Issues in GlLinkChecker.php (master) - Issues in master - emmanuelroecker/php-linkchecker - Measure and Improve Code Quality continuously with Scrutinizer

Issues (8)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/GlLinkChecker.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Main Class
 *
 * PHP version 5.4
 *
 * @category  GLICER
 * @package   GlLinkChecker
 * @author    Emmanuel ROECKER
 * @author    Rym BOUCHAGOUR
 * @copyright 2015 GLICER
 * @license   MIT
 * @link      http://dev.glicer.com/
 *
 * Created : 10/03/15
 * File : GlLinkChecker.php
 *
 */
namespace GlLinkChecker;

use GlHtml\GlHtml;
use GuzzleHttp\Client;
use Symfony\Component\Finder\Finder;
use Symfony\Component\Finder\SplFileInfo;

/**
 * Class GlLinkChecker
 * @package GLLinkChecker
 */
class GlLinkChecker
{
    /**
     * @var \GuzzleHttp\Client
     */
    private $client;

    /**
     * @var array|null $internalurls
     */
    private $internalurls;

    /**
     *
     */
    public function __construct($rooturl = null, array $internalurls = null)
    {
        $this->client = new Client([
            'base_uri' => $rooturl,
            'verify'   => false,
            'defaults' => [
                'headers' => [
                    'User-Agent'      => 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0',
                    'Accept'          => 'text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8',
                    'Accept-Language' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',
                    'Accept-Encoding' => 'gzip, deflate'
                ]
            ]
        ]);
        $this->internalurls = $internalurls;
    }

    /**
     * get all links in an object
     *
     * @param       $obj
     * @param array $links
     */
    private function searchInArray($obj, array &$links)
    {
        foreach ($obj as $key => $elem) {
            if (is_string($elem)) {
                if (preg_match("/^(http|https|ftp|ftps).*$/", $elem)) {
                    if (filter_var($elem, FILTER_VALIDATE_URL)) {
                        $links[$elem] = $elem;
                    }
                }
            } else {
                if (is_array($elem)) {
                    $this->searchInArray($elem, $links);
                }
            }
        }
    }

    /**
     * get all links in a json
     *
     * @param string $json
     *
     * @return array
     */
    private function getJsonLinks($json)
    {
        $obj   = json_decode($json, true);
        $links = [];
        $this->searchInArray($obj, $links);

        return $links;
    }


    /**
     * check links in a sitemap
     *
     * @param string $sitemap
     *
     * @return array
     * @throws \Exception
     */
    private function checkSitemap($sitemap)
    {
        $xml     = new GlHtml($sitemap);
        $listloc = $xml->get("loc");
        $result  = [];
        foreach ($listloc as $loc) {
            $response = $this->client->get($loc->getText(), ['exceptions' => false]);
            if ($response->getStatusCode() != 200) {
                $result['error'][] = $loc->getText();
            } else {
                $result['ok'][] = $loc->getText();
            }
        }

        return $result;
    }

    /**
     * check http error status code
     *
     * @param array $result
     * @param array $urls
     * @param int   $statuscode
     */
    private function checkStatus(array &$result, array $urls, $statuscode) {
        foreach ($urls as $url) {
            $response = $this->client->get($url, ['exceptions' => false]);
            if ($response->getStatusCode() != $statuscode) {
                $result[$statuscode]["error"][] = $url;
            } else {
                $result[$statuscode]["ok"][] = $url;
            }
        }
    }
    
    /**
     * check 403 and 404 errors
     *
     * @param array $urlerrors
     * @param array $urlforbiddens
     *
     * @return string
     */
    public function checkErrors(array $urlerrors, array $urlforbiddens)
    {
        $result = [];

        $this->checkStatus($result,$urlerrors,404);
        $this->checkStatus($result,$urlforbiddens, 403);

        return $result;
    }

    /**
     * check links in robots.txt and sitemap
     *
     * @return array
     * @throws \Exception
     */
    public function checkRobotsSitemap()
    {
        $response = $this->client->get("/robots.txt");
        if ($response->getStatusCode() != 200) {
            throw new \Exception("Cannot find robots.txt");
        }

        $robotstxt = $response->getBody()->getContents();
        $robotstxt = explode("\n", $robotstxt);
        $result    = [];
        foreach ($robotstxt as $line) {
            if (preg_match('/^\s*Sitemap:(.*)/i', $line, $match)) {

                $urlsitemap = trim($match[1]);
                $response   = $this->client->get($urlsitemap, ['exceptions' => false]);
                if ($response->getStatusCode() != 200) {
                    $result['sitemap']['error'][] = $urlsitemap;
                } else {
                    $result['sitemap']['ok'][$urlsitemap] = $this->checkSitemap($response->getBody()->getContents());
                }
            }

            if (preg_match('/^\s*Disallow:(.*)/i', $line, $match)) {

                $urldisallow = trim($match[1]);
                $response    = $this->client->get($urldisallow, ['exceptions' => false]);
                if (($response->getStatusCode() != 200) && ($response->getStatusCode() != 403)) {
                    $result['disallow']['error'][] = $urldisallow;
                } else {
                    $result['disallow']['ok'][] = $urldisallow;
                }
            }
        }

        return $result;
    }


    /**
     * check links in html and json files
     *
     * @param Finder   $files
     * @param callable $checkstart
     * @param callable $checking
     * @param callable $checkend
     *
     * @throws \Exception
     * @return GlLinkCheckerError[]
     */
    public function checkFiles(Finder $files, callable $checkstart, callable $checking, callable $checkend)
    {
        $linksByFile = [];
        /**
         * @var SplFileInfo $file
         */
        foreach ($files as $file) {
            $inner   = file_get_contents($file->getRealPath());
            $keyname = $file->getRelativePathname();
            if ($file->getExtension() == 'html') {
                $html                  = new GlHtml($inner);
                $linksByFile[$keyname] = $html->getLinks();
            } else {
                if ($file->getExtension() == 'json') {
                    $linksByFile[$keyname] = $this->getJsonLinks($inner);
                } else {
                    throw new \Exception("Extension unknown : " . $keyname);
                }
            }
        }

        //reverse $linksByFile
        $links = [];
        foreach ($linksByFile as $filename => $filelinks) {
            foreach ($filelinks as $filelink) {
                $links[$filelink][] = $filename;
            }
        }

        $checkstart(count($links));
        $result = [];
        foreach ($links as $link => $files) {
            $checking($link, $files);

            $gllink = new GlLinkCheckerError($this->client, $link, $files);

            if ($gllink->isInternal($this->internalurls)) {
                $gllink->check(['lowercase', 'endslash', 'absolute']);
            }

            $gllink->check(['exist']);
            $result[] = $gllink;
        }
        $checkend();

        return $result;
    }
}


GitHub Access Token became invalid

Issues (8)

Security Analysis no request data

src/GlLinkChecker.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2		/**
3		* Main Class
4		*
5		* PHP version 5.4
6		*
7		* @category GLICER
8		* @package GlLinkChecker
9		* @author Emmanuel ROECKER
10		* @author Rym BOUCHAGOUR
11		* @copyright 2015 GLICER
12		* @license MIT
13		* @link http://dev.glicer.com/
14		*
15		* Created : 10/03/15
16		* File : GlLinkChecker.php
17		*
18		*/
19		namespace GlLinkChecker;
20
21		use GlHtml\GlHtml;
22		use GuzzleHttp\Client;
23		use Symfony\Component\Finder\Finder;
24		use Symfony\Component\Finder\SplFileInfo;
25
26		/**
27		* Class GlLinkChecker
28		* @package GLLinkChecker
29		*/
30		class GlLinkChecker
31		{
32		/**
33		* @var \GuzzleHttp\Client
34		*/
35		private $client;
36
37		/**
38		* @var array\|null $internalurls
39		*/
40		private $internalurls;
41
42		/**
43		*
44		*/
45		public function __construct($rooturl = null, array $internalurls = null)
46		{
47		$this->client = new Client([
48		'base_uri' => $rooturl,
49		'verify' => false,
50		'defaults' => [
51		'headers' => [
52		'User-Agent' => 'Mozilla/5.0 (Windows NT 6.1; WOW64; rv:36.0) Gecko/20100101 Firefox/36.0',
53		'Accept' => 'text/html,application/xhtml+xml,application/xml;q=0.9,/;q=0.8',
54		'Accept-Language' => 'fr,fr-FR;q=0.8,en-US;q=0.5,en;q=0.3',
55		'Accept-Encoding' => 'gzip, deflate'
56		]
57		]
58		]);
59		$this->internalurls = $internalurls;
60		}
61
62		/**
63		* get all links in an object
64		*
65		* @param $obj
66		* @param array $links
67		*/
68		private function searchInArray($obj, array &$links)
69		{
70		foreach ($obj as $key => $elem) {
71		if (is_string($elem)) {
72		if (preg_match("/^(http\|https\|ftp\|ftps).*$/", $elem)) {
73		if (filter_var($elem, FILTER_VALIDATE_URL)) {
74		$links[$elem] = $elem;
75		}
76		}
77		} else {
78		if (is_array($elem)) {
79		$this->searchInArray($elem, $links);
80		}
81		}
82		}
83		}
84
85		/**
86		* get all links in a json
87		*
88		* @param string $json
89		*
90		* @return array
91		*/
92		private function getJsonLinks($json)
93		{
94		$obj = json_decode($json, true);
95		$links = [];
96		$this->searchInArray($obj, $links);
97
98		return $links;
99		}
100
101
102		/**
103		* check links in a sitemap
104		*
105		* @param string $sitemap
106		*
107		* @return array
108		* @throws \Exception
109		*/
110		private function checkSitemap($sitemap)
111		{
112		$xml = new GlHtml($sitemap);
113		$listloc = $xml->get("loc");
114		$result = [];
115		foreach ($listloc as $loc) {
116		$response = $this->client->get($loc->getText(), ['exceptions' => false]);
117		if ($response->getStatusCode() != 200) {
118		$result['error'][] = $loc->getText();
119		} else {
120		$result['ok'][] = $loc->getText();
121		}
122		}
123
124		return $result;
125		}
126
127		/**
128		* check http error status code
129		*
130		* @param array $result
131		* @param array $urls
132		* @param int $statuscode
133		*/
134		private function checkStatus(array &$result, array $urls, $statuscode) {
135		foreach ($urls as $url) {
136		$response = $this->client->get($url, ['exceptions' => false]);
137		if ($response->getStatusCode() != $statuscode) {
138		$result[$statuscode]["error"][] = $url;
139		} else {
140		$result[$statuscode]["ok"][] = $url;
141		}
142		}
143		}
144
145		/**
146		* check 403 and 404 errors
147		*
148		* @param array $urlerrors
149		* @param array $urlforbiddens
150		*
151		* @return string
152		*/
153		public function checkErrors(array $urlerrors, array $urlforbiddens)
154		{
155		$result = [];
156
157		$this->checkStatus($result,$urlerrors,404);
158		$this->checkStatus($result,$urlforbiddens, 403);
159
160		return $result;
161		}
162
163		/**
164		* check links in robots.txt and sitemap
165		*
166		* @return array
167		* @throws \Exception
168		*/
169		public function checkRobotsSitemap()
170		{
171		$response = $this->client->get("/robots.txt");
172		if ($response->getStatusCode() != 200) {
173		throw new \Exception("Cannot find robots.txt");
174		}
175
176		$robotstxt = $response->getBody()->getContents();
177		$robotstxt = explode("\n", $robotstxt);
178		$result = [];
179		foreach ($robotstxt as $line) {
180	View Code Duplication	if (preg_match('/^\sSitemap:(.)/i', $line, $match)) {
		0 ignored issues – show Duplication introduced 2016-01-05 12:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
181		$urlsitemap = trim($match[1]);
182		$response = $this->client->get($urlsitemap, ['exceptions' => false]);
183		if ($response->getStatusCode() != 200) {
184		$result['sitemap']['error'][] = $urlsitemap;
185		} else {
186		$result['sitemap']['ok'][$urlsitemap] = $this->checkSitemap($response->getBody()->getContents());
187		}
188		}
189
190	View Code Duplication	if (preg_match('/^\sDisallow:(.)/i', $line, $match)) {
		0 ignored issues – show Duplication introduced 2016-01-05 12:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
191		$urldisallow = trim($match[1]);
192		$response = $this->client->get($urldisallow, ['exceptions' => false]);
193		if (($response->getStatusCode() != 200) && ($response->getStatusCode() != 403)) {
194		$result['disallow']['error'][] = $urldisallow;
195		} else {
196		$result['disallow']['ok'][] = $urldisallow;
197		}
198		}
199		}
200
201		return $result;
202		}
203
204
205		/**
206		* check links in html and json files
207		*
208		* @param Finder $files
209		* @param callable $checkstart
210		* @param callable $checking
211		* @param callable $checkend
212		*
213		* @throws \Exception
214		* @return GlLinkCheckerError[]
215		*/
216		public function checkFiles(Finder $files, callable $checkstart, callable $checking, callable $checkend)
217		{
218		$linksByFile = [];
219		/**
220		* @var SplFileInfo $file
221		*/
222		foreach ($files as $file) {
223		$inner = file_get_contents($file->getRealPath());
224		$keyname = $file->getRelativePathname();
225		if ($file->getExtension() == 'html') {
226		$html = new GlHtml($inner);
227		$linksByFile[$keyname] = $html->getLinks();
228		} else {
229		if ($file->getExtension() == 'json') {
230		$linksByFile[$keyname] = $this->getJsonLinks($inner);
231		} else {
232		throw new \Exception("Extension unknown : " . $keyname);
233		}
234		}
235		}
236
237		//reverse $linksByFile
238		$links = [];
239		foreach ($linksByFile as $filename => $filelinks) {
240		foreach ($filelinks as $filelink) {
241		$links[$filelink][] = $filename;
242		}
243		}
244
245		$checkstart(count($links));
246		$result = [];
247		foreach ($links as $link => $files) {
248		$checking($link, $files);
249
250		$gllink = new GlLinkCheckerError($this->client, $link, $files);
251
252		if ($gllink->isInternal($this->internalurls)) {
253		$gllink->check(['lowercase', 'endslash', 'absolute']);
254		}
255
256		$gllink->check(['exist']);
257		$result[] = $gllink;
258		}
259		$checkend();
260
261		return $result;
262		}
263		}
264

emmanuelroecker / php-linkchecker

GitHub Access Token became invalid

Issues (8)

Security Analysis no request data

src/GlLinkChecker.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like