Issues in DatabaseService.php (1.0) - Issues in 1.0 - SebastianBerc/Repositories - Measure and Improve Code Quality continuously with Scrutinizer

Issues (12)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Services/DatabaseService.php (4 issues)

Labels

Bug 4

Severity

Major 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SebastianBerc\Repositories\Services;

use Illuminate\Contracts\Container\Container as Application;
use Illuminate\Database\Eloquent\Builder;
use Illuminate\Database\Eloquent\Collection;
use Illuminate\Database\Eloquent\Model as Eloquent;
use Illuminate\Pagination\LengthAwarePaginator;
use SebastianBerc\Repositories\Contracts\ServiceInterface;
use SebastianBerc\Repositories\Repository;
use SebastianBerc\Repositories\Traits\Filterable;
use SebastianBerc\Repositories\Traits\Sortable;

/**
 * Class DatabaseService.
 *
 * @author    Sebastian Berć <[email protected]>
 * @copyright Copyright (c) Sebastian Berć
 */
class DatabaseService implements ServiceInterface
{
    use Filterable, Sortable;

    /**
     * Contains Laravel Application instance.
     *
     * @var Application
     */
    protected $app;

    /**
     * Contains a repository instance.
     *
     * @var Repository
     */
    protected $repository;

    /**
     * Contains model instance for fetch, and simple fetch methods.
     *
     * @var mixed
     */
    protected $instance;

    /**
     * Create a new database service instance.
     *
     * @param Application $app
     * @param Repository  $repository
     */
    public function __construct(Application $app, Repository $repository)
    {
        $this->app        = $app;
        $this->repository = $repository;
    }

    /**
     * Get all of the models from the database.
     *
     * @param string[] $columns
     *
     * @return Collection
     */
    public function all(array $columns = ['*'])
    {
        return $this->repository->makeQuery()->get($columns);
    }

    /**
     * Create a new basic where query clause on model.
     *
     * @param string|array $column
     * @param string       $operator
     * @param mixed        $value
     * @param string       $boolean
     * @param string[]     $columns
     *
     * @return mixed
     */
    public function where($column, $operator = '=', $value = null, $boolean = 'and', array $columns = ['*'])
    {
        return $this->repository->makeQuery()->where($column, $operator, $value, $boolean, $columns)->get($columns);
    }

    /**
     * Paginate the given query.
     *
     * @param int      $perPage
     * @param string[] $columns
     *
     * @return \Illuminate\Contracts\Pagination\LengthAwarePaginator
     */
    public function paginate($perPage = 15, array $columns = ['*'])
    {
        return $this->repository->makeQuery()->paginate($perPage, $columns);
    }

    /**
     * Save a new model and return the instance.
     *
     * @param array $attributes
     *
     * @return Eloquent
     */
    public function create(array $attributes = [])
    {
        return $this->repository->makeModel()->create($attributes);
    }

    /**
     * Save or update the model in the database.
     *
     * @param mixed $identifier
     * @param array $attributes
     *
     * @return Eloquent
     */
    public function update($identifier, array $attributes = [])
    {
        $instance = $identifier instanceof Eloquent
            ? $identifier
            : $this->repository->makeQuery()->findOrFail($identifier);

        $instance->fill($attributes);
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}

        if ($instance->isDirty()) {
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
            $instance->save();
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
        }

        return $instance;
    }

    /**
     * Delete the model from the database.
     *
     * @param int $identifier
     *
     * @return bool|null
     */
    public function delete($identifier)
    {
        return $this->repository->makeQuery()
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
            ->findOrFail($identifier, [$this->repository->makeModel()->getKeyName()])
            ->delete();
    }

    /**
     * Find a model by its primary key.
     *
     * @param int      $identifier
     * @param string[] $columns
     *
     * @return Eloquent
     */
    public function find($identifier, array $columns = ['*'])
    {
        return $this->repository->makeQuery()->find($identifier, $columns);
    }

    /**
     * Find a model by its specified column and value.
     *
     * @param mixed    $column
     * @param mixed    $value
     * @param string[] $columns
     *
     * @return Eloquent
     */
    public function findBy($column, $value, array $columns = ['*'])
    {
        return $this->where([$column => $value], '=', null, 'and', $columns)->first();
    }

    /**
     * Find a model by its specified columns and values presented as array.
     *
     * @param array    $wheres
     * @param string[] $columns
     *
     * @return Eloquent
     */
    public function findWhere(array $wheres, array $columns = ['*'])
    {
        return $this->where($wheres, '=', null, 'and', $columns)->first();
    }

    /**
     * Returns total count of whole collection.
     *
     * @return int
     */
    public function count()
    {
        $countBy = "{$this->repository->makeModel()->getTable()}.{$this->repository->makeModel()->getKeyName()}";

        return $this->repository->makeQuery()->count($countBy);
    }

    /**
     * Fetch collection ordered and filtrated by specified columns for specified page as paginator.
     *
     * @param int   $page
     * @param int   $perPage
     * @param array $filter
     * @param array $sort
     * @param array $columns
     *
     * @return LengthAwarePaginator
     */
    public function fetch($page = 1, $perPage = 15, array $columns = ['*'], array $filter = [], array $sort = [])
    {
        $this->instance = $this->repository->makeQuery();

        $this->multiFilterBy($filter)->multiSortBy($sort);

        $this->parseAliases($this->instance);

        $count = $this->instance->count();
        $items = $this->instance->forPage($page, $perPage)->get($columns);

        $options = [
            'path'  => $this->app->make('request')->url(),
            'query' => compact('page', 'perPage'),
        ];

        return new LengthAwarePaginator($items, $count, $perPage, $page, $options);
    }

    /**
     * Fetch collection ordered and filtrated by specified columns for specified page.
     *
     * @param int   $page
     * @param int   $perPage
     * @param array $columns
     * @param array $filter
     * @param array $sort
     *
     * @return Collection
     */
    public function simpleFetch($page = 1, $perPage = 15, array $columns = ['*'], array $filter = [], array $sort = [])
    {
        $this->instance = $this->repository->makeQuery();

        $this->multiFilterBy($filter)->multiSortBy($sort)->parseAliases($this->instance);

        return $this->instance->forPage($page, $perPage)->get($columns);
    }

    /**
     * Replace alias name in where closure with sub-queries from select.
     *
     * Example:
     *
     * SELECT table.*, (SELECT 1 FROM other_table ot WHERE ot.id = table.id) AS exists
     * WHERE exists = 1;
     *
     * Will be converted to:
     *
     * SELECT table.*, (SELECT 1 FROM other_table ot WHERE ot.id = table.id) AS exists
     * WHERE (SELECT 1 FROM other_table ot WHERE ot.id = table.id) = 1;
     *
     * @param Builder $query
     *
     * @return Builder
     */
    protected function parseAliases(Builder $query)
    {
        $aliases = [];

        if (!empty($query->getQuery()->columns)) {
            $aliases = $this->getAliases($query);
        }

        if (!empty($aliases) && !empty($query->getQuery()->wheres)) {
            $this->replaceAliases($query, $aliases);
        }

        return $query;
    }

    /**
     * Get sub queries and aliases from select statement.
     *
     * @param Builder $query
     *
     * @return array
     */
    protected function getAliases(Builder $query)
    {
        $aliases = [];

        foreach ($query->getQuery()->columns as $column) {
            if (preg_match("~AS (\w+)~i", $column, $matches)) {
                $aliases[$query->getModel()->getTable() . '.' . $matches[1]]
                    = \DB::raw(str_replace($matches[0], '', $column));
            }
        }

        return $aliases;
    }

    /**
     * Replace aliases in where statement with sub queries.
     *
     * @param Builder $query
     * @param array   $aliases
     *
     * @return void
     */
    protected function replaceAliases(Builder $query, $aliases)
    {
        foreach ($query->getQuery()->wheres as $key => $value) {
            if (in_array($value['column'], array_keys($aliases))) {
                $query->getQuery()->wheres[$key]['column'] = $aliases[$value['column']];
            }
        }
    }
}


GitHub Access Token became invalid

Issues (12)

Security Analysis not enabled

src/Services/DatabaseService.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

1		<?php
2
3		namespace SebastianBerc\Repositories\Services;
4
5		use Illuminate\Contracts\Container\Container as Application;
6		use Illuminate\Database\Eloquent\Builder;
7		use Illuminate\Database\Eloquent\Collection;
8		use Illuminate\Database\Eloquent\Model as Eloquent;
9		use Illuminate\Pagination\LengthAwarePaginator;
10		use SebastianBerc\Repositories\Contracts\ServiceInterface;
11		use SebastianBerc\Repositories\Repository;
12		use SebastianBerc\Repositories\Traits\Filterable;
13		use SebastianBerc\Repositories\Traits\Sortable;
14
15		/**
16		* Class DatabaseService.
17		*
18		* @author Sebastian Berć <[email protected]>
19		* @copyright Copyright (c) Sebastian Berć
20		*/
21		class DatabaseService implements ServiceInterface
22		{
23		use Filterable, Sortable;
24
25		/**
26		* Contains Laravel Application instance.
27		*
28		* @var Application
29		*/
30		protected $app;
31
32		/**
33		* Contains a repository instance.
34		*
35		* @var Repository
36		*/
37		protected $repository;
38
39		/**
40		* Contains model instance for fetch, and simple fetch methods.
41		*
42		* @var mixed
43		*/
44		protected $instance;
45
46		/**
47		* Create a new database service instance.
48		*
49		* @param Application $app
50		* @param Repository $repository
51		*/
52	120	public function __construct(Application $app, Repository $repository)
53		{
54	120	$this->app = $app;
55	120	$this->repository = $repository;
56	120	}
57
58		/**
59		* Get all of the models from the database.
60		*
61		* @param string[] $columns
62		*
63		* @return Collection
64		*/
65	12	public function all(array $columns = ['*'])
66		{
67	12	return $this->repository->makeQuery()->get($columns);
68		}
69
70		/**
71		* Create a new basic where query clause on model.
72		*
73		* @param string\|array $column
74		* @param string $operator
75		* @param mixed $value
76		* @param string $boolean
77		* @param string[] $columns
78		*
79		* @return mixed
80		*/
81	20	public function where($column, $operator = '=', $value = null, $boolean = 'and', array $columns = ['*'])
82		{
83	20	return $this->repository->makeQuery()->where($column, $operator, $value, $boolean, $columns)->get($columns);
84		}
85
86		/**
87		* Paginate the given query.
88		*
89		* @param int $perPage
90		* @param string[] $columns
91		*
92		* @return \Illuminate\Contracts\Pagination\LengthAwarePaginator
93		*/
94	8	public function paginate($perPage = 15, array $columns = ['*'])
95		{
96	8	return $this->repository->makeQuery()->paginate($perPage, $columns);
97		}
98
99		/**
100		* Save a new model and return the instance.
101		*
102		* @param array $attributes
103		*
104		* @return Eloquent
105		*/
106	6	public function create(array $attributes = [])
107		{
108	6	return $this->repository->makeModel()->create($attributes);
109		}
110
111		/**
112		* Save or update the model in the database.
113		*
114		* @param mixed $identifier
115		* @param array $attributes
116		*
117		* @return Eloquent
118		*/
119	6	public function update($identifier, array $attributes = [])
120		{
121		$instance = $identifier instanceof Eloquent
122	6	? $identifier
123	6	: $this->repository->makeQuery()->findOrFail($identifier);
124
125	6	$instance->fill($attributes);
		0 ignored issues – show Bug introduced 2015-11-25 16:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `fill` does only exist in `Illuminate\Database\Eloquent\Model`, but not in `Illuminate\Database\Eloq...ase\Eloquent\Collection`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
126
127	6	if ($instance->isDirty()) {
		0 ignored issues – show Bug introduced 2015-11-25 16:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `isDirty` does only exist in `Illuminate\Database\Eloquent\Model`, but not in `Illuminate\Database\Eloq...ase\Eloquent\Collection`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
128	6	$instance->save();
		0 ignored issues – show Bug introduced 2015-11-25 16:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `save` does only exist in `Illuminate\Database\Eloquent\Model`, but not in `Illuminate\Database\Eloq...ase\Eloquent\Collection`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
129	6	}
130
131	6	return $instance;
132		}
133
134		/**
135		* Delete the model from the database.
136		*
137		* @param int $identifier
138		*
139		* @return bool\|null
140		*/
141	6	public function delete($identifier)
142		{
143	6	return $this->repository->makeQuery()
		0 ignored issues – show Bug introduced 2015-11-25 22:26 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `delete` does only exist in `Illuminate\Database\Eloq...Database\Eloquent\Model`, but not in `Illuminate\Database\Eloquent\Collection`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
144	6	->findOrFail($identifier, [$this->repository->makeModel()->getKeyName()])
145	6	->delete();
146		}
147
148		/**
149		* Find a model by its primary key.
150		*
151		* @param int $identifier
152		* @param string[] $columns
153		*
154		* @return Eloquent
155		*/
156	28	public function find($identifier, array $columns = ['*'])
157		{
158	28	return $this->repository->makeQuery()->find($identifier, $columns);
159		}
160
161		/**
162		* Find a model by its specified column and value.
163		*
164		* @param mixed $column
165		* @param mixed $value
166		* @param string[] $columns
167		*
168		* @return Eloquent
169		*/
170	8	public function findBy($column, $value, array $columns = ['*'])
171		{
172	8	return $this->where([$column => $value], '=', null, 'and', $columns)->first();
173		}
174
175		/**
176		* Find a model by its specified columns and values presented as array.
177		*
178		* @param array $wheres
179		* @param string[] $columns
180		*
181		* @return Eloquent
182		*/
183	8	public function findWhere(array $wheres, array $columns = ['*'])
184		{
185	8	return $this->where($wheres, '=', null, 'and', $columns)->first();
186		}
187
188		/**
189		* Returns total count of whole collection.
190		*
191		* @return int
192		*/
193	4	public function count()
194		{
195	4	$countBy = "{$this->repository->makeModel()->getTable()}.{$this->repository->makeModel()->getKeyName()}";
196
197	4	return $this->repository->makeQuery()->count($countBy);
198		}
199
200		/**
201		* Fetch collection ordered and filtrated by specified columns for specified page as paginator.
202		*
203		* @param int $page
204		* @param int $perPage
205		* @param array $filter
206		* @param array $sort
207		* @param array $columns
208		*
209		* @return LengthAwarePaginator
210		*/
211	12	public function fetch($page = 1, $perPage = 15, array $columns = ['*'], array $filter = [], array $sort = [])
212		{
213	12	$this->instance = $this->repository->makeQuery();
214
215	12	$this->multiFilterBy($filter)->multiSortBy($sort);
216
217	12	$this->parseAliases($this->instance);
218
219	12	$count = $this->instance->count();
220	12	$items = $this->instance->forPage($page, $perPage)->get($columns);
221
222		$options = [
223	12	'path' => $this->app->make('request')->url(),
224	12	'query' => compact('page', 'perPage'),
225	12	];
226
227	12	return new LengthAwarePaginator($items, $count, $perPage, $page, $options);
228		}
229
230		/**
231		* Fetch collection ordered and filtrated by specified columns for specified page.
232		*
233		* @param int $page
234		* @param int $perPage
235		* @param array $columns
236		* @param array $filter
237		* @param array $sort
238		*
239		* @return Collection
240		*/
241	4	public function simpleFetch($page = 1, $perPage = 15, array $columns = ['*'], array $filter = [], array $sort = [])
242		{
243	4	$this->instance = $this->repository->makeQuery();
244
245	4	$this->multiFilterBy($filter)->multiSortBy($sort)->parseAliases($this->instance);
246
247	4	return $this->instance->forPage($page, $perPage)->get($columns);
248		}
249
250		/**
251		* Replace alias name in where closure with sub-queries from select.
252		*
253		* Example:
254		*
255		* SELECT table.*, (SELECT 1 FROM other_table ot WHERE ot.id = table.id) AS exists
256		* WHERE exists = 1;
257		*
258		* Will be converted to:
259		*
260		* SELECT table.*, (SELECT 1 FROM other_table ot WHERE ot.id = table.id) AS exists
261		* WHERE (SELECT 1 FROM other_table ot WHERE ot.id = table.id) = 1;
262		*
263		* @param Builder $query
264		*
265		* @return Builder
266		*/
267	16	protected function parseAliases(Builder $query)
268		{
269	16	$aliases = [];
270
271	16	if (!empty($query->getQuery()->columns)) {
272	2	$aliases = $this->getAliases($query);
273	2	}
274
275	16	if (!empty($aliases) && !empty($query->getQuery()->wheres)) {
276		$this->replaceAliases($query, $aliases);
277		}
278
279	16	return $query;
280		}
281
282		/**
283		* Get sub queries and aliases from select statement.
284		*
285		* @param Builder $query
286		*
287		* @return array
288		*/
289	2	protected function getAliases(Builder $query)
290		{
291	2	$aliases = [];
292
293	2	foreach ($query->getQuery()->columns as $column) {
294	2	if (preg_match("~AS (\w+)~i", $column, $matches)) {
295		$aliases[$query->getModel()->getTable() . '.' . $matches[1]]
296		= \DB::raw(str_replace($matches[0], '', $column));
297		}
298	2	}
299
300	2	return $aliases;
301		}
302
303		/**
304		* Replace aliases in where statement with sub queries.
305		*
306		* @param Builder $query
307		* @param array $aliases
308		*
309		* @return void
310		*/
311		protected function replaceAliases(Builder $query, $aliases)
312		{
313		foreach ($query->getQuery()->wheres as $key => $value) {
314		if (in_array($value['column'], array_keys($aliases))) {
315		$query->getQuery()->wheres[$key]['column'] = $aliases[$value['column']];
316		}
317		}
318		}
319		}
320

SebastianBerc / Repositories

GitHub Access Token became invalid

Issues (12)

Security Analysis not enabled

src/Services/DatabaseService.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Available Fixes

Available Fixes

Available Fixes

Duplication Side-by-Side

Filter issues like