Issues in Callback.php (master) - Issues in master - c-harris/phpquery - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1066)

Security Analysis 7 potential vulnerabilities

Cross-Site Scripting (1)

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection (3)

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection (3)

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Callback/Callback.php (26 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
interface ICallbackNamed {
namespace YourVendor;

class YourClass { }
	function hasName();
	function getName();
}
/**
 * Callback class introduces currying-like pattern.
 * 
 * Example:
 * function foo($param1, $param2, $param3) {
 *   var_dump($param1, $param2, $param3);
 * }
 * $fooCurried = new Callback('foo', 
 *   'param1 is now statically set', 
 *   new CallbackParam, new CallbackParam
 * );
 * PhpQuery::callbackRun($fooCurried,
 * 	array('param2 value', 'param3 value'
 * );
 * 
 * Callback class is supported in all PhpQuery methods which accepts callbacks. 
 *
 * @link http://code.google.com/p/phpquery/wiki/Callbacks#Param_Structures
 * @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
 * 
 * @TODO??? return fake forwarding function created via create_function
 * @TODO honor paramStructure
 */
class Callback
namespace YourVendor;

class YourClass { }
	implements ICallbackNamed {

	public $callback = null;
	public $params = null;
	protected $name;
	public function __construct($callback, $param1 = null, $param2 = null, 

			$param3 = null) {

		$params = func_get_args();
		$params = array_slice($params, 1);
		if ($callback instanceof Callback) {
if (rand(1, 6) > 3) {
//print "Check failed";
} else {
    print "Check succeeded";
}
			// TODO implement recurention
		} else {
			$this->callback = $callback;
			$this->params = $params;
		}
	}
	public function getName() {
		return 'Callback: '.$this->name;
	}
	public function hasName() {
		return isset($this->name) && $this->name;
	}
	public function setName($name) {
		$this->name = $name;
		return $this;
	}
	// TODO test me

//	public function addParams() {
//		$params = func_get_args();
//		return new Callback($this->callback, $this->params+$params);
//	}
}
/**
 * Shorthand for new Callback(create_function(...), ...);
 * 
 * @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
 */
class CallbackBody extends Callback {
namespace YourVendor;

class YourClass { }
	public function __construct($paramList, $code, $param1 = null, $param2 = null, 

			$param3 = null) {

		$params = func_get_args();
		$params = array_slice($params, 2);
		$this->callback = create_function($paramList, $code);
// Instead of
$function = create_function('$a, $b', 'return $a + $b');

// Better use
$function = function($a, $b) { return $a + $b; }
		$this->params = $params;
	}
}
/**
 * Callback type which on execution returns reference passed during creation.
 * 
 * @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
 */
class CallbackReturnReference extends Callback
namespace YourVendor;

class YourClass { }
	implements ICallbackNamed {

	protected $reference;
	public function __construct(&$reference, $name = null){
		$this->reference =& $reference;
		$this->callback = array($this, 'callback');
	}
	public function callback() {
		return $this->reference;
	}
	public function getName() {
		return 'Callback: '.$this->name;
	}
	public function hasName() {
		return isset($this->name) && $this->name;
	}
}
/**
 * Callback type which on execution returns value passed during creation.
 * 
 * @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
 */
class CallbackReturnValue extends Callback
namespace YourVendor;

class YourClass { }
	implements ICallbackNamed {

	protected $value;
	protected $name;
	public function __construct($value, $name = null){
		$this->value =& $value;
		$this->name = $name;
		$this->callback = array($this, 'callback');
	}
	public function callback() {
		return $this->value;
	}
	public function __toString() {
		return $this->getName();
	}
	public function getName() {
		return 'Callback: '.$this->name;
	}
	public function hasName() {
		return isset($this->name) && $this->name;
	}
}
/**
 * CallbackParameterToReference can be used when we don't really want a callback,
 * only parameter passed to it. CallbackParameterToReference takes first 
 * parameter's value and passes it to reference.
 *
 * @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
 */
class CallbackParameterToReference extends Callback {
namespace YourVendor;

class YourClass { }
	/**
	 * @param $reference
	 * @TODO implement $paramIndex; 
	 * param index choose which callback param will be passed to reference
	 */
	public function __construct(&$reference){
		$this->callback =& $reference;
	}
}
//class CallbackReference extends Callback {
//	/**
//	 *
//	 * @param $reference
//	 * @param $paramIndex
//	 * @todo implement $paramIndex; param index choose which callback param will be passed to reference
//	 */
//	public function __construct(&$reference, $name = null){
//		$this->callback =& $reference;
//	}
//}
class CallbackParam {}
namespace YourVendor;

class YourClass { }

1		<?php
2		interface ICallbackNamed {
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this Each interface must be in a namespace of at least one level (a top-level vendor name) You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
3		function hasName();
4		function getName();
5		}
6		/**
7		* Callback class introduces currying-like pattern.
8		*
9		* Example:
10		* function foo($param1, $param2, $param3) {
11		* var_dump($param1, $param2, $param3);
12		* }
13		* $fooCurried = new Callback('foo',
14		* 'param1 is now statically set',
15		* new CallbackParam, new CallbackParam
16		* );
17		* PhpQuery::callbackRun($fooCurried,
18		* array('param2 value', 'param3 value'
19		* );
20		*
21		* Callback class is supported in all PhpQuery methods which accepts callbacks.
22		*
23		* @link http://code.google.com/p/phpquery/wiki/Callbacks#Param_Structures
24		* @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
25		*
26		* @TODO??? return fake forwarding function created via create_function
27		* @TODO honor paramStructure
28		*/
29		class Callback
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this Each interface must be in a file by itself Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
30		implements ICallbackNamed {
		0 ignored issues – show Coding Style introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The implements keyword must be on the same line as the class name Loading history...
31		public $callback = null;
32		public $params = null;
33		protected $name;
34	View Code Duplication	public function __construct($callback, $param1 = null, $param2 = null,
		0 ignored issues – show Unused Code introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$param2` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history... Duplication introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
35		$param3 = null) {
		0 ignored issues – show Unused Code introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$param3` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
36		$params = func_get_args();
37		$params = array_slice($params, 1);
38		if ($callback instanceof Callback) {
		0 ignored issues – show Unused Code introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `if` statement is empty and can be removed. This check looks for the bodies of `if` statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. These `if` bodies can be removed. If you have an empty if but statements in the `else` branch, consider inverting the condition. if (rand(1, 6) > 3) { //print "Check failed"; } else { print "Check succeeded"; } could be turned into if (rand(1, 6) <= 3) { print "Check succeeded"; } This is much more concise to read. Loading history...
39		// TODO implement recurention
40		} else {
41		$this->callback = $callback;
42		$this->params = $params;
43		}
44		}
45		public function getName() {
46		return 'Callback: '.$this->name;
47		}
48		public function hasName() {
49		return isset($this->name) && $this->name;
50		}
51		public function setName($name) {
52		$this->name = $name;
53		return $this;
54		}
55		// TODO test me
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this `42%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
56		// public function addParams() {
57		// $params = func_get_args();
58		// return new Callback($this->callback, $this->params+$params);
59		// }
60		}
61		/**
62		* Shorthand for new Callback(create_function(...), ...);
63		*
64		* @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
65		*/
66		class CallbackBody extends Callback {
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
67	View Code Duplication	public function __construct($paramList, $code, $param1 = null, $param2 = null,
		0 ignored issues – show Duplication introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
68		$param3 = null) {
		0 ignored issues – show Unused Code introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$param3` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
69		$params = func_get_args();
70		$params = array_slice($params, 2);
71		$this->callback = create_function($paramList, $code);
		0 ignored issues – show Security Best Practice introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The use of `create_function` is highly discouraged, better use a closure. `create_function` can pose a great security vulnerability as it is similar to `eval`, and could be used for arbitrary code execution. We highly recommend to use a closure instead. // Instead of $function = create_function('$a, $b', 'return $a + $b'); // Better use $function = function($a, $b) { return $a + $b; } Loading history...
72		$this->params = $params;
73		}
74		}
75		/**
76		* Callback type which on execution returns reference passed during creation.
77		*
78		* @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
79		*/
80		class CallbackReturnReference extends Callback
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history... Coding Style introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 0 spaces between "Callback" and comma; 1 found Loading history...
81		implements ICallbackNamed {
		0 ignored issues – show Coding Style introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The implements keyword must be on the same line as the class name Loading history...
82		protected $reference;
83		public function __construct(&$reference, $name = null){
84		$this->reference =& $reference;
85		$this->callback = array($this, 'callback');
86		}
87		public function callback() {
88		return $this->reference;
89		}
90		public function getName() {
91		return 'Callback: '.$this->name;
92		}
93		public function hasName() {
94		return isset($this->name) && $this->name;
95		}
96		}
97		/**
98		* Callback type which on execution returns value passed during creation.
99		*
100		* @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
101		*/
102		class CallbackReturnValue extends Callback
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history... Coding Style introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this Expected 0 spaces between "Callback" and comma; 1 found Loading history...
103		implements ICallbackNamed {
		0 ignored issues – show Coding Style introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this The implements keyword must be on the same line as the class name Loading history...
104		protected $value;
105		protected $name;
106		public function __construct($value, $name = null){
107		$this->value =& $value;
108		$this->name = $name;
109		$this->callback = array($this, 'callback');
110		}
111		public function callback() {
112		return $this->value;
113		}
114		public function __toString() {
115		return $this->getName();
116		}
117		public function getName() {
118		return 'Callback: '.$this->name;
119		}
120		public function hasName() {
121		return isset($this->name) && $this->name;
122		}
123		}
124		/**
125		* CallbackParameterToReference can be used when we don't really want a callback,
126		* only parameter passed to it. CallbackParameterToReference takes first
127		* parameter's value and passes it to reference.
128		*
129		* @author Tobiasz Cudnik <tobiasz.cudnik/gmail.com>
130		*/
131		class CallbackParameterToReference extends Callback {
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...
132		/**
133		* @param $reference
134		* @TODO implement $paramIndex;
135		* param index choose which callback param will be passed to reference
136		*/
137		public function __construct(&$reference){
138		$this->callback =& $reference;
139		}
140		}
141		//class CallbackReference extends Callback {
142		// /**
143		// *
144		// * @param $reference
145		// * @param $paramIndex
146		// * @todo implement $paramIndex; param index choose which callback param will be passed to reference
147		// */
148		// public function __construct(&$reference, $name = null){
149		// $this->callback =& $reference;
150		// }
151		//}
152		class CallbackParam {}
		0 ignored issues – show Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class should be in its own file to aid autoloaders. Having each class in a dedicated file usually plays nice with PSR autoloaders and is therefore a well established practice. If you use other autoloaders, you might not want to follow this rule. Loading history... Coding Style Compatibility introduced 2016-10-24 15:23 UTC by Report Bug Copy Issue Report Show Similar Issues like this PSR1 recommends that each class must be in a namespace of at least one level to avoid collisions. You can fix this by adding a namespace to your class: namespace YourVendor; class YourClass { } When choosing a vendor namespace, try to pick something that is not too generic to avoid conflicts with other libraries. Loading history...

c-harris / phpquery

Issues (1066)

Security Analysis 7 potential vulnerabilities

src/Callback/Callback.php (26 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like