Issues in Fractal.php (master) - Issues in master - NavJobs/transmit - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Fractal.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace NavJobs\Transmit;

use League\Fractal\Manager;
use League\Fractal\ParamBag;
use League\Fractal\Pagination\PaginatorInterface;
use League\Fractal\Serializer\SerializerAbstract;
use NavJobs\Transmit\Exceptions\InvalidTransformation;
use NavJobs\Transmit\Exceptions\NoTransformerSpecified;

class Fractal
{
    /**
     * @var \League\Fractal\Manager
     */
    protected $manager;

    /**
     * @var \League\Fractal\Serializer\SerializerAbstract
     */
    protected $serializer;

    /**
     * @var \League\Fractal\TransformerAbstract|Callable
     */
    protected $transformer;

    /**
     * @var \League\Fractal\Pagination\PaginatorInterface
     */
    protected $paginator;

    /**
     * @var array
     */
    protected $includes = [];

    /**
     * Array containing modifiers as keys and an array value of params.
     *
     * @var array
     */
    protected $includeParams = [];

    /**
     * @var string
     */
    protected $dataType;

    /**
     * @var mixed
     */
    protected $data;

    /**
     * @var string
     */
    protected $resourceName;

    /**
     * @var array
     */
    protected $meta = [];

    /**
     * @param \League\Fractal\Manager $manager
     */
    public function __construct(Manager $manager)
    {
        $this->manager = $manager;
    }

    /**
     * Set the collection data that must be transformed.
     *
     * @param mixed                                             $data
     * @param \League\Fractal\TransformerAbstract|Callable|null $transformer
     * @param string|null                                       $resourceName
     *
     * @return $this
     */
    public function collection($data, $transformer = null, $resourceName = null)

    {
        $this->resourceName = $resourceName;

        if ($transformer) {
            $this->transformWith($transformer);
        }

        return $this->data('collection', $data, $transformer);
    }

    /**
     * Set the item data that must be transformed.
     *
     * @param mixed                                             $data
     * @param \League\Fractal\TransformerAbstract|Callable|null $transformer
     * @param string|null                                       $resourceName
     *
     * @return $this
     */
    public function item($data, $transformer = null, $resourceName = null)

    {
        $this->resourceName = $resourceName;

        if ($transformer) {
            $this->transformWith($transformer);
        }

        return $this->data('item', $data, $transformer);
    }

    /**
     * Set the data that must be transformed.
     *
     * @param string                                            $dataType
     * @param mixed                                             $data
     * @param \League\Fractal\TransformerAbstract|Callable|null $transformer
     *
     * @return $this
     */
    protected function data($dataType, $data, $transformer = null)
    {
        $this->dataType = $dataType;

        $this->data = $data;

        if (!is_null($transformer)) {
            $this->transformer = $transformer;
        }

        return $this;
    }

    /**
     * Set the class or function that will perform the transform.
     *
     * @param \League\Fractal\TransformerAbstract|Callable $transformer
     *
     * @return $this
     */
    public function transformWith($transformer)
    {
        $this->transformer = $transformer;

        return $this;
    }

    /**
     * Set a Fractal paginator for the data.
     *
     * @param \League\Fractal\Pagination\PaginatorInterface $paginator
     *
     * @return $this
     */
    public function paginateWith(PaginatorInterface $paginator)
    {
        $this->paginator = $paginator;

        return $this;
    }

    /**
     * Specify the includes.
     *
     * @param array|string $includes Array or csv string of resources to include
     *
     * @return $this
     */
    public function parseIncludes($includes)
    {
        if (!$includes) {
            return $this;
        }

        if (is_string($includes)) {

            $includes = array_map(function ($value) {
                return trim($value);
            },  explode(',', $includes));
        }

        $this->includes = array_merge($this->includes, (array)$includes);
        $this->manager->parseIncludes($this->includes);
        $this->parseIncludeParams();

        return $this;
    }

    /**
     * @return $this|void
     */
    public function parseIncludeParams()
    {
        if (!$this->includes) {

            return $this;
        }

        foreach ($this->includes as $include) {
            list($includeName, $allModifiersStr) = array_pad(explode(':', $include, 2), 2, null);

            // No Params? Bored
            if ($allModifiersStr === null) {
                continue;
            }

            // Matches multiple instances of 'something(foo|bar|baz)' in the string
            // I guess it ignores : so you could use anything, but probably don't do that
            preg_match_all('/([\w]+)(\(([^\)]+)\))?/', $allModifiersStr, $allModifiersArr);

            // [0] is full matched strings...
            $modifierCount = count($allModifiersArr[0]);

            $modifierArr = [];

            for ($modifierIt = 0; $modifierIt < $modifierCount; $modifierIt++) {
                // [1] is the modifier
                $modifierName = $allModifiersArr[1][$modifierIt];

                // and [3] is delimited params
                // Make modifier array key with the parameter as the value
                $modifierArr[$modifierName] = $allModifiersArr[3][$modifierIt];
            }

            $this->includeParams[$includeName] = $modifierArr;
        }

        return $this;
    }

    /**
     * Get Include Params.
     *
     * @param string $include
     *
     * @return \League\Fractal\ParamBag|null
     */
    public function getIncludeParams($include)
    {
        if (! isset($this->includeParams[$include])) {
            return;
        }

        $params = $this->includeParams[$include];

        return new ParamBag($params);
    }

    /**
     * Support for magic methods to included data.
     *
     * @param string $name
     * @param array  $arguments
     *
     * @return $this
     */
    public function __call($name, array $arguments)
    {
        if (method_exists($this->manager, $name)) {
            return call_user_func_array([$this->manager, $name], $arguments);
        }

        if (!starts_with($name, 'include')) {
            trigger_error('Call to undefined method '.__CLASS__.'::'.$name.'()', E_USER_ERROR);
        }

        $includeName = lcfirst(substr($name, strlen('include')));

        return $this->parseIncludes($includeName);
    }

    /**
     * Set the serializer to be used.
     *
     * @param \League\Fractal\Serializer\SerializerAbstract $serializer
     *
     * @return $this
     */
    public function serializeWith(SerializerAbstract $serializer)
    {
        $this->serializer = $serializer;

        return $this;
    }

    /**
     * Set the meta data.
     * @return $this
     * @internal param $array
     *
     */
    public function addMeta()
    {
        foreach (func_get_args() as $meta) {
            if (is_array($meta)) {
                $this->meta += $meta;
            }
        }

        return $this;
    }

    /**
     * Set the resource name, to replace 'data' as the root of the collection or item.
     *
     * @param string $resourceName
     *
     * @return $this
     */
    public function resourceName($resourceName)
    {
        $this->resourceName = $resourceName;

        return $this;
    }

    /**
     * Perform the transformation to json.
     *
     * @return string
     */
    public function toJson()
    {
        return $this->transform('toJson');
    }

    /**
     * Perform the transformation to array.
     *
     * @return array
     */
    public function toArray()
    {
        return $this->transform('toArray');
    }

    /**
     *  Perform the transformation.
     *
     * @param string $conversionMethod
     *
     * @return string|array
     */
    protected function transform($conversionMethod)
    {
        $fractalData = $this->createData();

        return $fractalData->$conversionMethod();
    }

    /**
     * Create fractal data.
     */
    public function createData()
    {
        if (is_null($this->transformer)) {
            throw new NoTransformerSpecified();
        }

        if (!is_null($this->serializer)) {
            $this->manager->setSerializer($this->serializer);
        }

        $resource = $this->getResource();

        return $this->manager->createData($resource);
    }

    /**
     * Get the resource.
     */
    public function getResource()
    {
        $resourceClass = 'League\\Fractal\\Resource\\'.ucfirst($this->dataType);

        if (!class_exists($resourceClass)) {
            throw new InvalidTransformation();
        }

        $resource = new $resourceClass($this->data, $this->transformer, $this->resourceName);

        $resource->setMeta($this->meta);

        if (!is_null($this->paginator)) {
            $resource->setPaginator($this->paginator);
        }

        return $resource;
    }
}


1		<?php
2
3		namespace NavJobs\Transmit;
4
5		use League\Fractal\Manager;
6		use League\Fractal\ParamBag;
7		use League\Fractal\Pagination\PaginatorInterface;
8		use League\Fractal\Serializer\SerializerAbstract;
9		use NavJobs\Transmit\Exceptions\InvalidTransformation;
10		use NavJobs\Transmit\Exceptions\NoTransformerSpecified;
11
12		class Fractal
13		{
14		/**
15		* @var \League\Fractal\Manager
16		*/
17		protected $manager;
18
19		/**
20		* @var \League\Fractal\Serializer\SerializerAbstract
21		*/
22		protected $serializer;
23
24		/**
25		* @var \League\Fractal\TransformerAbstract\|Callable
26		*/
27		protected $transformer;
28
29		/**
30		* @var \League\Fractal\Pagination\PaginatorInterface
31		*/
32		protected $paginator;
33
34		/**
35		* @var array
36		*/
37		protected $includes = [];
38
39		/**
40		* Array containing modifiers as keys and an array value of params.
41		*
42		* @var array
43		*/
44		protected $includeParams = [];
45
46		/**
47		* @var string
48		*/
49		protected $dataType;
50
51		/**
52		* @var mixed
53		*/
54		protected $data;
55
56		/**
57		* @var string
58		*/
59		protected $resourceName;
60
61		/**
62		* @var array
63		*/
64		protected $meta = [];
65
66		/**
67		* @param \League\Fractal\Manager $manager
68		*/
69		public function __construct(Manager $manager)
70		{
71		$this->manager = $manager;
72		}
73
74		/**
75		* Set the collection data that must be transformed.
76		*
77		* @param mixed $data
78		* @param \League\Fractal\TransformerAbstract\|Callable\|null $transformer
79		* @param string\|null $resourceName
80		*
81		* @return $this
82		*/
83	View Code Duplication	public function collection($data, $transformer = null, $resourceName = null)
		0 ignored issues – show Duplication introduced 2016-01-14 18:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
84		{
85		$this->resourceName = $resourceName;
86
87		if ($transformer) {
88		$this->transformWith($transformer);
89		}
90
91		return $this->data('collection', $data, $transformer);
92		}
93
94		/**
95		* Set the item data that must be transformed.
96		*
97		* @param mixed $data
98		* @param \League\Fractal\TransformerAbstract\|Callable\|null $transformer
99		* @param string\|null $resourceName
100		*
101		* @return $this
102		*/
103	View Code Duplication	public function item($data, $transformer = null, $resourceName = null)
		0 ignored issues – show Duplication introduced 2016-01-14 18:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
104		{
105		$this->resourceName = $resourceName;
106
107		if ($transformer) {
108		$this->transformWith($transformer);
109		}
110
111		return $this->data('item', $data, $transformer);
112		}
113
114		/**
115		* Set the data that must be transformed.
116		*
117		* @param string $dataType
118		* @param mixed $data
119		* @param \League\Fractal\TransformerAbstract\|Callable\|null $transformer
120		*
121		* @return $this
122		*/
123		protected function data($dataType, $data, $transformer = null)
124		{
125		$this->dataType = $dataType;
126
127		$this->data = $data;
128
129		if (!is_null($transformer)) {
130		$this->transformer = $transformer;
131		}
132
133		return $this;
134		}
135
136		/**
137		* Set the class or function that will perform the transform.
138		*
139		* @param \League\Fractal\TransformerAbstract\|Callable $transformer
140		*
141		* @return $this
142		*/
143		public function transformWith($transformer)
144		{
145		$this->transformer = $transformer;
146
147		return $this;
148		}
149
150		/**
151		* Set a Fractal paginator for the data.
152		*
153		* @param \League\Fractal\Pagination\PaginatorInterface $paginator
154		*
155		* @return $this
156		*/
157		public function paginateWith(PaginatorInterface $paginator)
158		{
159		$this->paginator = $paginator;
160
161		return $this;
162		}
163
164		/**
165		* Specify the includes.
166		*
167		* @param array\|string $includes Array or csv string of resources to include
168		*
169		* @return $this
170		*/
171		public function parseIncludes($includes)
172		{
173		if (!$includes) {
174		return $this;
175		}
176
177	View Code Duplication	if (is_string($includes)) {
		0 ignored issues – show Duplication introduced 2016-01-14 18:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
178		$includes = array_map(function ($value) {
179		return trim($value);
180		}, explode(',', $includes));
181		}
182
183		$this->includes = array_merge($this->includes, (array)$includes);
184		$this->manager->parseIncludes($this->includes);
185		$this->parseIncludeParams();
186
187		return $this;
188		}
189
190		/**
191		* @return $this\|void
192		*/
193		public function parseIncludeParams()
194		{
195		if (!$this->includes) {
		0 ignored issues – show Bug Best Practice introduced 2016-01-14 18:42 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->includes` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
196		return $this;
197		}
198
199		foreach ($this->includes as $include) {
200		list($includeName, $allModifiersStr) = array_pad(explode(':', $include, 2), 2, null);
201
202		// No Params? Bored
203		if ($allModifiersStr === null) {
204		continue;
205		}
206
207		// Matches multiple instances of 'something(foo\|bar\|baz)' in the string
208		// I guess it ignores : so you could use anything, but probably don't do that
209		preg_match_all('/([\w]+)(\(([^\)]+)\))?/', $allModifiersStr, $allModifiersArr);
210
211		// [0] is full matched strings...
212		$modifierCount = count($allModifiersArr[0]);
213
214		$modifierArr = [];
215
216		for ($modifierIt = 0; $modifierIt < $modifierCount; $modifierIt++) {
217		// [1] is the modifier
218		$modifierName = $allModifiersArr[1][$modifierIt];
219
220		// and [3] is delimited params
221		// Make modifier array key with the parameter as the value
222		$modifierArr[$modifierName] = $allModifiersArr[3][$modifierIt];
223		}
224
225		$this->includeParams[$includeName] = $modifierArr;
226		}
227
228		return $this;
229		}
230
231		/**
232		* Get Include Params.
233		*
234		* @param string $include
235		*
236		* @return \League\Fractal\ParamBag\|null
237		*/
238		public function getIncludeParams($include)
239		{
240		if (! isset($this->includeParams[$include])) {
241		return;
242		}
243
244		$params = $this->includeParams[$include];
245
246		return new ParamBag($params);
247		}
248
249		/**
250		* Support for magic methods to included data.
251		*
252		* @param string $name
253		* @param array $arguments
254		*
255		* @return $this
256		*/
257		public function __call($name, array $arguments)
258		{
259		if (method_exists($this->manager, $name)) {
260		return call_user_func_array([$this->manager, $name], $arguments);
261		}
262
263		if (!starts_with($name, 'include')) {
264		trigger_error('Call to undefined method '.__CLASS__.'::'.$name.'()', E_USER_ERROR);
265		}
266
267		$includeName = lcfirst(substr($name, strlen('include')));
268
269		return $this->parseIncludes($includeName);
270		}
271
272		/**
273		* Set the serializer to be used.
274		*
275		* @param \League\Fractal\Serializer\SerializerAbstract $serializer
276		*
277		* @return $this
278		*/
279		public function serializeWith(SerializerAbstract $serializer)
280		{
281		$this->serializer = $serializer;
282
283		return $this;
284		}
285
286		/**
287		* Set the meta data.
288		* @return $this
289		* @internal param $array
290		*
291		*/
292		public function addMeta()
293		{
294		foreach (func_get_args() as $meta) {
295		if (is_array($meta)) {
296		$this->meta += $meta;
297		}
298		}
299
300		return $this;
301		}
302
303		/**
304		* Set the resource name, to replace 'data' as the root of the collection or item.
305		*
306		* @param string $resourceName
307		*
308		* @return $this
309		*/
310		public function resourceName($resourceName)
311		{
312		$this->resourceName = $resourceName;
313
314		return $this;
315		}
316
317		/**
318		* Perform the transformation to json.
319		*
320		* @return string
321		*/
322		public function toJson()
323		{
324		return $this->transform('toJson');
325		}
326
327		/**
328		* Perform the transformation to array.
329		*
330		* @return array
331		*/
332		public function toArray()
333		{
334		return $this->transform('toArray');
335		}
336
337		/**
338		* Perform the transformation.
339		*
340		* @param string $conversionMethod
341		*
342		* @return string\|array
343		*/
344		protected function transform($conversionMethod)
345		{
346		$fractalData = $this->createData();
347
348		return $fractalData->$conversionMethod();
349		}
350
351		/**
352		* Create fractal data.
353		*/
354		public function createData()
355		{
356		if (is_null($this->transformer)) {
357		throw new NoTransformerSpecified();
358		}
359
360		if (!is_null($this->serializer)) {
361		$this->manager->setSerializer($this->serializer);
362		}
363
364		$resource = $this->getResource();
365
366		return $this->manager->createData($resource);
367		}
368
369		/**
370		* Get the resource.
371		*/
372		public function getResource()
373		{
374		$resourceClass = 'League\\Fractal\\Resource\\'.ucfirst($this->dataType);
375
376		if (!class_exists($resourceClass)) {
377		throw new InvalidTransformation();
378		}
379
380		$resource = new $resourceClass($this->data, $this->transformer, $this->resourceName);
381
382		$resource->setMeta($this->meta);
383
384		if (!is_null($this->paginator)) {
385		$resource->setPaginator($this->paginator);
386		}
387
388		return $resource;
389		}
390		}
391

NavJobs / transmit

Issues (9)

Security Analysis not enabled

src/Fractal.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like