Issues in Hal.php (master) - Issues in master - blongden/hal - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Hal.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * This file is part of the Hal library
 *
 * (c) Ben Longden <[email protected]
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @package Nocarrier
 */

namespace Nocarrier;

/**
 * The Hal document class
 *
 * @package Nocarrier
 * @author Ben Longden <[email protected]>
 */
class Hal
{
    /**
     * The uri represented by this representation.
     *
     * @var string
     */
    protected $uri;

    /**
     * The data for this resource. An associative array of key value pairs.
     *
     * array(
     *     'price' => 30.00,
     *     'colour' => 'blue'
     * )
     *
     * @var array
     */
    protected $data;

    /**
     * An array of embedded Hal objects representing embedded resources.
     *
     * @var array
     */
    protected $resources = array();

    /**
     * A collection of \Nocarrier\HalLink objects keyed by the link relation to
     * this resource.
     *
     * array(
     *     'next' => [HalLink]
     * )
     *
     * @var array
     */
    protected $links = null;

    /**
     * A list of rel types for links that will force a rel type to array for one element
     *
     * @var array
     */
    protected $arrayLinkRels = array();

    /**
     * A list of rel types for links that will force a rel type to array for one element
     *
     * @var array
     */
    protected $arrayResourceRels = array();

    /**
     * Whether xml attribute markers should be stripped when rendering
     *
     * @var string
     */
    protected $shouldStripAttributes = true;

    /**
     * Construct a new Hal object from an array of data. You can markup the
     * $data array with certain keys and values in order to affect the
     * generated JSON or XML documents if required to do so.
     *
     * '@' prefix on any array key will cause the value to be set as an
     * attribute on the XML element generated by the parent. i.e, array('x' =>
     * array('@href' => 'http://url')) will yield <x href='http://url'></x> in
     * the XML representation. The @ prefix will be stripped from the JSON
     * representation.
     *
     * Specifying the key 'value' will cause the value of this key to be set as
     * the value of the XML element instead of a child. i.e, array('x' =>
     * array('value' => 'example')) will yield <x>example</x> in the XML
     * representation. This will not affect the JSON representation.
     *
     * @param mixed $uri
     * @param array|Traversable $data
     *
     * @throws \RuntimeException
     */
    public function __construct($uri = null, $data = array())
    {
        $this->uri = $uri;

        if (!is_array($data) && !$data instanceof \Traversable) {
            throw new \RuntimeException(
                'The $data parameter must be an array or an object implementing the Traversable interface.');
        }
        $this->data = $data;

        $this->links = new HalLinkContainer();

    }

    /**
     * Decode a application/hal+json document into a Nocarrier\Hal object.
     *
     * @param string $data
     * @param int $depth
     * @static
     * @access public
     * @return \Nocarrier\Hal
     */
    public static function fromJson($data, $depth = 0)
    {
        return JsonHalFactory::fromJson(new static(), $data, $depth);
    }

    /**
     * Decode a application/hal+xml document into a Nocarrier\Hal object.
     *
     * @param int $depth
     *
     * @static
     * @access public
     * @return \Nocarrier\Hal
     */
    public static function fromXml($data, $depth = 0)
    {
        return XmlHalFactory::fromXml(new static(), $data, $depth);
    }

    /**
     * Add a link to the resource, identified by $rel, located at $uri.
     *
     * @param string $rel
     * @param string $uri
     * @param array $attributes
     *   Other attributes, as defined by HAL spec and RFC 5988.
     * @param bool $forceArray whether to force a rel to be an array if it has only one entry
     * @return \Nocarrier\Hal
     */
    public function addLink($rel, $uri, array $attributes = array(), $forceArray = false)
    {
        return $this->addHalLink($rel, new HalLink($uri, $attributes), $forceArray);
    }

    /**
     * Add a link instance to the resource, identified by $rel.
     *
     * @param string $rel
     * @param HalLink $link
     * @param bool $forceArray whether to force a rel to be an array if it has only one entry
     * @return \Nocarrier\Hal
     */
    public function addHalLink($rel, HalLink $link, $forceArray = false)
    {
        $this->links[$rel][] = $link;

        if ($forceArray) {
            $this->arrayLinkRels[] = $rel;
        }

        return $this;
    }

    /**
     * Add an embedded resource, identified by $rel and represented by $resource.
     *
     * @param string $rel
     * @param \Nocarrier\Hal $resource
     *
     * @return \Nocarrier\Hal
     */
    public function addResource($rel, \Nocarrier\Hal $resource = null, $forceArray = true)
    {
        if (!is_string($rel)) {
            throw new \InvalidArgumentException(
                "Argument 1 passed to Hal::addResource() must be a string describing the resource relationship"
            );
        }

        $this->resources[$rel][] = $resource;

        if ($forceArray) {
            $this->arrayResourceRels[] = $rel;
        }

        return $this;
    }

    /**
     * Set an embedded resource, identified by $rel and represented by $resource
     *
     * Using this method signifies that $rel will only ever be a single object
     * (only really relevant to JSON rendering)
     *
     * @param string $rel
     * @param Hal $resource
     */
    public function setResource($rel, $resource)
    {
        if (is_array($resource)) {
            foreach ($resource as $r) {
                $this->addResource($rel, $r);
            }

            return $this;
        }

        if (!($resource instanceof Hal)) {
            throw new \InvalidArgumentException('$resource should be of type array or Nocarrier\Hal');
        }

        $this->resources[$rel][] = $resource;

        return $this;
    }

    /**
     * Set resource's data
     */
    public function setData(Array $data = null)
    {
        $this->data = $data;
function aContainsB(array $needle = null, array  $haystack) {
    if (!$needle) {
        return false;
    }

    return array_intersect($haystack, $needle) == $haystack;
}
        return $this;
    }

    /**
     * Return an array of data (key => value pairs) representing this resource.
     *
     * @param null|string data key
     * @return mixed Returns an array if no key is passed in, otherwise returns the data
     */
    public function getData($key = null)
    {
        if ($key) {
            return isset($this->data[$key]) ? $this->data[$key] : array();
        }

        return $this->data;
    }

    /**
     * Return an array of Nocarrier\HalLink objects representing resources
     * related to this one.
     *
     * @return array A collection of \Nocarrier\HalLink
     */
    public function getLinks()
    {
        return $this->links;
    }

    /**
     * Lookup and return an array of HalLink objects for a given relation.
     * Will also resolve CURIE rels if required.
     *
     * @param string $rel The link relation required
     * @return array|bool
     *   Array of HalLink objects if found. Otherwise false.
     */
    public function getLink($rel)
    {
        return $this->links->get($rel);
    }

    /**
     * Return an array of Nocarrier\Hal objected embedded in this one.
     *
     * @return array
     */
    public function getResources()
    {
        $resources = array_map(function ($resource) {
            return is_array($resource) ? $resource : array($resource);
        }, $this->getRawResources());

        return $resources;
    }

    /**
     * Return an array of Nocarrier\Hal objected embedded in this one.
     *
     * @return Hal
     */
    public function getResource($rel)
    {
        $resources = $this->getResources();

        if (isset($resources[$rel])) {
            return $resources[$rel];
        }

        return null;
    }

    /**
     * Return an array of Nocarrier\Hal objected embedded in this one. Each key
     * may contain an array of resources, or a single resource. For a
     * consistent approach, use getResources
     *
     * @return array
     */
    public function getRawResources()
    {
        return $this->resources;
    }

    /**
     * Get the first resource for a given rel. Useful if you're only expecting
     * one resource, or you don't care about subsequent resources
     *
     * @return Hal
     */
    public function getFirstResource($rel)
    {
        $resource = $this->getResource($rel);

        if ($resource) {
            return $resource[0];
        }

        return null;
    }

    /**
     * Get the first link for a given rel. Useful if you're only expecting
     * one link, or you don't care about subsequent links
     *
     * @return HalLink
     */
    public function getFirstLink($rel)
    {
        $link = $this->getLink($rel);

        if ($link) {
            return $link[0];
        }

        return null;
    }

    /**
     * Set resource's URI
     */
    public function setUri($uri)
    {
        $this->uri = $uri;
        return $this;
    }

    /**
     * Get resource's URI.
     *
     * @return mixed
     */
    public function getUri()
    {
        return $this->uri;
    }

    /**
     * Return the current object in a application/hal+json format (links and
     * resources).
     *
     * @param bool $pretty
     *   Enable pretty-printing.
     * @param bool $encode
     *   Run through json_encode
     * @return string|array
     */
    public function asJson($pretty = false, $encode = true)
    {
        $renderer = new HalJsonRenderer();

        return $renderer->render($this, $pretty, $encode);
    }

    /**
     * Return the current object in a application/hal+xml format (links and
     * resources).
     *
     * @param bool $pretty Enable pretty-printing
     * @return string
     */
    public function asXml($pretty = false)
    {
        $renderer = new HalXmlRenderer();

        return $renderer->render($this, $pretty);
    }

    /**
     * Create a CURIE link template, used for abbreviating custom link
     * relations.
     *
     * e.g,
     * $hal->addCurie('acme', 'http://.../rels/{rel}');
     * $hal->addLink('acme:test', 'http://.../test');
     *
     * @param string $name
     * @param string $uri
     *
     * @return \Nocarrier\Hal
     */
    public function addCurie($name, $uri)
    {
        return $this->addLink('curies', $uri, array('name' => $name, 'templated' => true));
    }

    /**
     * Get a list of rel types for links that will be forced to an array for one element
     */
    public function getArrayLinkRels()
    {
        return $this->arrayLinkRels;
    }

    /**
     * Get a list of rel types for resources that will be forced to an array for one element
     */
    public function getArrayResourceRels()
    {
        return $this->arrayResourceRels;
    }

    public function getShouldStripAttributes()
    {
        return $this->shouldStripAttributes;
    }

    public function setShouldStripAttributes($shouldStripAttributes)
    {
        $this->shouldStripAttributes = $shouldStripAttributes;
        return $this;
    }

}


1			<?php
2			/**
3			* This file is part of the Hal library
4			*
5			* (c) Ben Longden <[email protected]
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*
10			* @package Nocarrier
11			*/
12
13			namespace Nocarrier;
14
15			/**
16			* The Hal document class
17			*
18			* @package Nocarrier
19			* @author Ben Longden <[email protected]>
20			*/
21			class Hal
22			{
23			/**
24			* The uri represented by this representation.
25			*
26			* @var string
27			*/
28			protected $uri;
29
30			/**
31			* The data for this resource. An associative array of key value pairs.
32			*
33			* array(
34			* 'price' => 30.00,
35			* 'colour' => 'blue'
36			* )
37			*
38			* @var array
39			*/
40			protected $data;
41
42			/**
43			* An array of embedded Hal objects representing embedded resources.
44			*
45			* @var array
46			*/
47			protected $resources = array();
48
49			/**
50			* A collection of \Nocarrier\HalLink objects keyed by the link relation to
51			* this resource.
52			*
53			* array(
54			* 'next' => [HalLink]
55			* )
56			*
57			* @var array
58			*/
59			protected $links = null;
60
61			/**
62			* A list of rel types for links that will force a rel type to array for one element
63			*
64			* @var array
65			*/
66			protected $arrayLinkRels = array();
67
68			/**
69			* A list of rel types for links that will force a rel type to array for one element
70			*
71			* @var array
72			*/
73			protected $arrayResourceRels = array();
74
75			/**
76			* Whether xml attribute markers should be stripped when rendering
77			*
78			* @var string
79			*/
80			protected $shouldStripAttributes = true;
81
82			/**
83			* Construct a new Hal object from an array of data. You can markup the
84			* $data array with certain keys and values in order to affect the
85			* generated JSON or XML documents if required to do so.
86			*
87			* '@' prefix on any array key will cause the value to be set as an
88			* attribute on the XML element generated by the parent. i.e, array('x' =>
89			* array('@href' => 'http://url')) will yield <x href='http://url'></x> in
90			* the XML representation. The @ prefix will be stripped from the JSON
91			* representation.
92			*
93			* Specifying the key 'value' will cause the value of this key to be set as
94			* the value of the XML element instead of a child. i.e, array('x' =>
95			* array('value' => 'example')) will yield <x>example</x> in the XML
96			* representation. This will not affect the JSON representation.
97			*
98			* @param mixed $uri
99			* @param array\|Traversable $data
100			*
101			* @throws \RuntimeException
102			*/
103			public function __construct($uri = null, $data = array())
104			{
105			$this->uri = $uri;
106
107			if (!is_array($data) && !$data instanceof \Traversable) {
108			throw new \RuntimeException(
109			'The $data parameter must be an array or an object implementing the Traversable interface.');
110			}
111			$this->data = $data;
112
113			$this->links = new HalLinkContainer();
			0 ignored issues – show Documentation Bug introduced 2016-03-28 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `new \Nocarrier\HalLinkContainer()` of type `object<Nocarrier\HalLinkContainer>` is incompatible with the declared type `array` of property `$links`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
114			}
115
116			/**
117			* Decode a application/hal+json document into a Nocarrier\Hal object.
118			*
119			* @param string $data
120			* @param int $depth
121			* @static
122			* @access public
123			* @return \Nocarrier\Hal
124			*/
125			public static function fromJson($data, $depth = 0)
126			{
127			return JsonHalFactory::fromJson(new static(), $data, $depth);
128			}
129
130			/**
131			* Decode a application/hal+xml document into a Nocarrier\Hal object.
132			*
133			* @param int $depth
134			*
135			* @static
136			* @access public
137			* @return \Nocarrier\Hal
138			*/
139			public static function fromXml($data, $depth = 0)
140			{
141			return XmlHalFactory::fromXml(new static(), $data, $depth);
142			}
143
144			/**
145			* Add a link to the resource, identified by $rel, located at $uri.
146			*
147			* @param string $rel
148			* @param string $uri
149			* @param array $attributes
150			* Other attributes, as defined by HAL spec and RFC 5988.
151			* @param bool $forceArray whether to force a rel to be an array if it has only one entry
152			* @return \Nocarrier\Hal
153			*/
154			public function addLink($rel, $uri, array $attributes = array(), $forceArray = false)
155			{
156			return $this->addHalLink($rel, new HalLink($uri, $attributes), $forceArray);
157			}
158
159			/**
160			* Add a link instance to the resource, identified by $rel.
161			*
162			* @param string $rel
163			* @param HalLink $link
164			* @param bool $forceArray whether to force a rel to be an array if it has only one entry
165			* @return \Nocarrier\Hal
166			*/
167			public function addHalLink($rel, HalLink $link, $forceArray = false)
168			{
169			$this->links[$rel][] = $link;
170
171			if ($forceArray) {
172			$this->arrayLinkRels[] = $rel;
173			}
174
175			return $this;
176			}
177
178			/**
179			* Add an embedded resource, identified by $rel and represented by $resource.
180			*
181			* @param string $rel
182			* @param \Nocarrier\Hal $resource
183			*
184			* @return \Nocarrier\Hal
185			*/
186			public function addResource($rel, \Nocarrier\Hal $resource = null, $forceArray = true)
187			{
188			if (!is_string($rel)) {
189			throw new \InvalidArgumentException(
190			"Argument 1 passed to Hal::addResource() must be a string describing the resource relationship"
191			);
192			}
193
194			$this->resources[$rel][] = $resource;
195
196			if ($forceArray) {
197			$this->arrayResourceRels[] = $rel;
198			}
199
200			return $this;
201			}
202
203			/**
204			* Set an embedded resource, identified by $rel and represented by $resource
205			*
206			* Using this method signifies that $rel will only ever be a single object
207			* (only really relevant to JSON rendering)
208			*
209			* @param string $rel
210			* @param Hal $resource
211			*/
212			public function setResource($rel, $resource)
213			{
214			if (is_array($resource)) {
215			foreach ($resource as $r) {
216			$this->addResource($rel, $r);
217			}
218
219			return $this;
220			}
221
222			if (!($resource instanceof Hal)) {
223			throw new \InvalidArgumentException('$resource should be of type array or Nocarrier\Hal');
224			}
225
226			$this->resources[$rel][] = $resource;
227
228			return $this;
229			}
230
231			/**
232			* Set resource's data
233			*/
234			public function setData(Array $data = null)
235			{
236			$this->data = $data;
			0 ignored issues – show Documentation Bug introduced 2016-03-28 19:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$data` can be `null`. However, the property `$data` is declared as `array`. Maybe change the type of the property to `array\|null` or add a type check? Our type inference engine has found an assignment of a scalar value (like a string, an integer or null) to a property which is an array. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property. To type hint that a parameter can be either an array or null, you can set a type hint of array and a default value of null. The PHP interpreter will then accept both an array or null for that parameter. function aContainsB(array $needle = null, array $haystack) { if (!$needle) { return false; } return array_intersect($haystack, $needle) == $haystack; } The function can be called with either null or an array for the parameter `$needle` but will only accept an array as `$haystack`. Loading history...
237			return $this;
238			}
239
240			/**
241			* Return an array of data (key => value pairs) representing this resource.
242			*
243			* @param null\|string data key
244			* @return mixed Returns an array if no key is passed in, otherwise returns the data
245			*/
246			public function getData($key = null)
247			{
248			if ($key) {
249			return isset($this->data[$key]) ? $this->data[$key] : array();
250			}
251
252			return $this->data;
253			}
254
255			/**
256			* Return an array of Nocarrier\HalLink objects representing resources
257			* related to this one.
258			*
259			* @return array A collection of \Nocarrier\HalLink
260			*/
261			public function getLinks()
262			{
263			return $this->links;
264			}
265
266			/**
267			* Lookup and return an array of HalLink objects for a given relation.
268			* Will also resolve CURIE rels if required.
269			*
270			* @param string $rel The link relation required
271			* @return array\|bool
272			* Array of HalLink objects if found. Otherwise false.
273			*/
274			public function getLink($rel)
275			{
276			return $this->links->get($rel);
277			}
278
279			/**
280			* Return an array of Nocarrier\Hal objected embedded in this one.
281			*
282			* @return array
283			*/
284			public function getResources()
285			{
286			$resources = array_map(function ($resource) {
287			return is_array($resource) ? $resource : array($resource);
288			}, $this->getRawResources());
289
290			return $resources;
291			}
292
293			/**
294			* Return an array of Nocarrier\Hal objected embedded in this one.
295			*
296			* @return Hal
297			*/
298			public function getResource($rel)
299			{
300			$resources = $this->getResources();
301
302			if (isset($resources[$rel])) {
303			return $resources[$rel];
304			}
305
306			return null;
307			}
308
309			/**
310			* Return an array of Nocarrier\Hal objected embedded in this one. Each key
311			* may contain an array of resources, or a single resource. For a
312			* consistent approach, use getResources
313			*
314			* @return array
315			*/
316			public function getRawResources()
317			{
318			return $this->resources;
319			}
320
321			/**
322			* Get the first resource for a given rel. Useful if you're only expecting
323			* one resource, or you don't care about subsequent resources
324			*
325			* @return Hal
326			*/
327			public function getFirstResource($rel)
328			{
329			$resource = $this->getResource($rel);
330
331			if ($resource) {
332			return $resource[0];
333			}
334
335			return null;
336			}
337
338			/**
339			* Get the first link for a given rel. Useful if you're only expecting
340			* one link, or you don't care about subsequent links
341			*
342			* @return HalLink
343			*/
344			public function getFirstLink($rel)
345			{
346			$link = $this->getLink($rel);
347
348			if ($link) {
349			return $link[0];
350			}
351
352			return null;
353			}
354
355			/**
356			* Set resource's URI
357			*/
358			public function setUri($uri)
359			{
360			$this->uri = $uri;
361			return $this;
362			}
363
364			/**
365			* Get resource's URI.
366			*
367			* @return mixed
368			*/
369			public function getUri()
370			{
371			return $this->uri;
372			}
373
374			/**
375			* Return the current object in a application/hal+json format (links and
376			* resources).
377			*
378			* @param bool $pretty
379			* Enable pretty-printing.
380			* @param bool $encode
381			* Run through json_encode
382			* @return string\|array
383			*/
384			public function asJson($pretty = false, $encode = true)
385			{
386			$renderer = new HalJsonRenderer();
387
388			return $renderer->render($this, $pretty, $encode);
389			}
390
391			/**
392			* Return the current object in a application/hal+xml format (links and
393			* resources).
394			*
395			* @param bool $pretty Enable pretty-printing
396			* @return string
397			*/
398			public function asXml($pretty = false)
399			{
400			$renderer = new HalXmlRenderer();
401
402			return $renderer->render($this, $pretty);
403			}
404
405			/**
406			* Create a CURIE link template, used for abbreviating custom link
407			* relations.
408			*
409			* e.g,
410			* $hal->addCurie('acme', 'http://.../rels/{rel}');
411			* $hal->addLink('acme:test', 'http://.../test');
412			*
413			* @param string $name
414			* @param string $uri
415			*
416			* @return \Nocarrier\Hal
417			*/
418			public function addCurie($name, $uri)
419			{
420			return $this->addLink('curies', $uri, array('name' => $name, 'templated' => true));
421			}
422
423			/**
424			* Get a list of rel types for links that will be forced to an array for one element
425			*/
426			public function getArrayLinkRels()
427			{
428			return $this->arrayLinkRels;
429			}
430
431			/**
432			* Get a list of rel types for resources that will be forced to an array for one element
433			*/
434			public function getArrayResourceRels()
435			{
436			return $this->arrayResourceRels;
437			}
438
439			public function getShouldStripAttributes()
440			{
441			return $this->shouldStripAttributes;
442			}
443
444			public function setShouldStripAttributes($shouldStripAttributes)
445			{
446			$this->shouldStripAttributes = $shouldStripAttributes;
447			return $this;
448			}
449
450			}
451

blongden / hal

Issues (9)

Security Analysis no request data

src/Hal.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like