Issues in Refiller.php (master) - Issues in master - anime-db/shikimori-filler-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Service/Refiller.php (1 issue)

Labels

Bug 1

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * AnimeDb package.
 *
 * @author    Peter Gribanov <[email protected]>
 * @copyright Copyright (c) 2011, Peter Gribanov
 * @license   http://opensource.org/licenses/GPL-3.0 GPL v3
 */
namespace AnimeDb\Bundle\ShikimoriFillerBundle\Service;

use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\RefillerInterface;
use AnimeDb\Bundle\ShikimoriBrowserBundle\Service\Browser;
use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item as ItemRefiller;
use AnimeDb\Bundle\CatalogBundle\Entity\Item;
use AnimeDb\Bundle\CatalogBundle\Entity\Source;
use AnimeDb\Bundle\CatalogBundle\Entity\Name;

class Refiller implements RefillerInterface
{
    /**
     * @var string
     */
    const NAME = 'shikimori';

    /**
     * @var string
     */
    const TITLE = 'Shikimori.org';

    /**
     * @var array
     */
    protected $supported_fields = [
        self::FIELD_DATE_END,
        self::FIELD_DATE_PREMIERE,
        self::FIELD_DURATION,
        self::FIELD_EPISODES_NUMBER,
        self::FIELD_GENRES,
        self::FIELD_IMAGES,
        self::FIELD_NAMES,
        self::FIELD_STUDIO,
        self::FIELD_SOURCES,
        self::FIELD_SUMMARY,
    ];

    /**
     * @var Browser
     */
    private $browser;

    /**
     * @var Filler
     */
    protected $filler;

    /**
     * @var Search
     */
    protected $search;

    /**
     * @param Browser $browser
     * @param Filler $filler
     * @param Search $search
     */
    public function __construct(Browser $browser, Filler $filler, Search $search)
    {
        $this->browser = $browser;
        $this->filler = $filler;
        $this->search = $search;
    }

    /**
     * @return string
     */
    public function getName()
    {
        return self::NAME;
    }

    /**
     * @return string
     */
    public function getTitle()
    {
        return self::TITLE;
    }

    /**
     * Is can refill item from source.
     *
     * @param Item $item
     * @param string $field
     *
     * @return bool
     */
    public function isCanRefill(Item $item, $field)
    {
        return in_array($field, $this->supported_fields) && $this->getSourceForFill($item);
    }

    /**
     * Refill item field from source.
     *
     * @param Item $item
     * @param string $field
     *
     * @return Item
     */
    public function refill(Item $item, $field)
    {
        if (!($url = $this->getSourceForFill($item))) {
            return $item;
        }

        // get data
        preg_match(Filler::REG_ITEM_ID, $url, $match);
        $path = str_replace('#ID#', $match['id'], Filler::FILL_URL);
        $body = $this->browser->get($path);

        switch ($field) {
            case self::FIELD_DATE_END:
                if ($body['released_on']) {
                    $item->setDateEnd(new \DateTime($body['released_on']));
                }
                break;
            case self::FIELD_DATE_PREMIERE:
                $item->setDatePremiere(new \DateTime($body['aired_on']));
                break;
            case self::FIELD_DURATION:
                $item->setDuration($body['duration']);
                break;
            case self::FIELD_EPISODES_NUMBER:
                $ep_num = $body['episodes_aired'] ? $body['episodes_aired'] : $body['episodes'];
                $item->setEpisodesNumber($ep_num.($body['ongoing'] ? '+' : ''));
                break;
            case self::FIELD_GENRES:
                $new_item = $this->filler->setGenres(new Item(), $body);
                foreach ($new_item->getGenres() as $new_genre) {
                    $item->addGenre($new_genre);
                }
                break;
            case self::FIELD_IMAGES:
                $this->filler->setImages($item, $body);
                break;
            case self::FIELD_NAMES:
                $new_item = $this->filler->setNames(new Item(), $body);
                // set main name in top of names list
                $names = $new_item->getNames()->toArray();
                array_unshift($names, (new Name())->setName($new_item->getName()));
                foreach ($names as $new_name) {
                    $item->addName($new_name);
                }
                break;
            case self::FIELD_SOURCES:
                $new_item = $this->filler->setSources(new Item(), $body);
                foreach ($new_item->getSources() as $new_source) {
                    $item->addSource($new_source);
                }
                break;
            case self::FIELD_STUDIO:
                $this->filler->setStudio($item, $body);
                break;
            case self::FIELD_SUMMARY:
                $item->setSummary($body['description']);
                break;
        }

        return $item;
    }

    /**
     * @param Item $item
     * @param string $field
     *
     * @return bool
     */
    public function isCanSearch(Item $item, $field)
    {
        if (!in_array($field, $this->supported_fields)) {
            return false;
        }

        if ($this->isCanRefill($item, $field) || $item->getName()) {
            return true;
        }

        /* @var $name Name */
        foreach ($item->getNames() as $name) {
            if ($name->getName()) {
                return true;
            }
        }

        return false;
    }

    /**
     * Search items for refill.
     *
     * @param Item $item
     * @param string $field
     *
     * @return ItemRefiller[]
     */
    public function search(Item $item, $field)
    {
        // can refill from source. not need search
        if ($url = $this->getSourceForFill($item)) {
            return [
                new ItemRefiller(
                    $item->getName(),
                    ['url' => $url],
                    $url,
                    $item->getCover(),
                    $item->getSummary()
                ),
            ];
        }

        // get name for search
        if (!($name = $item->getName())) {
            foreach ($item->getNames() as $name) {
                if ($name) {
                    break;
                }
            }
        }

        $result = [];
        // do search
        if ($name) {
            $result = $this->search->search(['name' => $name]);
            foreach ($result as $key => $item) {
                if ($query = parse_url($item->getLink(), PHP_URL_QUERY)) {
class A
{
    public function foo() { }
}

class B extends A
{
    public function bar() { }
}

/**
 * @param A|B $x
 */
function someFunction($x)
{
    $x->foo(); // This call is fine as the method exists in A and B.
    $x->bar(); // This method only exists in B and might cause an error.
}
                    parse_str($query, $query);
                    $link = array_values($query)[0]['url'];
                    $result[$key] = new ItemRefiller(
                        $item->getName(),
                        ['url' => $link],
                        $link,
                        $item->getImage(),
                        $item->getDescription()
                    );
                }
            }
        }

        return $result;
    }

    /**
     * Refill item field from search result.
     *
     * @param Item $item
     * @param string $field
     * @param array $data
     *
     * @return Item
     */
    public function refillFromSearchResult(Item $item, $field, array $data)
    {
        if (!empty($data['url'])) {
            $item->addSource((new Source())->setUrl($data['url']));
            $item = $this->refill($item, $field);
        }

        return $item;
    }

    /**
     * @param Item $item
     *
     * @return string
     */
    public function getSourceForFill(Item $item)
    {
        /* @var $source Source */
        foreach ($item->getSources() as $source) {
            if (strpos($source->getUrl(), $this->browser->getHost()) === 0) {
                return $source->getUrl();
            }
        }

        return '';
    }
}


Issues (4)

Security Analysis not enabled

src/Service/Refiller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

1			<?php
2			/**
3			* AnimeDb package.
4			*
5			* @author Peter Gribanov <[email protected]>
6			* @copyright Copyright (c) 2011, Peter Gribanov
7			* @license http://opensource.org/licenses/GPL-3.0 GPL v3
8			*/
9			namespace AnimeDb\Bundle\ShikimoriFillerBundle\Service;
10
11			use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\RefillerInterface;
12			use AnimeDb\Bundle\ShikimoriBrowserBundle\Service\Browser;
13			use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item as ItemRefiller;
14			use AnimeDb\Bundle\CatalogBundle\Entity\Item;
15			use AnimeDb\Bundle\CatalogBundle\Entity\Source;
16			use AnimeDb\Bundle\CatalogBundle\Entity\Name;
17
18			class Refiller implements RefillerInterface
19			{
20			/**
21			* @var string
22			*/
23			const NAME = 'shikimori';
24
25			/**
26			* @var string
27			*/
28			const TITLE = 'Shikimori.org';
29
30			/**
31			* @var array
32			*/
33			protected $supported_fields = [
34			self::FIELD_DATE_END,
35			self::FIELD_DATE_PREMIERE,
36			self::FIELD_DURATION,
37			self::FIELD_EPISODES_NUMBER,
38			self::FIELD_GENRES,
39			self::FIELD_IMAGES,
40			self::FIELD_NAMES,
41			self::FIELD_STUDIO,
42			self::FIELD_SOURCES,
43			self::FIELD_SUMMARY,
44			];
45
46			/**
47			* @var Browser
48			*/
49			private $browser;
50
51			/**
52			* @var Filler
53			*/
54			protected $filler;
55
56			/**
57			* @var Search
58			*/
59			protected $search;
60
61			/**
62			* @param Browser $browser
63			* @param Filler $filler
64			* @param Search $search
65			*/
66			public function __construct(Browser $browser, Filler $filler, Search $search)
67			{
68			$this->browser = $browser;
69			$this->filler = $filler;
70			$this->search = $search;
71			}
72
73			/**
74			* @return string
75			*/
76			public function getName()
77			{
78			return self::NAME;
79			}
80
81			/**
82			* @return string
83			*/
84			public function getTitle()
85			{
86			return self::TITLE;
87			}
88
89			/**
90			* Is can refill item from source.
91			*
92			* @param Item $item
93			* @param string $field
94			*
95			* @return bool
96			*/
97			public function isCanRefill(Item $item, $field)
98			{
99			return in_array($field, $this->supported_fields) && $this->getSourceForFill($item);
100			}
101
102			/**
103			* Refill item field from source.
104			*
105			* @param Item $item
106			* @param string $field
107			*
108			* @return Item
109			*/
110			public function refill(Item $item, $field)
111			{
112			if (!($url = $this->getSourceForFill($item))) {
113			return $item;
114			}
115
116			// get data
117			preg_match(Filler::REG_ITEM_ID, $url, $match);
118			$path = str_replace('#ID#', $match['id'], Filler::FILL_URL);
119			$body = $this->browser->get($path);
120
121			switch ($field) {
122			case self::FIELD_DATE_END:
123			if ($body['released_on']) {
124			$item->setDateEnd(new \DateTime($body['released_on']));
125			}
126			break;
127			case self::FIELD_DATE_PREMIERE:
128			$item->setDatePremiere(new \DateTime($body['aired_on']));
129			break;
130			case self::FIELD_DURATION:
131			$item->setDuration($body['duration']);
132			break;
133			case self::FIELD_EPISODES_NUMBER:
134			$ep_num = $body['episodes_aired'] ? $body['episodes_aired'] : $body['episodes'];
135			$item->setEpisodesNumber($ep_num.($body['ongoing'] ? '+' : ''));
136			break;
137			case self::FIELD_GENRES:
138			$new_item = $this->filler->setGenres(new Item(), $body);
139			foreach ($new_item->getGenres() as $new_genre) {
140			$item->addGenre($new_genre);
141			}
142			break;
143			case self::FIELD_IMAGES:
144			$this->filler->setImages($item, $body);
145			break;
146			case self::FIELD_NAMES:
147			$new_item = $this->filler->setNames(new Item(), $body);
148			// set main name in top of names list
149			$names = $new_item->getNames()->toArray();
150			array_unshift($names, (new Name())->setName($new_item->getName()));
151			foreach ($names as $new_name) {
152			$item->addName($new_name);
153			}
154			break;
155			case self::FIELD_SOURCES:
156			$new_item = $this->filler->setSources(new Item(), $body);
157			foreach ($new_item->getSources() as $new_source) {
158			$item->addSource($new_source);
159			}
160			break;
161			case self::FIELD_STUDIO:
162			$this->filler->setStudio($item, $body);
163			break;
164			case self::FIELD_SUMMARY:
165			$item->setSummary($body['description']);
166			break;
167			}
168
169			return $item;
170			}
171
172			/**
173			* @param Item $item
174			* @param string $field
175			*
176			* @return bool
177			*/
178			public function isCanSearch(Item $item, $field)
179			{
180			if (!in_array($field, $this->supported_fields)) {
181			return false;
182			}
183
184			if ($this->isCanRefill($item, $field) \|\| $item->getName()) {
185			return true;
186			}
187
188			/* @var $name Name */
189			foreach ($item->getNames() as $name) {
190			if ($name->getName()) {
191			return true;
192			}
193			}
194
195			return false;
196			}
197
198			/**
199			* Search items for refill.
200			*
201			* @param Item $item
202			* @param string $field
203			*
204			* @return ItemRefiller[]
205			*/
206			public function search(Item $item, $field)
207			{
208			// can refill from source. not need search
209			if ($url = $this->getSourceForFill($item)) {
210			return [
211			new ItemRefiller(
212			$item->getName(),
213			['url' => $url],
214			$url,
215			$item->getCover(),
216			$item->getSummary()
217			),
218			];
219			}
220
221			// get name for search
222			if (!($name = $item->getName())) {
223			foreach ($item->getNames() as $name) {
224			if ($name) {
225			break;
226			}
227			}
228			}
229
230			$result = [];
231			// do search
232			if ($name) {
233			$result = $this->search->search(['name' => $name]);
234			foreach ($result as $key => $item) {
235			if ($query = parse_url($item->getLink(), PHP_URL_QUERY)) {
			0 ignored issues – show Bug introduced 2016-09-17 08:19 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `getLink` does only exist in `AnimeDb\Bundle\CatalogBu...Plugin\Fill\Search\Item`, but not in `AnimeDb\Bundle\CatalogBu...ugin\Fill\Refiller\Item`. It seems like the method you are trying to call exists only in some of the possible types. Let’s take a look at an example: class A { public function foo() { } } class B extends A { public function bar() { } } /** * @param A\|B $x / function someFunction($x) { $x->foo(); // This call is fine as the method exists in A and B. $x->bar(); // This method only exists in B and might cause an error. } Available Fixes Add an additional type-check: /* * @param A\|B $x / function someFunction($x) { $x->foo(); if ($x instanceof B) { $x->bar(); } } Only allow a single type to be passed if the variable comes from a parameter: function someFunction(B $x) { /* ... */ } Loading history...
236			parse_str($query, $query);
237			$link = array_values($query)[0]['url'];
238			$result[$key] = new ItemRefiller(
239			$item->getName(),
240			['url' => $link],
241			$link,
242			$item->getImage(),
243			$item->getDescription()
244			);
245			}
246			}
247			}
248
249			return $result;
250			}
251
252			/**
253			* Refill item field from search result.
254			*
255			* @param Item $item
256			* @param string $field
257			* @param array $data
258			*
259			* @return Item
260			*/
261			public function refillFromSearchResult(Item $item, $field, array $data)
262			{
263			if (!empty($data['url'])) {
264			$item->addSource((new Source())->setUrl($data['url']));
265			$item = $this->refill($item, $field);
266			}
267
268			return $item;
269			}
270
271			/**
272			* @param Item $item
273			*
274			* @return string
275			*/
276			public function getSourceForFill(Item $item)
277			{
278			/* @var $source Source */
279			foreach ($item->getSources() as $source) {
280			if (strpos($source->getUrl(), $this->browser->getHost()) === 0) {
281			return $source->getUrl();
282			}
283			}
284
285			return '';
286			}
287			}
288

anime-db / shikimori-filler-bundle

Issues (4)

Security Analysis not enabled

src/Service/Refiller.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Available Fixes

Duplication Side-by-Side

Filter issues like