Issues in ModuleFinder.php (master) - Issues in master - daviddeutsch/saltwater - Measure and Improve Code Quality continuously with Scrutinizer

Issues (24)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Saltwater/Water/ModuleFinder.php (3 issues)

Labels

Bug 3

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Saltwater\Water;

use Saltwater\Server as S;
use Saltwater\Utils as U;
use Saltwater\Salt\Context;
use Saltwater\Salt\Module;
use Saltwater\Salt\Provider;

class ModuleFinder
{
    /**
     * Return the master context for the current master module
     *
     * @param Context|null $parent inject a parent context
     *
     * @return Context
     */
    public function masterContext($parent = null)
    {
        $stack = S::$n->modules->getStack();

        foreach (S::$n->modules as $name => $module) {
            /** @var Module $module */
            if (!$module->doesProvide('context')) {
                continue;
            }

            $parent = S::$n->context->get($module->masterContext(), $parent);

            if ($stack->isMaster($name)) {
                break;
            }
        }

        return $parent;
    }

    /**
     * @param int    $bit
     * @param string $caller
     * @param string $type
     *
     * @return bool|Provider
     */
    public function provider($bit, $caller, $type)
    {
        $stack = S::$n->modules->getStack();

        // Depending on the caller, reset the module stack
        $previous_master = $stack->setMaster($caller);

        foreach (S::$n->modules->precedenceList() as $module) {
            $return = $this->providerFromModule($module, $bit, $caller, $type);

            if ($return) {
                $stack->setMaster($previous_master);

                return $return;
            }
        }

        $stack->setMaster($previous_master);

        return $this->tryModuleFallback($bit, $type);
    }

    /**
     * @param Module $module
     * @param string $name
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     * @param int    $bit
     * @param string $caller
     * @param string $type
     *
     * @return Provider|bool
     */
    private function providerFromModule($module, $bit, $caller, $type)
    {
        if (!$module->has($bit)) {
            return false;
        }

        return $module->provider($caller, $type);
    }

    /**
     * @param integer $bit
     * @param string  $type
     *
     * @return Provider|bool
     */
    private function tryModuleFallback($bit, $type)
    {
        // As a last resort, step one module up within stack and try again
        if ($caller = S::$n->modules->getStack()->advanceMaster()) {
            return $this->provider($bit, $caller, $type);
/**
 * @return array|string
 */
function returnsDifferentValues($x) {
    if ($x) {
        return 'foo';
    }

    return array();
}

$x = returnsDifferentValues($y);
if (is_array($x)) {
    // $x is an array.
}
        }

        return false;
    }

    /**
     * Find the module of a caller class
     *
     * @param array  $caller
     * @param string $provider
     *
     * @return string module name
     */
    public function find($caller, $provider)
    {
        list(, $salt, $namespace) = U::extractFromClass($caller);

        $is_provider = $salt == $provider;

        $bit = S::$n->registry->bit($salt);

        foreach (S::$n->modules->reverse() as $name => $module) {
            /** @var Module $module */
            if ($this->check($module, $is_provider, $bit, $namespace)) {
                return $name;
            }
        }

        return null;
    }

    /**
     * @param Module $module
     * @param bool   $is_provider
/**
 * @param array $germany
 * @param array $island
 * @param array $italy
 */
function finale($germany, $island) {
    return "2:1";
}
     * @param int    $bit
     * @param string $namespace
     *
     * @return bool
     */
    private function check($module, $isProvider, $bit, $namespace)
    {
        if ($isProvider === ($module::getNamespace() == $namespace)) {
            return false;
        }

        return $module->has($bit);
    }

    /**
     * Return a list of Modules providing a Salt
     *
     * @param string $salt
     * @param bool   $first only return the first item on the list
     *
     * @return Module[]|string[]|false
     */
    public function modulesBySalt($salt, $first = false)
    {
        if (!S::$n->registry->exists($salt)) {
            return false;
        }

        $list = new ModuleList(
            S::$n->modules->precedenceList() ?: S::$n->modules
        );

        $call = $first ? 'filterOneBit' : 'filterByBit';

        return $list->$call(S::$n->registry->bit($salt));
    }
}


1			<?php
2
3			namespace Saltwater\Water;
4
5			use Saltwater\Server as S;
6			use Saltwater\Utils as U;
7			use Saltwater\Salt\Context;
8			use Saltwater\Salt\Module;
9			use Saltwater\Salt\Provider;
10
11			class ModuleFinder
12			{
13			/**
14			* Return the master context for the current master module
15			*
16			* @param Context\|null $parent inject a parent context
17			*
18			* @return Context
19			*/
20			public function masterContext($parent = null)
21			{
22			$stack = S::$n->modules->getStack();
23
24			foreach (S::$n->modules as $name => $module) {
25			/** @var Module $module */
26			if (!$module->doesProvide('context')) {
27			continue;
28			}
29
30			$parent = S::$n->context->get($module->masterContext(), $parent);
31
32			if ($stack->isMaster($name)) {
33			break;
34			}
35			}
36
37			return $parent;
38			}
39
40			/**
41			* @param int $bit
42			* @param string $caller
43			* @param string $type
44			*
45			* @return bool\|Provider
46			*/
47			public function provider($bit, $caller, $type)
48			{
49			$stack = S::$n->modules->getStack();
50
51			// Depending on the caller, reset the module stack
52			$previous_master = $stack->setMaster($caller);
53
54			foreach (S::$n->modules->precedenceList() as $module) {
55			$return = $this->providerFromModule($module, $bit, $caller, $type);
56
57			if ($return) {
58			$stack->setMaster($previous_master);
59
60			return $return;
61			}
62			}
63
64			$stack->setMaster($previous_master);
65
66			return $this->tryModuleFallback($bit, $type);
67			}
68
69			/**
70			* @param Module $module
71			* @param string $name
			0 ignored issues – show Bug introduced 2017-02-28 09:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$name`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
72			* @param int $bit
73			* @param string $caller
74			* @param string $type
75			*
76			* @return Provider\|bool
77			*/
78			private function providerFromModule($module, $bit, $caller, $type)
79			{
80			if (!$module->has($bit)) {
81			return false;
82			}
83
84			return $module->provider($caller, $type);
85			}
86
87			/**
88			* @param integer $bit
89			* @param string $type
90			*
91			* @return Provider\|bool
92			*/
93			private function tryModuleFallback($bit, $type)
94			{
95			// As a last resort, step one module up within stack and try again
96			if ($caller = S::$n->modules->getStack()->advanceMaster()) {
97			return $this->provider($bit, $caller, $type);
			0 ignored issues – show Bug introduced 2017-02-28 09:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$caller` defined by `\Saltwater\Server::$n->m...tack()->advanceMaster()` on line `96` can also be of type `boolean`; however, `Saltwater\Water\ModuleFinder::provider()` does only seem to accept `string`, maybe add an additional type check? If a method or function can return multiple different values and unless you are sure that you only can receive a single value in this context, we recommend to add an additional type check: /** * @return array\|string */ function returnsDifferentValues($x) { if ($x) { return 'foo'; } return array(); } $x = returnsDifferentValues($y); if (is_array($x)) { // $x is an array. } If this a common case that PHP Analyzer should handle natively, please let us know by opening an issue. Loading history...
98			}
99
100			return false;
101			}
102
103			/**
104			* Find the module of a caller class
105			*
106			* @param array $caller
107			* @param string $provider
108			*
109			* @return string module name
110			*/
111			public function find($caller, $provider)
112			{
113			list(, $salt, $namespace) = U::extractFromClass($caller);
114
115			$is_provider = $salt == $provider;
116
117			$bit = S::$n->registry->bit($salt);
118
119			foreach (S::$n->modules->reverse() as $name => $module) {
120			/** @var Module $module */
121			if ($this->check($module, $is_provider, $bit, $namespace)) {
122			return $name;
123			}
124			}
125
126			return null;
127			}
128
129			/**
130			* @param Module $module
131			* @param bool $is_provider
			0 ignored issues – show Bug introduced 2017-02-28 09:47 UTC by Report Bug Copy Issue Report Show Similar Issues like this There is no parameter named `$is_provider`. Was it maybe removed? This check looks for PHPDoc comments describing methods or function parameters that do not exist on the corresponding method or function. Consider the following example. The parameter `$italy` is not defined by the method `finale(...)`. /** * @param array $germany * @param array $island * @param array $italy */ function finale($germany, $island) { return "2:1"; } The most likely cause is that the parameter was removed, but the annotation was not. Loading history...
132			* @param int $bit
133			* @param string $namespace
134			*
135			* @return bool
136			*/
137			private function check($module, $isProvider, $bit, $namespace)
138			{
139			if ($isProvider === ($module::getNamespace() == $namespace)) {
140			return false;
141			}
142
143			return $module->has($bit);
144			}
145
146			/**
147			* Return a list of Modules providing a Salt
148			*
149			* @param string $salt
150			* @param bool $first only return the first item on the list
151			*
152			* @return Module[]\|string[]\|false
153			*/
154			public function modulesBySalt($salt, $first = false)
155			{
156			if (!S::$n->registry->exists($salt)) {
157			return false;
158			}
159
160			$list = new ModuleList(
161			S::$n->modules->precedenceList() ?: S::$n->modules
162			);
163
164			$call = $first ? 'filterOneBit' : 'filterByBit';
165
166			return $list->$call(S::$n->registry->bit($salt));
167			}
168			}
169

GitHub Access Token became invalid

Issues (24)

Security Analysis not enabled

src/Saltwater/Water/ModuleFinder.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

daviddeutsch / saltwater

GitHub Access Token became invalid

Issues (24)

Security Analysis not enabled

src/Saltwater/Water/ModuleFinder.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like