Issues in DatabaseManager.php (master) - Issues in master - PuShaoWei/SimpleEloquent - Measure and Improve Code Quality continuously with Scrutinizer

Issues (99)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/database/DatabaseManager.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Childish\database;

use PDO;
use Childish\connection\Connection;
use Childish\connection\ConnectionFactory;
use Childish\support\Tools;
use InvalidArgumentException;

/**
 * DatabaseManager
 *
 * @author    Pu ShaoWei <[email protected]>
 * @date      2017/12/7
 * @version   1.0
 */
class DatabaseManager
{
    /**
     * The database connection factory instance.
     *
     * @var ConnectionFactory
     */
    protected $factory;

    /**
     * The active connection instances.
     *
     * @var array
     */
    protected $connections = [];

    /**
     * The custom connection resolvers.
     *
     * @var array
     */
    protected $extensions = [];


    /**
     * DatabaseManager constructor.
     *
     * @param                                       $app
     * @param ConnectionFactory                     $factory
     */
    public function __construct($app, ConnectionFactory $factory)
    {
        $this->app     = $app;
class MyClass { }

$x = new MyClass();
$x->foo = true;
        $this->factory = $factory;
    }

    /**
     * Get a database connection instance.
     *
     * @param  string $name
     * @return \Childish\connection\Connection
     */
    public function connection($name = null)
    {
        list($database, $type) = $this->parseConnectionName($name);

        $name = $name ? : $database;

        // If we haven't created this connection, we'll create it based on the config
        // provided in the application. Once we've created the connections we will
        // set the "fetch mode" for PDO which determines the query return types.
        if (!isset($this->connections[$name])) {
            $this->connections[$name] = $this->configure(
                $this->makeConnection($database), $type
            );
        }

        return $this->connections[$name];
    }

    /**
     * Parse the connection into an array of the name and read / write type.
     *
     * @param  string $name
     * @return array
     */
    protected function parseConnectionName($name)
    {
        $name = $name ? : $this->getDefaultConnection();

        return Tools::endsWith($name, ['::read', '::write'])
            ? explode('::', $name, 2) : [$name, null];
    }

    /**
     * Make the database connection instance.
     *
     * @param  string $name
     * @return \Childish\connection\Connection
     */
    protected function makeConnection($name)
    {
        $config = $this->configuration($name);

        // First we will check by the connection name to see if an extension has been
        // registered specifically for that connection. If it has we will call the
        // Closure and pass it the config allowing it to resolve the connection.
        if (isset($this->extensions[$name])) {
            return call_user_func($this->extensions[$name], $config, $name);
        }

        // Next we will check to see if an extension has been registered for a driver
        // and will call the Closure if so, which allows us to have a more generic
        // resolver for the drivers themselves which applies to all connections.
        if (isset($this->extensions[$driver = $config['driver']])) {
            return call_user_func($this->extensions[$driver], $config, $name);
        }

        return $this->factory->make($config, $name);
    }

    /**
     * Get the configuration for a connection.
     *
     * @param  string $name
     * @return array
     * @throws \InvalidArgumentException
     */
    protected function configuration($name)
    {
        $name = $name ? : $this->getDefaultConnection();

        // To get the database connection configuration, we will just pull each of the
        // connection configurations and get the configurations for the given name.
        // If the configuration doesn't exist, we'll throw an exception and bail.
        $connections = $this->app['config']['database.connections'];

        if (is_null($config = Tools::get($connections, $name))) {
            throw new InvalidArgumentException("Database [$name] not configured.");
        }

        return $config;
    }

    /**
     * Prepare the database connection instance.
     *
     * @param  \Childish\connection\Connection $connection
     * @param  string                          $type
     * @return \Childish\connection\Connection
     */
    protected function configure(Connection $connection, $type)
    {
        $connection = $this->setPdoForType($connection, $type);

        // First we'll set the fetch mode and a few other dependencies of the database
        // connection. This method basically just configures and prepares it to get


        // Here we'll set a reconnector callback. This reconnector can be any callable
        // so we will set a Closure to reconnect from this manager with the name of
        // the connection, which will allow us to reconnect from the connections.
        $connection->setReconnector(function ($connection) {
            $this->reconnect($connection->getName());
        });

        return $connection;
    }

    /**
     * Prepare the read / write mode for database connection instance.
     *
     * @param  \Childish\connection\Connection $connection
     * @param  string                          $type
     * @return \Childish\connection\Connection
     */
    protected function setPdoForType(Connection $connection, $type = null)
    {
        if ($type == 'read') {
            $connection->setPdo($connection->getReadPdo());
        } else if ($type == 'write') {
            $connection->setReadPdo($connection->getPdo());
        }

        return $connection;
    }

    /**
     * Disconnect from the given database and remove from local cache.
     *
     * @param  string $name
     * @return void
     */
    public function purge($name = null)
    {
        $name = $name ? : $this->getDefaultConnection();

        $this->disconnect($name);

        unset($this->connections[$name]);
    }

    /**
     * Disconnect from the given database.
     *
     * @param  string $name
     * @return void
     */
    public function disconnect($name = null)
    {
        if (isset($this->connections[$name = $name ? : $this->getDefaultConnection()])) {
            $this->connections[$name]->disconnect();
        }
    }

    /**
     * Reconnect to the given database.
     *
     * @param  string $name
     * @return \Childish\connection\Connection
     */
    public function reconnect($name = null)
    {
        $this->disconnect($name = $name ? : $this->getDefaultConnection());

        if (!isset($this->connections[$name])) {
            return $this->connection($name);
        }

        return $this->refreshPdoConnections($name);
    }

    /**
     * Refresh the PDO connections on a given connection.
     *
     * @param  string $name
     * @return \Childish\connection\Connection
     */
    protected function refreshPdoConnections($name)
    {
        $fresh = $this->makeConnection($name);

        return $this->connections[$name]
            ->setPdo($fresh->getPdo())
            ->setReadPdo($fresh->getReadPdo());
    }

    /**
     * Get the default connection name.
     *
     * @return string
     */
    public function getDefaultConnection()
    {
        return $this->app['config']['database.default'];
    }

    /**
     * Set the default connection name.
     *
     * @param  string $name
     * @return void
     */
    public function setDefaultConnection($name)
    {
        $this->app['config']['database.default'] = $name;
    }

    /**
     * Get all of the support drivers.
     *
     * @return array
     */
    public function supportedDrivers()
    {
        return ['mysql', 'pgsql', 'sqlite', 'sqlsrv'];
    }

    /**
     * Get all of the drivers that are actually available.
     *
     * @return array
     */
    public function availableDrivers()
    {
        return array_intersect(
            $this->supportedDrivers(),
            str_replace('dblib', 'sqlsrv', PDO::getAvailableDrivers())
        );
    }

    /**
     * Register an extension connection resolver.
     *
     * @param  string   $name
     * @param  callable $resolver
     * @return void
     */
    public function extend($name, callable $resolver)
    {
        $this->extensions[$name] = $resolver;
    }

    /**
     * Return all of the created connections.
     *
     * @return array
     */
    public function getConnections()
    {
        return $this->connections;
    }

    /**
     * Dynamically pass methods to the default connection.
     *
     * @param  string $method
     * @param  array  $parameters
     * @return mixed
     */
    public function __call($method, $parameters)
    {
        return $this->connection()->$method(...$parameters);
    }
}

1			<?php
2			namespace Childish\database;
3
4			use PDO;
5			use Childish\connection\Connection;
6			use Childish\connection\ConnectionFactory;
7			use Childish\support\Tools;
8			use InvalidArgumentException;
9
10			/**
11			* DatabaseManager
12			*
13			* @author Pu ShaoWei <[email protected]>
14			* @date 2017/12/7
15			* @version 1.0
16			*/
17			class DatabaseManager
18			{
19			/**
20			* The database connection factory instance.
21			*
22			* @var ConnectionFactory
23			*/
24			protected $factory;
25
26			/**
27			* The active connection instances.
28			*
29			* @var array
30			*/
31			protected $connections = [];
32
33			/**
34			* The custom connection resolvers.
35			*
36			* @var array
37			*/
38			protected $extensions = [];
39
40
41			/**
42			* DatabaseManager constructor.
43			*
44			* @param $app
45			* @param ConnectionFactory $factory
46			*/
47			public function __construct($app, ConnectionFactory $factory)
48			{
49			$this->app = $app;
			0 ignored issues – show Bug introduced 2017-12-12 07:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `app` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
50			$this->factory = $factory;
51			}
52
53			/**
54			* Get a database connection instance.
55			*
56			* @param string $name
57			* @return \Childish\connection\Connection
58			*/
59			public function connection($name = null)
60			{
61			list($database, $type) = $this->parseConnectionName($name);
62
63			$name = $name ? : $database;
64
65			// If we haven't created this connection, we'll create it based on the config
66			// provided in the application. Once we've created the connections we will
67			// set the "fetch mode" for PDO which determines the query return types.
68			if (!isset($this->connections[$name])) {
69			$this->connections[$name] = $this->configure(
70			$this->makeConnection($database), $type
71			);
72			}
73
74			return $this->connections[$name];
75			}
76
77			/**
78			* Parse the connection into an array of the name and read / write type.
79			*
80			* @param string $name
81			* @return array
82			*/
83			protected function parseConnectionName($name)
84			{
85			$name = $name ? : $this->getDefaultConnection();
86
87			return Tools::endsWith($name, ['::read', '::write'])
88			? explode('::', $name, 2) : [$name, null];
89			}
90
91			/**
92			* Make the database connection instance.
93			*
94			* @param string $name
95			* @return \Childish\connection\Connection
96			*/
97			protected function makeConnection($name)
98			{
99			$config = $this->configuration($name);
100
101			// First we will check by the connection name to see if an extension has been
102			// registered specifically for that connection. If it has we will call the
103			// Closure and pass it the config allowing it to resolve the connection.
104			if (isset($this->extensions[$name])) {
105			return call_user_func($this->extensions[$name], $config, $name);
106			}
107
108			// Next we will check to see if an extension has been registered for a driver
109			// and will call the Closure if so, which allows us to have a more generic
110			// resolver for the drivers themselves which applies to all connections.
111			if (isset($this->extensions[$driver = $config['driver']])) {
112			return call_user_func($this->extensions[$driver], $config, $name);
113			}
114
115			return $this->factory->make($config, $name);
116			}
117
118			/**
119			* Get the configuration for a connection.
120			*
121			* @param string $name
122			* @return array
123			* @throws \InvalidArgumentException
124			*/
125			protected function configuration($name)
126			{
127			$name = $name ? : $this->getDefaultConnection();
128
129			// To get the database connection configuration, we will just pull each of the
130			// connection configurations and get the configurations for the given name.
131			// If the configuration doesn't exist, we'll throw an exception and bail.
132			$connections = $this->app['config']['database.connections'];
133
134			if (is_null($config = Tools::get($connections, $name))) {
135			throw new InvalidArgumentException("Database [$name] not configured.");
136			}
137
138			return $config;
139			}
140
141			/**
142			* Prepare the database connection instance.
143			*
144			* @param \Childish\connection\Connection $connection
145			* @param string $type
146			* @return \Childish\connection\Connection
147			*/
148			protected function configure(Connection $connection, $type)
149			{
150			$connection = $this->setPdoForType($connection, $type);
151
152			// First we'll set the fetch mode and a few other dependencies of the database
153			// connection. This method basically just configures and prepares it to get
154
155
156			// Here we'll set a reconnector callback. This reconnector can be any callable
157			// so we will set a Closure to reconnect from this manager with the name of
158			// the connection, which will allow us to reconnect from the connections.
159			$connection->setReconnector(function ($connection) {
160			$this->reconnect($connection->getName());
161			});
162
163			return $connection;
164			}
165
166			/**
167			* Prepare the read / write mode for database connection instance.
168			*
169			* @param \Childish\connection\Connection $connection
170			* @param string $type
171			* @return \Childish\connection\Connection
172			*/
173			protected function setPdoForType(Connection $connection, $type = null)
174			{
175			if ($type == 'read') {
176			$connection->setPdo($connection->getReadPdo());
177			} else if ($type == 'write') {
178			$connection->setReadPdo($connection->getPdo());
179			}
180
181			return $connection;
182			}
183
184			/**
185			* Disconnect from the given database and remove from local cache.
186			*
187			* @param string $name
188			* @return void
189			*/
190			public function purge($name = null)
191			{
192			$name = $name ? : $this->getDefaultConnection();
193
194			$this->disconnect($name);
195
196			unset($this->connections[$name]);
197			}
198
199			/**
200			* Disconnect from the given database.
201			*
202			* @param string $name
203			* @return void
204			*/
205			public function disconnect($name = null)
206			{
207			if (isset($this->connections[$name = $name ? : $this->getDefaultConnection()])) {
208			$this->connections[$name]->disconnect();
209			}
210			}
211
212			/**
213			* Reconnect to the given database.
214			*
215			* @param string $name
216			* @return \Childish\connection\Connection
217			*/
218			public function reconnect($name = null)
219			{
220			$this->disconnect($name = $name ? : $this->getDefaultConnection());
221
222			if (!isset($this->connections[$name])) {
223			return $this->connection($name);
224			}
225
226			return $this->refreshPdoConnections($name);
227			}
228
229			/**
230			* Refresh the PDO connections on a given connection.
231			*
232			* @param string $name
233			* @return \Childish\connection\Connection
234			*/
235			protected function refreshPdoConnections($name)
236			{
237			$fresh = $this->makeConnection($name);
238
239			return $this->connections[$name]
240			->setPdo($fresh->getPdo())
241			->setReadPdo($fresh->getReadPdo());
242			}
243
244			/**
245			* Get the default connection name.
246			*
247			* @return string
248			*/
249			public function getDefaultConnection()
250			{
251			return $this->app['config']['database.default'];
252			}
253
254			/**
255			* Set the default connection name.
256			*
257			* @param string $name
258			* @return void
259			*/
260			public function setDefaultConnection($name)
261			{
262			$this->app['config']['database.default'] = $name;
263			}
264
265			/**
266			* Get all of the support drivers.
267			*
268			* @return array
269			*/
270			public function supportedDrivers()
271			{
272			return ['mysql', 'pgsql', 'sqlite', 'sqlsrv'];
273			}
274
275			/**
276			* Get all of the drivers that are actually available.
277			*
278			* @return array
279			*/
280			public function availableDrivers()
281			{
282			return array_intersect(
283			$this->supportedDrivers(),
284			str_replace('dblib', 'sqlsrv', PDO::getAvailableDrivers())
285			);
286			}
287
288			/**
289			* Register an extension connection resolver.
290			*
291			* @param string $name
292			* @param callable $resolver
293			* @return void
294			*/
295			public function extend($name, callable $resolver)
296			{
297			$this->extensions[$name] = $resolver;
298			}
299
300			/**
301			* Return all of the created connections.
302			*
303			* @return array
304			*/
305			public function getConnections()
306			{
307			return $this->connections;
308			}
309
310			/**
311			* Dynamically pass methods to the default connection.
312			*
313			* @param string $method
314			* @param array $parameters
315			* @return mixed
316			*/
317			public function __call($method, $parameters)
318			{
319			return $this->connection()->$method(...$parameters);
320			}
321			}

PuShaoWei / SimpleEloquent

Issues (99)

Security Analysis not enabled

src/database/DatabaseManager.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like