Issues in BrowscapCache.php (master) - Issues in master - browscap/browscap-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (41)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Cache/BrowscapCache.php (3 issues)

Labels

Bug 3

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types = 1);

namespace BrowscapPHP\Cache;

use Psr\Log\LoggerInterface;
use Psr\SimpleCache\CacheInterface;
use Psr\SimpleCache\InvalidArgumentException;

/**
 * A cache proxy to be able to use the cache adapters provided by the WurflCache package
 */
final class BrowscapCache implements BrowscapCacheInterface
{
    /**
     * Path to the cache directory
     *
     * @var \Psr\SimpleCache\CacheInterface
     */
    private $cache;

    /**
     * @var \Psr\Log\LoggerInterface
     */
    private $logger;

    /**
     * Detected browscap version (read from INI file)
     *
     * @var int
     */
    private $version;

    /**
     * Release date of the Browscap data (read from INI file)
     *
     * @var string
     */
    private $releaseDate;

    /**
     * Type of the Browscap data (read from INI file)
     *
     * @var string
     */
    private $type;

    /**
     * Constructor class, checks for the existence of (and loads) the cache and
     * if needed updated the definitions
     *
     * @param \Psr\SimpleCache\CacheInterface $adapter
     * @param LoggerInterface $logger
     */
    public function __construct(CacheInterface $adapter, LoggerInterface $logger)
    {
        $this->cache = $adapter;
        $this->logger = $logger;
    }

    /**
     * Gets the version of the Browscap data
     *
     * @return int
     */
    public function getVersion() : ?int
    {
        if (null === $this->version) {
            $success = null;

            try {
                $version = $this->getItem('browscap.version', false, $success);
            } catch (InvalidArgumentException $e) {

                $this->logger->error(new \InvalidArgumentException('an error occured while reading the data version from the cache', 0, $e));
                $version = null;
            }

            if (null !== $version && $success) {
                $this->version = (int) $version;
            }
        }

        return $this->version;
    }

    /**
     * Gets the release date of the Browscap data
     *
     * @return string|null
     */
    public function getReleaseDate() : ?string
    {
        if (null === $this->releaseDate) {
            $success = null;

            try {
                $releaseDate = $this->getItem('browscap.releaseDate', false, $success);
            } catch (InvalidArgumentException $e) {

                $this->logger->error(new \InvalidArgumentException('an error occured while reading the data release date from the cache', 0, $e));
                $releaseDate = null;
            }

            if (null !== $releaseDate && $success) {
                $this->releaseDate = $releaseDate;
            }
        }

        return $this->releaseDate;
    }

    /**
     * Gets the type of the Browscap data
     */
    public function getType() : ?string
    {
        if (null === $this->type) {
            $success = null;

            try {
                $type = $this->getItem('browscap.type', false, $success);
            } catch (InvalidArgumentException $e) {

                $this->logger->error(new \InvalidArgumentException('an error occured while reading the data type from the cache', 0, $e));
                $type = null;
            }

            if (null !== $type && $success) {
                $this->type = $type;
            }
        }

        return $this->type;
    }

    /**
     * Get an item.
     *
     * @param string $cacheId
     * @param bool   $withVersion
     * @param bool   $success
     *
     * @throws \Psr\SimpleCache\InvalidArgumentException
     *
     * @return mixed Data on success, null on failure
     */
    public function getItem(string $cacheId, bool $withVersion = true, ?bool &$success = null)
    {
        if ($withVersion) {
            $cacheId .= '.' . $this->getVersion();
        }

        if (! $this->cache->has($cacheId)) {
            $success = false;

            return null;
        }

        $data = $this->cache->get($cacheId);

        if (! is_array($data) || ! array_key_exists('content', $data)) {
            $success = false;

            return null;
        }

        $success = true;

        return unserialize($data['content']);
    }

    /**
     * save the content into an php file
     *
     * @param string $cacheId     The cache id
     * @param mixed  $content     The content to store
     * @param bool   $withVersion
     *
     * @throws \Psr\SimpleCache\InvalidArgumentException
     *
     * @return bool whether the file was correctly written to the disk
     */
    public function setItem(string $cacheId, $content, bool $withVersion = true) : bool
    {
        // Get the whole PHP code
        $data = [
            'content' => serialize($content),
        ];

        if ($withVersion) {
            $cacheId .= '.' . $this->getVersion();
        }

        // Save and return
        return $this->cache->set($cacheId, $data);
    }

    /**
     * Test if an item exists.
     *
     * @param string $cacheId
     * @param bool   $withVersion
     *
     * @throws \Psr\SimpleCache\InvalidArgumentException
     *
     * @return bool
     */
    public function hasItem(string $cacheId, bool $withVersion = true) : bool
    {
        if ($withVersion) {
            $cacheId .= '.' . $this->getVersion();
        }

        return $this->cache->has($cacheId);
    }

    /**
     * Remove an item.
     *
     * @param string $cacheId
     * @param bool   $withVersion
     *
     * @throws \Psr\SimpleCache\InvalidArgumentException
     *
     * @return bool
     */
    public function removeItem(string $cacheId, bool $withVersion = true) : bool
    {
        if ($withVersion) {
            $cacheId .= '.' . $this->getVersion();
        }

        return $this->cache->delete($cacheId);
    }

    /**
     * Flush the whole storage
     *
     * @return bool
     */
    public function flush() : bool
    {
        return $this->cache->clear();
    }
}


1		<?php
2		declare(strict_types = 1);
3
4		namespace BrowscapPHP\Cache;
5
6		use Psr\Log\LoggerInterface;
7		use Psr\SimpleCache\CacheInterface;
8		use Psr\SimpleCache\InvalidArgumentException;
9
10		/**
11		* A cache proxy to be able to use the cache adapters provided by the WurflCache package
12		*/
13		final class BrowscapCache implements BrowscapCacheInterface
14		{
15		/**
16		* Path to the cache directory
17		*
18		* @var \Psr\SimpleCache\CacheInterface
19		*/
20		private $cache;
21
22		/**
23		* @var \Psr\Log\LoggerInterface
24		*/
25		private $logger;
26
27		/**
28		* Detected browscap version (read from INI file)
29		*
30		* @var int
31		*/
32		private $version;
33
34		/**
35		* Release date of the Browscap data (read from INI file)
36		*
37		* @var string
38		*/
39		private $releaseDate;
40
41		/**
42		* Type of the Browscap data (read from INI file)
43		*
44		* @var string
45		*/
46		private $type;
47
48		/**
49		* Constructor class, checks for the existence of (and loads) the cache and
50		* if needed updated the definitions
51		*
52		* @param \Psr\SimpleCache\CacheInterface $adapter
53		* @param LoggerInterface $logger
54		*/
55	4	public function __construct(CacheInterface $adapter, LoggerInterface $logger)
56		{
57	4	$this->cache = $adapter;
58	4	$this->logger = $logger;
59	4	}
60
61		/**
62		* Gets the version of the Browscap data
63		*
64		* @return int
65		*/
66	2	public function getVersion() : ?int
67		{
68	2	if (null === $this->version) {
69	2	$success = null;
70
71		try {
72	2	$version = $this->getItem('browscap.version', false, $success);
73		} catch (InvalidArgumentException $e) {
		0 ignored issues – show Bug introduced 2017-10-10 19:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Psr\SimpleCache\InvalidArgumentException` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
74		$this->logger->error(new \InvalidArgumentException('an error occured while reading the data version from the cache', 0, $e));
75		$version = null;
76		}
77
78	2	if (null !== $version && $success) {
79	1	$this->version = (int) $version;
80		}
81		}
82
83	2	return $this->version;
84		}
85
86		/**
87		* Gets the release date of the Browscap data
88		*
89		* @return string\|null
90		*/
91	1	public function getReleaseDate() : ?string
92		{
93	1	if (null === $this->releaseDate) {
94	1	$success = null;
95
96		try {
97	1	$releaseDate = $this->getItem('browscap.releaseDate', false, $success);
98		} catch (InvalidArgumentException $e) {
		0 ignored issues – show Bug introduced 2017-10-10 19:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Psr\SimpleCache\InvalidArgumentException` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
99		$this->logger->error(new \InvalidArgumentException('an error occured while reading the data release date from the cache', 0, $e));
100		$releaseDate = null;
101		}
102
103	1	if (null !== $releaseDate && $success) {
104	1	$this->releaseDate = $releaseDate;
105		}
106		}
107
108	1	return $this->releaseDate;
109		}
110
111		/**
112		* Gets the type of the Browscap data
113		*/
114	1	public function getType() : ?string
115		{
116	1	if (null === $this->type) {
117	1	$success = null;
118
119		try {
120	1	$type = $this->getItem('browscap.type', false, $success);
121		} catch (InvalidArgumentException $e) {
		0 ignored issues – show Bug introduced 2017-10-10 19:07 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Psr\SimpleCache\InvalidArgumentException` does not exist. Did you forget a USE statement, or did you not list all dependencies? Scrutinizer analyzes your `composer.json`/`composer.lock` file if available to determine the classes, and functions that are defined by your dependencies. It seems like the listed class was neither found in your dependencies, nor was it found in the analyzed files in your repository. If you are using some other form of dependency management, you might want to disable this analysis. Loading history...
122		$this->logger->error(new \InvalidArgumentException('an error occured while reading the data type from the cache', 0, $e));
123		$type = null;
124		}
125
126	1	if (null !== $type && $success) {
127	1	$this->type = $type;
128		}
129		}
130
131	1	return $this->type;
132		}
133
134		/**
135		* Get an item.
136		*
137		* @param string $cacheId
138		* @param bool $withVersion
139		* @param bool $success
140		*
141		* @throws \Psr\SimpleCache\InvalidArgumentException
142		*
143		* @return mixed Data on success, null on failure
144		*/
145	3	public function getItem(string $cacheId, bool $withVersion = true, ?bool &$success = null)
146		{
147	3	if ($withVersion) {
148		$cacheId .= '.' . $this->getVersion();
149		}
150
151	3	if (! $this->cache->has($cacheId)) {
152	3	$success = false;
153
154	3	return null;
155		}
156
157	3	$data = $this->cache->get($cacheId);
158
159	3	if (! is_array($data) \|\| ! array_key_exists('content', $data)) {
160		$success = false;
161
162		return null;
163		}
164
165	3	$success = true;
166
167	3	return unserialize($data['content']);
168		}
169
170		/**
171		* save the content into an php file
172		*
173		* @param string $cacheId The cache id
174		* @param mixed $content The content to store
175		* @param bool $withVersion
176		*
177		* @throws \Psr\SimpleCache\InvalidArgumentException
178		*
179		* @return bool whether the file was correctly written to the disk
180		*/
181	3	public function setItem(string $cacheId, $content, bool $withVersion = true) : bool
182		{
183		// Get the whole PHP code
184		$data = [
185	3	'content' => serialize($content),
186		];
187
188	3	if ($withVersion) {
189		$cacheId .= '.' . $this->getVersion();
190		}
191
192		// Save and return
193	3	return $this->cache->set($cacheId, $data);
194		}
195
196		/**
197		* Test if an item exists.
198		*
199		* @param string $cacheId
200		* @param bool $withVersion
201		*
202		* @throws \Psr\SimpleCache\InvalidArgumentException
203		*
204		* @return bool
205		*/
206		public function hasItem(string $cacheId, bool $withVersion = true) : bool
207		{
208		if ($withVersion) {
209		$cacheId .= '.' . $this->getVersion();
210		}
211
212		return $this->cache->has($cacheId);
213		}
214
215		/**
216		* Remove an item.
217		*
218		* @param string $cacheId
219		* @param bool $withVersion
220		*
221		* @throws \Psr\SimpleCache\InvalidArgumentException
222		*
223		* @return bool
224		*/
225		public function removeItem(string $cacheId, bool $withVersion = true) : bool
226		{
227		if ($withVersion) {
228		$cacheId .= '.' . $this->getVersion();
229		}
230
231		return $this->cache->delete($cacheId);
232		}
233
234		/**
235		* Flush the whole storage
236		*
237		* @return bool
238		*/
239		public function flush() : bool
240		{
241		return $this->cache->clear();
242		}
243		}
244

browscap / browscap-php

Issues (41)

Security Analysis not enabled

src/Cache/BrowscapCache.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like