Issues in AlphabeticallySortedUsesSniff.php (master) - Issues in master - bestit/PHP_CodeSniffer - Measure and Improve Code Quality continuously with Scrutinizer

Issues (51)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Formatting/AlphabeticallySortedUsesSniff.php (1 issue)

Labels

Bug 1

Severity

Critical 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

declare(strict_types=1);

namespace BestIt\Sniffs\Formatting;

use BestIt\CodeSniffer\CodeError;
use BestIt\CodeSniffer\CodeWarning;
use BestIt\CodeSniffer\Helper\TokenHelper;
use BestIt\CodeSniffer\Helper\UseStatementHelper;
use BestIt\Sniffs\AbstractSniff;
use SlevomatCodingStandard\Helpers\NamespaceHelper;
use SlevomatCodingStandard\Helpers\UseStatement;
use function end;
use function reset;
use function strcasecmp;
use function uasort;
use const T_OPEN_TAG;
use const T_SEMICOLON;

/**
 * Checks if the use statements are sorted alphabetically by PSR-12 Standard.
 *
 * @author blange <[email protected]>
 * @package BestIt\Sniffs\Formatting
 */
class AlphabeticallySortedUsesSniff extends AbstractSniff
{
    /**
     * You MUST provide your imports in alphabetically order, PSR-12 compatible.
     */
    public const CODE_INCORRECT_ORDER = 'IncorrectlyOrderedUses';

    /**
     * The found use statements.
     *
     * @var UseStatement[]
     */
    private array $useStatements;


    /**
     * Returns true if we have use statements.
     *
     * @return bool
     */
    protected function areRequirementsMet(): bool
    {
        return (bool) $this->useStatements = UseStatementHelper::getUseStatementsForPointer(
            $this->getFile(),
            $this->getStackPos()
        );
    }

    /**
     * Will removing a compare marker for the given use statements.
     *
     * @param UseStatement $prevStatement
     * @param UseStatement $nextStatement
     *
     * @return int 1 <=> -1 To move statements in a direction.
     */
    private function compareUseStatements(UseStatement $prevStatement, UseStatement $nextStatement): int
    {
        $callbacks = [
            'compareUseStatementsByType',
            'compareUseStatementsByContent',
            // This will return something in any case!
            'compareUseStatementsByNamespaceCount'
        ];

        foreach ($callbacks as $callback) {
            $compared = $this->$callback($prevStatement, $nextStatement);

            if ($compared !== null) {
                return $compared;
            }
        }
    }

    /**
     * Compares the given use statements by their string content.
     *
     * @SuppressWarnings(PHPMD.UnusedPrivateMethod)
     *
     * @param UseStatement $prevStatement
     * @param UseStatement $nextStatement
     *
     * @return int|null 1 <=> -1 To move statements in a direction.
     */
    private function compareUseStatementsByContent(UseStatement $prevStatement, UseStatement $nextStatement): ?int
    {
        $compareByContent = null;

        $prevParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $prevStatement->getFullyQualifiedTypeName());
        $nextParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $nextStatement->getFullyQualifiedTypeName());

        $minPartsCount = min(count($prevParts), count($nextParts));

        for ($i = 0; $i < $minPartsCount; ++$i) {
            $comparison = strcasecmp($prevParts[$i], $nextParts[$i]);

            if ($comparison) {
                $compareByContent = $comparison;
                break;
            }
        }

        return $compareByContent;
    }

    /**
     * The shorted usage comes at top.
     *
     * @SuppressWarnings(PHPMD.UnusedPrivateMethod)
     *
     * @param UseStatement $prevStatement
     * @param UseStatement $nextStatement
     *
     * @return int 1 <=> -1 To move statements in a direction.
     */
    private function compareUseStatementsByNamespaceCount(
        UseStatement $prevStatement,
        UseStatement $nextStatement
    ): int {
        $aNameParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $prevStatement->getFullyQualifiedTypeName());
        $bNameParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $nextStatement->getFullyQualifiedTypeName());

        return count($aNameParts) <=> count($bNameParts);
    }

    /**
     * Classes to the top, functions next, constants last.
     *
     * @SuppressWarnings(PHPMD.UnusedPrivateMethod)
     *
     * @param UseStatement $prevStatement
     * @param UseStatement $nextStatement
     *
     * @return int|null 1 <=> -1 To move statements in a direction.
     */
    private function compareUseStatementsByType(UseStatement $prevStatement, UseStatement $nextStatement): ?int
    {
        $comparedByType = null;

        if (!$prevStatement->hasSameType($nextStatement)) {
            $order = [
                UseStatement::TYPE_DEFAULT => 1,
                UseStatement::TYPE_FUNCTION => 2,
                UseStatement::TYPE_CONSTANT => 3,
            ];

            $file = $this->getFile();
            $comparedByType = $order[UseStatementHelper::getType($file, $prevStatement)] <=>
                $order[UseStatementHelper::getType($file, $nextStatement)];
        }

        return $comparedByType;
    }

    /**
     * Sorts the uses correctly and saves them in the file.
     *
     * @param CodeWarning $error
     *
     * @return void
     */
    protected function fixDefaultProblem(CodeWarning $error): void
    {
        // Satisfy phpmd
        unset($error);

        $firstUseStatement = reset($this->useStatements);

        $file = $this->getFile();

        $file->fixer->beginChangeset();

        $this->removeOldUseStatements($firstUseStatement);

        $file->fixer->addContent(
            $firstUseStatement->getPointer(),
            $this->getNewUseStatements()
        );

        $file->fixer->endChangeset();
    }

    /**
     * Returns the new statements as a string for fixing.
     *
     * @return string
     */
    private function getNewUseStatements(): string
    {
        $this->sortUseStatements();

        $file = $this->getFile();

        return implode(
            $file->eolChar,
            array_map(
                function (UseStatement $useStatement) use ($file): string {
                    $unqualifiedName = NamespaceHelper::getUnqualifiedNameFromFullyQualifiedName(
                        $useStatement->getFullyQualifiedTypeName()
                    );

                    $useTypeName = UseStatementHelper::getTypeName($file, $useStatement);
                    $useTypeFormatted = $useTypeName ? sprintf('%s ', $useTypeName) : '';

                    return ($unqualifiedName === $useStatement->getNameAsReferencedInFile())
                        ? sprintf(
                            'use %s%s;',
                            $useTypeFormatted,
                            $useStatement->getFullyQualifiedTypeName()
                        )
                        : sprintf(
                            'use %s%s as %s;',
                            $useTypeFormatted,
                            $useStatement->getFullyQualifiedTypeName(),
                            $useStatement->getNameAsReferencedInFile()
                        );
                },
                $this->useStatements
            )
        );
    }

    /**
     * Checks if the uses are in the correct order.
     *
     * @throws CodeError
     *
     * @return void
     */
    protected function processToken(): void
    {
        $prevStatement = null;

        foreach ($this->useStatements as $useStatement) {
            if ($prevStatement && ($this->compareUseStatements($prevStatement, $useStatement) > 0)) {
                $exception = new CodeError(
                    static::CODE_INCORRECT_ORDER,
                    'Use statements should be sorted alphabetically. The first wrong one is %s.',
                    $useStatement->getPointer()
                );

                $exception
                    ->setPayload([$useStatement->getFullyQualifiedTypeName()])
                    ->isFixable(true);

                throw $exception;
            }

            $prevStatement = $useStatement;
        }
    }

    /**
     * Registers the tokens that this sniff wants to listen for.
     *
     * An example return value for a sniff that wants to listen for whitespace
     * and any comments would be:
     *
     * <code>
     *    return array(
     *            T_WHITESPACE,
     *            T_DOC_COMMENT,
     *            T_COMMENT,
     *           );
     * </code>
     *
     * @return int[]
     */
    public function register(): array
    {
        return [T_OPEN_TAG];
    }

    /**
     * Removes the lines of the old statements.
     *
     * @param UseStatement $firstUseStatement
     *
     * @return void
     */
    private function removeOldUseStatements(UseStatement $firstUseStatement): void
    {
        $file = $this->getFile();
        $lastUseStatement = end($this->useStatements);
        $lastSemicolonPointer = TokenHelper::findNext($file, T_SEMICOLON, $lastUseStatement->getPointer());

        for ($i = $firstUseStatement->getPointer(); $i <= $lastSemicolonPointer; $i++) {
            $file->fixer->replaceToken($i, '');
        }
    }

    /**
     * Saves the use-property by the compare function.
     *
     * @return void
     */
    private function sortUseStatements(): void
    {
        uasort($this->useStatements, function (UseStatement $prevStatement, UseStatement $nextStatement) {
            return $this->compareUseStatements($prevStatement, $nextStatement);
        });
    }
}


1			<?php
2
3			declare(strict_types=1);
4
5			namespace BestIt\Sniffs\Formatting;
6
7			use BestIt\CodeSniffer\CodeError;
8			use BestIt\CodeSniffer\CodeWarning;
9			use BestIt\CodeSniffer\Helper\TokenHelper;
10			use BestIt\CodeSniffer\Helper\UseStatementHelper;
11			use BestIt\Sniffs\AbstractSniff;
12			use SlevomatCodingStandard\Helpers\NamespaceHelper;
13			use SlevomatCodingStandard\Helpers\UseStatement;
14			use function end;
15			use function reset;
16			use function strcasecmp;
17			use function uasort;
18			use const T_OPEN_TAG;
19			use const T_SEMICOLON;
20
21			/**
22			* Checks if the use statements are sorted alphabetically by PSR-12 Standard.
23			*
24			* @author blange <[email protected]>
25			* @package BestIt\Sniffs\Formatting
26			*/
27			class AlphabeticallySortedUsesSniff extends AbstractSniff
28			{
29			/**
30			* You MUST provide your imports in alphabetically order, PSR-12 compatible.
31			*/
32			public const CODE_INCORRECT_ORDER = 'IncorrectlyOrderedUses';
33
34			/**
35			* The found use statements.
36			*
37			* @var UseStatement[]
38			*/
39			private array $useStatements;
			0 ignored issues – show Bug introduced 2020-06-12 10:39 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code did not parse for me. Apparently, there is an error somewhere around this line: Syntax error, unexpected T_ARRAY, expecting T_FUNCTION or T_CONST Loading history...
40
41			/**
42			* Returns true if we have use statements.
43			*
44			* @return bool
45			*/
46			protected function areRequirementsMet(): bool
47			{
48			return (bool) $this->useStatements = UseStatementHelper::getUseStatementsForPointer(
49			$this->getFile(),
50			$this->getStackPos()
51			);
52			}
53
54			/**
55			* Will removing a compare marker for the given use statements.
56			*
57			* @param UseStatement $prevStatement
58			* @param UseStatement $nextStatement
59			*
60			* @return int 1 <=> -1 To move statements in a direction.
61			*/
62			private function compareUseStatements(UseStatement $prevStatement, UseStatement $nextStatement): int
63			{
64			$callbacks = [
65			'compareUseStatementsByType',
66			'compareUseStatementsByContent',
67			// This will return something in any case!
68			'compareUseStatementsByNamespaceCount'
69			];
70
71			foreach ($callbacks as $callback) {
72			$compared = $this->$callback($prevStatement, $nextStatement);
73
74			if ($compared !== null) {
75			return $compared;
76			}
77			}
78			}
79
80			/**
81			* Compares the given use statements by their string content.
82			*
83			* @SuppressWarnings(PHPMD.UnusedPrivateMethod)
84			*
85			* @param UseStatement $prevStatement
86			* @param UseStatement $nextStatement
87			*
88			* @return int\|null 1 <=> -1 To move statements in a direction.
89			*/
90			private function compareUseStatementsByContent(UseStatement $prevStatement, UseStatement $nextStatement): ?int
91			{
92			$compareByContent = null;
93
94			$prevParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $prevStatement->getFullyQualifiedTypeName());
95			$nextParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $nextStatement->getFullyQualifiedTypeName());
96
97			$minPartsCount = min(count($prevParts), count($nextParts));
98
99			for ($i = 0; $i < $minPartsCount; ++$i) {
100			$comparison = strcasecmp($prevParts[$i], $nextParts[$i]);
101
102			if ($comparison) {
103			$compareByContent = $comparison;
104			break;
105			}
106			}
107
108			return $compareByContent;
109			}
110
111			/**
112			* The shorted usage comes at top.
113			*
114			* @SuppressWarnings(PHPMD.UnusedPrivateMethod)
115			*
116			* @param UseStatement $prevStatement
117			* @param UseStatement $nextStatement
118			*
119			* @return int 1 <=> -1 To move statements in a direction.
120			*/
121			private function compareUseStatementsByNamespaceCount(
122			UseStatement $prevStatement,
123			UseStatement $nextStatement
124			): int {
125			$aNameParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $prevStatement->getFullyQualifiedTypeName());
126			$bNameParts = explode(NamespaceHelper::NAMESPACE_SEPARATOR, $nextStatement->getFullyQualifiedTypeName());
127
128			return count($aNameParts) <=> count($bNameParts);
129			}
130
131			/**
132			* Classes to the top, functions next, constants last.
133			*
134			* @SuppressWarnings(PHPMD.UnusedPrivateMethod)
135			*
136			* @param UseStatement $prevStatement
137			* @param UseStatement $nextStatement
138			*
139			* @return int\|null 1 <=> -1 To move statements in a direction.
140			*/
141			private function compareUseStatementsByType(UseStatement $prevStatement, UseStatement $nextStatement): ?int
142			{
143			$comparedByType = null;
144
145			if (!$prevStatement->hasSameType($nextStatement)) {
146			$order = [
147			UseStatement::TYPE_DEFAULT => 1,
148			UseStatement::TYPE_FUNCTION => 2,
149			UseStatement::TYPE_CONSTANT => 3,
150			];
151
152			$file = $this->getFile();
153			$comparedByType = $order[UseStatementHelper::getType($file, $prevStatement)] <=>
154			$order[UseStatementHelper::getType($file, $nextStatement)];
155			}
156
157			return $comparedByType;
158			}
159
160			/**
161			* Sorts the uses correctly and saves them in the file.
162			*
163			* @param CodeWarning $error
164			*
165			* @return void
166			*/
167			protected function fixDefaultProblem(CodeWarning $error): void
168			{
169			// Satisfy phpmd
170			unset($error);
171
172			$firstUseStatement = reset($this->useStatements);
173
174			$file = $this->getFile();
175
176			$file->fixer->beginChangeset();
177
178			$this->removeOldUseStatements($firstUseStatement);
179
180			$file->fixer->addContent(
181			$firstUseStatement->getPointer(),
182			$this->getNewUseStatements()
183			);
184
185			$file->fixer->endChangeset();
186			}
187
188			/**
189			* Returns the new statements as a string for fixing.
190			*
191			* @return string
192			*/
193			private function getNewUseStatements(): string
194			{
195			$this->sortUseStatements();
196
197			$file = $this->getFile();
198
199			return implode(
200			$file->eolChar,
201			array_map(
202			function (UseStatement $useStatement) use ($file): string {
203			$unqualifiedName = NamespaceHelper::getUnqualifiedNameFromFullyQualifiedName(
204			$useStatement->getFullyQualifiedTypeName()
205			);
206
207			$useTypeName = UseStatementHelper::getTypeName($file, $useStatement);
208			$useTypeFormatted = $useTypeName ? sprintf('%s ', $useTypeName) : '';
209
210			return ($unqualifiedName === $useStatement->getNameAsReferencedInFile())
211			? sprintf(
212			'use %s%s;',
213			$useTypeFormatted,
214			$useStatement->getFullyQualifiedTypeName()
215			)
216			: sprintf(
217			'use %s%s as %s;',
218			$useTypeFormatted,
219			$useStatement->getFullyQualifiedTypeName(),
220			$useStatement->getNameAsReferencedInFile()
221			);
222			},
223			$this->useStatements
224			)
225			);
226			}
227
228			/**
229			* Checks if the uses are in the correct order.
230			*
231			* @throws CodeError
232			*
233			* @return void
234			*/
235			protected function processToken(): void
236			{
237			$prevStatement = null;
238
239			foreach ($this->useStatements as $useStatement) {
240			if ($prevStatement && ($this->compareUseStatements($prevStatement, $useStatement) > 0)) {
241			$exception = new CodeError(
242			static::CODE_INCORRECT_ORDER,
243			'Use statements should be sorted alphabetically. The first wrong one is %s.',
244			$useStatement->getPointer()
245			);
246
247			$exception
248			->setPayload([$useStatement->getFullyQualifiedTypeName()])
249			->isFixable(true);
250
251			throw $exception;
252			}
253
254			$prevStatement = $useStatement;
255			}
256			}
257
258			/**
259			* Registers the tokens that this sniff wants to listen for.
260			*
261			* An example return value for a sniff that wants to listen for whitespace
262			* and any comments would be:
263			*
264			* <code>
265			* return array(
266			* T_WHITESPACE,
267			* T_DOC_COMMENT,
268			* T_COMMENT,
269			* );
270			* </code>
271			*
272			* @return int[]
273			*/
274			public function register(): array
275			{
276			return [T_OPEN_TAG];
277			}
278
279			/**
280			* Removes the lines of the old statements.
281			*
282			* @param UseStatement $firstUseStatement
283			*
284			* @return void
285			*/
286			private function removeOldUseStatements(UseStatement $firstUseStatement): void
287			{
288			$file = $this->getFile();
289			$lastUseStatement = end($this->useStatements);
290			$lastSemicolonPointer = TokenHelper::findNext($file, T_SEMICOLON, $lastUseStatement->getPointer());
291
292			for ($i = $firstUseStatement->getPointer(); $i <= $lastSemicolonPointer; $i++) {
293			$file->fixer->replaceToken($i, '');
294			}
295			}
296
297			/**
298			* Saves the use-property by the compare function.
299			*
300			* @return void
301			*/
302			private function sortUseStatements(): void
303			{
304			uasort($this->useStatements, function (UseStatement $prevStatement, UseStatement $nextStatement) {
305			return $this->compareUseStatements($prevStatement, $nextStatement);
306			});
307			}
308			}
309

bestit / PHP_CodeSniffer

Issues (51)

Security Analysis no request data

Formatting/AlphabeticallySortedUsesSniff.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like