Issues in WebTestCase.php (develop) - Issues in develop - dankempster/axstrad-test-bundle - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Functional/WebTestCase.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * This file is part of the Elcodi package.
 *
 * Copyright (c) 2014 Elcodi.com
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * Feel free to edit as you please, and have fun.
 *
 * @author Dan Kempster <[email protected]>
 */
namespace Axstrad\Bundle\TestBundle\Functional;

use Axstrad\Component\Test\Console\Output\BufferedOutput;
use Exception;
use Symfony\Bundle\FrameworkBundle\Client;
use Symfony\Bundle\FrameworkBundle\Console\Application;
use Symfony\Bundle\FrameworkBundle\Test\WebTestCase as BaseWebTestCase;
use Symfony\Component\Console\Input\ArrayInput;
use Symfony\Component\DependencyInjection\ContainerInterface;
use Symfony\Component\DependencyInjection\Exception\RuntimeException;
use Symfony\Component\HttpKernel\KernelInterface;


/**
 * Axstrad\Bundle\TestBundle\Functional\WebTestCase
 */
abstract class WebTestCase extends BaseWebTestCase
{
    /**
     * @var Application
     *
     * application
     */
    protected static $application;

    /**
     * @var Client
     *
     * Client
     */
    protected $client;

    /**
     * @todo [BC Break] Replace the non-static property with this one.
     * @var Client
     */
    private static $_client;

    /**
     * @var ContainerInterface
     *
     * Container
     */
    protected $container;

    /**
     * Set up
     */
    public function setUp()
    {
        try {
            $this->client = self::$_client = parent::createClient(
class Daddy
{
    protected function getFirstName()
    {
        return "Eidur";
    }

    protected function getSurName()
    {
        return "Gudjohnsen";
    }
}

class Son
{
    public function getFirstName()
    {
        return parent::getSurname();
    }
}
                $this->getKernelOptions(),
                $this->getServerParameters()
            );

            static::$application = new Application(static::$kernel);
            static::$application->setAutoExit(false);
            $this->container = static::$kernel->getContainer();

        }
        catch (Exception $e) {
            throw new RuntimeException(sprintf(
                'Unable to start the application: %s',
                get_class($e).':'.$e->getMessage()
            ));
        }

        $this->createSchema();
    }

    /**
     * Tear down
     */
    public function tearDown()
    {
        if (!static::$application) return;

        $output = new BufferedOutput();

        static::$application->run(new ArrayInput(array(
            'command'          => 'doctrine:database:drop',
            '--no-interaction' => true,
            '--force'          => true,
            '--quiet'          => true,
        )), $output);

        if (!$this->runCommandsQuietly()) {
            echo $output->fetch();
        }

        parent::tearDown();
    }

    /**
     * Load fixtures of these bundles
     *
     * @return boolean|array Bundles name where fixtures should be found
     */
    protected function loadBundlesFixtures()
    {
        return false;
    }

    /**
     * @return array
     */
    protected function getKernelOptions()
    {
        return array();
    }

    /**
     * @return array An array of server parameters to pass to the test client
     */
    protected function getServerParameters()
    {
        return array();
    }

    /**
     * Schema must be loaded in all test cases
     *
     * @return boolean Load schema
     */
    protected function loadSchema()
    {
        return true;
    }

    /**
     * Should schema be loaded quietly
     */
    protected function runCommandsQuietly()
    {
        return true;
    }

    /**
     * Creates schema
     *
     * Only creates schema if loadSchema() is set to true.
     * All other methods will be loaded if this one is loaded.
     *
     * Otherwise, will return.
     *
     * @return $this self Object
     */
    protected function createSchema()
    {
        if (!$this->loadSchema()) {
            return $this;
        }

        $output = new BufferedOutput();

        static::$application->run(new ArrayInput(array(
            'command'          => 'doctrine:database:drop',
            '--no-interaction' => true,
            '--force'          => true,
        )), $output);

        static::$application->run(new ArrayInput(array(
            'command'          => 'doctrine:database:create',
            '--no-interaction' => true,
        )), $output);

        static::$application->run(new ArrayInput(array(
            'command'          => 'doctrine:schema:create',
            '--no-interaction' => true,
        )), $output);

        if (!$this->runCommandsQuietly()) {
            echo $output->fetch();
        }

        $this->loadFixtures();

        return $this;
    }

    /**
     * load fixtures method
     *
     * This method is only called if create Schema is set to true
     *
     * Only load fixtures if loadFixtures() is set to true.
     * All other methods will be loaded if this one is loaded.
     *
     * Otherwise, will return.
     *
     * @return $this self Object
     */
    protected function loadFixtures()
    {
        if (!is_array($this->loadBundlesFixtures())) {
            return $this;
        }

        $bundles = static::$kernel->getBundles();
        $formattedBundles = array_map(function ($bundle) use ($bundles) {
            return $bundles[$bundle]->getPath() . '/DataFixtures/ORM/';
        }, $this->loadBundlesFixtures());

        $output = new BufferedOutput();

        self::$application->run(new ArrayInput(array(
            'command'          => 'doctrine:fixtures:load',
            '--no-interaction' => true,
            '--fixtures'       => $formattedBundles,
        )), $output);

        if (!$this->runCommandsQuietly()) {
            echo $output->fetch();
        }

        return $this;
    }

    protected static function getBundleAndTestCaseName()
    {
        $return = array(
            'bundleName' => '',
            'bundleNamespace' => '',
            'testCaseName' => 'Default',
        );

        $appKernelLoc = '\\app\\AppKernel';
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}
        $namespaceExploded = explode('\\Tests\\Functional\\', get_called_class(), 2);

        $return['bundleNamespace'] = $namespaceExploded[0];
        $bundleNamespaceParts = explode('\\', $namespaceExploded[0]);
        $return['bundleName'] = array_shift($bundleNamespaceParts).array_pop($bundleNamespaceParts);

        $parts = explode('\\', $namespaceExploded[1]);
        if (count($parts) > 1) {
            $return['testCaseName'] = array_shift($parts);
        }

        return $return;
    }

    /**
     * Attempts to guess the kernel location.
     *
     * When the Kernel is located, the file is required.
     *
     * @return string The Kernel class name
     *
     * @throws \RuntimeException
     */
    protected static function getKernelClass()
    {
        $testInfo = self::getBundleAndTestCaseName();

        $namespaceExploded = explode('\\Tests\\Functional\\', get_called_class(), 2);
$myVar = 'Value';
$higher = false;

if (rand(1, 6) > 3) {
    $higher = true;
} else {
    $higher = false;
}

        $baseNamespace = $testInfo['bundleNamespace'].'\\Tests\\Functional';

        if (isset($testInfo['testCaseName']) &&
            class_exists($baseNamespace.'\\'.$testInfo['testCaseName'].'\\app\\AppKernel')
        ) {
            $baseNamespace .= '\\'.$testInfo['testCaseName'];
        }

        $kernelClass = $baseNamespace . '\\app\\AppKernel';

        return $kernelClass;
    }

    /**
     * Creates a Client.
     *
     * @param array $options An array of options to pass to the createKernel class
     * @param array $server  An array of server parameters
     *
     * @return Client A Client instance
     */
    protected static function createClient(array $options = array(), array $server = array())
    {
        return self::$_client;
    }

    /**
     * Creates a Kernel.
     *
     * Available options:
     *
     *  * environment
     *  * debug
     *
     * @param array $options An array of options
     *
     * @return KernelInterface A KernelInterface instance
     */
    protected static function createKernel(array $options = array())
    {
        $testInfo = self::getBundleAndTestCaseName();
        $env = $testInfo['bundleName'];
        if (!empty($testInfo['testCaseName'])) {
            $env .= '_'.$testInfo['testCaseName'];
        }
        else {
            $env .= 'Test';
        }

        static::$class = static::getKernelClass();
        return new static::$class($env, true, $testInfo);
    }
}


1			<?php
2			/**
3			* This file is part of the Elcodi package.
4			*
5			* Copyright (c) 2014 Elcodi.com
6			*
7			* For the full copyright and license information, please view the LICENSE
8			* file that was distributed with this source code.
9			*
10			* Feel free to edit as you please, and have fun.
11			*
12			* @author Dan Kempster <[email protected]>
13			*/
14			namespace Axstrad\Bundle\TestBundle\Functional;
15
16			use Axstrad\Component\Test\Console\Output\BufferedOutput;
17			use Exception;
18			use Symfony\Bundle\FrameworkBundle\Client;
19			use Symfony\Bundle\FrameworkBundle\Console\Application;
20			use Symfony\Bundle\FrameworkBundle\Test\WebTestCase as BaseWebTestCase;
21			use Symfony\Component\Console\Input\ArrayInput;
22			use Symfony\Component\DependencyInjection\ContainerInterface;
23			use Symfony\Component\DependencyInjection\Exception\RuntimeException;
24			use Symfony\Component\HttpKernel\KernelInterface;
25
26
27			/**
28			* Axstrad\Bundle\TestBundle\Functional\WebTestCase
29			*/
30			abstract class WebTestCase extends BaseWebTestCase
31			{
32			/**
33			* @var Application
34			*
35			* application
36			*/
37			protected static $application;
38
39			/**
40			* @var Client
41			*
42			* Client
43			*/
44			protected $client;
45
46			/**
47			* @todo [BC Break] Replace the non-static property with this one.
48			* @var Client
49			*/
50			private static $_client;
51
52			/**
53			* @var ContainerInterface
54			*
55			* Container
56			*/
57			protected $container;
58
59			/**
60			* Set up
61			*/
62			public function setUp()
63			{
64			try {
65			$this->client = self::$_client = parent::createClient(
			0 ignored issues – show Comprehensibility Bug introduced 2017-01-23 08:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you call parent on a different method (`createClient()` instead of `setUp()`). Are you sure this is correct? If so, you might want to change this to `$this->createClient()`. This check looks for a call to a parent method whose name is different than the method from which it is called. Consider the following code: class Daddy { protected function getFirstName() { return "Eidur"; } protected function getSurName() { return "Gudjohnsen"; } } class Son { public function getFirstName() { return parent::getSurname(); } } The `getFirstName()` method in the `Son` calls the wrong method in the parent class. Loading history...
66			$this->getKernelOptions(),
67			$this->getServerParameters()
68			);
69
70			static::$application = new Application(static::$kernel);
71			static::$application->setAutoExit(false);
72			$this->container = static::$kernel->getContainer();
73
74			}
75			catch (Exception $e) {
76			throw new RuntimeException(sprintf(
77			'Unable to start the application: %s',
78			get_class($e).':'.$e->getMessage()
79			));
80			}
81
82			$this->createSchema();
83			}
84
85			/**
86			* Tear down
87			*/
88			public function tearDown()
89			{
90			if (!static::$application) return;
91
92			$output = new BufferedOutput();
93
94			static::$application->run(new ArrayInput(array(
95			'command' => 'doctrine:database:drop',
96			'--no-interaction' => true,
97			'--force' => true,
98			'--quiet' => true,
99			)), $output);
100
101			if (!$this->runCommandsQuietly()) {
102			echo $output->fetch();
103			}
104
105			parent::tearDown();
106			}
107
108			/**
109			* Load fixtures of these bundles
110			*
111			* @return boolean\|array Bundles name where fixtures should be found
112			*/
113			protected function loadBundlesFixtures()
114			{
115			return false;
116			}
117
118			/**
119			* @return array
120			*/
121			protected function getKernelOptions()
122			{
123			return array();
124			}
125
126			/**
127			* @return array An array of server parameters to pass to the test client
128			*/
129			protected function getServerParameters()
130			{
131			return array();
132			}
133
134			/**
135			* Schema must be loaded in all test cases
136			*
137			* @return boolean Load schema
138			*/
139			protected function loadSchema()
140			{
141			return true;
142			}
143
144			/**
145			* Should schema be loaded quietly
146			*/
147			protected function runCommandsQuietly()
148			{
149			return true;
150			}
151
152			/**
153			* Creates schema
154			*
155			* Only creates schema if loadSchema() is set to true.
156			* All other methods will be loaded if this one is loaded.
157			*
158			* Otherwise, will return.
159			*
160			* @return $this self Object
161			*/
162			protected function createSchema()
163			{
164			if (!$this->loadSchema()) {
165			return $this;
166			}
167
168			$output = new BufferedOutput();
169
170			static::$application->run(new ArrayInput(array(
171			'command' => 'doctrine:database:drop',
172			'--no-interaction' => true,
173			'--force' => true,
174			)), $output);
175
176			static::$application->run(new ArrayInput(array(
177			'command' => 'doctrine:database:create',
178			'--no-interaction' => true,
179			)), $output);
180
181			static::$application->run(new ArrayInput(array(
182			'command' => 'doctrine:schema:create',
183			'--no-interaction' => true,
184			)), $output);
185
186			if (!$this->runCommandsQuietly()) {
187			echo $output->fetch();
188			}
189
190			$this->loadFixtures();
191
192			return $this;
193			}
194
195			/**
196			* load fixtures method
197			*
198			* This method is only called if create Schema is set to true
199			*
200			* Only load fixtures if loadFixtures() is set to true.
201			* All other methods will be loaded if this one is loaded.
202			*
203			* Otherwise, will return.
204			*
205			* @return $this self Object
206			*/
207			protected function loadFixtures()
208			{
209			if (!is_array($this->loadBundlesFixtures())) {
210			return $this;
211			}
212
213			$bundles = static::$kernel->getBundles();
214			$formattedBundles = array_map(function ($bundle) use ($bundles) {
215			return $bundles[$bundle]->getPath() . '/DataFixtures/ORM/';
216			}, $this->loadBundlesFixtures());
217
218			$output = new BufferedOutput();
219
220			self::$application->run(new ArrayInput(array(
221			'command' => 'doctrine:fixtures:load',
222			'--no-interaction' => true,
223			'--fixtures' => $formattedBundles,
224			)), $output);
225
226			if (!$this->runCommandsQuietly()) {
227			echo $output->fetch();
228			}
229
230			return $this;
231			}
232
233			protected static function getBundleAndTestCaseName()
234			{
235			$return = array(
236			'bundleName' => '',
237			'bundleNamespace' => '',
238			'testCaseName' => 'Default',
239			);
240
241			$appKernelLoc = '\\app\\AppKernel';
			0 ignored issues – show Unused Code introduced 2017-01-23 08:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$appKernelLoc` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
242			$namespaceExploded = explode('\\Tests\\Functional\\', get_called_class(), 2);
243
244			$return['bundleNamespace'] = $namespaceExploded[0];
245			$bundleNamespaceParts = explode('\\', $namespaceExploded[0]);
246			$return['bundleName'] = array_shift($bundleNamespaceParts).array_pop($bundleNamespaceParts);
247
248			$parts = explode('\\', $namespaceExploded[1]);
249			if (count($parts) > 1) {
250			$return['testCaseName'] = array_shift($parts);
251			}
252
253			return $return;
254			}
255
256			/**
257			* Attempts to guess the kernel location.
258			*
259			* When the Kernel is located, the file is required.
260			*
261			* @return string The Kernel class name
262			*
263			* @throws \RuntimeException
264			*/
265			protected static function getKernelClass()
266			{
267			$testInfo = self::getBundleAndTestCaseName();
268
269			$namespaceExploded = explode('\\Tests\\Functional\\', get_called_class(), 2);
			0 ignored issues – show Unused Code introduced 2017-01-23 08:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$namespaceExploded` is not used, you could remove the assignment. This check looks for variable assignements that are either overwritten by other assignments or where the variable is not used subsequently. $myVar = 'Value'; $higher = false; if (rand(1, 6) > 3) { $higher = true; } else { $higher = false; } Both the `$myVar` assignment in line 1 and the `$higher` assignment in line 2 are dead. The first because `$myVar` is never used and the second because `$higher` is always overwritten for every possible time line. Loading history...
270
271			$baseNamespace = $testInfo['bundleNamespace'].'\\Tests\\Functional';
272
273			if (isset($testInfo['testCaseName']) &&
274			class_exists($baseNamespace.'\\'.$testInfo['testCaseName'].'\\app\\AppKernel')
275			) {
276			$baseNamespace .= '\\'.$testInfo['testCaseName'];
277			}
278
279			$kernelClass = $baseNamespace . '\\app\\AppKernel';
280
281			return $kernelClass;
282			}
283
284			/**
285			* Creates a Client.
286			*
287			* @param array $options An array of options to pass to the createKernel class
288			* @param array $server An array of server parameters
289			*
290			* @return Client A Client instance
291			*/
292			protected static function createClient(array $options = array(), array $server = array())
293			{
294			return self::$_client;
295			}
296
297			/**
298			* Creates a Kernel.
299			*
300			* Available options:
301			*
302			* * environment
303			* * debug
304			*
305			* @param array $options An array of options
306			*
307			* @return KernelInterface A KernelInterface instance
308			*/
309			protected static function createKernel(array $options = array())
310			{
311			$testInfo = self::getBundleAndTestCaseName();
312			$env = $testInfo['bundleName'];
313			if (!empty($testInfo['testCaseName'])) {
314			$env .= '_'.$testInfo['testCaseName'];
315			}
316			else {
317			$env .= 'Test';
318			}
319
320			static::$class = static::getKernelClass();
321			return new static::$class($env, true, $testInfo);
322			}
323			}
324

dankempster / axstrad-test-bundle

Issues (3)

Security Analysis no request data

Functional/WebTestCase.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like