Issues in Context.php (master) - Issues in master - bresam/ivory-serializer - Measure and Improve Code Quality continuously with Scrutinizer

Issues (32)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Context/Context.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the Ivory Serializer package.
 *
 * (c) Eric GELOEN <[email protected]>
 *
 * For the full copyright and license information, please read the LICENSE
 * file that was distributed with this source code.
 */

namespace Ivory\Serializer\Context;

use Ivory\Serializer\Exclusion\ExclusionStrategy;
use Ivory\Serializer\Exclusion\ExclusionStrategyInterface;
use Ivory\Serializer\Mapping\MetadataInterface;
use Ivory\Serializer\Naming\IdenticalNamingStrategy;
use Ivory\Serializer\Naming\NamingStrategyInterface;
use Ivory\Serializer\Navigator\NavigatorInterface;
use Ivory\Serializer\Visitor\VisitorInterface;

/**
 * @author GeLo <[email protected]>
 */
class Context implements ContextInterface
{
    /**
     * @var NavigatorInterface
     */
    private $navigator;

    /**
     * @var VisitorInterface
     */
    private $visitor;

    /**
     * @var int
     */
    private $direction;

    /**
     * @var string
     */
    private $format;

    /**
     * @var bool
     */
    private $ignoreNull = false;

    /**
     * @var ExclusionStrategyInterface
     */
    private $exclusionStrategy;

    /**
     * @var NamingStrategyInterface
     */
    private $namingStrategy;

    /**
     * @var mixed[]
     */
    private $dataStack;

    /**
     * @var MetadataInterface[]
     */
    private $metadataStack;

    /**
     * @var mixed[]
     */
    private $options = [];

    /**
     * @param ExclusionStrategyInterface|null $exclusionStrategy
     * @param NamingStrategyInterface|null    $namingStrategy
     */
    public function __construct(
        ExclusionStrategyInterface $exclusionStrategy = null,
        NamingStrategyInterface $namingStrategy = null
    ) {
        $this->exclusionStrategy = $exclusionStrategy ?: new ExclusionStrategy();
        $this->namingStrategy = $namingStrategy ?: new IdenticalNamingStrategy();
    }

    /**
     * {@inheritdoc}
     */
    public function initialize(NavigatorInterface $navigator, VisitorInterface $visitor, $direction, $format)
    {
        $this
            ->setNavigator($navigator)
            ->setVisitor($visitor)
            ->setDirection($direction)
            ->setFormat($format)
            ->setDataStack([])
            ->setMetadataStack([]);
    }

    /**
     * {@inheritdoc}
     */
    public function getNavigator()
    {
        return $this->navigator;
    }

    /**
     * {@inheritdoc}
     */
    public function setNavigator(NavigatorInterface $navigator)
    {
        $this->navigator = $navigator;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getVisitor()
    {
        return $this->visitor;
    }

    /**
     * {@inheritdoc}
     */
    public function setVisitor(VisitorInterface $visitor)
    {
        $this->visitor = $visitor;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getDirection()
    {
        return $this->direction;
    }

    /**
     * {@inheritdoc}
     */
    public function setDirection($direction)
    {
        $this->direction = $direction;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getFormat()
    {
        return $this->format;
    }

    /**
     * {@inheritdoc}
     */
    public function setFormat($format)
    {
        $this->format = $format;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function isNullIgnored()
    {
        return $this->ignoreNull;
    }

    /**
     * {@inheritdoc}
     */
    public function setIgnoreNull($ignoreNull)
    {
        $this->ignoreNull = $ignoreNull;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getExclusionStrategy()
    {
        return $this->exclusionStrategy;
    }

    /**
     * {@inheritdoc}
     */
    public function setExclusionStrategy(ExclusionStrategyInterface $exclusionStrategy)
    {
        $this->exclusionStrategy = $exclusionStrategy;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getNamingStrategy()
    {
        return $this->namingStrategy;
    }

    /**
     * {@inheritdoc}
     */
    public function setNamingStrategy(NamingStrategyInterface $namingStrategy)
    {
        $this->namingStrategy = $namingStrategy;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getDataStack()
    {
        return $this->dataStack;
    }

    /**
     * {@inheritdoc}
     */
    public function setDataStack(array $dataStack)
    {
        $this->dataStack = $dataStack;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function getMetadataStack()
    {
        return $this->metadataStack;
    }

    /**
     * {@inheritdoc}
     */
    public function setMetadataStack(array $metadataStack)
    {
        $this->metadataStack = $metadataStack;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function enterScope($data, MetadataInterface $metadata)
    {
        $this->dataStack[] = $data;
        $this->metadataStack[] = $metadata;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function leaveScope()
    {
        array_pop($this->dataStack);
        array_pop($this->metadataStack);

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function hasOptions()
    {
        return $this->options;
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
    }

    /**
     * {@inheritdoc}
     */
    public function getOptions()
    {
        return $this->options;
    }

    /**
     * {@inheritdoc}
     */
    public function setOptions(array $options)
    {
        $this->options = [];
        $this->addOptions($options);

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function addOptions(array $options)
    {
        foreach ($options as $option => $value) {
            $this->setOption($option, $value);
        }

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function hasOption($option)
    {
        return array_key_exists($option, $this->options);
    }

    /**
     * {@inheritdoc}
     */
    public function getOption($option)
    {
        return $this->hasOption($option) ? $this->options[$option] : null;
    }

    /**
     * {@inheritdoc}
     */
    public function setOption($option, $value)
    {
        $this->options[$option] = $value;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function removeOption($option)
    {
        unset($this->options[$option]);

        return $this;
    }
}


1		<?php
2
3		/*
4		* This file is part of the Ivory Serializer package.
5		*
6		* (c) Eric GELOEN <[email protected]>
7		*
8		* For the full copyright and license information, please read the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		namespace Ivory\Serializer\Context;
13
14		use Ivory\Serializer\Exclusion\ExclusionStrategy;
15		use Ivory\Serializer\Exclusion\ExclusionStrategyInterface;
16		use Ivory\Serializer\Mapping\MetadataInterface;
17		use Ivory\Serializer\Naming\IdenticalNamingStrategy;
18		use Ivory\Serializer\Naming\NamingStrategyInterface;
19		use Ivory\Serializer\Navigator\NavigatorInterface;
20		use Ivory\Serializer\Visitor\VisitorInterface;
21
22		/**
23		* @author GeLo <[email protected]>
24		*/
25		class Context implements ContextInterface
26		{
27		/**
28		* @var NavigatorInterface
29		*/
30		private $navigator;
31
32		/**
33		* @var VisitorInterface
34		*/
35		private $visitor;
36
37		/**
38		* @var int
39		*/
40		private $direction;
41
42		/**
43		* @var string
44		*/
45		private $format;
46
47		/**
48		* @var bool
49		*/
50		private $ignoreNull = false;
51
52		/**
53		* @var ExclusionStrategyInterface
54		*/
55		private $exclusionStrategy;
56
57		/**
58		* @var NamingStrategyInterface
59		*/
60		private $namingStrategy;
61
62		/**
63		* @var mixed[]
64		*/
65		private $dataStack;
66
67		/**
68		* @var MetadataInterface[]
69		*/
70		private $metadataStack;
71
72		/**
73		* @var mixed[]
74		*/
75		private $options = [];
76
77		/**
78		* @param ExclusionStrategyInterface\|null $exclusionStrategy
79		* @param NamingStrategyInterface\|null $namingStrategy
80		*/
81	1216	public function __construct(
82		ExclusionStrategyInterface $exclusionStrategy = null,
83		NamingStrategyInterface $namingStrategy = null
84		) {
85	1216	$this->exclusionStrategy = $exclusionStrategy ?: new ExclusionStrategy();
86	1216	$this->namingStrategy = $namingStrategy ?: new IdenticalNamingStrategy();
87	1216	}
88
89		/**
90		* {@inheritdoc}
91		*/
92	1472	public function initialize(NavigatorInterface $navigator, VisitorInterface $visitor, $direction, $format)
93		{
94		$this
95	1472	->setNavigator($navigator)
96	1472	->setVisitor($visitor)
97	1472	->setDirection($direction)
98	1472	->setFormat($format)
99	1472	->setDataStack([])
100	1472	->setMetadataStack([]);
101	1472	}
102
103		/**
104		* {@inheritdoc}
105		*/
106	1472	public function getNavigator()
107		{
108	1472	return $this->navigator;
109		}
110
111		/**
112		* {@inheritdoc}
113		*/
114	1472	public function setNavigator(NavigatorInterface $navigator)
115		{
116	1472	$this->navigator = $navigator;
117
118	1472	return $this;
119		}
120
121		/**
122		* {@inheritdoc}
123		*/
124	1456	public function getVisitor()
125		{
126	1456	return $this->visitor;
127		}
128
129		/**
130		* {@inheritdoc}
131		*/
132	1472	public function setVisitor(VisitorInterface $visitor)
133		{
134	1472	$this->visitor = $visitor;
135
136	1472	return $this;
137		}
138
139		/**
140		* {@inheritdoc}
141		*/
142	1472	public function getDirection()
143		{
144	1472	return $this->direction;
145		}
146
147		/**
148		* {@inheritdoc}
149		*/
150	1472	public function setDirection($direction)
151		{
152	1472	$this->direction = $direction;
153
154	1472	return $this;
155		}
156
157		/**
158		* {@inheritdoc}
159		*/
160		public function getFormat()
161		{
162		return $this->format;
163		}
164
165		/**
166		* {@inheritdoc}
167		*/
168	1472	public function setFormat($format)
169		{
170	1472	$this->format = $format;
171
172	1472	return $this;
173		}
174
175		/**
176		* {@inheritdoc}
177		*/
178	352	public function isNullIgnored()
179		{
180	352	return $this->ignoreNull;
181		}
182
183		/**
184		* {@inheritdoc}
185		*/
186		public function setIgnoreNull($ignoreNull)
187		{
188		$this->ignoreNull = $ignoreNull;
189
190		return $this;
191		}
192
193		/**
194		* {@inheritdoc}
195		*/
196	1192	public function getExclusionStrategy()
197		{
198	1192	return $this->exclusionStrategy;
199		}
200
201		/**
202		* {@inheritdoc}
203		*/
204		public function setExclusionStrategy(ExclusionStrategyInterface $exclusionStrategy)
205		{
206		$this->exclusionStrategy = $exclusionStrategy;
207
208		return $this;
209		}
210
211		/**
212		* {@inheritdoc}
213		*/
214	1088	public function getNamingStrategy()
215		{
216	1088	return $this->namingStrategy;
217		}
218
219		/**
220		* {@inheritdoc}
221		*/
222		public function setNamingStrategy(NamingStrategyInterface $namingStrategy)
223		{
224		$this->namingStrategy = $namingStrategy;
225
226		return $this;
227		}
228
229		/**
230		* {@inheritdoc}
231		*/
232	32	public function getDataStack()
233		{
234	32	return $this->dataStack;
235		}
236
237		/**
238		* {@inheritdoc}
239		*/
240	1472	public function setDataStack(array $dataStack)
241		{
242	1472	$this->dataStack = $dataStack;
243
244	1472	return $this;
245		}
246
247		/**
248		* {@inheritdoc}
249		*/
250	92	public function getMetadataStack()
251		{
252	92	return $this->metadataStack;
253		}
254
255		/**
256		* {@inheritdoc}
257		*/
258	1472	public function setMetadataStack(array $metadataStack)
259		{
260	1472	$this->metadataStack = $metadataStack;
261
262	1472	return $this;
263		}
264
265		/**
266		* {@inheritdoc}
267		*/
268	1192	public function enterScope($data, MetadataInterface $metadata)
269		{
270	1192	$this->dataStack[] = $data;
271	1192	$this->metadataStack[] = $metadata;
272
273	1192	return $this;
274		}
275
276		/**
277		* {@inheritdoc}
278		*/
279	1192	public function leaveScope()
280		{
281	1192	array_pop($this->dataStack);
282	1192	array_pop($this->metadataStack);
283
284	1192	return $this;
285		}
286
287		/**
288		* {@inheritdoc}
289		*/
290		public function hasOptions()
291		{
292		return $this->options;
		0 ignored issues – show Bug Best Practice introduced 2020-06-13 14:32 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->options;` (`array`) is incompatible with the return type declared by the interface `Ivory\Serializer\Context...xtInterface::hasOptions` of type `boolean`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
293		}
294
295		/**
296		* {@inheritdoc}
297		*/
298		public function getOptions()
299		{
300		return $this->options;
301		}
302
303		/**
304		* {@inheritdoc}
305		*/
306		public function setOptions(array $options)
307		{
308		$this->options = [];
309		$this->addOptions($options);
310
311		return $this;
312		}
313
314		/**
315		* {@inheritdoc}
316		*/
317		public function addOptions(array $options)
318		{
319		foreach ($options as $option => $value) {
320		$this->setOption($option, $value);
321		}
322
323		return $this;
324		}
325
326		/**
327		* {@inheritdoc}
328		*/
329		public function hasOption($option)
330		{
331		return array_key_exists($option, $this->options);
332		}
333
334		/**
335		* {@inheritdoc}
336		*/
337		public function getOption($option)
338		{
339		return $this->hasOption($option) ? $this->options[$option] : null;
340		}
341
342		/**
343		* {@inheritdoc}
344		*/
345		public function setOption($option, $value)
346		{
347		$this->options[$option] = $value;
348
349		return $this;
350		}
351
352		/**
353		* {@inheritdoc}
354		*/
355		public function removeOption($option)
356		{
357		unset($this->options[$option]);
358
359		return $this;
360		}
361		}
362

bresam / ivory-serializer

Issues (32)

Security Analysis no request data

src/Context/Context.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like