Issues (1446)

Security Analysis    no request data  

This project does not seem to handle request data directly as such no vulnerable execution paths were found.

  Cross-Site Scripting
Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.
  File Exposure
File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.
  File Manipulation
File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.
  Object Injection
Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.
  Code Injection
Code Injection enables an attacker to execute arbitrary code on the server.
  Response Splitting
Response Splitting can be used to send arbitrary responses.
  File Inclusion
File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.
  Command Injection
Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.
  SQL Injection
SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.
  XPath Injection
XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.
  LDAP Injection
LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.
  Header Injection
  Other Vulnerability
This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.
  Regex Injection
Regex Injection enables an attacker to execute arbitrary code in your PHP process.
  XML Injection
XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.
  Variable Injection
Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.
Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

LazyLoadingValueHolderPropertyAccessBench.php (1 issue)

Labels
Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

1
<?php
2
3
declare(strict_types=1);
4
5
namespace ProxyManagerBench;
6
7
use Closure;
8
use PhpBench\Benchmark\Metadata\Annotations\BeforeMethods;
9
use ProxyManager\Generator\ClassGenerator;
10
use ProxyManager\GeneratorStrategy\EvaluatingGeneratorStrategy;
11
use ProxyManager\Proxy\ValueHolderInterface;
12
use ProxyManager\Proxy\VirtualProxyInterface;
13
use ProxyManager\ProxyGenerator\LazyLoadingValueHolderGenerator;
14
use ProxyManagerTestAsset\ClassWithMixedProperties;
15
use ProxyManagerTestAsset\ClassWithPublicProperties;
16
use ProxyManagerTestAsset\EmptyClass;
17
use ReflectionClass;
18
use function assert;
19
use function class_exists;
20
use function is_a;
21
22
/**
23
 * Benchmark that provides results for state access/initialization time for lazy loading value holder proxies
24
 *
25
 * @BeforeMethods({"setUp"})
26
 */
27
final class LazyLoadingValueHolderPropertyAccessBench
28
{
29
    /** @var EmptyClass&VirtualProxyInterface */
30
    private EmptyClass $emptyClassProxy;
0 ignored issues
show
This code did not parse for me. Apparently, there is an error somewhere around this line:

Syntax error, unexpected T_STRING, expecting T_FUNCTION or T_CONST
Loading history...
31
32
    /** @var EmptyClass&VirtualProxyInterface */
33
    private EmptyClass $initializedEmptyClassProxy;
34
35
    /** @var ClassWithPublicProperties&VirtualProxyInterface */
36
    private ClassWithPublicProperties $publicPropertiesProxy;
37
38
    /** @var ClassWithPublicProperties&VirtualProxyInterface */
39
    private ClassWithPublicProperties $initializedPublicPropertiesProxy;
40
41
    /** @var ClassWithMixedProperties&VirtualProxyInterface */
42
    private ClassWithMixedProperties $mixedPropertiesProxy;
43
44
    /** @var ClassWithMixedProperties&VirtualProxyInterface */
45
    private ClassWithMixedProperties $initializedMixedPropertiesProxy;
46
47
    public function setUp() : void
48
    {
49
        $emptyClassProxy                  = $this->buildProxy(EmptyClass::class);
50
        $publicPropertiesProxy            = $this->buildProxy(ClassWithPublicProperties::class);
51
        $mixedPropertiesProxy             = $this->buildProxy(ClassWithMixedProperties::class);
52
        $initializedEmptyClassProxy       = $this->buildProxy(EmptyClass::class);
53
        $initializedPublicPropertiesProxy = $this->buildProxy(ClassWithPublicProperties::class);
54
        $initializedMixedPropertiesProxy  = $this->buildProxy(ClassWithMixedProperties::class);
55
56
        assert($emptyClassProxy instanceof VirtualProxyInterface);
57
        assert($publicPropertiesProxy instanceof VirtualProxyInterface);
58
        assert($mixedPropertiesProxy instanceof VirtualProxyInterface);
59
        assert($initializedEmptyClassProxy instanceof VirtualProxyInterface);
60
        assert($initializedPublicPropertiesProxy instanceof VirtualProxyInterface);
61
        assert($initializedMixedPropertiesProxy instanceof VirtualProxyInterface);
62
63
        assert($emptyClassProxy instanceof EmptyClass);
64
        assert($publicPropertiesProxy instanceof ClassWithPublicProperties);
65
        assert($mixedPropertiesProxy instanceof ClassWithMixedProperties);
66
        assert($initializedEmptyClassProxy instanceof EmptyClass);
67
        assert($initializedPublicPropertiesProxy instanceof ClassWithPublicProperties);
68
        assert($initializedMixedPropertiesProxy instanceof ClassWithMixedProperties);
69
70
        $this->emptyClassProxy       = $emptyClassProxy;
71
        $this->publicPropertiesProxy = $publicPropertiesProxy;
72
        $this->mixedPropertiesProxy  = $mixedPropertiesProxy;
73
74
        $this->initializedEmptyClassProxy       = $initializedEmptyClassProxy;
75
        $this->initializedPublicPropertiesProxy = $initializedPublicPropertiesProxy;
76
        $this->initializedMixedPropertiesProxy  = $initializedMixedPropertiesProxy;
77
78
        $this->initializedEmptyClassProxy->initializeProxy();
79
        $this->initializedPublicPropertiesProxy->initializeProxy();
80
        $this->initializedMixedPropertiesProxy->initializeProxy();
81
    }
82
83
    public function benchEmptyClassInitialization() : void
84
    {
85
        $this->emptyClassProxy->initializeProxy();
86
    }
87
88
    public function benchInitializedEmptyClassInitialization() : void
89
    {
90
        $this->initializedEmptyClassProxy->initializeProxy();
91
    }
92
93
    public function benchObjectWithPublicPropertiesInitialization() : void
94
    {
95
        $this->publicPropertiesProxy->initializeProxy();
96
    }
97
98
    public function benchInitializedObjectWithPublicPropertiesInitialization() : void
99
    {
100
        $this->initializedPublicPropertiesProxy->initializeProxy();
101
    }
102
103
    public function benchObjectWithPublicPropertiesPropertyRead() : void
104
    {
105
        $this->publicPropertiesProxy->property0;
106
    }
107
108
    public function benchInitializedObjectWithPublicPropertiesPropertyRead() : void
109
    {
110
        $this->initializedPublicPropertiesProxy->property0;
111
    }
112
113
    public function benchObjectWithPublicPropertiesPropertyWrite() : void
114
    {
115
        $this->publicPropertiesProxy->property0 = 'foo';
116
    }
117
118
    public function benchInitializedObjectWithPublicPropertiesPropertyWrite() : void
119
    {
120
        $this->initializedPublicPropertiesProxy->property0 = 'foo';
121
    }
122
123
    public function benchObjectWithPublicPropertiesPropertyIsset() : void
124
    {
125
        /* @noinspection PhpExpressionResultUnusedInspection */
126
        /* @noinspection UnSafeIsSetOverArrayInspection */
127
        isset($this->publicPropertiesProxy->property0);
128
    }
129
130
    public function benchInitializedObjectWithPublicPropertiesPropertyIsset() : void
131
    {
132
        /* @noinspection PhpExpressionResultUnusedInspection */
133
        /* @noinspection UnSafeIsSetOverArrayInspection */
134
        isset($this->initializedPublicPropertiesProxy->property0);
135
    }
136
137
    public function benchObjectWithPublicPropertiesPropertyUnset() : void
138
    {
139
        unset($this->publicPropertiesProxy->property0);
140
    }
141
142
    public function benchInitializedObjectWithPublicPropertiesPropertyUnset() : void
143
    {
144
        unset($this->initializedPublicPropertiesProxy->property0);
145
    }
146
147
    public function benchObjectWithMixedPropertiesInitialization() : void
148
    {
149
        $this->mixedPropertiesProxy->initializeProxy();
150
    }
151
152
    public function benchInitializedObjectWithMixedPropertiesInitialization() : void
153
    {
154
        $this->initializedMixedPropertiesProxy->initializeProxy();
155
    }
156
157
    public function benchObjectWithMixedPropertiesPropertyRead() : void
158
    {
159
        $this->mixedPropertiesProxy->publicProperty0;
160
    }
161
162
    public function benchInitializedObjectWithMixedPropertiesPropertyRead() : void
163
    {
164
        $this->initializedMixedPropertiesProxy->publicProperty0;
165
    }
166
167
    public function benchObjectWithMixedPropertiesPropertyWrite() : void
168
    {
169
        $this->mixedPropertiesProxy->publicProperty0 = 'foo';
170
    }
171
172
    public function benchInitializedObjectWithMixedPropertiesPropertyWrite() : void
173
    {
174
        $this->initializedMixedPropertiesProxy->publicProperty0 = 'foo';
175
    }
176
177
    public function benchObjectWithMixedPropertiesPropertyIsset() : void
178
    {
179
        /* @noinspection PhpExpressionResultUnusedInspection */
180
        /* @noinspection UnSafeIsSetOverArrayInspection */
181
        isset($this->mixedPropertiesProxy->publicProperty0);
182
    }
183
184
    public function benchInitializedObjectWithMixedPropertiesPropertyIsset() : void
185
    {
186
        /* @noinspection PhpExpressionResultUnusedInspection */
187
        /* @noinspection UnSafeIsSetOverArrayInspection */
188
        isset($this->initializedMixedPropertiesProxy->publicProperty0);
189
    }
190
191
    public function benchObjectWithMixedPropertiesPropertyUnset() : void
192
    {
193
        unset($this->mixedPropertiesProxy->publicProperty0);
194
    }
195
196
    public function benchInitializedObjectWithMixedPropertiesPropertyUnset() : void
197
    {
198
        unset($this->initializedMixedPropertiesProxy->publicProperty0);
199
    }
200
201
    /**
202
     * @psalm-template OriginalClass
203
     * @psalm-param class-string<OriginalClass> $originalClass
204
     * @psalm-return OriginalClass&ValueHolderInterface<OriginalClass>&VirtualProxyInterface
205
     * @psalm-suppress MixedInferredReturnType
206
     */
207
    private function buildProxy(string $originalClass) : VirtualProxyInterface
208
    {
209
        /**
210
         * @psalm-suppress MixedReturnStatement
211
         * @psalm-suppress MixedMethodCall
212
         */
213
        return $this->generateProxyClass($originalClass)::staticProxyConstructor(
214
            static function (
215
                ?object & $valueHolder,
216
                VirtualProxyInterface $proxy,
217
                string $method,
218
                array $params,
219
                ?Closure & $initializer
220
            ) use ($originalClass) : bool {
221
                $initializer = null;
222
223
                $valueHolder = new $originalClass();
224
225
                return true;
226
            }
227
        );
228
    }
229
230
    /**
231
     * @psalm-template OriginalClass
232
     * @psalm-param class-string<OriginalClass> $originalClassName
233
     * @psalm-return class-string<OriginalClass>
234
     * @psalm-suppress MoreSpecificReturnType
235
     */
236
    private function generateProxyClass(string $originalClassName) : string
237
    {
238
        $generatedClassName = self::class . '\\' . $originalClassName;
239
240
        if (class_exists($generatedClassName)) {
241
            assert(is_a($generatedClassName, $originalClassName, true));
242
243
            return $generatedClassName;
244
        }
245
246
        $generatedClass = new ClassGenerator($generatedClassName);
247
248
        (new LazyLoadingValueHolderGenerator())->generate(new ReflectionClass($originalClassName), $generatedClass);
249
        (new EvaluatingGeneratorStrategy())->generate($generatedClass);
250
251
        /** @psalm-suppress LessSpecificReturnStatement */
252
        return $generatedClassName;
253
    }
254
}
255