This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | namespace Onurb\Bundle\YumlBundle\Yuml; |
||
4 | |||
5 | use Doctrine\Common\Persistence\Mapping\ClassMetadata; |
||
6 | use Doctrine\Common\Persistence\Mapping\ClassMetadataFactory as ClassMetadataFactoryInterface; |
||
7 | use Doctrine\ORM\EntityManagerInterface; |
||
8 | use Doctrine\ORM\Mapping\ClassMetadataFactory; |
||
9 | use Onurb\Bundle\YumlBundle\Curl\Curl; |
||
10 | use Onurb\Bundle\YumlBundle\Curl\CurlInterface; |
||
11 | use Onurb\Doctrine\ORMMetadataGrapher\YUMLMetadataGrapher as MetadataGrapher; |
||
12 | use Onurb\Doctrine\ORMMetadataGrapher\YUMLMetadataGrapherInterface as MetadataGrapherInterface; |
||
13 | |||
14 | /** |
||
15 | * Utility to generate Yuml compatible strings from metadata graphs |
||
16 | * Adaptation of DoctrineORMModule\Yuml\YumlController for ZendFramework-Zend-Developer-Tools |
||
17 | * |
||
18 | * @license MIT |
||
19 | * @link http://www.doctrine-project.org/ |
||
20 | * @author Bruno Heron <[email protected]> |
||
21 | * @author Marco Pivetta <[email protected]> |
||
22 | **/ |
||
23 | class YumlClient implements YumlClientInterface |
||
24 | { |
||
25 | const YUML_POST_URL = 'https://yuml.me/diagram/%STYLE%/class'; |
||
26 | const YUML_REDIRECT_URL = 'https://yuml.me/'; |
||
27 | |||
28 | protected $entityManager; |
||
29 | |||
30 | protected $metadataFactory; |
||
31 | |||
32 | protected $metadataGrapher; |
||
33 | |||
34 | /** |
||
35 | * @param EntityManagerInterface $entityManager |
||
36 | * @param ClassMetadataFactoryInterface|null $classMetadataFactory |
||
37 | * @param MetadataGrapherInterface|null $metadataGrapher |
||
38 | */ |
||
39 | 4 | public function __construct( |
|
40 | EntityManagerInterface $entityManager, |
||
41 | ClassMetadataFactoryInterface $classMetadataFactory = null, |
||
42 | MetadataGrapherInterface $metadataGrapher = null |
||
43 | ) { |
||
44 | 4 | $this->entityManager = $entityManager; |
|
45 | 4 | $this->metadataFactory = $classMetadataFactory ? $classMetadataFactory : new ClassMetadataFactory(); |
|
46 | 4 | $this->metadataFactory->setEntityManager($this->entityManager); |
|
0 ignored issues
–
show
|
|||
47 | 4 | $this->metadataGrapher = $metadataGrapher ? $metadataGrapher : new MetadataGrapher(); |
|
48 | 4 | } |
|
49 | |||
50 | |||
51 | /** |
||
52 | * Get doctrine metadata as yuml. |
||
53 | * |
||
54 | * @param bool $showDetail |
||
55 | * @param array $colors |
||
56 | * @param array $notes |
||
57 | * @return string |
||
58 | */ |
||
59 | 1 | public function makeDslText($showDetail = false, $colors = array(), $notes = array()) |
|
60 | { |
||
61 | 1 | return $this->metadataGrapher->generateFromMetadata( |
|
62 | 1 | $this->getClasses(), |
|
63 | 1 | $showDetail, |
|
64 | 1 | $colors, |
|
65 | 1 | $notes |
|
66 | ); |
||
67 | } |
||
68 | |||
69 | /** |
||
70 | * Use yuml.me to generate an image from yuml. |
||
71 | * |
||
72 | * @param string $dsl_text |
||
73 | * @param string $style the yuml style plain, boring or scruffy |
||
74 | * @param string $extension the file extension to redirect to |
||
75 | * @param string $direction the direction of the graph (LR,RL, TB) |
||
76 | * @param string $scale the graph scale : huge, big, normal, small or tiny. |
||
77 | * |
||
78 | * @return string The url of the generated image. |
||
79 | */ |
||
80 | 1 | public function getGraphUrl($dsl_text, $style, $extension, $direction, $scale) |
|
81 | { |
||
82 | 1 | $curl = new Curl($this->makePostUrl($style, $direction, $scale)); |
|
83 | 1 | $curl->setPosts(array('dsl_text' => $dsl_text)); |
|
84 | |||
85 | 1 | return self::YUML_REDIRECT_URL . $this->makeExtensionUrl($curl->getResponse(), $extension); |
|
86 | } |
||
87 | |||
88 | /** |
||
89 | * @param string $graphUrl |
||
90 | * @param string $filename |
||
91 | * @return mixed |
||
92 | */ |
||
93 | 1 | public function downloadImage($graphUrl, $filename, CurlInterface $curl = null) |
|
94 | { |
||
95 | 1 | $curl = $curl ? $curl : new Curl($graphUrl); |
|
96 | 1 | $curl->setOutput($filename); |
|
97 | |||
98 | 1 | return $curl->getResponse(); |
|
99 | } |
||
100 | |||
101 | /** |
||
102 | * @return ClassMetadata[] |
||
103 | */ |
||
104 | 1 | private function getMetadata() |
|
105 | { |
||
106 | 1 | return $this->metadataFactory->getAllMetadata(); |
|
107 | } |
||
108 | |||
109 | /** |
||
110 | * @return array |
||
111 | */ |
||
112 | 1 | private function getClasses() |
|
113 | { |
||
114 | 1 | $classes = array(); |
|
115 | /** @var ClassMetadata $class */ |
||
116 | 1 | foreach ($this->getMetadata() as $class) { |
|
117 | 1 | $classes[$class->getName()] = $class; |
|
118 | } |
||
119 | 1 | ksort($classes); |
|
120 | |||
121 | 1 | return $classes; |
|
122 | } |
||
123 | |||
124 | /** |
||
125 | * @param string $style |
||
126 | * @return string |
||
127 | */ |
||
128 | 1 | private function makePostUrl($style, $direction, $scale) |
|
129 | { |
||
130 | 1 | return str_replace('%STYLE%', $this->makeStyle($style, $direction, $scale), self::YUML_POST_URL); |
|
131 | } |
||
132 | |||
133 | /** |
||
134 | * @param string $return |
||
135 | * @param string $extension |
||
136 | * @return string |
||
137 | */ |
||
138 | 1 | private function makeExtensionUrl($return, $extension) |
|
139 | { |
||
140 | 1 | return explode('.', $return)[0] . '.' . $this->checkExtension($extension); |
|
141 | } |
||
142 | |||
143 | 1 | private function makeStyle($style, $direction, $scale) |
|
144 | { |
||
145 | 1 | return $this->checkStyle($style) . $this->makeDirection($direction) . $this->makeScale($scale); |
|
146 | } |
||
147 | |||
148 | /** |
||
149 | * @param string $direction |
||
150 | * @return string |
||
151 | */ |
||
152 | 1 | private function makeDirection($direction) |
|
153 | { |
||
154 | switch ($direction) { |
||
155 | 1 | case 'LR': |
|
156 | 1 | case 'RL': |
|
157 | 1 | return ';dir:' . $direction; |
|
158 | default: |
||
159 | 1 | return ''; |
|
160 | } |
||
161 | } |
||
162 | |||
163 | /** |
||
164 | * @param string $scale |
||
165 | * @return string |
||
166 | */ |
||
167 | 1 | private function makeScale($scale) |
|
168 | { |
||
169 | switch ($scale) { |
||
170 | 1 | case 'huge': |
|
171 | 1 | return ';scale:180'; |
|
172 | 1 | case 'big': |
|
173 | 1 | return ';scale:120'; |
|
174 | 1 | case 'small': |
|
175 | 1 | return ';scale:80'; |
|
176 | 1 | case 'tiny': |
|
177 | 1 | return ';scale:60'; |
|
178 | default: |
||
179 | 1 | return ''; |
|
180 | } |
||
181 | } |
||
182 | |||
183 | /** |
||
184 | * @param string $extension |
||
185 | * @return string |
||
186 | */ |
||
187 | 1 | private function checkExtension($extension) |
|
188 | { |
||
189 | switch ($extension) { |
||
190 | 1 | case 'jpg': |
|
191 | 1 | case 'svg': |
|
192 | 1 | case 'pdf': |
|
193 | 1 | case 'json': |
|
194 | 1 | return $extension; |
|
195 | default: |
||
196 | 1 | return 'png'; |
|
197 | } |
||
198 | } |
||
199 | |||
200 | 1 | private function checkStyle($style) |
|
201 | { |
||
202 | switch ($style) { |
||
203 | 1 | case 'boring': |
|
204 | 1 | case 'scruffy': |
|
205 | 1 | return $style; |
|
206 | default: |
||
207 | 1 | return 'plain'; |
|
208 | } |
||
209 | } |
||
210 | } |
||
211 |
Let’s take a look at an example:
In the above example, the authenticate() method works fine as long as you just pass instances of MyUser. However, if you now also want to pass a different implementation of User which does not have a getDisplayName() method, the code will break.
Available Fixes
Change the type-hint for the parameter:
Add an additional type-check:
Add the method to the interface: