This project does not seem to handle request data directly as such no vulnerable execution paths were found.
include
, or for example
via PHP's auto-loading mechanism.
These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more
1 | <?php |
||
2 | |||
3 | /** |
||
4 | * \AppserverIo\Configuration\ConfigurationUtils |
||
5 | * |
||
6 | * NOTICE OF LICENSE |
||
7 | * |
||
8 | * This source file is subject to the Open Software License (OSL 3.0) |
||
9 | * that is available through the world-wide-web at this URL: |
||
10 | * http://opensource.org/licenses/osl-3.0.php |
||
11 | * |
||
12 | * PHP version 5 |
||
13 | * |
||
14 | * @author Tim Wagner <[email protected]> |
||
15 | * @copyright 2015 TechDivision GmbH <[email protected]> |
||
16 | * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) |
||
17 | * @link http://github.com/appserver-io/configuration |
||
18 | * @link http://www.appserver.io |
||
19 | */ |
||
20 | |||
21 | namespace AppserverIo\Configuration; |
||
22 | |||
23 | /** |
||
24 | * Configuration utility implementation. |
||
25 | * |
||
26 | * @author Tim Wagner <[email protected]> |
||
27 | * @copyright 2015 TechDivision GmbH <[email protected]> |
||
28 | * @license http://opensource.org/licenses/osl-3.0.php Open Software License (OSL 3.0) |
||
29 | * @link http://github.com/appserver-io/configuration |
||
30 | * @link http://www.appserver.io |
||
31 | */ |
||
32 | class ConfigurationUtils |
||
33 | { |
||
34 | |||
35 | /** |
||
36 | * The instance. |
||
37 | * |
||
38 | * @var \AppserverIo\Configuration\ConfigurationUtils |
||
39 | */ |
||
40 | protected static $instance; |
||
41 | |||
42 | /** |
||
43 | * Protected constructor to avoid direct instanciation. |
||
44 | */ |
||
45 | 1 | protected function __construct() |
|
46 | { |
||
47 | 1 | } |
|
48 | |||
49 | /** |
||
50 | * Creates a singleton instance of the utility class. |
||
51 | * |
||
52 | * @return \AppserverIo\Configuration\ConfigurationUtils The singleton instance |
||
53 | */ |
||
54 | 3 | public static function singleton() |
|
55 | { |
||
56 | |||
57 | // query whether we've already loaded an instance or not |
||
58 | 3 | if (ConfigurationUtils::$instance == null) { |
|
59 | 1 | ConfigurationUtils::$instance = new ConfigurationUtils(); |
|
60 | } |
||
61 | |||
62 | // return the singleton instance |
||
63 | 3 | return ConfigurationUtils::$instance; |
|
64 | } |
||
65 | |||
66 | /** |
||
67 | * Will return recently found errors already formatted for output |
||
68 | * |
||
69 | * @param array $errors An array with error messages |
||
70 | * |
||
71 | * @return array The array with the formatted error messages |
||
72 | */ |
||
73 | 1 | protected function prepareErrorMessages($errors) |
|
74 | { |
||
75 | 1 | $errorMessages = array(); |
|
76 | 1 | foreach ($errors as $error) { |
|
77 | 1 | $errorMessages[] = sprintf( |
|
78 | 1 | "Found a schema validation error on line %s with code %s and message %s when validating configuration file %s, see error dump below: %s", |
|
79 | 1 | $error->line, |
|
80 | 1 | $error->code, |
|
81 | 1 | $error->message, |
|
82 | 1 | $error->file, |
|
83 | 1 | var_export($error, true) |
|
84 | ); |
||
85 | } |
||
86 | 1 | return $errorMessages; |
|
87 | } |
||
88 | |||
89 | /** |
||
90 | * Will validate a given file against a schema. This method supports several validation |
||
91 | * mechanisms for different file types. Will return TRUE if validation passes, FALSE |
||
92 | * otherwise. |
||
93 | * |
||
94 | * @param string $fileName Name of the file to validate |
||
95 | * @param string $schemaFile The specific schema file to validate against |
||
96 | * @param boolean $failOnErrors If the validation should fail on error (optional) |
||
97 | * |
||
98 | * @return void |
||
99 | * |
||
100 | * @throws \AppserverIo\Configuration\ConfigurationException If aren't able to validate this file type |
||
101 | */ |
||
102 | 3 | public function validateFile($fileName, $schemaFile, $failOnErrors = false) |
|
103 | { |
||
104 | |||
105 | // check by the files extension if we're able to validate the file |
||
106 | 3 | switch ($extension = pathinfo($fileName, PATHINFO_EXTENSION)) { |
|
107 | |||
108 | // in case we found a XML file |
||
109 | 3 | case 'xml': |
|
110 | |||
111 | // validate the DOM document instance |
||
112 | 2 | $domDocument = new \DOMDocument(); |
|
113 | 2 | $domDocument->load($fileName); |
|
114 | 2 | ConfigurationUtils::singleton()->validateXml($domDocument, $schemaFile, $failOnErrors); |
|
115 | 1 | break; |
|
116 | |||
117 | // in all other cases we throw an excption |
||
118 | default: |
||
119 | |||
120 | 1 | throw new ConfigurationException( |
|
121 | 1 | sprintf( |
|
122 | 1 | 'Could not find a validation method for file %s as the extension %s is not supported.', |
|
123 | 1 | $fileName, |
|
124 | 1 | $extension |
|
125 | ) |
||
126 | ); |
||
127 | break; |
||
0 ignored issues
–
show
|
|||
128 | } |
||
129 | 1 | } |
|
130 | |||
131 | /** |
||
132 | * Will validate a DOM document against a schema file. Will return TRUE if validation |
||
133 | * passes, FALSE otherwise. |
||
134 | * |
||
135 | * @param \DOMDocument $domDocument DOM document to validate |
||
136 | * @param string $schemaFile The specific schema file to validate against |
||
137 | * @param boolean $failOnErrors If the validation should fail on error (optional) |
||
138 | * |
||
139 | * @return void |
||
140 | * |
||
141 | * @throws \AppserverIo\Configuration\ConfigurationException If $failOnErrors is set to true an exception will be thrown on errors |
||
142 | */ |
||
143 | 2 | public function validateXml(\DOMDocument $domDocument, $schemaFile, $failOnErrors = false) |
|
144 | { |
||
145 | |||
146 | // activate internal error handling, necessary to catch errors with libxml_get_errors() |
||
147 | 2 | libxml_use_internal_errors(true); |
|
148 | |||
149 | // prepare result and error messages |
||
150 | 2 | $errorMessages = array(); |
|
0 ignored issues
–
show
$errorMessages is not used, you could remove the assignment.
This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value';
$higher = false;
if (rand(1, 6) > 3) {
$higher = true;
} else {
$higher = false;
}
Both the
Loading history...
|
|||
151 | |||
152 | // validate the configuration file with the schema |
||
153 | 2 | if ($domDocument->schemaValidate($schemaFile) === false) { |
|
154 | // collect the errors and return as a failure |
||
155 | 1 | $errorMessages = ConfigurationUtils::singleton()->prepareErrorMessages(libxml_get_errors()); |
|
156 | |||
157 | // if we have to fail on errors we might do so here |
||
158 | 1 | if ($failOnErrors === true) { |
|
159 | 1 | throw new ConfigurationException(reset($errorMessages)); |
|
160 | } |
||
161 | } |
||
162 | 1 | } |
|
163 | } |
||
164 |
This check looks for unreachable code. It uses sophisticated control flow analysis techniques to find statements which will never be executed.
Unreachable code is most often the result of
return
,die
orexit
statements that have been added for debug purposes.In the above example, the last
return false
will never be executed, because a return statement has already been met in every possible execution path.