Issues in AbstractApi.php (develop) - Issues in develop - adam-paterson/api-client-foundation - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Api/AbstractApi.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types = 1);

namespace AdamPaterson\ApiClient\Foundation\Api;

use AdamPaterson\ApiClient\Foundation\Exception\Domain\NotFoundException;
use AdamPaterson\ApiClient\Foundation\Exception\Domain\UnknownErrorException;
use Http\Client\HttpClient;
use Psr\Http\Message\ResponseInterface;
use AdamPaterson\ApiClient\Foundation\Http\RequestBuilder;
use AdamPaterson\ApiClient\Foundation\Contract\HydratorInterface as Hydrator;

/**
 * Class AbstractApi
 *
 * @package AdamPaterson\ApiClient\Foundation\Api
 */
abstract class AbstractApi
{
    /**
     * @var \Http\Client\HttpClient
     */
    protected $httpClient;

    /**
     * @var \AdamPaterson\ApiClient\Foundation\Contract\HydratorInterface
     */
    protected $hydrator;

    /**
     * @var \AdamPaterson\ApiClient\Foundation\Http\RequestBuilder
     */
    protected $requestBuilder;

    /**
     * AbstractApi constructor.
     *
     * @param \Http\Client\HttpClient                                       $httpClient
     * @param \AdamPaterson\ApiClient\Foundation\Contract\HydratorInterface $hydrator
     * @param \AdamPaterson\ApiClient\Foundation\Http\RequestBuilder        $requestBuilder
     */
    public function __construct(HttpClient $httpClient, Hydrator $hydrator, RequestBuilder $requestBuilder)
    {
        $this->httpClient = $httpClient;
        $this->requestBuilder = $requestBuilder;
        $this->hydrator = $hydrator;
    }

    /**
     * @param string $path
     * @param array  $params
     * @param array  $headers
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function get(string $path, array $params = [], array $headers = []): ResponseInterface
    {
        if (count($params) > 0) {
            $path .= '?'.http_build_query($params);
        }

        return $this->httpClient->sendRequest(
            $this->requestBuilder->create('GET', $path, $headers)
        );
    }

    /**
     * @param string $path
     * @param array  $params
     * @param array  $headers
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function post(string $path, array $params = [], $headers = []): ResponseInterface
    {
        return $this->postRaw($path, $this->createJsonBody($params), $headers);
    }

    /**
     * @param string $path
     * @param        $body
     * @param array  $headers
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function postRaw(string $path, $body, array $headers = []): ResponseInterface
    {
        return $this->httpClient->sendRequest(
            $this->requestBuilder->create('POST', $path, $headers, $body)
        );
    }

    /**
     * @param string $path
     * @param array  $params
     * @param array  $headers
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function put(string $path, array $params = [], array $headers = []): ResponseInterface
    {
        return $this->httpClient->sendRequest(
            $this->requestBuilder->create('PUT', $path, $headers, $this->createJsonBody($params))

        );
    }

    /**
     * @param string $path
     * @param array  $params
     * @param array  $headers
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function patch(string $path, array $params = [], array $headers = []): ResponseInterface
    {
        return $this->httpClient->sendRequest(
            $this->requestBuilder->create('PATCH', $path, $headers, $this->createJsonBody($params))

        );
    }

    /**
     * @param string $path
     * @param array  $params
     * @param array  $headers
     *
     * @return \Psr\Http\Message\ResponseInterface
     */
    protected function delete(string $path, array $params = [], array $headers = []): ResponseInterface
    {
        return $this->httpClient->sendRequest(
            $this->requestBuilder->create('DELETE', $path, $headers, $this->createJsonBody($params))

        );
    }

    /**
     * @param \Psr\Http\Message\ResponseInterface $response
     *
     * @throws \AdamPaterson\ApiClient\Foundation\Exception\Domain\NotFoundException
     * @throws \AdamPaterson\ApiClient\Foundation\Exception\Domain\UnknownErrorException
     */
    protected function handleErrors(ResponseInterface $response)
    {
        switch ($response->getStatusCode()) {
            case 404:
                throw new NotFoundException();
                break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
            default:
                throw new UnknownErrorException();
                break;
function fx() {
    try {
        doSomething();
        return true;
    }
    catch (\Exception $e) {
        return false;
    }

    return false;
}
        }
    }

    /**
     * @param array $params
     *
     * @return null|string
     */
    private function createJsonBody(array $params)
    {
        return (count($params) === 0) ? null : json_encode($params, empty($params) ? JSON_FORCE_OBJECT : 0);
    }
}


1		<?php
2
3		declare(strict_types = 1);
4
5		namespace AdamPaterson\ApiClient\Foundation\Api;
6
7		use AdamPaterson\ApiClient\Foundation\Exception\Domain\NotFoundException;
8		use AdamPaterson\ApiClient\Foundation\Exception\Domain\UnknownErrorException;
9		use Http\Client\HttpClient;
10		use Psr\Http\Message\ResponseInterface;
11		use AdamPaterson\ApiClient\Foundation\Http\RequestBuilder;
12		use AdamPaterson\ApiClient\Foundation\Contract\HydratorInterface as Hydrator;
13
14		/**
15		* Class AbstractApi
16		*
17		* @package AdamPaterson\ApiClient\Foundation\Api
18		*/
19		abstract class AbstractApi
20		{
21		/**
22		* @var \Http\Client\HttpClient
23		*/
24		protected $httpClient;
25
26		/**
27		* @var \AdamPaterson\ApiClient\Foundation\Contract\HydratorInterface
28		*/
29		protected $hydrator;
30
31		/**
32		* @var \AdamPaterson\ApiClient\Foundation\Http\RequestBuilder
33		*/
34		protected $requestBuilder;
35
36		/**
37		* AbstractApi constructor.
38		*
39		* @param \Http\Client\HttpClient $httpClient
40		* @param \AdamPaterson\ApiClient\Foundation\Contract\HydratorInterface $hydrator
41		* @param \AdamPaterson\ApiClient\Foundation\Http\RequestBuilder $requestBuilder
42		*/
43	15	public function __construct(HttpClient $httpClient, Hydrator $hydrator, RequestBuilder $requestBuilder)
44		{
45	15	$this->httpClient = $httpClient;
46	15	$this->requestBuilder = $requestBuilder;
47	15	$this->hydrator = $hydrator;
48	15	}
49
50		/**
51		* @param string $path
52		* @param array $params
53		* @param array $headers
54		*
55		* @return \Psr\Http\Message\ResponseInterface
56		*/
57	3	protected function get(string $path, array $params = [], array $headers = []): ResponseInterface
58		{
59	3	if (count($params) > 0) {
60	3	$path .= '?'.http_build_query($params);
61		}
62
63	3	return $this->httpClient->sendRequest(
64	3	$this->requestBuilder->create('GET', $path, $headers)
65		);
66		}
67
68		/**
69		* @param string $path
70		* @param array $params
71		* @param array $headers
72		*
73		* @return \Psr\Http\Message\ResponseInterface
74		*/
75	3	protected function post(string $path, array $params = [], $headers = []): ResponseInterface
76		{
77	3	return $this->postRaw($path, $this->createJsonBody($params), $headers);
78		}
79
80		/**
81		* @param string $path
82		* @param $body
83		* @param array $headers
84		*
85		* @return \Psr\Http\Message\ResponseInterface
86		*/
87	3	protected function postRaw(string $path, $body, array $headers = []): ResponseInterface
88		{
89	3	return $this->httpClient->sendRequest(
90	3	$this->requestBuilder->create('POST', $path, $headers, $body)
91		);
92		}
93
94		/**
95		* @param string $path
96		* @param array $params
97		* @param array $headers
98		*
99		* @return \Psr\Http\Message\ResponseInterface
100		*/
101	3	protected function put(string $path, array $params = [], array $headers = []): ResponseInterface
102		{
103	3	return $this->httpClient->sendRequest(
104	3	$this->requestBuilder->create('PUT', $path, $headers, $this->createJsonBody($params))
		0 ignored issues – show Bug introduced 2017-04-07 16:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->createJsonBody($params)` targeting `AdamPaterson\ApiClient\F...ctApi::createJsonBody()` can also be of type `string`; however, `AdamPaterson\ApiClient\F...equestBuilder::create()` does only seem to accept `null`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
105		);
106		}
107
108		/**
109		* @param string $path
110		* @param array $params
111		* @param array $headers
112		*
113		* @return \Psr\Http\Message\ResponseInterface
114		*/
115	3	protected function patch(string $path, array $params = [], array $headers = []): ResponseInterface
116		{
117	3	return $this->httpClient->sendRequest(
118	3	$this->requestBuilder->create('PATCH', $path, $headers, $this->createJsonBody($params))
		0 ignored issues – show Bug introduced 2017-04-07 16:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->createJsonBody($params)` targeting `AdamPaterson\ApiClient\F...ctApi::createJsonBody()` can also be of type `string`; however, `AdamPaterson\ApiClient\F...equestBuilder::create()` does only seem to accept `null`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
119		);
120		}
121
122		/**
123		* @param string $path
124		* @param array $params
125		* @param array $headers
126		*
127		* @return \Psr\Http\Message\ResponseInterface
128		*/
129	3	protected function delete(string $path, array $params = [], array $headers = []): ResponseInterface
130		{
131	3	return $this->httpClient->sendRequest(
132	3	$this->requestBuilder->create('DELETE', $path, $headers, $this->createJsonBody($params))
		0 ignored issues – show Bug introduced 2017-04-07 16:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->createJsonBody($params)` targeting `AdamPaterson\ApiClient\F...ctApi::createJsonBody()` can also be of type `string`; however, `AdamPaterson\ApiClient\F...equestBuilder::create()` does only seem to accept `null`, maybe add an additional type check? This check looks at variables that are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
133		);
134		}
135
136		/**
137		* @param \Psr\Http\Message\ResponseInterface $response
138		*
139		* @throws \AdamPaterson\ApiClient\Foundation\Exception\Domain\NotFoundException
140		* @throws \AdamPaterson\ApiClient\Foundation\Exception\Domain\UnknownErrorException
141		*/
142		protected function handleErrors(ResponseInterface $response)
143		{
144		switch ($response->getStatusCode()) {
145		case 404:
146		throw new NotFoundException();
147		break;
		0 ignored issues – show Unused Code introduced 2017-04-07 16:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
148		default:
149		throw new UnknownErrorException();
150		break;
		0 ignored issues – show Unused Code introduced 2017-04-07 16:03 UTC by Report Bug Copy Issue Report Show Similar Issues like this `break;` does not seem to be reachable. This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed. Unreachable code is most often the result of `return`, `die` or `exit` statements that have been added for debug purposes. function fx() { try { doSomething(); return true; } catch (\Exception $e) { return false; } return false; } In the above example, the last `return false` will never be executed, because a return statement has already been met in every possible execution path. Loading history...
151		}
152		}
153
154		/**
155		* @param array $params
156		*
157		* @return null\|string
158		*/
159	12	private function createJsonBody(array $params)
160		{
161	12	return (count($params) === 0) ? null : json_encode($params, empty($params) ? JSON_FORCE_OBJECT : 0);
162		}
163		}
164

adam-paterson / api-client-foundation

Issues (5)

Security Analysis no request data

src/Api/AbstractApi.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like