Issues in AbstractGenerator.php (develop) - Issues in develop - ehough/generators - Measure and Improve Code Quality continuously with Scrutinizer

Issues (3)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/AbstractGenerator.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/*
 * Copyright 2016 - 2017 Eric D. Hough (https://github.com/ehough)
 *
 * This file is part of ehough/generators (https://github.com/ehough/generators)
 *
 * This Source Code Form is subject to the terms of the Mozilla Public
 * License, v. 2.0. If a copy of the MPL was not distributed with this
 * file, You can obtain one at http://mozilla.org/MPL/2.0/.
 */

namespace Hough\Generators;

abstract class AbstractGenerator implements \Iterator
{
    /**
     * @var null|mixed
     */
    private $_lastValueSentIn;

    /**
     * @var int
     */
    private $_position = 0;

    /**
     * @var null|mixed
     */
    private $_lastYieldedValue;

    /**
     * @var null|string|int
     */
    private $_lastYieldedKey;

    /**
     * @var int
     */
    private $_lastPositionExecuted;

    /**
     * @var int
     */
    private $_positionsExecutedCount = 0;

    /**
     * @var bool
     */
    private $_sendInvokedAtLeastOnce = false;

    /**
     * @var bool
     */
    private $_hasMoreToExecute = true;

    /**
     * Get the yielded value.
     *
     * @return mixed|null the yielded value
     */
    final public function current()
    {
        if (!$this->valid()) {

            return null;
        }

        /*
         * Multiple calls to current() should be idempotent
         */
        if ($this->_lastPositionExecuted !== $this->_position) {

            $this->runToNextYieldStatement();
        }

        return $this->valid() ? $this->getLastYieldedValue() : null;
    }

    /**
     * Get the return value of a generator.
     *
     * @return mixed the generator's return value once it has finished executing

     */
    public function getReturn()
    {
        //override point
        throw new \RuntimeException('Cannot get return value of a generator that hasn\'t returned');
    }

    /**
     * Get the yielded key.
     *
     * @return mixed the yielded key

     */
    final public function key()
    {
        /*
         * Run to the first yield statement, if we haven't already.
         */
        $this->current();

        return $this->valid() ? $this->_lastYieldedKey : null;
    }

    /**
     * Resume execution of the generator.
     *
     * @return void
     */
    final public function next()
    {
        $this->send(null);
    }

    /**
     * Rewind the iterator.
     *
     * @return void
     */
    final public function rewind()
    {
        if ($this->_sendInvokedAtLeastOnce) {

            throw new \RuntimeException('Cannot rewind a generator that was already run');
        }

        /*
         * Run to the first yield statement, if we haven't already.
         */
        $this->current();
    }

    /**
     * Send a value to the generator.
     *
     * @param mixed $value
     *
     * @return mixed
     */
    final public function send($value)
    {
        $this->_lastValueSentIn        = $value;
        $this->_sendInvokedAtLeastOnce = true;

        /*
         * If we've already ran to the first yield statement (from rewind() or key(), for instance), we need
         * to try to move to the next position;
         */
        if ($this->_positionsExecutedCount > 0) {

            $this->_position++;
        }

        return $this->current();
    }

    final public function __call($name, $args)
    {
        if ($name === 'throw') {

            /*
             * If the generator is already closed when this method is invoked, the exception will be thrown in the
             * caller's context instead.
             */
            if (!$this->valid()) {

                throw $args[0];
            }

            return $this->onExceptionThrownIn($args[0], $this->_position);
        }

        throw new \RuntimeException('Cannot dynamically invoke method ' . $name . '()');
    }

    /**
     * Check if the iterator has been closed.
     *
     * @return bool False if the iterator has been closed. Otherwise returns true.
     */
    final public function valid()
    {
        return $this->_hasMoreToExecute;
    }

    final public function __invoke()
    {
        return $this;
    }

    /**
     * @return null|mixed
     */
    final protected function getLastValueSentIn()
    {
        return $this->_lastValueSentIn;
    }

    /**
     * @return null|mixed
     */
    final protected function getLastYieldedValue()
    {
        return $this->_lastYieldedValue;
    }

    /**
     * An exception was thrown into the generator from the calling context.
     *
     * @param \Exception $e        the exception thrown in
     * @param int        $position the current position of the generator
     *
     * @throws \Exception
     */
    protected function onExceptionThrownIn(\Exception $e, $position)

    {
        //override point
        throw $e;
    }

    /**
     * Resume execution of the generator.
     *
     * @param int $position the zero-based "position" of execution
     *
     * @return null|array Return null to indicate completion. Otherwise return an array of up to two elements. If two
     *                    elements in the array, the first will be considered to be the yielded key and the second the
     *                    yielded value. If one element in the array, it will be considered to be the yielded value and
     *                    the yielded key will be $position.
     */
    abstract protected function resume($position);

    private function runToNextYieldStatement()
    {
        $executionResult             = $this->resume($this->_position);
        $this->_lastPositionExecuted = $this->_position;

        $this->_positionsExecutedCount++;

        /*
         * Nothing more to do.
         */
        if ($executionResult === null) {

            $this->_hasMoreToExecute = false;
            $this->_lastYieldedValue = null;
            $this->_lastYieldedKey   = null;

            return;
        }

        if (!is_array($executionResult) || count($executionResult) === 0 || count($executionResult) >= 3) {

            throw new \LogicException('executePosition() must return an array of up to two elements. If two elements, the first is the yielded key and the second is the yielded value. If one element, it is considered to be the yielded value.');
        }

        if (count($executionResult) === 2) {

            $this->_lastYieldedKey   = $executionResult[0];
            $this->_lastYieldedValue = $executionResult[1];

        } else {

            $this->_lastYieldedKey   = $this->_position;
            $this->_lastYieldedValue = $executionResult[0];
        }
    }
}


GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/AbstractGenerator.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/*
3		* Copyright 2016 - 2017 Eric D. Hough (https://github.com/ehough)
4		*
5		* This file is part of ehough/generators (https://github.com/ehough/generators)
6		*
7		* This Source Code Form is subject to the terms of the Mozilla Public
8		* License, v. 2.0. If a copy of the MPL was not distributed with this
9		* file, You can obtain one at http://mozilla.org/MPL/2.0/.
10		*/
11
12		namespace Hough\Generators;
13
14		abstract class AbstractGenerator implements \Iterator
15		{
16		/**
17		* @var null\|mixed
18		*/
19		private $_lastValueSentIn;
20
21		/**
22		* @var int
23		*/
24		private $_position = 0;
25
26		/**
27		* @var null\|mixed
28		*/
29		private $_lastYieldedValue;
30
31		/**
32		* @var null\|string\|int
33		*/
34		private $_lastYieldedKey;
35
36		/**
37		* @var int
38		*/
39		private $_lastPositionExecuted;
40
41		/**
42		* @var int
43		*/
44		private $_positionsExecutedCount = 0;
45
46		/**
47		* @var bool
48		*/
49		private $_sendInvokedAtLeastOnce = false;
50
51		/**
52		* @var bool
53		*/
54		private $_hasMoreToExecute = true;
55
56		/**
57		* Get the yielded value.
58		*
59		* @return mixed\|null the yielded value
60		*/
61	4	final public function current()
62		{
63	4	if (!$this->valid()) {
64
65	2	return null;
66		}
67
68		/*
69		* Multiple calls to current() should be idempotent
70		*/
71	4	if ($this->_lastPositionExecuted !== $this->_position) {
72
73	4	$this->runToNextYieldStatement();
74		}
75
76	4	return $this->valid() ? $this->getLastYieldedValue() : null;
77		}
78
79		/**
80		* Get the return value of a generator.
81		*
82		* @return mixed the generator's return value once it has finished executing
		0 ignored issues – show Documentation introduced 2016-12-30 22:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `NoType`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
83		*/
84	1	public function getReturn()
85		{
86		//override point
87	1	throw new \RuntimeException('Cannot get return value of a generator that hasn\'t returned');
88		}
89
90		/**
91		* Get the yielded key.
92		*
93		* @return mixed the yielded key
		0 ignored issues – show Documentation introduced 2016-12-30 22:31 UTC by Report Bug Copy Issue Report Show Similar Issues like this Consider making the return type a bit more specific; maybe use `string\|integer\|null`. This check looks for the generic type `array` as a return type and suggests a more specific type. This type is inferred from the actual code. Loading history...
94		*/
95	2	final public function key()
96		{
97		/*
98		* Run to the first yield statement, if we haven't already.
99		*/
100	2	$this->current();
101
102	2	return $this->valid() ? $this->_lastYieldedKey : null;
103		}
104
105		/**
106		* Resume execution of the generator.
107		*
108		* @return void
109		*/
110	3	final public function next()
111		{
112	3	$this->send(null);
113	3	}
114
115		/**
116		* Rewind the iterator.
117		*
118		* @return void
119		*/
120	3	final public function rewind()
121		{
122	3	if ($this->_sendInvokedAtLeastOnce) {
123
124	2	throw new \RuntimeException('Cannot rewind a generator that was already run');
125		}
126
127		/*
128		* Run to the first yield statement, if we haven't already.
129		*/
130	3	$this->current();
131	3	}
132
133		/**
134		* Send a value to the generator.
135		*
136		* @param mixed $value
137		*
138		* @return mixed
139		*/
140	4	final public function send($value)
141		{
142	4	$this->_lastValueSentIn = $value;
143	4	$this->_sendInvokedAtLeastOnce = true;
144
145		/*
146		* If we've already ran to the first yield statement (from rewind() or key(), for instance), we need
147		* to try to move to the next position;
148		*/
149	4	if ($this->_positionsExecutedCount > 0) {
150
151	3	$this->_position++;
152		}
153
154	4	return $this->current();
155		}
156
157	1	final public function __call($name, $args)
158		{
159	1	if ($name === 'throw') {
160
161		/*
162		* If the generator is already closed when this method is invoked, the exception will be thrown in the
163		* caller's context instead.
164		*/
165	1	if (!$this->valid()) {
166
167		throw $args[0];
168		}
169
170	1	return $this->onExceptionThrownIn($args[0], $this->_position);
171		}
172
173		throw new \RuntimeException('Cannot dynamically invoke method ' . $name . '()');
174		}
175
176		/**
177		* Check if the iterator has been closed.
178		*
179		* @return bool False if the iterator has been closed. Otherwise returns true.
180		*/
181	5	final public function valid()
182		{
183	5	return $this->_hasMoreToExecute;
184		}
185
186	2	final public function __invoke()
187		{
188	2	return $this;
189		}
190
191		/**
192		* @return null\|mixed
193		*/
194	1	final protected function getLastValueSentIn()
195		{
196	1	return $this->_lastValueSentIn;
197		}
198
199		/**
200		* @return null\|mixed
201		*/
202	4	final protected function getLastYieldedValue()
203		{
204	4	return $this->_lastYieldedValue;
205		}
206
207		/**
208		* An exception was thrown into the generator from the calling context.
209		*
210		* @param \Exception $e the exception thrown in
211		* @param int $position the current position of the generator
212		*
213		* @throws \Exception
214		*/
215	1	protected function onExceptionThrownIn(\Exception $e, $position)
		0 ignored issues – show Unused Code introduced 2019-02-28 23:46 UTC by Report Bug Copy Issue Report Show Similar Issues like this The parameter `$position` is not used and could be removed. This check looks from parameters that have been defined for a function or method, but which are not used in the method body. Loading history...
216		{
217		//override point
218	1	throw $e;
219		}
220
221		/**
222		* Resume execution of the generator.
223		*
224		* @param int $position the zero-based "position" of execution
225		*
226		* @return null\|array Return null to indicate completion. Otherwise return an array of up to two elements. If two
227		* elements in the array, the first will be considered to be the yielded key and the second the
228		* yielded value. If one element in the array, it will be considered to be the yielded value and
229		* the yielded key will be $position.
230		*/
231		abstract protected function resume($position);
232
233	4	private function runToNextYieldStatement()
234		{
235	4	$executionResult = $this->resume($this->_position);
236	4	$this->_lastPositionExecuted = $this->_position;
237
238	4	$this->_positionsExecutedCount++;
239
240		/*
241		* Nothing more to do.
242		*/
243	4	if ($executionResult === null) {
244
245	2	$this->_hasMoreToExecute = false;
246	2	$this->_lastYieldedValue = null;
247	2	$this->_lastYieldedKey = null;
248
249	2	return;
250		}
251
252	4	if (!is_array($executionResult) \|\| count($executionResult) === 0 \|\| count($executionResult) >= 3) {
253
254		throw new \LogicException('executePosition() must return an array of up to two elements. If two elements, the first is the yielded key and the second is the yielded value. If one element, it is considered to be the yielded value.');
255		}
256
257	4	if (count($executionResult) === 2) {
258
259		$this->_lastYieldedKey = $executionResult[0];
260		$this->_lastYieldedValue = $executionResult[1];
261
262		} else {
263
264	4	$this->_lastYieldedKey = $this->_position;
265	4	$this->_lastYieldedValue = $executionResult[0];
266		}
267	4	}
268		}
269

ehough / generators

GitHub Access Token became invalid

Issues (3)

Security Analysis no request data

src/AbstractGenerator.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like