Issues in Base.php (developer) - Issues in developer - YetiForceCompany/YetiForceCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3882)

Security Analysis 39 potential vulnerabilities

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

Response Splitting (9)

Response Splitting can be used to send arbitrary responses.

File Manipulation (2)

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

File Exposure (7)

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Code Injection (13)

Code Injection enables an attacker to execute arbitrary code on the server.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Cross-Site Scripting (8)

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

Header Injection

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

app/Base.php (1 issue)

Labels

Severity

Major 1

<?php
/**
 * Base file.
 *
 * @package App
 *
 * @copyright YetiForce S.A.
 * @license   YetiForce Public License 6.5 (licenses/LicenseEN.txt or yetiforce.com)
 * @author    Mariusz Krzaczkowski <[email protected]>
 */

namespace App;

/**
 * Base class.
 */
class Base
{
	/** @var array Values */
	protected $value;

	/**
	 * Constructor.
	 *
	 * @param array $values
	 */
	public function __construct($values = [])
	{
		$this->value = $values;
	}

	/**
	 * Function to get the value if its safe to use for SQL Query (column).
	 *
	 * @param string $key
	 * @param bool   $skipEmtpy Skip the check if string is empty
	 *
	 * @return mixed Value for the given key
	 */
	public function getForSql($key, $skipEmtpy = true)
	{
		return Purifier::purifySql($this->get($key), $skipEmtpy);
	}

	/**
	 * Function to get the value for a given key.
	 *
	 * @param string $key
	 *
	 * @return mixed Value for the given key
	 */
	public function get($key)
	{
		return $this->value[$key] ?? null;
	}

	/**
	 * Function to get the html encoded value for a given key.
	 *
	 * @param string $key
	 *
	 * @return mixed
	 */
	public function getForHtml($key)
	{
		return Purifier::encodeHtml($this->get($key));
	}

	/**
	 * Function to get the array values for a given key.
	 *
	 * @param string $key
	 * @param array  $value
	 *
	 * @return array
	 */
	public function getArray($key, $value = [])
	{
		if (!isset($this->value[$key])) {
			return $value;
		}
		if (\is_string($this->value[$key]) && (0 === strpos($this->value[$key], '[') || 0 === strpos($this->value[$key], '{'))) {
			$value = Json::decode($this->value[$key]);
		} else {
			$value = (array) $this->value[$key];
		}
		return $value;

	}

	/**
	 * Function to set the value for a given key.
	 *
	 * @param string $key
	 * @param mixed  $value
	 *
	 * @return $this
	 */
	public function set($key, $value)
	{
		$this->value[$key] = $value;
		return $this;
	}

	/**
	 * Function to set all the values.
	 *
	 * @param mixed $values
	 *
	 * @return $this
	 */
	public function setData($values)
	{
		$this->value = $values;

		return $this;
	}

	/**
	 * Function to get all the values of the Object.
	 *
	 * @return array
	 */
	public function getData()
	{
		return $this->value;
	}

	/**
	 * Function to check if the key exists.
	 *
	 * @param string $key
	 *
	 * @return bool
	 */
	public function has($key)
	{
		return isset($this->value[$key]);
	}

	/**
	 * Function to check if the key is empty.
	 *
	 * @param string $key
	 *
	 * @return bool
	 */
	public function isEmpty($key)
	{
		return empty($this->value[$key]);
	}

	/**
	 * Function to remove the value.
	 *
	 * @param string $key
	 */
	public function remove($key)
	{
		unset($this->value[$key]);
	}

	/**
	 * Function to get keys.
	 *
	 * @return string[]
	 */
	public function getKeys()
	{
		return array_keys($this->value);
	}
}


1		<?php
2		/**
3		* Base file.
4		*
5		* @package App
6		*
7		* @copyright YetiForce S.A.
8		* @license YetiForce Public License 6.5 (licenses/LicenseEN.txt or yetiforce.com)
9		* @author Mariusz Krzaczkowski <[email protected]>
10		*/
11
12		namespace App;
13
14		/**
15		* Base class.
16		*/
17		class Base
18		{
19		/** @var array Values */
20		protected $value;
21	5920
22		/**
23	5920	* Constructor.
24	5920	*
25		* @param array $values
26		*/
27		public function __construct($values = [])
28		{
29		$this->value = $values;
30		}
31
32		/**
33		* Function to get the value if its safe to use for SQL Query (column).
34	2	*
35		* @param string $key
36	2	* @param bool $skipEmtpy Skip the check if string is empty
37		*
38		* @return mixed Value for the given key
39		*/
40		public function getForSql($key, $skipEmtpy = true)
41		{
42		return Purifier::purifySql($this->get($key), $skipEmtpy);
43		}
44
45		/**
46	5927	* Function to get the value for a given key.
47		*
48	5927	* @param string $key
49		*
50		* @return mixed Value for the given key
51		*/
52		public function get($key)
53		{
54		return $this->value[$key] ?? null;
55		}
56
57		/**
58		* Function to get the html encoded value for a given key.
59		*
60		* @param string $key
61		*
62		* @return mixed
63		*/
64		public function getForHtml($key)
65		{
66		return Purifier::encodeHtml($this->get($key));
67		}
68
69		/**
70		* Function to get the array values for a given key.
71	1	*
72		* @param string $key
73	1	* @param array $value
74		*
75		* @return array
76	1	*/
77		public function getArray($key, $value = [])
78		{
79	1	if (!isset($this->value[$key])) {
80		return $value;
81	1	}
82		if (\is_string($this->value[$key]) && (0 === strpos($this->value[$key], '[') \|\| 0 === strpos($this->value[$key], '{'))) {
83		$value = Json::decode($this->value[$key]);
84		} else {
85		$value = (array) $this->value[$key];
86		}
87		return $value;
		0 ignored issues – show Bug Best Practice introduced 2022-04-20 07:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `return $value` also could return the type `string` which is incompatible with the documented return type `array`. Loading history...
88		}
89
90		/**
91		* Function to set the value for a given key.
92	106	*
93		* @param string $key
94	106	* @param mixed $value
95	106	*
96		* @return $this
97		*/
98		public function set($key, $value)
99		{
100		$this->value[$key] = $value;
101		return $this;
102		}
103
104		/**
105	96	* Function to set all the values.
106		*
107	96	* @param mixed $values
108		*
109	96	* @return $this
110		*/
111		public function setData($values)
112		{
113		$this->value = $values;
114
115		return $this;
116		}
117	24
118		/**
119	24	* Function to get all the values of the Object.
120		*
121		* @return array
122		*/
123		public function getData()
124		{
125		return $this->value;
126		}
127
128		/**
129	5802	* Function to check if the key exists.
130		*
131	5802	* @param string $key
132		*
133		* @return bool
134		*/
135		public function has($key)
136		{
137		return isset($this->value[$key]);
138		}
139
140		/**
141	47	* Function to check if the key is empty.
142		*
143	47	* @param string $key
144		*
145		* @return bool
146		*/
147		public function isEmpty($key)
148		{
149		return empty($this->value[$key]);
150		}
151
152		/**
153		* Function to remove the value.
154		*
155		* @param string $key
156		*/
157		public function remove($key)
158		{
159		unset($this->value[$key]);
160		}
161
162		/**
163		* Function to get keys.
164		*
165		* @return string[]
166		*/
167		public function getKeys()
168		{
169		return array_keys($this->value);
170		}
171		}
172

YetiForceCompany / YetiForceCRM

Issues (3882)

Security Analysis 39 potential vulnerabilities

app/Base.php (1 issue)

Labels

Severity

Introduced By

Duplication Side-by-Side

Filter issues like