Issues in Message.php (master) - Issues in master - RickyNRoses87/almendra-psr7 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (42)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Psr/Messages/Message.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Almendra\Http\Psr\Messages;

use Psr\Http\Message\MessageInterface;
use Psr\Http\Message\StreamInterface;

class Message implements MessageInterface
{
    protected $_protocolVersion = '1.1';

    protected $_headers = [];

    protected $_body;

    /**
     * @var array The headers which are accepted.
     */
    protected $_validHeaders = [
        'Content-Type',
        'Connection',
        'Accept',
        'Accept-Encoding',
        'Accept-Language',
        'Cache-Control',
        'Cookie',
        'Host',
        'User-Agent',
        'Remote Address',
        // ...
        ];

    /**
     * @var array Valid/Supported HTTP Protocol versions .
     */
    protected $_validVersions = [
        '1.0',
        '1.1',
        '2.0',
        ];


    public function __construct(StreamInterface $stream = null)
    {
        if (isset($stream) && null !== $stream) {
            $this -> _body = $stream;
        } else {
            // bad practice: to be remove
            $this -> _body = new \Almendra\Http\Psr\Messages\Stream;

        }
    }
    
    /**
     * Returns the message's protocol version.
     *
     * @return string
     */
    public function getProtocolVersion()
    {
        return $this -> _protocolVersion;
    }

    /**
     * Returns an instance of the message with the specified protocol version.
     *
     * @param string $version 		The protocol version.
     * @return \Almendra\Http\Psr\Messages\Message
     * @throws InvalidArgumentException
     */
    public function withProtocolVersion($version)
    {
        if (!in_array($version, $this -> _validVersions)) {
            throw new \InvalidArgumentException("Invalid or unsupported HTTP version.");
        }

        $this -> _protocolVersion = $version;

        return $this;
    }

    /**
     * Returns the headers.
     *
     * @return array 				An associative array of string values.
     */
    public function getHeaders()
    {
        return $this -> _headers;
    }

    /**
     * Check if a header exists.
     *
     * @param string $name 		The name of the header.
     * @return boolean
     */
    public function hasHeader($name)
    {
        if (!$this -> isArrayKeyLowercase($name, $this -> _headers)) {
            return false;
        }

        return true;
    }

    /**
     * Checks if a key name exists in a given array using a case-insensitive string comparision.
     *
     * @param string $name         The key name
     * @param array $values         The array of values
     * @return boolean
     */
    protected function isArrayKeyLowercase($name, array $values)
    {
        $name = strtolower($name);
        foreach ($values as $key => $value) {
            $lowerCaseName = strtolower($key);
            if ($lowerCaseName === $name) {
                return isset($values[$lowerCaseName]);
            }
        }

        return false;
    }

    /**
     * Returns a header.
     *
     * @param string $name 		The header's name.
     * @return array
     */
    public function getHeader($name)
    {
        $name = strtolower($name);
        if ($this -> hasHeader($name)) {
            return is_array($this -> _headers[$name]) ?
                $this -> _headers[$name] :
                [$this -> _headers[$name]];
        }

        return [];
    }

    /**
     * Returns a comma-separated header.
     *
     * @param string $name 		The header's name.
     * @return string
     */
    public function getHeaderLine($name)
    {
        if (!$this -> hasHeader($name)) {
            return '';
        }

        if (!is_array($header = $this -> getHeader($name))) {
            return $header;
        }

        $header = implode(', ', $this -> getHeader($name));

        return $header;
    }

    /**
     * Returns a message instance with the specified header
     * Replaces the header if it exists.
     *
     * @param string $name 		The header's name
     * @param string $value 	The header's value
     * @return \Almendra\Http\Psr\Messages\Message
     */
    public function withHeader($name, $value)
    {
        if (!$this -> isHeaderValid($name)) {
            throw new \InvalidArgumentException("Invalid header name provided.");
        }

        $clone = clone $this;
        $clone -> setHeader($name, $value); // replace if exists

        return $clone;
    }

    /**
     * Returns a message instance with the an added header.
     * Does not replace the it if it exists already.
     *
     * @param string $name 		The header's name
     * @param string $value 	The header's value
     * @return \Almendra\Http\Psr\Messages\Message
     */
    public function withAddedHeader($name, $value)
    {
        if (!$this -> isHeaderValid($name)) {
            throw new \InvalidArgumentException("Invalid header name provided.");
        }

        // append only
        $clone = clone $this;
        $clone -> hasHeader($name) ?
            $clone -> setHeader($name, $value) :
            $clone -> addHeader($name, $value);

        return $clone;
    }

    /**
     * Checks whather a header is valid.
     *
     * @param string $name 		The header's name
     * @return boolean			true if supported
     */
    public function isHeaderValid($name)
    {
        if (!is_string($name)) {
            return false;
        }

        $name = strtolower($name);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        

        return true;
    }

    /**
     * Sets a header, by name.
     *
     * @param string $name 		The header's name
     * @param string $name 		The header's value
     * @return void
     * @throws \InvalidArgumentException	!
     */
    public function setHeader($name, $value)
    {
        if (!$this -> isHeaderValid($name)) {
            throw new \InvalidArgumentException("Invalid header name provided.");
        }

        if (!is_array($value)) {
            $value = [$value];
        }
        
        $this -> _headers[strtolower($name)] = $value;
    }

    /**
     * Adds a header. Does not replace the value if it already exists.
     *
     * @param string $name         The header's name
    * @param mixed $value         The header's value
     * @return void
     */
    public function addHeader($name, $value)
    {
        if (!is_array($value)) {
            $value = [$value];
        }

        $header = $this -> getHeader($name);
        $this -> setHeader($name, array_merge($header, $value));
    }

    /**
     * Returns an instance of the message without the specified header.
     *
     * @param string $name 		The header's name
     * @return \Almendra\Http\Psr\Messages\Message
     */
    public function withoutHeader($name)
    {
        $clone = clone $this;
        if ($clone -> hasHeader($name)) {
            $clone -> unsetHeader($name);
        }

        return $clone;
    }

    /**
     * Unsets a header.
     *
     * @param string $name 		The header's name.
     * @return void
     */
    public function unsetHeader($name)
    {
        unset($this -> _headers[$name]);
    }

    /**
     * Returns the message's body.
     *
     * @return Psr\Http\Message\StreamInterface
     */
    public function getBody()
    {
        return $this -> _body;
    }

    /**
     * Returns an instance of the message with the specified body.
     *
     * @param \Psr\Http\Message\StreamInterface $body 		The body to be added
     * @return \Almendra\Http\Psr\Messages\Message
     * @throws \InvalidArgumentException
     */
    public function withBody(StreamInterface $body)
    {
        $clone = clone $this;
        $clone -> _body = $body;

        return $clone;
    }
}


1			<?php
2
3			namespace Almendra\Http\Psr\Messages;
4
5			use Psr\Http\Message\MessageInterface;
6			use Psr\Http\Message\StreamInterface;
7
8			class Message implements MessageInterface
9			{
10			protected $_protocolVersion = '1.1';
11
12			protected $_headers = [];
13
14			protected $_body;
15
16			/**
17			* @var array The headers which are accepted.
18			*/
19			protected $_validHeaders = [
20			'Content-Type',
21			'Connection',
22			'Accept',
23			'Accept-Encoding',
24			'Accept-Language',
25			'Cache-Control',
26			'Cookie',
27			'Host',
28			'User-Agent',
29			'Remote Address',
30			// ...
31			];
32
33			/**
34			* @var array Valid/Supported HTTP Protocol versions .
35			*/
36			protected $_validVersions = [
37			'1.0',
38			'1.1',
39			'2.0',
40			];
41
42
43			public function __construct(StreamInterface $stream = null)
44			{
45			if (isset($stream) && null !== $stream) {
46			$this -> _body = $stream;
47			} else {
48			// bad practice: to be remove
49			$this -> _body = new \Almendra\Http\Psr\Messages\Stream;
			0 ignored issues – show Bug introduced 2016-10-15 03:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `Stream::__construct()` misses a required argument `$stream`. This check looks for function calls that miss required arguments. Loading history...
50			}
51			}
52
53			/**
54			* Returns the message's protocol version.
55			*
56			* @return string
57			*/
58			public function getProtocolVersion()
59			{
60			return $this -> _protocolVersion;
61			}
62
63			/**
64			* Returns an instance of the message with the specified protocol version.
65			*
66			* @param string $version The protocol version.
67			* @return \Almendra\Http\Psr\Messages\Message
68			* @throws InvalidArgumentException
69			*/
70			public function withProtocolVersion($version)
71			{
72			if (!in_array($version, $this -> _validVersions)) {
73			throw new \InvalidArgumentException("Invalid or unsupported HTTP version.");
74			}
75
76			$this -> _protocolVersion = $version;
77
78			return $this;
79			}
80
81			/**
82			* Returns the headers.
83			*
84			* @return array An associative array of string values.
85			*/
86			public function getHeaders()
87			{
88			return $this -> _headers;
89			}
90
91			/**
92			* Check if a header exists.
93			*
94			* @param string $name The name of the header.
95			* @return boolean
96			*/
97			public function hasHeader($name)
98			{
99			if (!$this -> isArrayKeyLowercase($name, $this -> _headers)) {
100			return false;
101			}
102
103			return true;
104			}
105
106			/**
107			* Checks if a key name exists in a given array using a case-insensitive string comparision.
108			*
109			* @param string $name The key name
110			* @param array $values The array of values
111			* @return boolean
112			*/
113			protected function isArrayKeyLowercase($name, array $values)
114			{
115			$name = strtolower($name);
116			foreach ($values as $key => $value) {
117			$lowerCaseName = strtolower($key);
118			if ($lowerCaseName === $name) {
119			return isset($values[$lowerCaseName]);
120			}
121			}
122
123			return false;
124			}
125
126			/**
127			* Returns a header.
128			*
129			* @param string $name The header's name.
130			* @return array
131			*/
132			public function getHeader($name)
133			{
134			$name = strtolower($name);
135			if ($this -> hasHeader($name)) {
136			return is_array($this -> _headers[$name]) ?
137			$this -> _headers[$name] :
138			[$this -> _headers[$name]];
139			}
140
141			return [];
142			}
143
144			/**
145			* Returns a comma-separated header.
146			*
147			* @param string $name The header's name.
148			* @return string
149			*/
150			public function getHeaderLine($name)
151			{
152			if (!$this -> hasHeader($name)) {
153			return '';
154			}
155
156			if (!is_array($header = $this -> getHeader($name))) {
157			return $header;
158			}
159
160			$header = implode(', ', $this -> getHeader($name));
161
162			return $header;
163			}
164
165			/**
166			* Returns a message instance with the specified header
167			* Replaces the header if it exists.
168			*
169			* @param string $name The header's name
170			* @param string $value The header's value
171			* @return \Almendra\Http\Psr\Messages\Message
172			*/
173			public function withHeader($name, $value)
174			{
175			if (!$this -> isHeaderValid($name)) {
176			throw new \InvalidArgumentException("Invalid header name provided.");
177			}
178
179			$clone = clone $this;
180			$clone -> setHeader($name, $value); // replace if exists
181
182			return $clone;
183			}
184
185			/**
186			* Returns a message instance with the an added header.
187			* Does not replace the it if it exists already.
188			*
189			* @param string $name The header's name
190			* @param string $value The header's value
191			* @return \Almendra\Http\Psr\Messages\Message
192			*/
193			public function withAddedHeader($name, $value)
194			{
195			if (!$this -> isHeaderValid($name)) {
196			throw new \InvalidArgumentException("Invalid header name provided.");
197			}
198
199			// append only
200			$clone = clone $this;
201			$clone -> hasHeader($name) ?
202			$clone -> setHeader($name, $value) :
203			$clone -> addHeader($name, $value);
204
205			return $clone;
206			}
207
208			/**
209			* Checks whather a header is valid.
210			*
211			* @param string $name The header's name
212			* @return boolean true if supported
213			*/
214			public function isHeaderValid($name)
215			{
216			if (!is_string($name)) {
217			return false;
218			}
219
220			$name = strtolower($name);
			0 ignored issues – show Unused Code introduced 2016-10-12 02:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$name` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
221
222
223			return true;
224			}
225
226			/**
227			* Sets a header, by name.
228			*
229			* @param string $name The header's name
230			* @param string $name The header's value
231			* @return void
232			* @throws \InvalidArgumentException !
233			*/
234			public function setHeader($name, $value)
235			{
236			if (!$this -> isHeaderValid($name)) {
237			throw new \InvalidArgumentException("Invalid header name provided.");
238			}
239
240			if (!is_array($value)) {
241			$value = [$value];
242			}
243
244			$this -> _headers[strtolower($name)] = $value;
245			}
246
247			/**
248			* Adds a header. Does not replace the value if it already exists.
249			*
250			* @param string $name The header's name
251			* @param mixed $value The header's value
252			* @return void
253			*/
254			public function addHeader($name, $value)
255			{
256			if (!is_array($value)) {
257			$value = [$value];
258			}
259
260			$header = $this -> getHeader($name);
261			$this -> setHeader($name, array_merge($header, $value));
262			}
263
264			/**
265			* Returns an instance of the message without the specified header.
266			*
267			* @param string $name The header's name
268			* @return \Almendra\Http\Psr\Messages\Message
269			*/
270			public function withoutHeader($name)
271			{
272			$clone = clone $this;
273			if ($clone -> hasHeader($name)) {
274			$clone -> unsetHeader($name);
275			}
276
277			return $clone;
278			}
279
280			/**
281			* Unsets a header.
282			*
283			* @param string $name The header's name.
284			* @return void
285			*/
286			public function unsetHeader($name)
287			{
288			unset($this -> _headers[$name]);
289			}
290
291			/**
292			* Returns the message's body.
293			*
294			* @return Psr\Http\Message\StreamInterface
295			*/
296			public function getBody()
297			{
298			return $this -> _body;
299			}
300
301			/**
302			* Returns an instance of the message with the specified body.
303			*
304			* @param \Psr\Http\Message\StreamInterface $body The body to be added
305			* @return \Almendra\Http\Psr\Messages\Message
306			* @throws \InvalidArgumentException
307			*/
308			public function withBody(StreamInterface $body)
309			{
310			$clone = clone $this;
311			$clone -> _body = $body;
312
313			return $clone;
314			}
315			}
316

RickyNRoses87 / almendra-psr7

Issues (42)

Security Analysis not enabled

src/Psr/Messages/Message.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like