Issues in KernelBpm.php (master) - Issues in master - agoalofalife/bpm-online - Measure and Improve Code Quality continuously with Scrutinizer

Issues (40)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/KernelBpm.php (1 issue)

Labels

Bug 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace agoalofalife\bpm;

use agoalofalife\bpm\Actions\Create;
use agoalofalife\bpm\Actions\Delete;
use agoalofalife\bpm\Actions\Read;
use agoalofalife\bpm\Actions\Update;
use agoalofalife\bpm\Contracts\Action;
use agoalofalife\bpm\Contracts\Authentication;
use agoalofalife\bpm\Contracts\Handler;
use agoalofalife\bpm\Contracts\SourceConfiguration;
use agoalofalife\bpm\Handlers\JsonHandler;
use agoalofalife\bpm\Handlers\XmlHandler;
use agoalofalife\bpm\ServiceProviders\ActionsServiceProviders;
use agoalofalife\bpm\ServiceProviders\AuthenticationServiceProvider;
use agoalofalife\bpm\ServiceProviders\ClientServiceProvider;
use agoalofalife\bpm\ServiceProviders\ConfigurationServiceProvider;
use agoalofalife\bpm\ServiceProviders\LoggerServiceProvider;
use Assert\Assertion;
use Assert\AssertionFailedException;
use GuzzleHttp\ClientInterface;

/**
 * Class KernelBpm
 * @const    string   PATH_LOG
 * @property array    $action list action
 * @property array    $handlers list handler xml | json
 * @property string   $collection Name collection in Bpm
 * @property Action   $currentAction current action which use in client code
 * @property Handler  $currentHandler current handler which use in client code
 * @property string   $url
 * @property string   $prefixConfiguration prefix for set and search in Repository class
 * @property array    $serviceProviders list ServiceProvider for bootstrap
 *
 * @package agoalofalife\bpm
 */
class KernelBpm
{
    const PATH_LOG = __DIR__ . '/resource/logs/';

    protected $action = [
        'create' =>  Create::class,
        'read'   =>  Read::class,
        'update' =>  Update::class,
        'delete' =>  Delete::class,
    ];

    protected $handlers = [
      'xml'  => XmlHandler::class,
      'json' => JsonHandler::class,
    ];

    protected $collection;
    protected $currentAction;
    protected $currentHandler;
    protected $url;

    /**
     * prefix name configuration
     */
    protected $prefixConfiguration;

    /**
     * list providers for pre bootstrapping packages
     */
    protected $serviceProviders = [
        ConfigurationServiceProvider::class,
        ActionsServiceProviders::class,
        AuthenticationServiceProvider::class,
        ClientServiceProvider::class,
        LoggerServiceProvider::class
    ];

    public function __construct()
    {
        $this->bootstrapping();
    }

    /**
     * Auth in Bpm online
     * @return  void
     */
    public function authentication()
    {
        $auth = app()->make(Authentication::class);
        $auth->setConfig(config($this->prefixConfiguration));
        $auth->auth();
    }

    /**
     * Get list actions
     * @return array
     */
    public function getListActions()
    {
        return $this->action;
    }

    /**
     * @return string
     */
    public function getPrefixConfig()
    {
        return $this->prefixConfiguration;
    }

    /**
     * @param SourceConfiguration $configuration
     */
    public function loadConfiguration(SourceConfiguration $configuration)
    {
        config()->set(  $this->prefixConfiguration = $configuration->getName(), $configuration->get());
    }

    /**
     * @param       $key
     * @param array $array
     * @return void
     */
    public function setConfigManually($key, array $array)
    {
        $this->prefixConfiguration = $key;
        config()->set($key, $array);
    }

    /**
     * @return Handler
     */
    public function getHandler()
    {
        return $this->currentHandler;
    }

    /**
     * Set the response handler
     * @param string $typeHandler default xml
     * @return Action
     */
    public function setHandler($typeHandler = 'xml')
    {
        Assertion::keyIsset($this->handlers, $typeHandler);
        $this->currentHandler = app($this->handlers[$typeHandler]);
        return  $this->currentHandler;
    }

    /**
     * @return Action
     */
    public function getAction()
    {
        return $this->currentAction;
    }

    /**
     * @param $typeAction string
     * @return Action
     */
    public function setAction($typeAction)
    {
        Assertion::keyIsset($this->action, $typeAction);

        $this->currentAction  =  app()->make( $this->action[$typeAction] );

        return $this->currentAction;
    }

    /**
     * Example action parameter 'read:json'
     * @param string $action
     * @param callable $callback
     * @return $this
     */
    public function action($action, callable $callback)
    {

         extract($this->splitAction($action));


         $action  = $this->setAction($action);
         $this->setHandler($handler);

        $action->injectionKernel($this);
        call_user_func($callback, $action);
        $this->currentAction = $action;

        return $this;
    }

    /**
     * @return array url -> string , http_type -> string
     *
     */
    public function get()
    {
        // here query in BPM
        return $this->currentAction->processData();
    }

    /**
     * Set collection for correct query
     * @param string $collection
     * @return mixed
     * @throws \Exception
     */
    public function setCollection($collection)
    {
        try {
            Assertion::regex($collection, '/[A-z]+Collection$/');
        } catch(AssertionFailedException $e) {
           throw new \Exception("Expected word 'Collection' in parameter method setCollection received : " .  $e->getValue());
        }

        return $this->collection = $collection;
    }

    /**
     * @return string
     */
    public function getCollection()
    {
        return $this->collection;
    }

    /**
     * @return ClientInterface
     */
    public function getCurl()
    {
        return app()->make(ClientInterface::class);
    }
    /**
     * @param $action
     * @return array
     */
    private function splitAction($action)
    {
        $split = explode(':', $action);

        // verification values
        Assertion::between(count($split), 2, 2);
        Assertion::keyExists( $this->action, $split[0]);
        Assertion::keyExists( $this->handlers, $split[1]);

        return ['action' => $split[0], 'handler' => $split[1]];
    }

    private function bootstrapping()
    {
        foreach ($this->serviceProviders as $provider)
        {
            (new $provider)->register();
        }
    }
}

1		<?php
2		namespace agoalofalife\bpm;
3
4		use agoalofalife\bpm\Actions\Create;
5		use agoalofalife\bpm\Actions\Delete;
6		use agoalofalife\bpm\Actions\Read;
7		use agoalofalife\bpm\Actions\Update;
8		use agoalofalife\bpm\Contracts\Action;
9		use agoalofalife\bpm\Contracts\Authentication;
10		use agoalofalife\bpm\Contracts\Handler;
11		use agoalofalife\bpm\Contracts\SourceConfiguration;
12		use agoalofalife\bpm\Handlers\JsonHandler;
13		use agoalofalife\bpm\Handlers\XmlHandler;
14		use agoalofalife\bpm\ServiceProviders\ActionsServiceProviders;
15		use agoalofalife\bpm\ServiceProviders\AuthenticationServiceProvider;
16		use agoalofalife\bpm\ServiceProviders\ClientServiceProvider;
17		use agoalofalife\bpm\ServiceProviders\ConfigurationServiceProvider;
18		use agoalofalife\bpm\ServiceProviders\LoggerServiceProvider;
19		use Assert\Assertion;
20		use Assert\AssertionFailedException;
21		use GuzzleHttp\ClientInterface;
22
23		/**
24		* Class KernelBpm
25		* @const string PATH_LOG
26		* @property array $action list action
27		* @property array $handlers list handler xml \| json
28		* @property string $collection Name collection in Bpm
29		* @property Action $currentAction current action which use in client code
30		* @property Handler $currentHandler current handler which use in client code
31		* @property string $url
32		* @property string $prefixConfiguration prefix for set and search in Repository class
33		* @property array $serviceProviders list ServiceProvider for bootstrap
34		*
35		* @package agoalofalife\bpm
36		*/
37		class KernelBpm
38		{
39		const PATH_LOG = __DIR__ . '/resource/logs/';
40
41		protected $action = [
42		'create' => Create::class,
43		'read' => Read::class,
44		'update' => Update::class,
45		'delete' => Delete::class,
46		];
47
48		protected $handlers = [
49		'xml' => XmlHandler::class,
50		'json' => JsonHandler::class,
51		];
52
53		protected $collection;
54		protected $currentAction;
55		protected $currentHandler;
56		protected $url;
57
58		/**
59		* prefix name configuration
60		*/
61		protected $prefixConfiguration;
62
63		/**
64		* list providers for pre bootstrapping packages
65		*/
66		protected $serviceProviders = [
67		ConfigurationServiceProvider::class,
68		ActionsServiceProviders::class,
69		AuthenticationServiceProvider::class,
70		ClientServiceProvider::class,
71		LoggerServiceProvider::class
72		];
73
74	22	public function __construct()
75		{
76	22	$this->bootstrapping();
77	22	}
78
79		/**
80		* Auth in Bpm online
81		* @return void
82		*/
83	1	public function authentication()
84		{
85	1	$auth = app()->make(Authentication::class);
86	1	$auth->setConfig(config($this->prefixConfiguration));
87	1	$auth->auth();
88	1	}
89
90		/**
91		* Get list actions
92		* @return array
93		*/
94	2	public function getListActions()
95		{
96	2	return $this->action;
97		}
98
99		/**
100		* @return string
101		*/
102	1	public function getPrefixConfig()
103		{
104	1	return $this->prefixConfiguration;
105		}
106
107		/**
108		* @param SourceConfiguration $configuration
109		*/
110	1	public function loadConfiguration(SourceConfiguration $configuration)
111		{
112	1	config()->set( $this->prefixConfiguration = $configuration->getName(), $configuration->get());
113	1	}
114
115		/**
116		* @param $key
117		* @param array $array
118		* @return void
119		*/
120	3	public function setConfigManually($key, array $array)
121		{
122	3	$this->prefixConfiguration = $key;
123	3	config()->set($key, $array);
124	3	}
125
126		/**
127		* @return Handler
128		*/
129	2	public function getHandler()
130		{
131	2	return $this->currentHandler;
132		}
133
134		/**
135		* Set the response handler
136		* @param string $typeHandler default xml
137		* @return Action
138		*/
139	5	public function setHandler($typeHandler = 'xml')
140		{
141	5	Assertion::keyIsset($this->handlers, $typeHandler);
142	4	$this->currentHandler = app($this->handlers[$typeHandler]);
143	4	return $this->currentHandler;
144		}
145
146		/**
147		* @return Action
148		*/
149	1	public function getAction()
150		{
151	1	return $this->currentAction;
152		}
153
154		/**
155		* @param $typeAction string
156		* @return Action
157		*/
158	5	public function setAction($typeAction)
159		{
160	5	Assertion::keyIsset($this->action, $typeAction);
161
162	4	$this->currentAction = app()->make( $this->action[$typeAction] );
163
164	4	return $this->currentAction;
165		}
166
167		/**
168		* Example action parameter 'read:json'
169		* @param string $action
170		* @param callable $callback
171		* @return $this
172		*/
173	1	public function action($action, callable $callback)
174		{
175
176	1	extract($this->splitAction($action));
		0 ignored issues – show Bug introduced 2017-04-24 15:01 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$this->splitAction($action)` cannot be passed to `extract()` as the parameter `$var_array` expects a reference. Loading history...
177
178	1	$action = $this->setAction($action);
179	1	$this->setHandler($handler);
180
181	1	$action->injectionKernel($this);
182	1	call_user_func($callback, $action);
183	1	$this->currentAction = $action;
184
185	1	return $this;
186		}
187
188		/**
189		* @return array url -> string , http_type -> string
190		*
191		*/
192	1	public function get()
193		{
194		// here query in BPM
195	1	return $this->currentAction->processData();
196		}
197
198		/**
199		* Set collection for correct query
200		* @param string $collection
201		* @return mixed
202		* @throws \Exception
203		*/
204	4	public function setCollection($collection)
205		{
206		try {
207	4	Assertion::regex($collection, '/[A-z]+Collection$/');
208	4	} catch(AssertionFailedException $e) {
209	1	throw new \Exception("Expected word 'Collection' in parameter method setCollection received : " . $e->getValue());
210		}
211
212	3	return $this->collection = $collection;
213		}
214
215		/**
216		* @return string
217		*/
218	1	public function getCollection()
219		{
220	1	return $this->collection;
221		}
222
223		/**
224		* @return ClientInterface
225		*/
226	1	public function getCurl()
227		{
228	1	return app()->make(ClientInterface::class);
229		}
230		/**
231		* @param $action
232		* @return array
233		*/
234	1	private function splitAction($action)
235		{
236	1	$split = explode(':', $action);
237
238		// verification values
239	1	Assertion::between(count($split), 2, 2);
240	1	Assertion::keyExists( $this->action, $split[0]);
241	1	Assertion::keyExists( $this->handlers, $split[1]);
242
243	1	return ['action' => $split[0], 'handler' => $split[1]];
244		}
245
246	22	private function bootstrapping()
247		{
248	22	foreach ($this->serviceProviders as $provider)
249		{
250	22	(new $provider)->register();
251	22	}
252		}
253		}

agoalofalife / bpm-online

Issues (40)

Security Analysis no request data

src/KernelBpm.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like