Issues in WebTestCase.php (master) - Issues in master - QualityCodePhp/ApiFeaturesBundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Tests/Functionnal/WebTestCase.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace QualityCode\ApiFeaturesBundle\Tests\Functionnal;

use Faker\Factory as FakerFactory;
use Symfony\Bundle\FrameworkBundle\Client;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase as BaseWebTestCase;

class WebTestCase extends BaseWebTestCase
{
    protected $faker;

    /**
     * @var array
     */
    protected $fieldsList;

    /**
     * @var array
     */
    protected $fieldsDetails = [];

    /**
     * @var array
     */
    protected $links = [
        'self', 'create', 'update', 'patch', 'remove', 'list',
    ];

    /**
     * @var array
     */
    protected $itemValues;

    /**
     * @var array
     */
    protected $itemsBadValues;

    /**
     * @var string
     */
    protected $route;

    /**
     * @var string
     */
    protected $username = null;

    /**
     * @var string
     */
    protected $password = null;

    protected function setUp()
    {
        $this->faker = FakerFactory::create();
    }

    /**
     * @param string $route
     * @param int    $expectedItems
     */
    protected function checkGetAll(string $route, int $expectedItems)

    {
        $client = $this->getClient();
        $client->request('GET', $route);
        $this->checkStatusCodeAndContentType($client, 200);

        $items = json_decode($client->getResponse()->getContent());

        $this->checkIfListHaveRightStructure($items);

        $this->checkItemList($items, $expectedItems);
    }

    /**
     * @param string $route
     */
    protected function checkGetAnElement(string $route)
    {
        $client = $this->getClient();
        $client->request('GET', $route);
        $this->checkStatusCodeAndContentType($client, 200);
        $item = json_decode($client->getResponse()->getContent());

        $this->checkIfItemHasTheRightFieldsNumber((array) $item, true);
        $this->checkIfItemHasFields((array) $item);
        $this->checkIfItemHasLinks((array) $item);
    }

    /**
     * @param string $route
     */
    protected function checkGetAUnexistingElement(string $route)

    {
        $client = $this->getClient();
        $client->request('GET', $route);
        $this->checkStatusCodeAndContentType($client, '404');
        $adresse = json_decode($client->getResponse()->getContent());

        $this->assertArrayHasKey('message', (array) $adresse);
        $this->assertSame('Element not found', $adresse->message);
    }

    /**
     * @param string $route
     * @param string $method
     */
    protected function checkUpdateOrPatchAUnexistingElement(string $route, string $method)
    {
        $client = $this->getClient();
        $client->request(
                $method, $route, [], [], ['CONTENT_TYPE' => 'application/json'], json_encode($this->itemValues)
        );

        $this->checkStatusCodeAndContentType($client, 404);
        $item = json_decode($client->getResponse()->getContent());
        $this->assertArrayHasKey('message', (array) $item);
        $this->assertSame('Element not found', $item->message);
    }

    /**
     * @param string $route
     * @param bool   $mustHaveErrors
     * @param string $method
     */
    protected function checkAddOrUpdateOrPatchAnElement(string $route, bool $mustHaveErrors = false, string $method = 'POST')
    {
        $values = $this->itemValues;
        $statusCode = $method === 'POST' ? 201 : 200;
        if ($mustHaveErrors) {
            $values = $this->itemsBadValues;
            $statusCode = 400;
        }

        $client = $this->getClient();
        $client->request(
                $method, $route, [], [], ['CONTENT_TYPE' => 'application/json'], json_encode($values)
        );
        $this->checkStatusCodeAndContentType($client, $statusCode);
        $item = json_decode($client->getResponse()->getContent(), true);

        if (!$mustHaveErrors) {
            $this->checkIfItemHasTheRightFieldsNumber((array) $item, true);
            $this->checkIfItemHasFields((array) $item);
            $this->checkIfItemHasLinks((array) $item);
            foreach ($values as $key => $value) {
                $this->assertSame($value, $item[$key]);
            }
        } else {
            $this->assertSame(3, count((array) $item));
            $this->assertArrayHasKey('code', (array) $item);
            $this->assertArrayHasKey('message', (array) $item);
            $this->assertArrayHasKey('errors', (array) $item);
        }
    }

    /**
     * @param Client $client
     * @param int    $statusCode
     */
    protected function checkStatusCodeAndContentType(Client $client, int $statusCode)
    {
        $this->assertSame($statusCode, $client->getResponse()->getStatusCode());
        $this->assertTrue(
                $client->getResponse()->headers->contains(
                        'Content-Type', 'application/json'
                ), 'the "Content-Type" header is "application/json"'
        );
    }

    /**
     * @param string $route
     */
    protected function checkDeleteAnElement(string $route)
    {
        $client = $this->getClient();
        $client->request('DELETE', $route);

        $this->assertSame(204, $client->getResponse()->getStatusCode());
    }

    /**
     * @param string $method
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     * @param string $route
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     *
     * @return Client
     */
    protected function getClient($withAuthentification = true)
    {
        $client = static::createClient();

        if ($withAuthentification) {
            $token = $this->username && $this->password ? $this->authorize($this->username, $this->password) : $this->authorize();
            $client->setServerParameter('HTTP_Authorization', sprintf('Bearer %s', $token));
        }

        return $client;
    }

    /**
     * @param array $item
     */
    protected function checkIfItemHasFields(array $item)
    {
        foreach ($this->fieldsList as $fieldName) {
            $this->assertArrayHasKey($fieldName, (array) $item);
        }
    }

    /**
     * @param array $item
     */
    protected function checkIfItemHasLinks(array $item)
    {
        $this->assertArrayHasKey('_links', (array) $item);
        foreach ($this->links as $fieldName) {
            $this->assertArrayHasKey($fieldName, (array) $item['_links']);
        }
    }

    /**
     * @param array $item
     */
    protected function checkIfItemHasTheRightFieldsNumber(array $item, $isDetails = false)
    {
        if ($isDetails) {
            $this->assertSame(count($this->fieldsList) + count($this->fieldsDetails) + 1, count((array) $item));
        } else {
            $this->assertSame(count($this->fieldsList) + 1, count((array) $item));
        }
    }

    /**
     * @param \stdClass $list
     */
    protected function checkIfListHaveRightStructure(\stdClass $list)
    {
        $this->assertSame(1, count($list));
        $this->assertObjectHasAttribute('page', $list);
        $this->assertObjectHasAttribute('pages', $list);
        $this->assertObjectHasAttribute('limit', $list);
        $this->assertObjectHasAttribute('total', $list);
        $this->assertObjectHasAttribute('_links', $list);
        $this->assertObjectHasAttribute('self', $list->_links);
        $this->assertObjectHasAttribute('first', $list->_links);
        $this->assertObjectHasAttribute('last', $list->_links);
        $this->assertObjectHasAttribute('_embedded', $list);
        $this->assertObjectHasAttribute('items', $list->_embedded);
    }

    /**
     * @param \stdClass $items
     * @param int       $expectedSize
     */
    protected function checkItemList(\stdClass $items, int $expectedSize)
    {
        $this->assertSame($expectedSize, count($items->_embedded->items));

        foreach ($items->_embedded->items as $adresse) {
            $this->checkIfItemHasTheRightFieldsNumber((array) $adresse);
            $this->checkIfItemHasFields((array) $adresse);
            $this->checkIfItemHasLinks((array) $adresse);
        }
    }

    /**
     * @param string $username
     * @param string $password
     *
     * @return string|bool
     */
    protected function authorize($username = 'admin', $password = 'admin')
    {
        $client = $client = static::createClient();
        $values = [
                'username' => $username,
                'password' => $password,
            ];
        $client->request(
            'POST',
            'api/login_check',
            [],
            [],
            ['CONTENT_TYPE' => 'application/json'],
            json_encode($values)
        );

        $data = json_decode($client->getResponse()->getContent(), true);

        if (isset($data['token'])) {
            return $data['token'];
        }

        return false;
    }
}


1			<?php
2
3			namespace QualityCode\ApiFeaturesBundle\Tests\Functionnal;
4
5			use Faker\Factory as FakerFactory;
6			use Symfony\Bundle\FrameworkBundle\Client;
7			use Symfony\Bundle\FrameworkBundle\Test\WebTestCase as BaseWebTestCase;
8
9			class WebTestCase extends BaseWebTestCase
10			{
11			protected $faker;
12
13			/**
14			* @var array
15			*/
16			protected $fieldsList;
17
18			/**
19			* @var array
20			*/
21			protected $fieldsDetails = [];
22
23			/**
24			* @var array
25			*/
26			protected $links = [
27			'self', 'create', 'update', 'patch', 'remove', 'list',
28			];
29
30			/**
31			* @var array
32			*/
33			protected $itemValues;
34
35			/**
36			* @var array
37			*/
38			protected $itemsBadValues;
39
40			/**
41			* @var string
42			*/
43			protected $route;
44
45			/**
46			* @var string
47			*/
48			protected $username = null;
49
50			/**
51			* @var string
52			*/
53			protected $password = null;
54
55	13		protected function setUp()
56			{
57	13		$this->faker = FakerFactory::create();
58	13		}
59
60			/**
61			* @param string $route
62			* @param int $expectedItems
63			*/
64	1	View Code Duplication	protected function checkGetAll(string $route, int $expectedItems)
			0 ignored issues – show Duplication introduced 2018-06-06 13:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
65			{
66	1		$client = $this->getClient();
67	1		$client->request('GET', $route);
68	1		$this->checkStatusCodeAndContentType($client, 200);
69
70	1		$items = json_decode($client->getResponse()->getContent());
71
72	1		$this->checkIfListHaveRightStructure($items);
73
74	1		$this->checkItemList($items, $expectedItems);
75	1		}
76
77			/**
78			* @param string $route
79			*/
80	1		protected function checkGetAnElement(string $route)
81			{
82	1		$client = $this->getClient();
83	1		$client->request('GET', $route);
84	1		$this->checkStatusCodeAndContentType($client, 200);
85	1		$item = json_decode($client->getResponse()->getContent());
86
87	1		$this->checkIfItemHasTheRightFieldsNumber((array) $item, true);
88	1		$this->checkIfItemHasFields((array) $item);
89	1		$this->checkIfItemHasLinks((array) $item);
90	1		}
91
92			/**
93			* @param string $route
94			*/
95	1	View Code Duplication	protected function checkGetAUnexistingElement(string $route)
			0 ignored issues – show Duplication introduced 2018-06-06 13:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
96			{
97	1		$client = $this->getClient();
98	1		$client->request('GET', $route);
99	1		$this->checkStatusCodeAndContentType($client, '404');
100	1		$adresse = json_decode($client->getResponse()->getContent());
101
102	1		$this->assertArrayHasKey('message', (array) $adresse);
103	1		$this->assertSame('Element not found', $adresse->message);
104	1		}
105
106			/**
107			* @param string $route
108			* @param string $method
109			*/
110	2		protected function checkUpdateOrPatchAUnexistingElement(string $route, string $method)
111			{
112	2		$client = $this->getClient();
113	2		$client->request(
114	2		$method, $route, [], [], ['CONTENT_TYPE' => 'application/json'], json_encode($this->itemValues)
115			);
116
117	2		$this->checkStatusCodeAndContentType($client, 404);
118	2		$item = json_decode($client->getResponse()->getContent());
119	2		$this->assertArrayHasKey('message', (array) $item);
120	2		$this->assertSame('Element not found', $item->message);
121	2		}
122
123			/**
124			* @param string $route
125			* @param bool $mustHaveErrors
126			* @param string $method
127			*/
128	6		protected function checkAddOrUpdateOrPatchAnElement(string $route, bool $mustHaveErrors = false, string $method = 'POST')
129			{
130	6		$values = $this->itemValues;
131	6		$statusCode = $method === 'POST' ? 201 : 200;
132	6		if ($mustHaveErrors) {
133	3		$values = $this->itemsBadValues;
134	3		$statusCode = 400;
135			}
136
137	6		$client = $this->getClient();
138	6		$client->request(
139	6		$method, $route, [], [], ['CONTENT_TYPE' => 'application/json'], json_encode($values)
140			);
141	6		$this->checkStatusCodeAndContentType($client, $statusCode);
142	6		$item = json_decode($client->getResponse()->getContent(), true);
143
144	6		if (!$mustHaveErrors) {
145	3		$this->checkIfItemHasTheRightFieldsNumber((array) $item, true);
146	3		$this->checkIfItemHasFields((array) $item);
147	3		$this->checkIfItemHasLinks((array) $item);
148	3		foreach ($values as $key => $value) {
149	3		$this->assertSame($value, $item[$key]);
150			}
151			} else {
152	3		$this->assertSame(3, count((array) $item));
153	3		$this->assertArrayHasKey('code', (array) $item);
154	3		$this->assertArrayHasKey('message', (array) $item);
155	3		$this->assertArrayHasKey('errors', (array) $item);
156			}
157	6		}
158
159			/**
160			* @param Client $client
161			* @param int $statusCode
162			*/
163	11		protected function checkStatusCodeAndContentType(Client $client, int $statusCode)
164			{
165	11		$this->assertSame($statusCode, $client->getResponse()->getStatusCode());
166	11		$this->assertTrue(
167	11		$client->getResponse()->headers->contains(
168	11		'Content-Type', 'application/json'
169	11		), 'the "Content-Type" header is "application/json"'
170			);
171	11		}
172
173			/**
174			* @param string $route
175			*/
176	2		protected function checkDeleteAnElement(string $route)
177			{
178	2		$client = $this->getClient();
179	2		$client->request('DELETE', $route);
180
181	2		$this->assertSame(204, $client->getResponse()->getStatusCode());
182	2		}
183
184			/**
185			* @param string $method
			0 ignored issues – show Bug introduced 2017-05-01 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$method`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
186			* @param string $route
			0 ignored issues – show Bug introduced 2017-05-01 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$route`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
187			*
188			* @return Client
189			*/
190	13		protected function getClient($withAuthentification = true)
191			{
192	13		$client = static::createClient();
193
194	13		if ($withAuthentification) {
195	13		$token = $this->username && $this->password ? $this->authorize($this->username, $this->password) : $this->authorize();
196	13		$client->setServerParameter('HTTP_Authorization', sprintf('Bearer %s', $token));
197			}
198
199	13		return $client;
200			}
201
202			/**
203			* @param array $item
204			*/
205	5		protected function checkIfItemHasFields(array $item)
206			{
207	5		foreach ($this->fieldsList as $fieldName) {
208	5		$this->assertArrayHasKey($fieldName, (array) $item);
209			}
210	5		}
211
212			/**
213			* @param array $item
214			*/
215	5		protected function checkIfItemHasLinks(array $item)
216			{
217	5		$this->assertArrayHasKey('_links', (array) $item);
218	5		foreach ($this->links as $fieldName) {
219	5		$this->assertArrayHasKey($fieldName, (array) $item['_links']);
220			}
221	5		}
222
223			/**
224			* @param array $item
225			*/
226	5		protected function checkIfItemHasTheRightFieldsNumber(array $item, $isDetails = false)
227			{
228	5		if ($isDetails) {
229	4		$this->assertSame(count($this->fieldsList) + count($this->fieldsDetails) + 1, count((array) $item));
230			} else {
231	1		$this->assertSame(count($this->fieldsList) + 1, count((array) $item));
232			}
233	5		}
234
235			/**
236			* @param \stdClass $list
237			*/
238	1		protected function checkIfListHaveRightStructure(\stdClass $list)
239			{
240	1		$this->assertSame(1, count($list));
241	1		$this->assertObjectHasAttribute('page', $list);
242	1		$this->assertObjectHasAttribute('pages', $list);
243	1		$this->assertObjectHasAttribute('limit', $list);
244	1		$this->assertObjectHasAttribute('total', $list);
245	1		$this->assertObjectHasAttribute('_links', $list);
246	1		$this->assertObjectHasAttribute('self', $list->_links);
247	1		$this->assertObjectHasAttribute('first', $list->_links);
248	1		$this->assertObjectHasAttribute('last', $list->_links);
249	1		$this->assertObjectHasAttribute('_embedded', $list);
250	1		$this->assertObjectHasAttribute('items', $list->_embedded);
251	1		}
252
253			/**
254			* @param \stdClass $items
255			* @param int $expectedSize
256			*/
257	1		protected function checkItemList(\stdClass $items, int $expectedSize)
258			{
259	1		$this->assertSame($expectedSize, count($items->_embedded->items));
260
261	1		foreach ($items->_embedded->items as $adresse) {
262	1		$this->checkIfItemHasTheRightFieldsNumber((array) $adresse);
263	1		$this->checkIfItemHasFields((array) $adresse);
264	1		$this->checkIfItemHasLinks((array) $adresse);
265			}
266	1		}
267
268			/**
269			* @param string $username
270			* @param string $password
271			*
272			* @return string\|bool
273			*/
274	13		protected function authorize($username = 'admin', $password = 'admin')
275			{
276	13		$client = $client = static::createClient();
277			$values = [
278	13		'username' => $username,
279	13		'password' => $password,
280			];
281	13		$client->request(
282	13		'POST',
283	13		'api/login_check',
284	13		[],
285	13		[],
286	13		['CONTENT_TYPE' => 'application/json'],
287			json_encode($values)
288			);
289
290	13		$data = json_decode($client->getResponse()->getContent(), true);
291
292	13		if (isset($data['token'])) {
293			return $data['token'];
294			}
295
296	13		return false;
297			}
298			}
299

QualityCodePhp / ApiFeaturesBundle

Issues (4)

Security Analysis not enabled

src/Tests/Functionnal/WebTestCase.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like