Issues in Visit.php (master) - Issues in master - allejo/bzion - Measure and Improve Code Quality continuously with Scrutinizer

Issues (273)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

models/Visit.php (1 issue)

Labels

Duplication 1

Severity

Informational 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * This file contains functionality to keep track of visitor sessions of registered users
 *
 * @package    BZiON\Models
 * @license    https://github.com/allejo/bzion/blob/master/LICENSE.md GNU General Public License Version 3
 */
use BZIon\Model\Column\Timestamp;

/**
 * A player's visit on the website
 * @package    BZiON\Models
 */
class Visit extends Model
{
    use Timestamp;

    /**
     * The id of the visiting user
     * @var int
     */
    protected $player;

    /**
     * The ip of the visiting user
     * @var string
     */
    protected $ip;

    /**
     * The host of the visiting user
     * @var string
     */
    protected $host;

    /**
     * The user agent of the visiting user
     * @var string
     */
    protected $user_agent;

    /**
     * The HTTP_REFERER of the visiting user
     * @var string
     */
    protected $referer;

    /**
     * The name of the database table used for queries
     */
    const TABLE = "visits";

    /**
     * {@inheritdoc}
     */
    protected function assignResult($visit)

    {
        $this->player = $visit['player'];
        $this->ip = $visit['ip'];
        $this->host = $visit['host'];
        $this->user_agent = $visit['user_agent'];
        $this->referer = $visit['referer'];
        $this->timestamp = TimeDate::fromMysql($visit['timestamp']);
    }

    /**
     * Enter a new visit into the database
     * @param  int    $visitor    The visitor's id
     * @param  string $ip         The visitor's ip address
     * @param  string $host       The visitor's host
     * @param  string $user_agent The visitor's user agent
     * @param  string $referrer   The HTTP_REFERRER of the visit
     * @param  string $timestamp  The timestamp of the visit
     * @return Visit  An object representing the visit that was just entered
     */
    public static function enterVisit($visitor, $ip, $host, $user_agent, $referrer, $timestamp = "now")
    {
        $timestamp = TimeDate::from($timestamp);

        return self::create(array(
            'player'     => $visitor,
            'ip'         => $ip,
            'host'       => $host,
            'user_agent' => $user_agent,
            'referer'    => $referrer,
            'timestamp'  => $timestamp->toMysql(),
        ));
    }

    /**
     * Get a query builder for players
     * @return QueryBuilder
     */
    public static function getQueryBuilder()
    {
        return new VisitQueryBuilder('Visit', array(
            'columns' => array(
                'ip' => 'ip',
                'timestamp' => 'timestamp'
            ),
            'name' => 'name',
        ));
    }

    /**
     * Get the visiting player
     * @return Player
     */
    public function getPlayer()
    {
        return Player::get($this->player);
    }

    /**
     * Get the IP address of the player
     * @return string
     */
    public function getIpAddress()
    {
        return $this->ip;
    }

    /**
     * Get the visiting host
     * @return string
     */
    public function getHost()
    {
        return $this->host;
    }

    /**
     * Get the visitor's user agent
     * @return string
     */
    public function getUserAgent()
    {
        return $this->user_agent;
    }

    /**
     * Get the visitor's referer or referrer
     * @return string
     */
    public function getReferrer()
    {
        return $this->referer;
    }
}


1		<?php
2		/**
3		* This file contains functionality to keep track of visitor sessions of registered users
4		*
5		* @package BZiON\Models
6		* @license https://github.com/allejo/bzion/blob/master/LICENSE.md GNU General Public License Version 3
7		*/
8		use BZIon\Model\Column\Timestamp;
9
10		/**
11		* A player's visit on the website
12		* @package BZiON\Models
13		*/
14		class Visit extends Model
15		{
16		use Timestamp;
17
18		/**
19		* The id of the visiting user
20		* @var int
21		*/
22		protected $player;
23
24		/**
25		* The ip of the visiting user
26		* @var string
27		*/
28		protected $ip;
29
30		/**
31		* The host of the visiting user
32		* @var string
33		*/
34		protected $host;
35
36		/**
37		* The user agent of the visiting user
38		* @var string
39		*/
40		protected $user_agent;
41
42		/**
43		* The HTTP_REFERER of the visiting user
44		* @var string
45		*/
46		protected $referer;
47
48		/**
49		* The name of the database table used for queries
50		*/
51		const TABLE = "visits";
52
53		/**
54		* {@inheritdoc}
55		*/
56	View Code Duplication	protected function assignResult($visit)
		0 ignored issues – show Duplication introduced 2017-08-01 20:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
57		{
58		$this->player = $visit['player'];
59		$this->ip = $visit['ip'];
60		$this->host = $visit['host'];
61		$this->user_agent = $visit['user_agent'];
62		$this->referer = $visit['referer'];
63		$this->timestamp = TimeDate::fromMysql($visit['timestamp']);
64		}
65
66		/**
67		* Enter a new visit into the database
68		* @param int $visitor The visitor's id
69		* @param string $ip The visitor's ip address
70		* @param string $host The visitor's host
71		* @param string $user_agent The visitor's user agent
72		* @param string $referrer The HTTP_REFERRER of the visit
73		* @param string $timestamp The timestamp of the visit
74		* @return Visit An object representing the visit that was just entered
75		*/
76		public static function enterVisit($visitor, $ip, $host, $user_agent, $referrer, $timestamp = "now")
77		{
78		$timestamp = TimeDate::from($timestamp);
79
80		return self::create(array(
81		'player' => $visitor,
82		'ip' => $ip,
83		'host' => $host,
84		'user_agent' => $user_agent,
85		'referer' => $referrer,
86		'timestamp' => $timestamp->toMysql(),
87		));
88		}
89
90		/**
91		* Get a query builder for players
92		* @return QueryBuilder
93		*/
94		public static function getQueryBuilder()
95		{
96		return new VisitQueryBuilder('Visit', array(
97		'columns' => array(
98		'ip' => 'ip',
99		'timestamp' => 'timestamp'
100		),
101		'name' => 'name',
102		));
103		}
104
105		/**
106		* Get the visiting player
107		* @return Player
108		*/
109		public function getPlayer()
110		{
111		return Player::get($this->player);
112		}
113
114		/**
115		* Get the IP address of the player
116		* @return string
117		*/
118		public function getIpAddress()
119		{
120		return $this->ip;
121		}
122
123		/**
124		* Get the visiting host
125		* @return string
126		*/
127		public function getHost()
128		{
129		return $this->host;
130		}
131
132		/**
133		* Get the visitor's user agent
134		* @return string
135		*/
136		public function getUserAgent()
137		{
138		return $this->user_agent;
139		}
140
141		/**
142		* Get the visitor's referer or referrer
143		* @return string
144		*/
145		public function getReferrer()
146		{
147		return $this->referer;
148		}
149		}
150

allejo / bzion

Issues (273)

Security Analysis not enabled

models/Visit.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like