Issues in Conditions.php (master) - Issues in master - Maslosoft/Mangan - Measure and Improve Code Quality continuously with Scrutinizer

Issues (28)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Criteria/Conditions.php (6 issues)

Labels

Unused Code 6

Severity

Minor 6

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * This software package is licensed under AGPL or Commercial license.
 *
 * @package maslosoft/mangan
 * @licence AGPL or Commercial
 * @copyright Copyright (c) Piotr Masełkowski <[email protected]>
 * @copyright Copyright (c) Maslosoft
 * @copyright Copyright (c) Others as mentioned in code
 * @link https://maslosoft.com/mangan/
 */

namespace Maslosoft\Mangan\Criteria;

use Maslosoft\Addendum\Interfaces\AnnotatedInterface;
use Maslosoft\Mangan\Criteria;

/**
 * Conditions builder helper class. This exposes fluid interface for building complex queries.
 *
 * Building complex queries can lead to (semi) manually constructing deeply nested array of conditions,
 * which is both unreadable and unreliable, espacially when user with `$or`, `$and`, `$not` etc.
 *
 * This class is meant to overcome this issue, by providing fluid, cascading interface.
 *
 * Example for simple query, let's find `visits` larger than 30 and lesser than 100:
 * 
 * ```php
 * $conditions = new Conditions($model)
 * $conditions->visits->gt(30)->lt(100);
 * ```
 *
 * However real improvement comes when used with more complex query. In this example we
 * search for `visits` greater than 10 and lesser than 200 or greater than 100 and
 * lesser than 200, where `active` is true:
 *
 * ```php
 * $c1 = new Conditions($model);
 * $c1->visits->gt(10)->lt(20);
 *
 * $c2->visits->gt(100)->lt(200);
 *
 * $condtions = new Conditions($model);
 * $conditions->active = true;
 *
 * $conditions->or($c1, $c2);
 * ```
 *
 * In above example mongodb conditions array is quite verbose and depth, however
 * with `Conditions` class it is fairly clean and easy to create it.
 *
 * When conditions setup is finished, this should be passed to `Criteria` by `setCriteria`:
 *
 * ```php
 * $criteria = new Criteria();
 * $criteria->setconditions($conditions);
 * ```
 *
 * Or alternatively it can be passed directly into constructor:
 * ```
 * $criteria = new Criteria($conditions);
 * ```
 *
 * @author Piotr Maselkowski <pmaselkowski at gmail.com>
 */
class Conditions
{

	const FieldName = 1;
	const Operator = 2;
	const Value = 3;

	private $model = null;
	private $criteria = null;
	private $field = '';

	public function __construct(AnnotatedInterface $model)
	{
		$this->criteria = new Criteria(null, $model);
	}

	public function __get($name)
	{
		$this->field = $name;
		return $this;
	}

	public function __set($name, $value)
	{
		$this->field = $name;
		$this->eq($value);
		return $this;
	}

	public function eq($value)
	{
		$this->criteria->addCond($this->field, 'eq', $value);
		return $this;
	}

	public function gt($value)
	{
		$this->criteria->addCond($this->field, 'gt', $value);
		return $this;
	}

	public function gte($value)
	{
		$this->criteria->addCond($this->field, 'gte', $value);
		return $this;
	}

	public function lt($value)
	{
		$this->criteria->addCond($this->field, 'lt', $value);
		return $this;
	}

	public function lte($value)
	{
		$this->criteria->addCond($this->field, 'lte', $value);
		return $this;
	}

	public function ne($value)
	{
		$this->criteria->addCond($this->field, 'ne', $value);
		return $this;
	}

	public function in(array $values)

	{
		return $this;
	}

	public function notIn(array $values)

	{
		return $this;
	}

	/**
	 *
	 * @param Conditions|Conditions[] $conditions
	 * @return Conditions
	 */
	public function addOr($conditions)

	{
		return $this;
	}

	public function addAnd($value)

	{
		return $this;
	}

	public function addNot($value)

	{
		return $this;
	}

	public function addNor($value)

	{
		return $this;
	}

	public function get()
	{
		return $this->criteria->getConditions();
	}

}


1			<?php
2
3			/**
4			* This software package is licensed under AGPL or Commercial license.
5			*
6			* @package maslosoft/mangan
7			* @licence AGPL or Commercial
8			* @copyright Copyright (c) Piotr Masełkowski <[email protected]>
9			* @copyright Copyright (c) Maslosoft
10			* @copyright Copyright (c) Others as mentioned in code
11			* @link https://maslosoft.com/mangan/
12			*/
13
14			namespace Maslosoft\Mangan\Criteria;
15
16			use Maslosoft\Addendum\Interfaces\AnnotatedInterface;
17			use Maslosoft\Mangan\Criteria;
18
19			/**
20			* Conditions builder helper class. This exposes fluid interface for building complex queries.
21			*
22			* Building complex queries can lead to (semi) manually constructing deeply nested array of conditions,
23			* which is both unreadable and unreliable, espacially when user with `$or`, `$and`, `$not` etc.
24			*
25			* This class is meant to overcome this issue, by providing fluid, cascading interface.
26			*
27			* Example for simple query, let's find `visits` larger than 30 and lesser than 100:
28			*
29			* ```php
30			* $conditions = new Conditions($model)
31			* $conditions->visits->gt(30)->lt(100);
32			* ```
33			*
34			* However real improvement comes when used with more complex query. In this example we
35			* search for `visits` greater than 10 and lesser than 200 or greater than 100 and
36			* lesser than 200, where `active` is true:
37			*
38			* ```php
39			* $c1 = new Conditions($model);
40			* $c1->visits->gt(10)->lt(20);
41			*
42			* $c2->visits->gt(100)->lt(200);
43			*
44			* $condtions = new Conditions($model);
45			* $conditions->active = true;
46			*
47			* $conditions->or($c1, $c2);
48			* ```
49			*
50			* In above example mongodb conditions array is quite verbose and depth, however
51			* with `Conditions` class it is fairly clean and easy to create it.
52			*
53			* When conditions setup is finished, this should be passed to `Criteria` by `setCriteria`:
54			*
55			* ```php
56			* $criteria = new Criteria();
57			* $criteria->setconditions($conditions);
58			* ```
59			*
60			* Or alternatively it can be passed directly into constructor:
61			* ```
62			* $criteria = new Criteria($conditions);
63			* ```
64			*
65			* @author Piotr Maselkowski <pmaselkowski at gmail.com>
66			*/
67			class Conditions
68			{
69
70			const FieldName = 1;
71			const Operator = 2;
72			const Value = 3;
73
74			private $model = null;
75			private $criteria = null;
76			private $field = '';
77
78			public function __construct(AnnotatedInterface $model)
79			{
80			$this->criteria = new Criteria(null, $model);
81			}
82
83			public function __get($name)
84			{
85			$this->field = $name;
86			return $this;
87			}
88
89			public function __set($name, $value)
90			{
91			$this->field = $name;
92			$this->eq($value);
93			return $this;
94			}
95
96			public function eq($value)
97			{
98			$this->criteria->addCond($this->field, 'eq', $value);
99			return $this;
100			}
101
102			public function gt($value)
103			{
104			$this->criteria->addCond($this->field, 'gt', $value);
105			return $this;
106			}
107
108			public function gte($value)
109			{
110			$this->criteria->addCond($this->field, 'gte', $value);
111			return $this;
112			}
113
114			public function lt($value)
115			{
116			$this->criteria->addCond($this->field, 'lt', $value);
117			return $this;
118			}
119
120			public function lte($value)
121			{
122			$this->criteria->addCond($this->field, 'lte', $value);
123			return $this;
124			}
125
126			public function ne($value)
127			{
128			$this->criteria->addCond($this->field, 'ne', $value);
129			return $this;
130			}
131
132			public function in(array $values)
			0 ignored issues – show Unused Code introduced 2017-09-08 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$values` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
133			{
134			return $this;
135			}
136
137			public function notIn(array $values)
			0 ignored issues – show Unused Code introduced 2017-09-08 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$values` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
138			{
139			return $this;
140			}
141
142			/**
143			*
144			* @param Conditions\|Conditions[] $conditions
145			* @return Conditions
146			*/
147			public function addOr($conditions)
			0 ignored issues – show Unused Code introduced 2017-09-08 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$conditions` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
148			{
149			return $this;
150			}
151
152			public function addAnd($value)
			0 ignored issues – show Unused Code introduced 2017-09-08 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$value` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
153			{
154			return $this;
155			}
156
157			public function addNot($value)
			0 ignored issues – show Unused Code introduced 2017-09-08 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$value` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
158			{
159			return $this;
160			}
161
162			public function addNor($value)
			0 ignored issues – show Unused Code introduced 2017-09-08 12:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$value` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
163			{
164			return $this;
165			}
166
167			public function get()
168			{
169			return $this->criteria->getConditions();
170			}
171
172			}
173

Maslosoft / Mangan

Issues (28)

Security Analysis no request data

src/Criteria/Conditions.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like