Issues in Array.php (master) - Issues in master - OpenBuildings/jam - Measure and Improve Code Quality continuously with Scrutinizer

Issues (279)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

classes/Kohana/Jam/Array.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php defined('SYSPATH') OR die('No direct script access.');

/**
 * A base iterator class, execute _load_contnet on any interaction with the array. Can be serialized properly
 *
 * @package    Jam
 * @category   Associations
 * @author     Ivan Kerin
 * @copyright  (c) 2011-2012 Despark Ltd.
 * @license    http://www.opensource.org/licenses/isc-license.txt
 */
abstract class Kohana_Jam_Array implements Countable, ArrayAccess, Iterator, Serializable {

	public static function factory()
	{
		return new Jam_Array();
	}

	/**
	 * An array of booleans that flags which entries have been changed
	 * @var array
	 */
	protected $_changed = array();

	/**
	 * This is set to true when any entries are removed
	 * @var boolean
	 */
	protected $_removed = FALSE;

	/**
	 * The content loaded with _load_content. The main store of this iterator
	 * @var array
	 */
	protected $_content = NULL;

	/**
	 * Iterator implementation
	 * @var integer
	 */
	protected $_current = 0;

	/**
	 * Load the _content variable. This is used to lazy load the content of this iterator
	 */
	protected function _load_content()
	{
		if ( ! $this->_content)

			throw new Kohana_Exception('Content has not been loaded');
	}

	/**
	 * Load each of the entries of this iterator. Called everytime an entry is requested. Use it to lazy load each item
	 * @param  mixed    $value
	 * @param  boolean  $is_changed
	 * @param  int      $offset
	 * @return mixed
	 */
	protected function _load_item($value, $is_changed, $offset)
	{
		return $value;
	}

	/**
	 * Getter / Setter of the content. Lazy loads with _load_content();
	 * @param  array $content
	 * @return array
	 */
	public function content(array $content = NULL)
	{
		if ($content !== NULL)
		{
			$this->_content = $content;
			return $this;
		}

		$this->_load_content();

		return $this->_content;
	}

	/**
	 * Getter for the changed array - check if any or a particular item has been changed
	 * @param  int $offset
	 * @return bool
	 */
	public function changed($offset = NULL)
	{
		if ($offset !== NULL)
			return isset($this->_changed[$offset]);

		return ( (bool) $this->_changed OR $this->_removed);
	}

	/**
	 * Reset the content so it can be loaded again
	 * @return Jam_Array
	 */
	public function reload()
	{
		$this->_changed = array();
		$this->_removed = FALSE;
		$this->_current = 0;
		$this->_content = NULL;


		return $this;
	}

	/**
	 * Implement Countable
	 * @return int
	 */
	public function count()
	{
		$this->_load_content();

		if ($this->_content === NULL)
			return 0;

		return count($this->_content);
	}

	/**
	 * Implement ArrayAccess. Lazy load with _load_content, and the item with _load_item
	 *
	 * @param  int $offset
	 * @return Jam_Model
	 */
	public function offsetGet($offset)
	{
		$this->_load_content();

		if (is_array($this->_content) AND ! array_key_exists($offset, $this->_content))
			return NULL;

		return $this->_load_item($this->_content[$offset] ?? null, isset($this->_changed[$offset]), $offset);
	}

	/**
	 * Implement ArrayAccess. Lazy load with _load_content
	 *
	 * @param  int $offset
	 * @return boolean
	 */
	public function offsetExists($offset)
	{
		$this->_load_content();

		return isset($this->_content[$offset]);
	}

	/**
	 * Implement ArrayAccess. Lazy load with _load_content
	 */
	public function offsetSet($offset, $value)
	{
		$this->_load_content();

		if ($offset === NULL)
		{
			$this->_content[] = $value;
			$this->_changed[count($this->_content) - 1] = TRUE;
		}
		elseif ($this->_content !== NULL)
		{
			$this->_content[$offset] = $value;
			$this->_changed[$offset] = TRUE;
		}
	}

	/**
	 * Implement ArrayAccess. Lazy load with _load_content
	 */
	public function offsetUnset($offset)
	{
		$this->_load_content();
		if ($this->_content)

		{
			array_splice($this->_content, $offset, 1);
			array_splice($this->_changed, $offset, 1);

			$this->_removed = TRUE;
		}

	}

	/**
	 * Implement Iterator
	 */
	public function rewind()
	{
		$this->_current = 0;
	}

	/**
	 * Implement Iterator. Lazy load with _load_content and the item with _load_item
	 * @return  Jam_Model
	 */
	public function current()
	{
		$this->_load_content();
		if ( ! $this->valid())
			return NULL;

		return $this->_load_item($this->_content[$this->_current] ?? null, isset($this->_changed[$this->_current]), $this->_current);
	}

	/**
	 * Implement Iterator
	 * @return  int
	 */
	public function key()
	{
		return $this->_current;
	}

	/**
	 * Implement Iterator
	 */
	public function next()
	{
		$this->_current ++;
	}

	/**
	 * Implement Iterator. Lazy load with _load_content
	 * @return  bool
	 */
	public function valid()
	{
		$this->_load_content();
		return is_array($this->_content) AND array_key_exists($this->_current, $this->_content);
	}

	/**
	 * Implement Serializable. Lazy load with _load_content
	 * @return string
	 */
	public function serialize()
	{
		$this->_load_content();

		return serialize(array(
			'changed' => $this->_changed,
			'content' => $this->_content,
			'removed' => $this->_removed,
			'current' => $this->_current,
		));
	}

	/**
	 * Implement Serializable.
	 * @param  string $data [description]
	 */
	public function unserialize($data)
	{
		$data = unserialize($data);

		$this->_changed = $data['changed'];
		$this->_content = $data['content'];
		$this->_removed = $data['removed'];
		$this->_current = $data['current'];
	}
}


1		<?php defined('SYSPATH') OR die('No direct script access.');
2
3		/**
4		* A base iterator class, execute _load_contnet on any interaction with the array. Can be serialized properly
5		*
6		* @package Jam
7		* @category Associations
8		* @author Ivan Kerin
9		* @copyright (c) 2011-2012 Despark Ltd.
10		* @license http://www.opensource.org/licenses/isc-license.txt
11		*/
12		abstract class Kohana_Jam_Array implements Countable, ArrayAccess, Iterator, Serializable {
13
14		public static function factory()
15		{
16		return new Jam_Array();
17		}
18
19		/**
20		* An array of booleans that flags which entries have been changed
21		* @var array
22		*/
23		protected $_changed = array();
24
25		/**
26		* This is set to true when any entries are removed
27		* @var boolean
28		*/
29		protected $_removed = FALSE;
30
31		/**
32		* The content loaded with _load_content. The main store of this iterator
33		* @var array
34		*/
35		protected $_content = NULL;
36
37		/**
38		* Iterator implementation
39		* @var integer
40		*/
41		protected $_current = 0;
42
43		/**
44		* Load the _content variable. This is used to lazy load the content of this iterator
45		*/
46	5	protected function _load_content()
47		{
48	5	if ( ! $this->_content)
		0 ignored issues – show Bug Best Practice introduced 2015-11-24 23:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->_content` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
49	1	throw new Kohana_Exception('Content has not been loaded');
50	4	}
51
52		/**
53		* Load each of the entries of this iterator. Called everytime an entry is requested. Use it to lazy load each item
54		* @param mixed $value
55		* @param boolean $is_changed
56		* @param int $offset
57		* @return mixed
58		*/
59	2	protected function _load_item($value, $is_changed, $offset)
60		{
61	2	return $value;
62		}
63
64		/**
65		* Getter / Setter of the content. Lazy loads with _load_content();
66		* @param array $content
67		* @return array
68		*/
69	9	public function content(array $content = NULL)
70		{
71	9	if ($content !== NULL)
72		{
73	4	$this->_content = $content;
74	4	return $this;
75		}
76
77	7	$this->_load_content();
78
79	6	return $this->_content;
80		}
81
82		/**
83		* Getter for the changed array - check if any or a particular item has been changed
84		* @param int $offset
85		* @return bool
86		*/
87	8	public function changed($offset = NULL)
88		{
89	8	if ($offset !== NULL)
90	4	return isset($this->_changed[$offset]);
91
92	7	return ( (bool) $this->_changed OR $this->_removed);
93		}
94
95		/**
96		* Reset the content so it can be loaded again
97		* @return Jam_Array
98		*/
99		public function reload()
100		{
101		$this->_changed = array();
102		$this->_removed = FALSE;
103		$this->_current = 0;
104		$this->_content = NULL;
		0 ignored issues – show Documentation Bug introduced 2015-11-24 23:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `NULL` of type `null` is incompatible with the declared type `array` of property `$_content`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
105
106		return $this;
107		}
108
109		/**
110		* Implement Countable
111		* @return int
112		*/
113	5	public function count()
114		{
115	5	$this->_load_content();
116
117	5	if ($this->_content === NULL)
118		return 0;
119
120	5	return count($this->_content);
121		}
122
123		/**
124		* Implement ArrayAccess. Lazy load with _load_content, and the item with _load_item
125		*
126		* @param int $offset
127		* @return Jam_Model
128		*/
129	14	public function offsetGet($offset)
130		{
131	14	$this->_load_content();
132
133	14	if (is_array($this->_content) AND ! array_key_exists($offset, $this->_content))
134	1	return NULL;
135
136	14	return $this->_load_item($this->_content[$offset] ?? null, isset($this->_changed[$offset]), $offset);
137		}
138
139		/**
140		* Implement ArrayAccess. Lazy load with _load_content
141		*
142		* @param int $offset
143		* @return boolean
144		*/
145		public function offsetExists($offset)
146		{
147		$this->_load_content();
148
149		return isset($this->_content[$offset]);
150		}
151
152		/**
153		* Implement ArrayAccess. Lazy load with _load_content
154		*/
155	13	public function offsetSet($offset, $value)
156		{
157	13	$this->_load_content();
158
159	13	if ($offset === NULL)
160		{
161	12	$this->_content[] = $value;
162	12	$this->_changed[count($this->_content) - 1] = TRUE;
163		}
164	5	elseif ($this->_content !== NULL)
165		{
166	5	$this->_content[$offset] = $value;
167	5	$this->_changed[$offset] = TRUE;
168		}
169	13	}
170
171		/**
172		* Implement ArrayAccess. Lazy load with _load_content
173		*/
174	6	public function offsetUnset($offset)
175		{
176	6	$this->_load_content();
177	6	if ($this->_content)
		0 ignored issues – show Bug Best Practice introduced 2015-11-24 23:50 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->_content` of type `array` is implicitly converted to a boolean; are you sure this is intended? If so, consider using `! empty($expr)` instead to make it clear that you intend to check for an array without elements. This check marks implicit conversions of arrays to boolean values in a comparison. While in PHP an empty array is considered to be equal (but not identical) to false, this is not always apparent. Consider making the comparison explicit by using `empty(..)` or `! empty(...)` instead. Loading history...
178		{
179	6	array_splice($this->_content, $offset, 1);
180	6	array_splice($this->_changed, $offset, 1);
181
182	6	$this->_removed = TRUE;
183		}
184
185	6	}
186
187		/**
188		* Implement Iterator
189		*/
190	16	public function rewind()
191		{
192	16	$this->_current = 0;
193	16	}
194
195		/**
196		* Implement Iterator. Lazy load with _load_content and the item with _load_item
197		* @return Jam_Model
198		*/
199	11	public function current()
200		{
201	11	$this->_load_content();
202	11	if ( ! $this->valid())
203		return NULL;
204
205	11	return $this->_load_item($this->_content[$this->_current] ?? null, isset($this->_changed[$this->_current]), $this->_current);
206		}
207
208		/**
209		* Implement Iterator
210		* @return int
211		*/
212	11	public function key()
213		{
214	11	return $this->_current;
215		}
216
217		/**
218		* Implement Iterator
219		*/
220	12	public function next()
221		{
222	12	$this->_current ++;
223	12	}
224
225		/**
226		* Implement Iterator. Lazy load with _load_content
227		* @return bool
228		*/
229	15	public function valid()
230		{
231	15	$this->_load_content();
232	15	return is_array($this->_content) AND array_key_exists($this->_current, $this->_content);
233		}
234
235		/**
236		* Implement Serializable. Lazy load with _load_content
237		* @return string
238		*/
239	1	public function serialize()
240		{
241	1	$this->_load_content();
242
243	1	return serialize(array(
244	1	'changed' => $this->_changed,
245	1	'content' => $this->_content,
246	1	'removed' => $this->_removed,
247	1	'current' => $this->_current,
248		));
249		}
250
251		/**
252		* Implement Serializable.
253		* @param string $data [description]
254		*/
255	1	public function unserialize($data)
256		{
257	1	$data = unserialize($data);
258
259	1	$this->_changed = $data['changed'];
260	1	$this->_content = $data['content'];
261	1	$this->_removed = $data['removed'];
262	1	$this->_current = $data['current'];
263	1	}
264		}
265

OpenBuildings / jam

Issues (279)

Security Analysis no request data

classes/Kohana/Jam/Array.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like