Issues in EntitySpecificationRepositoryTrait.php (master) - Issues in master - Happyr/Doctrine-Specification - Measure and Improve Code Quality continuously with Scrutinizer

Issues (145)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/EntitySpecificationRepositoryTrait.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This file is part of the Happyr Doctrine Specification package.
 *
 * (c) Tobias Nyholm <[email protected]>
 *     Kacper Gunia <[email protected]>
 *     Peter Gribanov <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Happyr\DoctrineSpecification;

use Doctrine\ORM\NonUniqueResultException as DoctrineNonUniqueResultException;
use Doctrine\ORM\NoResultException as DoctrineNoResultException;
use Doctrine\ORM\Query;
use Doctrine\ORM\QueryBuilder;
use Happyr\DoctrineSpecification\Exception\NonUniqueResultException;
use Happyr\DoctrineSpecification\Exception\NoResultException;
use Happyr\DoctrineSpecification\Filter\Filter;
use Happyr\DoctrineSpecification\Query\QueryModifier;
use Happyr\DoctrineSpecification\Result\ResultModifier;

@trigger_error('The '.__NAMESPACE__.'\EntitySpecificationRepositoryTrait class is deprecated since version 1.1 and will be removed in 2.0, use \Happyr\DoctrineSpecification\Repository\EntitySpecificationRepositoryTrait instead.', E_USER_DEPRECATED);
// For example instead of
@mkdir($dir);

// Better use
if (@mkdir($dir) === false) {
    throw new \RuntimeException('The directory '.$dir.' could not be created.');
}

/**
 * This trait should be used by a class extending \Doctrine\ORM\EntityRepository.
 *
 * @description This class is deprecated since version 1.1 and will be removed in 2.0, use \Happyr\DoctrineSpecification\Repository\EntitySpecificationRepositoryTrait instead.
 */
trait EntitySpecificationRepositoryTrait

{
    /**
     * @var string alias
     */
    private $alias = 'e';

    /**
     * Get results when you match with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @return mixed[]
     */
    public function match($specification, ResultModifier $modifier = null)
    {
        $query = $this->getQuery($specification, $modifier);

        return $query->execute();
    }

    /**
     * Get single result when you match with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @throw Exception\NonUniqueException  If more than one result is found
     * @throw Exception\NoResultException   If no results found
     *
     * @return mixed
     */
    public function matchSingleResult($specification, ResultModifier $modifier = null)
    {
        $query = $this->getQuery($specification, $modifier);

        try {
            return $query->getSingleResult();
        } catch (DoctrineNonUniqueResultException $e) {
            throw new NonUniqueResultException($e->getMessage(), $e->getCode(), $e);
        } catch (DoctrineNoResultException $e) {
            throw new NoResultException($e->getMessage(), $e->getCode(), $e);
        }
    }

    /**
     * Get single result or null when you match with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @throw Exception\NonUniqueException  If more than one result is found
     *
     * @return mixed|null
     */
    public function matchOneOrNullResult($specification, ResultModifier $modifier = null)
    {
        try {
            return $this->matchSingleResult($specification, $modifier);
        } catch (NoResultException $e) {
            return null;
        }
    }

    /**
     * Get single scalar result when you match with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @throw Exception\NonUniqueException  If more than one result is found
     * @throw Exception\NoResultException   If no results found
     *
     * @return mixed
     */
    public function matchSingleScalarResult($specification, ResultModifier $modifier = null)
    {
        $query = $this->getQuery($specification, $modifier);

        try {
            return $query->getSingleScalarResult();
        } catch (DoctrineNonUniqueResultException $e) {
            throw new NonUniqueResultException($e->getMessage(), $e->getCode(), $e);
        }
    }

    /**
     * Get scalar result when you match with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @throw Exception\NonUniqueException  If more than one result is found
     * @throw Exception\NoResultException   If no results found
     *
     * @return mixed
     */
    public function matchScalarResult($specification, ResultModifier $modifier = null)
    {
        $query = $this->getQuery($specification, $modifier);

        return $query->getScalarResult();
    }

    /**
     * Prepare a Query with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @return Query
     */
    public function getQuery($specification, ResultModifier $modifier = null)
    {
        $query = $this->getQueryBuilder($specification)->getQuery();

        if (null !== $modifier) {
            $modifier->modify($query);
        }

        return $query;
    }

    /**
     * @param Filter|QueryModifier $specification
     * @param string|null          $alias
     *
     * @return QueryBuilder
     */
    public function getQueryBuilder($specification, $alias = null)
    {
        $qb = $this->createQueryBuilder($alias ?: $this->getAlias());
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
        $this->applySpecification($qb, $specification, $alias);

        return $qb;
    }

    /**
     * Iterate results when you match with a Specification.
     *
     * @param Filter|QueryModifier $specification
     * @param ResultModifier|null  $modifier
     *
     * @return \Traversable
     */
    public function iterate($specification, ResultModifier $modifier = null)
    {
        foreach ($this->getQuery($specification, $modifier)->iterate() as $row) {
            yield current($row);
        }
    }

    /**
     * @param string $alias
     *
     * @return $this
     */
    public function setAlias($alias)
    {
        $this->alias = $alias;

        return $this;
    }

    /**
     * @return string
     */
    public function getAlias()
    {
        return $this->alias;
    }

    /**
     * @param QueryBuilder                    $queryBuilder
     * @param Filter|QueryModifier|mixed|null $specification
     * @param string                          $alias
     *
     * @throws \InvalidArgumentException
     */
    protected function applySpecification(QueryBuilder $queryBuilder, $specification = null, $alias = null)
    {
        if (null === $specification) {
            return;
        }

        if (!$specification instanceof QueryModifier && !$specification instanceof Filter) {
            throw new \InvalidArgumentException(sprintf(
                'Expected argument of type "%s" or "%s", "%s" given.',
                QueryModifier::class,
                Filter::class,
                is_object($specification) ? get_class($specification) : gettype($specification)
            ));
        }

        if ($specification instanceof QueryModifier) {
            $specification->modify($queryBuilder, $alias ?: $this->getAlias());
        }

        if ($specification instanceof Filter &&
            ($filter = $specification->getFilter($queryBuilder, $alias ?: $this->getAlias())) &&
            ($filter = trim($filter))
        ) {
            $queryBuilder->andWhere($filter);
        }
    }
}


1		<?php
2
3		/**
4		* This file is part of the Happyr Doctrine Specification package.
5		*
6		* (c) Tobias Nyholm <[email protected]>
7		* Kacper Gunia <[email protected]>
8		* Peter Gribanov <[email protected]>
9		*
10		* For the full copyright and license information, please view the LICENSE
11		* file that was distributed with this source code.
12		*/
13
14		namespace Happyr\DoctrineSpecification;
15
16		use Doctrine\ORM\NonUniqueResultException as DoctrineNonUniqueResultException;
17		use Doctrine\ORM\NoResultException as DoctrineNoResultException;
18		use Doctrine\ORM\Query;
19		use Doctrine\ORM\QueryBuilder;
20		use Happyr\DoctrineSpecification\Exception\NonUniqueResultException;
21		use Happyr\DoctrineSpecification\Exception\NoResultException;
22		use Happyr\DoctrineSpecification\Filter\Filter;
23		use Happyr\DoctrineSpecification\Query\QueryModifier;
24		use Happyr\DoctrineSpecification\Result\ResultModifier;
25
26		@trigger_error('The '.__NAMESPACE__.'\EntitySpecificationRepositoryTrait class is deprecated since version 1.1 and will be removed in 2.0, use \Happyr\DoctrineSpecification\Repository\EntitySpecificationRepositoryTrait instead.', E_USER_DEPRECATED);
		0 ignored issues – show Security Best Practice introduced 2021-01-20 15:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you do not handle an error condition here. This can introduce security issues, and is generally not recommended. If you suppress an error, we recommend checking for the error condition explicitly: // For example instead of @mkdir($dir); // Better use if (@mkdir($dir) === false) { throw new \RuntimeException('The directory '.$dir.' could not be created.'); } Loading history...
27
28		/**
29		* This trait should be used by a class extending \Doctrine\ORM\EntityRepository.
30		*
31		* @description This class is deprecated since version 1.1 and will be removed in 2.0, use \Happyr\DoctrineSpecification\Repository\EntitySpecificationRepositoryTrait instead.
32		*/
33	View Code Duplication	trait EntitySpecificationRepositoryTrait
		0 ignored issues – show Duplication introduced 2021-01-20 15:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this This class seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
34		{
35		/**
36		* @var string alias
37		*/
38		private $alias = 'e';
39
40		/**
41		* Get results when you match with a Specification.
42		*
43		* @param Filter\|QueryModifier $specification
44		* @param ResultModifier\|null $modifier
45		*
46		* @return mixed[]
47		*/
48		public function match($specification, ResultModifier $modifier = null)
49		{
50		$query = $this->getQuery($specification, $modifier);
51
52		return $query->execute();
53		}
54
55		/**
56		* Get single result when you match with a Specification.
57		*
58		* @param Filter\|QueryModifier $specification
59		* @param ResultModifier\|null $modifier
60		*
61		* @throw Exception\NonUniqueException If more than one result is found
62		* @throw Exception\NoResultException If no results found
63		*
64		* @return mixed
65		*/
66		public function matchSingleResult($specification, ResultModifier $modifier = null)
67		{
68		$query = $this->getQuery($specification, $modifier);
69
70		try {
71		return $query->getSingleResult();
72		} catch (DoctrineNonUniqueResultException $e) {
73		throw new NonUniqueResultException($e->getMessage(), $e->getCode(), $e);
74		} catch (DoctrineNoResultException $e) {
75		throw new NoResultException($e->getMessage(), $e->getCode(), $e);
76		}
77		}
78
79		/**
80		* Get single result or null when you match with a Specification.
81		*
82		* @param Filter\|QueryModifier $specification
83		* @param ResultModifier\|null $modifier
84		*
85		* @throw Exception\NonUniqueException If more than one result is found
86		*
87		* @return mixed\|null
88		*/
89		public function matchOneOrNullResult($specification, ResultModifier $modifier = null)
90		{
91		try {
92		return $this->matchSingleResult($specification, $modifier);
93		} catch (NoResultException $e) {
94		return null;
95		}
96		}
97
98		/**
99		* Get single scalar result when you match with a Specification.
100		*
101		* @param Filter\|QueryModifier $specification
102		* @param ResultModifier\|null $modifier
103		*
104		* @throw Exception\NonUniqueException If more than one result is found
105		* @throw Exception\NoResultException If no results found
106		*
107		* @return mixed
108		*/
109		public function matchSingleScalarResult($specification, ResultModifier $modifier = null)
110		{
111		$query = $this->getQuery($specification, $modifier);
112
113		try {
114		return $query->getSingleScalarResult();
115		} catch (DoctrineNonUniqueResultException $e) {
116		throw new NonUniqueResultException($e->getMessage(), $e->getCode(), $e);
117		}
118		}
119
120		/**
121		* Get scalar result when you match with a Specification.
122		*
123		* @param Filter\|QueryModifier $specification
124		* @param ResultModifier\|null $modifier
125		*
126		* @throw Exception\NonUniqueException If more than one result is found
127		* @throw Exception\NoResultException If no results found
128		*
129		* @return mixed
130		*/
131		public function matchScalarResult($specification, ResultModifier $modifier = null)
132		{
133		$query = $this->getQuery($specification, $modifier);
134
135		return $query->getScalarResult();
136		}
137
138		/**
139		* Prepare a Query with a Specification.
140		*
141		* @param Filter\|QueryModifier $specification
142		* @param ResultModifier\|null $modifier
143		*
144		* @return Query
145		*/
146		public function getQuery($specification, ResultModifier $modifier = null)
147		{
148		$query = $this->getQueryBuilder($specification)->getQuery();
149
150		if (null !== $modifier) {
151		$modifier->modify($query);
152		}
153
154		return $query;
155		}
156
157		/**
158		* @param Filter\|QueryModifier $specification
159		* @param string\|null $alias
160		*
161		* @return QueryBuilder
162		*/
163		public function getQueryBuilder($specification, $alias = null)
164		{
165		$qb = $this->createQueryBuilder($alias ?: $this->getAlias());
		0 ignored issues – show Bug introduced 2019-02-18 20:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `createQueryBuilder()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
166		$this->applySpecification($qb, $specification, $alias);
167
168		return $qb;
169		}
170
171		/**
172		* Iterate results when you match with a Specification.
173		*
174		* @param Filter\|QueryModifier $specification
175		* @param ResultModifier\|null $modifier
176		*
177		* @return \Traversable
178		*/
179		public function iterate($specification, ResultModifier $modifier = null)
180		{
181		foreach ($this->getQuery($specification, $modifier)->iterate() as $row) {
182		yield current($row);
183		}
184		}
185
186		/**
187		* @param string $alias
188		*
189		* @return $this
190		*/
191		public function setAlias($alias)
192		{
193		$this->alias = $alias;
194
195		return $this;
196		}
197
198		/**
199		* @return string
200		*/
201		public function getAlias()
202		{
203		return $this->alias;
204		}
205
206		/**
207		* @param QueryBuilder $queryBuilder
208		* @param Filter\|QueryModifier\|mixed\|null $specification
209		* @param string $alias
210		*
211		* @throws \InvalidArgumentException
212		*/
213		protected function applySpecification(QueryBuilder $queryBuilder, $specification = null, $alias = null)
214		{
215		if (null === $specification) {
216		return;
217		}
218
219		if (!$specification instanceof QueryModifier && !$specification instanceof Filter) {
220		throw new \InvalidArgumentException(sprintf(
221		'Expected argument of type "%s" or "%s", "%s" given.',
222		QueryModifier::class,
223		Filter::class,
224		is_object($specification) ? get_class($specification) : gettype($specification)
225		));
226		}
227
228		if ($specification instanceof QueryModifier) {
229		$specification->modify($queryBuilder, $alias ?: $this->getAlias());
230		}
231
232		if ($specification instanceof Filter &&
233		($filter = $specification->getFilter($queryBuilder, $alias ?: $this->getAlias())) &&
234		($filter = trim($filter))
235		) {
236		$queryBuilder->andWhere($filter);
237		}
238		}
239		}
240

Happyr / Doctrine-Specification

Issues (145)

Security Analysis no request data

src/EntitySpecificationRepositoryTrait.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like