Issues in Projet.php (master) - Issues in master - Luctum/Increase - Measure and Improve Code Quality continuously with Scrutinizer

Issues (48)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/models/Projet.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

class Projet extends \Phalcon\Mvc\Model
namespace YourVendor;

class YourClass { }
{

    /**
     *
     * @var integer
     */
    protected $id;

    /**
     *
     * @var string
     */
    protected $nom;

    /**
     *
     * @var string
     */
    protected $description;

    /**
     *
     * @var string
     */
    protected $dateLancement;

    /**
     *
     * @var string
     */
    protected $dateFinPrevue;

    /**
     *
     * @var string
     */
    protected $image;

    /**
     *
     * @var integer
     */
    protected $idClient;

    /**
     * Method to set the value of field id
     *
     * @param integer $id
     * @return $this
     */
    public function setId($id)
    {
        $this->id = $id;

        return $this;
    }

    /**
     * Method to set the value of field nom
     *
     * @param string $nom
     * @return $this
     */
    public function setNom($nom)
    {
        $this->nom = $nom;

        return $this;
    }

    /**
     * Method to set the value of field description
     *
     * @param string $description
     * @return $this
     */
    public function setDescription($description)
    {
        $this->description = $description;

        return $this;
    }

    /**
     * Method to set the value of field dateLancement
     *
     * @param string $dateLancement
     * @return $this
     */
    public function setDateLancement($dateLancement)
    {
        $this->dateLancement = $dateLancement;

        return $this;
    }

    /**
     * Method to set the value of field dateFinPrevue
     *
     * @param string $dateFinPrevue
     * @return $this
     */
    public function setDateFinPrevue($dateFinPrevue)
    {
        $this->dateFinPrevue = $dateFinPrevue;

        return $this;
    }

    /**
     * Method to set the value of field image
     *
     * @param string $image
     * @return $this
     */
    public function setImage($image)
    {
        $this->image = $image;

        return $this;
    }

    /**
     * Method to set the value of field idClient
     *
     * @param integer $idClient
     * @return $this
     */
    public function setIdClient($idClient)
    {
        $this->idClient = $idClient;

        return $this;
    }

    /**
     * Returns the value of field id
     *
     * @return integer
     */
    public function getId()
    {
        return $this->id;
    }

    /**
     * Returns the value of field nom
     *
     * @return string
     */
    public function getNom()
    {
        return $this->nom;
    }

    /**
     * Returns the value of field description
     *
     * @return string
     */
    public function getDescription()
    {
        return $this->description;
    }

    /**
     * Returns the value of field dateLancement
     *
     * @return string
     */
    public function getDateLancement()
    {
        return $this->dateLancement;
    }

    /**
     * Returns the value of field dateFinPrevue
     *
     * @return string
     */
    public function getDateFinPrevue()
    {
        return $this->dateFinPrevue;
    }

    /**
     * Returns the value of field image
     *
     * @return string
     */
    public function getImage()
    {
        return $this->image;
    }

    /**
     * Returns the value of field idClient
     *
     * @return integer
     */
    public function getIdClient()
    {
        return $this->idClient;
    }

    /**
     * Initialize method for model.
     */
    public function initialize()
    {
        $this->hasMany('id', 'Message', 'idProjet', array('alias' => 'Messages'));
        $this->hasMany('id', 'Usecase', 'idProjet', array('alias' => 'Usecase'));
        $this->belongsTo('idClient', 'User', 'id', array('alias' => 'Client'));
    }

    /**
     * Returns table name mapped in the model.
     *
     * @return string
     */
    public function getSource()
    {
        return 'projet';
    }

    /**
     * Allows to query a set of records that match the specified conditions
     *
     * @param mixed $parameters
     * @return Projet[]
     */
    public static function find($parameters = null)
    {
        return parent::find($parameters);
    }

    /**
     * Allows to query the first record that match the specified conditions
     *
     * @param mixed $parameters
     * @return Projet
     */
    public static function findFirst($parameters = null)
    {
        return parent::findFirst($parameters);
    }

    public function toString()
    {
        return $this->nom;
    }

    //Return a string containing the principal content of the model
    public function getPrincipal()
    {
        return "Client : " . $this->client->toString() . " <br/> Desciption : " . $this->description;
    }


    //R�cup�re la couleur dominante de l'image du profil
    public function getDominantColor()
    {
        $rTotal = 0;
        $gTotal = 0;
        $bTotal = 0;
        $total = 0;


        $i = imagecreatefrompng($this->getImage());

        for ($x = 0; $x < imagesx($i); $x++) {
            for ($y = 0; $y < imagesy($i); $y++) {

                $rgb = imagecolorat($i, $x, $y);
                $r = ($rgb >> 16) & 0xFF;
                $g = ($rgb >> 8) & 0xFF;
                $b = $rgb & 0xFF;

                $rTotal += $r;
                $gTotal += $g;
                $bTotal += $b;
                $total++;

            }
        }
        $rTotal = round($rTotal / $total);
        $gTotal = round($gTotal / $total);
        $bTotal = round($bTotal / $total);

        $tabColor = ["r" => $rTotal, "g" => $gTotal, "b" => $bTotal];
        return $tabColor;
    }

    //Converti l'image de profil afin de pouvoir l'analyser.

    public function imageCreateFromAny()
    {
        $img = $this->getImage();
        $type = getImageSize($img); // [] if you don't have exif you could use getImageSize()
        $allowedTypes = array(
            1,  // [] gif
            2,  // [] jpg
            3,  // [] png
            6   // [] bmp
        );
        if (!in_array($type, $allowedTypes)) {
            return false;
        }
        $im = null;
        switch ($type) {
            case 1 :
switch ($selector) {
    case "A": //right
        doSomething();
        break;
    case "B" : //wrong
        doSomethingElse();
        break;
}
                $im = imageCreateFromGif($img);
                break;
            case 2 :
switch ($selector) {
    case "A": //right
        doSomething();
        break;
    case "B" : //wrong
        doSomethingElse();
        break;
}
                $im = imageCreateFromJpeg($img);
                break;
            case 3 :
switch ($selector) {
    case "A": //right
        doSomething();
        break;
    case "B" : //wrong
        doSomethingElse();
        break;
}
                $im = imageCreateFromPng($img);
                break;
            case 6 :
switch ($selector) {
    case "A": //right
        doSomething();
        break;
    case "B" : //wrong
        doSomethingElse();
        break;
}
                $im = imageCreateFromBmp($img);
                break;
        }
        return $im;
    }


}


1			<?php
2
3			class Projet extends \Phalcon\Mvc\Model
			0 ignored issues – show Coding Style Compatibility introduced 2015-12-01 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
4			{
5
6			/**
7			*
8			* @var integer
9			*/
10			protected $id;
11
12			/**
13			*
14			* @var string
15			*/
16			protected $nom;
17
18			/**
19			*
20			* @var string
21			*/
22			protected $description;
23
24			/**
25			*
26			* @var string
27			*/
28			protected $dateLancement;
29
30			/**
31			*
32			* @var string
33			*/
34			protected $dateFinPrevue;
35
36			/**
37			*
38			* @var string
39			*/
40			protected $image;
41
42			/**
43			*
44			* @var integer
45			*/
46			protected $idClient;
47
48			/**
49			* Method to set the value of field id
50			*
51			* @param integer $id
52			* @return $this
53			*/
54			public function setId($id)
55			{
56			$this->id = $id;
57
58			return $this;
59			}
60
61			/**
62			* Method to set the value of field nom
63			*
64			* @param string $nom
65			* @return $this
66			*/
67			public function setNom($nom)
68			{
69			$this->nom = $nom;
70
71			return $this;
72			}
73
74			/**
75			* Method to set the value of field description
76			*
77			* @param string $description
78			* @return $this
79			*/
80			public function setDescription($description)
81			{
82			$this->description = $description;
83
84			return $this;
85			}
86
87			/**
88			* Method to set the value of field dateLancement
89			*
90			* @param string $dateLancement
91			* @return $this
92			*/
93			public function setDateLancement($dateLancement)
94			{
95			$this->dateLancement = $dateLancement;
96
97			return $this;
98			}
99
100			/**
101			* Method to set the value of field dateFinPrevue
102			*
103			* @param string $dateFinPrevue
104			* @return $this
105			*/
106			public function setDateFinPrevue($dateFinPrevue)
107			{
108			$this->dateFinPrevue = $dateFinPrevue;
109
110			return $this;
111			}
112
113			/**
114			* Method to set the value of field image
115			*
116			* @param string $image
117			* @return $this
118			*/
119			public function setImage($image)
120			{
121			$this->image = $image;
122
123			return $this;
124			}
125
126			/**
127			* Method to set the value of field idClient
128			*
129			* @param integer $idClient
130			* @return $this
131			*/
132			public function setIdClient($idClient)
133			{
134			$this->idClient = $idClient;
135
136			return $this;
137			}
138
139			/**
140			* Returns the value of field id
141			*
142			* @return integer
143			*/
144			public function getId()
145			{
146			return $this->id;
147			}
148
149			/**
150			* Returns the value of field nom
151			*
152			* @return string
153			*/
154			public function getNom()
155			{
156			return $this->nom;
157			}
158
159			/**
160			* Returns the value of field description
161			*
162			* @return string
163			*/
164			public function getDescription()
165			{
166			return $this->description;
167			}
168
169			/**
170			* Returns the value of field dateLancement
171			*
172			* @return string
173			*/
174			public function getDateLancement()
175			{
176			return $this->dateLancement;
177			}
178
179			/**
180			* Returns the value of field dateFinPrevue
181			*
182			* @return string
183			*/
184			public function getDateFinPrevue()
185			{
186			return $this->dateFinPrevue;
187			}
188
189			/**
190			* Returns the value of field image
191			*
192			* @return string
193			*/
194			public function getImage()
195			{
196			return $this->image;
197			}
198
199			/**
200			* Returns the value of field idClient
201			*
202			* @return integer
203			*/
204			public function getIdClient()
205			{
206			return $this->idClient;
207			}
208
209			/**
210			* Initialize method for model.
211			*/
212			public function initialize()
213			{
214			$this->hasMany('id', 'Message', 'idProjet', array('alias' => 'Messages'));
215			$this->hasMany('id', 'Usecase', 'idProjet', array('alias' => 'Usecase'));
216			$this->belongsTo('idClient', 'User', 'id', array('alias' => 'Client'));
217			}
218
219			/**
220			* Returns table name mapped in the model.
221			*
222			* @return string
223			*/
224			public function getSource()
225			{
226			return 'projet';
227			}
228
229			/**
230			* Allows to query a set of records that match the specified conditions
231			*
232			* @param mixed $parameters
233			* @return Projet[]
234			*/
235			public static function find($parameters = null)
236			{
237			return parent::find($parameters);
238			}
239
240			/**
241			* Allows to query the first record that match the specified conditions
242			*
243			* @param mixed $parameters
244			* @return Projet
245			*/
246			public static function findFirst($parameters = null)
247			{
248			return parent::findFirst($parameters);
249			}
250
251			public function toString()
252			{
253			return $this->nom;
254			}
255
256			//Return a string containing the principal content of the model
257			public function getPrincipal()
258			{
259			return "Client : " . $this->client->toString() . " <br/> Desciption : " . $this->description;
260			}
261
262
263			//R�cup�re la couleur dominante de l'image du profil
264			public function getDominantColor()
265			{
266			$rTotal = 0;
267			$gTotal = 0;
268			$bTotal = 0;
269			$total = 0;
270
271
272			$i = imagecreatefrompng($this->getImage());
273
274			for ($x = 0; $x < imagesx($i); $x++) {
275			for ($y = 0; $y < imagesy($i); $y++) {
276
277			$rgb = imagecolorat($i, $x, $y);
278			$r = ($rgb >> 16) & 0xFF;
279			$g = ($rgb >> 8) & 0xFF;
280			$b = $rgb & 0xFF;
281
282			$rTotal += $r;
283			$gTotal += $g;
284			$bTotal += $b;
285			$total++;
286
287			}
288			}
289			$rTotal = round($rTotal / $total);
290			$gTotal = round($gTotal / $total);
291			$bTotal = round($bTotal / $total);
292
293			$tabColor = ["r" => $rTotal, "g" => $gTotal, "b" => $bTotal];
294			return $tabColor;
295			}
296
297			//Converti l'image de profil afin de pouvoir l'analyser.
298
299			public function imageCreateFromAny()
300			{
301			$img = $this->getImage();
302			$type = getImageSize($img); // [] if you don't have exif you could use getImageSize()
303			$allowedTypes = array(
304			1, // [] gif
305			2, // [] jpg
306			3, // [] png
307			6 // [] bmp
308			);
309			if (!in_array($type, $allowedTypes)) {
310			return false;
311			}
312			$im = null;
313			switch ($type) {
314			case 1 :
			0 ignored issues – show Coding Style introduced 2015-12-01 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be no space before the colon in a CASE statement As per the PSR-2 coding standard, there must not be a space in front of the colon in case statements. switch ($selector) { case "A": //right doSomething(); break; case "B" : //wrong doSomethingElse(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
315			$im = imageCreateFromGif($img);
316			break;
317			case 2 :
			0 ignored issues – show Coding Style introduced 2015-12-01 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be no space before the colon in a CASE statement As per the PSR-2 coding standard, there must not be a space in front of the colon in case statements. switch ($selector) { case "A": //right doSomething(); break; case "B" : //wrong doSomethingElse(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
318			$im = imageCreateFromJpeg($img);
319			break;
320			case 3 :
			0 ignored issues – show Coding Style introduced 2015-12-01 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be no space before the colon in a CASE statement As per the PSR-2 coding standard, there must not be a space in front of the colon in case statements. switch ($selector) { case "A": //right doSomething(); break; case "B" : //wrong doSomethingElse(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
321			$im = imageCreateFromPng($img);
322			break;
323			case 6 :
			0 ignored issues – show Coding Style introduced 2015-12-01 16:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this There must be no space before the colon in a CASE statement As per the PSR-2 coding standard, there must not be a space in front of the colon in case statements. switch ($selector) { case "A": //right doSomething(); break; case "B" : //wrong doSomethingElse(); break; } To learn more about the PSR-2 coding standard, please refer to the PHP-Fig. Loading history...
324			$im = imageCreateFromBmp($img);
325			break;
326			}
327			return $im;
328			}
329
330
331			}
332

Luctum / Increase

Issues (48)

Security Analysis not enabled

app/models/Projet.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like