Issues in ConfigOverlay.php (master) - Issues in master - consolidation/config - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Util/ConfigOverlay.php (2 issues)

Labels

Unused Code 2

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Consolidation\Config\Util;

use Consolidation\Config\Config;
use Consolidation\Config\ConfigInterface;
use Consolidation\Config\Util\ArrayUtil;
use Consolidation\Config\Util\ConfigInterpolatorInterface;
use Consolidation\Config\Util\ConfigInterpolatorTrait;

/**
 * Overlay different configuration objects that implement ConfigInterface
 * to make a priority-based, merged configuration object.
 *
 * Note that using a ConfigOverlay hides the defaults stored in each
 * individual configuration context. When using overlays, always call
 * getDefault / setDefault on the ConfigOverlay object itself.
 */
class ConfigOverlay implements ConfigInterface, ConfigInterpolatorInterface, ConfigRuntimeInterface
{
    use ConfigInterpolatorTrait;
    protected $contexts = [];

    const DEFAULT_CONTEXT = 'default';
    const PROCESS_CONTEXT = 'process';

    public function __construct()
    {
        $this->contexts[self::DEFAULT_CONTEXT] = new Config();
        $this->contexts[self::PROCESS_CONTEXT] = new Config();
    }

    /**
     * Add a named configuration object to the configuration overlay.
     * Configuration objects added LAST have HIGHEST priority, with the
     * exception of the fact that the process context always has the
     * highest priority.
     *
     * If a context has already been added, its priority will not change.
     */
    public function addContext($name, ConfigInterface $config)
    {
        $process = $this->contexts[self::PROCESS_CONTEXT];
        unset($this->contexts[self::PROCESS_CONTEXT]);
        $this->contexts[$name] = $config;
        $this->contexts[self::PROCESS_CONTEXT] = $process;

        return $this;
    }

    /**
     * Add a placeholder context that will be prioritized higher than
     * existing contexts. This is done to ensure that contexts added
     * later will maintain a higher priority if the placeholder context
     * is later relaced with a different configuration set via addContext().
     *
     * @param string $name
     * @return $this
     */
    public function addPlaceholder($name)
    {
        return $this->addContext($name, new Config());
    }

    /**
     * Increase the priority of the named context such that it is higher
     * in priority than any existing context except for the 'process'
     * context.
     *
     * @param string $name
     * @return $this
     */
    public function increasePriority($name)
    {
        $config = $this->getContext($name);
        unset($this->contexts[$name]);
        return $this->addContext($name, $config);
    }

    public function hasContext($name)
    {
        return isset($this->contexts[$name]);
    }

    public function getContext($name)
    {
        if ($this->hasContext($name)) {
            return $this->contexts[$name];
        }
        return new Config();
    }

    public function runtimeConfig()
    {
        return $this->getContext(self::PROCESS_CONTEXT);
    }

    public function removeContext($name)
    {
        unset($this->contexts[$name]);
    }

    /**
     * Determine if a non-default config value exists.
     */
    public function findContext($key)
    {
        foreach (array_reverse($this->contexts) as $name => $config) {
            if ($config->has($key)) {
                return $config;
            }
        }
        return false;
    }

    /**
     * @inheritdoc
     */
    public function has($key)
    {
        return $this->findContext($key) != false;
    }

    /**
     * @inheritdoc
     */
    public function get($key, $default = null)
    {
        if (is_array($default)) {
            return $this->getUnion($key);
        }
        return $this->getSingle($key, $default);
    }

    public function getSingle($key, $default = null)
    {
        $context = $this->findContext($key);
        if ($context) {
            return $context->get($key, $default);
        }
        return $default;
    }

    public function getUnion($key)
    {
        $result = [];
        foreach (array_reverse($this->contexts) as $name => $config) {
            $item = (array) $config->get($key, []);
            if ($item !== null) {
                $result = array_merge($result, $item);
            }
        }
        return $result;
    }

    /**
     * @inheritdoc
     */
    public function set($key, $value)
    {
        $this->contexts[self::PROCESS_CONTEXT]->set($key, $value);
        return $this;
    }

    /**
     * @inheritdoc
     */
    public function import($data)
    {
        $this->unsupported(__FUNCTION__);
    }

    /**
     * @inheritdoc
     */
    public function replace($data)

    {
        $this->unsupported(__FUNCTION__);
    }

    /**
     * @inheritdoc
     */
    public function combine($data)

    {
        $this->unsupported(__FUNCTION__);
    }

    /**
     * @inheritdoc
     */
    protected function unsupported($fn)
    {
        throw new \Exception("The method '$fn' is not supported for the ConfigOverlay class.");
    }

    /**
     * @inheritdoc
     */
    public function export()
    {
        $export = [];
        foreach ($this->contexts as $name => $config) {
            $exportToMerge = $config->export();
            $export = \array_replace_recursive($export, $exportToMerge);
        }
        return $export;
    }

    /**
     * exportAll returns the export of all contexts, separated into
     * separate buckets keyed by context name.
     *
     * @return array
     */
    public function exportAll()
    {
        $export = [];
        foreach ($this->contexts as $name => $config) {
            $exportToInsert = $config->export();
            $export[$name] = $exportToInsert;
        }
        return $export;
    }

    /**
     * @inheritdoc
     */
    public function hasDefault($key)
    {
        return $this->contexts[self::DEFAULT_CONTEXT]->has($key);
    }

    /**
     * @inheritdoc
     */
    public function getDefault($key, $default = null)
    {
        return $this->contexts[self::DEFAULT_CONTEXT]->get($key, $default);
    }

    /**
     * @inheritdoc
     */
    public function setDefault($key, $value)
    {
        $this->contexts[self::DEFAULT_CONTEXT]->set($key, $value);
        return $this;
    }
}


1			<?php
2			namespace Consolidation\Config\Util;
3
4			use Consolidation\Config\Config;
5			use Consolidation\Config\ConfigInterface;
6			use Consolidation\Config\Util\ArrayUtil;
7			use Consolidation\Config\Util\ConfigInterpolatorInterface;
8			use Consolidation\Config\Util\ConfigInterpolatorTrait;
9
10			/**
11			* Overlay different configuration objects that implement ConfigInterface
12			* to make a priority-based, merged configuration object.
13			*
14			* Note that using a ConfigOverlay hides the defaults stored in each
15			* individual configuration context. When using overlays, always call
16			* getDefault / setDefault on the ConfigOverlay object itself.
17			*/
18			class ConfigOverlay implements ConfigInterface, ConfigInterpolatorInterface, ConfigRuntimeInterface
19			{
20			use ConfigInterpolatorTrait;
21			protected $contexts = [];
22
23			const DEFAULT_CONTEXT = 'default';
24			const PROCESS_CONTEXT = 'process';
25
26			public function __construct()
27			{
28			$this->contexts[self::DEFAULT_CONTEXT] = new Config();
29			$this->contexts[self::PROCESS_CONTEXT] = new Config();
30			}
31
32			/**
33			* Add a named configuration object to the configuration overlay.
34			* Configuration objects added LAST have HIGHEST priority, with the
35			* exception of the fact that the process context always has the
36			* highest priority.
37			*
38			* If a context has already been added, its priority will not change.
39			*/
40			public function addContext($name, ConfigInterface $config)
41			{
42			$process = $this->contexts[self::PROCESS_CONTEXT];
43			unset($this->contexts[self::PROCESS_CONTEXT]);
44			$this->contexts[$name] = $config;
45			$this->contexts[self::PROCESS_CONTEXT] = $process;
46
47			return $this;
48			}
49
50			/**
51			* Add a placeholder context that will be prioritized higher than
52			* existing contexts. This is done to ensure that contexts added
53			* later will maintain a higher priority if the placeholder context
54			* is later relaced with a different configuration set via addContext().
55			*
56			* @param string $name
57			* @return $this
58			*/
59			public function addPlaceholder($name)
60			{
61			return $this->addContext($name, new Config());
62			}
63
64			/**
65			* Increase the priority of the named context such that it is higher
66			* in priority than any existing context except for the 'process'
67			* context.
68			*
69			* @param string $name
70			* @return $this
71			*/
72			public function increasePriority($name)
73			{
74			$config = $this->getContext($name);
75			unset($this->contexts[$name]);
76			return $this->addContext($name, $config);
77			}
78
79			public function hasContext($name)
80			{
81			return isset($this->contexts[$name]);
82			}
83
84			public function getContext($name)
85			{
86			if ($this->hasContext($name)) {
87			return $this->contexts[$name];
88			}
89			return new Config();
90			}
91
92			public function runtimeConfig()
93			{
94			return $this->getContext(self::PROCESS_CONTEXT);
95			}
96
97			public function removeContext($name)
98			{
99			unset($this->contexts[$name]);
100			}
101
102			/**
103			* Determine if a non-default config value exists.
104			*/
105			public function findContext($key)
106			{
107			foreach (array_reverse($this->contexts) as $name => $config) {
108			if ($config->has($key)) {
109			return $config;
110			}
111			}
112			return false;
113			}
114
115			/**
116			* @inheritdoc
117			*/
118			public function has($key)
119			{
120			return $this->findContext($key) != false;
121			}
122
123			/**
124			* @inheritdoc
125			*/
126			public function get($key, $default = null)
127			{
128			if (is_array($default)) {
129			return $this->getUnion($key);
130			}
131			return $this->getSingle($key, $default);
132			}
133
134			public function getSingle($key, $default = null)
135			{
136			$context = $this->findContext($key);
137			if ($context) {
138			return $context->get($key, $default);
139			}
140			return $default;
141			}
142
143			public function getUnion($key)
144			{
145			$result = [];
146			foreach (array_reverse($this->contexts) as $name => $config) {
147			$item = (array) $config->get($key, []);
148			if ($item !== null) {
149			$result = array_merge($result, $item);
150			}
151			}
152			return $result;
153			}
154
155			/**
156			* @inheritdoc
157			*/
158			public function set($key, $value)
159			{
160			$this->contexts[self::PROCESS_CONTEXT]->set($key, $value);
161			return $this;
162			}
163
164			/**
165			* @inheritdoc
166			*/
167			public function import($data)
168			{
169			$this->unsupported(__FUNCTION__);
170			}
171
172			/**
173			* @inheritdoc
174			*/
175			public function replace($data)
			0 ignored issues – show Unused Code introduced 2017-10-17 17:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$data` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
176			{
177			$this->unsupported(__FUNCTION__);
178			}
179
180			/**
181			* @inheritdoc
182			*/
183			public function combine($data)
			0 ignored issues – show Unused Code introduced 2017-10-17 17:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$data` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
184			{
185			$this->unsupported(__FUNCTION__);
186			}
187
188			/**
189			* @inheritdoc
190			*/
191			protected function unsupported($fn)
192			{
193			throw new \Exception("The method '$fn' is not supported for the ConfigOverlay class.");
194			}
195
196			/**
197			* @inheritdoc
198			*/
199			public function export()
200			{
201			$export = [];
202			foreach ($this->contexts as $name => $config) {
203			$exportToMerge = $config->export();
204			$export = \array_replace_recursive($export, $exportToMerge);
205			}
206			return $export;
207			}
208
209			/**
210			* exportAll returns the export of all contexts, separated into
211			* separate buckets keyed by context name.
212			*
213			* @return array
214			*/
215			public function exportAll()
216			{
217			$export = [];
218			foreach ($this->contexts as $name => $config) {
219			$exportToInsert = $config->export();
220			$export[$name] = $exportToInsert;
221			}
222			return $export;
223			}
224
225			/**
226			* @inheritdoc
227			*/
228			public function hasDefault($key)
229			{
230			return $this->contexts[self::DEFAULT_CONTEXT]->has($key);
231			}
232
233			/**
234			* @inheritdoc
235			*/
236			public function getDefault($key, $default = null)
237			{
238			return $this->contexts[self::DEFAULT_CONTEXT]->get($key, $default);
239			}
240
241			/**
242			* @inheritdoc
243			*/
244			public function setDefault($key, $value)
245			{
246			$this->contexts[self::DEFAULT_CONTEXT]->set($key, $value);
247			return $this;
248			}
249			}
250

consolidation / config

Issues (5)

Security Analysis no request data

src/Util/ConfigOverlay.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like