Issues in Entity.php (master) - Issues in master - Jelle-S/TheSportsDb - Measure and Improve Code Quality continuously with Scrutinizer

Issues (26)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Entity/Entity.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @file
 * Contains \TheSportsDb\Entity\EntityInterface.
 */

namespace TheSportsDb\Entity;

use TheSportsDb\Entity\EntityManagerInterface;
use TheSportsDb\Entity\EntityPropertyUtil;
use TheSportsDb\PropertyMapper\PropertyMapDefinition;

/**
 * Description of Entity
 *
 * @author drupalpro
 */
abstract class Entity implements EntityInterface {

  /**
   * The property map definition.
   *
   * @var \TheSportsDb\PropertyMapper\PropertyMapDefinition
   */
  protected static $propertyMapDefinition;

  /**
   * Creates a new Entity object.
   *
   * @param \stdClass $values
   *   The entity data.
   */
  public function __construct(\stdClass $values) {
    $this->update($values);
  }

  /**
   * {@inheritdoc}
   */
  public function raw() {
    if (isset($this->_raw)) {
      return $this->_raw;
    }
    $this->_raw = new \stdClass();
    $reflection = new \ReflectionClass($this);
    $methods = $reflection->getMethods(\ReflectionMethod::IS_PUBLIC);
    foreach ($methods as $method) {
      // Skip static methods.
      if ($method->isStatic()) {
        continue;
      }
      $methodName = $method->getName();
      if (strpos($methodName, 'get') === 0) {
        $prop = lcfirst(substr($methodName, 3));
        if (property_exists($this, $prop)) {
          $val = $this->{$methodName}();
          $this->_raw->{$prop} = EntityPropertyUtil::getRawValue($val);
        }
      }
    }
    return $this->_raw;
  }

  /**
   * {@inheritdoc}
   */
  public function update(\stdClass $values) {
    foreach ((array) $values as $prop => $val) {
      if (property_exists($this, $prop)) {
        $this->{$prop} = $val;
      }
    }
  }

  /**
   * {@inheritdoc}
   */
  public static function getEntityType() {
    $reflection = new \ReflectionClass(static::class);
    return strtolower($reflection->getShortName());
  }

  /**
   * {@inheritdoc}
   */
  public static function getPropertyMapDefinition() {
    if (!isset(static::$propertyMapDefinition)) {
      static::$propertyMapDefinition = new PropertyMapDefinition();
      static::initPropertyMapDefinition();
    }
    return static::$propertyMapDefinition;
  }

  /**
   * Initialize the property map definition for this entity type.
   *
   * @return void
   */
  protected static function initPropertyMapDefinition() {}

  /**
   * Reverse map a property that is an entity.
   *
   * @param array $entity
   *   The entity to reverse map.
   * @param mixed $context
   *   The context for this mapping. Usually the raw entity this property is
   *   from.
   * @param EntityManagerInterface $entityManager
   *   The entity manager.
   *
   * @return mixed
   *   The reverse mapped value for this property, usually the entity id.
   */
  public static function reverse($entity, $context, EntityManagerInterface $entityManager) {
    $data = ($entity instanceof EntityInterface) ? $entity->raw() : $entity;
    return $data->id;
  }

  /**
   * Reverse map a property that is an array of entities.
   *
   * @param array $entities
   *   The entities to reverse map.
   * @param mixed $context
   *   The context for this mapping. Usually the raw entity.
   * @param EntityManagerInterface $entityManager
   *   The entity manager.
   *
   * @return array
   *   The reverse mapped value for this property, usually an array of ids.
   */
  public static function reverseArray(array $entities, $context, EntityManagerInterface $entityManager) {
    $reversedEntities = array();
    foreach ($entities as $entity) {
      $reversedEntities[] = static::reverse($entity, $context, $entityManager);
    }
    return $reversedEntities;
  }

  /**
   * Transforms a property value to an entity.
   *
   * @param mixed $value
   *   The value to transform.
   * @param \stdClass $context
   *   The context for this mapping. Usually the raw entity as defined by the
   *   sportsdb api this property is from.
   * @param EntityManagerInterface $entityManager
   *   The entity manager.
   * @param string $entityType
   *   The enitity type to transform this value to.
   * @param string $idName
   *   The name of the identifier property as defined by the sportsdb api.
   * @param array $contextPropertyMap
   *   Extra properties to map from the context
   *
   * @return \TheSportsDb\Entity\EntityInterface
   *   The mapped entity.
   */
  public static function transform($value, $context, EntityManagerInterface $entityManager, $entityType, $idName, array $contextPropertyMap = array()) {
    $data = static::transformHelper($value, $context, $idName, $contextPropertyMap);
    $entity = $entityManager->repository($entityType)->byId($data['id']);
    // Update with given values.
    $entity->update($data['object']);
    return $entity;
  }

  /**
   * Helper function to transform an entity.
   *
   * @param mixed $value
   *   The value to transform.
   * @param \stdClass $context
   *   The context for this mapping. Usually the raw entity as defined by the
   *   sportsdb api this property is from.
   * @param string $idName
   *   The name of the identifier property as defined by the sportsdb api.
   * @param array $contextPropertyMap
   *   Extra properties to map from the context
   *
   * @return array
   *   An array with following keys:
   *     - object: The raw data representing the entity.
   *     - id: The id of the entity.
   */
  public static function transformHelper($value, $context, $idName, array $contextPropertyMap = array()) {
    $data = array();
    $data['id'] = is_object($value) ? $value->{$idName} : $value;
    $data['object'] = is_object($value) ? $value : (object) array($idName => $data['id']);
    foreach ($contextPropertyMap as $source => $dest) {
      if (isset($context->{$source})) {
        $data['object']->{$dest} = $context->{$source};
      }
    }
    return $data;
  }

  /**
   * Transform a textual representation of a date to a \DateTimeObject
   * @param string $value
   *   The date.
   * @param string $format
   *   The format of the date
   * @param string $time

   *
   * @return \DateTime
   */
  public static function transformDateTime($value, $format, $time = NULL) {
    $date = new \DateTime($value);
    $date->createFromFormat($format, $value);
    if ($time && $time !== EntityManager::EMPTYPROPERTYPLACEHOLDER) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
      $time_parts = explode(':', $time);

      $time_parts[] = 0;

      $date->setTime($time_parts[0], $time_parts[1], $time_parts[2]);

    }
    return $date;
  }

  public static function reverseDate(\DateTime $value, $format) {
    return $value->format($format);
  }


  public static function reverseTime($value) {

    return $value->format('H:i:s');
  }

  /**
   * Transforms the date.
   *
   * @param string $value
   *   The textual representation of the date.
   *
   * @return \DateTime
   */
  public static function transformDateDefault($value) {
    return static::transformDateTime($value, 'Y-m-d');
  }

  /**
   * Reverses the date.
   *
   * @param \DateTime $value
   *   The date.
   *
   * @return string
   */
  public static function reverseDateDefault(\DateTime $value) {
    return static::reverseDate($value, 'Y-m-d');
  }
}


1		<?php
2		/**
3		* @file
4		* Contains \TheSportsDb\Entity\EntityInterface.
5		*/
6
7		namespace TheSportsDb\Entity;
8
9		use TheSportsDb\Entity\EntityManagerInterface;
10		use TheSportsDb\Entity\EntityPropertyUtil;
11		use TheSportsDb\PropertyMapper\PropertyMapDefinition;
12
13		/**
14		* Description of Entity
15		*
16		* @author drupalpro
17		*/
18		abstract class Entity implements EntityInterface {
19
20		/**
21		* The property map definition.
22		*
23		* @var \TheSportsDb\PropertyMapper\PropertyMapDefinition
24		*/
25		protected static $propertyMapDefinition;
26
27		/**
28		* Creates a new Entity object.
29		*
30		* @param \stdClass $values
31		* The entity data.
32		*/
33		public function __construct(\stdClass $values) {
34		$this->update($values);
35		}
36
37		/**
38		* {@inheritdoc}
39		*/
40	1	public function raw() {
41	1	if (isset($this->_raw)) {
42		return $this->_raw;
43		}
44	1	$this->_raw = new \stdClass();
45	1	$reflection = new \ReflectionClass($this);
46	1	$methods = $reflection->getMethods(\ReflectionMethod::IS_PUBLIC);
47	1	foreach ($methods as $method) {
48		// Skip static methods.
49	1	if ($method->isStatic()) {
50	1	continue;
51		}
52	1	$methodName = $method->getName();
53	1	if (strpos($methodName, 'get') === 0) {
54	1	$prop = lcfirst(substr($methodName, 3));
55	1	if (property_exists($this, $prop)) {
56	1	$val = $this->{$methodName}();
57	1	$this->_raw->{$prop} = EntityPropertyUtil::getRawValue($val);
58		}
59		}
60		}
61	1	return $this->_raw;
62		}
63
64		/**
65		* {@inheritdoc}
66		*/
67	1	public function update(\stdClass $values) {
68	1	foreach ((array) $values as $prop => $val) {
69	1	if (property_exists($this, $prop)) {
70	1	$this->{$prop} = $val;
71		}
72		}
73	1	}
74
75		/**
76		* {@inheritdoc}
77		*/
78	1	public static function getEntityType() {
79	1	$reflection = new \ReflectionClass(static::class);
80	1	return strtolower($reflection->getShortName());
81		}
82
83		/**
84		* {@inheritdoc}
85		*/
86	7	public static function getPropertyMapDefinition() {
87	7	if (!isset(static::$propertyMapDefinition)) {
88	3	static::$propertyMapDefinition = new PropertyMapDefinition();
89	3	static::initPropertyMapDefinition();
90		}
91	7	return static::$propertyMapDefinition;
92		}
93
94		/**
95		* Initialize the property map definition for this entity type.
96		*
97		* @return void
98		*/
99		protected static function initPropertyMapDefinition() {}
100
101		/**
102		* Reverse map a property that is an entity.
103		*
104		* @param array $entity
105		* The entity to reverse map.
106		* @param mixed $context
107		* The context for this mapping. Usually the raw entity this property is
108		* from.
109		* @param EntityManagerInterface $entityManager
110		* The entity manager.
111		*
112		* @return mixed
113		* The reverse mapped value for this property, usually the entity id.
114		*/
115	1	public static function reverse($entity, $context, EntityManagerInterface $entityManager) {
116	1	$data = ($entity instanceof EntityInterface) ? $entity->raw() : $entity;
117	1	return $data->id;
118		}
119
120		/**
121		* Reverse map a property that is an array of entities.
122		*
123		* @param array $entities
124		* The entities to reverse map.
125		* @param mixed $context
126		* The context for this mapping. Usually the raw entity.
127		* @param EntityManagerInterface $entityManager
128		* The entity manager.
129		*
130		* @return array
131		* The reverse mapped value for this property, usually an array of ids.
132		*/
133	1	public static function reverseArray(array $entities, $context, EntityManagerInterface $entityManager) {
134	1	$reversedEntities = array();
135	1	foreach ($entities as $entity) {
136	1	$reversedEntities[] = static::reverse($entity, $context, $entityManager);
137		}
138	1	return $reversedEntities;
139		}
140
141		/**
142		* Transforms a property value to an entity.
143		*
144		* @param mixed $value
145		* The value to transform.
146		* @param \stdClass $context
147		* The context for this mapping. Usually the raw entity as defined by the
148		* sportsdb api this property is from.
149		* @param EntityManagerInterface $entityManager
150		* The entity manager.
151		* @param string $entityType
152		* The enitity type to transform this value to.
153		* @param string $idName
154		* The name of the identifier property as defined by the sportsdb api.
155		* @param array $contextPropertyMap
156		* Extra properties to map from the context
157		*
158		* @return \TheSportsDb\Entity\EntityInterface
159		* The mapped entity.
160		*/
161	1	public static function transform($value, $context, EntityManagerInterface $entityManager, $entityType, $idName, array $contextPropertyMap = array()) {
162	1	$data = static::transformHelper($value, $context, $idName, $contextPropertyMap);
163	1	$entity = $entityManager->repository($entityType)->byId($data['id']);
164		// Update with given values.
165	1	$entity->update($data['object']);
166	1	return $entity;
167		}
168
169		/**
170		* Helper function to transform an entity.
171		*
172		* @param mixed $value
173		* The value to transform.
174		* @param \stdClass $context
175		* The context for this mapping. Usually the raw entity as defined by the
176		* sportsdb api this property is from.
177		* @param string $idName
178		* The name of the identifier property as defined by the sportsdb api.
179		* @param array $contextPropertyMap
180		* Extra properties to map from the context
181		*
182		* @return array
183		* An array with following keys:
184		* - object: The raw data representing the entity.
185		* - id: The id of the entity.
186		*/
187	1	public static function transformHelper($value, $context, $idName, array $contextPropertyMap = array()) {
188	1	$data = array();
189	1	$data['id'] = is_object($value) ? $value->{$idName} : $value;
190	1	$data['object'] = is_object($value) ? $value : (object) array($idName => $data['id']);
191	1	foreach ($contextPropertyMap as $source => $dest) {
192	1	if (isset($context->{$source})) {
193	1	$data['object']->{$dest} = $context->{$source};
194		}
195		}
196	1	return $data;
197		}
198
199		/**
200		* Transform a textual representation of a date to a \DateTimeObject
201		* @param string $value
202		* The date.
203		* @param string $format
204		* The format of the date
205		* @param string $time
		0 ignored issues – show Documentation introduced 2016-09-23 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$time` not be `string\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
206		*
207		* @return \DateTime
208		*/
209		public static function transformDateTime($value, $format, $time = NULL) {
210		$date = new \DateTime($value);
211		$date->createFromFormat($format, $value);
212		if ($time && $time !== EntityManager::EMPTYPROPERTYPLACEHOLDER) {
		0 ignored issues – show Bug Best Practice introduced 2016-09-23 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$time` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
213		$time_parts = explode(':', $time);
		0 ignored issues – show Coding Style introduced 2016-09-23 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$time_parts` does not seem to conform to the naming convention (`^[a-z][a-zA-Z0-9]*$`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
214		$time_parts[] = 0;
		0 ignored issues – show Coding Style introduced 2016-09-23 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$time_parts` does not seem to conform to the naming convention (`^[a-z][a-zA-Z0-9]*$`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
215		$date->setTime($time_parts[0], $time_parts[1], $time_parts[2]);
		0 ignored issues – show Coding Style introduced 2016-09-23 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$time_parts` does not seem to conform to the naming convention (`^[a-z][a-zA-Z0-9]*$`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
216		}
217		return $date;
218		}
219
220		public static function reverseDate(\DateTime $value, $format) {
221		return $value->format($format);
222		}
223
224
225		public static function reverseTime($value) {
		0 ignored issues – show Documentation introduced 2016-09-23 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type could not be reliably inferred; please add a `@return` annotation. Our type inference engine in quite powerful, but sometimes the code does not provide enough clues to go by. In these cases we request you to add a `@return` annotation as described here. Loading history...
226		return $value->format('H:i:s');
227		}
228
229		/**
230		* Transforms the date.
231		*
232		* @param string $value
233		* The textual representation of the date.
234		*
235		* @return \DateTime
236		*/
237		public static function transformDateDefault($value) {
238		return static::transformDateTime($value, 'Y-m-d');
239		}
240
241		/**
242		* Reverses the date.
243		*
244		* @param \DateTime $value
245		* The date.
246		*
247		* @return string
248		*/
249		public static function reverseDateDefault(\DateTime $value) {
250		return static::reverseDate($value, 'Y-m-d');
251		}
252		}
253

Jelle-S / TheSportsDb

Issues (26)

Security Analysis no request data

src/Entity/Entity.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like