Issues in Url.php (master) - Issues in master - cubiche/web - Measure and Improve Code Quality continuously with Scrutinizer

Issues (20)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Url.php (2 issues)

Labels

Severity

Major 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/*
 * This file is part of the Cubiche package.
 *
 * Copyright (c) Cubiche
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 */

namespace Cubiche\Domain\Web;

use Cubiche\Domain\System\StringLiteral;

/**
 * Url class.
 *
 * @author Ivannis Suárez Jerez <[email protected]>
 */
class Url extends StringLiteral
{
    /**
     * @var string
     */
    protected $scheme;

    /**
     * @var string
     */
    protected $user;

    /**
     * @var string
     */
    protected $password;

    /**
     * @var Host
     */
    protected $host;

    /**
     * @var string
     */
    protected $path;

    /**
     * @var Port
     */
    protected $port;

    /**
     * @var string
     */
    protected $queryString;

    /**
     * @var string
     */
    protected $fragmentId;

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     */
    public function __construct($url)
    {
        parent::__construct($url);

        $user = \parse_url($url, PHP_URL_USER);
        $this->user = $user ? new StringLiteral($user) : new StringLiteral('');
        $pass = \parse_url($url, PHP_URL_PASS);
        $this->password = $pass ? new StringLiteral($pass) : new StringLiteral('');
        $this->scheme = $this->parseScheme($url);
        $this->host = $this->parseHost($url);
        $this->path = $this->parsePath($url);
        $this->port = $this->parsePort($url);
        $this->queryString = $this->parseQueryString($url);
        $this->fragmentId = $this->parseFragmentIdentifier($url);

        $this->createUrl();
    }

    protected function createUrl()
    {
        $userPass = '';
        if ($this->user()->isEmpty() === false) {
            $userPass = \sprintf('%s@', $this->user());
            if ($this->password()->isEmpty() === false) {
                $userPass = \sprintf('%s:%s@', $this->user(), $this->password());
            }
        }
        $port = '';
        if ($this->port() !== null) {
            $port = \sprintf(':%d', $this->port()->toNative());
        }

        $this->value = \sprintf(
            '%s://%s%s%s%s%s%s',
            $this->scheme(),
            $userPass,
            $this->host(),
            $port,
            $this->path(),
            $this->queryString(),
            $this->fragmentId()
        );
    }

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    protected function parseScheme($url)
    {
        $scheme = \parse_url($url, PHP_URL_SCHEME);
        if (\preg_match('/^[a-z]([a-z0-9\+\.-]+)?$/i', $scheme) === 0) {
            throw new \InvalidArgumentException(sprintf(
                'Argument "%s" is invalid. Allowed types for argument are "schema".',
                $url
            ));
        }

        return new StringLiteral($scheme);
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
    }

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     *
     * @return Host
     */
    protected function parseHost($url)
    {
        $host = \parse_url($url, PHP_URL_HOST);

        return Host::fromNative($host);
    }

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     *
     * @return Path | null
     */
    protected function parsePath($url)
    {
        $path = \parse_url($url, PHP_URL_PATH);
        $filteredValue = parse_url($path, PHP_URL_PATH);
        if ($filteredValue === null || strlen($filteredValue) != strlen($path)) {
            throw new \InvalidArgumentException(sprintf(
                'Argument "%s" is invalid. Allowed types for argument are "url".',
                $url
            ));
        }

        return new Path($filteredValue);
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
    }

    /**
     * @param string $url
     *
     * @return Port | NULL
     */
    protected function parsePort($url)
    {
        $port = \parse_url($url, PHP_URL_PORT);
        if ($port) {
            return new Port($port);
        }

        return;
    }

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    protected function parseQueryString($url)
    {
        $queryString = \parse_url($url, PHP_URL_QUERY);
        if ($queryString) {
            $queryString = \sprintf('?%s', $queryString);

            return new StringLiteral($queryString);
        }

        return new StringLiteral('');
    }

    /**
     * @param string $url
     *
     * @throws \InvalidArgumentException
     *
     * @return string
     */
    protected function parseFragmentIdentifier($url)
    {
        $fragmentId = \parse_url($url, PHP_URL_FRAGMENT);
        if ($fragmentId) {
            $fragment = \sprintf('#%s', $fragmentId);
            if (\preg_match('/^#[?%!$&\'()*+,;=a-zA-Z0-9-._~:@\/]*$/', $fragment) === 0) {
                throw new \InvalidArgumentException(sprintf(
                    'Argument "%s" is invalid. Allowed types for argument are "fragment identifier".',
                    $fragment
                ));
            }

            return new StringLiteral($fragment);
        }

        return new StringLiteral('');
    }

    /**
     * @return Host
     */
    public function host()
    {
        return $this->host;
    }

    /**
     * @return string
     */
    public function fragmentId()
    {
        return $this->fragmentId;
    }

    /**
     * @return string
     */
    public function password()
    {
        return $this->password;
    }

    /**
     * @return string
     */
    public function path()
    {
        return $this->path;
    }

    /**
     * @return int
     */
    public function port()
    {
        return $this->port;
    }

    /**
     * @return string
     */
    public function queryString()
    {
        return $this->queryString;
    }

    /**
     * @return string
     */
    public function scheme()
    {
        return $this->scheme;
    }

    /**
     * @return string
     */
    public function user()
    {
        return $this->user;
    }
}


1		<?php
2
3		/*
4		* This file is part of the Cubiche package.
5		*
6		* Copyright (c) Cubiche
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*/
11
12		namespace Cubiche\Domain\Web;
13
14		use Cubiche\Domain\System\StringLiteral;
15
16		/**
17		* Url class.
18		*
19		* @author Ivannis Suárez Jerez <[email protected]>
20		*/
21		class Url extends StringLiteral
22		{
23		/**
24		* @var string
25		*/
26		protected $scheme;
27
28		/**
29		* @var string
30		*/
31		protected $user;
32
33		/**
34		* @var string
35		*/
36		protected $password;
37
38		/**
39		* @var Host
40		*/
41		protected $host;
42
43		/**
44		* @var string
45		*/
46		protected $path;
47
48		/**
49		* @var Port
50		*/
51		protected $port;
52
53		/**
54		* @var string
55		*/
56		protected $queryString;
57
58		/**
59		* @var string
60		*/
61		protected $fragmentId;
62
63		/**
64		* @param string $url
65		*
66		* @throws \InvalidArgumentException
67		*/
68		public function __construct($url)
69		{
70		parent::__construct($url);
71
72		$user = \parse_url($url, PHP_URL_USER);
73		$this->user = $user ? new StringLiteral($user) : new StringLiteral('');
74		$pass = \parse_url($url, PHP_URL_PASS);
75		$this->password = $pass ? new StringLiteral($pass) : new StringLiteral('');
76		$this->scheme = $this->parseScheme($url);
77		$this->host = $this->parseHost($url);
78		$this->path = $this->parsePath($url);
79		$this->port = $this->parsePort($url);
80		$this->queryString = $this->parseQueryString($url);
81		$this->fragmentId = $this->parseFragmentIdentifier($url);
82
83		$this->createUrl();
84		}
85
86		protected function createUrl()
87		{
88		$userPass = '';
89		if ($this->user()->isEmpty() === false) {
90		$userPass = \sprintf('%s@', $this->user());
91		if ($this->password()->isEmpty() === false) {
92		$userPass = \sprintf('%s:%s@', $this->user(), $this->password());
93		}
94		}
95		$port = '';
96		if ($this->port() !== null) {
97		$port = \sprintf(':%d', $this->port()->toNative());
98		}
99
100		$this->value = \sprintf(
101		'%s://%s%s%s%s%s%s',
102		$this->scheme(),
103		$userPass,
104		$this->host(),
105		$port,
106		$this->path(),
107		$this->queryString(),
108		$this->fragmentId()
109		);
110		}
111
112		/**
113		* @param string $url
114		*
115		* @throws \InvalidArgumentException
116		*
117		* @return string
118		*/
119		protected function parseScheme($url)
120		{
121		$scheme = \parse_url($url, PHP_URL_SCHEME);
122		if (\preg_match('/^[a-z]([a-z0-9\+\.-]+)?$/i', $scheme) === 0) {
123		throw new \InvalidArgumentException(sprintf(
124		'Argument "%s" is invalid. Allowed types for argument are "schema".',
125		$url
126		));
127		}
128
129		return new StringLiteral($scheme);
		0 ignored issues – show Security Bug introduced 2017-03-16 14:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$scheme` defined by `\parse_url($url, PHP_URL_SCHEME)` on line `121` can also be of type `false`; however, `Cubiche\Domain\System\StringLiteral::__construct()` does only seem to accept `string`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
130		}
131
132		/**
133		* @param string $url
134		*
135		* @throws \InvalidArgumentException
136		*
137		* @return Host
138		*/
139		protected function parseHost($url)
140		{
141		$host = \parse_url($url, PHP_URL_HOST);
142
143		return Host::fromNative($host);
144		}
145
146		/**
147		* @param string $url
148		*
149		* @throws \InvalidArgumentException
150		*
151		* @return Path \| null
152		*/
153		protected function parsePath($url)
154		{
155		$path = \parse_url($url, PHP_URL_PATH);
156		$filteredValue = parse_url($path, PHP_URL_PATH);
157	View Code Duplication	if ($filteredValue === null \|\| strlen($filteredValue) != strlen($path)) {
158		throw new \InvalidArgumentException(sprintf(
159		'Argument "%s" is invalid. Allowed types for argument are "url".',
160		$url
161		));
162		}
163
164		return new Path($filteredValue);
		0 ignored issues – show Security Bug introduced 2017-03-16 14:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$filteredValue` defined by `parse_url($path, PHP_URL_PATH)` on line `156` can also be of type `false`; however, `Cubiche\Domain\Web\Path::__construct()` does only seem to accept `string`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
165		}
166
167		/**
168		* @param string $url
169		*
170		* @return Port \| NULL
171		*/
172		protected function parsePort($url)
173		{
174		$port = \parse_url($url, PHP_URL_PORT);
175		if ($port) {
176		return new Port($port);
177		}
178
179		return;
180		}
181
182		/**
183		* @param string $url
184		*
185		* @throws \InvalidArgumentException
186		*
187		* @return string
188		*/
189		protected function parseQueryString($url)
190		{
191		$queryString = \parse_url($url, PHP_URL_QUERY);
192		if ($queryString) {
193		$queryString = \sprintf('?%s', $queryString);
194
195		return new StringLiteral($queryString);
196		}
197
198		return new StringLiteral('');
199		}
200
201		/**
202		* @param string $url
203		*
204		* @throws \InvalidArgumentException
205		*
206		* @return string
207		*/
208		protected function parseFragmentIdentifier($url)
209		{
210		$fragmentId = \parse_url($url, PHP_URL_FRAGMENT);
211		if ($fragmentId) {
212		$fragment = \sprintf('#%s', $fragmentId);
213		if (\preg_match('/^#[?%!$&\'()+,;=a-zA-Z0-9-._~:@\/]$/', $fragment) === 0) {
214		throw new \InvalidArgumentException(sprintf(
215		'Argument "%s" is invalid. Allowed types for argument are "fragment identifier".',
216		$fragment
217		));
218		}
219
220		return new StringLiteral($fragment);
221		}
222
223		return new StringLiteral('');
224		}
225
226		/**
227		* @return Host
228		*/
229		public function host()
230		{
231		return $this->host;
232		}
233
234		/**
235		* @return string
236		*/
237		public function fragmentId()
238		{
239		return $this->fragmentId;
240		}
241
242		/**
243		* @return string
244		*/
245		public function password()
246		{
247		return $this->password;
248		}
249
250		/**
251		* @return string
252		*/
253		public function path()
254		{
255		return $this->path;
256		}
257
258		/**
259		* @return int
260		*/
261		public function port()
262		{
263		return $this->port;
264		}
265
266		/**
267		* @return string
268		*/
269		public function queryString()
270		{
271		return $this->queryString;
272		}
273
274		/**
275		* @return string
276		*/
277		public function scheme()
278		{
279		return $this->scheme;
280		}
281
282		/**
283		* @return string
284		*/
285		public function user()
286		{
287		return $this->user;
288		}
289		}
290

cubiche / web

Issues (20)

Security Analysis no request data

Url.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like