Issues in ManagesTransactions.php (master) - Issues in master - PuShaoWei/SimpleEloquent - Measure and Improve Code Quality continuously with Scrutinizer

Issues (99)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/connection/traits/ManagesTransactions.php (12 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Childish\connection\traits;

use Closure;
use Exception;
use Throwable;
use Childish\support\Tools;

/**
 * ManagesTransactions
 *
 * @author    Pu ShaoWei <[email protected]>
 * @date      2017/12/7
 * @version   1.0
 */
trait ManagesTransactions
{
    /**
     * Execute a Closure within a transaction.
     *
     * @param  \Closure  $callback
     * @param  int  $attempts
     * @return mixed
     *
     * @throws \Exception|\Throwable
     */
    public function transaction(Closure $callback, $attempts = 1)
    {
        for ($currentAttempt = 1; $currentAttempt <= $attempts; $currentAttempt++) {
            $this->beginTransaction();

            // We'll simply execute the given callback within a try / catch block and if we
            // catch any exception we can rollback this transaction so that none of this
            // gets actually persisted to a database or stored in a permanent fashion.
            try {
                return $this->higherOrderTap($callback($this), function ($result) {
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
                    $this->commit();
                });
            }

                // If we catch an exception we'll rollback this transaction and try again if we
                // are not out of attempts. If we are out of attempts we will just throw the
                // exception back out and let the developer handle an uncaught exceptions.
            catch (Exception $e) {
                $this->handleTransactionException(
                    $e, $currentAttempt, $attempts
                );
            } catch (Throwable $e) {
                $this->rollBack();

                throw $e;
            }
        }
    }

    /**
     * Handle an exception encountered when running a transacted statement.
     *
     * @param  \Exception  $e
     * @param  int  $currentAttempt
     * @param  int  $maxAttempts
     * @return void
     *
     * @throws \Exception
     */
    protected function handleTransactionException($e, $currentAttempt, $maxAttempts)
    {
        // On a deadlock, MySQL rolls back the entire transaction so we can't just
        // retry the query. We have to throw this exception all the way out and
        // let the developer handle it in another way. We will decrement too.
        if ($this->causedByDeadlock($e) &&
            $this->transactions > 1) {
            --$this->transactions;
class MyClass { }

$x = new MyClass();
$x->foo = true;

            throw $e;
        }

        // If there was an exception we will rollback this transaction and then we
        // can check if we have exceeded the maximum attempt count for this and
        // if we haven't we will return and try this query again in our loop.
        $this->rollBack();

        if ($this->causedByDeadlock($e) &&
            $currentAttempt < $maxAttempts) {
            return;
        }

        throw $e;
    }

    /**
     * Start a new database transaction.
     *
     * @return void
     * @throws \Exception
     */
    public function beginTransaction()
    {
        $this->createTransaction();
        ++$this->transactions;
    }

    /**
     * Create a transaction within the database.
     *
     * @return void
     */
    protected function createTransaction()
    {
        if ($this->transactions == 0) {
            try {
                $this->getPdo()->beginTransaction();
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            } catch (Exception $e) {
                $this->handleBeginTransactionException($e);
            }
        } elseif ($this->transactions >= 1 && $this->queryGrammar->supportsSavepoints()) {
class MyClass { }

$x = new MyClass();
$x->foo = true;
            $this->createSavepoint();
        }
    }

    /**
     * Create a save point within the database.
     *
     * @return void
     */
    protected function createSavepoint()
    {
        $this->getPdo()->exec(
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            $this->queryGrammar->compileSavepoint('trans'.($this->transactions + 1))
        );
    }

    /**
     * Handle an exception from a transaction beginning.
     *
     * @param  \Exception  $e
     * @return void
     *
     * @throws \Exception
     */
    protected function handleBeginTransactionException($e)
    {
        if ($this->causedByLostConnection($e)) {
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
            $this->reconnect();
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}

            $this->pdo->beginTransaction();
class MyClass { }

$x = new MyClass();
$x->foo = true;
        } else {
            throw $e;
        }
    }

    /**
     * Commit the active database transaction.
     *
     * @return void
     */
    public function commit()
    {
        if ($this->transactions == 1) {
            $this->getPdo()->commit();
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
        }

        $this->transactions = max(0, $this->transactions - 1);
    }

    /**
     * Rollback the active database transaction.
     *
     * @param  int|null  $toLevel
     * @return void
     */
    public function rollBack($toLevel = null)
    {
        // We allow developers to rollback to a certain transaction level. We will verify
        // that this given transaction level is valid before attempting to rollback to
        // that level. If it's not we will just return out and not attempt anything.
        $toLevel = is_null($toLevel)
            ? $this->transactions - 1
            : $toLevel;

        if ($toLevel < 0 || $toLevel >= $this->transactions) {
            return;
        }

        // Next, we will actually perform this rollback within this database and fire the
        // rollback event. We will also set the current transaction level to the given
        // level that was passed into this method so it will be right from here out.
        $this->performRollBack($toLevel);

        $this->transactions = $toLevel;
    }

    /**
     * Perform a rollback within the database.
     *
     * @param  int  $toLevel
     * @return void
     */
    protected function performRollBack($toLevel)
    {
        if ($toLevel == 0) {
            $this->getPdo()->rollBack();
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
        } elseif ($this->queryGrammar->supportsSavepoints()) {
            $this->getPdo()->exec(
trait Idable {
    public function equalIds(Idable $other) {
        return $this->getId() === $other->getId();
    }
}
                $this->queryGrammar->compileSavepointRollBack('trans'.($toLevel + 1))
            );
        }
    }

    /**
     * Get the number of active transactions.
     *
     * @return int
     */
    public function transactionLevel()
    {
        return $this->transactions;
    }

    /**
     * Determine if the given exception was caused by a deadlock.
     *
     * @param  \Exception  $e
     * @return bool
     */
    protected function causedByDeadlock(Exception $e)
    {
        $message = $e->getMessage();
        return Tools::contains($message, [
            'Deadlock found when trying to get lock',
            'deadlock detected',
            'The database file is locked',
            'database is locked',
            'database table is locked',
            'A table in the database is locked',
            'has been chosen as the deadlock victim',
            'Lock wait timeout exceeded; try restarting transaction',
        ]);
    }
}


1			<?php
2			namespace Childish\connection\traits;
3
4			use Closure;
5			use Exception;
6			use Throwable;
7			use Childish\support\Tools;
8
9			/**
10			* ManagesTransactions
11			*
12			* @author Pu ShaoWei <[email protected]>
13			* @date 2017/12/7
14			* @version 1.0
15			*/
16			trait ManagesTransactions
17			{
18			/**
19			* Execute a Closure within a transaction.
20			*
21			* @param \Closure $callback
22			* @param int $attempts
23			* @return mixed
24			*
25			* @throws \Exception\|\Throwable
26			*/
27			public function transaction(Closure $callback, $attempts = 1)
28			{
29			for ($currentAttempt = 1; $currentAttempt <= $attempts; $currentAttempt++) {
30			$this->beginTransaction();
31
32			// We'll simply execute the given callback within a try / catch block and if we
33			// catch any exception we can rollback this transaction so that none of this
34			// gets actually persisted to a database or stored in a permanent fashion.
35			try {
36			return $this->higherOrderTap($callback($this), function ($result) {
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `higherOrderTap()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history... Unused Code introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$result` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
37			$this->commit();
38			});
39			}
40
41			// If we catch an exception we'll rollback this transaction and try again if we
42			// are not out of attempts. If we are out of attempts we will just throw the
43			// exception back out and let the developer handle an uncaught exceptions.
44			catch (Exception $e) {
45			$this->handleTransactionException(
46			$e, $currentAttempt, $attempts
47			);
48			} catch (Throwable $e) {
49			$this->rollBack();
50
51			throw $e;
52			}
53			}
54			}
55
56			/**
57			* Handle an exception encountered when running a transacted statement.
58			*
59			* @param \Exception $e
60			* @param int $currentAttempt
61			* @param int $maxAttempts
62			* @return void
63			*
64			* @throws \Exception
65			*/
66			protected function handleTransactionException($e, $currentAttempt, $maxAttempts)
67			{
68			// On a deadlock, MySQL rolls back the entire transaction so we can't just
69			// retry the query. We have to throw this exception all the way out and
70			// let the developer handle it in another way. We will decrement too.
71			if ($this->causedByDeadlock($e) &&
72			$this->transactions > 1) {
73			--$this->transactions;
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `transactions` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
74
75			throw $e;
76			}
77
78			// If there was an exception we will rollback this transaction and then we
79			// can check if we have exceeded the maximum attempt count for this and
80			// if we haven't we will return and try this query again in our loop.
81			$this->rollBack();
82
83			if ($this->causedByDeadlock($e) &&
84			$currentAttempt < $maxAttempts) {
85			return;
86			}
87
88			throw $e;
89			}
90
91			/**
92			* Start a new database transaction.
93			*
94			* @return void
95			* @throws \Exception
96			*/
97			public function beginTransaction()
98			{
99			$this->createTransaction();
100			++$this->transactions;
101			}
102
103			/**
104			* Create a transaction within the database.
105			*
106			* @return void
107			*/
108			protected function createTransaction()
109			{
110			if ($this->transactions == 0) {
111			try {
112			$this->getPdo()->beginTransaction();
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `getPdo()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
113			} catch (Exception $e) {
114			$this->handleBeginTransactionException($e);
115			}
116			} elseif ($this->transactions >= 1 && $this->queryGrammar->supportsSavepoints()) {
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `queryGrammar` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
117			$this->createSavepoint();
118			}
119			}
120
121			/**
122			* Create a save point within the database.
123			*
124			* @return void
125			*/
126			protected function createSavepoint()
127			{
128			$this->getPdo()->exec(
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `getPdo()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
129			$this->queryGrammar->compileSavepoint('trans'.($this->transactions + 1))
130			);
131			}
132
133			/**
134			* Handle an exception from a transaction beginning.
135			*
136			* @param \Exception $e
137			* @return void
138			*
139			* @throws \Exception
140			*/
141			protected function handleBeginTransactionException($e)
142			{
143			if ($this->causedByLostConnection($e)) {
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `causedByLostConnection()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
144			$this->reconnect();
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `reconnect()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
145
146			$this->pdo->beginTransaction();
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `pdo` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
147			} else {
148			throw $e;
149			}
150			}
151
152			/**
153			* Commit the active database transaction.
154			*
155			* @return void
156			*/
157			public function commit()
158			{
159			if ($this->transactions == 1) {
160			$this->getPdo()->commit();
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `getPdo()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
161			}
162
163			$this->transactions = max(0, $this->transactions - 1);
164			}
165
166			/**
167			* Rollback the active database transaction.
168			*
169			* @param int\|null $toLevel
170			* @return void
171			*/
172			public function rollBack($toLevel = null)
173			{
174			// We allow developers to rollback to a certain transaction level. We will verify
175			// that this given transaction level is valid before attempting to rollback to
176			// that level. If it's not we will just return out and not attempt anything.
177			$toLevel = is_null($toLevel)
178			? $this->transactions - 1
179			: $toLevel;
180
181			if ($toLevel < 0 \|\| $toLevel >= $this->transactions) {
182			return;
183			}
184
185			// Next, we will actually perform this rollback within this database and fire the
186			// rollback event. We will also set the current transaction level to the given
187			// level that was passed into this method so it will be right from here out.
188			$this->performRollBack($toLevel);
189
190			$this->transactions = $toLevel;
191			}
192
193			/**
194			* Perform a rollback within the database.
195			*
196			* @param int $toLevel
197			* @return void
198			*/
199			protected function performRollBack($toLevel)
200			{
201			if ($toLevel == 0) {
202			$this->getPdo()->rollBack();
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `getPdo()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
203			} elseif ($this->queryGrammar->supportsSavepoints()) {
204			$this->getPdo()->exec(
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `getPdo()` must be provided by classes using this trait. How about adding it as abstract method to this trait? This check looks for methods that are used by a trait but not required by it. To illustrate, let’s look at the following code example trait Idable { public function equalIds(Idable $other) { return $this->getId() === $other->getId(); } } The trait `Idable` provides a method `equalsId` that in turn relies on the method `getId()`. If this method does not exist on a class mixing in this trait, the method will fail. Adding the `getId()` as an abstract method to the trait will make sure it is available. Loading history...
205			$this->queryGrammar->compileSavepointRollBack('trans'.($toLevel + 1))
206			);
207			}
208			}
209
210			/**
211			* Get the number of active transactions.
212			*
213			* @return int
214			*/
215			public function transactionLevel()
216			{
217			return $this->transactions;
218			}
219
220			/**
221			* Determine if the given exception was caused by a deadlock.
222			*
223			* @param \Exception $e
224			* @return bool
225			*/
226			protected function causedByDeadlock(Exception $e)
227			{
228			$message = $e->getMessage();
229			return Tools::contains($message, [
230			'Deadlock found when trying to get lock',
231			'deadlock detected',
232			'The database file is locked',
233			'database is locked',
234			'database table is locked',
235			'A table in the database is locked',
236			'has been chosen as the deadlock victim',
237			'Lock wait timeout exceeded; try restarting transaction',
238			]);
239			}
240			}
241

PuShaoWei / SimpleEloquent

Issues (99)

Security Analysis not enabled

src/connection/traits/ManagesTransactions.php (12 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like