Issues in MultilingualContext.php (master) - Issues in master - byKolev/MultilingualExtension - Measure and Improve Code Quality continuously with Scrutinizer

Issues (4)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Context/MultilingualContext.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace kolev\MultilingualExtension\Context;

use Behat\Behat\Context\Context;
use Symfony\Component\Yaml\Yaml;
use Drupal\DrupalExtension\Context\DrupalContext;
use Behat\MinkExtension;
use Behat\Behat\Context\TranslatableContext;
use Behat\Mink\Element\Element;
use Behat\Gherkin\Node\TableNode;
use Behat\Behat\Hook\Scope\BeforeScenarioScope;
use Behat\MinkExtension\Context\RawMinkContext;

/**
 * This is the file for Multilingual context for Drupal. The context is working based on specifications
 * in the profile. The user needs to provide the language of the site and the translation file.
 *
 * The user is free to provide either full "english" or shortened "en" prefix for new languages
 * but all translations should follow common pattern. For example if the site's language
 * is marked as "en" you should define your translations with "en".
 *
 * It is important to note that the English language is used as a base.
 *
 * This is very early version of the context so it probably has some bugs/issues and points to be improved.
 *
 * @author Toni Kolev <[email protected]>
 * @skype k-o-l-e-v
 * @github https://github.com/byKolev
 */

class MultilingualContext extends RawMultilingualContext {

    /** Multilanguage implementation */

    // Declaring translations variable to store all translations.
    public $translations = array();

    // Declaring languages_iso_codes variable to store all languages ISO codes from json file.
    public $languages_iso_codes = array();


    // Parse the YAML translations to PHP array variable.
    public function parseTranslationFile() {
        $base_path = $this->getMinkParameter('files_path');
        $base_path = $base_path."/";
        $file_path = $base_path.$this->multilingual_parameters['translations'];
        $yaml = file_get_contents($file_path);
        $yaml_parse_array_check = Yaml::parse($yaml);
        if(is_array($yaml_parse_array_check)) {
            $this->translations = $yaml_parse_array_check;
        }
    }

    // Checks whether the translations file variable is set in the Behat profile and parses it to array.
    public function initializeMultilanguage() {
        if(isset($this->multilingual_parameters['translations'])) {
            $this->parseTranslationFile();
        }
        $this->parseLanguageCodes();
    }

    //This function parses the languages_iso_codes.json file to an array.
    public function parseLanguageCodes() {
        $languages_iso_codes_string = file_get_contents("vendor/kolev/multilingual-extension/src/Resources/languages_iso_codes.json");
        $this->languages_iso_codes = json_decode($languages_iso_codes_string, true);

    }

    /*
     * This function detects site's language based on URL. If no URL language is detected
     * the default_language is used.
     */

    public function languageDetection() {
        $current_url = $this->getSession()->getCurrentUrl();
        $base_url = $this->getMinkParameter('base_url');
        // Checks whether the last symbol in the base_url is /, if not it adds it
        if (substr($base_url, -1) != "/") {
            $base_url = $base_url."/";
        }
        $base_url_length = strlen($base_url);
        //Get the 2 symbols in current URL after the base_url when Clean URLs is enabled
        $clean_url_language_code = substr($current_url,$base_url_length,2);
        $not_clean_url_language_code = substr($current_url,$base_url_length+3,2);
        if(in_array($clean_url_language_code,$this->languages_iso_codes) && substr($current_url,$base_url_length+2,1) == "/") {
            return $clean_url_language_code;
        }
        else if (in_array($not_clean_url_language_code,$this->languages_iso_codes) && substr($current_url,$base_url_length+5,1) == "/"){
            return $not_clean_url_language_code;
        }
        else return $this->multilingual_parameters['default_language'];
    }

    /**
     * This function localizes the targeted string. It tries to find a definition of the provided text (in English)
     * in the translations file that is provided within the profile parameters. If it fails to find translation
     * for the requested language it falls back to English. If the string is not defined at all in the translations
     * file there will be an exception thrown.
     */

    public function localizeTarget($target) {
        $translations = $this->multilingual_parameters['translations'];
        if(isset($this->translations[$target][$this->multilingual_parameters['default_language']])){
            $target = $this->translations[$target][$this->languageDetection()];
            return $target;
        }
        elseif (isset($this->translations[$target])) {
            return $target;
        }
        else throw new \Exception ("The text '$target'' is not defined in '$translations' translation file.");
    }

    /**
     * This function localizes the field based on Drupal standards. default_language variable is used as a base.
     */

    public function localizeField($field) {
        $re = "/(?:[-])(".$this->multilingual_parameters['default_language'].")(?:[-])/";
        $language = "-".$this->languageDetection()."-";
        $field = preg_replace($re, $language,$field);
        return $field;
    }


    /**
     * Initialize the multilingual context before the scenario.
     * @BeforeScenario
     * @Given /^I initialize multilingual context/
     */
    public function iInitializeMultilingualContext() {
        $this->initializeMultilanguage();
    }

    /**
     *
     * @Given /^I follow localized "(?P<link>(?:[^"]|\\")*)"/
     */
    public function iFollowLocalized($target) {

        $pos = strpos($target, '-en-');

        if ($pos === false) {
            $target = $this->localizeTarget($target);
        } else {
            $target = $this->localizeField($target);
        }
        
        $this->getSession()->getPage()->clickLink($target);
    }

    /**
     *
     * @Given /^I follow second localized "(?P<link>(?:[^"]|\\")*)"/
     */
    public function iFollowLocalizedSecond($target) {
        $target = $this->localizeTarget($target);
        $this->getSession()->getPage()->clickLink($target);
    }

    /**
     * Click on some text.
     *
     * @When /^I click on the localized text "([^"]*)"$/
     */

    public function iClickOnTheLocalizedText($target) {
        $target = $this->localizeTarget($target);
        $this->iClickOnTheText($target);
    }

    /**
     * Checks, that page contains specified text in input
     *
     * @Then /^(?:|I )should see localized value "(?P<text>(?:[^"]|\\")*)" in input "([^"]*)"$/
     */

    public function iShouldSeeLocalizedValueInInput($value, $input) {
        $value = $this->localizeTarget($value);
        $this->assertValueInInput($value, $input);
    }

    /**
     * Checks, that page contains specified text
     *
     * @Then /^(?:|I )should see localized "(?P<text>(?:[^"]|\\")*)"$/
     */

    public function iShouldSeeLocalized($target) {
        $target = $this->localizeTarget($target);
        $this->assertSession()->pageTextContains($target);
    }

    /**
     * Checks, that page doesn't contain specified text
     *
     * @Then /^(?:|I )should not see localized "(?P<text>(?:[^"]|\\")*)"$/
     */
    public function iShouldNotSeeLocalized($target)
    {
        $target = $this->localizeTarget($target);
        $this->assertSession()->pageTextNotContains($target);
    }

    /**
     * Waiting for text to appear on a page with certain execution time
     *
     * @When /^I wait for localized text "([^"]*)" to appear with max time "([^"]+)"(?: seconds)?$/
     */
    public function iWaitForLocalizedTextToAppearWithMaxTime($target, $maxExecutionTime){
        $target = $this->localizeTarget($target);
        $this->iWaitForTextToAppearWithMaxTime($target, $maxExecutionTime);
    }

    /**
     * Fills in form field with specified id|name|label|value
     * Example: When I fill in "username" with: "bwayne"
     * Example: And I fill in "bwayne" for "username"
     *
     * @When /^(?:|I )fill in localized "(?P<field>(?:[^"]|\\")*)" with "(?P<value>(?:[^"]|\\")*)"$/
     * @When /^(?:|I )fill in localized "(?P<field>(?:[^"]|\\")*)" with:$/
     * @When /^(?:|I )fill in localized "(?P<value>(?:[^"]|\\")*)" for "(?P<field>(?:[^"]|\\")*)"$/
     */
    public function fillLocalizedField($field, $value)
    {
        $field = $this->localizeField($field);
        $this->getSession()->getPage()->fillField($field, $value);
    }

    /**
     * @Given I click localized :link in the :rowText row
     * @Then I (should )see the localized :link in the :rowText row
     */
    public function assertLocalizedClickInTableRow($link, $rowText){
        $link = $this->localizeTarget($link);
        $page = $this->getSession()->getPage();
        if ($link_element = $this->getTableRow($page, $rowText)->findLink($link)) {
            // Click the link and return.
            $link_element->click();
            return;
        }
        throw new \Exception(sprintf('Found a row containing "%s", but no "%s" link on the page %s', $rowText, $link, $this->getSession()->getCurrentUrl()));
    }

    public function getTableRow(Element $element, $search) {
        $rows = $element->findAll('css', 'tr');
        if (empty($rows)) {
            throw new \Exception(sprintf('No rows found on the page %s', $this->getSession()->getCurrentUrl()));
        }
        foreach ($rows as $row) {
            if (strpos($row->getText(), $search) !== FALSE) {
                return $row;
            }
        }
        throw new \Exception(sprintf('Failed to find a row containing "%s" on the page %s', $search, $this->getSession()->getCurrentUrl()));
    }

    /**
     * Click on text in specified region
     *
     * @When /^I click on the localized text "([^"]*)" in the "(?P<region>[^"]*)"(?:| region)$/
     */
    public function iClickOnTheLocalizedTextInRegion($text, $region){
        $text = $this->localizeTarget($text);
        $this->iClickOnTheTextInRegion($text, $region);
    }

    /**
     * Choose certain option from given selector
     *
     * @When I select localized :option from chosen :selector
     */
    public function lselectLocalizedOptionWithJavascript($selector, $option) {
        $localizedOption = $this->localizeTarget($option);
        $this->selectOptionWithJavascript($selector, $localizedOption);
    }

    /**
     * @When I select the localized radio button :label with the id :id
     * @When I select the localized radio button :label
     *
     */
    public function assertSelectLocalizedRadioById($label, $id = '') {
        $label = $this->localizeTarget($label);
        $this->assertSelectRadioById($label, $id);
    }
}


1			<?php
2
3			namespace kolev\MultilingualExtension\Context;
4
5			use Behat\Behat\Context\Context;
6			use Symfony\Component\Yaml\Yaml;
7			use Drupal\DrupalExtension\Context\DrupalContext;
8			use Behat\MinkExtension;
9			use Behat\Behat\Context\TranslatableContext;
10			use Behat\Mink\Element\Element;
11			use Behat\Gherkin\Node\TableNode;
12			use Behat\Behat\Hook\Scope\BeforeScenarioScope;
13			use Behat\MinkExtension\Context\RawMinkContext;
14
15			/**
16			* This is the file for Multilingual context for Drupal. The context is working based on specifications
17			* in the profile. The user needs to provide the language of the site and the translation file.
18			*
19			* The user is free to provide either full "english" or shortened "en" prefix for new languages
20			* but all translations should follow common pattern. For example if the site's language
21			* is marked as "en" you should define your translations with "en".
22			*
23			* It is important to note that the English language is used as a base.
24			*
25			* This is very early version of the context so it probably has some bugs/issues and points to be improved.
26			*
27			* @author Toni Kolev <[email protected]>
28			* @skype k-o-l-e-v
29			* @github https://github.com/byKolev
30			*/
31
32			class MultilingualContext extends RawMultilingualContext {
33
34			/** Multilanguage implementation */
35
36			// Declaring translations variable to store all translations.
37			public $translations = array();
38
39			// Declaring languages_iso_codes variable to store all languages ISO codes from json file.
40			public $languages_iso_codes = array();
41
42
43			// Parse the YAML translations to PHP array variable.
44			public function parseTranslationFile() {
45			$base_path = $this->getMinkParameter('files_path');
46			$base_path = $base_path."/";
47			$file_path = $base_path.$this->multilingual_parameters['translations'];
48			$yaml = file_get_contents($file_path);
49			$yaml_parse_array_check = Yaml::parse($yaml);
50			if(is_array($yaml_parse_array_check)) {
51			$this->translations = $yaml_parse_array_check;
52			}
53			}
54
55			// Checks whether the translations file variable is set in the Behat profile and parses it to array.
56			public function initializeMultilanguage() {
57			if(isset($this->multilingual_parameters['translations'])) {
58			$this->parseTranslationFile();
59			}
60			$this->parseLanguageCodes();
61			}
62
63			//This function parses the languages_iso_codes.json file to an array.
64			public function parseLanguageCodes() {
65			$languages_iso_codes_string = file_get_contents("vendor/kolev/multilingual-extension/src/Resources/languages_iso_codes.json");
66			$this->languages_iso_codes = json_decode($languages_iso_codes_string, true);
			0 ignored issues – show Documentation Bug introduced 2016-07-13 10:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `json_decode($languages_iso_codes_string, true)` of type `*` is incompatible with the declared type `array` of property `$languages_iso_codes`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
67			}
68
69			/*
70			* This function detects site's language based on URL. If no URL language is detected
71			* the default_language is used.
72			*/
73
74			public function languageDetection() {
75			$current_url = $this->getSession()->getCurrentUrl();
76			$base_url = $this->getMinkParameter('base_url');
77			// Checks whether the last symbol in the base_url is /, if not it adds it
78			if (substr($base_url, -1) != "/") {
79			$base_url = $base_url."/";
80			}
81			$base_url_length = strlen($base_url);
82			//Get the 2 symbols in current URL after the base_url when Clean URLs is enabled
83			$clean_url_language_code = substr($current_url,$base_url_length,2);
84			$not_clean_url_language_code = substr($current_url,$base_url_length+3,2);
85			if(in_array($clean_url_language_code,$this->languages_iso_codes) && substr($current_url,$base_url_length+2,1) == "/") {
86			return $clean_url_language_code;
87			}
88			else if (in_array($not_clean_url_language_code,$this->languages_iso_codes) && substr($current_url,$base_url_length+5,1) == "/"){
89			return $not_clean_url_language_code;
90			}
91			else return $this->multilingual_parameters['default_language'];
92			}
93
94			/**
95			* This function localizes the targeted string. It tries to find a definition of the provided text (in English)
96			* in the translations file that is provided within the profile parameters. If it fails to find translation
97			* for the requested language it falls back to English. If the string is not defined at all in the translations
98			* file there will be an exception thrown.
99			*/
100
101			public function localizeTarget($target) {
102			$translations = $this->multilingual_parameters['translations'];
103			if(isset($this->translations[$target][$this->multilingual_parameters['default_language']])){
104			$target = $this->translations[$target][$this->languageDetection()];
105			return $target;
106			}
107			elseif (isset($this->translations[$target])) {
108			return $target;
109			}
110			else throw new \Exception ("The text '$target'' is not defined in '$translations' translation file.");
111			}
112
113			/**
114			* This function localizes the field based on Drupal standards. default_language variable is used as a base.
115			*/
116
117			public function localizeField($field) {
118			$re = "/(?:[-])(".$this->multilingual_parameters['default_language'].")(?:[-])/";
119			$language = "-".$this->languageDetection()."-";
120			$field = preg_replace($re, $language,$field);
121			return $field;
122			}
123
124
125			/**
126			* Initialize the multilingual context before the scenario.
127			* @BeforeScenario
128			* @Given /^I initialize multilingual context/
129			*/
130			public function iInitializeMultilingualContext() {
131			$this->initializeMultilanguage();
132			}
133
134			/**
135			*
136			* @Given /^I follow localized "(?P<link>(?:[^"]\|\\")*)"/
137			*/
138			public function iFollowLocalized($target) {
139
140			$pos = strpos($target, '-en-');
141
142			if ($pos === false) {
143			$target = $this->localizeTarget($target);
144			} else {
145			$target = $this->localizeField($target);
146			}
147
148			$this->getSession()->getPage()->clickLink($target);
149			}
150
151			/**
152			*
153			* @Given /^I follow second localized "(?P<link>(?:[^"]\|\\")*)"/
154			*/
155			public function iFollowLocalizedSecond($target) {
156			$target = $this->localizeTarget($target);
157			$this->getSession()->getPage()->clickLink($target);
158			}
159
160			/**
161			* Click on some text.
162			*
163			* @When /^I click on the localized text "([^"]*)"$/
164			*/
165
166			public function iClickOnTheLocalizedText($target) {
167			$target = $this->localizeTarget($target);
168			$this->iClickOnTheText($target);
169			}
170
171			/**
172			* Checks, that page contains specified text in input
173			*
174			* @Then /^(?:\|I )should see localized value "(?P<text>(?:[^"]\|\\"))" in input "([^"])"$/
175			*/
176
177			public function iShouldSeeLocalizedValueInInput($value, $input) {
178			$value = $this->localizeTarget($value);
179			$this->assertValueInInput($value, $input);
180			}
181
182			/**
183			* Checks, that page contains specified text
184			*
185			* @Then /^(?:\|I )should see localized "(?P<text>(?:[^"]\|\\")*)"$/
186			*/
187
188			public function iShouldSeeLocalized($target) {
189			$target = $this->localizeTarget($target);
190			$this->assertSession()->pageTextContains($target);
191			}
192
193			/**
194			* Checks, that page doesn't contain specified text
195			*
196			* @Then /^(?:\|I )should not see localized "(?P<text>(?:[^"]\|\\")*)"$/
197			*/
198			public function iShouldNotSeeLocalized($target)
199			{
200			$target = $this->localizeTarget($target);
201			$this->assertSession()->pageTextNotContains($target);
202			}
203
204			/**
205			* Waiting for text to appear on a page with certain execution time
206			*
207			* @When /^I wait for localized text "([^"]*)" to appear with max time "([^"]+)"(?: seconds)?$/
208			*/
209			public function iWaitForLocalizedTextToAppearWithMaxTime($target, $maxExecutionTime){
210			$target = $this->localizeTarget($target);
211			$this->iWaitForTextToAppearWithMaxTime($target, $maxExecutionTime);
212			}
213
214			/**
215			* Fills in form field with specified id\|name\|label\|value
216			* Example: When I fill in "username" with: "bwayne"
217			* Example: And I fill in "bwayne" for "username"
218			*
219			* @When /^(?:\|I )fill in localized "(?P<field>(?:[^"]\|\\"))" with "(?P<value>(?:[^"]\|\\"))"$/
220			* @When /^(?:\|I )fill in localized "(?P<field>(?:[^"]\|\\")*)" with:$/
221			* @When /^(?:\|I )fill in localized "(?P<value>(?:[^"]\|\\"))" for "(?P<field>(?:[^"]\|\\"))"$/
222			*/
223			public function fillLocalizedField($field, $value)
224			{
225			$field = $this->localizeField($field);
226			$this->getSession()->getPage()->fillField($field, $value);
227			}
228
229			/**
230			* @Given I click localized :link in the :rowText row
231			* @Then I (should )see the localized :link in the :rowText row
232			*/
233			public function assertLocalizedClickInTableRow($link, $rowText){
234			$link = $this->localizeTarget($link);
235			$page = $this->getSession()->getPage();
236			if ($link_element = $this->getTableRow($page, $rowText)->findLink($link)) {
237			// Click the link and return.
238			$link_element->click();
239			return;
240			}
241			throw new \Exception(sprintf('Found a row containing "%s", but no "%s" link on the page %s', $rowText, $link, $this->getSession()->getCurrentUrl()));
242			}
243
244			public function getTableRow(Element $element, $search) {
245			$rows = $element->findAll('css', 'tr');
246			if (empty($rows)) {
247			throw new \Exception(sprintf('No rows found on the page %s', $this->getSession()->getCurrentUrl()));
248			}
249			foreach ($rows as $row) {
250			if (strpos($row->getText(), $search) !== FALSE) {
251			return $row;
252			}
253			}
254			throw new \Exception(sprintf('Failed to find a row containing "%s" on the page %s', $search, $this->getSession()->getCurrentUrl()));
255			}
256
257			/**
258			* Click on text in specified region
259			*
260			* @When /^I click on the localized text "([^"])" in the "(?P<region>[^"])"(?:\| region)$/
261			*/
262			public function iClickOnTheLocalizedTextInRegion($text, $region){
263			$text = $this->localizeTarget($text);
264			$this->iClickOnTheTextInRegion($text, $region);
265			}
266
267			/**
268			* Choose certain option from given selector
269			*
270			* @When I select localized :option from chosen :selector
271			*/
272			public function lselectLocalizedOptionWithJavascript($selector, $option) {
273			$localizedOption = $this->localizeTarget($option);
274			$this->selectOptionWithJavascript($selector, $localizedOption);
275			}
276
277			/**
278			* @When I select the localized radio button :label with the id :id
279			* @When I select the localized radio button :label
280			*
281			*/
282			public function assertSelectLocalizedRadioById($label, $id = '') {
283			$label = $this->localizeTarget($label);
284			$this->assertSelectRadioById($label, $id);
285			}
286			}
287

byKolev / MultilingualExtension

Issues (4)

Security Analysis no request data

src/Context/MultilingualContext.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like