Issues in Hooks.php (master) - Issues in master - ICanBoogie/Module - Measure and Improve Code Quality continuously with Scrutinizer

Issues (29)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/Module/Hooks.php (5 issues)

Labels

Unused Code 5

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the ICanBoogie package.
 *
 * (c) Olivier Laviale <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace ICanBoogie\Module;

use ICanBoogie\ActiveRecord;
use ICanBoogie\Autoconfig\Config;
use ICanBoogie\Binding\Routing\BeforeSynthesizeRoutesEvent;
use ICanBoogie\Core;
use ICanBoogie\Facets\Fetcher;
use ICanBoogie\Facets\Fetcher\BasicFetcher;
use ICanBoogie\Facets\RecordCollection;
use ICanBoogie\HTTP\RequestDispatcher;
use ICanBoogie\Module;
use ICanBoogie\Operation\OperationRouteDispatcher;
use ICanBoogie\PropertyNotDefined;
use ICanBoogie\Prototype;
use ICanBoogie\Render\TemplateResolver;
use ICanBoogie\Routing\Controller;
use ICanBoogie\View\View;

/**
 * Hook callbacks.
 */
class Hooks
{
	/*
	 * Config
	 */

	/**
	 * Adds "modules" directories found in the app directories to `module-path`.
	 *
	 * @param array $autoconfig
	 */
	static public function filter_autoconfig(array &$autoconfig)
	{
		foreach ($autoconfig['app-paths'] as $directory)
		{
			if (file_exists($directory . 'modules'))
			{
				$autoconfig['module-path'][] = $directory . 'modules';
			}
		}
	}

	/*
	 * Events
	 */

	/**
	 * Extends application configuration according to modules features.
	 *
	 * The method may extend the `locale-path` configuration value and the configuration paths
	 * according to the modules features.
	 *
	 * @param Core\ConfigureEvent $event
	 * @param Core|CoreBindings $app
	 */
	static public function on_core_configure(Core\ConfigureEvent $event, Core $app)

	{
		$modules = $app->modules;
		$modules->index;

		#
		# Add locale paths
		#

		$app->config['locale-path'] = array_merge($app->config['locale-path'], $modules->locale_paths);

		#
		# Add modules config paths to the configs path.
		#

		$modules_config_paths = $modules->config_paths;

		if ($modules_config_paths)
		{
			$app->configs->add($modules->config_paths, Config::CONFIG_WEIGHT_MODULE);
		}
	}

	/**
	 * Boot enabled modules.
	 *
	 * Before the modules are actually booted up, their index is used to alter the I18n load
	 * paths and the config paths.
	 *
	 * @param Core\BootEvent $event
	 * @param Core|CoreBindings $app
	 */
	static public function on_core_boot(Core\BootEvent $event, Core $app)

	{
		Prototype::configure($app->configs['prototype']);

		$app->events->attach_many($app->configs['event']);
	}

	/**
	 * Alter routes defined by modules by adding a `module` key that holds the identifier of the
	 * module that defines the route.
	 *
	 * @param BeforeSynthesizeRoutesEvent $event
	 */
	static public function before_synthesize_routes(BeforeSynthesizeRoutesEvent $event)
	{
		$module_roots = [];

		foreach (self::get_app_modules()->descriptors as $module_id => $descriptor)
		{
			$module_roots[$descriptor[Descriptor::PATH]] = $module_id;
		}

		foreach ($event->fragments as $module_root => &$fragment)
		{
			$module_root = dirname(dirname($module_root)) . DIRECTORY_SEPARATOR;

			if (empty($module_roots[$module_root]))
			{
				continue;
			}

			$module_id = $module_roots[$module_root];

			foreach ($fragment as $route_id => &$route)
			{
				$route += [

					ModuleRouteDefinition::MODULE => $module_id

				];
			}
		}
	}

	/**
	 * Decorates the template resolver with a {@link ModuleTemplateResolver} instance.
	 *
	 * @param TemplateResolver\AlterEvent $event
	 */
	static public function on_template_resolver_alter(TemplateResolver\AlterEvent $event)
	{
		$event->instance = new ModuleTemplateResolver($event->instance, self::get_app_modules());
	}

	/**
	 * If the view renders a module's route, the "template" directory of that module is added
	 * to the list of templates locations. Also, the module is set as `module` view variable.
	 *
	 * @param View\AlterEvent $event
	 * @param View $target
	 */
	static public function on_view_alter(View\AlterEvent $event, View $target)

	{
		try
		{
			/* @var $controller ControllerBindings */
			$controller = $target->controller;
			$module = $controller->module;
		}
		catch (PropertyNotDefined $e)
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
		{
			return;
		}

		$target['module'] = $module;
	}

	/**
	 * @param RequestDispatcher\AlterEvent $event
	 * @param RequestDispatcher $target
	 */
	static public function on_alter_request_dispatcher(RequestDispatcher\AlterEvent $event, RequestDispatcher $target)
	{
		$routing = $target['routing'];

		self::assert_routing_dispatcher_is_valid($routing);

		$modules = self::get_app_modules();

		$target['routing'] = new ModuleOperationDispatcher($routing->routes, $modules);
		$event->insert_before('forwarded_operation', new ForwardedOperationDispatcher($modules), 'routing');
	}

	/**
	 * Clears modules cache.
	 *
	 * @param Core\ClearCacheEvent $event
	 * @param Core $app
	 */
	static public function on_core_clear_cache(Core\ClearCacheEvent $event, Core $app)

	{
		$vars = $app->vars;
		$iterator = new \RegexIterator($vars->getIterator(), '/^cached_modules_/');

		foreach ($iterator as $key)
		{
			$vars->eliminate($key);
		}
	}

	/*
	 * Prototypes
	 */

	/**
	 * Return the {@link ModuleCollection} instance used to manage the modules attached to the _core_.
	 *
	 * @param Core $app
	 *
	 * @return ModuleCollection The modules provider.
	 */
	static public function get_modules(Core $app)
	{
		$config = $app->config;

		return new ModuleCollection($config['module-path'], $config['cache modules'] ? $app->vars : null);
	}

	/**
	 * Returns the {@link ModelCollection} instance used to obtain the models defined by the modules.
	 *
	 * @param Core|CoreBindings|\ICanBoogie\Binding\ActiveRecord\CoreBindings $app
	 *
	 * @return ModelCollection The models accessor.
	 */
	static public function get_models(Core $app)
	{
		return new ModelCollection($app->connections, $app->modules);
	}

	/**
	 * Return the {@link Module} instance associated with the route handled by the controller.
	 *
	 * @param Controller|ControllerBindings $controller
	 *
	 * @return Module
	 */
	static public function controller_get_module(Controller $controller)
	{
		return $controller->app->modules[$controller->route->module];
	}

	/**
	 * Return the primary model of the module associated with the route handled by the controller.
	 *
	 * @param Controller|ControllerBindings $controller
	 *
	 * @return \ICanBoogie\ActiveRecord\Model
	 *
	 * @see controller_get_module()
	 */
	static public function controller_get_model(Controller $controller)
	{
		return $controller->module->model;
	}

	/**
	 * Return a record fetcher for the controller `model`.
	 *
	 * **Note:** The "icanboogie/facets" package is required.
	 *
	 * @param Controller|ControllerBindings $controller
	 *
	 * @return BasicFetcher
	 */
	static public function controller_lazy_get_records_fetcher(Controller $controller)
	{
		return new BasicFetcher($controller->model);
	}

	/**
	 * Fetch records using the controller `records_fetcher`.
	 *
	 * @param Controller|ControllerBindings $controller
	 * @param array $modifiers
	 *
	 * @return RecordCollection
	 */
	static public function controller_fetch_records(Controller $controller, array $modifiers)
	{
		$fetcher = $controller->records_fetcher;

		return $fetcher($modifiers);
	}

	/**
	 * Fetch records using the controller `records_fetcher`.
	 *
	 * @param Controller|ControllerBindings $controller
	 * @param array $modifiers
	 * @param Fetcher|null $fetcher Reference to a variable where the fetcher should be stored.
	 *
	 * @return ActiveRecord
	 */
	static public function controller_fetch_record(Controller $controller, array $modifiers, &$fetcher = null)
	{
		$fetcher = $controller->records_fetcher;
		$records = $fetcher($modifiers);

		if (!$records) {
			return null;
		}

		return $records->one;
	}

	/*
	 * Support
	 */

	/**
	 * @return \ICanBoogie\Core|CoreBindings
	 */
	static private function app()
	{
		return \ICanBoogie\app();
	}

	/**
	 * Returns the application's module collection.
	 *
	 * @return ModuleCollection
	 */
	static private function get_app_modules()
	{
		static $modules;

		return $modules
			?: $modules = self::app()->modules;
	}

	/**
	 * Asserts that a dispatcher is an instance of {@link \ICanBoogie\Routing\RouteDispacther}.
	 *
	 * @param mixed $dispatcher
	 *
	 * @throws \LogicException if the dispatcher is not an instance of
	 * {@link \ICanBoogie\Routing\RouteDispacther}.
	 */
	static private function assert_routing_dispatcher_is_valid($dispatcher)
	{
		if (!$dispatcher instanceof OperationRouteDispatcher)
		{
			throw new \LogicException(\ICanBoogie\format("Expected `routing` dispatcher to be an instance of %expected, got %actual instead.", [

				'expected' => OperationRouteDispatcher::class,
				'actual' => get_class($dispatcher)

			]));
		}
	}
}


GitHub Access Token became invalid

Issues (29)

Security Analysis no request data

lib/Module/Hooks.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1			<?php
2
3			/*
4			* This file is part of the ICanBoogie package.
5			*
6			* (c) Olivier Laviale <[email protected]>
7			*
8			* For the full copyright and license information, please view the LICENSE
9			* file that was distributed with this source code.
10			*/
11
12			namespace ICanBoogie\Module;
13
14			use ICanBoogie\ActiveRecord;
15			use ICanBoogie\Autoconfig\Config;
16			use ICanBoogie\Binding\Routing\BeforeSynthesizeRoutesEvent;
17			use ICanBoogie\Core;
18			use ICanBoogie\Facets\Fetcher;
19			use ICanBoogie\Facets\Fetcher\BasicFetcher;
20			use ICanBoogie\Facets\RecordCollection;
21			use ICanBoogie\HTTP\RequestDispatcher;
22			use ICanBoogie\Module;
23			use ICanBoogie\Operation\OperationRouteDispatcher;
24			use ICanBoogie\PropertyNotDefined;
25			use ICanBoogie\Prototype;
26			use ICanBoogie\Render\TemplateResolver;
27			use ICanBoogie\Routing\Controller;
28			use ICanBoogie\View\View;
29
30			/**
31			* Hook callbacks.
32			*/
33			class Hooks
34			{
35			/*
36			* Config
37			*/
38
39			/**
40			* Adds "modules" directories found in the app directories to `module-path`.
41			*
42			* @param array $autoconfig
43			*/
44			static public function filter_autoconfig(array &$autoconfig)
45			{
46			foreach ($autoconfig['app-paths'] as $directory)
47			{
48			if (file_exists($directory . 'modules'))
49			{
50			$autoconfig['module-path'][] = $directory . 'modules';
51			}
52			}
53			}
54
55			/*
56			* Events
57			*/
58
59			/**
60			* Extends application configuration according to modules features.
61			*
62			* The method may extend the `locale-path` configuration value and the configuration paths
63			* according to the modules features.
64			*
65			* @param Core\ConfigureEvent $event
66			* @param Core\|CoreBindings $app
67			*/
68			static public function on_core_configure(Core\ConfigureEvent $event, Core $app)
			0 ignored issues – show Unused Code introduced 2015-12-12 00:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$event` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
69			{
70			$modules = $app->modules;
71			$modules->index;
72
73			#
74			# Add locale paths
75			#
76
77			$app->config['locale-path'] = array_merge($app->config['locale-path'], $modules->locale_paths);
78
79			#
80			# Add modules config paths to the configs path.
81			#
82
83			$modules_config_paths = $modules->config_paths;
84
85			if ($modules_config_paths)
86			{
87			$app->configs->add($modules->config_paths, Config::CONFIG_WEIGHT_MODULE);
88			}
89			}
90
91			/**
92			* Boot enabled modules.
93			*
94			* Before the modules are actually booted up, their index is used to alter the I18n load
95			* paths and the config paths.
96			*
97			* @param Core\BootEvent $event
98			* @param Core\|CoreBindings $app
99			*/
100			static public function on_core_boot(Core\BootEvent $event, Core $app)
			0 ignored issues – show Unused Code introduced 2015-12-12 00:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$event` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
101			{
102			Prototype::configure($app->configs['prototype']);
103
104			$app->events->attach_many($app->configs['event']);
105			}
106
107			/**
108			* Alter routes defined by modules by adding a `module` key that holds the identifier of the
109			* module that defines the route.
110			*
111			* @param BeforeSynthesizeRoutesEvent $event
112			*/
113			static public function before_synthesize_routes(BeforeSynthesizeRoutesEvent $event)
114			{
115			$module_roots = [];
116
117			foreach (self::get_app_modules()->descriptors as $module_id => $descriptor)
118			{
119			$module_roots[$descriptor[Descriptor::PATH]] = $module_id;
120			}
121
122			foreach ($event->fragments as $module_root => &$fragment)
123			{
124			$module_root = dirname(dirname($module_root)) . DIRECTORY_SEPARATOR;
125
126			if (empty($module_roots[$module_root]))
127			{
128			continue;
129			}
130
131			$module_id = $module_roots[$module_root];
132
133			foreach ($fragment as $route_id => &$route)
134			{
135			$route += [
136
137			ModuleRouteDefinition::MODULE => $module_id
138
139			];
140			}
141			}
142			}
143
144			/**
145			* Decorates the template resolver with a {@link ModuleTemplateResolver} instance.
146			*
147			* @param TemplateResolver\AlterEvent $event
148			*/
149			static public function on_template_resolver_alter(TemplateResolver\AlterEvent $event)
150			{
151			$event->instance = new ModuleTemplateResolver($event->instance, self::get_app_modules());
152			}
153
154			/**
155			* If the view renders a module's route, the "template" directory of that module is added
156			* to the list of templates locations. Also, the module is set as `module` view variable.
157			*
158			* @param View\AlterEvent $event
159			* @param View $target
160			*/
161			static public function on_view_alter(View\AlterEvent $event, View $target)
			0 ignored issues – show Unused Code introduced 2015-12-12 00:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$event` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
162			{
163			try
164			{
165			/* @var $controller ControllerBindings */
166			$controller = $target->controller;
167			$module = $controller->module;
168			}
169			catch (PropertyNotDefined $e)
			0 ignored issues – show Unused Code introduced 2015-12-12 00:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this `catch (\ICanBoogie\Prope...ned $e) { return; }` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
170			{
171			return;
172			}
173
174			$target['module'] = $module;
175			}
176
177			/**
178			* @param RequestDispatcher\AlterEvent $event
179			* @param RequestDispatcher $target
180			*/
181			static public function on_alter_request_dispatcher(RequestDispatcher\AlterEvent $event, RequestDispatcher $target)
182			{
183			$routing = $target['routing'];
184
185			self::assert_routing_dispatcher_is_valid($routing);
186
187			$modules = self::get_app_modules();
188
189			$target['routing'] = new ModuleOperationDispatcher($routing->routes, $modules);
190			$event->insert_before('forwarded_operation', new ForwardedOperationDispatcher($modules), 'routing');
191			}
192
193			/**
194			* Clears modules cache.
195			*
196			* @param Core\ClearCacheEvent $event
197			* @param Core $app
198			*/
199			static public function on_core_clear_cache(Core\ClearCacheEvent $event, Core $app)
			0 ignored issues – show Unused Code introduced 2015-12-12 00:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$event` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
200			{
201			$vars = $app->vars;
202			$iterator = new \RegexIterator($vars->getIterator(), '/^cached_modules_/');
203
204			foreach ($iterator as $key)
205			{
206			$vars->eliminate($key);
207			}
208			}
209
210			/*
211			* Prototypes
212			*/
213
214			/**
215			* Return the {@link ModuleCollection} instance used to manage the modules attached to the _core_.
216			*
217			* @param Core $app
218			*
219			* @return ModuleCollection The modules provider.
220			*/
221			static public function get_modules(Core $app)
222			{
223			$config = $app->config;
224
225			return new ModuleCollection($config['module-path'], $config['cache modules'] ? $app->vars : null);
226			}
227
228			/**
229			* Returns the {@link ModelCollection} instance used to obtain the models defined by the modules.
230			*
231			* @param Core\|CoreBindings\|\ICanBoogie\Binding\ActiveRecord\CoreBindings $app
232			*
233			* @return ModelCollection The models accessor.
234			*/
235			static public function get_models(Core $app)
236			{
237			return new ModelCollection($app->connections, $app->modules);
238			}
239
240			/**
241			* Return the {@link Module} instance associated with the route handled by the controller.
242			*
243			* @param Controller\|ControllerBindings $controller
244			*
245			* @return Module
246			*/
247			static public function controller_get_module(Controller $controller)
248			{
249			return $controller->app->modules[$controller->route->module];
250			}
251
252			/**
253			* Return the primary model of the module associated with the route handled by the controller.
254			*
255			* @param Controller\|ControllerBindings $controller
256			*
257			* @return \ICanBoogie\ActiveRecord\Model
258			*
259			* @see controller_get_module()
260			*/
261			static public function controller_get_model(Controller $controller)
262			{
263			return $controller->module->model;
264			}
265
266			/**
267			* Return a record fetcher for the controller `model`.
268			*
269			* Note: The "icanboogie/facets" package is required.
270			*
271			* @param Controller\|ControllerBindings $controller
272			*
273			* @return BasicFetcher
274			*/
275			static public function controller_lazy_get_records_fetcher(Controller $controller)
276			{
277			return new BasicFetcher($controller->model);
278			}
279
280			/**
281			* Fetch records using the controller `records_fetcher`.
282			*
283			* @param Controller\|ControllerBindings $controller
284			* @param array $modifiers
285			*
286			* @return RecordCollection
287			*/
288			static public function controller_fetch_records(Controller $controller, array $modifiers)
289			{
290			$fetcher = $controller->records_fetcher;
291
292			return $fetcher($modifiers);
293			}
294
295			/**
296			* Fetch records using the controller `records_fetcher`.
297			*
298			* @param Controller\|ControllerBindings $controller
299			* @param array $modifiers
300			* @param Fetcher\|null $fetcher Reference to a variable where the fetcher should be stored.
301			*
302			* @return ActiveRecord
303			*/
304			static public function controller_fetch_record(Controller $controller, array $modifiers, &$fetcher = null)
305			{
306			$fetcher = $controller->records_fetcher;
307			$records = $fetcher($modifiers);
308
309			if (!$records) {
310			return null;
311			}
312
313			return $records->one;
314			}
315
316			/*
317			* Support
318			*/
319
320			/**
321			* @return \ICanBoogie\Core\|CoreBindings
322			*/
323			static private function app()
324			{
325			return \ICanBoogie\app();
326			}
327
328			/**
329			* Returns the application's module collection.
330			*
331			* @return ModuleCollection
332			*/
333			static private function get_app_modules()
334			{
335			static $modules;
336
337			return $modules
338			?: $modules = self::app()->modules;
339			}
340
341			/**
342			* Asserts that a dispatcher is an instance of {@link \ICanBoogie\Routing\RouteDispacther}.
343			*
344			* @param mixed $dispatcher
345			*
346			* @throws \LogicException if the dispatcher is not an instance of
347			* {@link \ICanBoogie\Routing\RouteDispacther}.
348			*/
349			static private function assert_routing_dispatcher_is_valid($dispatcher)
350			{
351			if (!$dispatcher instanceof OperationRouteDispatcher)
352			{
353			throw new \LogicException(\ICanBoogie\format("Expected `routing` dispatcher to be an instance of %expected, got %actual instead.", [
354
355			'expected' => OperationRouteDispatcher::class,
356			'actual' => get_class($dispatcher)
357
358			]));
359			}
360			}
361			}
362

ICanBoogie / Module

GitHub Access Token became invalid

Issues (29)

Security Analysis no request data

lib/Module/Hooks.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like