Issues in DocHelper.php (master) - Issues in master - bestit/PHP_CodeSniffer - Measure and Improve Code Quality continuously with Scrutinizer

Issues (51)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Standards/BestIt/CodeSniffer/Helper/DocHelper.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

namespace BestIt\CodeSniffer\Helper;

use DomainException;
use PHP_CodeSniffer\Files\File;
use PHP_CodeSniffer\Util\Tokens;
use function sprintf;
use const T_DOC_COMMENT_CLOSE_TAG;

/**
 * Class DocHelper
 *
 * @author Nick Lubisch <[email protected]>
 * @package BestIt\CodeSniffer\Helper
 */
class DocHelper
{
    /**
     * The position of the end token of the doc block.
     *
     * @var int|null|bool If false then it will be loaded in the getter.
     */
    private $blockEndPosition = false;

    /**
     * The php cs file.
     *
     * @var File
     */
    private File $file;


    /**
     * Position to the token which is to be listened.
     *
     * @var int
     */
    private int $stackPos;

    /**
     * Token stack of the current file.
     *
     * @var array
     */
    private array $tokens;

    /**
     * DocHelper constructor.
     *
     * @param File $file File object of file which is processed.
     * @param int $stackPos Position to the token which is processed.
     */
    public function __construct(File $file, int $stackPos)
    {
        $this->file = $file;
        $this->tokens = $file->getTokens();
        $this->stackPos = $stackPos;
    }

    /**
     * Returns position to the class comment end.
     *
     * @return int|null Position to the class comment end.
     */
    public function getBlockEndPosition(): ?int
    {
        if ($this->blockEndPosition === false) {
            $this->blockEndPosition = $this->loadBlockEndPosition();
        }

        return $this->blockEndPosition;
    }

    /**
     * Returns token data of the evaluated class comment end.
     *
     * @return array Token data of the comment end.
     */
    public function getBlockEndToken(): array
    {
        if (!$this->hasDocBlock()) {
            throw new DomainException(
                sprintf('Missing doc block for position %s of file %s.', $this->stackPos, $this->file->getFilename())
            );
        }

        return $this->tokens[$this->getBlockEndPosition()];
    }

    /**
     * Returns pointer to the class comment start.
     *
     * @return int Pointer to the class comment start.
     */
    public function getBlockStartPosition(): int
    {
        $commentEndToken = $this->getBlockEndToken();

        return $commentEndToken['comment_opener'];
    }

    /**
     * Returns token data of the evaluated class comment start.
     *
     * @return array Token data of the comment start.
     */
    public function getBlockStartToken(): array
    {
        $commentStartPtr = $this->getBlockStartPosition();

        return $this->tokens[$commentStartPtr];
    }

    /**
     * Returns true if there is a doc block.
     *
     * @return bool
     */
    public function hasDocBlock(): bool
    {
        return $this->getBlockEndPosition() !== null;
    }

    /**
     * Returns true if this doc block is a multi line comment.
     *
     * @return bool
     */
    public function isMultiLine(): bool
    {
        $openingToken = $this->getBlockStartToken();
        $closingToken = $this->getBlockEndToken();

        return $openingToken['line'] < $closingToken['line'];
    }

    /**
     * Returns the position of the token for the doc block end.
     *
     * @return int|null
     */
    private function loadBlockEndPosition(): ?int
    {
        $endPos = $this->file->findPrevious(
            [T_DOC_COMMENT_CLOSE_TAG],
            $this->stackPos - 1,
            // Search till the next method, property, etc ...
            TokenHelper::findPreviousExcluding(
                $this->file,
                TokenHelper::$ineffectiveTokenCodes + Tokens::$methodPrefixes,
                $this->stackPos - 1
            )
        );

        return $endPos !== false ? $endPos : null;
    }
}


1		<?php
2
3		declare(strict_types=1);
4
5		namespace BestIt\CodeSniffer\Helper;
6
7		use DomainException;
8		use PHP_CodeSniffer\Files\File;
9		use PHP_CodeSniffer\Util\Tokens;
10		use function sprintf;
11		use const T_DOC_COMMENT_CLOSE_TAG;
12
13		/**
14		* Class DocHelper
15		*
16		* @author Nick Lubisch <[email protected]>
17		* @package BestIt\CodeSniffer\Helper
18		*/
19		class DocHelper
20		{
21		/**
22		* The position of the end token of the doc block.
23		*
24		* @var int\|null\|bool If false then it will be loaded in the getter.
25		*/
26		private $blockEndPosition = false;
27
28		/**
29		* The php cs file.
30		*
31		* @var File
32		*/
33		private File $file;
		0 ignored issues – show Bug introduced 2020-06-12 10:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_STRING, expecting T_FUNCTION or T_CONST Loading history...
34
35		/**
36		* Position to the token which is to be listened.
37		*
38		* @var int
39		*/
40		private int $stackPos;
41
42		/**
43		* Token stack of the current file.
44		*
45		* @var array
46	121	*/
47		private array $tokens;
48	121
49	121	/**
50	121	* DocHelper constructor.
51	121	*
52		* @param File $file File object of file which is processed.
53		* @param int $stackPos Position to the token which is processed.
54		*/
55		public function __construct(File $file, int $stackPos)
56		{
57		$this->file = $file;
58		$this->tokens = $file->getTokens();
59		$this->stackPos = $stackPos;
60	121	}
61
62	121	/**
63	121	* Returns position to the class comment end.
64		*
65	121	* @return int\|null Position to the class comment end.
66	121	*/
67		public function getBlockEndPosition(): ?int
68	4	{
69	4	if ($this->blockEndPosition === false) {
70	4	$this->blockEndPosition = $this->loadBlockEndPosition();
71	4	}
72
73		return $this->blockEndPosition;
74	4	}
75
76		/**
77	117	* Returns token data of the evaluated class comment end.
78		*
79		* @return array Token data of the comment end.
80		*/
81		public function getBlockEndToken(): array
82		{
83		if (!$this->hasDocBlock()) {
84		throw new DomainException(
85	117	sprintf('Missing doc block for position %s of file %s.', $this->stackPos, $this->file->getFilename())
86		);
87	117	}
88	117
89		return $this->tokens[$this->getBlockEndPosition()];
90	117	}
91	4
92	4	/**
93	4	* Returns pointer to the class comment start.
94	4	*
95		* @return int Pointer to the class comment start.
96		*/
97	4	public function getBlockStartPosition(): int
98		{
99		$commentEndToken = $this->getBlockEndToken();
100	113
101		return $commentEndToken['comment_opener'];
102		}
103
104		/**
105		* Returns token data of the evaluated class comment start.
106		*
107		* @return array Token data of the comment start.
108	117	*/
109		public function getBlockStartToken(): array
110	117	{
111		$commentStartPtr = $this->getBlockStartPosition();
112	117
113		return $this->tokens[$commentStartPtr];
114		}
115
116		/**
117		* Returns true if there is a doc block.
118		*
119		* @return bool
120	117	*/
121		public function hasDocBlock(): bool
122	117	{
123		return $this->getBlockEndPosition() !== null;
124	117	}
125
126		/**
127		* Returns true if this doc block is a multi line comment.
128		*
129		* @return bool
130		*/
131		public function isMultiLine(): bool
132	121	{
133		$openingToken = $this->getBlockStartToken();
134	121	$closingToken = $this->getBlockEndToken();
135	121
136	121	return $openingToken['line'] < $closingToken['line'];
137		}
138
139	121	/**
140	121	* Returns the position of the token for the doc block end.
141	121	*
142	121	* @return int\|null
143	121	*/
144		private function loadBlockEndPosition(): ?int
145		{
146		$endPos = $this->file->findPrevious(
147		[T_DOC_COMMENT_CLOSE_TAG],
148		$this->stackPos - 1,
149		// Search till the next method, property, etc ...
150		TokenHelper::findPreviousExcluding(
151		$this->file,
152	121	TokenHelper::$ineffectiveTokenCodes + Tokens::$methodPrefixes,
153		$this->stackPos - 1
154	121	)
155		);
156
157		return $endPos !== false ? $endPos : null;
158		}
159		}
160

bestit / PHP_CodeSniffer

Issues (51)

Security Analysis no request data

Standards/BestIt/CodeSniffer/Helper/DocHelper.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like