Issues in LoggerManager.php (scrutinizer-code-quality) - Issues in scrutinizer-code-quality - adamjakab/SuiteCRM - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4069)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

include/SugarLogger/LoggerManager.php (3 issues)

Labels

Coding Style 3

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
if(!defined('sugarEntry') || !sugarEntry) die('Not A Valid Entry Point');
/*********************************************************************************
 * SugarCRM Community Edition is a customer relationship management program developed by
 * SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.

 * SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
 * Copyright (C) 2011 - 2014 Salesagility Ltd.
 *
 * This program is free software; you can redistribute it and/or modify it under
 * the terms of the GNU Affero General Public License version 3 as published by the
 * Free Software Foundation with the addition of the following permission added
 * to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
 * IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
 * OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
 *
 * This program is distributed in the hope that it will be useful, but WITHOUT
 * ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
 * FOR A PARTICULAR PURPOSE.  See the GNU Affero General Public License for more
 * details.
 *
 * You should have received a copy of the GNU Affero General Public License along with
 * this program; if not, see http://www.gnu.org/licenses or write to the Free
 * Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
 * 02110-1301 USA.
 *
 * You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
 * SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
 *
 * The interactive user interfaces in modified source and object code versions
 * of this program must display Appropriate Legal Notices, as required under
 * Section 5 of the GNU Affero General Public License version 3.
 *
 * In accordance with Section 7(b) of the GNU Affero General Public License version 3,
 * these Appropriate Legal Notices must retain the display of the "Powered by
 * SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
 * reasonably feasible for  technical reasons, the Appropriate Legal Notices must
 * display the words  "Powered by SugarCRM" and "Supercharged by SuiteCRM".
 ********************************************************************************/

/**
 * Log management
 * @api
 */
class LoggerManager

{
	//this the the current log level
	private $_level = 'fatal';

	//this is a list of different loggers that have been loaded
	protected static $_loggers = array();

	//this is the instance of the LoggerManager
	private static $_instance = NULL;

	//these are the mappings for levels to different log types
	private static $_logMapping = array(
		'default' => 'SugarLogger',
	);

	//these are the log level mappings anything with a lower value than your current log level will be logged
	private static $_levelMapping = array(
		'debug'      => 100,
		'info'       => 70,
		'warn'       => 50,
		'deprecated' => 40,
		'error'      => 25,
		'fatal'      => 10,
		'security'   => 5,
		'off'        => 0,
	);

	//only let the getLogger instantiate this object
	private function __construct()
	{
		$level = SugarConfig::getInstance()->get('logger.level', $this->_level);
		if (!empty($level))
			$this->setLevel($level);

		if ( empty(self::$_loggers) )
		    $this->_findAvailableLoggers();
	}

	/**
	 * Overloaded method that handles the logging requests.
	 *
	 * @param string $method
	 * @param string $message - also handles array as parameter, though that is deprecated.
	 */
 	public function __call(
 	    $method,
 	    $message
 	    )
 	{
        if ( !isset(self::$_levelMapping[$method]) )
            $method = $this->_level;
 		//if the method is a direct match to our level let's let it through this allows for custom levels
 		if($method == $this->_level
                //otherwise if we have a level mapping for the method and that level is less than or equal to the current level let's let it log
                || (!empty(self::$_levelMapping[$method])
                    && self::$_levelMapping[$this->_level] >= self::$_levelMapping[$method]) ) {
 			//now we get the logger type this allows for having a file logger an email logger, a firebug logger or any other logger you wish you can set different levels to log differently
 			$logger = (!empty(self::$_logMapping[$method])) ?
 			    self::$_logMapping[$method] : self::$_logMapping['default'];
 			//if we haven't instantiated that logger let's instantiate
 			if (!isset(self::$_loggers[$logger])) {
 			    self::$_loggers[$logger] = new $logger();
 			}
 			//tell the logger to log the message
 			self::$_loggers[$logger]->log($method, $message);
 		}
 	}

 	/**

 	 * Check if this log level will be producing any logging
 	 * @param string $method
 	 * @return boolean
 	 */
 	public function wouldLog($method)
 	{
 	    if ( !isset(self::$_levelMapping[$method]) )
 	    	$method = $this->_level;
 	    if($method == $this->_level
 	    		//otherwise if we have a level mapping for the method and that level is less than or equal to the current level let's let it log
 	    		|| (!empty(self::$_levelMapping[$method])
 	    				&& self::$_levelMapping[$this->_level] >= self::$_levelMapping[$method]) ) {
 	        return true;
 	    }
 	    return false;
 	}

	/**
     * Used for doing design-by-contract assertions in the code; when the condition fails we'll write
     * the message to the debug log
     *
     * @param string  $message
     * @param boolean $condition
     */
    public function assert(
        $message,
        $condition
        )
    {
        if ( !$condition )
            $this->__call('debug', $message);
	}

	/**
	 * Sets the logger to the level indicated
	 *
	 * @param string $name name of logger level to set it to
	 */
 	public function setLevel(
 	    $name
 	    )
 	{
        if ( isset(self::$_levelMapping[$name]) )
            $this->_level = $name;
 	}

 	/**
 	 * Returns a logger instance
 	 */
 	public static function getLogger()
	{
		if(!LoggerManager::$_instance){
			LoggerManager::$_instance = new LoggerManager();
		}
		return LoggerManager::$_instance;
	}

	/**
	 * Sets the logger to use a particular backend logger for the given level. Set level to 'default'
	 * to make it the default logger for the application
	 *
	 * @param string $level name of logger level to set it to
	 * @param string $logger name of logger class to use
	 */
	public static function setLogger(
 	    $level,
 	    $logger
 	    )
 	{
 	    self::$_logMapping[$level] = $logger;
 	}

 	/**

 	 * Finds all the available loggers in the application
 	 */
 	protected function _findAvailableLoggers()
 	{
 	    $locations = array('include/SugarLogger','custom/include/SugarLogger');
 	    foreach ( $locations as $location ) {
            if (sugar_is_dir($location) && $dir = opendir($location)) {
                while (($file = readdir($dir)) !== false) {
                    if ($file == ".."
                            || $file == "."
                            || $file == "LoggerTemplate.php"
                            || $file == "LoggerManager.php"
                            || !is_file("$location/$file")
                            )
                        continue;
                    require_once("$location/$file");
                    $loggerClass = basename($file, ".php");
                    if ( class_exists($loggerClass) && class_implements($loggerClass,'LoggerTemplate') )
                        self::$_loggers[$loggerClass] = new $loggerClass();
                }
            }
        }
 	}

 	public static function getAvailableLoggers()
 	{
 	    return array_keys(self::$_loggers);
 	}

 	public static function getLoggerLevels()
 	{
 	    $loggerLevels = self::$_levelMapping;
 	    foreach ( $loggerLevels as $key => $value )
 	        $loggerLevels[$key] = ucfirst($key);

 	    return $loggerLevels;
 	}
}


1		<?php
2		if(!defined('sugarEntry') \|\| !sugarEntry) die('Not A Valid Entry Point');
3		/*********************************************************************************
4		* SugarCRM Community Edition is a customer relationship management program developed by
5		* SugarCRM, Inc. Copyright (C) 2004-2013 SugarCRM Inc.
6
7		* SuiteCRM is an extension to SugarCRM Community Edition developed by Salesagility Ltd.
8		* Copyright (C) 2011 - 2014 Salesagility Ltd.
9		*
10		* This program is free software; you can redistribute it and/or modify it under
11		* the terms of the GNU Affero General Public License version 3 as published by the
12		* Free Software Foundation with the addition of the following permission added
13		* to Section 15 as permitted in Section 7(a): FOR ANY PART OF THE COVERED WORK
14		* IN WHICH THE COPYRIGHT IS OWNED BY SUGARCRM, SUGARCRM DISCLAIMS THE WARRANTY
15		* OF NON INFRINGEMENT OF THIRD PARTY RIGHTS.
16		*
17		* This program is distributed in the hope that it will be useful, but WITHOUT
18		* ANY WARRANTY; without even the implied warranty of MERCHANTABILITY or FITNESS
19		* FOR A PARTICULAR PURPOSE. See the GNU Affero General Public License for more
20		* details.
21		*
22		* You should have received a copy of the GNU Affero General Public License along with
23		* this program; if not, see http://www.gnu.org/licenses or write to the Free
24		* Software Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA
25		* 02110-1301 USA.
26		*
27		* You can contact SugarCRM, Inc. headquarters at 10050 North Wolfe Road,
28		* SW2-130, Cupertino, CA 95014, USA. or at email address [email protected].
29		*
30		* The interactive user interfaces in modified source and object code versions
31		* of this program must display Appropriate Legal Notices, as required under
32		* Section 5 of the GNU Affero General Public License version 3.
33		*
34		* In accordance with Section 7(b) of the GNU Affero General Public License version 3,
35		* these Appropriate Legal Notices must retain the display of the "Powered by
36		* SugarCRM" logo and "Supercharged by SuiteCRM" logo. If the display of the logos is not
37		* reasonably feasible for technical reasons, the Appropriate Legal Notices must
38		* display the words "Powered by SugarCRM" and "Supercharged by SuiteCRM".
39		********************************************************************************/
40
41		/**
42		* Log management
43		* @api
44		*/
45		class LoggerManager
		0 ignored issues – show Coding Style introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this Since you have declared the constructor as private, maybe you should also declare the class as final. Loading history...
46		{
47		//this the the current log level
48		private $_level = 'fatal';
49
50		//this is a list of different loggers that have been loaded
51		protected static $_loggers = array();
52
53		//this is the instance of the LoggerManager
54		private static $_instance = NULL;
55
56		//these are the mappings for levels to different log types
57		private static $_logMapping = array(
58		'default' => 'SugarLogger',
59		);
60
61		//these are the log level mappings anything with a lower value than your current log level will be logged
62		private static $_levelMapping = array(
63		'debug' => 100,
64		'info' => 70,
65		'warn' => 50,
66		'deprecated' => 40,
67		'error' => 25,
68		'fatal' => 10,
69		'security' => 5,
70		'off' => 0,
71		);
72
73		//only let the getLogger instantiate this object
74		private function __construct()
75		{
76		$level = SugarConfig::getInstance()->get('logger.level', $this->_level);
77		if (!empty($level))
78		$this->setLevel($level);
79
80		if ( empty(self::$_loggers) )
81		$this->_findAvailableLoggers();
82		}
83
84		/**
85		* Overloaded method that handles the logging requests.
86		*
87		* @param string $method
88		* @param string $message - also handles array as parameter, though that is deprecated.
89		*/
90	910	public function __call(
91		$method,
92		$message
93		)
94		{
95	910	if ( !isset(self::$_levelMapping[$method]) )
96		$method = $this->_level;
97		//if the method is a direct match to our level let's let it through this allows for custom levels
98	910	if($method == $this->_level
99		//otherwise if we have a level mapping for the method and that level is less than or equal to the current level let's let it log
100	910	\|\| (!empty(self::$_levelMapping[$method])
101	910	&& self::$_levelMapping[$this->_level] >= self::$_levelMapping[$method]) ) {
102		//now we get the logger type this allows for having a file logger an email logger, a firebug logger or any other logger you wish you can set different levels to log differently
103	16	$logger = (!empty(self::$_logMapping[$method])) ?
104	16	self::$_logMapping[$method] : self::$_logMapping['default'];
105		//if we haven't instantiated that logger let's instantiate
106	16	if (!isset(self::$_loggers[$logger])) {
107		self::$_loggers[$logger] = new $logger();
108		}
109		//tell the logger to log the message
110	16	self::$_loggers[$logger]->log($method, $message);
111		}
112	910	}
113
114		/**
		0 ignored issues – show Coding Style introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is some trailing whitespace on this line which should be avoided as per coding-style. Loading history...
115		* Check if this log level will be producing any logging
116		* @param string $method
117		* @return boolean
118		*/
119		public function wouldLog($method)
120		{
121		if ( !isset(self::$_levelMapping[$method]) )
122		$method = $this->_level;
123		if($method == $this->_level
124		//otherwise if we have a level mapping for the method and that level is less than or equal to the current level let's let it log
125		\|\| (!empty(self::$_levelMapping[$method])
126		&& self::$_levelMapping[$this->_level] >= self::$_levelMapping[$method]) ) {
127		return true;
128		}
129		return false;
130		}
131
132		/**
133		* Used for doing design-by-contract assertions in the code; when the condition fails we'll write
134		* the message to the debug log
135		*
136		* @param string $message
137		* @param boolean $condition
138		*/
139		public function assert(
140		$message,
141		$condition
142		)
143		{
144		if ( !$condition )
145		$this->__call('debug', $message);
146		}
147
148		/**
149		* Sets the logger to the level indicated
150		*
151		* @param string $name name of logger level to set it to
152		*/
153		public function setLevel(
154		$name
155		)
156		{
157		if ( isset(self::$_levelMapping[$name]) )
158		$this->_level = $name;
159		}
160
161		/**
162		* Returns a logger instance
163		*/
164		public static function getLogger()
165		{
166		if(!LoggerManager::$_instance){
167		LoggerManager::$_instance = new LoggerManager();
168		}
169		return LoggerManager::$_instance;
170		}
171
172		/**
173		* Sets the logger to use a particular backend logger for the given level. Set level to 'default'
174		* to make it the default logger for the application
175		*
176		* @param string $level name of logger level to set it to
177		* @param string $logger name of logger class to use
178		*/
179		public static function setLogger(
180		$level,
181		$logger
182		)
183		{
184		self::$_logMapping[$level] = $logger;
185		}
186
187		/**
		0 ignored issues – show Coding Style introduced 2016-03-07 17:58 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is some trailing whitespace on this line which should be avoided as per coding-style. Loading history...
188		* Finds all the available loggers in the application
189		*/
190		protected function _findAvailableLoggers()
191		{
192		$locations = array('include/SugarLogger','custom/include/SugarLogger');
193		foreach ( $locations as $location ) {
194		if (sugar_is_dir($location) && $dir = opendir($location)) {
195		while (($file = readdir($dir)) !== false) {
196		if ($file == ".."
197		\|\| $file == "."
198		\|\| $file == "LoggerTemplate.php"
199		\|\| $file == "LoggerManager.php"
200		\|\| !is_file("$location/$file")
201		)
202		continue;
203		require_once("$location/$file");
204		$loggerClass = basename($file, ".php");
205		if ( class_exists($loggerClass) && class_implements($loggerClass,'LoggerTemplate') )
206		self::$_loggers[$loggerClass] = new $loggerClass();
207		}
208		}
209		}
210		}
211
212		public static function getAvailableLoggers()
213		{
214		return array_keys(self::$_loggers);
215		}
216
217		public static function getLoggerLevels()
218		{
219		$loggerLevels = self::$_levelMapping;
220		foreach ( $loggerLevels as $key => $value )
221		$loggerLevels[$key] = ucfirst($key);
222
223		return $loggerLevels;
224		}
225		}
226

adamjakab / SuiteCRM

Issues (4069)

Security Analysis not enabled

include/SugarLogger/LoggerManager.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like