Issues in MountManager.php (master) - Issues in master - delboy1978uk/flysystem - Measure and Improve Code Quality continuously with Scrutinizer

Issues (30)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/MountManager.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace League\Flysystem;

use InvalidArgumentException;
use League\Flysystem\Plugin\PluginNotFoundException;
use LogicException;
use BadMethodCallException;
use League\Flysystem\FilesystemInterface;
use League\Flysystem\PluginInterface;

/**
 * Class MountManager.
 *
 * Proxies methods to Filesystem (@see __call):
 *
 * @method AdapterInterface getAdapter($prefix)
 * @method Config getConfig($prefix)
 * @method bool has($path)
 * @method bool write($path, $contents, array $config = [])
 * @method bool writeStream($path, $resource, array $config = [])
 * @method bool put($path, $contents, $config = [])
 * @method bool putStream($path, $contents, $config = [])
 * @method string readAndDelete($path)
 * @method bool update($path, $contents, $config = [])
 * @method bool updateStream($path, $resource, $config = [])
 * @method string|false read($path)
 * @method resource|false readStream($path)
 * @method bool rename($path, $newpath)
 * @method bool delete($path)
 * @method bool deleteDir($dirname)
 * @method bool createDir($dirname, $config = [])
 * @method array listFiles($directory = '', $recursive = false)
 * @method array listPaths($directory = '', $recursive = false)
 * @method array getWithMetadata($path, array $metadata)
 * @method string|false getMimetype($path)
 * @method string|false getTimestamp($path)
 * @method string|false getVisibility($path)
 * @method int|false getSize($path);
 * @method bool setVisibility($path, $visibility)
 * @method array|false getMetadata($path)
 * @method Handler get($path, Handler $handler = null)
 * @method Filesystem flushCache()
 * @method assertPresent($path)
 * @method assertAbsent($path)
 * @method Filesystem addPlugin(PluginInterface $plugin)
 */
class MountManager
{
    /**
     * @var array
     */
    protected $plugins = array();

    /**
     * Register a plugin.
     *
     * @param PluginInterface $plugin
     *
     * @return $this
     */
    public function addPlugin(PluginInterface $plugin)
    {
        $this->plugins[$plugin->getMethod()] = $plugin;

        return $this;
    }

    /**
     * Find a specific plugin.
     *
     * @param string $method
     *
     * @throws LogicException
     *
     * @return PluginInterface $plugin
     */
    protected function findPlugin($method)

    {
        if ( ! isset($this->plugins[$method])) {
            throw new PluginNotFoundException('Plugin not found for method: ' . $method);
        }

        if ( ! method_exists($this->plugins[$method], 'handle')) {
            throw new LogicException(get_class($this->plugins[$method]) . ' does not have a handle method.');
        }

        return $this->plugins[$method];
    }

    /**
     * Invoke a plugin by method name.
     *
     * @param string $method
     * @param array  $arguments
     *
     * @return mixed
     */
    protected function invokePlugin($method, array $arguments, FilesystemInterface $filesystem)

    {
        $plugin = $this->findPlugin($method);
        $plugin->setFilesystem($filesystem);
        $callback = array($plugin, 'handle');

        return call_user_func_array($callback, $arguments);
    }



    /**
     * @var array
     */
    protected $filesystems = array();

    /**
     * Constructor.
     *
     * @param array $filesystems
     */
    public function __construct(array $filesystems = array())
    {
        $this->mountFilesystems($filesystems);
    }

    /**
     * Mount filesystems.
     *
     * @param array $filesystems [:prefix => Filesystem,]
     *
     * @return $this
     */
    public function mountFilesystems(array $filesystems)
    {
        foreach ($filesystems as $prefix => $filesystem) {
            $this->mountFilesystem($prefix, $filesystem);
        }

        return $this;
    }

    /**
     * Mount filesystems.
     *
     * @param string              $prefix
     * @param FilesystemInterface $filesystem
     *
     * @return $this
     */
    public function mountFilesystem($prefix, FilesystemInterface $filesystem)
    {
        if ( ! is_string($prefix)) {
            throw new InvalidArgumentException(__METHOD__ . ' expects argument #1 to be a string.');
        }

        $this->filesystems[$prefix] = $filesystem;

        return $this;
    }

    /**
     * Get the filesystem with the corresponding prefix.
     *
     * @param string $prefix
     *
     * @throws LogicException
     *
     * @return FilesystemInterface
     */
    public function getFilesystem($prefix)
    {
        if ( ! isset($this->filesystems[$prefix])) {
            throw new LogicException('No filesystem mounted with prefix ' . $prefix);
        }

        return $this->filesystems[$prefix];
    }

    /**
     * Retrieve the prefix from an arguments array.
     *
     * @param array $arguments
     *
     * @return array [:prefix, :arguments]
     */
    public function filterPrefix(array $arguments)
    {
        if (empty($arguments)) {
            throw new LogicException('At least one argument needed');
        }

        $path = array_shift($arguments);

        if ( ! is_string($path)) {
            throw new InvalidArgumentException('First argument should be a string');
        }

        if ( ! preg_match('#^.+\:\/\/.*#', $path)) {
            throw new InvalidArgumentException('No prefix detected in path: ' . $path);
        }

        list($prefix, $path) = explode('://', $path, 2);
        array_unshift($arguments, $path);

        return array($prefix, $arguments);
    }

    /**
     * @param string $directory
     * @param bool   $recursive
     *
     * @return array
     */
    public function listContents($directory = '', $recursive = false)
    {
        list($prefix, $arguments) = $this->filterPrefix(array($directory));
        $filesystem = $this->getFilesystem($prefix);
        $directory = array_shift($arguments);
        $result = $filesystem->listContents($directory, $recursive);

        foreach ($result as &$file) {
            $file['filesystem'] = $prefix;
        }

        return $result;
    }

    /**
     * Call forwarder.
     *
     * @param string $method
     * @param array  $arguments
     *
     * @return mixed
     */
    public function __call($method, $arguments)
    {
        list($prefix, $arguments) = $this->filterPrefix($arguments);

        return $this->invokePluginOnFilesystem($method, $arguments, $prefix);
    }

    /**
     * @param $from
     * @param $to
     * @param array $config
     *
     * @return bool
     */
    public function copy($from, $to, array $config = array())
    {
        list($prefixFrom, $arguments) = $this->filterPrefix(array($from));

        $fsFrom = $this->getFilesystem($prefixFrom);
        $buffer = call_user_func_array(array($fsFrom, 'readStream'), $arguments);

        if ($buffer === false) {
            return false;
        }

        list($prefixTo, $arguments) = $this->filterPrefix(array($to));

        $fsTo = $this->getFilesystem($prefixTo);
        $result =  call_user_func_array(array($fsTo, 'writeStream'), array_merge($arguments, array($buffer, $config)));

        if (is_resource($buffer)) {
            fclose($buffer);
        }

        return $result;
    }

    /**
     * @param array $keys
     * @param string $directory
     * @param bool $recursive
     * @return mixed
     */
    public function listWith(array $keys = array(), $directory = '', $recursive = false)
    {
        list($prefix, $arguments) = $this->filterPrefix(array($directory));
        $directory = $arguments[0];
        $arguments = array($keys, $directory, $recursive);

        return $this->invokePluginOnFilesystem('listWith', $arguments, $prefix);
    }

    /**
     * Move a file.
     *
     * @param $from
     * @param $to
     * @param array $config
     *
     * @return bool
     */
    public function move($from, $to, array $config = array())
    {
        $copied = $this->copy($from, $to, $config);

        if ($copied) {
            return $this->delete($from);
        }

        return false;
    }

    /**
     * Invoke a plugin on a filesystem mounted on a given prefix.
     *
     * @param $method
     * @param $arguments
     * @param $prefix
     *
     * @return mixed
     */
    public function invokePluginOnFilesystem($method, $arguments, $prefix)
    {
        $filesystem = $this->getFilesystem($prefix);

        try {
            return $this->invokePlugin($method, $arguments, $filesystem);
        } catch (PluginNotFoundException $e) {
            // Let it pass, it's ok, don't panic.
        }

        $callback = array($filesystem, $method);

        return call_user_func_array($callback, $arguments);
    }
}


1			<?php
2
3			namespace League\Flysystem;
4
5			use InvalidArgumentException;
6			use League\Flysystem\Plugin\PluginNotFoundException;
7			use LogicException;
8			use BadMethodCallException;
9			use League\Flysystem\FilesystemInterface;
10			use League\Flysystem\PluginInterface;
11
12			/**
13			* Class MountManager.
14			*
15			* Proxies methods to Filesystem (@see __call):
16			*
17			* @method AdapterInterface getAdapter($prefix)
18			* @method Config getConfig($prefix)
19			* @method bool has($path)
20			* @method bool write($path, $contents, array $config = [])
21			* @method bool writeStream($path, $resource, array $config = [])
22			* @method bool put($path, $contents, $config = [])
23			* @method bool putStream($path, $contents, $config = [])
24			* @method string readAndDelete($path)
25			* @method bool update($path, $contents, $config = [])
26			* @method bool updateStream($path, $resource, $config = [])
27			* @method string\|false read($path)
28			* @method resource\|false readStream($path)
29			* @method bool rename($path, $newpath)
30			* @method bool delete($path)
31			* @method bool deleteDir($dirname)
32			* @method bool createDir($dirname, $config = [])
33			* @method array listFiles($directory = '', $recursive = false)
34			* @method array listPaths($directory = '', $recursive = false)
35			* @method array getWithMetadata($path, array $metadata)
36			* @method string\|false getMimetype($path)
37			* @method string\|false getTimestamp($path)
38			* @method string\|false getVisibility($path)
39			* @method int\|false getSize($path);
40			* @method bool setVisibility($path, $visibility)
41			* @method array\|false getMetadata($path)
42			* @method Handler get($path, Handler $handler = null)
43			* @method Filesystem flushCache()
44			* @method assertPresent($path)
45			* @method assertAbsent($path)
46			* @method Filesystem addPlugin(PluginInterface $plugin)
47			*/
48			class MountManager
49			{
50			/**
51			* @var array
52			*/
53			protected $plugins = array();
54
55			/**
56			* Register a plugin.
57			*
58			* @param PluginInterface $plugin
59			*
60			* @return $this
61			*/
62			public function addPlugin(PluginInterface $plugin)
63			{
64			$this->plugins[$plugin->getMethod()] = $plugin;
65
66			return $this;
67			}
68
69			/**
70			* Find a specific plugin.
71			*
72			* @param string $method
73			*
74			* @throws LogicException
75			*
76			* @return PluginInterface $plugin
77			*/
78	18	View Code Duplication	protected function findPlugin($method)
			0 ignored issues – show Duplication introduced 2016-07-19 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
79			{
80	18		if ( ! isset($this->plugins[$method])) {
81	18		throw new PluginNotFoundException('Plugin not found for method: ' . $method);
82			}
83
84			if ( ! method_exists($this->plugins[$method], 'handle')) {
85			throw new LogicException(get_class($this->plugins[$method]) . ' does not have a handle method.');
86			}
87
88			return $this->plugins[$method];
89			}
90
91			/**
92			* Invoke a plugin by method name.
93			*
94			* @param string $method
95			* @param array $arguments
96			*
97			* @return mixed
98			*/
99	18	View Code Duplication	protected function invokePlugin($method, array $arguments, FilesystemInterface $filesystem)
			0 ignored issues – show Duplication introduced 2016-07-19 09:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
100			{
101	18		$plugin = $this->findPlugin($method);
102			$plugin->setFilesystem($filesystem);
103			$callback = array($plugin, 'handle');
104
105			return call_user_func_array($callback, $arguments);
106			}
107
108
109
110			/**
111			* @var array
112			*/
113			protected $filesystems = array();
114
115			/**
116			* Constructor.
117			*
118			* @param array $filesystems
119			*/
120	45		public function __construct(array $filesystems = array())
121			{
122	45		$this->mountFilesystems($filesystems);
123	45		}
124
125			/**
126			* Mount filesystems.
127			*
128			* @param array $filesystems [:prefix => Filesystem,]
129			*
130			* @return $this
131			*/
132	45		public function mountFilesystems(array $filesystems)
133			{
134	45		foreach ($filesystems as $prefix => $filesystem) {
135	3		$this->mountFilesystem($prefix, $filesystem);
136	45		}
137
138	45		return $this;
139			}
140
141			/**
142			* Mount filesystems.
143			*
144			* @param string $prefix
145			* @param FilesystemInterface $filesystem
146			*
147			* @return $this
148			*/
149	33		public function mountFilesystem($prefix, FilesystemInterface $filesystem)
150			{
151	33		if ( ! is_string($prefix)) {
152	3		throw new InvalidArgumentException(__METHOD__ . ' expects argument #1 to be a string.');
153			}
154
155	30		$this->filesystems[$prefix] = $filesystem;
156
157	30		return $this;
158			}
159
160			/**
161			* Get the filesystem with the corresponding prefix.
162			*
163			* @param string $prefix
164			*
165			* @throws LogicException
166			*
167			* @return FilesystemInterface
168			*/
169	33		public function getFilesystem($prefix)
170			{
171	33		if ( ! isset($this->filesystems[$prefix])) {
172	3		throw new LogicException('No filesystem mounted with prefix ' . $prefix);
173			}
174
175	30		return $this->filesystems[$prefix];
176			}
177
178			/**
179			* Retrieve the prefix from an arguments array.
180			*
181			* @param array $arguments
182			*
183			* @return array [:prefix, :arguments]
184			*/
185	36		public function filterPrefix(array $arguments)
186			{
187	36		if (empty($arguments)) {
188	3		throw new LogicException('At least one argument needed');
189			}
190
191	33		$path = array_shift($arguments);
192
193	33		if ( ! is_string($path)) {
194	3		throw new InvalidArgumentException('First argument should be a string');
195			}
196
197	30		if ( ! preg_match('#^.+\:\/\/.*#', $path)) {
198	3		throw new InvalidArgumentException('No prefix detected in path: ' . $path);
199			}
200
201	27		list($prefix, $path) = explode('://', $path, 2);
202	27		array_unshift($arguments, $path);
203
204	27		return array($prefix, $arguments);
205			}
206
207			/**
208			* @param string $directory
209			* @param bool $recursive
210			*
211			* @return array
212			*/
213	3		public function listContents($directory = '', $recursive = false)
214			{
215	3		list($prefix, $arguments) = $this->filterPrefix(array($directory));
216	3		$filesystem = $this->getFilesystem($prefix);
217	3		$directory = array_shift($arguments);
218	3		$result = $filesystem->listContents($directory, $recursive);
219
220	3		foreach ($result as &$file) {
221	3		$file['filesystem'] = $prefix;
222	3		}
223
224	3		return $result;
225			}
226
227			/**
228			* Call forwarder.
229			*
230			* @param string $method
231			* @param array $arguments
232			*
233			* @return mixed
234			*/
235	15		public function __call($method, $arguments)
236			{
237	15		list($prefix, $arguments) = $this->filterPrefix($arguments);
238
239	15		return $this->invokePluginOnFilesystem($method, $arguments, $prefix);
240			}
241
242			/**
243			* @param $from
244			* @param $to
245			* @param array $config
246			*
247			* @return bool
248			*/
249	6		public function copy($from, $to, array $config = array())
250			{
251	6		list($prefixFrom, $arguments) = $this->filterPrefix(array($from));
252
253	6		$fsFrom = $this->getFilesystem($prefixFrom);
254	6		$buffer = call_user_func_array(array($fsFrom, 'readStream'), $arguments);
255
256	6		if ($buffer === false) {
257	3		return false;
258			}
259
260	6		list($prefixTo, $arguments) = $this->filterPrefix(array($to));
261
262	6		$fsTo = $this->getFilesystem($prefixTo);
263	6		$result = call_user_func_array(array($fsTo, 'writeStream'), array_merge($arguments, array($buffer, $config)));
264
265	6		if (is_resource($buffer)) {
266	6		fclose($buffer);
267	6		}
268
269	6		return $result;
270			}
271
272			/**
273			* @param array $keys
274			* @param string $directory
275			* @param bool $recursive
276			* @return mixed
277			*/
278	3		public function listWith(array $keys = array(), $directory = '', $recursive = false)
279			{
280	3		list($prefix, $arguments) = $this->filterPrefix(array($directory));
281	3		$directory = $arguments[0];
282	3		$arguments = array($keys, $directory, $recursive);
283
284	3		return $this->invokePluginOnFilesystem('listWith', $arguments, $prefix);
285			}
286
287			/**
288			* Move a file.
289			*
290			* @param $from
291			* @param $to
292			* @param array $config
293			*
294			* @return bool
295			*/
296	3		public function move($from, $to, array $config = array())
297			{
298	3		$copied = $this->copy($from, $to, $config);
299
300	3		if ($copied) {
301	3		return $this->delete($from);
302			}
303
304	3		return false;
305			}
306
307			/**
308			* Invoke a plugin on a filesystem mounted on a given prefix.
309			*
310			* @param $method
311			* @param $arguments
312			* @param $prefix
313			*
314			* @return mixed
315			*/
316	18		public function invokePluginOnFilesystem($method, $arguments, $prefix)
317			{
318	18		$filesystem = $this->getFilesystem($prefix);
319
320			try {
321	18		return $this->invokePlugin($method, $arguments, $filesystem);
322	18		} catch (PluginNotFoundException $e) {
323			// Let it pass, it's ok, don't panic.
324			}
325
326	18		$callback = array($filesystem, $method);
327
328	18		return call_user_func_array($callback, $arguments);
329			}
330			}
331

delboy1978uk / flysystem

Issues (30)

Security Analysis no request data

src/MountManager.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like