Issues in DataBaseModel.php (master) - Issues in master - andela-araimi/potato-orm - Measure and Improve Code Quality continuously with Scrutinizer

Issues (11)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Model/DataBaseModel.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * Class DataBaseModel:
 * This is an abstract class which stands as a model
 * to another class e.g User class which can inherit from
 * all its methods. This class stands as a middle man
 * between the User class and the DataBaseQuery class.
 *
 * @author: Raimi Ademola <[email protected]>
 * @copyright: 2016 Andela
 */
namespace Demo;

use Doctrine\Common\Inflector\Inflector;
use Demo\DataBaseConnection;

abstract class DataBaseModel implements DataBaseModelInterface
{
    protected $tableName;
    protected $dataBaseQuery;
    protected $arrayField;

    /**
     * This is a constructor; a default method  that will be called automatically during class instantiation.
     */
    public function __construct()
    {
        $this->tableName = self::getClassName();
        $this->dataBaseQuery = new DataBaseQuery();
        $this->arrayField['id'] = 0;
    }

    /**
     * The magic setter method.
     *
     * @param $properties
     * @param $values
     *
     * @return array associative array properties
     */
    public function __set($properties, $values)
    {
        $this->arrayField[$properties] = $values;
    }

    /**
     * The magic getter method.
     *
     * @param $properties
     *
     * @return array key
     */
    public function __get($properties)
    {
        return $this->arrayField[$properties];
    }

    /**
     * This method gets all the record from a particular table
     * by accessing the read method from the DataBaseQuery class.
     *
     *
     * @return associative array
     */
    public static function getAll($dbConn = null)
    {
        if (is_null($dbConn)) {
            $dbConn = new DatabaseConnection();
        }

        $sqlData = DataBaseQuery::read($id = false, self::getClassName(), $dbConn);

        if (count($sqlData) > 0) {
            return $sqlData;
        }

        self::throwNoDataFoundException();
    }
    
    /**
     * This method either create or update record in a database table
     * by calling either the read method or create method in the
     * DataBaseQuery class.
     *
     * @throws NoRecordUpdateException
     * @throws EmptyArrayException
     * @throws NoRecordCreatedException
     *
     * @return bool true or false;
     */
    public function save($dbConn = null)
    {
        if (is_null($dbConn)) {
            $dbConn = new DatabaseConnection();
        }

        if ($this->arrayField['id']) {
            $sqlData = DataBaseQuery::read($this->arrayField['id'], self::getClassName(), $dbConn);

            if ($this->checkIfRecordIsEmpty($sqlData)) {
                $boolCommit = $this->dataBaseQuery->update(['id' => $this->arrayField['id']], $this->arrayField, self::getClassName());
    
                if ($boolCommit) {
                    return true;
                }

                $this->throwNoRecordUpdatedException();
            }

            $this->throwEmptyArrayException();
        } else {

            $boolCommit = $this->dataBaseQuery->create($this->arrayField, self::getClassName());

            if ($boolCommit) {
                return true;
            }

            $this->throwNoRecordCreatedException();
        }
    }

    /**
     * This method find a record by id.
     *
     * @param $id
     *
     * @throws ArgumentNumberIncorrectException
     * @throws ArgumentNotFoundException
     *
     * @return object
     */
    public static function findById($id)
    {
        $numArgs = func_num_args();

        if ($numArgs > 1) {
            throw new ArgumentNumberIncorrectException('Please input just one Argument');
        }

        if ($id == '') {
            throw new ArgumentNotFoundException('No Argument found, please input an argument');
        }

        $staticFindInstance = new static();

        $staticFindInstance->id = $id;
<?php

/**
 * @property int $x
 * @property int $y
 * @property string $text
 */
class MyLabel
{
    private $properties;

    private $allowedProperties = array('x', 'y', 'text');

    public function __get($name)
    {
        if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) {
            return $properties[$name];
        } else {
            return null;
        }
    }

    public function __set($name, $value)
    {
        if (in_array($name, $this->allowedProperties)) {
            $properties[$name] = $value;
        } else {
            throw new \LogicException("Property $name is not defined.");
        }
    }

}

        return $staticFindInstance;
    }

    /**
     * This method find a record by id and returns
     * all the data present in the id.
     *
     *
     * @return associative array
     */
    public function getById()
    {
        if ($this->arrayField['id']) {
            $sqlData = DataBaseQuery::read($this->arrayField['id'], self::getClassName());
            
            return $sqlData;
        }
    }

    /**
     * This method delete a row from the table by the row id.
     *
     * @param $id
     *
     * @throws ArgumentNumberIncorrectException;
     * @throws ArgumentNotFoundException;
     *
     * @return bool true
     */
    public static function destroy($id, $dbConn = null)
    {
        if (is_null($dbConn)) {
            $dbConn = new DatabaseConnection();
        }

        $numArgs = func_num_args();

        if ($numArgs > 2) {
            throw new ArgumentNumberIncorrectException('Please input just one Argument');
        }

        if ($numArgs == ' ') {
            throw new ArgumentNotFoundException('No Argument found, please input an argument');
        }

        DataBaseQuery::delete($id, self::getClassName(), $dbConn);

        return true;
    }

    public static function getClassName()
    {
        $tableName = explode('\\', get_called_class());
        
        return Inflector::pluralize(strtolower(end($tableName)));
    }

    /**
     * This method check if the argument passed to this function is an array.
     *
     * @param $arrayOfRecord
     *
     * @return bool true
     */
    public function checkIfRecordIsEmpty($arrayOfRecord)
    {
        if (count($arrayOfRecord) > 0) {
            return true;
        }

        return false;
    }

    /**
     * This method throws exception if record is not updated succesfully.
     *
     * @throws $NoRecordUpdatedException
     */
    public function throwNoRecordUpdatedException()
    {
        $message = "oops, your record did not update succesfully";
        throw new NoRecordUpdatedException($message);
    }

    /**
     * This method throws exception if data did not match any record.
     *
     * @throws $EmptyArrayException
     */
    public function throwEmptyArrayException()
    {
        $message = "data passed didn't match any record";
        throw new EmptyArrayException($message);
    }

    /**
     * This method throws exception if record did not create successfully.
     *
     * @throws $NoRecordCreatedException
     */
    public function throwNoRecordCreatedException()
    {
        $message = "oops,your record did not create succesfully";
        throw new NoRecordCreatedException($message);
    }

    /**
     * This method throws exception if no data is found.
     *
     * @throws $NoDataFoundException
     */
    public static function throwNoDataFoundException()
    {
        $message = "oops, no data found in the table";
        throw new NoDataFoundException($message);
    }
}


1		<?php
2
3		/**
4		* Class DataBaseModel:
5		* This is an abstract class which stands as a model
6		* to another class e.g User class which can inherit from
7		* all its methods. This class stands as a middle man
8		* between the User class and the DataBaseQuery class.
9		*
10		* @author: Raimi Ademola <[email protected]>
11		* @copyright: 2016 Andela
12		*/
13		namespace Demo;
14
15		use Doctrine\Common\Inflector\Inflector;
16		use Demo\DataBaseConnection;
17
18		abstract class DataBaseModel implements DataBaseModelInterface
19		{
20		protected $tableName;
21		protected $dataBaseQuery;
22		protected $arrayField;
23
24		/**
25		* This is a constructor; a default method that will be called automatically during class instantiation.
26		*/
27	51	public function __construct()
28		{
29	51	$this->tableName = self::getClassName();
30	51	$this->dataBaseQuery = new DataBaseQuery();
31	51	$this->arrayField['id'] = 0;
32	51	}
33
34		/**
35		* The magic setter method.
36		*
37		* @param $properties
38		* @param $values
39		*
40		* @return array associative array properties
41		*/
42		public function __set($properties, $values)
43		{
44		$this->arrayField[$properties] = $values;
45		}
46
47		/**
48		* The magic getter method.
49		*
50		* @param $properties
51		*
52		* @return array key
53		*/
54		public function __get($properties)
55		{
56		return $this->arrayField[$properties];
57		}
58
59		/**
60		* This method gets all the record from a particular table
61		* by accessing the read method from the DataBaseQuery class.
62		*
63		*
64		* @return associative array
65		*/
66	6	public static function getAll($dbConn = null)
67		{
68	6	if (is_null($dbConn)) {
69		$dbConn = new DatabaseConnection();
70		}
71
72	6	$sqlData = DataBaseQuery::read($id = false, self::getClassName(), $dbConn);
73
74	3	if (count($sqlData) > 0) {
75	3	return $sqlData;
76		}
77
78		self::throwNoDataFoundException();
79		}
80
81		/**
82		* This method either create or update record in a database table
83		* by calling either the read method or create method in the
84		* DataBaseQuery class.
85		*
86		* @throws NoRecordUpdateException
87		* @throws EmptyArrayException
88		* @throws NoRecordCreatedException
89		*
90		* @return bool true or false;
91		*/
92		public function save($dbConn = null)
93		{
94		if (is_null($dbConn)) {
95		$dbConn = new DatabaseConnection();
96		}
97
98		if ($this->arrayField['id']) {
99		$sqlData = DataBaseQuery::read($this->arrayField['id'], self::getClassName(), $dbConn);
100
101		if ($this->checkIfRecordIsEmpty($sqlData)) {
102		$boolCommit = $this->dataBaseQuery->update(['id' => $this->arrayField['id']], $this->arrayField, self::getClassName());
103
104		if ($boolCommit) {
105		return true;
106		}
107
108		$this->throwNoRecordUpdatedException();
109		}
110
111		$this->throwEmptyArrayException();
112		} else {
113
114		$boolCommit = $this->dataBaseQuery->create($this->arrayField, self::getClassName());
115
116		if ($boolCommit) {
117		return true;
118		}
119
120		$this->throwNoRecordCreatedException();
121		}
122		}
123
124		/**
125		* This method find a record by id.
126		*
127		* @param $id
128		*
129		* @throws ArgumentNumberIncorrectException
130		* @throws ArgumentNotFoundException
131		*
132		* @return object
133		*/
134	6	public static function findById($id)
135		{
136	6	$numArgs = func_num_args();
137
138	6	if ($numArgs > 1) {
139	3	throw new ArgumentNumberIncorrectException('Please input just one Argument');
140		}
141
142	3	if ($id == '') {
143	3	throw new ArgumentNotFoundException('No Argument found, please input an argument');
144		}
145
146		$staticFindInstance = new static();
147
148		$staticFindInstance->id = $id;
		0 ignored issues – show Documentation introduced 2016-03-14 20:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `id` does not exist on `object<Demo\DataBaseModel>`. Since you implemented `__set`, maybe consider adding a @property annotation. Since your code implements the magic setter `_set`, this function will be called for any write access on an undefined variable. You can add the `@property` annotation to your class or interface to document the existence of this variable. <?php /** * @property int $x * @property int $y * @property string $text */ class MyLabel { private $properties; private $allowedProperties = array('x', 'y', 'text'); public function __get($name) { if (isset($properties[$name]) && in_array($name, $this->allowedProperties)) { return $properties[$name]; } else { return null; } } public function __set($name, $value) { if (in_array($name, $this->allowedProperties)) { $properties[$name] = $value; } else { throw new \LogicException("Property $name is not defined."); } } } Since the property has write access only, you can use the @property-write annotation instead. Of course, you may also just have mistyped another name, in which case you should fix the error. See also the PhpDoc documentation for @property. Loading history...
149
150		return $staticFindInstance;
151		}
152
153		/**
154		* This method find a record by id and returns
155		* all the data present in the id.
156		*
157		*
158		* @return associative array
159		*/
160		public function getById()
161		{
162		if ($this->arrayField['id']) {
163		$sqlData = DataBaseQuery::read($this->arrayField['id'], self::getClassName());
164
165		return $sqlData;
166		}
167		}
168
169		/**
170		* This method delete a row from the table by the row id.
171		*
172		* @param $id
173		*
174		* @throws ArgumentNumberIncorrectException;
175		* @throws ArgumentNotFoundException;
176		*
177		* @return bool true
178		*/
179	9	public static function destroy($id, $dbConn = null)
180		{
181	9	if (is_null($dbConn)) {
182	3	$dbConn = new DatabaseConnection();
183	2	}
184
185	9	$numArgs = func_num_args();
186
187	9	if ($numArgs > 2) {
188	3	throw new ArgumentNumberIncorrectException('Please input just one Argument');
189		}
190
191	6	if ($numArgs == ' ') {
192	3	throw new ArgumentNotFoundException('No Argument found, please input an argument');
193		}
194
195	3	DataBaseQuery::delete($id, self::getClassName(), $dbConn);
196
197	3	return true;
198		}
199
200	51	public static function getClassName()
201		{
202	51	$tableName = explode('\\', get_called_class());
203
204	51	return Inflector::pluralize(strtolower(end($tableName)));
205		}
206
207		/**
208		* This method check if the argument passed to this function is an array.
209		*
210		* @param $arrayOfRecord
211		*
212		* @return bool true
213		*/
214	6	public function checkIfRecordIsEmpty($arrayOfRecord)
215		{
216	6	if (count($arrayOfRecord) > 0) {
217	3	return true;
218		}
219
220	3	return false;
221		}
222
223		/**
224		* This method throws exception if record is not updated succesfully.
225		*
226		* @throws $NoRecordUpdatedException
227		*/
228	3	public function throwNoRecordUpdatedException()
229		{
230	3	$message = "oops, your record did not update succesfully";
231	3	throw new NoRecordUpdatedException($message);
232		}
233
234		/**
235		* This method throws exception if data did not match any record.
236		*
237		* @throws $EmptyArrayException
238		*/
239	3	public function throwEmptyArrayException()
240		{
241	3	$message = "data passed didn't match any record";
242	3	throw new EmptyArrayException($message);
243		}
244
245		/**
246		* This method throws exception if record did not create successfully.
247		*
248		* @throws $NoRecordCreatedException
249		*/
250	3	public function throwNoRecordCreatedException()
251		{
252	3	$message = "oops,your record did not create succesfully";
253	3	throw new NoRecordCreatedException($message);
254		}
255
256		/**
257		* This method throws exception if no data is found.
258		*
259		* @throws $NoDataFoundException
260		*/
261	3	public static function throwNoDataFoundException()
262		{
263	3	$message = "oops, no data found in the table";
264	3	throw new NoDataFoundException($message);
265		}
266		}
267

andela-araimi / potato-orm

Issues (11)

Security Analysis no request data

src/Model/DataBaseModel.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like