Issues in ServiceManager.php (master) - Issues in master - acquia/acquia-sdk-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (27)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Acquia/Rest/ServiceManager.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Acquia\Rest;

use Acquia\Json\Json;
use Guzzle\Service\Builder\ServiceBuilder;
use Guzzle\Service\Client;
use Symfony\Component\Filesystem\Filesystem;

class ServiceManager extends \ArrayObject
{
    /**
     * @var \Guzzle\Common\Collection
     */
    protected $config;

    /**
     * @var array
     */
    protected $removed = array();

    /**
     * @var \Symfony\Component\Filesystem\Filesystem
     */
    protected $filesystem;

    /**
     * @param array $config
     */
    public function __construct(array $config = array())
    {
        $defaults = array(
            'conf_dir' => 'conf',
            'conf_files' => array(),
        );

        $required = array(
            'conf_dir',
            'conf_files',
        );

        $this->config = \Guzzle\Common\Collection::fromConfig($config, $defaults, $required);
        $this->config['conf_dir'] = rtrim($this->config['conf_dir'], '/\\');
    }

    /**
     * @return \Guzzle\Common\Collection
     */
    public function getConfig()
    {
        return $this->config;
    }

    /**
     * @param \Symfony\Component\Filesystem\Filesystem $filesystem
     *
     * @return \Acquia\Rest\ServiceManager
     */
    public function setFilesystem(Filesystem $filesystem)
    {
        $this->filesystem = $filesystem;
        return $this;
    }

    /**
     * @return \Symfony\Component\Filesystem\Filesystem
     */
    public function getFilesystem()
    {
        if (!isset($this->filesystem)) {
            $this->filesystem = new Filesystem();
        }
        return $this->filesystem;
    }

    /**
     * @param string $group
     *
     * @return string
     */
    public function getConfigFilename($group)
    {
        $conf_files = $this->config->get('conf_files');
        if (!isset($conf_files[$group])) {
            $filename = $this->config['conf_dir'] . '/' . $group . '.json';
            $conf_files[$group] = $filename;
        }
        $this->config->set('conf_files', $conf_files);
        return $conf_files[$group];
    }

    /**
     * @param string $name
     *
     * @return boolean
     */
    public function hasConfigFile($name)
    {
        $filename = $this->getConfigFilename($name);
        return is_file($filename) && is_readable($filename);
    }

    /**
     * @param string $group
     *
     * @return \Guzzle\Service\Builder\ServiceBuilder
     */
    public function load($group)
    {
        $confg = $this->hasConfigFile($group) ? $this->getConfigFilename($group) : array();
        return ServiceBuilder::factory($confg);
    }

    /**
     * @param string $group
     *
     * @return \Guzzle\Service\Builder\ServiceBuilder
     */
    public function offsetGet($group)
    {
        if (!isset($this[$group])) {

            // Load builder from file or instantiate an empty one.
            if ($this->hasConfigFile($group)) {
                $this[$group] = $this->load($group);
            } else {
                $this[$group] = ServiceBuilder::factory(array());
            }

            // Initialize the "removed" flag.
            $this->removed[$group] = array();
        }
        return parent::offsetGet($group);
    }

    /**
     * @param string $group
     * @param \Guzzle\Service\Builder\ServiceBuilder $builder
     */
    public function offsetSet($group, $builder)
    {
        if (!$builder instanceof ServiceBuilder) {
            throw new \UnexpectedValueException('Expecting value to be an instance of Guzzle\Service\Builder\ServiceBuilder');
        }
        parent::offsetSet($group, $builder);
    }

    /**
     * @param string $group
     */
    public function offsetUnset($group)
    {
        unset($this->removed[$group]);
        parent::offsetUnset($group);
    }

    /**
     * @param string $group
     *
     * @return \Guzzle\Service\Builder\ServiceBuilder
     */
    public function getBuilder($group)
    {
        return $this[$group];
    }

    /**
     * @param string $group
     * @param \Guzzle\Service\Builder\ServiceBuilder $builder
     *
     * @return \Acquia\Rest\ServiceManager
     */
    public function setBuilder($group, ServiceBuilder $builder)
    {
        $this[$group] = $builder;
        $this->removed[$group] = array();
        return $this;
    }

    /**
     * @param string $group
     * @param string $name
     * @param \Guzzle\Service\Client $client
     *
     * @return \Acquia\Rest\ServiceManager
     */
    public function setClient($group, $name, Client $client)
    {
        // Must also be service manager aware.
        if (!$client instanceof ServiceManagerAware) {
            throw new \UnexpectedValueException('Client must implement Acquia\Rest\ServiceManagerAware');
        }

        $builder = $this[$group];

        // Set the client in the service builder.
        $builder[$name] = $client;

        // This looks funky, but it is actually not overwriting the value we
        // just set. This snippet adds the builder config so that saving the
        // service will add this client as a service in the JSON file.
        // @see \Guzzle\Service\Builder\ServiceBuilder::set()

        $builder[$name] = array(
            'class' => get_class($client),
            'params' => $client->getBuilderParams(),
        );

        // If the client was previously removed, unset the remove flag.
        unset($this->removed[$group][$name]);

        return $this;
    }

    /**
     * @param string $group
     * @param string $name
     *
     * @return \Guzzle\Service\Client
     */
    public function getClient($group, $name)
    {
        return isset($this[$group][$name]) ? $this[$group][$name] : null;
    }

    /**
     * @param string $group
     * @param string $name
     *
     * @return \Acquia\Rest\ServiceManager
     */
    public function removeClient($group, $name)
    {
        unset($this[$group][$name]);
        $this->removed[$group][$name] = $name;
        return $this;
    }

    /**
     * Writes all service group configurations to the backend.
     *
     * @param boolean $overwrite
     */
    public function save($overwrite = false)
    {
        foreach ($this as $group => $builder) {
            $this->saveServiceGroup($group, $overwrite);
        }
    }

    /**
     * @param string $group
     * @param boolean $overwrite
     *
     * @throws \Symfony\Component\Filesystem\Exception\IOException
     *
     * @see http://guzzlephp.org/webservice-client/using-the-service-builder.html#sourcing-from-a-json-document
     */
    public function saveServiceGroup($group, $overwrite = false)
    {
        $filename = $this->getConfigFilename($group);
        $hasConfigFile = $this->hasConfigFile($group);

        // This sucks, but it is the only way to get the builder config.
        // @todo Create a Guzzle issue to add a getBuilderConfig() method.
        $builder = $this[$group];
        $builderConfig = Json::decode($builder->serialize());

        // @todo Add validation.
        if (!$overwrite && $hasConfigFile) {
            $groupJson = file_get_contents($filename);
            $groupData = Json::decode($groupJson);
            $builderConfig = array_merge($groupData['services'], $builderConfig);
        }

        // Unset the services that are flagged to be removed then clear the
        // remove flag since action was taken.
        foreach ($this->removed[$group] as $name) {
            unset($builderConfig[$name]);
        }
        $this->removed[$group] = array();

        $json = Json::encode(array(
            'class' => get_class($builder),
            'services' => $builderConfig,
        ));

        $filesystem = $this->getFilesystem();

        if (!$hasConfigFile) {
            $filesystem->mkdir(dirname($filename), 0755);
        }

        $filesystem->dumpFile($filename, $json, 0600);
    }

    /**
     * @param string $group
     *
     * @throws \Symfony\Component\Filesystem\Exception\IOException
     */
    public function deleteServiceGroup($group)
    {
        $filename = $this->getConfigFilename($group);
        $this->getFilesystem()->remove($filename);

        // Unlike normal arrays, unset() will throw errors here if the key
        // doesn't exist.
        if (isset($this[$group])) {
            unset($this[$group]);
        }

        unset($this->removed[$group]);
    }
}


1		<?php
2
3		namespace Acquia\Rest;
4
5		use Acquia\Json\Json;
6		use Guzzle\Service\Builder\ServiceBuilder;
7		use Guzzle\Service\Client;
8		use Symfony\Component\Filesystem\Filesystem;
9
10		class ServiceManager extends \ArrayObject
11		{
12		/**
13		* @var \Guzzle\Common\Collection
14		*/
15		protected $config;
16
17		/**
18		* @var array
19		*/
20		protected $removed = array();
21
22		/**
23		* @var \Symfony\Component\Filesystem\Filesystem
24		*/
25		protected $filesystem;
26
27		/**
28		* @param array $config
29		*/
30	48	public function __construct(array $config = array())
31		{
32		$defaults = array(
33	48	'conf_dir' => 'conf',
34	48	'conf_files' => array(),
35	48	);
36
37		$required = array(
38	48	'conf_dir',
39	48	'conf_files',
40	48	);
41
42	48	$this->config = \Guzzle\Common\Collection::fromConfig($config, $defaults, $required);
43	48	$this->config['conf_dir'] = rtrim($this->config['conf_dir'], '/\\');
44	48	}
45
46		/**
47		* @return \Guzzle\Common\Collection
48		*/
49	3	public function getConfig()
50		{
51	3	return $this->config;
52		}
53
54		/**
55		* @param \Symfony\Component\Filesystem\Filesystem $filesystem
56		*
57		* @return \Acquia\Rest\ServiceManager
58		*/
59	3	public function setFilesystem(Filesystem $filesystem)
60		{
61	3	$this->filesystem = $filesystem;
62	3	return $this;
63		}
64
65		/**
66		* @return \Symfony\Component\Filesystem\Filesystem
67		*/
68	15	public function getFilesystem()
69		{
70	15	if (!isset($this->filesystem)) {
71	12	$this->filesystem = new Filesystem();
72	12	}
73	15	return $this->filesystem;
74		}
75
76		/**
77		* @param string $group
78		*
79		* @return string
80		*/
81	30	public function getConfigFilename($group)
82		{
83	30	$conf_files = $this->config->get('conf_files');
84	30	if (!isset($conf_files[$group])) {
85	30	$filename = $this->config['conf_dir'] . '/' . $group . '.json';
86	30	$conf_files[$group] = $filename;
87	30	}
88	30	$this->config->set('conf_files', $conf_files);
89	30	return $conf_files[$group];
90		}
91
92		/**
93		* @param string $name
94		*
95		* @return boolean
96		*/
97	24	public function hasConfigFile($name)
98		{
99	24	$filename = $this->getConfigFilename($name);
100	24	return is_file($filename) && is_readable($filename);
101		}
102
103		/**
104		* @param string $group
105		*
106		* @return \Guzzle\Service\Builder\ServiceBuilder
107		*/
108	21	public function load($group)
109		{
110	21	$confg = $this->hasConfigFile($group) ? $this->getConfigFilename($group) : array();
111	21	return ServiceBuilder::factory($confg);
112		}
113
114		/**
115		* @param string $group
116		*
117		* @return \Guzzle\Service\Builder\ServiceBuilder
118		*/
119	24	public function offsetGet($group)
120		{
121	24	if (!isset($this[$group])) {
122
123		// Load builder from file or instantiate an empty one.
124	21	if ($this->hasConfigFile($group)) {
125	21	$this[$group] = $this->load($group);
126	21	} else {
127	3	$this[$group] = ServiceBuilder::factory(array());
128		}
129
130		// Initialize the "removed" flag.
131	21	$this->removed[$group] = array();
132	21	}
133	24	return parent::offsetGet($group);
134		}
135
136		/**
137		* @param string $group
138		* @param \Guzzle\Service\Builder\ServiceBuilder $builder
139		*/
140	27	public function offsetSet($group, $builder)
141		{
142	27	if (!$builder instanceof ServiceBuilder) {
143	3	throw new \UnexpectedValueException('Expecting value to be an instance of Guzzle\Service\Builder\ServiceBuilder');
144		}
145	24	parent::offsetSet($group, $builder);
146	24	}
147
148		/**
149		* @param string $group
150		*/
151	9	public function offsetUnset($group)
152		{
153	9	unset($this->removed[$group]);
154	9	parent::offsetUnset($group);
155	9	}
156
157		/**
158		* @param string $group
159		*
160		* @return \Guzzle\Service\Builder\ServiceBuilder
161		*/
162	12	public function getBuilder($group)
163		{
164	12	return $this[$group];
165		}
166
167		/**
168		* @param string $group
169		* @param \Guzzle\Service\Builder\ServiceBuilder $builder
170		*
171		* @return \Acquia\Rest\ServiceManager
172		*/
173	6	public function setBuilder($group, ServiceBuilder $builder)
174		{
175	6	$this[$group] = $builder;
176	6	$this->removed[$group] = array();
177	6	return $this;
178		}
179
180		/**
181		* @param string $group
182		* @param string $name
183		* @param \Guzzle\Service\Client $client
184		*
185		* @return \Acquia\Rest\ServiceManager
186		*/
187	6	public function setClient($group, $name, Client $client)
188		{
189		// Must also be service manager aware.
190	6	if (!$client instanceof ServiceManagerAware) {
191	3	throw new \UnexpectedValueException('Client must implement Acquia\Rest\ServiceManagerAware');
192		}
193
194	3	$builder = $this[$group];
195
196		// Set the client in the service builder.
197	3	$builder[$name] = $client;
198
199		// This looks funky, but it is actually not overwriting the value we
200		// just set. This snippet adds the builder config so that saving the
201		// service will add this client as a service in the JSON file.
202		// @see \Guzzle\Service\Builder\ServiceBuilder::set()
		0 ignored issues – show Unused Code Comprehensibility introduced 2015-12-29 22:34 UTC by Report Bug Copy Issue Report Show Similar Issues like this `38%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
203	3	$builder[$name] = array(
204	3	'class' => get_class($client),
205	3	'params' => $client->getBuilderParams(),
206		);
207
208		// If the client was previously removed, unset the remove flag.
209	3	unset($this->removed[$group][$name]);
210
211	3	return $this;
212		}
213
214		/**
215		* @param string $group
216		* @param string $name
217		*
218		* @return \Guzzle\Service\Client
219		*/
220	6	public function getClient($group, $name)
221		{
222	6	return isset($this[$group][$name]) ? $this[$group][$name] : null;
223		}
224
225		/**
226		* @param string $group
227		* @param string $name
228		*
229		* @return \Acquia\Rest\ServiceManager
230		*/
231	3	public function removeClient($group, $name)
232		{
233	3	unset($this[$group][$name]);
234	3	$this->removed[$group][$name] = $name;
235	3	return $this;
236		}
237
238		/**
239		* Writes all service group configurations to the backend.
240		*
241		* @param boolean $overwrite
242		*/
243	6	public function save($overwrite = false)
244		{
245	6	foreach ($this as $group => $builder) {
246	6	$this->saveServiceGroup($group, $overwrite);
247	6	}
248	6	}
249
250		/**
251		* @param string $group
252		* @param boolean $overwrite
253		*
254		* @throws \Symfony\Component\Filesystem\Exception\IOException
255		*
256		* @see http://guzzlephp.org/webservice-client/using-the-service-builder.html#sourcing-from-a-json-document
257		*/
258	6	public function saveServiceGroup($group, $overwrite = false)
259		{
260	6	$filename = $this->getConfigFilename($group);
261	6	$hasConfigFile = $this->hasConfigFile($group);
262
263		// This sucks, but it is the only way to get the builder config.
264		// @todo Create a Guzzle issue to add a getBuilderConfig() method.
265	6	$builder = $this[$group];
266	6	$builderConfig = Json::decode($builder->serialize());
267
268		// @todo Add validation.
269	6	if (!$overwrite && $hasConfigFile) {
270	6	$groupJson = file_get_contents($filename);
271	6	$groupData = Json::decode($groupJson);
272	6	$builderConfig = array_merge($groupData['services'], $builderConfig);
273	6	}
274
275		// Unset the services that are flagged to be removed then clear the
276		// remove flag since action was taken.
277	6	foreach ($this->removed[$group] as $name) {
278	3	unset($builderConfig[$name]);
279	6	}
280	6	$this->removed[$group] = array();
281
282	6	$json = Json::encode(array(
283	6	'class' => get_class($builder),
284	6	'services' => $builderConfig,
285	6	));
286
287	6	$filesystem = $this->getFilesystem();
288
289	6	if (!$hasConfigFile) {
290	3	$filesystem->mkdir(dirname($filename), 0755);
291	3	}
292
293	6	$filesystem->dumpFile($filename, $json, 0600);
294	6	}
295
296		/**
297		* @param string $group
298		*
299		* @throws \Symfony\Component\Filesystem\Exception\IOException
300		*/
301	6	public function deleteServiceGroup($group)
302		{
303	6	$filename = $this->getConfigFilename($group);
304	6	$this->getFilesystem()->remove($filename);
305
306		// Unlike normal arrays, unset() will throw errors here if the key
307		// doesn't exist.
308	6	if (isset($this[$group])) {
309	6	unset($this[$group]);
310	6	}
311
312	6	unset($this->removed[$group]);
313	6	}
314		}
315

acquia / acquia-sdk-php

Issues (27)

Security Analysis no request data

src/Acquia/Rest/ServiceManager.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like