Issues in VictoireWebTestCase.php (master) - Issues in master - Victoire/victoire - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1704)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Tests/Functional/VictoireWebTestCase.php (1 issue)

Labels

Compatibility 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Victoire\Tests\Functional;

use Doctrine\Common\Persistence\ManagerRegistry;
use Doctrine\Common\Persistence\ObjectManager;
use Doctrine\ORM\Tools\SchemaTool;
use Nelmio\Alice\Fixtures;
use Symfony\Bundle\FrameworkBundle\Client;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
use Symfony\Component\BrowserKit\Cookie;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;

/**
 * Class VictoireWebTestCase.
 *
 * This class can be used for functional tests
 * It provides :
 *  - a property to access the container
 *  - a property to access Doctrine ManagerRegistry
 *  - a property to access the Entity Manager
 *  - a method to login into Victoire
 *  - a method to reset database schema
 *  - a method to load seeds and other fixtures
 *  - a method to reset ViewReferences
 */
class VictoireWebTestCase extends WebTestCase
{
    const VICTOIRE_FIREWALL = 'main';

    /**
     * @var ContainerInterface
     */
    protected $container;

    /**
     * @var ManagerRegistry
     */
    protected $doctrine;

    /**
     * @var ObjectManager
     */
    protected $entityManager;

    /**
     * Start tests by set up Kernel, Doctrine and Entity Manager.
     */
    protected function setUp()
    {
        $this->setUpSymfonyKernel();
        $this->setUpDoctrine();
    }

    /**
     * Drop and create database schema.
     *
     * @throws \Doctrine\ORM\Tools\ToolsException
     */
    protected function resetSchema()
    {
        if ($metadata = $this->getMetadata()) {
            $schemaTool = new SchemaTool($this->entityManager);

            $schemaTool->dropSchema($metadata);
            $schemaTool->createSchema($metadata);
        }
    }

    /**
     * Victoire login.
     *
     * @param Client $client
     * @param array  $roles
     */
    protected function logIn(Client $client, array $roles)
    {
        $session = $client->getContainer()->get('session');

        $token = new UsernamePasswordToken('test', null, self::VICTOIRE_FIREWALL, $roles);
        $session->set('_security_'.self::VICTOIRE_FIREWALL, serialize($token));
        $session->save();

        $cookie = new Cookie($session->getName(), $session->getId());
        $client->getCookieJar()->set($cookie);
    }

    /**
     * Load seeds fixtures and given fixtures.
     *
     * @param array $fixtures
     */
    protected function loadFixtures(array $fixtures = [])
    {
        $fixtures = array_merge($fixtures, $this->getSeeds());
        $faker = new \Faker\Generator();
        Fixtures::load(
            $fixtures,
            $this->entityManager,
            [
                'providers' => [
                    $this,
                    new \Faker\Provider\Base($faker),
                ],
            ]
        );
        $this->resetViewsReference();
    }

    /**
     * Reset Victoire ViewReferences.
     */
    protected function resetViewsReference()
    {
        $viewsReferences = $this->container->get('victoire_core.view_helper')->buildViewsReferences();
        $this->container->get('victoire_view_reference.manager')->saveReferences($viewsReferences);
    }

    /**
     * Set up Symfony Kernel and provide container.
     */
    private function setUpSymfonyKernel()
    {
        static::$kernel = $this->createKernel();
        static::$kernel->boot();

        $this->container = static::$kernel->getContainer();
    }

    /**
     * Provide doctrine and entity manager.
     */
    private function setUpDoctrine()
    {
        $this->doctrine = $this->createDoctrineRegistry();
        $this->entityManager = $this->doctrine->getManager();
    }

    /**
     * Get seeds files for Users, Pages and Templates.
     *
     * @return array
     */
    private function getSeeds()
    {
        return [
            __DIR__.'/../App/src/Acme/AppBundle/DataFixtures/Seeds/ORM/User/user.yml',
            __DIR__.'/../App/src/Acme/AppBundle/DataFixtures/Seeds/ORM/View/template.yml',
            __DIR__.'/../App/src/Acme/AppBundle/DataFixtures/Seeds/ORM/View/page.yml',
        ];
    }

    /**
     * Returns all metadata by default.
     *
     * Override to only build selected metadata.
     * Return an empty array to prevent building the schema.
     *
     * @return array
     */
    private function getMetadata()
    {
        return $this->entityManager->getMetadataFactory()->getAllMetadata();
    }

    /**
     * Override to build doctrine registry yourself.
     *
     * By default a Symfony container is used to create it. It requires the SymfonyKernel trait.
     *
     * @return ManagerRegistry
     */
    private function createDoctrineRegistry()
    {
        if (isset(static::$kernel)) {
            return static::$kernel->getContainer()->get('doctrine');
        }

        throw new \RuntimeException(sprintf('Override %s to create a ManagerRegistry or use the SymfonyKernel trait.', __METHOD__));
    }
}


1			<?php
2
3			namespace Victoire\Tests\Functional;
4
5			use Doctrine\Common\Persistence\ManagerRegistry;
6			use Doctrine\Common\Persistence\ObjectManager;
7			use Doctrine\ORM\Tools\SchemaTool;
8			use Nelmio\Alice\Fixtures;
9			use Symfony\Bundle\FrameworkBundle\Client;
10			use Symfony\Bundle\FrameworkBundle\Test\WebTestCase;
11			use Symfony\Component\BrowserKit\Cookie;
12			use Symfony\Component\DependencyInjection\ContainerInterface;
13			use Symfony\Component\Security\Core\Authentication\Token\UsernamePasswordToken;
14
15			/**
16			* Class VictoireWebTestCase.
17			*
18			* This class can be used for functional tests
19			* It provides :
20			* - a property to access the container
21			* - a property to access Doctrine ManagerRegistry
22			* - a property to access the Entity Manager
23			* - a method to login into Victoire
24			* - a method to reset database schema
25			* - a method to load seeds and other fixtures
26			* - a method to reset ViewReferences
27			*/
28			class VictoireWebTestCase extends WebTestCase
29			{
30			const VICTOIRE_FIREWALL = 'main';
31
32			/**
33			* @var ContainerInterface
34			*/
35			protected $container;
36
37			/**
38			* @var ManagerRegistry
39			*/
40			protected $doctrine;
41
42			/**
43			* @var ObjectManager
44			*/
45			protected $entityManager;
46
47			/**
48			* Start tests by set up Kernel, Doctrine and Entity Manager.
49			*/
50			protected function setUp()
51			{
52			$this->setUpSymfonyKernel();
53			$this->setUpDoctrine();
54			}
55
56			/**
57			* Drop and create database schema.
58			*
59			* @throws \Doctrine\ORM\Tools\ToolsException
60			*/
61			protected function resetSchema()
62			{
63			if ($metadata = $this->getMetadata()) {
64			$schemaTool = new SchemaTool($this->entityManager);
			0 ignored issues – show Compatibility introduced 2017-03-15 17:28 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->entityManager` of type `object<Doctrine\Common\Persistence\ObjectManager>` is not a sub-type of `object<Doctrine\ORM\EntityManagerInterface>`. It seems like you assume a child interface of the interface `Doctrine\Common\Persistence\ObjectManager` to be always present. This check looks for parameters that are defined as one type in their type hint or doc comment but seem to be used as a narrower type, i.e an implementation of an interface or a subclass. Consider changing the type of the parameter or doing an instanceof check before assuming your parameter is of the expected type. Loading history...
65			$schemaTool->dropSchema($metadata);
66			$schemaTool->createSchema($metadata);
67			}
68			}
69
70			/**
71			* Victoire login.
72			*
73			* @param Client $client
74			* @param array $roles
75			*/
76			protected function logIn(Client $client, array $roles)
77			{
78			$session = $client->getContainer()->get('session');
79
80			$token = new UsernamePasswordToken('test', null, self::VICTOIRE_FIREWALL, $roles);
81			$session->set('_security_'.self::VICTOIRE_FIREWALL, serialize($token));
82			$session->save();
83
84			$cookie = new Cookie($session->getName(), $session->getId());
85			$client->getCookieJar()->set($cookie);
86			}
87
88			/**
89			* Load seeds fixtures and given fixtures.
90			*
91			* @param array $fixtures
92			*/
93			protected function loadFixtures(array $fixtures = [])
94			{
95			$fixtures = array_merge($fixtures, $this->getSeeds());
96			$faker = new \Faker\Generator();
97			Fixtures::load(
98			$fixtures,
99			$this->entityManager,
100			[
101			'providers' => [
102			$this,
103			new \Faker\Provider\Base($faker),
104			],
105			]
106			);
107			$this->resetViewsReference();
108			}
109
110			/**
111			* Reset Victoire ViewReferences.
112			*/
113			protected function resetViewsReference()
114			{
115			$viewsReferences = $this->container->get('victoire_core.view_helper')->buildViewsReferences();
116			$this->container->get('victoire_view_reference.manager')->saveReferences($viewsReferences);
117			}
118
119			/**
120			* Set up Symfony Kernel and provide container.
121			*/
122			private function setUpSymfonyKernel()
123			{
124			static::$kernel = $this->createKernel();
125			static::$kernel->boot();
126
127			$this->container = static::$kernel->getContainer();
128			}
129
130			/**
131			* Provide doctrine and entity manager.
132			*/
133			private function setUpDoctrine()
134			{
135			$this->doctrine = $this->createDoctrineRegistry();
136			$this->entityManager = $this->doctrine->getManager();
137			}
138
139			/**
140			* Get seeds files for Users, Pages and Templates.
141			*
142			* @return array
143			*/
144			private function getSeeds()
145			{
146			return [
147			__DIR__.'/../App/src/Acme/AppBundle/DataFixtures/Seeds/ORM/User/user.yml',
148			__DIR__.'/../App/src/Acme/AppBundle/DataFixtures/Seeds/ORM/View/template.yml',
149			__DIR__.'/../App/src/Acme/AppBundle/DataFixtures/Seeds/ORM/View/page.yml',
150			];
151			}
152
153			/**
154			* Returns all metadata by default.
155			*
156			* Override to only build selected metadata.
157			* Return an empty array to prevent building the schema.
158			*
159			* @return array
160			*/
161			private function getMetadata()
162			{
163			return $this->entityManager->getMetadataFactory()->getAllMetadata();
164			}
165
166			/**
167			* Override to build doctrine registry yourself.
168			*
169			* By default a Symfony container is used to create it. It requires the SymfonyKernel trait.
170			*
171			* @return ManagerRegistry
172			*/
173			private function createDoctrineRegistry()
174			{
175			if (isset(static::$kernel)) {
176			return static::$kernel->getContainer()->get('doctrine');
177			}
178
179			throw new \RuntimeException(sprintf('Override %s to create a ManagerRegistry or use the SymfonyKernel trait.', __METHOD__));
180			}
181			}
182

Victoire / victoire

Issues (1704)

Security Analysis not enabled

Tests/Functional/VictoireWebTestCase.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like