Issues in ResponseFactory.php (master) - Issues in master - Happyr/ApiBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (8)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Service/ResponseFactory.php (2 issues)

Labels

Bug 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Happyr\ApiBundle\Service;

use League\Fractal\Manager;
use League\Fractal\Pagination\CursorInterface;
use League\Fractal\Pagination\PaginatorInterface;
use League\Fractal\Resource\Collection;
use League\Fractal\Resource\Item;
use Symfony\Component\HttpFoundation\JsonResponse;
use Symfony\Component\Validator\ConstraintViolationInterface;
use Symfony\Component\Validator\ConstraintViolationListInterface;

/**
 * @author Tobias Nyholm <[email protected]>
 */
final class ResponseFactory
{
    const CODE_WRONG_ARGS = 'GEN-ARGUMENTS';

    const CODE_NOT_FOUND = 'GEN-NOTFOUND';

    const CODE_INTERNAL_ERROR = 'GEN-SERVERERROR';

    const CODE_UNAUTHORIZED = 'GEN-UNAUTHORIZED';

    const CODE_FORBIDDEN = 'GEN-FORBIDDEN';

    /**
     * @var Manager
     */
    private $fractal;

    /**
     * @var PaginatorInterface
     */
    private $paginator;

    /**
     * @var CursorInterface
     */
    private $cursor;

    /**
     * @param Manager $fractal
     */
    public function __construct(Manager $fractal)
    {
        $this->fractal = $fractal;
    }

    /**
     * @return Manager
     */
    public function getFractal()
    {
        return $this->fractal;
    }

    /**
     * @param mixed $item
     * @param       $callback
     *
     * @return JsonResponse
     */
    public function createWithItem($item, $callback)
    {
        $resource = new Item($item, $callback);
        $rootScope = $this->fractal->createData($resource);

        return $this->createWithArray($rootScope->toArray());

    }

    /**
     * @param mixed $collection
     * @param       $callback
     *
     * @return JsonResponse
     */
    public function createWithCollection($collection, $callback)
    {
        $resource = new Collection($collection, $callback);
        if (null !== $this->paginator) {
            $resource->setPaginator($this->paginator);
        } elseif (null !== $this->cursor) {
            $resource->setCursor($this->cursor);
        }
        $rootScope = $this->fractal->createData($resource);

        return $this->createWithArray($rootScope->toArray());

    }

    /**
     * @param PaginatorInterface $paginator
     *
     * @return ResponseFactory
     */
    public function withPaginator(PaginatorInterface $paginator)
    {
        $new = clone $this;
        $new->paginator = $paginator;

        return $new;
    }

    /**
     * @param CursorInterface $cursor
     *
     * @return ResponseFactory
     */
    public function withCursor(CursorInterface $cursor)
    {
        $new = clone $this;
        $new->cursor = $cursor;

        return $new;
    }

    /**
     * @param array $array
     * @param int   $statusCode
     * @param array $headers
     *
     * @return JsonResponse
     */
    public function createWithArray(array $array, $statusCode = 200, array $headers = [])
    {
        return new JsonResponse($array, $statusCode, $headers);
    }

    /**
     * @param string $message
     * @param int    $statusCode
     * @param string $errorCode
     *
     * @return JsonResponse
     */
    public function createWithError($message, $statusCode, $errorCode)
    {
        if (200 === $statusCode) {
            trigger_error(
                'You better have a really good reason for erroring on a 200...',
                E_USER_WARNING
            );
        }

        return $this->createWithArray([
            'error' => [
                'code' => $errorCode,
                'http_code' => $statusCode,
                'message' => $message,
            ],
        ], $statusCode);
    }

    /**
     * Generates a Response with a 403 HTTP header and a given message.
     *
     * @param string $message
     *
     * @return JsonResponse
     */
    public function createForbidden($message = 'Forbidden')
    {
        return $this->createWithError($message, 403, self::CODE_FORBIDDEN);
    }

    /**
     * Generates a Response with a 500 HTTP header and a given message.
     *
     * @param string $message
     *
     * @return JsonResponse
     */
    public function createInternalError($message = 'Internal Error')
    {
        return $this->createWithError($message, 500, self::CODE_INTERNAL_ERROR);
    }

    /**
     * Generates a Response with a 404 HTTP header and a given message.
     *
     * @param string $message
     *
     * @return JsonResponse
     */
    public function createNotFound($message = 'Resource Not Found')
    {
        return $this->createWithError($message, 404, self::CODE_NOT_FOUND);
    }

    /**
     * Generates a Response with a 401 HTTP header and a given message.
     *
     * @param string $message
     *
     * @return JsonResponse
     */
    public function createUnauthorized($message = 'Unauthorized')
    {
        return $this->createWithError($message, 401, self::CODE_UNAUTHORIZED);
    }

    /**
     * Generates a Response with a 400 HTTP header and a given message.
     *
     * @param string $message
     *
     * @return JsonResponse
     */
    public function createWrongArgs($message = 'Wrong Arguments')
    {
        return $this->createWithError($message, 400, self::CODE_WRONG_ARGS);
    }

    /**
     * @param ConstraintViolationListInterface $constraintViolationList
     * @param string                           $message
     * @param int                              $statusCode
     *
     * @return JsonResponse
     */
    public function createValidationFailed(
        ConstraintViolationListInterface $constraintViolationList,
        $message = 'Validation Failed',
        $statusCode = 400
    ) {
        $errors = [];
        /** @var ConstraintViolationInterface $constraintViolation */
        foreach ($constraintViolationList as $constraintViolation) {
            $errors[] = [
                'property' => $constraintViolation->getPropertyPath(),
                'message' => $constraintViolation->getMessage(),
            ];
        }

        return $this->createWithArray([
            'error' => [
                'code' => self::CODE_WRONG_ARGS,
                'http_code' => $statusCode,
                'message' => $message,
            ],
            'data' => [
                'errors' => $errors,
            ],
        ], $statusCode);
    }
}


1			<?php
2
3			namespace Happyr\ApiBundle\Service;
4
5			use League\Fractal\Manager;
6			use League\Fractal\Pagination\CursorInterface;
7			use League\Fractal\Pagination\PaginatorInterface;
8			use League\Fractal\Resource\Collection;
9			use League\Fractal\Resource\Item;
10			use Symfony\Component\HttpFoundation\JsonResponse;
11			use Symfony\Component\Validator\ConstraintViolationInterface;
12			use Symfony\Component\Validator\ConstraintViolationListInterface;
13
14			/**
15			* @author Tobias Nyholm <[email protected]>
16			*/
17			final class ResponseFactory
18			{
19			const CODE_WRONG_ARGS = 'GEN-ARGUMENTS';
20
21			const CODE_NOT_FOUND = 'GEN-NOTFOUND';
22
23			const CODE_INTERNAL_ERROR = 'GEN-SERVERERROR';
24
25			const CODE_UNAUTHORIZED = 'GEN-UNAUTHORIZED';
26
27			const CODE_FORBIDDEN = 'GEN-FORBIDDEN';
28
29			/**
30			* @var Manager
31			*/
32			private $fractal;
33
34			/**
35			* @var PaginatorInterface
36			*/
37			private $paginator;
38
39			/**
40			* @var CursorInterface
41			*/
42			private $cursor;
43
44			/**
45			* @param Manager $fractal
46			*/
47			public function __construct(Manager $fractal)
48			{
49			$this->fractal = $fractal;
50			}
51
52			/**
53			* @return Manager
54			*/
55			public function getFractal()
56			{
57			return $this->fractal;
58			}
59
60			/**
61			* @param mixed $item
62			* @param $callback
63			*
64			* @return JsonResponse
65			*/
66			public function createWithItem($item, $callback)
67			{
68			$resource = new Item($item, $callback);
69			$rootScope = $this->fractal->createData($resource);
70
71			return $this->createWithArray($rootScope->toArray());
			0 ignored issues – show Bug introduced 2017-04-15 10:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$rootScope->toArray()` targeting `League\Fractal\Scope::toArray()` can also be of type `null`; however, `Happyr\ApiBundle\Service...tory::createWithArray()` does only seem to accept `array`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
72			}
73
74			/**
75			* @param mixed $collection
76			* @param $callback
77			*
78			* @return JsonResponse
79			*/
80			public function createWithCollection($collection, $callback)
81			{
82			$resource = new Collection($collection, $callback);
83			if (null !== $this->paginator) {
84			$resource->setPaginator($this->paginator);
85			} elseif (null !== $this->cursor) {
86			$resource->setCursor($this->cursor);
87			}
88			$rootScope = $this->fractal->createData($resource);
89
90			return $this->createWithArray($rootScope->toArray());
			0 ignored issues – show Bug introduced 2017-04-15 10:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$rootScope->toArray()` targeting `League\Fractal\Scope::toArray()` can also be of type `null`; however, `Happyr\ApiBundle\Service...tory::createWithArray()` does only seem to accept `array`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
91			}
92
93			/**
94			* @param PaginatorInterface $paginator
95			*
96			* @return ResponseFactory
97			*/
98			public function withPaginator(PaginatorInterface $paginator)
99			{
100			$new = clone $this;
101			$new->paginator = $paginator;
102
103			return $new;
104			}
105
106			/**
107			* @param CursorInterface $cursor
108			*
109			* @return ResponseFactory
110			*/
111			public function withCursor(CursorInterface $cursor)
112			{
113			$new = clone $this;
114			$new->cursor = $cursor;
115
116			return $new;
117			}
118
119			/**
120			* @param array $array
121			* @param int $statusCode
122			* @param array $headers
123			*
124			* @return JsonResponse
125			*/
126			public function createWithArray(array $array, $statusCode = 200, array $headers = [])
127			{
128			return new JsonResponse($array, $statusCode, $headers);
129			}
130
131			/**
132			* @param string $message
133			* @param int $statusCode
134			* @param string $errorCode
135			*
136			* @return JsonResponse
137			*/
138			public function createWithError($message, $statusCode, $errorCode)
139			{
140			if (200 === $statusCode) {
141			trigger_error(
142			'You better have a really good reason for erroring on a 200...',
143			E_USER_WARNING
144			);
145			}
146
147			return $this->createWithArray([
148			'error' => [
149			'code' => $errorCode,
150			'http_code' => $statusCode,
151			'message' => $message,
152			],
153			], $statusCode);
154			}
155
156			/**
157			* Generates a Response with a 403 HTTP header and a given message.
158			*
159			* @param string $message
160			*
161			* @return JsonResponse
162			*/
163			public function createForbidden($message = 'Forbidden')
164			{
165			return $this->createWithError($message, 403, self::CODE_FORBIDDEN);
166			}
167
168			/**
169			* Generates a Response with a 500 HTTP header and a given message.
170			*
171			* @param string $message
172			*
173			* @return JsonResponse
174			*/
175			public function createInternalError($message = 'Internal Error')
176			{
177			return $this->createWithError($message, 500, self::CODE_INTERNAL_ERROR);
178			}
179
180			/**
181			* Generates a Response with a 404 HTTP header and a given message.
182			*
183			* @param string $message
184			*
185			* @return JsonResponse
186			*/
187			public function createNotFound($message = 'Resource Not Found')
188			{
189			return $this->createWithError($message, 404, self::CODE_NOT_FOUND);
190			}
191
192			/**
193			* Generates a Response with a 401 HTTP header and a given message.
194			*
195			* @param string $message
196			*
197			* @return JsonResponse
198			*/
199			public function createUnauthorized($message = 'Unauthorized')
200			{
201			return $this->createWithError($message, 401, self::CODE_UNAUTHORIZED);
202			}
203
204			/**
205			* Generates a Response with a 400 HTTP header and a given message.
206			*
207			* @param string $message
208			*
209			* @return JsonResponse
210			*/
211			public function createWrongArgs($message = 'Wrong Arguments')
212			{
213			return $this->createWithError($message, 400, self::CODE_WRONG_ARGS);
214			}
215
216			/**
217			* @param ConstraintViolationListInterface $constraintViolationList
218			* @param string $message
219			* @param int $statusCode
220			*
221			* @return JsonResponse
222			*/
223			public function createValidationFailed(
224			ConstraintViolationListInterface $constraintViolationList,
225			$message = 'Validation Failed',
226			$statusCode = 400
227			) {
228			$errors = [];
229			/** @var ConstraintViolationInterface $constraintViolation */
230			foreach ($constraintViolationList as $constraintViolation) {
231			$errors[] = [
232			'property' => $constraintViolation->getPropertyPath(),
233			'message' => $constraintViolation->getMessage(),
234			];
235			}
236
237			return $this->createWithArray([
238			'error' => [
239			'code' => self::CODE_WRONG_ARGS,
240			'http_code' => $statusCode,
241			'message' => $message,
242			],
243			'data' => [
244			'errors' => $errors,
245			],
246			], $statusCode);
247			}
248			}
249

Happyr / ApiBundle

Issues (8)

Security Analysis not enabled

Service/ResponseFactory.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like