Issues in SiteAliasManager.php (master) - Issues in master - consolidation/site-alias - Measure and Improve Code Quality continuously with Scrutinizer

Issues (50)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/SiteAliasManager.php (1 issue)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Consolidation\SiteAlias;

/**
 * Site Alias manager
 */
class SiteAliasManager implements SiteAliasManagerInterface, SiteAliasManagerInitializationInterface
{
    protected $aliasLoader;
    protected $selfSiteAlias;
    protected $specParser;
    protected $root = '';

    /**
     * Constructor for SiteAliasManager
     *
     * @param SiteAliasFileLoader|null $aliasLoader an alias loader
     */
    public function __construct($aliasLoader = null, $root = '')
    {
        $this->aliasLoader = $aliasLoader ?: new SiteAliasFileLoader();
        $this->specParser = new SiteSpecParser();
        $this->selfSiteAlias = new SiteAlias();
        $this->setRoot($root);
    }

    /**
     * Allow configuration data to be used in replacements in the alias file.
     */
    public function setReferenceData($data)
    {
        $this->aliasLoader->setReferenceData($data);
        return $this;
    }

    /**
     * Inject the root of the selected site
     *
     * @param string $root
     * @return $this
     */
    public function setRoot($root)
    {
        $this->root = $root;
        $this->aliasLoader->setRoot($root);
        return $this;
    }

    /**
     * Add a search location to our site alias discovery object.
     *
     * @param string $path
     *
     * @return $this
     */
    public function addSearchLocation($path)
    {
        $this->aliasLoader->discovery()->addSearchLocation($path);
        return $this;
    }

    /**
     * Add search locations to our site alias discovery object.
     *
     * @param array $paths Any path provided in --alias-path option
     *   or drush.path.alias-path configuration item.
     *
     * @return $this
     */
    public function addSearchLocations(array $paths)
    {
        foreach ($paths as $path) {
            $this->aliasLoader->discovery()->addSearchLocation($path);
        }
        return $this;
    }

    /**
     * Return all of the paths where alias files may be found.
     * @return string[]
     */
    public function searchLocations()
    {
        return $this->aliasLoader->discovery()->searchLocations();
    }

    /**
     * Get an alias record by name, or convert a site specification
     * into an alias record via the site alias spec parser. If a
     * simple alias name is provided (e.g. '@alias'), it is interpreted
     * as a sitename, and the default environment for that site is returned.
     *
     * @param string $name Alias name or site specification
     *
     * @return SiteAlias|false
     */
    public function get($name)
    {
        if (SiteAliasName::isAliasName($name)) {
            return $this->getAlias($name);
        }

        if ($this->specParser->validSiteSpec($name)) {
            return new SiteAlias($this->specParser->parse($name, $this->root), $name);
        }

        return false;
    }

    /**
     * Get the '@self' alias record.
     *
     * @return SiteAlias
     */
    public function getSelf()
    {
        return $this->selfSiteAlias;
    }

    /**
     * Force-set the current @self alias.
     *
     * @param SiteAlias $selfSiteAlias
     * @return $this
     */
    public function setSelf(SiteAlias $selfSiteAlias)
    {
        $this->selfSiteAlias = $selfSiteAlias;
        $this->setRoot($selfSiteAlias->localRoot());
        return $this;
    }

    /**
     * Get an alias record from a name. Does not accept site specifications.
     *
     * @param string $aliasName alias name
     *
     * @return SiteAlias
     */
    public function getAlias($aliasName)
    {
        $aliasName = SiteAliasName::parse($aliasName);

        if ($aliasName->isSelf()) {
            return $this->getSelf();
        }

        if ($aliasName->isNone()) {
            return new SiteAlias([], '@none');
        }

        // Search through all search locations, load
        // matching and potentially-matching alias files,
        // and return the alias matching the provided name.
        return $this->aliasLoader->load($aliasName);

    }

    /**
     * Given a simple alias name, e.g. '@alias', returns all of the
     * environments in the specified site.
     *
     * If the provided name is a site specification et. al.,
     * then this method will return 'false'.
     *
     * @param string $name Alias name
     * @return SiteAlias[]|false
     */
    public function getMultiple($name = '')
    {
        if (empty($name)) {
            return $this->aliasLoader->loadAll();
        }

        if (!SiteAliasName::isAliasName($name)) {
            return false;
        }

        // Trim off the '@'
        $trimmedName = ltrim($name, '@');

        // If the provided name is a location, return all aliases there
        $result = $this->aliasLoader->loadLocation($trimmedName);
        if (!empty($result)) {
            return $result;
        }

        // If the provided name is a site, return all environments
        $result = $this->aliasLoader->loadMultiple($trimmedName);
        if (!empty($result)) {
            return $result;
        }

        // Special checking for @self
        if ($trimmedName == 'self') {
            $self = $this->getSelf();
            $result = array_merge(
                ['@self' => $self],
                $result
            );
        }

        return $result;
    }

    /**
     * Return the paths to all alias files in all search locations known
     * to the alias manager.
     *
     * @return string[]
     */
    public function listAllFilePaths($location = '')
    {
        return $this->aliasLoader->listAll($location);
    }
}


1			<?php
2			namespace Consolidation\SiteAlias;
3
4			/**
5			* Site Alias manager
6			*/
7			class SiteAliasManager implements SiteAliasManagerInterface, SiteAliasManagerInitializationInterface
8			{
9			protected $aliasLoader;
10			protected $selfSiteAlias;
11			protected $specParser;
12			protected $root = '';
13
14			/**
15			* Constructor for SiteAliasManager
16			*
17			* @param SiteAliasFileLoader\|null $aliasLoader an alias loader
18			*/
19			public function __construct($aliasLoader = null, $root = '')
20			{
21			$this->aliasLoader = $aliasLoader ?: new SiteAliasFileLoader();
22			$this->specParser = new SiteSpecParser();
23			$this->selfSiteAlias = new SiteAlias();
24			$this->setRoot($root);
25			}
26
27			/**
28			* Allow configuration data to be used in replacements in the alias file.
29			*/
30			public function setReferenceData($data)
31			{
32			$this->aliasLoader->setReferenceData($data);
33			return $this;
34			}
35
36			/**
37			* Inject the root of the selected site
38			*
39			* @param string $root
40			* @return $this
41			*/
42			public function setRoot($root)
43			{
44			$this->root = $root;
45			$this->aliasLoader->setRoot($root);
46			return $this;
47			}
48
49			/**
50			* Add a search location to our site alias discovery object.
51			*
52			* @param string $path
53			*
54			* @return $this
55			*/
56			public function addSearchLocation($path)
57			{
58			$this->aliasLoader->discovery()->addSearchLocation($path);
59			return $this;
60			}
61
62			/**
63			* Add search locations to our site alias discovery object.
64			*
65			* @param array $paths Any path provided in --alias-path option
66			* or drush.path.alias-path configuration item.
67			*
68			* @return $this
69			*/
70			public function addSearchLocations(array $paths)
71			{
72			foreach ($paths as $path) {
73			$this->aliasLoader->discovery()->addSearchLocation($path);
74			}
75			return $this;
76			}
77
78			/**
79			* Return all of the paths where alias files may be found.
80			* @return string[]
81			*/
82			public function searchLocations()
83			{
84			return $this->aliasLoader->discovery()->searchLocations();
85			}
86
87			/**
88			* Get an alias record by name, or convert a site specification
89			* into an alias record via the site alias spec parser. If a
90			* simple alias name is provided (e.g. '@alias'), it is interpreted
91			* as a sitename, and the default environment for that site is returned.
92			*
93			* @param string $name Alias name or site specification
94			*
95			* @return SiteAlias\|false
96			*/
97			public function get($name)
98			{
99			if (SiteAliasName::isAliasName($name)) {
100			return $this->getAlias($name);
101			}
102
103			if ($this->specParser->validSiteSpec($name)) {
104			return new SiteAlias($this->specParser->parse($name, $this->root), $name);
105			}
106
107			return false;
108			}
109
110			/**
111			* Get the '@self' alias record.
112			*
113			* @return SiteAlias
114			*/
115			public function getSelf()
116			{
117			return $this->selfSiteAlias;
118			}
119
120			/**
121			* Force-set the current @self alias.
122			*
123			* @param SiteAlias $selfSiteAlias
124			* @return $this
125			*/
126			public function setSelf(SiteAlias $selfSiteAlias)
127			{
128			$this->selfSiteAlias = $selfSiteAlias;
129			$this->setRoot($selfSiteAlias->localRoot());
130			return $this;
131			}
132
133			/**
134			* Get an alias record from a name. Does not accept site specifications.
135			*
136			* @param string $aliasName alias name
137			*
138			* @return SiteAlias
139			*/
140			public function getAlias($aliasName)
141			{
142			$aliasName = SiteAliasName::parse($aliasName);
143
144			if ($aliasName->isSelf()) {
145			return $this->getSelf();
146			}
147
148			if ($aliasName->isNone()) {
149			return new SiteAlias([], '@none');
150			}
151
152			// Search through all search locations, load
153			// matching and potentially-matching alias files,
154			// and return the alias matching the provided name.
155			return $this->aliasLoader->load($aliasName);
			0 ignored issues – show Comprehensibility Best Practice introduced 2019-03-08 02:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$this->aliasLoader->load($aliasName);` of type `Consolidation\SiteAlias\SiteAlias\|false` adds `false` to the return on line 155 which is incompatible with the return type declared by the interface `Consolidation\SiteAlias\...agerInterface::getAlias` of type `Consolidation\SiteAlias\SiteAlias`. It seems like you forgot to handle an error condition. Loading history...
156			}
157
158			/**
159			* Given a simple alias name, e.g. '@alias', returns all of the
160			* environments in the specified site.
161			*
162			* If the provided name is a site specification et. al.,
163			* then this method will return 'false'.
164			*
165			* @param string $name Alias name
166			* @return SiteAlias[]\|false
167			*/
168			public function getMultiple($name = '')
169			{
170			if (empty($name)) {
171			return $this->aliasLoader->loadAll();
172			}
173
174			if (!SiteAliasName::isAliasName($name)) {
175			return false;
176			}
177
178			// Trim off the '@'
179			$trimmedName = ltrim($name, '@');
180
181			// If the provided name is a location, return all aliases there
182			$result = $this->aliasLoader->loadLocation($trimmedName);
183			if (!empty($result)) {
184			return $result;
185			}
186
187			// If the provided name is a site, return all environments
188			$result = $this->aliasLoader->loadMultiple($trimmedName);
189			if (!empty($result)) {
190			return $result;
191			}
192
193			// Special checking for @self
194			if ($trimmedName == 'self') {
195			$self = $this->getSelf();
196			$result = array_merge(
197			['@self' => $self],
198			$result
199			);
200			}
201
202			return $result;
203			}
204
205			/**
206			* Return the paths to all alias files in all search locations known
207			* to the alias manager.
208			*
209			* @return string[]
210			*/
211			public function listAllFilePaths($location = '')
212			{
213			return $this->aliasLoader->listAll($location);
214			}
215			}
216

consolidation / site-alias

Issues (50)

Security Analysis no request data

src/SiteAliasManager.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like