Issues in test.php (master) - Issues in master - Ysurac/FlightAirMap - Measure and Improve Code Quality continuously with Scrutinizer

Issues (843)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

require/libs/geoPHP/tests/test.php (4 issues)

Labels

Severity

Minor 4

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// Uncomment to test
# run_test();

function run_test() {
/**
 * @ignore
 */
function getUser() {

}

function getUser($id, $realm) {

}
  set_time_limit(0);

  header("Content-type: text");

  include_once('../geoPHP.inc');

  if (geoPHP::geosInstalled()) {
    print "GEOS is installed.\n";
  }
  else {
    print "GEOS is not installed.\n";
  }

  foreach (scandir('./input') as $file) {
    $parts = explode('.',$file);
    if ($parts[0]) {
      $format = $parts[1];
      $value = file_get_contents('./input/'.$file);
      print '---- Testing '.$file."\n";
      $geometry = geoPHP::load($value, $format);
      test_adapters($geometry, $format, $value);
      test_methods($geometry);
      test_geometry($geometry);
      test_detection($value, $format, $file);
    }
  }
  print "Testing Done!";
}

function test_geometry($geometry) {

  // Test common functions
  $geometry->area();
  $geometry->boundary();
  $geometry->envelope();
  $geometry->getBBox();
  $geometry->centroid();
  $geometry->length();
  $geometry->greatCircleLength();
  $geometry->haversineLength();
  $geometry->y();
  $geometry->x();
  $geometry->numGeometries();
  $geometry->geometryN(1);
  $geometry->startPoint();
  $geometry->endPoint();
  $geometry->isRing();
  $geometry->isClosed();
  $geometry->numPoints();
  $geometry->pointN(1);
  $geometry->exteriorRing();
  $geometry->numInteriorRings();
  $geometry->interiorRingN(1);
  $geometry->dimension();
  $geometry->geometryType();
  $geometry->SRID();
  $geometry->setSRID(4326);

  // Aliases
  $geometry->getCentroid();
  $geometry->getArea();
  $geometry->getX();
  $geometry->getY();
  $geometry->getGeos();
  $geometry->getGeomType();
  $geometry->getSRID();
  $geometry->asText();
  $geometry->asBinary();

  // GEOS only functions
  $geometry->geos();
  $geometry->setGeos($geometry->geos());
  $geometry->pointOnSurface();
  $geometry->equals($geometry);
  $geometry->equalsExact($geometry);
  $geometry->relate($geometry);
  $geometry->checkValidity();
  $geometry->isSimple();
  $geometry->buffer(10);
  $geometry->intersection($geometry);
  $geometry->convexHull();
  $geometry->difference($geometry);
  $geometry->symDifference($geometry);
  $geometry->union($geometry);
  $geometry->simplify(0);// @@TODO: Adjust this once we can deal with empty geometries
  $geometry->disjoint($geometry);
  $geometry->touches($geometry);
  $geometry->intersects($geometry);
  $geometry->crosses($geometry);
  $geometry->within($geometry);
  $geometry->contains($geometry);
  $geometry->overlaps($geometry);
  $geometry->covers($geometry);
  $geometry->coveredBy($geometry);
  $geometry->distance($geometry);
  $geometry->hausdorffDistance($geometry);


  // Place holders
  $geometry->hasZ();
  $geometry->is3D();
  $geometry->isMeasured();
  $geometry->isEmpty();
  $geometry->coordinateDimension();
  $geometry->z();
  $geometry->m();
}

function test_adapters($geometry, $format, $input) {

  // Test adapter output and input. Do a round-trip and re-test
  foreach (geoPHP::getAdapterMap() as $adapter_key => $adapter_class) {
    if ($adapter_key != 'google_geocode') { //Don't test google geocoder regularily. Uncomment to test
      $output = $geometry->out($adapter_key);
      if ($output) {
        $adapter_loader = new $adapter_class();
        $test_geom_1 = $adapter_loader->read($output);
        $test_geom_2 = $adapter_loader->read($test_geom_1->out($adapter_key));

        if ($test_geom_1->out('wkt') != $test_geom_2->out('wkt')) {
          print "Mismatched adapter output in ".$adapter_class."\n";
        }
      }
      else {
        print "Empty output on "  . $adapter_key . "\n";
      }
    }
  }

  // Test to make sure adapter work the same wether GEOS is ON or OFF
  // Cannot test methods if GEOS is not intstalled
  if (!geoPHP::geosInstalled()) return;

  foreach (geoPHP::getAdapterMap() as $adapter_key => $adapter_class) {
    if ($adapter_key != 'google_geocode') { //Don't test google geocoder regularily. Uncomment to test
      // Turn GEOS on
      geoPHP::geosInstalled(TRUE);

      $output = $geometry->out($adapter_key);
      if ($output) {
        $adapter_loader = new $adapter_class();

        $test_geom_1 = $adapter_loader->read($output);

        // Turn GEOS off
        geoPHP::geosInstalled(FALSE);

        $test_geom_2 = $adapter_loader->read($output);

        // Turn GEOS back On
        geoPHP::geosInstalled(TRUE);

        // Check to make sure a both are the same with geos and without
        if ($test_geom_1->out('wkt') != $test_geom_2->out('wkt')) {
          print "Mismatched adapter output between GEOS and NORM in ".$adapter_class."\n";
        }
      }
    }
  }
}


function test_methods($geometry) {
  // Cannot test methods if GEOS is not intstalled
  if (!geoPHP::geosInstalled()) return;

  $methods = array(
    //'boundary', //@@TODO: Uncomment this and fix errors
    'envelope',   //@@TODO: Testing reveales errors in this method -- POINT vs. POLYGON
    'getBBox',
    'x',
    'y',
    'startPoint',
    'endPoint',
    'isRing',
    'isClosed',
    'numPoints',
  );

  foreach ($methods as $method) {
    // Turn GEOS on
    geoPHP::geosInstalled(TRUE);
    $geos_result = $geometry->$method();

    // Turn GEOS off
    geoPHP::geosInstalled(FALSE);
    $norm_result = $geometry->$method();

    // Turn GEOS back On
    geoPHP::geosInstalled(TRUE);

    $geos_type = gettype($geos_result);
    $norm_type = gettype($norm_result);

    if ($geos_type != $norm_type) {
      print 'Type mismatch on '.$method."\n";
      continue;
    }

    // Now check base on type
    if ($geos_type == 'object') {
      $haus_dist = $geos_result->hausdorffDistance(geoPHP::load($norm_result->out('wkt'),'wkt'));

      // Get the length of the diagonal of the bbox - this is used to scale the haustorff distance
      // Using Pythagorean theorem
      $bb = $geos_result->getBBox();
      $scale = sqrt((($bb['maxy'] - $bb['miny'])^2) + (($bb['maxx'] - $bb['minx'])^2));

      // The difference in the output of GEOS and native-PHP methods should be less than 0.5 scaled haustorff units
      if ($haus_dist / $scale > 0.5) {
        print 'Output mismatch on '.$method.":\n";
        print 'GEOS : '.$geos_result->out('wkt')."\n";
        print 'NORM : '.$norm_result->out('wkt')."\n";
        continue;
      }
    }

    if ($geos_type == 'boolean' || $geos_type == 'string') {
      if ($geos_result !== $norm_result) {
        print 'Output mismatch on '.$method.":\n";
        print 'GEOS : '.(string) $geos_result."\n";
        print 'NORM : '.(string) $norm_result."\n";
        continue;
      }
    }

    //@@TODO: Run tests for output of types arrays and float
    //@@TODO: centroid function is non-compliant for collections and strings
  }
}

function test_detection($value, $format, $file) {

  $detected = geoPHP::detectFormat($value);
  if ($detected != $format) {
    if ($detected) print 'detected as ' . $detected . "\n";
    else print "not detected\n";
  }
  // Make sure it loads using auto-detect
  geoPHP::load($value);
}


1			<?php
2
3			// Uncomment to test
4			# run_test();
5
6			function run_test() {
			0 ignored issues – show Best Practice introduced 2016-08-01 12:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `run_test()` has been defined more than once; this definition is ignored, only the first definition in `require/libs/geoPHP/tests/postgis.php` (L5-42) is considered. This check looks for functions that have already been defined in other files. Some Codebases, like WordPress, make a practice of defining functions multiple times. This may lead to problems with the detection of function parameters and types. If you really need to do this, you can mark the duplicate definition with the `@ignore` annotation. /** * @ignore */ function getUser() { } function getUser($id, $realm) { } See also the PhpDoc documentation for @ignore. Loading history...
7			set_time_limit(0);
8
9			header("Content-type: text");
10
11			include_once('../geoPHP.inc');
12
13			if (geoPHP::geosInstalled()) {
14			print "GEOS is installed.\n";
15			}
16			else {
17			print "GEOS is not installed.\n";
18			}
19
20			foreach (scandir('./input') as $file) {
21			$parts = explode('.',$file);
22			if ($parts[0]) {
23			$format = $parts[1];
24			$value = file_get_contents('./input/'.$file);
25			print '---- Testing '.$file."\n";
26			$geometry = geoPHP::load($value, $format);
27			test_adapters($geometry, $format, $value);
28			test_methods($geometry);
29			test_geometry($geometry);
30			test_detection($value, $format, $file);
31			}
32			}
33			print "Testing Done!";
34			}
35
36			function test_geometry($geometry) {
37
38			// Test common functions
39			$geometry->area();
40			$geometry->boundary();
41			$geometry->envelope();
42			$geometry->getBBox();
43			$geometry->centroid();
44			$geometry->length();
45			$geometry->greatCircleLength();
46			$geometry->haversineLength();
47			$geometry->y();
48			$geometry->x();
49			$geometry->numGeometries();
50			$geometry->geometryN(1);
51			$geometry->startPoint();
52			$geometry->endPoint();
53			$geometry->isRing();
54			$geometry->isClosed();
55			$geometry->numPoints();
56			$geometry->pointN(1);
57			$geometry->exteriorRing();
58			$geometry->numInteriorRings();
59			$geometry->interiorRingN(1);
60			$geometry->dimension();
61			$geometry->geometryType();
62			$geometry->SRID();
63			$geometry->setSRID(4326);
64
65			// Aliases
66			$geometry->getCentroid();
67			$geometry->getArea();
68			$geometry->getX();
69			$geometry->getY();
70			$geometry->getGeos();
71			$geometry->getGeomType();
72			$geometry->getSRID();
73			$geometry->asText();
74			$geometry->asBinary();
75
76			// GEOS only functions
77			$geometry->geos();
78			$geometry->setGeos($geometry->geos());
79			$geometry->pointOnSurface();
80			$geometry->equals($geometry);
81			$geometry->equalsExact($geometry);
82			$geometry->relate($geometry);
83			$geometry->checkValidity();
84			$geometry->isSimple();
85			$geometry->buffer(10);
86			$geometry->intersection($geometry);
87			$geometry->convexHull();
88			$geometry->difference($geometry);
89			$geometry->symDifference($geometry);
90			$geometry->union($geometry);
91			$geometry->simplify(0);// @@TODO: Adjust this once we can deal with empty geometries
92			$geometry->disjoint($geometry);
93			$geometry->touches($geometry);
94			$geometry->intersects($geometry);
95			$geometry->crosses($geometry);
96			$geometry->within($geometry);
97			$geometry->contains($geometry);
98			$geometry->overlaps($geometry);
99			$geometry->covers($geometry);
100			$geometry->coveredBy($geometry);
101			$geometry->distance($geometry);
102			$geometry->hausdorffDistance($geometry);
103
104
105			// Place holders
106			$geometry->hasZ();
107			$geometry->is3D();
108			$geometry->isMeasured();
109			$geometry->isEmpty();
110			$geometry->coordinateDimension();
111			$geometry->z();
112			$geometry->m();
113			}
114
115			function test_adapters($geometry, $format, $input) {
			0 ignored issues – show Unused Code introduced 2016-08-01 12:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$format` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Unused Code introduced 2016-08-01 12:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$input` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
116			// Test adapter output and input. Do a round-trip and re-test
117			foreach (geoPHP::getAdapterMap() as $adapter_key => $adapter_class) {
118			if ($adapter_key != 'google_geocode') { //Don't test google geocoder regularily. Uncomment to test
119			$output = $geometry->out($adapter_key);
120			if ($output) {
121			$adapter_loader = new $adapter_class();
122			$test_geom_1 = $adapter_loader->read($output);
123			$test_geom_2 = $adapter_loader->read($test_geom_1->out($adapter_key));
124
125			if ($test_geom_1->out('wkt') != $test_geom_2->out('wkt')) {
126			print "Mismatched adapter output in ".$adapter_class."\n";
127			}
128			}
129			else {
130			print "Empty output on " . $adapter_key . "\n";
131			}
132			}
133			}
134
135			// Test to make sure adapter work the same wether GEOS is ON or OFF
136			// Cannot test methods if GEOS is not intstalled
137			if (!geoPHP::geosInstalled()) return;
138
139			foreach (geoPHP::getAdapterMap() as $adapter_key => $adapter_class) {
140			if ($adapter_key != 'google_geocode') { //Don't test google geocoder regularily. Uncomment to test
141			// Turn GEOS on
142			geoPHP::geosInstalled(TRUE);
143
144			$output = $geometry->out($adapter_key);
145			if ($output) {
146			$adapter_loader = new $adapter_class();
147
148			$test_geom_1 = $adapter_loader->read($output);
149
150			// Turn GEOS off
151			geoPHP::geosInstalled(FALSE);
152
153			$test_geom_2 = $adapter_loader->read($output);
154
155			// Turn GEOS back On
156			geoPHP::geosInstalled(TRUE);
157
158			// Check to make sure a both are the same with geos and without
159			if ($test_geom_1->out('wkt') != $test_geom_2->out('wkt')) {
160			print "Mismatched adapter output between GEOS and NORM in ".$adapter_class."\n";
161			}
162			}
163			}
164			}
165			}
166
167
168			function test_methods($geometry) {
169			// Cannot test methods if GEOS is not intstalled
170			if (!geoPHP::geosInstalled()) return;
171
172			$methods = array(
173			//'boundary', //@@TODO: Uncomment this and fix errors
174			'envelope', //@@TODO: Testing reveales errors in this method -- POINT vs. POLYGON
175			'getBBox',
176			'x',
177			'y',
178			'startPoint',
179			'endPoint',
180			'isRing',
181			'isClosed',
182			'numPoints',
183			);
184
185			foreach ($methods as $method) {
186			// Turn GEOS on
187			geoPHP::geosInstalled(TRUE);
188			$geos_result = $geometry->$method();
189
190			// Turn GEOS off
191			geoPHP::geosInstalled(FALSE);
192			$norm_result = $geometry->$method();
193
194			// Turn GEOS back On
195			geoPHP::geosInstalled(TRUE);
196
197			$geos_type = gettype($geos_result);
198			$norm_type = gettype($norm_result);
199
200			if ($geos_type != $norm_type) {
201			print 'Type mismatch on '.$method."\n";
202			continue;
203			}
204
205			// Now check base on type
206			if ($geos_type == 'object') {
207			$haus_dist = $geos_result->hausdorffDistance(geoPHP::load($norm_result->out('wkt'),'wkt'));
208
209			// Get the length of the diagonal of the bbox - this is used to scale the haustorff distance
210			// Using Pythagorean theorem
211			$bb = $geos_result->getBBox();
212			$scale = sqrt((($bb['maxy'] - $bb['miny'])^2) + (($bb['maxx'] - $bb['minx'])^2));
213
214			// The difference in the output of GEOS and native-PHP methods should be less than 0.5 scaled haustorff units
215			if ($haus_dist / $scale > 0.5) {
216			print 'Output mismatch on '.$method.":\n";
217			print 'GEOS : '.$geos_result->out('wkt')."\n";
218			print 'NORM : '.$norm_result->out('wkt')."\n";
219			continue;
220			}
221			}
222
223			if ($geos_type == 'boolean' \|\| $geos_type == 'string') {
224			if ($geos_result !== $norm_result) {
225			print 'Output mismatch on '.$method.":\n";
226			print 'GEOS : '.(string) $geos_result."\n";
227			print 'NORM : '.(string) $norm_result."\n";
228			continue;
229			}
230			}
231
232			//@@TODO: Run tests for output of types arrays and float
233			//@@TODO: centroid function is non-compliant for collections and strings
234			}
235			}
236
237			function test_detection($value, $format, $file) {
			0 ignored issues – show Unused Code introduced 2016-08-01 12:53 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$file` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
238			$detected = geoPHP::detectFormat($value);
239			if ($detected != $format) {
240			if ($detected) print 'detected as ' . $detected . "\n";
241			else print "not detected\n";
242			}
243			// Make sure it loads using auto-detect
244			geoPHP::load($value);
245			}
246

Ysurac / FlightAirMap

Issues (843)

Security Analysis not enabled

require/libs/geoPHP/tests/test.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like