		})->end()
306	59		->prototype('scalar')->end()
307	59		->end()
308	59		->end()
309	59		->end()
310	59		->end()
311	59		->end()
312	59		->end()
313	59		->end();
314	59		}
315
316	59		private function addVersioningSection(ArrayNodeDefinition $rootNode): void
317			{
318			$rootNode
319	59		->children()
320	59		->arrayNode('versioning')
321	59		->canBeEnabled()
322	59		->children()
323	59		->scalarNode('default_version')->defaultNull()->end()
324	59		->arrayNode('resolvers')
325	59		->addDefaultsIfNotSet()
326	59		->children()
327	59		->arrayNode('query')
328	59		->canBeDisabled()
329	59		->children()
330	59		->scalarNode('parameter_name')->defaultValue('version')->end()
331	59		->end()
332	59		->end()
333	59		->arrayNode('custom_header')
334	59		->canBeDisabled()
335	59		->children()
336	59		->scalarNode('header_name')->defaultValue('X-Accept-Version')->end()
337	59		->end()
338	59		->end()
339	59		->arrayNode('media_type')
340	59		->canBeDisabled()
341	59		->children()
342	59		->scalarNode('regex')->defaultValue('/(v\|version)=(?P<version>[0-9\.]+)/')->end()
343	59		->end()
344	59		->end()
345	59		->end()
346	59		->end()
347	59		->arrayNode('guessing_order')
348	59		->defaultValue(['query', 'custom_header', 'media_type'])
349	59		->validate()
350			->ifTrue(function ($v) {
351			foreach ($v as $resolver) {
352			if (!in_array($resolver, ['query', 'custom_header', 'media_type'])) {
353			return true;
354			}
355			}
356	59		})
357	59		->thenInvalid('Versioning guessing order can only contain "query", "custom_header", "media_type".')
358	59		->end()
359	59		->prototype('scalar')->end()
360	59		->end()
361	59		->end()
362	59		->end()
363	59		->end();
364	59		}
365
366	59		private function addExceptionSection(ArrayNodeDefinition $rootNode): void
367			{
368			$rootNode
369	59		->children()
370	59		->arrayNode('exception')
371	59		->fixXmlConfig('code', 'codes')
372	59		->fixXmlConfig('message', 'messages')
373	59		->addDefaultsIfNotSet()
374	59		->canBeEnabled()
375	59		->validate()
376	59		->always()
377			->then(function ($v) {
378	13		if (!$v['enabled']) {
379			return $v;
380			}
381
382	13		if ($v['exception_listener']) {
383			@trigger_error('Enabling the "fos_rest.exception.exception_listener" option is deprecated since FOSRestBundle 2.8.', E_USER_DEPRECATED);
			0 ignored issues – show Security Best Practice introduced 2020-04-18 15:11 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
384			}
385	13		if ($v['serialize_exceptions']) {
386			@trigger_error('Enabling the "fos_rest.exception.serialize_exceptions" option is deprecated since FOSRestBundle 2.8.', E_USER_DEPRECATED);
			0 ignored issues – show Security Best Practice introduced 2020-04-19 09:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
387			}
388
389	13		return $v;
390	59		})
391	59		->end()
392	59		->children()
393	59		->booleanNode('map_exception_codes')
394	59		->defaultFalse()
395	59		->info('Enables an event listener that maps exception codes to response status codes based on the map configured with the "fos_rest.exception.codes" option.')
396	59		->end()
397	59		->booleanNode('exception_listener')
398	59		->defaultValue(false)
399	59		->validate()
400	59		->ifTrue()
401	59		->thenInvalid('only "false" is supported')
402	59		->end()
403	59		->end()
404	59		->booleanNode('serialize_exceptions')
405	59		->defaultValue(false)
406	59		->validate()
407	59		->ifTrue()
408	59		->thenInvalid('only "false" is supported')
409	59		->end()
410	59		->end()
411	59		->enumNode('flatten_exception_format')
412	59		->defaultValue('legacy')
413	59		->values(['legacy', 'rfc7807'])
414	59		->end()
415	59		->booleanNode('serializer_error_renderer')->defaultValue(false)->end()
416	59		->arrayNode('codes')
417	59		->useAttributeAsKey('name')
418	59		->beforeNormalization()
419	59		->ifArray()
420			->then(function (array $items) {
421	13		foreach ($items as &$item) {
422	13		if (is_int($item)) {
423	3		continue;
424			}
425
426	10		if (!defined(sprintf('%s::%s', Response::class, $item))) {
427	9		throw new InvalidConfigurationException(sprintf('Invalid HTTP code in fos_rest.exception.codes, see %s for all valid codes.', Response::class));
428			}
429
430	1		$item = constant(sprintf('%s::%s', Response::class, $item));
431			}
432
433	4		return $items;
434	59		})
435	59		->end()
436	59		->prototype('integer')->end()
437
438	59		->validate()
439	59		->ifArray()
440			->then(function (array $items) {
441	4		foreach ($items as $class => $code) {
442	4		$this->testExceptionExists($class);
443			}
444
445	3		return $items;
446	59		})
447	59		->end()
448	59		->end()
449	59		->arrayNode('messages')
450	59		->useAttributeAsKey('name')
451	59		->prototype('boolean')->end()
452	59		->validate()
453	59		->ifArray()
454			->then(function (array $items) {
455	9		foreach ($items as $class => $nomatter) {
456	9		$this->testExceptionExists($class);
457			}
458
459	8		return $items;
460	59		})
461	59		->end()
462	59		->end()
463	59		->booleanNode('debug')
464	59		->defaultValue($this->debug)
465	59		->end()
466	59		->end()
467	59		->end()
468	59		->end();
469	59		}
470
471	13		private function testExceptionExists(string $throwable): void
472			{
473	13		if (!is_subclass_of($throwable, \Throwable::class)) {
			0 ignored issues – show Bug introduced 2020-04-23 17:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this Due to PHP Bug #53727, `is_subclass_of` might return inconsistent results on some PHP versions if `\Throwable::class` can be an interface. If so, you could instead use `ReflectionClass::implementsInterface`. Loading history...
474	2		throw new InvalidConfigurationException(sprintf('FOSRestBundle exception mapper: Could not load class "%s" or the class does not extend from "%s". Most probably this is a configuration problem.', $throwable, \Throwable::class));
475			}
476	11		}
477			}
478

FriendsOfSymfony / FOSRestBundle

Issues (48)

Security Analysis not enabled

DependencyInjection/Configuration.php (8 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like