Issues in Refiller.php (master) - Issues in master - anime-db/world-art-filler-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (24)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Service/Refiller.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * AnimeDb package.
 *
 * @author    Peter Gribanov <[email protected]>
 * @copyright Copyright (c) 2011, Peter Gribanov
 * @license   http://opensource.org/licenses/GPL-3.0 GPL v3
 */

namespace AnimeDb\Bundle\WorldArtFillerBundle\Service;

use AnimeDb\Bundle\CatalogBundle\Entity\Image;
use AnimeDb\Bundle\CatalogBundle\Entity\Item;
use AnimeDb\Bundle\CatalogBundle\Entity\Name;
use AnimeDb\Bundle\CatalogBundle\Entity\Source;
use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item as ItemRefiller;
use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Refiller as RefillerPlugin;

class Refiller extends RefillerPlugin

{
    /**
     * Name.
     *
     * @var string
     */
    const NAME = 'world-art';

    /**
     * Title.
     *
     * @var string
     */
    const TITLE = 'World-Art.ru';

    /**
     * List of supported fields.
     *
     * @var array
     */
    protected $supported_fields = [
        self::FIELD_DATE_END,
        self::FIELD_DATE_PREMIERE,
        self::FIELD_DURATION,
        self::FIELD_EPISODES,
        self::FIELD_EPISODES_NUMBER,
        self::FIELD_GENRES,
        self::FIELD_IMAGES,
        self::FIELD_COUNTRY,
        self::FIELD_NAMES,
        self::FIELD_STUDIO,
        self::FIELD_SOURCES,
        self::FIELD_SUMMARY,
    ];

    /**
     * Filler.
     *
     * @var \AnimeDb\Bundle\WorldArtFillerBundle\Service\Filler
     */
    protected $filler;

    /**
     * Search.
     *
     * @var \AnimeDb\Bundle\WorldArtFillerBundle\Service\Search
     */
    protected $search;

    /**
     * Browser.
     *
     * @var \AnimeDb\Bundle\WorldArtFillerBundle\Service\Browser
     */
    private $browser;

    /**
     * Construct.
     *
     * @param \AnimeDb\Bundle\WorldArtFillerBundle\Service\Filler  $filler
     * @param \AnimeDb\Bundle\WorldArtFillerBundle\Service\Search  $search
     * @param \AnimeDb\Bundle\WorldArtFillerBundle\Service\Browser $browser
     */
    public function __construct(Filler $filler, Search $search, Browser $browser)
    {
        $this->filler = $filler;
        $this->search = $search;
        $this->browser = $browser;
    }

    /**
     * Get name.
     *
     * @return string
     */
    public function getName()
    {
        return self::NAME;
    }

    /**
     * Get title.
     *
     * @return string
     */
    public function getTitle()
    {
        return self::TITLE;
    }

    /**
     * Is can refill item from source.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     * @param string                                    $field
     *
     * @return bool
     */
    public function isCanRefill(Item $item, $field)
    {
        return in_array($field, $this->supported_fields) && $this->getSourceForFill($item);
    }

    /**
     * Refill item field from source.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     * @param string                                    $field
     *
     * @return \AnimeDb\Bundle\CatalogBundle\Entity\Item
     */
    public function refill(Item $item, $field)
    {
        if (!($url = $this->getSourceForFill($item))) {
            return $item;
        }

        if ($field == self::FIELD_IMAGES) {
            if (preg_match('/id=(?<id>\d+)/', $url, $mat)) {
                foreach ($this->filler->getFrames($mat['id']) as $frame) {

                    // check of the existence of the image
                    /* @var $image \AnimeDb\Bundle\CatalogBundle\Entity\Image */
                    foreach ($item->getImages() as $image) {
                        if ($frame == $image->getSource()) {
                            continue 2;
                        }
                    }
                    $item->addImage((new Image())->setSource($frame));
                }
            }
        } elseif ($new_item = $this->filler->fill(['url' => $url, 'frames' => false])) {
            $item = $this->fillItem($item, $new_item, $field);
        }

        return $item;
    }

    /**
     * Is can search.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     * @param string                                    $field
     *
     * @return bool
     */
    public function isCanSearch(Item $item, $field)
    {
        if (!in_array($field, $this->supported_fields)) {
            return false;
        }
        if ($this->isCanRefill($item, $field) || $item->getName()) {
            return true;
        }
        /* @var $name \AnimeDb\Bundle\CatalogBundle\Entity\Name */
        foreach ($item->getNames() as $name) {
            if ($name->getName()) {
                return true;
            }
        }

        return false;
    }

    /**
     * Search items for refill.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     * @param string                                    $field
     *
     * @return array [\AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item]
     */
    public function search(Item $item, $field)
    {
        // can refill from source. not need search
        if ($url = $this->getSourceForFill($item)) {
            return [
                new ItemRefiller(
                    $item->getName(),
                    ['url' => $url],
                    $url,
                    $item->getCover(),
                    $item->getSummary()
                ),
            ];
        }

        // get name for search
        if (!($name = $item->getName())) {
            foreach ($item->getNames() as $name) {
                if ($name) {
                    break;
                }
            }
        }

        $result = [];
        // do search
        if ($name) {
            $result = $this->search->search(['name' => $name]);
            /* @var $item \AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Search\Item */
            foreach ($result as $key => $item) {
                parse_str(parse_url($item->getLink(), PHP_URL_QUERY), $query);
                $link = array_values($query)[0]['url'];
                $result[$key] = new ItemRefiller(
                    $item->getName(),
                    ['url' => $link],
                    $link,
                    $item->getImage(),
                    $item->getDescription()
                );
            }
        }

        return $result;
    }

    /**
     * Refill item field from search result.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     * @param string                                    $field
     * @param array                                     $data
     *
     * @return \AnimeDb\Bundle\CatalogBundle\Entity\Item
     */
    public function refillFromSearchResult(Item $item, $field, array $data)
    {
        if (!empty($data['url'])) {
            $source = new Source();
            $source->setUrl($data['url']);
            $item->addSource($source);
            $item = $this->refill($item, $field);
        }

        return $item;
    }

    /**
     * Fill item.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $new_item
     * @param string                                    $field
     *
     * @return \AnimeDb\Bundle\CatalogBundle\Entity\Item
     */
    protected function fillItem(Item $item, Item $new_item, $field)
    {
        switch ($field) {
            case self::FIELD_COUNTRY:
                $item->setCountry($new_item->getCountry());
                break;
            case self::FIELD_DATE_END:
                $item->setDateEnd($new_item->getDateEnd());
                break;
            case self::FIELD_DATE_PREMIERE:
                $item->setDatePremiere($new_item->getDatePremiere());
                break;
            case self::FIELD_DURATION:
                $item->setDuration($new_item->getDuration());
                break;
            case self::FIELD_EPISODES:
                $item->setEpisodes($new_item->getEpisodes());
                break;
            case self::FIELD_EPISODES_NUMBER:
                $item->setEpisodesNumber($new_item->getEpisodesNumber());
                break;
            case self::FIELD_FILE_INFO:
                $item->setFileInfo($new_item->getFileInfo());
                break;
            case self::FIELD_GENRES:
                /* @var $new_genre \AnimeDb\Bundle\CatalogBundle\Entity\Genre */
                foreach ($new_item->getGenres() as $new_genre) {
                    $item->addGenre($new_genre);
                }
                break;
            case self::FIELD_NAMES:
                // set main name in top of names list
                $new_names = $new_item->getNames()->toArray();
                array_unshift($new_names, (new Name())->setName($new_item->getName()));
                foreach ($new_names as $new_name) {
                    $item->addName($new_name);
                }
                break;
            case self::FIELD_SOURCES:
                foreach ($new_item->getSources() as $new_source) {
                    $item->addSource($new_source);
                }
                break;
            case self::FIELD_STUDIO:
                $item->setStudio($new_item->getStudio());
                break;
            case self::FIELD_SUMMARY:
                $item->setSummary($new_item->getSummary());
                break;
        }

        return $item;
    }

    /**
     * Get source for fill.
     *
     * @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
     *
     * @return string
     */
    public function getSourceForFill(Item $item)
    {
        /* @var $source \AnimeDb\Bundle\CatalogBundle\Entity\Source */
        foreach ($item->getSources() as $source) {
            if (strpos($source->getUrl(), $this->browser->getHost()) === 0) {
                return $source->getUrl();
            }
        }

        return '';
    }
}


1			<?php
2			/**
3			* AnimeDb package.
4			*
5			* @author Peter Gribanov <[email protected]>
6			* @copyright Copyright (c) 2011, Peter Gribanov
7			* @license http://opensource.org/licenses/GPL-3.0 GPL v3
8			*/
9
10			namespace AnimeDb\Bundle\WorldArtFillerBundle\Service;
11
12			use AnimeDb\Bundle\CatalogBundle\Entity\Image;
13			use AnimeDb\Bundle\CatalogBundle\Entity\Item;
14			use AnimeDb\Bundle\CatalogBundle\Entity\Name;
15			use AnimeDb\Bundle\CatalogBundle\Entity\Source;
16			use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item as ItemRefiller;
17			use AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Refiller as RefillerPlugin;
18
19			class Refiller extends RefillerPlugin
			0 ignored issues – show Deprecated Code introduced 2017-06-03 20:00 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `AnimeDb\Bundle\CatalogBu...\Fill\Refiller\Refiller` has been deprecated with message: use RefillerInterface This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead. Loading history...
20			{
21			/**
22			* Name.
23			*
24			* @var string
25			*/
26			const NAME = 'world-art';
27
28			/**
29			* Title.
30			*
31			* @var string
32			*/
33			const TITLE = 'World-Art.ru';
34
35			/**
36			* List of supported fields.
37			*
38			* @var array
39			*/
40			protected $supported_fields = [
41			self::FIELD_DATE_END,
42			self::FIELD_DATE_PREMIERE,
43			self::FIELD_DURATION,
44			self::FIELD_EPISODES,
45			self::FIELD_EPISODES_NUMBER,
46			self::FIELD_GENRES,
47			self::FIELD_IMAGES,
48			self::FIELD_COUNTRY,
49			self::FIELD_NAMES,
50			self::FIELD_STUDIO,
51			self::FIELD_SOURCES,
52			self::FIELD_SUMMARY,
53			];
54
55			/**
56			* Filler.
57			*
58			* @var \AnimeDb\Bundle\WorldArtFillerBundle\Service\Filler
59			*/
60			protected $filler;
61
62			/**
63			* Search.
64			*
65			* @var \AnimeDb\Bundle\WorldArtFillerBundle\Service\Search
66			*/
67			protected $search;
68
69			/**
70			* Browser.
71			*
72			* @var \AnimeDb\Bundle\WorldArtFillerBundle\Service\Browser
73			*/
74			private $browser;
75
76			/**
77			* Construct.
78			*
79			* @param \AnimeDb\Bundle\WorldArtFillerBundle\Service\Filler $filler
80			* @param \AnimeDb\Bundle\WorldArtFillerBundle\Service\Search $search
81			* @param \AnimeDb\Bundle\WorldArtFillerBundle\Service\Browser $browser
82			*/
83			public function __construct(Filler $filler, Search $search, Browser $browser)
84			{
85			$this->filler = $filler;
86			$this->search = $search;
87			$this->browser = $browser;
88			}
89
90			/**
91			* Get name.
92			*
93			* @return string
94			*/
95			public function getName()
96			{
97			return self::NAME;
98			}
99
100			/**
101			* Get title.
102			*
103			* @return string
104			*/
105			public function getTitle()
106			{
107			return self::TITLE;
108			}
109
110			/**
111			* Is can refill item from source.
112			*
113			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
114			* @param string $field
115			*
116			* @return bool
117			*/
118			public function isCanRefill(Item $item, $field)
119			{
120			return in_array($field, $this->supported_fields) && $this->getSourceForFill($item);
121			}
122
123			/**
124			* Refill item field from source.
125			*
126			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
127			* @param string $field
128			*
129			* @return \AnimeDb\Bundle\CatalogBundle\Entity\Item
130			*/
131			public function refill(Item $item, $field)
132			{
133			if (!($url = $this->getSourceForFill($item))) {
134			return $item;
135			}
136
137			if ($field == self::FIELD_IMAGES) {
138			if (preg_match('/id=(?<id>\d+)/', $url, $mat)) {
139			foreach ($this->filler->getFrames($mat['id']) as $frame) {
			0 ignored issues – show Bug introduced 2017-06-03 18:36 UTC by Report Bug Copy Issue Report Show Similar Issues like this The call to `getFrames()` misses a required argument `$type`. This check looks for function calls that miss required arguments. Loading history...
140			// check of the existence of the image
141			/* @var $image \AnimeDb\Bundle\CatalogBundle\Entity\Image */
142			foreach ($item->getImages() as $image) {
143			if ($frame == $image->getSource()) {
144			continue 2;
145			}
146			}
147			$item->addImage((new Image())->setSource($frame));
148			}
149			}
150			} elseif ($new_item = $this->filler->fill(['url' => $url, 'frames' => false])) {
151			$item = $this->fillItem($item, $new_item, $field);
152			}
153
154			return $item;
155			}
156
157			/**
158			* Is can search.
159			*
160			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
161			* @param string $field
162			*
163			* @return bool
164			*/
165			public function isCanSearch(Item $item, $field)
166			{
167			if (!in_array($field, $this->supported_fields)) {
168			return false;
169			}
170			if ($this->isCanRefill($item, $field) \|\| $item->getName()) {
171			return true;
172			}
173			/* @var $name \AnimeDb\Bundle\CatalogBundle\Entity\Name */
174			foreach ($item->getNames() as $name) {
175			if ($name->getName()) {
176			return true;
177			}
178			}
179
180			return false;
181			}
182
183			/**
184			* Search items for refill.
185			*
186			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
187			* @param string $field
188			*
189			* @return array [\AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Refiller\Item]
190			*/
191			public function search(Item $item, $field)
192			{
193			// can refill from source. not need search
194			if ($url = $this->getSourceForFill($item)) {
195			return [
196			new ItemRefiller(
197			$item->getName(),
198			['url' => $url],
199			$url,
200			$item->getCover(),
201			$item->getSummary()
202			),
203			];
204			}
205
206			// get name for search
207			if (!($name = $item->getName())) {
208			foreach ($item->getNames() as $name) {
209			if ($name) {
210			break;
211			}
212			}
213			}
214
215			$result = [];
216			// do search
217			if ($name) {
218			$result = $this->search->search(['name' => $name]);
219			/* @var $item \AnimeDb\Bundle\CatalogBundle\Plugin\Fill\Search\Item */
220			foreach ($result as $key => $item) {
221			parse_str(parse_url($item->getLink(), PHP_URL_QUERY), $query);
222			$link = array_values($query)[0]['url'];
223			$result[$key] = new ItemRefiller(
224			$item->getName(),
225			['url' => $link],
226			$link,
227			$item->getImage(),
228			$item->getDescription()
229			);
230			}
231			}
232
233			return $result;
234			}
235
236			/**
237			* Refill item field from search result.
238			*
239			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
240			* @param string $field
241			* @param array $data
242			*
243			* @return \AnimeDb\Bundle\CatalogBundle\Entity\Item
244			*/
245			public function refillFromSearchResult(Item $item, $field, array $data)
246			{
247			if (!empty($data['url'])) {
248			$source = new Source();
249			$source->setUrl($data['url']);
250			$item->addSource($source);
251			$item = $this->refill($item, $field);
252			}
253
254			return $item;
255			}
256
257			/**
258			* Fill item.
259			*
260			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
261			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $new_item
262			* @param string $field
263			*
264			* @return \AnimeDb\Bundle\CatalogBundle\Entity\Item
265			*/
266			protected function fillItem(Item $item, Item $new_item, $field)
267			{
268			switch ($field) {
269			case self::FIELD_COUNTRY:
270			$item->setCountry($new_item->getCountry());
271			break;
272			case self::FIELD_DATE_END:
273			$item->setDateEnd($new_item->getDateEnd());
274			break;
275			case self::FIELD_DATE_PREMIERE:
276			$item->setDatePremiere($new_item->getDatePremiere());
277			break;
278			case self::FIELD_DURATION:
279			$item->setDuration($new_item->getDuration());
280			break;
281			case self::FIELD_EPISODES:
282			$item->setEpisodes($new_item->getEpisodes());
283			break;
284			case self::FIELD_EPISODES_NUMBER:
285			$item->setEpisodesNumber($new_item->getEpisodesNumber());
286			break;
287			case self::FIELD_FILE_INFO:
288			$item->setFileInfo($new_item->getFileInfo());
289			break;
290			case self::FIELD_GENRES:
291			/* @var $new_genre \AnimeDb\Bundle\CatalogBundle\Entity\Genre */
292			foreach ($new_item->getGenres() as $new_genre) {
293			$item->addGenre($new_genre);
294			}
295			break;
296			case self::FIELD_NAMES:
297			// set main name in top of names list
298			$new_names = $new_item->getNames()->toArray();
299			array_unshift($new_names, (new Name())->setName($new_item->getName()));
300			foreach ($new_names as $new_name) {
301			$item->addName($new_name);
302			}
303			break;
304			case self::FIELD_SOURCES:
305			foreach ($new_item->getSources() as $new_source) {
306			$item->addSource($new_source);
307			}
308			break;
309			case self::FIELD_STUDIO:
310			$item->setStudio($new_item->getStudio());
311			break;
312			case self::FIELD_SUMMARY:
313			$item->setSummary($new_item->getSummary());
314			break;
315			}
316
317			return $item;
318			}
319
320			/**
321			* Get source for fill.
322			*
323			* @param \AnimeDb\Bundle\CatalogBundle\Entity\Item $item
324			*
325			* @return string
326			*/
327			public function getSourceForFill(Item $item)
328			{
329			/* @var $source \AnimeDb\Bundle\CatalogBundle\Entity\Source */
330			foreach ($item->getSources() as $source) {
331			if (strpos($source->getUrl(), $this->browser->getHost()) === 0) {
332			return $source->getUrl();
333			}
334			}
335
336			return '';
337			}
338			}
339

anime-db / world-art-filler-bundle

Issues (24)

Security Analysis not enabled

src/Service/Refiller.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like