Issues in Message.php (master) - Issues in master - Luctum/Increase - Measure and Improve Code Quality continuously with Scrutinizer

Issues (48)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/models/Message.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Message extends \Phalcon\Mvc\Model
namespace YourVendor;

class YourClass { }
{

    /**
     *
     * @var integer
     */
    protected $id;

    /**
     *
     * @var string
     */
    protected $objet;

    /**
     *
     * @var string
     */
    protected $content;

    /**
     *
     * @var string
     */
    protected $date;

    /**
     *
     * @var integer
     */
    protected $idUser;

    /**
     *
     * @var integer
     */
    protected $idProjet;

    /**
     *
     * @var integer
     */
    protected $idFil;

    /**
     * Method to set the value of field id
     *
     * @param integer $id
     * @return $this
     */
    public function setId($id)
    {
        $this->id = $id;

        return $this;
    }

    /**
     * Method to set the value of field objet
     *
     * @param string $objet
     * @return $this
     */
    public function setObjet($objet)
    {
        $this->objet = $objet;

        return $this;
    }

    /**
     * Method to set the value of field content
     *
     * @param string $content
     * @return $this
     */
    public function setContent($content)
    {
        $this->content = $content;

        return $this;
    }

    /**
     * Method to set the value of field date
     *
     * @param string $date
     * @return $this
     */
    public function setDate($date)
    {
        $this->date = $date;

        return $this;
    }

    /**
     * Method to set the value of field idUser
     *
     * @param integer $idUser
     * @return $this
     */
    public function setIdUser($idUser)
    {
        $this->idUser = $idUser;

        return $this;
    }

    /**
     * Method to set the value of field idProjet
     *
     * @param integer $idProjet
     * @return $this
     */
    public function setIdProjet($idProjet)
    {
        $this->idProjet = $idProjet;

        return $this;
    }

    /**
     * Method to set the value of field idFil
     *
     * @param integer $idFil
     * @return $this
     */
    public function setIdFil($idFil)
    {
        $this->idFil = $idFil;

        return $this;
    }

    /**
     * Returns the value of field id
     *
     * @return integer
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Returns the value of field objet
     *
     * @return string
     */
    public function getObjet()
    {
        return $this->objet;
    }

    /**
     * Returns the value of field content
     *
     * @return string
     */
    public function getContent()
    {
        return $this->content;
    }

    /**
     * Returns the value of field date
     *
     * @return string
     */
    public function getDate()
    {
        return $this->date;
    }

    /**
     * Returns the value of field idUser
     *
     * @return integer
     */
    public function getIdUser()
    {
        return $this->idUser;
    }

    /**
     * Returns the value of field idProjet
     *
     * @return integer
     */
    public function getIdProjet()
    {
        return $this->idProjet;
    }

    /**
     * Returns the value of field idFil
     *
     * @return integer
     */
    public function getIdFil()
    {
        return $this->idFil;
    }

    /**
     * Initialize method for model.
     */
    public function initialize()

    {
        $this->hasMany('id', 'Message', 'idFil', array('alias' => 'Messages'));
        $this->belongsTo('idFil', 'Message', 'id', array('alias' => 'Message'));
        $this->belongsTo('idProjet', 'Projet', 'id', array('alias' => 'Projet'));
        $this->belongsTo('idUser', 'User', 'id', array('alias' => 'User'));
    }

    /**
     * Returns table name mapped in the model.
     *
     * @return string
     */
    public function getSource()
    {
        return 'message';
    }

    /**
     * Allows to query a set of records that match the specified conditions
     *
     * @param mixed $parameters
     * @return Message[]
     */
    public static function find($parameters = null)
    {
        return parent::find($parameters);
    }

    /**
     * Allows to query the first record that match the specified conditions
     *
     * @param mixed $parameters
     * @return Message
     */
    public static function findFirst($parameters = null)
    {
        return parent::findFirst($parameters);
    }

    public function toString(){
        return $this->content;
    }

}


1		<?php
2
3		class Message extends \Phalcon\Mvc\Model
		0 ignored issues – show Coding Style Compatibility introduced 2015-12-01 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
4		{
5
6		/**
7		*
8		* @var integer
9		*/
10		protected $id;
11
12		/**
13		*
14		* @var string
15		*/
16		protected $objet;
17
18		/**
19		*
20		* @var string
21		*/
22		protected $content;
23
24		/**
25		*
26		* @var string
27		*/
28		protected $date;
29
30		/**
31		*
32		* @var integer
33		*/
34		protected $idUser;
35
36		/**
37		*
38		* @var integer
39		*/
40		protected $idProjet;
41
42		/**
43		*
44		* @var integer
45		*/
46		protected $idFil;
47
48		/**
49		* Method to set the value of field id
50		*
51		* @param integer $id
52		* @return $this
53		*/
54		public function setId($id)
55		{
56		$this->id = $id;
57
58		return $this;
59		}
60
61		/**
62		* Method to set the value of field objet
63		*
64		* @param string $objet
65		* @return $this
66		*/
67		public function setObjet($objet)
68		{
69		$this->objet = $objet;
70
71		return $this;
72		}
73
74		/**
75		* Method to set the value of field content
76		*
77		* @param string $content
78		* @return $this
79		*/
80		public function setContent($content)
81		{
82		$this->content = $content;
83
84		return $this;
85		}
86
87		/**
88		* Method to set the value of field date
89		*
90		* @param string $date
91		* @return $this
92		*/
93		public function setDate($date)
94		{
95		$this->date = $date;
96
97		return $this;
98		}
99
100		/**
101		* Method to set the value of field idUser
102		*
103		* @param integer $idUser
104		* @return $this
105		*/
106		public function setIdUser($idUser)
107		{
108		$this->idUser = $idUser;
109
110		return $this;
111		}
112
113		/**
114		* Method to set the value of field idProjet
115		*
116		* @param integer $idProjet
117		* @return $this
118		*/
119		public function setIdProjet($idProjet)
120		{
121		$this->idProjet = $idProjet;
122
123		return $this;
124		}
125
126		/**
127		* Method to set the value of field idFil
128		*
129		* @param integer $idFil
130		* @return $this
131		*/
132		public function setIdFil($idFil)
133		{
134		$this->idFil = $idFil;
135
136		return $this;
137		}
138
139		/**
140		* Returns the value of field id
141		*
142		* @return integer
143		*/
144		public function getId()
145		{
146		return $this->id;
147		}
148
149		/**
150		* Returns the value of field objet
151		*
152		* @return string
153		*/
154		public function getObjet()
155		{
156		return $this->objet;
157		}
158
159		/**
160		* Returns the value of field content
161		*
162		* @return string
163		*/
164		public function getContent()
165		{
166		return $this->content;
167		}
168
169		/**
170		* Returns the value of field date
171		*
172		* @return string
173		*/
174		public function getDate()
175		{
176		return $this->date;
177		}
178
179		/**
180		* Returns the value of field idUser
181		*
182		* @return integer
183		*/
184		public function getIdUser()
185		{
186		return $this->idUser;
187		}
188
189		/**
190		* Returns the value of field idProjet
191		*
192		* @return integer
193		*/
194		public function getIdProjet()
195		{
196		return $this->idProjet;
197		}
198
199		/**
200		* Returns the value of field idFil
201		*
202		* @return integer
203		*/
204		public function getIdFil()
205		{
206		return $this->idFil;
207		}
208
209		/**
210		* Initialize method for model.
211		*/
212	View Code Duplication	public function initialize()
		0 ignored issues – show Duplication introduced 2015-12-10 07:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
213		{
214		$this->hasMany('id', 'Message', 'idFil', array('alias' => 'Messages'));
215		$this->belongsTo('idFil', 'Message', 'id', array('alias' => 'Message'));
216		$this->belongsTo('idProjet', 'Projet', 'id', array('alias' => 'Projet'));
217		$this->belongsTo('idUser', 'User', 'id', array('alias' => 'User'));
218		}
219
220		/**
221		* Returns table name mapped in the model.
222		*
223		* @return string
224		*/
225		public function getSource()
226		{
227		return 'message';
228		}
229
230		/**
231		* Allows to query a set of records that match the specified conditions
232		*
233		* @param mixed $parameters
234		* @return Message[]
235		*/
236		public static function find($parameters = null)
237		{
238		return parent::find($parameters);
239		}
240
241		/**
242		* Allows to query the first record that match the specified conditions
243		*
244		* @param mixed $parameters
245		* @return Message
246		*/
247		public static function findFirst($parameters = null)
248		{
249		return parent::findFirst($parameters);
250		}
251
252		public function toString(){
253		return $this->content;
254		}
255
256		}
257

Luctum / Increase

Issues (48)

Security Analysis not enabled

app/models/Message.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like