Issues in Refiller.php (master) - Issues in master - anime-db/ani-db-filler-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Service/Refiller.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * AnimeDb package.
 *
 * @author    Peter Gribanov <[email protected]>
 * @copyright Copyright (c) 2011, Peter Gribanov
 * @license   http://opensource.org/licenses/GPL-3.0 GPL v3
 */
namespace AnimeDb\Bundle\AniDbFillerBundle\Service;

use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\RefillerInterface;
use AnimeDb\Bundle\AniDbBrowserBundle\Service\Browser;
use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item as ItemRefiller;
use AnimeDb\Bundle\CatalogBundle\Entity\Item;
use AnimeDb\Bundle\CatalogBundle\Entity\Source;
use AnimeDb\Bundle\CatalogBundle\Entity\Name;

class Refiller implements RefillerInterface
{
    /**
     * @var string
     */
    const NAME = 'anidb';

    /**
     * @var string
     */
    const TITLE = 'AniDB.net';

    /**
     * List of supported fields.
     *
     * @var array
     */
    protected $supported_fields = [
        self::FIELD_DATE_END,
        self::FIELD_DATE_PREMIERE,
        self::FIELD_EPISODES,
        self::FIELD_EPISODES_NUMBER,
        self::FIELD_GENRES,
        self::FIELD_NAMES,
        self::FIELD_SOURCES,
        self::FIELD_SUMMARY,
    ];

    /**
     * @var Browser
     */
    private $browser;

    /**
     * @var Filler
     */
    protected $filler;

    /**
     * @var Search
     */
    protected $search;

    /**
     * @var SummaryCleaner
     */
    protected $cleaner;

    /**
     * @param Browser $browser
     * @param Filler $filler
     * @param Search $search
     * @param SummaryCleaner $cleaner
     */
    public function __construct(Browser $browser, Filler $filler, Search $search, SummaryCleaner $cleaner)
    {
        $this->browser = $browser;
        $this->filler = $filler;
        $this->search = $search;
        $this->cleaner = $cleaner;
    }

    /**
     * @return string
     */
    public function getName()
    {
        return self::NAME;
    }

    /**
     * @return string
     */
    public function getTitle()
    {
        return self::TITLE;
    }

    /**
     * Is can refill item from source.
     *
     * @param Item $item
     * @param string $field
     *
     * @return bool
     */
    public function isCanRefill(Item $item, $field)
    {
        return in_array($field, $this->supported_fields) && $this->getSourceForFill($item);
    }

    /**
     * Refill item field from source.
     *
     * @param Item $item
     * @param string $field
     *
     * @return Item
     */
    public function refill(Item $item, $field)
    {
        $url = $this->getSourceForFill($item);
        if (!$url || !preg_match(Filler::REG_ITEM_ID, $url, $match)) {
            return $item;
        }

        // get data
        $body = $this->browser->get('anime', ['aid' => $match['id']]);

        switch ($field) {
            case self::FIELD_DATE_END:
                $item->setDateEnd(new \DateTime($body->filter('enddate')->text()));
                break;
            case self::FIELD_DATE_PREMIERE:
                $item->setDatePremiere(new \DateTime($body->filter('startdate')->text()));
                break;
            case self::FIELD_EPISODES:
                $this->filler->setEpisodes($item, $body);
                break;
            case self::FIELD_EPISODES_NUMBER:
                $item->setEpisodesNumber($body->filter('episodecount')->text());
                break;
            case self::FIELD_GENRES:
                $new_item = $this->filler->setGenres(new Item(), $body);
                foreach ($new_item->getGenres() as $new_genre) {
                    $item->addGenre($new_genre);
                }
                break;
            case self::FIELD_NAMES:
                $new_item = $this->filler->setNames(new Item(), $body);
                // set main name in top of names list
                $new_names = $new_item->getNames()->toArray();
                array_unshift($new_names, (new Name())->setName($new_item->getName()));
                foreach ($new_names as $new_name) {
                    $item->addName($new_name);
                }
                break;
            case self::FIELD_SOURCES:
                if ($url = $body->filter('url')->text()) {
                    $item->addSource((new Source())->setUrl($url));
                }
                break;
            case self::FIELD_SUMMARY:
                $item->setSummary($this->cleaner->clean($body->filter('description')->text()));
                break;
        }

        return $item;
    }

    /**
     * @param Item $item
     * @param string $field
     *
     * @return bool
     */
    public function isCanSearch(Item $item, $field)
    {
        if (!in_array($field, $this->supported_fields)) {
            return false;
        }
        if ($this->isCanRefill($item, $field) || $item->getName()) {
            return true;
        }
        /* @var $name Name */
        foreach ($item->getNames() as $name) {
            if ($name->getName()) {
                return true;
            }
        }

        return false;
    }

    /**
     * Search items for refill.
     *
     * @param Item $item
     * @param string $field
     *
     * @return ItemRefiller[]
     */
    public function search(Item $item, $field)
    {
        $url = $this->getSourceForFill($item);
        // can refill from source. not need search
        if ($url) {
            return [
                new ItemRefiller(
                    $item->getName(),
                    ['url' => $url],
                    $url,
                    $item->getCover(),
                    $item->getSummary()
                ),
            ];
        }

        // get name for search
        if (!($name = $item->getName())) {
            foreach ($item->getNames() as $name) {
                if ($name) {
                    break;
                }
            }
        }

        $result = [];
        // do search
        if ($name) {
            $result = $this->search->search(['name' => $name]);
            foreach ($result as $key => $item) {
                // get real url from search result
                if ($query = parse_url($item->getLink(), PHP_URL_QUERY)) {
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
                    parse_str($query, $query);
                    $query = array_values($query);
                    if (!empty($query[0]['url'])) {
                        $result[$key] = new ItemRefiller(
                            $item->getName(),
                            ['url' => $query[0]['url']],
                            $query[0]['url'],
                            $item->getImage(),
                            $item->getDescription()
                        );
                    }
                }
            }
        }

        return $result;
    }

    /**
     * Refill item field from search result.
     *
     * @param Item $item
     * @param string $field
     * @param array $data
     *
     * @return Item
     */
    public function refillFromSearchResult(Item $item, $field, array $data)
    {
        if (!empty($data['url'])) {
            $source = new Source();
            $source->setUrl($data['url']);
            $item->addSource($source);
            $item = $this->refill($item, $field);
        }

        return $item;
    }

    /**
     * @param Item $item
     *
     * @return string
     */
    public function getSourceForFill(Item $item)
    {
        /* @var $source Source */
        foreach ($item->getSources() as $source) {
            if (strpos($source->getUrl(), $this->browser->getHost()) === 0) {
                return $source->getUrl();
            }
        }

        return '';
    }
}


Issues (10)

Security Analysis not enabled

src/Service/Refiller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1			<?php
2			/**
3			* AnimeDb package.
4			*
5			* @author Peter Gribanov <[email protected]>
6			* @copyright Copyright (c) 2011, Peter Gribanov
7			* @license http://opensource.org/licenses/GPL-3.0 GPL v3
8			*/
9			namespace AnimeDb\Bundle\AniDbFillerBundle\Service;
10
11			use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\RefillerInterface;
12			use AnimeDb\Bundle\AniDbBrowserBundle\Service\Browser;
13			use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item as ItemRefiller;
14			use AnimeDb\Bundle\CatalogBundle\Entity\Item;
15			use AnimeDb\Bundle\CatalogBundle\Entity\Source;
16			use AnimeDb\Bundle\CatalogBundle\Entity\Name;
17
18			class Refiller implements RefillerInterface
19			{
20			/**
21			* @var string
22			*/
23			const NAME = 'anidb';
24
25			/**
26			* @var string
27			*/
28			const TITLE = 'AniDB.net';
29
30			/**
31			* List of supported fields.
32			*
33			* @var array
34			*/
35			protected $supported_fields = [
36			self::FIELD_DATE_END,
37			self::FIELD_DATE_PREMIERE,
38			self::FIELD_EPISODES,
39			self::FIELD_EPISODES_NUMBER,
40			self::FIELD_GENRES,
41			self::FIELD_NAMES,
42			self::FIELD_SOURCES,
43			self::FIELD_SUMMARY,
44			];
45
46			/**
47			* @var Browser
48			*/
49			private $browser;
50
51			/**
52			* @var Filler
53			*/
54			protected $filler;
55
56			/**
57			* @var Search
58			*/
59			protected $search;
60
61			/**
62			* @var SummaryCleaner
63			*/
64			protected $cleaner;
65
66			/**
67			* @param Browser $browser
68			* @param Filler $filler
69			* @param Search $search
70			* @param SummaryCleaner $cleaner
71			*/
72			public function __construct(Browser $browser, Filler $filler, Search $search, SummaryCleaner $cleaner)
73			{
74			$this->browser = $browser;
75			$this->filler = $filler;
76			$this->search = $search;
77			$this->cleaner = $cleaner;
78			}
79
80			/**
81			* @return string
82			*/
83			public function getName()
84			{
85			return self::NAME;
86			}
87
88			/**
89			* @return string
90			*/
91			public function getTitle()
92			{
93			return self::TITLE;
94			}
95
96			/**
97			* Is can refill item from source.
98			*
99			* @param Item $item
100			* @param string $field
101			*
102			* @return bool
103			*/
104			public function isCanRefill(Item $item, $field)
105			{
106			return in_array($field, $this->supported_fields) && $this->getSourceForFill($item);
107			}
108
109			/**
110			* Refill item field from source.
111			*
112			* @param Item $item
113			* @param string $field
114			*
115			* @return Item
116			*/
117			public function refill(Item $item, $field)
118			{
119			$url = $this->getSourceForFill($item);
120			if (!$url \|\| !preg_match(Filler::REG_ITEM_ID, $url, $match)) {
121			return $item;
122			}
123
124			// get data
125			$body = $this->browser->get('anime', ['aid' => $match['id']]);
126
127			switch ($field) {
128			case self::FIELD_DATE_END:
129			$item->setDateEnd(new \DateTime($body->filter('enddate')->text()));
130			break;
131			case self::FIELD_DATE_PREMIERE:
132			$item->setDatePremiere(new \DateTime($body->filter('startdate')->text()));
133			break;
134			case self::FIELD_EPISODES:
135			$this->filler->setEpisodes($item, $body);
136			break;
137			case self::FIELD_EPISODES_NUMBER:
138			$item->setEpisodesNumber($body->filter('episodecount')->text());
139			break;
140			case self::FIELD_GENRES:
141			$new_item = $this->filler->setGenres(new Item(), $body);
142			foreach ($new_item->getGenres() as $new_genre) {
143			$item->addGenre($new_genre);
144			}
145			break;
146			case self::FIELD_NAMES:
147			$new_item = $this->filler->setNames(new Item(), $body);
148			// set main name in top of names list
149			$new_names = $new_item->getNames()->toArray();
150			array_unshift($new_names, (new Name())->setName($new_item->getName()));
151			foreach ($new_names as $new_name) {
152			$item->addName($new_name);
153			}
154			break;
155			case self::FIELD_SOURCES:
156			if ($url = $body->filter('url')->text()) {
157			$item->addSource((new Source())->setUrl($url));
158			}
159			break;
160			case self::FIELD_SUMMARY:
161			$item->setSummary($this->cleaner->clean($body->filter('description')->text()));
162			break;
163			}
164
165			return $item;
166			}
167
168			/**
169			* @param Item $item
170			* @param string $field
171			*
172			* @return bool
173			*/
174			public function isCanSearch(Item $item, $field)
175			{
176			if (!in_array($field, $this->supported_fields)) {
177			return false;
178			}
179			if ($this->isCanRefill($item, $field) \|\| $item->getName()) {
180			return true;
181			}
182			/* @var $name Name */
183			foreach ($item->getNames() as $name) {
184			if ($name->getName()) {
185			return true;
186			}
187			}
188
189			return false;
190			}
191
192			/**
193			* Search items for refill.
194			*
195			* @param Item $item
196			* @param string $field
197			*
198			* @return ItemRefiller[]
199			*/
200			public function search(Item $item, $field)
201			{
202			$url = $this->getSourceForFill($item);
203			// can refill from source. not need search
204			if ($url) {
205			return [
206			new ItemRefiller(
207			$item->getName(),
208			['url' => $url],
209			$url,
210			$item->getCover(),
211			$item->getSummary()
212			),
213			];
214			}
215
216			// get name for search
217			if (!($name = $item->getName())) {
218			foreach ($item->getNames() as $name) {
219			if ($name) {
220			break;
221			}
222			}
223			}
224
225			$result = [];
226			// do search
227			if ($name) {
228			$result = $this->search->search(['name' => $name]);
229			foreach ($result as $key => $item) {
230			// get real url from search result
231			if ($query = parse_url($item->getLink(), PHP_URL_QUERY)) {
			0 ignored issues – show Bug introduced 2016-08-28 17:41 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getLink` does only exist in `AnimeDb\Bundle\CatalogBu...Plugin\Fill\Search\Item`, but not in `AnimeDb\Bundle\CatalogBu...ugin\Fill\Refiller\Item`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
232			parse_str($query, $query);
233			$query = array_values($query);
234			if (!empty($query[0]['url'])) {
235			$result[$key] = new ItemRefiller(
236			$item->getName(),
237			['url' => $query[0]['url']],
238			$query[0]['url'],
239			$item->getImage(),
240			$item->getDescription()
241			);
242			}
243			}
244			}
245			}
246
247			return $result;
248			}
249
250			/**
251			* Refill item field from search result.
252			*
253			* @param Item $item
254			* @param string $field
255			* @param array $data
256			*
257			* @return Item
258			*/
259			public function refillFromSearchResult(Item $item, $field, array $data)
260			{
261			if (!empty($data['url'])) {
262			$source = new Source();
263			$source->setUrl($data['url']);
264			$item->addSource($source);
265			$item = $this->refill($item, $field);
266			}
267
268			return $item;
269			}
270
271			/**
272			* @param Item $item
273			*
274			* @return string
275			*/
276			public function getSourceForFill(Item $item)
277			{
278			/* @var $source Source */
279			foreach ($item->getSources() as $source) {
280			if (strpos($source->getUrl(), $this->browser->getHost()) === 0) {
281			return $source->getUrl();
282			}
283			}
284
285			return '';
286			}
287			}
288

anime-db / ani-db-filler-bundle

Issues (10)

Security Analysis not enabled

src/Service/Refiller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like