Issues in Collection.php (master) - Issues in master - dominionenterprises/tol-api-php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Collection.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace DominionEnterprises\Api;
use DominionEnterprises\Util;

/**
 * Class for iterating index responses. Collections are readonly
 */
final class Collection implements \Iterator, \Countable
{
    /**
     * API Client
     *
     * @var Client
     */
    private $_client;

    /**
     * limit to give to API
     *
     * @var int
     */
    private $_limit;

    /**
     * offset to give to API
     *
     * @var int
     */
    private $_offset;

    /**
     * resource name for collection
     *
     * @var string
     */
    private $_resource;

    /**
     * array of filters to pass to API
     *
     * @var array
     */
    private $_filters;

    /**
     * Total number of elements in the collection
     *
     * @var int
     */
    private $_total;

    /**
     * pointer in the paginated results
     *
     * @var int
     */
    private $_position;

    /**
     * A paginated set of elements from the API
     *
     * @var array
     */
    private $_result;

    /**
     * Create a new collection
     *
     * @param Client $client client connection to the API
     * @param string $resource name of API resource to request
     * @param array $filters key value pair array of search filters
     */
    public function __construct(Client $client, $resource, array $filters = [])
    {
        Util::throwIfNotType(['string' => [$resource]], true);

        $this->_client = $client;
        $this->_resource = $resource;
        $this->_filters = $filters;
        $this->rewind();
    }

    /**
     * @see Countable::count()
     *
     * @return int
     */
    public function count()
    {
        if ($this->_position === -1) {
            $this->next();
        }

        return $this->_total;
    }

    /**
     * @see Iterator::rewind()
     *
     * @return void
     */
    public function rewind()
    {
        $this->_result = null;

        $this->_offset = 0;
        $this->_total = 0;
        $this->_limit = 0;
        $this->_position = -1;
    }

    /**
     * @see Iterator::key()
     *
     * @return int
     */
    public function key()

    {
        if ($this->_position === -1) {
            $this->next();
        }

        Util::ensure(false, empty($this->_result), '\OutOfBoundsException', ['Collection contains no elements']);

        return $this->_offset + $this->_position;
    }

    /**
     * @see Iterator::valid()
     *
     * @return bool
     */
    public function valid()
    {
        if ($this->_position === -1) {
            $this->next();
        }

        return $this->_offset + $this->_position < $this->_total;
    }

    /**
     * @see Iterator::next()
     *
     * @return void
     */
    public function next()
    {
        ++$this->_position;

        if ($this->_position < $this->_limit) {
            return;
        }

        $this->_offset += $this->_limit;
        $this->_filters['offset'] = $this->_offset;
        $indexResponse = $this->_client->index($this->_resource, $this->_filters);

        $httpCode = $indexResponse->getHttpCode();
        Util::ensure(200, $httpCode, "Did not receive 200 from API. Instead received {$httpCode}");

        $response = $indexResponse->getResponse();
        $this->_limit = $response['pagination']['limit'];
        $this->_total = $response['pagination']['total'];
        $this->_result = $response['result'];
        $this->_position = 0;
    }

    /**
     * @see Iterator::current()
     *
     * @return array
     */
    public function current()

    {
        if ($this->_position === -1) {
            $this->next();
        }

        Util::ensure(
            true,
            array_key_exists($this->_position, $this->_result),
            '\OutOfBoundsException',
            ['Collection contains no element at current position']
        );

        return $this->_result[$this->_position];
    }

    /**
     * Returns the values from a single field this collection, identified by the given $key.
     *
     * @param string $key The name of the field for which the values will be returned.
     *
     * @return iterable
     */
    public function column($key)
    {
        foreach ($this as $item) {
            yield Util\Arrays::get($item, $key);
        }
    }

    /**
     * Return an iterable generator containing only the fields specified in the $keys array.
     *
     * @param array $keys The list of field names to be returned.
     *
     * @return \Generator
     */
    public function select(array $keys)
    {
        foreach ($this as $item) {
            $result = array_fill_keys($keys, null);
            Util\Arrays::copyIfKeysExist($item, $result, $keys);
            yield  $result;
        }
    }
}


1		<?php
2
3		namespace DominionEnterprises\Api;
4		use DominionEnterprises\Util;
5
6		/**
7		* Class for iterating index responses. Collections are readonly
8		*/
9		final class Collection implements \Iterator, \Countable
10		{
11		/**
12		* API Client
13		*
14		* @var Client
15		*/
16		private $_client;
17
18		/**
19		* limit to give to API
20		*
21		* @var int
22		*/
23		private $_limit;
24
25		/**
26		* offset to give to API
27		*
28		* @var int
29		*/
30		private $_offset;
31
32		/**
33		* resource name for collection
34		*
35		* @var string
36		*/
37		private $_resource;
38
39		/**
40		* array of filters to pass to API
41		*
42		* @var array
43		*/
44		private $_filters;
45
46		/**
47		* Total number of elements in the collection
48		*
49		* @var int
50		*/
51		private $_total;
52
53		/**
54		* pointer in the paginated results
55		*
56		* @var int
57		*/
58		private $_position;
59
60		/**
61		* A paginated set of elements from the API
62		*
63		* @var array
64		*/
65		private $_result;
66
67		/**
68		* Create a new collection
69		*
70		* @param Client $client client connection to the API
71		* @param string $resource name of API resource to request
72		* @param array $filters key value pair array of search filters
73		*/
74		public function __construct(Client $client, $resource, array $filters = [])
75		{
76		Util::throwIfNotType(['string' => [$resource]], true);
77
78		$this->_client = $client;
79		$this->_resource = $resource;
80		$this->_filters = $filters;
81		$this->rewind();
82		}
83
84		/**
85		* @see Countable::count()
86		*
87		* @return int
88		*/
89		public function count()
90		{
91		if ($this->_position === -1) {
92		$this->next();
93		}
94
95		return $this->_total;
96		}
97
98		/**
99		* @see Iterator::rewind()
100		*
101		* @return void
102		*/
103		public function rewind()
104		{
105		$this->_result = null;
		0 ignored issues – show Documentation Bug introduced 2016-03-24 13:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `null` of type `null` is incompatible with the declared type `array` of property `$_result`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
106		$this->_offset = 0;
107		$this->_total = 0;
108		$this->_limit = 0;
109		$this->_position = -1;
110		}
111
112		/**
113		* @see Iterator::key()
114		*
115		* @return int
116		*/
117	View Code Duplication	public function key()
		0 ignored issues – show Duplication introduced 2016-03-24 13:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
118		{
119		if ($this->_position === -1) {
120		$this->next();
121		}
122
123		Util::ensure(false, empty($this->_result), '\OutOfBoundsException', ['Collection contains no elements']);
124
125		return $this->_offset + $this->_position;
126		}
127
128		/**
129		* @see Iterator::valid()
130		*
131		* @return bool
132		*/
133		public function valid()
134		{
135		if ($this->_position === -1) {
136		$this->next();
137		}
138
139		return $this->_offset + $this->_position < $this->_total;
140		}
141
142		/**
143		* @see Iterator::next()
144		*
145		* @return void
146		*/
147		public function next()
148		{
149		++$this->_position;
150
151		if ($this->_position < $this->_limit) {
152		return;
153		}
154
155		$this->_offset += $this->_limit;
156		$this->_filters['offset'] = $this->_offset;
157		$indexResponse = $this->_client->index($this->_resource, $this->_filters);
158
159		$httpCode = $indexResponse->getHttpCode();
160		Util::ensure(200, $httpCode, "Did not receive 200 from API. Instead received {$httpCode}");
161
162		$response = $indexResponse->getResponse();
163		$this->_limit = $response['pagination']['limit'];
164		$this->_total = $response['pagination']['total'];
165		$this->_result = $response['result'];
166		$this->_position = 0;
167		}
168
169		/**
170		* @see Iterator::current()
171		*
172		* @return array
173		*/
174	View Code Duplication	public function current()
		0 ignored issues – show Duplication introduced 2016-03-24 13:08 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
175		{
176		if ($this->_position === -1) {
177		$this->next();
178		}
179
180		Util::ensure(
181		true,
182		array_key_exists($this->_position, $this->_result),
183		'\OutOfBoundsException',
184		['Collection contains no element at current position']
185		);
186
187		return $this->_result[$this->_position];
188		}
189
190		/**
191		* Returns the values from a single field this collection, identified by the given $key.
192		*
193		* @param string $key The name of the field for which the values will be returned.
194		*
195		* @return iterable
196		*/
197		public function column($key)
198		{
199		foreach ($this as $item) {
200		yield Util\Arrays::get($item, $key);
201		}
202		}
203
204		/**
205		* Return an iterable generator containing only the fields specified in the $keys array.
206		*
207		* @param array $keys The list of field names to be returned.
208		*
209		* @return \Generator
210		*/
211		public function select(array $keys)
212		{
213		foreach ($this as $item) {
214		$result = array_fill_keys($keys, null);
215		Util\Arrays::copyIfKeysExist($item, $result, $keys);
216		yield $result;
217		}
218		}
219		}
220

dominionenterprises / tol-api-php

Issues (9)

Security Analysis no request data

src/Collection.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like