Issues in DispatchingPropertyAnnotator.php (master) - Issues in master - SemanticMediaWiki/SemanticExtraSpecialProperties - Measure and Improve Code Quality continuously with Scrutinizer

Issues (61)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

DispatchingPropertyAnnotator.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace SESP\PropertyAnnotators;

use SMW\DIProperty;
use SMW\DIWikiPage;
use SMW\SemanticData;
use SMWDataItem as DataItem;
use SESP\PropertyAnnotator;
use SESP\AppFactory;
use Closure;

/**
 * @private
 * @ingroup SESP
 *
 * @license GNU GPL v2+
 * @since 2.0
 *
 * @author mwjames
 */
class DispatchingPropertyAnnotator implements PropertyAnnotator {

	/**
	 * @var AppFactory
	 */
	private $appFactory;

	/**
	 * @var PropertyAnnotator[]
	 */
	private $propertyAnnotators = [];

	/**
	 * @var PropertyAnnotator
	 */
	private $localPropertyAnnotator;

	/**
	 * @since 2.0
	 *
	 * @param AppFactory $appFactory
	 */
	public function __construct( AppFactory $appFactory ) {
		$this->appFactory = $appFactory;
	}

	/**
	 * @since 2.0
	 *
	 * {@inheritDoc}
	 */
	public function isAnnotatorFor( DIProperty $property ) {
		return true;
	}

	/**
	 * @since 2.0
	 *
	 * @param string $key
	 * @param PropertyAnnotator $propertyAnnotator
	 */
	public function addPropertyAnnotator( $key, PropertyAnnotator $propertyAnnotator ) {
		$this->propertyAnnotators[$key] = $propertyAnnotator;
	}

	/**
	 * @since 2.0
	 *
	 * {@inheritDoc}
	 */
	public function addAnnotation( DIProperty $property, SemanticData $semanticData ) {
		$this->findPropertyAnnotator( $property )->addAnnotation( $property, $semanticData );
	}

	/**
	 * @since 2.0
	 *
	 * @param DIProperty $property
	 *
	 * @return PropertyAnnotator
	 */
	public function findPropertyAnnotator( DIProperty $property ) {

		$key = $property->getKey();

		if ( $this->propertyAnnotators === [] ) {
			$this->initDefaultPropertyAnnotators();
		}

		if ( isset( $this->propertyAnnotators[$key] ) && is_callable( $this->propertyAnnotators[$key] ) ) {
			return call_user_func( $this->propertyAnnotators[$key], $this->appFactory );
		} elseif( isset( $this->propertyAnnotators[$key] ) ) {
			return $this->propertyAnnotators[$key];
		}

		return new NullPropertyAnnotator();
	}

	private function initDefaultPropertyAnnotators() {

		// Encapsulate each instance to avoid direct instantiation for unused
		// matches
		$this->propertyAnnotators = [


			CreatorPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new CreatorPropertyAnnotator( $appFactory );
			},

			PageViewsPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new PageViewsPropertyAnnotator( $appFactory );
			},

			NamespacePropertyAnnotator::PROP_ID => function ( $appFactory ) {
				return new NamespacePropertyAnnotator( $appFactory );
			},

			ApprovedRevPropertyAnnotator::PROP_ID => function ( $appFactory ) {
				return new ApprovedRevPropertyAnnotator( $appFactory );
			},

			ApprovedByPropertyAnnotator::PROP_ID => function ( $appFactory ) {
				return new ApprovedByPropertyAnnotator( $appFactory );
			},

			ApprovedDatePropertyAnnotator::PROP_ID => function ( $appFactory ) {
				return new ApprovedDatePropertyAnnotator( $appFactory );
			},

			ApprovedStatusPropertyAnnotator::PROP_ID => function ( $appFactory ) {
				return new ApprovedStatusPropertyAnnotator( $appFactory );
			},

			UserRegistrationDatePropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new UserRegistrationDatePropertyAnnotator( $appFactory );
			},

			UserEditCountPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new UserEditCountPropertyAnnotator( $appFactory );
			},

			UserBlockPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new UserBlockPropertyAnnotator( $appFactory );
			},

			UserRightPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new UserRightPropertyAnnotator( $appFactory );
			},

			UserGroupPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new UserGroupPropertyAnnotator( $appFactory );
			},

			PageIDPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new PageIDPropertyAnnotator( $appFactory );
			},

			PageLengthPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new PageLengthPropertyAnnotator( $appFactory );
			},

			RevisionIDPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new RevisionIDPropertyAnnotator( $appFactory );
			},

			PageNumRevisionPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new PageNumRevisionPropertyAnnotator( $appFactory );
			},

			TalkPageNumRevisionPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new TalkPageNumRevisionPropertyAnnotator( $appFactory );
			},

			PageContributorsPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new PageContributorsPropertyAnnotator( $appFactory );
			},

			SubPagePropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new SubPagePropertyAnnotator( $appFactory );
			},

			ShortUrlPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new ShortUrlPropertyAnnotator( $appFactory );
			},

			ExifPropertyAnnotator::PROP_ID => function( $appFactory ) {
				return new ExifPropertyAnnotator( $appFactory );
			},

		];
	}

}


1		<?php
2
3		namespace SESP\PropertyAnnotators;
4
5		use SMW\DIProperty;
6		use SMW\DIWikiPage;
7		use SMW\SemanticData;
8		use SMWDataItem as DataItem;
9		use SESP\PropertyAnnotator;
10		use SESP\AppFactory;
11		use Closure;
12
13		/**
14		* @private
15		* @ingroup SESP
16		*
17		* @license GNU GPL v2+
18		* @since 2.0
19		*
20		* @author mwjames
21		*/
22		class DispatchingPropertyAnnotator implements PropertyAnnotator {
23
24		/**
25		* @var AppFactory
26		*/
27		private $appFactory;
28
29		/**
30		* @var PropertyAnnotator[]
31		*/
32		private $propertyAnnotators = [];
33
34		/**
35		* @var PropertyAnnotator
36		*/
37		private $localPropertyAnnotator;
38
39		/**
40		* @since 2.0
41		*
42		* @param AppFactory $appFactory
43		*/
44	20	public function __construct( AppFactory $appFactory ) {
45	20	$this->appFactory = $appFactory;
46	20	}
47
48		/**
49		* @since 2.0
50		*
51		* {@inheritDoc}
52		*/
53	1	public function isAnnotatorFor( DIProperty $property ) {
54	1	return true;
55		}
56
57		/**
58		* @since 2.0
59		*
60		* @param string $key
61		* @param PropertyAnnotator $propertyAnnotator
62		*/
63	1	public function addPropertyAnnotator( $key, PropertyAnnotator $propertyAnnotator ) {
64	1	$this->propertyAnnotators[$key] = $propertyAnnotator;
65	1	}
66
67		/**
68		* @since 2.0
69		*
70		* {@inheritDoc}
71		*/
72	1	public function addAnnotation( DIProperty $property, SemanticData $semanticData ) {
73	1	$this->findPropertyAnnotator( $property )->addAnnotation( $property, $semanticData );
74	1	}
75
76		/**
77		* @since 2.0
78		*
79		* @param DIProperty $property
80		*
81		* @return PropertyAnnotator
82		*/
83	18	public function findPropertyAnnotator( DIProperty $property ) {
84
85	18	$key = $property->getKey();
86
87	18	if ( $this->propertyAnnotators === [] ) {
88	17	$this->initDefaultPropertyAnnotators();
89	17	}
90
91	18	if ( isset( $this->propertyAnnotators[$key] ) && is_callable( $this->propertyAnnotators[$key] ) ) {
92	16	return call_user_func( $this->propertyAnnotators[$key], $this->appFactory );
93	2	} elseif( isset( $this->propertyAnnotators[$key] ) ) {
94	1	return $this->propertyAnnotators[$key];
95		}
96
97	1	return new NullPropertyAnnotator();
98		}
99
100	17	private function initDefaultPropertyAnnotators() {
101
102		// Encapsulate each instance to avoid direct instantiation for unused
103		// matches
104	17	$this->propertyAnnotators = [
		0 ignored issues – show Documentation Bug introduced 2020-10-30 19:22 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `array(\SESP\PropertyAnno...otator($appFactory); })` of type `array<string\|integer,object<Closure>>` is incompatible with the declared type `array<integer,object<SESP\PropertyAnnotator>>` of property `$propertyAnnotators`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
105
106		CreatorPropertyAnnotator::PROP_ID => function( $appFactory ) {
107	1	return new CreatorPropertyAnnotator( $appFactory );
108	17	},
109
110		PageViewsPropertyAnnotator::PROP_ID => function( $appFactory ) {
111	1	return new PageViewsPropertyAnnotator( $appFactory );
112	17	},
113
114		NamespacePropertyAnnotator::PROP_ID => function ( $appFactory ) {
115		return new NamespacePropertyAnnotator( $appFactory );
116	17	},
117
118		ApprovedRevPropertyAnnotator::PROP_ID => function ( $appFactory ) {
119		return new ApprovedRevPropertyAnnotator( $appFactory );
120	17	},
121
122		ApprovedByPropertyAnnotator::PROP_ID => function ( $appFactory ) {
123		return new ApprovedByPropertyAnnotator( $appFactory );
124	17	},
125
126		ApprovedDatePropertyAnnotator::PROP_ID => function ( $appFactory ) {
127		return new ApprovedDatePropertyAnnotator( $appFactory );
128	17	},
129
130		ApprovedStatusPropertyAnnotator::PROP_ID => function ( $appFactory ) {
131	1	return new ApprovedStatusPropertyAnnotator( $appFactory );
132	17	},
133
134		UserRegistrationDatePropertyAnnotator::PROP_ID => function( $appFactory ) {
135	1	return new UserRegistrationDatePropertyAnnotator( $appFactory );
136	17	},
137
138		UserEditCountPropertyAnnotator::PROP_ID => function( $appFactory ) {
139	1	return new UserEditCountPropertyAnnotator( $appFactory );
140	17	},
141
142		UserBlockPropertyAnnotator::PROP_ID => function( $appFactory ) {
143	1	return new UserBlockPropertyAnnotator( $appFactory );
144	17	},
145
146		UserRightPropertyAnnotator::PROP_ID => function( $appFactory ) {
147	1	return new UserRightPropertyAnnotator( $appFactory );
148	17	},
149
150		UserGroupPropertyAnnotator::PROP_ID => function( $appFactory ) {
151	1	return new UserGroupPropertyAnnotator( $appFactory );
152	17	},
153
154		PageIDPropertyAnnotator::PROP_ID => function( $appFactory ) {
155	1	return new PageIDPropertyAnnotator( $appFactory );
156	17	},
157
158		PageLengthPropertyAnnotator::PROP_ID => function( $appFactory ) {
159	1	return new PageLengthPropertyAnnotator( $appFactory );
160	17	},
161
162		RevisionIDPropertyAnnotator::PROP_ID => function( $appFactory ) {
163	1	return new RevisionIDPropertyAnnotator( $appFactory );
164	17	},
165
166		PageNumRevisionPropertyAnnotator::PROP_ID => function( $appFactory ) {
167	1	return new PageNumRevisionPropertyAnnotator( $appFactory );
168	17	},
169
170		TalkPageNumRevisionPropertyAnnotator::PROP_ID => function( $appFactory ) {
171	1	return new TalkPageNumRevisionPropertyAnnotator( $appFactory );
172	17	},
173
174		PageContributorsPropertyAnnotator::PROP_ID => function( $appFactory ) {
175	1	return new PageContributorsPropertyAnnotator( $appFactory );
176	17	},
177
178		SubPagePropertyAnnotator::PROP_ID => function( $appFactory ) {
179	1	return new SubPagePropertyAnnotator( $appFactory );
180	17	},
181
182	17	ShortUrlPropertyAnnotator::PROP_ID => function( $appFactory ) {
183	1	return new ShortUrlPropertyAnnotator( $appFactory );
184	17	},
185
186		ExifPropertyAnnotator::PROP_ID => function( $appFactory ) {
187	17	return new ExifPropertyAnnotator( $appFactory );
188		},
189
190		];
191		}
192
193		}
194

SemanticMediaWiki / SemanticExtraSpecialProperties

Issues (61)

Security Analysis no request data

DispatchingPropertyAnnotator.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like