Issues in Config.php (master) - Issues in master - bytic/config - Measure and Improve Code Quality continuously with Scrutinizer

Issues (10)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Config.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Nip\Config;

use ArrayAccess;
use Countable;
use Iterator;

/**
 * Class Repository
 * @package Nip\Config
 */
class Config implements Countable, Iterator, ArrayAccess
{
    /**
     * Whether modifications to configuration data are allowed.
     *
     * @var bool
     */
    protected $allowModifications;

    /**
     * All of the configuration items.
     *
     * @var array
     */
    protected $data = [];

    /**
     * Used when unsetting values during iteration to ensure we do not skip
     * the next element.
     *
     * @var bool
     */
    protected $skipNextIteration;

    /**
     * Create a new configuration repository.
     *
     * @param array $array
     * @param bool $allowModifications
     */
    public function __construct(array $array = [], $allowModifications = false)
    {
        $this->allowModifications = (bool) $allowModifications;

        foreach ($array as $key => $value) {
            $this->setDataItem($key, $value);
        }
    }

    /**
     * @param $name
     * @param $value
     * @return $this
     */
    protected function setDataItem($name, $value)
    {
        if (is_array($value)) {
            $value = new static($value, true);
        }
        if (null === $name) {
            $this->data[] = $value;
        } else {
            $this->data[$name] = $value;
        }

        return $this;
    }

    /**
     * @param $name
     * @return string
     */
    public function __get($name)
    {
        return $this->get($name);
    }

    /**
     * Retrieve a value and return $default if there is no element set.
     *
     * @param  string $key
     * @param  string $default
     * @return mixed
     */
    public function get($key, $default = null)
    {
        if (strpos($key, '.') === false) {
            $value = $this->getByKey($key);
        } else {
            $value = $this->getByPath($key);
        }

        return $value === null ? $default : $value;
    }

    /**
     * @param string $key
     * @return mixed|null
     */
    public function getByKey($key)
    {
        if ($this->hasByKey($key)) {
            return $this->data[$key];
        }

        return null;
    }

    /**
     * Determine if the given configuration value exists.
     *
     * @param  string $key
     * @return bool
     */
    public function hasByKey($key)
    {
        return isset($this->data[$key]);
    }

    /**
     * @param string $path
     * @return string
     */
    protected function getByPath($path)

    {
        $segments = explode('.', $path);
        $value = $this;
        foreach ($segments as $segment) {
            if ($value->hasByKey($segment)) {
                $value = $value->getByKey($segment);
            } else {
                return null;
            }
        }

        return $value;
    }

    /**
     * @param $key
     * @return bool
     */
    public function __isset($key)
    {
        return $this->has($key);
    }

    /**
     * Determine if the given configuration value exists.
     *
     * @param  string $key
     * @return bool
     */
    public function has($key)
    {
        if (strpos($key, '.') === false) {
            return $this->hasByKey($key);
        }

        return $this->hasByPath($key);
    }

    /**
     * @param string $path
     * @return bool
     */
    public function hasByPath($path)

    {
        $segments = explode('.', $path);
        $value = $this;
        foreach ($segments as $segment) {
            if ($value->hasByKey($segment)) {
                $value = $value->getByKey($segment);
            } else {
                return false;
            }
        }

        return ($value !== null);
    }

    /**
     * Determine if the given configuration option exists.
     *
     * @param  string $key
     * @return bool
     */
    public function offsetExists($key)
    {
        return $this->has($key);
    }

    /**
     * Get a configuration option.
     *
     * @param  string $key
     * @return mixed
     */
    public function offsetGet($key)
    {
        return $this->get($key);
    }

    /**
     * Set a configuration option.
     *
     * @param  string $key
     * @param  mixed $value
     * @return void
     */
    public function offsetSet($key, $value)
    {
        $this->set($key, $value);
    }

    /**
     * @param $name
     * @param $value
     * @return $this
     * @throws Exception\RuntimeException
     */
    public function set($name, $value)
    {
        if ($this->isReadOnly()) {
            throw new Exception\RuntimeException('Config is read only');
        }

        return $this->setDataItem($name, $value);
    }

    /**
     * Returns whether this Config object is read only or not.
     *
     * @return bool
     */
    public function isReadOnly()
    {
        return !$this->allowModifications;
    }

    /**
     * Unset a configuration option.
     *
     * @param  string $key
     * @return void
     */
    public function offsetUnset($key)
    {
        $this->set($key, null);
    }

    /**
     * @param string $path
     * @return $this
     */
    public function mergeFile($path)
    {
        $data = Factory::fromFile($path, false);
        $config = new self($data, $this->allowModifications);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
        return $this->merge($config);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
    }

    /**
     * Merge another Config with this one.
     *
     * For duplicate keys, the following will be performed:
     * - Nested Configs will be recursively merged.
     * - Items in $merge with INTEGER keys will be appended.
     * - Items in $merge with STRING keys will overwrite current values.
     *
     * @param  self $merge
     * @return $this
     */
    public function merge(self $merge)
    {
        /** @var self $value */
        foreach ($merge as $key => $value) {
            if (array_key_exists($key, $this->data)) {
                if (is_int($key)) {
                    $this->data[] = $value;
                } elseif ($value instanceof self && $this->data[$key] instanceof self) {
                    $this->data[$key]->merge($value);
                } else {

                    if ($value instanceof self) {
                        $this->data[$key] = new static($value->toArray(), $this->allowModifications);
                    } else {
                        $this->data[$key] = $value;
                    }
                }
            } else {

                if ($value instanceof self) {
                    $this->data[$key] = new static($value->toArray(), $this->allowModifications);
                } else {
                    $this->data[$key] = $value;
                }
            }
        }

        return $this;
    }

    /**
     * Return an associative array of the stored data.
     *
     * @return array
     */
    public function toArray()
    {
        $array = [];
        $data = $this->data;
        /** @var self $value */
        foreach ($data as $key => $value) {
            if ($value instanceof self) {
                $array[$key] = $value->toArray();
            } else {
                $array[$key] = $value;
            }
        }

        return $array;
    }

    /**
     * count(): defined by Countable interface.
     *
     * @see    Countable::count()
     * @return int
     */
    public function count()
    {
        return count($this->data);
    }

    /**
     * current(): defined by Iterator interface.
     *
     * @see    Iterator::current()
     * @return mixed
     */
    public function current()
    {
        $this->skipNextIteration = false;

        return current($this->data);
    }

    /**
     * next(): defined by Iterator interface.
     *
     * @see    Iterator::next()
     * @return void
     */
    public function next()
    {
        if ($this->skipNextIteration) {
            $this->skipNextIteration = false;

            return;
        }
        next($this->data);
    }

    /**
     * rewind(): defined by Iterator interface.
     *
     * @see    Iterator::rewind()
     * @return void
     */
    public function rewind()
    {
        $this->skipNextIteration = false;
        reset($this->data);
    }

    /**
     * valid(): defined by Iterator interface.
     *
     * @see    Iterator::valid()
     * @return bool
     */
    public function valid()
    {
        return ($this->key() !== null);
    }

    /**
     * key(): defined by Iterator interface.
     *
     * @see    Iterator::key()
     * @return mixed
     */
    public function key()
    {
        return key($this->data);
    }
}


1			<?php
2
3			namespace Nip\Config;
4
5			use ArrayAccess;
6			use Countable;
7			use Iterator;
8
9			/**
10			* Class Repository
11			* @package Nip\Config
12			*/
13			class Config implements Countable, Iterator, ArrayAccess
14			{
15			/**
16			* Whether modifications to configuration data are allowed.
17			*
18			* @var bool
19			*/
20			protected $allowModifications;
21
22			/**
23			* All of the configuration items.
24			*
25			* @var array
26			*/
27			protected $data = [];
28
29			/**
30			* Used when unsetting values during iteration to ensure we do not skip
31			* the next element.
32			*
33			* @var bool
34			*/
35			protected $skipNextIteration;
36
37			/**
38			* Create a new configuration repository.
39			*
40			* @param array $array
41			* @param bool $allowModifications
42			*/
43	1		public function __construct(array $array = [], $allowModifications = false)
44			{
45	1		$this->allowModifications = (bool) $allowModifications;
46
47	1		foreach ($array as $key => $value) {
48	1		$this->setDataItem($key, $value);
49			}
50	1		}
51
52			/**
53			* @param $name
54			* @param $value
55			* @return $this
56			*/
57	1		protected function setDataItem($name, $value)
58			{
59	1		if (is_array($value)) {
60	1		$value = new static($value, true);
61			}
62	1		if (null === $name) {
63			$this->data[] = $value;
64			} else {
65	1		$this->data[$name] = $value;
66			}
67
68	1		return $this;
69			}
70
71			/**
72			* @param $name
73			* @return string
74			*/
75			public function __get($name)
76			{
77			return $this->get($name);
78			}
79
80			/**
81			* Retrieve a value and return $default if there is no element set.
82			*
83			* @param string $key
84			* @param string $default
85			* @return mixed
86			*/
87	1		public function get($key, $default = null)
88			{
89	1		if (strpos($key, '.') === false) {
90	1		$value = $this->getByKey($key);
91			} else {
92	1		$value = $this->getByPath($key);
93			}
94
95	1		return $value === null ? $default : $value;
96			}
97
98			/**
99			* @param string $key
100			* @return mixed\|null
101			*/
102	1		public function getByKey($key)
103			{
104	1		if ($this->hasByKey($key)) {
105	1		return $this->data[$key];
106			}
107
108			return null;
109			}
110
111			/**
112			* Determine if the given configuration value exists.
113			*
114			* @param string $key
115			* @return bool
116			*/
117	1		public function hasByKey($key)
118			{
119	1		return isset($this->data[$key]);
120			}
121
122			/**
123			* @param string $path
124			* @return string
125			*/
126	1	View Code Duplication	protected function getByPath($path)
			0 ignored issues – show Duplication introduced 2018-02-11 12:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
127			{
128	1		$segments = explode('.', $path);
129	1		$value = $this;
130	1		foreach ($segments as $segment) {
131	1		if ($value->hasByKey($segment)) {
132	1		$value = $value->getByKey($segment);
133			} else {
134	1		return null;
135			}
136			}
137
138	1		return $value;
139			}
140
141			/**
142			* @param $key
143			* @return bool
144			*/
145			public function __isset($key)
146			{
147			return $this->has($key);
148			}
149
150			/**
151			* Determine if the given configuration value exists.
152			*
153			* @param string $key
154			* @return bool
155			*/
156	1		public function has($key)
157			{
158	1		if (strpos($key, '.') === false) {
159	1		return $this->hasByKey($key);
160			}
161
162	1		return $this->hasByPath($key);
163			}
164
165			/**
166			* @param string $path
167			* @return bool
168			*/
169	1	View Code Duplication	public function hasByPath($path)
			0 ignored issues – show Duplication introduced 2018-02-11 12:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
170			{
171	1		$segments = explode('.', $path);
172	1		$value = $this;
173	1		foreach ($segments as $segment) {
174	1		if ($value->hasByKey($segment)) {
175	1		$value = $value->getByKey($segment);
176			} else {
177	1		return false;
178			}
179			}
180
181	1		return ($value !== null);
182			}
183
184			/**
185			* Determine if the given configuration option exists.
186			*
187			* @param string $key
188			* @return bool
189			*/
190			public function offsetExists($key)
191			{
192			return $this->has($key);
193			}
194
195			/**
196			* Get a configuration option.
197			*
198			* @param string $key
199			* @return mixed
200			*/
201			public function offsetGet($key)
202			{
203			return $this->get($key);
204			}
205
206			/**
207			* Set a configuration option.
208			*
209			* @param string $key
210			* @param mixed $value
211			* @return void
212			*/
213			public function offsetSet($key, $value)
214			{
215			$this->set($key, $value);
216			}
217
218			/**
219			* @param $name
220			* @param $value
221			* @return $this
222			* @throws Exception\RuntimeException
223			*/
224			public function set($name, $value)
225			{
226			if ($this->isReadOnly()) {
227			throw new Exception\RuntimeException('Config is read only');
228			}
229
230			return $this->setDataItem($name, $value);
231			}
232
233			/**
234			* Returns whether this Config object is read only or not.
235			*
236			* @return bool
237			*/
238			public function isReadOnly()
239			{
240			return !$this->allowModifications;
241			}
242
243			/**
244			* Unset a configuration option.
245			*
246			* @param string $key
247			* @return void
248			*/
249			public function offsetUnset($key)
250			{
251			$this->set($key, null);
252			}
253
254			/**
255			* @param string $path
256			* @return $this
257			*/
258	1		public function mergeFile($path)
259			{
260	1		$data = Factory::fromFile($path, false);
261	1		$config = new self($data, $this->allowModifications);
			0 ignored issues – show Documentation introduced 2018-02-11 12:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$data` is of type `object<Nip\Config\Config>\|string`, but the function expects a `array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
262	1		return $this->merge($config);
			0 ignored issues – show Documentation introduced 2018-02-11 12:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$config` is of type `object<Nip\Config\Config>`, but the function expects a `object<self>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
263			}
264
265			/**
266			* Merge another Config with this one.
267			*
268			* For duplicate keys, the following will be performed:
269			* - Nested Configs will be recursively merged.
270			* - Items in $merge with INTEGER keys will be appended.
271			* - Items in $merge with STRING keys will overwrite current values.
272			*
273			* @param self $merge
274			* @return $this
275			*/
276	1		public function merge(self $merge)
277			{
278			/** @var self $value */
279	1		foreach ($merge as $key => $value) {
280	1		if (array_key_exists($key, $this->data)) {
281			if (is_int($key)) {
282			$this->data[] = $value;
283			} elseif ($value instanceof self && $this->data[$key] instanceof self) {
284			$this->data[$key]->merge($value);
285		View Code Duplication	} else {
			0 ignored issues – show Duplication introduced 2018-02-11 12:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
286			if ($value instanceof self) {
287			$this->data[$key] = new static($value->toArray(), $this->allowModifications);
288			} else {
289			$this->data[$key] = $value;
290			}
291			}
292		View Code Duplication	} else {
			0 ignored issues – show Duplication introduced 2018-02-11 12:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
293	1		if ($value instanceof self) {
294	1		$this->data[$key] = new static($value->toArray(), $this->allowModifications);
295			} else {
296	1		$this->data[$key] = $value;
297			}
298			}
299			}
300
301	1		return $this;
302			}
303
304			/**
305			* Return an associative array of the stored data.
306			*
307			* @return array
308			*/
309	1		public function toArray()
310			{
311	1		$array = [];
312	1		$data = $this->data;
313			/** @var self $value */
314	1		foreach ($data as $key => $value) {
315	1		if ($value instanceof self) {
316	1		$array[$key] = $value->toArray();
317			} else {
318	1		$array[$key] = $value;
319			}
320			}
321
322	1		return $array;
323			}
324
325			/**
326			* count(): defined by Countable interface.
327			*
328			* @see Countable::count()
329			* @return int
330			*/
331			public function count()
332			{
333			return count($this->data);
334			}
335
336			/**
337			* current(): defined by Iterator interface.
338			*
339			* @see Iterator::current()
340			* @return mixed
341			*/
342	1		public function current()
343			{
344	1		$this->skipNextIteration = false;
345
346	1		return current($this->data);
347			}
348
349			/**
350			* next(): defined by Iterator interface.
351			*
352			* @see Iterator::next()
353			* @return void
354			*/
355	1		public function next()
356			{
357	1		if ($this->skipNextIteration) {
358			$this->skipNextIteration = false;
359
360			return;
361			}
362	1		next($this->data);
363	1		}
364
365			/**
366			* rewind(): defined by Iterator interface.
367			*
368			* @see Iterator::rewind()
369			* @return void
370			*/
371	1		public function rewind()
372			{
373	1		$this->skipNextIteration = false;
374	1		reset($this->data);
375	1		}
376
377			/**
378			* valid(): defined by Iterator interface.
379			*
380			* @see Iterator::valid()
381			* @return bool
382			*/
383	1		public function valid()
384			{
385	1		return ($this->key() !== null);
386			}
387
388			/**
389			* key(): defined by Iterator interface.
390			*
391			* @see Iterator::key()
392			* @return mixed
393			*/
394	1		public function key()
395			{
396	1		return key($this->data);
397			}
398			}
399

bytic / config

Issues (10)

Security Analysis no request data

src/Config.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like