Issues in Connection.php (master) - Issues in master - Fuitad/laravel-cassandra - Measure and Improve Code Quality continuously with Scrutinizer

Issues (26)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Connection.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace fuitad\LaravelCassandra;

use Cassandra;
use Cassandra\BatchStatement;
use Cassandra\ExecutionOptions;

class Connection extends \Illuminate\Database\Connection
{
    /**
     * The Cassandra keyspace
     *
     * @var string
     */
    protected $keyspace;

    /**
     * The Cassandra cluster
     *
     * @var \Cassandra\Cluster
     */
    protected $cluster;

    /**
     * The Cassandra connection handler.
     *
     * @var \Cassandra\Session
     */
    protected $session;

    /**
     * Create a new database connection instance.
     *
     * @param  array   $config
     */
    public function __construct(array $config)
    {
        $this->config = $config;

        // You can pass options directly to the Cassandra constructor
        $options = array_get($config, 'options', []);

        // Create the connection
        $this->cluster = $this->createCluster(null, $config, $options);

        if (isset($options['keyspace']) || isset($config['keyspace'])) {
            $this->keyspace = $config['keyspace'];
            $this->session = $this->cluster->connect($config['keyspace']);
        }

        $this->useDefaultPostProcessor();

        $this->useDefaultSchemaGrammar();

        $this->setQueryGrammar($this->getDefaultQueryGrammar());
    }

    /**
     * Begin a fluent query against a database table.
     *
     * @param  string  $table
     * @return Query\Builder
     */
    public function table($table)
    {
        $processor = $this->getPostProcessor();

        $query = new Query\Builder($this, $processor);


        return $query->from($table);
    }

    /**
     * return Cassandra cluster.
     *
     * @return \Cassandra\Cluster
     */
    public function getCassandraCluster()
    {
        return $this->cluster;
    }

    /**
     * return Cassandra Session.
     *
     * @return \Cassandra\Session
     */
    public function getCassandraSession()
    {
        return $this->session;
    }

    /**
     * Return the Cassandra keyspace
     *
     * @return string
     */
    public function getKeyspace()
    {
        return $this->keyspace;
    }

    /**
     * Create a new Cassandra cluster object.
     *
     * @param  string  $dsn
     * @param  array   $config
     * @param  array   $options
     * @return \Cassandra\Cluster
     */
    protected function createCluster($dsn, array $config, array $options)
    {
        // By default driver options is an empty array.
        $driverOptions = [];

        if (isset($config['driver_options']) && is_array($config['driver_options'])) {
            $driverOptions = $config['driver_options'];
        }

        $cluster = Cassandra::cluster();

        // Check if the credentials are not already set in the options
        if (!isset($options['username']) && !empty($config['username'])) {
            $options['username'] = $config['username'];
        }
        if (!isset($options['password']) && !empty($config['password'])) {
            $options['password'] = $config['password'];
        }

        // Authentication
        if (isset($options['username']) && isset($options['password'])) {
            $cluster->withCredentials($options['username'], $options['password']);
        }

        // Contact Points/Host
        if (isset($options['contactpoints']) || (isset($config['host']) && !empty($config['host']))) {
            $contactPoints = $config['host'];

            if (isset($options['contactpoints'])) {
                $contactPoints = $options['contactpoints'];
            }

            $cluster->withContactPoints($contactPoints);
        }

        if (!isset($options['port']) && !empty($config['port'])) {
            $cluster->withPort((int) $config['port']);
        }

        return $cluster->build();
    }

    /**
     * Disconnect from the underlying Cassandra connection.
     */
    public function disconnect()
    {
        unset($this->connection);
    }

    /**
     * Get the PDO driver name.
     *
     * @return string
     */
    public function getDriverName()
    {
        return 'cassandra';
    }

    /**
     * Run a select statement against the database.
     *
     * @param  string  $query
     * @param  array  $bindings
     * @param  bool  $useReadPdo
     * @return array
     */
    public function select($query, $bindings = [], $useReadPdo = true)
    {
        return $this->run($query, $bindings, function ($query, $bindings) use ($useReadPdo) {
            if ($this->pretending()) {
                return [];
            }

            $preparedStatement = $this->session->prepare($query);

            return $this->session->execute($preparedStatement, new ExecutionOptions(['arguments' => $bindings]));
        });
    }

    /**
     * Run an bulk insert statement against the database.
     *
     * @param  array  $queries
     * @param  array  $bindings
     * @return bool
     */
    public function insertBulk($queries = [], $bindings = [], $type = Cassandra::BATCH_LOGGED)
    {
        return $this->batchStatement($queries, $bindings, $type);
    }

    /**
     * Execute a group of queries inside a batch statement against the database.
     *
     * @param  array  $queries
     * @param  array  $bindings
     * @return bool
     */
    public function batchStatement($queries = [], $bindings = [], $type = Cassandra::BATCH_LOGGED)
    {
        return $this->run($queries, $bindings, function ($queries, $bindings) {
            if ($this->pretending()) {
                return [];
            }

            $batch = new BatchStatement(Cassandra::BATCH_LOGGED);

            foreach ($queries as $k => $query) {
                $preparedStatement = $this->session->prepare($query);
                $batch->add($preparedStatement, $bindings[$k]);
            }

            return $this->session->execute($batch);
        });
    }

    /**
     * Execute an SQL statement and return the boolean result.
     *
     * @param  string  $query
     * @param  array   $bindings
     * @return bool
     */
    public function statement($query, $bindings = [])
    {
        return $this->run($query, $bindings, function ($query, $bindings) {
            if ($this->pretending()) {
                return [];
            }

            $preparedStatement = $this->session->prepare($query);

            return $this->session->execute($preparedStatement, new ExecutionOptions(['arguments' => $bindings]));
        });
    }

    /**
     * Because Cassandra is an eventually consistent database, it's not possible to obtain
     * the affected count for statements so we're just going to return 0, based on the idea
     * that if the query fails somehow, an exception will be thrown
     *
     * @param  string  $query
     * @param  array   $bindings
     * @return int
     */
    public function affectingStatement($query, $bindings = [])
    {
        return $this->run($query, $bindings, function ($query, $bindings) {
            if ($this->pretending()) {
                return 0;
            }

            $preparedStatement = $this->session->prepare($query);

            $this->session->execute($preparedStatement, new ExecutionOptions(['arguments' => $bindings]));

            return 1;
        });
    }

    /**
     * @inheritdoc
     */
    protected function getDefaultPostProcessor()
    {
        return new Query\Processor();
    }

    /**
     * @inheritdoc
     */
    protected function getDefaultQueryGrammar()
    {
        return new Query\Grammar();
    }

    /**
     * @inheritdoc
     */
    protected function getDefaultSchemaGrammar()
    {
        //return new Schema\Grammar();
    }

    /**
     * Dynamically pass methods to the connection.
     *
     * @param  string  $method
     * @param  array   $parameters
     * @return mixed
     */
    public function __call($method, $parameters)
    {
        return call_user_func_array([$this->cluster, $method], $parameters);
    }
}


GitHub Access Token became invalid

Issues (26)

Security Analysis not enabled

src/Connection.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		namespace fuitad\LaravelCassandra;
4
5		use Cassandra;
6		use Cassandra\BatchStatement;
7		use Cassandra\ExecutionOptions;
8
9		class Connection extends \Illuminate\Database\Connection
10		{
11		/**
12		* The Cassandra keyspace
13		*
14		* @var string
15		*/
16		protected $keyspace;
17
18		/**
19		* The Cassandra cluster
20		*
21		* @var \Cassandra\Cluster
22		*/
23		protected $cluster;
24
25		/**
26		* The Cassandra connection handler.
27		*
28		* @var \Cassandra\Session
29		*/
30		protected $session;
31
32		/**
33		* Create a new database connection instance.
34		*
35		* @param array $config
36		*/
37		public function __construct(array $config)
38		{
39		$this->config = $config;
40
41		// You can pass options directly to the Cassandra constructor
42		$options = array_get($config, 'options', []);
43
44		// Create the connection
45		$this->cluster = $this->createCluster(null, $config, $options);
46
47		if (isset($options['keyspace']) \|\| isset($config['keyspace'])) {
48		$this->keyspace = $config['keyspace'];
49		$this->session = $this->cluster->connect($config['keyspace']);
50		}
51
52		$this->useDefaultPostProcessor();
53
54		$this->useDefaultSchemaGrammar();
55
56		$this->setQueryGrammar($this->getDefaultQueryGrammar());
57		}
58
59		/**
60		* Begin a fluent query against a database table.
61		*
62		* @param string $table
63		* @return Query\Builder
64		*/
65		public function table($table)
66		{
67		$processor = $this->getPostProcessor();
68
69		$query = new Query\Builder($this, $processor);
		0 ignored issues – show Compatibility introduced 2017-03-20 17:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$processor` of type `object<Illuminate\Databa...y\Processors\Processor>` is not a sub-type of `object<fuitad\LaravelCassandra\Query\Processor>`. It seems like you assume a child class of the class `Illuminate\Database\Query\Processors\Processor` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
70
71		return $query->from($table);
72		}
73
74		/**
75		* return Cassandra cluster.
76		*
77		* @return \Cassandra\Cluster
78		*/
79		public function getCassandraCluster()
80		{
81		return $this->cluster;
82		}
83
84		/**
85		* return Cassandra Session.
86		*
87		* @return \Cassandra\Session
88		*/
89		public function getCassandraSession()
90		{
91		return $this->session;
92		}
93
94		/**
95		* Return the Cassandra keyspace
96		*
97		* @return string
98		*/
99		public function getKeyspace()
100		{
101		return $this->keyspace;
102		}
103
104		/**
105		* Create a new Cassandra cluster object.
106		*
107		* @param string $dsn
108		* @param array $config
109		* @param array $options
110		* @return \Cassandra\Cluster
111		*/
112		protected function createCluster($dsn, array $config, array $options)
113		{
114		// By default driver options is an empty array.
115		$driverOptions = [];
116
117		if (isset($config['driver_options']) && is_array($config['driver_options'])) {
118		$driverOptions = $config['driver_options'];
119		}
120
121		$cluster = Cassandra::cluster();
122
123		// Check if the credentials are not already set in the options
124	View Code Duplication	if (!isset($options['username']) && !empty($config['username'])) {
125		$options['username'] = $config['username'];
126		}
127	View Code Duplication	if (!isset($options['password']) && !empty($config['password'])) {
128		$options['password'] = $config['password'];
129		}
130
131		// Authentication
132		if (isset($options['username']) && isset($options['password'])) {
133		$cluster->withCredentials($options['username'], $options['password']);
134		}
135
136		// Contact Points/Host
137		if (isset($options['contactpoints']) \|\| (isset($config['host']) && !empty($config['host']))) {
138		$contactPoints = $config['host'];
139
140		if (isset($options['contactpoints'])) {
141		$contactPoints = $options['contactpoints'];
142		}
143
144		$cluster->withContactPoints($contactPoints);
145		}
146
147		if (!isset($options['port']) && !empty($config['port'])) {
148		$cluster->withPort((int) $config['port']);
149		}
150
151		return $cluster->build();
152		}
153
154		/**
155		* Disconnect from the underlying Cassandra connection.
156		*/
157		public function disconnect()
158		{
159		unset($this->connection);
160		}
161
162		/**
163		* Get the PDO driver name.
164		*
165		* @return string
166		*/
167		public function getDriverName()
168		{
169		return 'cassandra';
170		}
171
172		/**
173		* Run a select statement against the database.
174		*
175		* @param string $query
176		* @param array $bindings
177		* @param bool $useReadPdo
178		* @return array
179		*/
180	View Code Duplication	public function select($query, $bindings = [], $useReadPdo = true)
181		{
182		return $this->run($query, $bindings, function ($query, $bindings) use ($useReadPdo) {
183		if ($this->pretending()) {
184		return [];
185		}
186
187		$preparedStatement = $this->session->prepare($query);
188
189		return $this->session->execute($preparedStatement, new ExecutionOptions(['arguments' => $bindings]));
190		});
191		}
192
193		/**
194		* Run an bulk insert statement against the database.
195		*
196		* @param array $queries
197		* @param array $bindings
198		* @return bool
199		*/
200		public function insertBulk($queries = [], $bindings = [], $type = Cassandra::BATCH_LOGGED)
201		{
202		return $this->batchStatement($queries, $bindings, $type);
203		}
204
205		/**
206		* Execute a group of queries inside a batch statement against the database.
207		*
208		* @param array $queries
209		* @param array $bindings
210		* @return bool
211		*/
212		public function batchStatement($queries = [], $bindings = [], $type = Cassandra::BATCH_LOGGED)
213		{
214		return $this->run($queries, $bindings, function ($queries, $bindings) {
215		if ($this->pretending()) {
216		return [];
217		}
218
219		$batch = new BatchStatement(Cassandra::BATCH_LOGGED);
220
221		foreach ($queries as $k => $query) {
222		$preparedStatement = $this->session->prepare($query);
223		$batch->add($preparedStatement, $bindings[$k]);
224		}
225
226		return $this->session->execute($batch);
227		});
228		}
229
230		/**
231		* Execute an SQL statement and return the boolean result.
232		*
233		* @param string $query
234		* @param array $bindings
235		* @return bool
236		*/
237	View Code Duplication	public function statement($query, $bindings = [])
238		{
239		return $this->run($query, $bindings, function ($query, $bindings) {
240		if ($this->pretending()) {
241		return [];
242		}
243
244		$preparedStatement = $this->session->prepare($query);
245
246		return $this->session->execute($preparedStatement, new ExecutionOptions(['arguments' => $bindings]));
247		});
248		}
249
250		/**
251		* Because Cassandra is an eventually consistent database, it's not possible to obtain
252		* the affected count for statements so we're just going to return 0, based on the idea
253		* that if the query fails somehow, an exception will be thrown
254		*
255		* @param string $query
256		* @param array $bindings
257		* @return int
258		*/
259	View Code Duplication	public function affectingStatement($query, $bindings = [])
260		{
261		return $this->run($query, $bindings, function ($query, $bindings) {
262		if ($this->pretending()) {
263		return 0;
264		}
265
266		$preparedStatement = $this->session->prepare($query);
267
268		$this->session->execute($preparedStatement, new ExecutionOptions(['arguments' => $bindings]));
269
270		return 1;
271		});
272		}
273
274		/**
275		* @inheritdoc
276		*/
277		protected function getDefaultPostProcessor()
278		{
279		return new Query\Processor();
280		}
281
282		/**
283		* @inheritdoc
284		*/
285		protected function getDefaultQueryGrammar()
286		{
287		return new Query\Grammar();
288		}
289
290		/**
291		* @inheritdoc
292		*/
293		protected function getDefaultSchemaGrammar()
294		{
295		//return new Schema\Grammar();
296		}
297
298		/**
299		* Dynamically pass methods to the connection.
300		*
301		* @param string $method
302		* @param array $parameters
303		* @return mixed
304		*/
305		public function __call($method, $parameters)
306		{
307		return call_user_func_array([$this->cluster, $method], $parameters);
308		}
309		}
310

Fuitad / laravel-cassandra

GitHub Access Token became invalid

Issues (26)

Security Analysis not enabled

src/Connection.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like