Issues in AbstractUserCommand.php (master) - Issues in master - dontdrinkandroot/gitki.php - Measure and Improve Code Quality continuously with Scrutinizer

Issues (23)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Command/AbstractUserCommand.php (7 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace App\Command;

use App\Entity\User;
use FOS\UserBundle\Model\UserManagerInterface;
use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
use Symfony\Component\Console\Helper\QuestionHelper;
use Symfony\Component\Console\Helper\Table;
use Symfony\Component\Console\Input\InputInterface;
use Symfony\Component\Console\Output\OutputInterface;
use Symfony\Component\Console\Question\ChoiceQuestion;
use Symfony\Component\Console\Question\Question;

abstract class AbstractUserCommand extends ContainerAwareCommand

{
    /**
     * @return UserManagerInterface
     */
    protected function getUserManager()
    {
        return $this->getContainer()->get('fos_user.user_manager');
    }

    /**
     * @return QuestionHelper
     */
    protected function getQuestionHelper()
    {
        return $this->getHelper('question');
    }

    protected function printUser(User $user, OutputInterface $output)
    {
        $output->writeln('--------------------');
        $output->writeln('Id: ' . $user->getId());
        $output->writeln('Username: ' . $user->getUsername());
        $output->writeln('Real Name: ' . $user->getRealName());
        $output->writeln('Email: ' . $user->getEmail());
        $output->writeln('Roles: ' . implode(',', $user->getRoles()));
        $output->writeln('Github Login: ' . $user->getGithubId());
        $output->writeln('Google Login: ' . $user->getGoogleId());
        $output->writeln('Facebook Login:' . $user->getFacebookId());
        $output->writeln('--------------------');
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     *
     * @return mixed
     */
    protected function createUser(InputInterface $input, OutputInterface $output)
    {
        $userManager = $this->getUserManager();
        $questionHelper = $this->getQuestionHelper();

        /** @var User $user */
        $user = $userManager->createUser();
        $user->setEnabled(true);

        $user = $this->editUsername($input, $output, $user, $questionHelper);
        $user = $this->editRealName($input, $output, $user, $questionHelper);
        $user = $this->editEmail($input, $output, $user, $questionHelper);
        $user = $this->editRole($input, $output, $user, $questionHelper);
        $user = $this->editPassword($input, $output, $user, $questionHelper, $userManager);
/** @return stdClass|null */
function mayReturnNull() { }

function doesNotAcceptNull(stdClass $x) { }

// With potential error.
function withoutCheck() {
    $x = mayReturnNull();
    doesNotAcceptNull($x); // Potential error here.
}

// Safe - Alternative 1
function withCheck1() {
    $x = mayReturnNull();
    if ( ! $x instanceof stdClass) {
        throw new \LogicException('$x must be defined.');
    }
    doesNotAcceptNull($x);
}

// Safe - Alternative 2
function withCheck2() {
    $x = mayReturnNull();
    if ($x instanceof stdClass) {
        doesNotAcceptNull($x);
    }
}
        $user = $this->editGithubId($input, $output, $user, $questionHelper);
        $user = $this->editGoogleId($input, $output, $user, $questionHelper);

        return $user;
    }

    /**
     * @param OutputInterface $output
     * @param User[]          $users
     */
    protected function printUserTable(OutputInterface $output, $users)
    {
        $table = new Table($output);
        $table->setHeaders(['ID', 'User Name', 'Email', 'Roles', 'GitHub ID', 'Google ID']);

        foreach ($users as $user) {
            $table->addRow(
                [
                    $user->getId(),
                    $user->getUsername(),
                    $user->getEmail(),
                    implode(',', $user->getRoles()),
                    $user->getGithubId(),
                    $user->getGoogleId()
                ]
            );
        }

        $table->render();
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     * @param User            $user
     * @param QuestionHelper  $questionHelper
     *
     * @return User
     */
    protected function editUsername(

        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper
    ) {
        $realNameQuestion = new Question('Username [required]: ');
        $realNameQuestion->setValidator(
            function ($answer) {
                if (empty($answer)) {
                    throw new \RuntimeException('Username must not be empty');
                }

                return $answer;
            }
        );
        $realNameQuestion->setMaxAttempts(2);
        $user->setUsername($questionHelper->ask($input, $output, $realNameQuestion));

        return $user;
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     * @param User            $user
     * @param QuestionHelper  $questionHelper
     *
     * @return User
     */
    protected function editRealName(

        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper
    ) {
        $realNameQuestion = new Question('Real Name [required]: ');
        $realNameQuestion->setValidator(
            function ($answer) {
                if (empty($answer)) {
                    throw new \RuntimeException('Real Name must not be empty');
                }

                return $answer;
            }
        );
        $realNameQuestion->setMaxAttempts(2);
        $user->setRealName($questionHelper->ask($input, $output, $realNameQuestion));

        return $user;
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     * @param User            $user
     * @param QuestionHelper  $questionHelper
     *
     * @return User
     */
    protected function editEmail(

        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper
    ) {
        $emailQuestion = new Question('Email [required]: ');
        $emailQuestion->setValidator(
            function ($answer) {
                if (!filter_var($answer, FILTER_VALIDATE_EMAIL)) {
                    throw new \RuntimeException("This is not a valid email address");
                }

                return $answer;
            }
        );
        $emailQuestion->setMaxAttempts(2);
        $user->setEmail($questionHelper->ask($input, $output, $emailQuestion));

        return $user;
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     * @param User            $user
     * @param QuestionHelper  $questionHelper
     *
     * @return User
     */
    protected function editRole(
        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper
    ) {
        $roleQuestion = new ChoiceQuestion(
            'Role [required]: ',
            array('ROLE_WATCHER', 'ROLE_COMMITTER', 'ROLE_ADMIN'),
            null
        );
        $user->setRoles([$questionHelper->ask($input, $output, $roleQuestion)]);

        return $user;
    }

    /**
     * @param InputInterface       $input
     * @param OutputInterface      $output
     * @param User                 $user
     * @param QuestionHelper       $questionHelper
     * @param UserManagerInterface $userManager
     *
     * @return User
     */
    protected function editPassword(
        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper,
        UserManagerInterface $userManager
    ) {
        $passwordQuestion = new Question('Password (leave blank to disable form login): ');
        $passwordQuestion->setHidden(true);
        $passwordQuestion->setHiddenFallback(false);
        $passwordQuestion->setMaxAttempts(3);
        $password = $questionHelper->ask($input, $output, $passwordQuestion);

        if (null !== $password) {
            $user->setPassword($password);
            $userManager->updatePassword($user);
        } else {
            $user->setPassword(null);
        }

        return $user;
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     * @param User            $user
     * @param QuestionHelper  $questionHelper
     *
     * @return User
     */
    protected function editGithubId(

        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper
    ) {
        $githubLoginQuestion = new Question('Github ID: ');
        $user->setGithubId($questionHelper->ask($input, $output, $githubLoginQuestion));

        return $user;
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     * @param User            $user
     * @param QuestionHelper  $questionHelper
     *
     * @return User
     */
    protected function editGoogleId(

        InputInterface $input,
        OutputInterface $output,
        User $user,
        QuestionHelper $questionHelper
    ) {
        $googleLoginQuestion = new Question('Google ID: ');
        $user->setGoogleId($questionHelper->ask($input, $output, $googleLoginQuestion));

        return $user;
    }

    /**
     * @param InputInterface  $input
     * @param OutputInterface $output
     *
     * @return User
     */
    protected function selectUser(InputInterface $input, OutputInterface $output): User
    {
        $questionHelper = $this->getQuestionHelper();
        $users = $this->findUsers();

        $userChoices = array();
        foreach ($users as $user) {
            $userChoices[$user->getId()] = $user;
        }
        $idQuestion = new ChoiceQuestion(
            'Select User: ',
            $userChoices,
            null
        );
        /** @var User $user */
        $user = $questionHelper->ask($input, $output, $idQuestion);

        return $user;
    }

    /**
     * @return User[]
     */
    protected function findUsers()
    {
        $userManager = $this->getUserManager();

        /** @var User[] $users */

        return $userManager->findUsers();
    }
}


1		<?php
2
3		namespace App\Command;
4
5		use App\Entity\User;
6		use FOS\UserBundle\Model\UserManagerInterface;
7		use Symfony\Bundle\FrameworkBundle\Command\ContainerAwareCommand;
8		use Symfony\Component\Console\Helper\QuestionHelper;
9		use Symfony\Component\Console\Helper\Table;
10		use Symfony\Component\Console\Input\InputInterface;
11		use Symfony\Component\Console\Output\OutputInterface;
12		use Symfony\Component\Console\Question\ChoiceQuestion;
13		use Symfony\Component\Console\Question\Question;
14
15		abstract class AbstractUserCommand extends ContainerAwareCommand
		0 ignored issues – show Deprecated Code introduced 2019-06-03 21:56 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `Symfony\Bundle\Framework...d\ContainerAwareCommand` has been deprecated with message: since Symfony 4.2, use {@see Command} instead. This class, trait or interface has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the type will be removed from the class and what other constant to use instead. Loading history...
16		{
17		/**
18		* @return UserManagerInterface
19		*/
20		protected function getUserManager()
21		{
22		return $this->getContainer()->get('fos_user.user_manager');
23		}
24
25		/**
26		* @return QuestionHelper
27		*/
28		protected function getQuestionHelper()
29		{
30		return $this->getHelper('question');
31		}
32
33		protected function printUser(User $user, OutputInterface $output)
34		{
35		$output->writeln('--------------------');
36		$output->writeln('Id: ' . $user->getId());
37		$output->writeln('Username: ' . $user->getUsername());
38		$output->writeln('Real Name: ' . $user->getRealName());
39		$output->writeln('Email: ' . $user->getEmail());
40		$output->writeln('Roles: ' . implode(',', $user->getRoles()));
41		$output->writeln('Github Login: ' . $user->getGithubId());
42		$output->writeln('Google Login: ' . $user->getGoogleId());
43		$output->writeln('Facebook Login:' . $user->getFacebookId());
44		$output->writeln('--------------------');
45		}
46
47		/**
48		* @param InputInterface $input
49		* @param OutputInterface $output
50		*
51		* @return mixed
52		*/
53		protected function createUser(InputInterface $input, OutputInterface $output)
54		{
55		$userManager = $this->getUserManager();
56		$questionHelper = $this->getQuestionHelper();
57
58		/** @var User $user */
59		$user = $userManager->createUser();
60		$user->setEnabled(true);
61
62		$user = $this->editUsername($input, $output, $user, $questionHelper);
63		$user = $this->editRealName($input, $output, $user, $questionHelper);
64		$user = $this->editEmail($input, $output, $user, $questionHelper);
65		$user = $this->editRole($input, $output, $user, $questionHelper);
66		$user = $this->editPassword($input, $output, $user, $questionHelper, $userManager);
		0 ignored issues – show Bug introduced 2019-10-27 13:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$userManager` defined by `$this->getUserManager()` on line `55` can be `null`; however, `App\Command\AbstractUserCommand::editPassword()` does not accept `null`, maybe add an additional type check? Unless you are absolutely sure that the expression can never be null because of other conditions, we strongly recommend to add an additional type check to your code: /** @return stdClass\|null */ function mayReturnNull() { } function doesNotAcceptNull(stdClass $x) { } // With potential error. function withoutCheck() { $x = mayReturnNull(); doesNotAcceptNull($x); // Potential error here. } // Safe - Alternative 1 function withCheck1() { $x = mayReturnNull(); if ( ! $x instanceof stdClass) { throw new \LogicException('$x must be defined.'); } doesNotAcceptNull($x); } // Safe - Alternative 2 function withCheck2() { $x = mayReturnNull(); if ($x instanceof stdClass) { doesNotAcceptNull($x); } } Loading history...
67		$user = $this->editGithubId($input, $output, $user, $questionHelper);
68		$user = $this->editGoogleId($input, $output, $user, $questionHelper);
69
70		return $user;
71		}
72
73		/**
74		* @param OutputInterface $output
75		* @param User[] $users
76		*/
77		protected function printUserTable(OutputInterface $output, $users)
78		{
79		$table = new Table($output);
80		$table->setHeaders(['ID', 'User Name', 'Email', 'Roles', 'GitHub ID', 'Google ID']);
81
82		foreach ($users as $user) {
83		$table->addRow(
84		[
85		$user->getId(),
86		$user->getUsername(),
87		$user->getEmail(),
88		implode(',', $user->getRoles()),
89		$user->getGithubId(),
90		$user->getGoogleId()
91		]
92		);
93		}
94
95		$table->render();
96		}
97
98		/**
99		* @param InputInterface $input
100		* @param OutputInterface $output
101		* @param User $user
102		* @param QuestionHelper $questionHelper
103		*
104		* @return User
105		*/
106	View Code Duplication	protected function editUsername(
		0 ignored issues – show Duplication introduced 2017-11-04 18:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
107		InputInterface $input,
108		OutputInterface $output,
109		User $user,
110		QuestionHelper $questionHelper
111		) {
112		$realNameQuestion = new Question('Username [required]: ');
113		$realNameQuestion->setValidator(
114		function ($answer) {
115		if (empty($answer)) {
116		throw new \RuntimeException('Username must not be empty');
117		}
118
119		return $answer;
120		}
121		);
122		$realNameQuestion->setMaxAttempts(2);
123		$user->setUsername($questionHelper->ask($input, $output, $realNameQuestion));
124
125		return $user;
126		}
127
128		/**
129		* @param InputInterface $input
130		* @param OutputInterface $output
131		* @param User $user
132		* @param QuestionHelper $questionHelper
133		*
134		* @return User
135		*/
136	View Code Duplication	protected function editRealName(
		0 ignored issues – show Duplication introduced 2018-02-26 00:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
137		InputInterface $input,
138		OutputInterface $output,
139		User $user,
140		QuestionHelper $questionHelper
141		) {
142		$realNameQuestion = new Question('Real Name [required]: ');
143		$realNameQuestion->setValidator(
144		function ($answer) {
145		if (empty($answer)) {
146		throw new \RuntimeException('Real Name must not be empty');
147		}
148
149		return $answer;
150		}
151		);
152		$realNameQuestion->setMaxAttempts(2);
153		$user->setRealName($questionHelper->ask($input, $output, $realNameQuestion));
154
155		return $user;
156		}
157
158		/**
159		* @param InputInterface $input
160		* @param OutputInterface $output
161		* @param User $user
162		* @param QuestionHelper $questionHelper
163		*
164		* @return User
165		*/
166	View Code Duplication	protected function editEmail(
		0 ignored issues – show Duplication introduced 2017-11-04 18:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
167		InputInterface $input,
168		OutputInterface $output,
169		User $user,
170		QuestionHelper $questionHelper
171		) {
172		$emailQuestion = new Question('Email [required]: ');
173		$emailQuestion->setValidator(
174		function ($answer) {
175		if (!filter_var($answer, FILTER_VALIDATE_EMAIL)) {
176		throw new \RuntimeException("This is not a valid email address");
177		}
178
179		return $answer;
180		}
181		);
182		$emailQuestion->setMaxAttempts(2);
183		$user->setEmail($questionHelper->ask($input, $output, $emailQuestion));
184
185		return $user;
186		}
187
188		/**
189		* @param InputInterface $input
190		* @param OutputInterface $output
191		* @param User $user
192		* @param QuestionHelper $questionHelper
193		*
194		* @return User
195		*/
196		protected function editRole(
197		InputInterface $input,
198		OutputInterface $output,
199		User $user,
200		QuestionHelper $questionHelper
201		) {
202		$roleQuestion = new ChoiceQuestion(
203		'Role [required]: ',
204		array('ROLE_WATCHER', 'ROLE_COMMITTER', 'ROLE_ADMIN'),
205		null
206		);
207		$user->setRoles([$questionHelper->ask($input, $output, $roleQuestion)]);
208
209		return $user;
210		}
211
212		/**
213		* @param InputInterface $input
214		* @param OutputInterface $output
215		* @param User $user
216		* @param QuestionHelper $questionHelper
217		* @param UserManagerInterface $userManager
218		*
219		* @return User
220		*/
221		protected function editPassword(
222		InputInterface $input,
223		OutputInterface $output,
224		User $user,
225		QuestionHelper $questionHelper,
226		UserManagerInterface $userManager
227		) {
228		$passwordQuestion = new Question('Password (leave blank to disable form login): ');
229		$passwordQuestion->setHidden(true);
230		$passwordQuestion->setHiddenFallback(false);
231		$passwordQuestion->setMaxAttempts(3);
232		$password = $questionHelper->ask($input, $output, $passwordQuestion);
233
234		if (null !== $password) {
235		$user->setPassword($password);
236		$userManager->updatePassword($user);
237		} else {
238		$user->setPassword(null);
239		}
240
241		return $user;
242		}
243
244		/**
245		* @param InputInterface $input
246		* @param OutputInterface $output
247		* @param User $user
248		* @param QuestionHelper $questionHelper
249		*
250		* @return User
251		*/
252	View Code Duplication	protected function editGithubId(
		0 ignored issues – show Duplication introduced 2017-11-04 18:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
253		InputInterface $input,
254		OutputInterface $output,
255		User $user,
256		QuestionHelper $questionHelper
257		) {
258		$githubLoginQuestion = new Question('Github ID: ');
259		$user->setGithubId($questionHelper->ask($input, $output, $githubLoginQuestion));
260
261		return $user;
262		}
263
264		/**
265		* @param InputInterface $input
266		* @param OutputInterface $output
267		* @param User $user
268		* @param QuestionHelper $questionHelper
269		*
270		* @return User
271		*/
272	View Code Duplication	protected function editGoogleId(
		0 ignored issues – show Duplication introduced 2017-11-04 18:43 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
273		InputInterface $input,
274		OutputInterface $output,
275		User $user,
276		QuestionHelper $questionHelper
277		) {
278		$googleLoginQuestion = new Question('Google ID: ');
279		$user->setGoogleId($questionHelper->ask($input, $output, $googleLoginQuestion));
280
281		return $user;
282		}
283
284		/**
285		* @param InputInterface $input
286		* @param OutputInterface $output
287		*
288		* @return User
289		*/
290		protected function selectUser(InputInterface $input, OutputInterface $output): User
291		{
292		$questionHelper = $this->getQuestionHelper();
293		$users = $this->findUsers();
294
295		$userChoices = array();
296		foreach ($users as $user) {
297		$userChoices[$user->getId()] = $user;
298		}
299		$idQuestion = new ChoiceQuestion(
300		'Select User: ',
301		$userChoices,
302		null
303		);
304		/** @var User $user */
305		$user = $questionHelper->ask($input, $output, $idQuestion);
306
307		return $user;
308		}
309
310		/**
311		* @return User[]
312		*/
313		protected function findUsers()
314		{
315		$userManager = $this->getUserManager();
316
317		/** @var User[] $users */
318
319		return $userManager->findUsers();
320		}
321		}
322

dontdrinkandroot / gitki.php

Issues (23)

Security Analysis no request data

src/Command/AbstractUserCommand.php (7 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like