Issues in Repository.php (5.1) - Issues in 5.1 - analogueorm/analogue - Measure and Improve Code Quality continuously with Scrutinizer

Issues (114)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Repository.php (5 issues)

Labels

Severity

Minor 5

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Analogue\ORM;

use Analogue\ORM\Exceptions\MappingException;
use Exception;
use InvalidArgumentException;
use Analogue\ORM\System\Mapper;
use Analogue\ORM\System\Manager;

/**
 * Class Repository
 *
 * @mixin Mapper
 */
class Repository
{
    /**
     * The mapper object for the corresponding entity
     *
     * @var \Analogue\ORM\System\Mapper
     */
    protected $mapper;

    /**
     * To build a repository, either provide :
     *
     * - Mappable object's class name as a string
     * - Mappable object instance
     * - Instance of mapper
     *
     * @param  Mapper         $mapper
     * @param  EntityMap|null $entityMap (optional)
     * @throws \InvalidArgumentException
     * @throws MappingException
     */
    public function __construct($mapper, EntityMap $entityMap = null)
    {
        if ($mapper instanceof Mappable || is_string($mapper)) {
            $this->mapper = Manager::getMapper($mapper, $entityMap);
        } elseif ($mapper instanceof Mapper) {
            $this->mapper = $mapper;
        } else {
            new InvalidArgumentException('Repository class constructor need a valid Mapper or Mappable object.');
        }
    }

    /**
     * Return all Entities from database
     *
     * @return \Analogue\ORM\EntityCollection
     */
    public function all()
    {
        return $this->mapper->get();
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }
    
    /**
     * Fetch a record from the database
     * @param  integer $id
     * @return \Analogue\ORM\Mappable
     */
    public function find($id)
    {
        return $this->mapper->find($id);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }

    /**
     * Get the first entity matching the given attributes.
     *
     * @param  array  $attributes
     * @return \Analogue\ORM\Mappable|null
     */
    public function firstMatching(array $attributes)
    {
        return $this->mapper->where($attributes)->first();
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }

    /**
     * Return all the entities matching the given attributes
     *
     * @param array $attributes
     * @return \Analogue\ORM\EntityCollection
     */
    public function allMatching(array $attributes)
    {
        return $this->mapper->where($attributes)->get();
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }

    /**
     * Return a paginator instance on the EntityCollection
     *
     * @param int|null $perPage number of item per page (fallback on default setup in entity map)
     * @return \Illuminate\Pagination\LengthAwarePaginator
     */
    public function paginate($perPage = null)
    {
        return $this->mapper->paginate($perPage);
class ParentClass {
    private $data = array();

    public function __call($method, array $args) {
        if (0 === strpos($method, 'get')) {
            return $this->data[strtolower(substr($method, 3))];
        }

        throw new \LogicException(sprintf('Unsupported method: %s', $method));
    }
}

/**
 * If this class knows which fields exist, you can specify the methods here:
 *
 * @method string getName()
 */
class SomeClass extends ParentClass { }
    }

    /**
     * Delete an entity or an entity collection from the database
     *
     * @param  Mappable|EntityCollection $entity
     * @throws MappingException
     * @throws \InvalidArgumentException
     * @return \Illuminate\Support\Collection|null
     */
    public function delete($entity)
    {
        return $this->mapper->delete($entity);
    }

    /**
     * Persist an entity or an entity collection in the database.
     *
     * @param  Mappable|EntityCollection|array $entity
     * @throws MappingException
     * @throws \InvalidArgumentException
     * @return Mappable|EntityCollection|array
     */
    public function store($entity)
    {
        return $this->mapper->store($entity);
    }

    /**
     * Make custom mapper custom commands available in repository
     *
     * @param  string $method
     * @param  array  $parameters
     * @throws Exception
     * @return mixed
     */
    public function __call($method, $parameters)
    {
        if ($this->mapper->hasCustomCommand($method)) {
            call_user_func_array([$this->mapper, $method], $parameters);
        } else {
            throw new Exception("No method $method on " . get_class($this));
        }
    }
}


1			<?php
2
3			namespace Analogue\ORM;
4
5			use Analogue\ORM\Exceptions\MappingException;
6			use Exception;
7			use InvalidArgumentException;
8			use Analogue\ORM\System\Mapper;
9			use Analogue\ORM\System\Manager;
10
11			/**
12			* Class Repository
13			*
14			* @mixin Mapper
15			*/
16			class Repository
17			{
18			/**
19			* The mapper object for the corresponding entity
20			*
21			* @var \Analogue\ORM\System\Mapper
22			*/
23			protected $mapper;
24
25			/**
26			* To build a repository, either provide :
27			*
28			* - Mappable object's class name as a string
29			* - Mappable object instance
30			* - Instance of mapper
31			*
32			* @param Mapper $mapper
33			* @param EntityMap\|null $entityMap (optional)
34			* @throws \InvalidArgumentException
35			* @throws MappingException
36			*/
37			public function __construct($mapper, EntityMap $entityMap = null)
38			{
39			if ($mapper instanceof Mappable \|\| is_string($mapper)) {
40			$this->mapper = Manager::getMapper($mapper, $entityMap);
41			} elseif ($mapper instanceof Mapper) {
42			$this->mapper = $mapper;
43			} else {
44			new InvalidArgumentException('Repository class constructor need a valid Mapper or Mappable object.');
45			}
46			}
47
48			/**
49			* Return all Entities from database
50			*
51			* @return \Analogue\ORM\EntityCollection
52			*/
53			public function all()
54			{
55			return $this->mapper->get();
			0 ignored issues – show Documentation Bug introduced 2015-12-17 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `get` does not exist on `object<Analogue\ORM\System\Mapper>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
56			}
57
58			/**
59			* Fetch a record from the database
60			* @param integer $id
61			* @return \Analogue\ORM\Mappable
62			*/
63			public function find($id)
64			{
65			return $this->mapper->find($id);
			0 ignored issues – show Documentation Bug introduced 2015-12-17 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `find` does not exist on `object<Analogue\ORM\System\Mapper>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
66			}
67
68			/**
69			* Get the first entity matching the given attributes.
70			*
71			* @param array $attributes
72			* @return \Analogue\ORM\Mappable\|null
73			*/
74			public function firstMatching(array $attributes)
75			{
76			return $this->mapper->where($attributes)->first();
			0 ignored issues – show Documentation Bug introduced 2015-12-17 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `where` does not exist on `object<Analogue\ORM\System\Mapper>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
77			}
78
79			/**
80			* Return all the entities matching the given attributes
81			*
82			* @param array $attributes
83			* @return \Analogue\ORM\EntityCollection
84			*/
85			public function allMatching(array $attributes)
86			{
87			return $this->mapper->where($attributes)->get();
			0 ignored issues – show Documentation Bug introduced 2015-12-17 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `where` does not exist on `object<Analogue\ORM\System\Mapper>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
88			}
89
90			/**
91			* Return a paginator instance on the EntityCollection
92			*
93			* @param int\|null $perPage number of item per page (fallback on default setup in entity map)
94			* @return \Illuminate\Pagination\LengthAwarePaginator
95			*/
96			public function paginate($perPage = null)
97			{
98			return $this->mapper->paginate($perPage);
			0 ignored issues – show Documentation Bug introduced 2015-12-17 17:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `paginate` does not exist on `object<Analogue\ORM\System\Mapper>`? Since you implemented `__call`, maybe consider adding a @method annotation. If you implement `__call` and you know which methods are available, you can improve IDE auto-completion and static analysis by adding a @method annotation to the class. This is often the case, when `__call` is implemented by a parent class and only the child class knows which methods exist: class ParentClass { private $data = array(); public function __call($method, array $args) { if (0 === strpos($method, 'get')) { return $this->data[strtolower(substr($method, 3))]; } throw new \LogicException(sprintf('Unsupported method: %s', $method)); } } /** * If this class knows which fields exist, you can specify the methods here: * * @method string getName() */ class SomeClass extends ParentClass { } Loading history...
99			}
100
101			/**
102			* Delete an entity or an entity collection from the database
103			*
104			* @param Mappable\|EntityCollection $entity
105			* @throws MappingException
106			* @throws \InvalidArgumentException
107			* @return \Illuminate\Support\Collection\|null
108			*/
109			public function delete($entity)
110			{
111			return $this->mapper->delete($entity);
112			}
113
114			/**
115			* Persist an entity or an entity collection in the database.
116			*
117			* @param Mappable\|EntityCollection\|array $entity
118			* @throws MappingException
119			* @throws \InvalidArgumentException
120			* @return Mappable\|EntityCollection\|array
121			*/
122			public function store($entity)
123			{
124			return $this->mapper->store($entity);
125			}
126
127			/**
128			* Make custom mapper custom commands available in repository
129			*
130			* @param string $method
131			* @param array $parameters
132			* @throws Exception
133			* @return mixed
134			*/
135			public function __call($method, $parameters)
136			{
137			if ($this->mapper->hasCustomCommand($method)) {
138			call_user_func_array([$this->mapper, $method], $parameters);
139			} else {
140			throw new Exception("No method $method on " . get_class($this));
141			}
142			}
143			}
144

analogueorm / analogue

Issues (114)

Security Analysis no request data

src/Repository.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like