CrossSiteScripting - Code Metrics - aszone/vulnerabilities - Measure and Improve Code Quality continuously with Scrutinizer

CrossSiteScripting A
last analyzed 2016-11-02 14:18 UTC

↳ Parent: Project

Complexity

Total Complexity

Size/Duplication

Total Lines	129
Duplicated Lines	48.84 %

Coupling/Cohesion

Components	1
Dependencies	3

Importance

Changes	1
Bugs	0	Features	0

Metric	Value
wmc	23
c	1
b	0
f	0
lcom	1
cbo	3
dl	63
loc	129
rs	10

9 Methods

Rating	Name	Duplication	Size	Complexity
A	__construct()	13	13	2
A	isVulnerable()	0	8	2
A	isXssPossible()	0	4	1
A	verify()	17	17	3
B	attack()	15	15	5
A	checkSuccess()	0	4	1
A	generateUrls()	7	7	1
B	generateUrlsByExploit()	11	26	5
A	checkCompare()	0	12	3

How to fix Duplicated Code

<?php

namespace Aszone\Vulnerabilities;

use GuzzleHttp\ClientInterface;
use Psr\Log\LoggerInterface;
use Aszone\Vulnerabilities\Log\Logger;

class CrossSiteScripting implements VulnerabilityScanner
{
    const EXPLOIT1 = '<script>alert(aaabbbccc);</script>';
    const EXPLOIT2 = '<h1>aaabbbccc</h1>';
    const EXPLOIT1REGEX = "<script>alert\(aaabbbccc\);<\/script>";
    const EXPLOIT2REGEX = "<h1>aaabbbccc<\/h1>";

    private $compare;

    private $client;

    private $logger;

    public function __construct(ClientInterface $client, array $compare, LoggerInterface $logger = null)

    {
        $this->client = $client;
        $this->compare = $compare;

        if (empty($logger)) {
            $logger = new Logger;
        }

        $this->logger = $logger;


    }

    public function isVulnerable($target)
    {
        if ($this->isXssPossible($target)) {
            return $this->verify($target);
        }

        return false;
    }

    public function isXssPossible($target)
    {
        return (bool) preg_match("/\?|(.+?)\=/", (string) $target);
    }

    public function verify($target)

    {

        $urls = $this->generateUrls($target);

        $this->logger->info("\n");

        foreach ($urls as $url) {
            if ($this->attack($url)) {
                $this->logger->info('Is Vull');

                return true;
            }
        }

        return false;
    }

    public function attack($url)

    {
        $this->logger->info('.');

        try {
            $body = $this->client->get($url)->getBody()->getContents();
            if ($body && $this->checkSuccess($body) && $this->checkCompare($body)) {
                return true;
            }
        } catch (\Exception $e) {
            $this->logger->error('#');
        }

        return false;
    }

    public function checkSuccess($body)
    {
        return (bool) preg_match('/'.static::EXPLOIT1REGEX.'|'.static::EXPLOIT2REGEX.'/', $body);
    }

    public function generateUrls($target)

    {
        $this->logger->info("\n".$target);
        $urls1 = $this->generateUrlsByExploit($target, static::EXPLOIT1);
        $urls2 = $this->generateUrlsByExploit($target, static::EXPLOIT2);
        return array_merge($urls1, $urls2);
    }

    public function generateUrlsByExploit($target, $exploit)
    {
        $explodeUrl = parse_url($target);
        $explodeQuery = explode('&', $explodeUrl['query']);

        if (!isset($explodeUrl['query'])) {
            return [];
        }

        $wordsValue = [];

        foreach ($explodeQuery as $query) {

            $explodeQueryEqual = explode('=', $query);
            $wordsValue[$explodeQueryEqual[0]] = '';

            if (isset($explodeQueryEqual[1])) {
                $wordsValue[$explodeQueryEqual[0]] = $explodeQueryEqual[1];
            }
        }

        foreach ($wordsValue as $keyValue => $value) {

            $urls[] = str_replace($keyValue.'='.$value, $keyValue.'='.$exploit, $target);
foreach ($collection as $item) {
    $myArray['foo'] = $item->getFoo();

    if ($item->hasBar()) {
        $myArray['bar'] = $item->getBar();
    }

    // do something with $myArray
}
        }

        return $urls;
function myFunction($a) {
    switch ($a) {
        case 'foo':
            $x = 1;
            break;

        case 'bar':
            $x = 2;
            break;
    }

    // $x is potentially undefined here.
    echo $x;
}
    }

    public function checkCompare($body)
    {
        foreach ($this->compare as $compare) {

            $isValid = strpos($body, $compare);
            if ($isValid !== false) {
                return true;
            }
        }

        return false;
    }

}


1		<?php
2
3		namespace Aszone\Vulnerabilities;
4
5		use GuzzleHttp\ClientInterface;
6		use Psr\Log\LoggerInterface;
7		use Aszone\Vulnerabilities\Log\Logger;
8
9		class CrossSiteScripting implements VulnerabilityScanner
10		{
11		const EXPLOIT1 = '<script>alert(aaabbbccc);</script>';
12		const EXPLOIT2 = '<h1>aaabbbccc</h1>';
13		const EXPLOIT1REGEX = "<script>alert\(aaabbbccc\);<\/script>";
14		const EXPLOIT2REGEX = "<h1>aaabbbccc<\/h1>";
15
16		private $compare;
17
18		private $client;
19
20		private $logger;
21
22	View Code Duplication	public function __construct(ClientInterface $client, array $compare, LoggerInterface $logger = null)
		0 ignored issues – show Duplication introduced 2016-10-30 20:07 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
23		{
24		$this->client = $client;
25		$this->compare = $compare;
26
27		if (empty($logger)) {
28		$logger = new Logger;
29		}
30
31		$this->logger = $logger;
32
33
34		}
35
36		public function isVulnerable($target)
37		{
38		if ($this->isXssPossible($target)) {
39		return $this->verify($target);
40		}
41
42		return false;
43		}
44
45		public function isXssPossible($target)
46		{
47		return (bool) preg_match("/\?\|(.+?)\=/", (string) $target);
48		}
49
50	View Code Duplication	public function verify($target)
		0 ignored issues – show Duplication introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
51		{
52
53		$urls = $this->generateUrls($target);
54
55		$this->logger->info("\n");
56
57		foreach ($urls as $url) {
58		if ($this->attack($url)) {
59		$this->logger->info('Is Vull');
60
61		return true;
62		}
63		}
64
65		return false;
66		}
67
68	View Code Duplication	public function attack($url)
		0 ignored issues – show Duplication introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
69		{
70		$this->logger->info('.');
71
72		try {
73		$body = $this->client->get($url)->getBody()->getContents();
74		if ($body && $this->checkSuccess($body) && $this->checkCompare($body)) {
75		return true;
76		}
77		} catch (\Exception $e) {
78		$this->logger->error('#');
79		}
80
81		return false;
82		}
83
84		public function checkSuccess($body)
85		{
86		return (bool) preg_match('/'.static::EXPLOIT1REGEX.'\|'.static::EXPLOIT2REGEX.'/', $body);
87		}
88
89	View Code Duplication	public function generateUrls($target)
		0 ignored issues – show Duplication introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
90		{
91		$this->logger->info("\n".$target);
92		$urls1 = $this->generateUrlsByExploit($target, static::EXPLOIT1);
93		$urls2 = $this->generateUrlsByExploit($target, static::EXPLOIT2);
94		return array_merge($urls1, $urls2);
95		}
96
97		public function generateUrlsByExploit($target, $exploit)
98		{
99		$explodeUrl = parse_url($target);
100		$explodeQuery = explode('&', $explodeUrl['query']);
101
102		if (!isset($explodeUrl['query'])) {
103		return [];
104		}
105
106		$wordsValue = [];
107
108	View Code Duplication	foreach ($explodeQuery as $query) {
		0 ignored issues – show Duplication introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
109		$explodeQueryEqual = explode('=', $query);
110		$wordsValue[$explodeQueryEqual[0]] = '';
111
112		if (isset($explodeQueryEqual[1])) {
113		$wordsValue[$explodeQueryEqual[0]] = $explodeQueryEqual[1];
114		}
115		}
116
117	View Code Duplication	foreach ($wordsValue as $keyValue => $value) {
		0 ignored issues – show Duplication introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
118		$urls[] = str_replace($keyValue.'='.$value, $keyValue.'='.$exploit, $target);
		0 ignored issues – show Coding Style Comprehensibility introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report `$urls` was never initialized. Although not strictly required by PHP, it is generally a good practice to add `$urls = array();` before regardless. Adding an explicit array definition is generally preferable to implicit array definition as it guarantees a stable state of the code. Let’s take a look at an example: foreach ($collection as $item) { $myArray['foo'] = $item->getFoo(); if ($item->hasBar()) { $myArray['bar'] = $item->getBar(); } // do something with $myArray } As you can see in this example, the array `$myArray` is initialized the first time when the foreach loop is entered. You can also see that the value of the `bar` key is only written conditionally; thus, its value might result from a previous iteration. This might or might not be intended. To make your intention clear, your code more readible and to avoid accidental bugs, we recommend to add an explicit initialization `$myArray = array()` either outside or inside the foreach loop. Loading history...
119		}
120
121		return $urls;
		0 ignored issues – show Bug introduced 2016-10-19 12:59 UTC by Report Bug Copy Issue Report The variable `$urls` does not seem to be defined for all execution paths leading up to this point. If you define a variable conditionally, it can happen that it is not defined for all execution paths. Let’s take a look at an example: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } // $x is potentially undefined here. echo $x; } In the above example, the variable `$x` is defined if you pass “foo” or “bar” as argument for `$a`. However, since the `switch` statement has no default case statement, if you pass any other value, the variable `$x` would be undefined. Available Fixes Check for existence of the variable explicitly: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } if (isset($x)) { // Make sure it's always set. echo $x; } } Define a default value for the variable: function myFunction($a) { $x = ''; // Set a default which gets overridden for certain paths. switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; } echo $x; } Add a value for the missing path: function myFunction($a) { switch ($a) { case 'foo': $x = 1; break; case 'bar': $x = 2; break; // We add support for the missing case. default: $x = ''; break; } echo $x; } Loading history...
122		}
123
124		public function checkCompare($body)
125		{
126		foreach ($this->compare as $compare) {
127
128		$isValid = strpos($body, $compare);
129		if ($isValid !== false) {
130		return true;
131		}
132		}
133
134		return false;
135		}
136
137		}
138

aszone / vulnerabilities

CrossSiteScripting A last analyzed 2016-11-02 14:18 UTC

Complexity

Size/Duplication

Coupling/Cohesion

Importance

9 Methods

How to fix Duplicated Code

Duplicated Code

Available Fixes

Duplication Side-by-Side

Filter issues like

CrossSiteScripting A
last analyzed 2016-11-02 14:18 UTC