Issues in Escaper.php (master) - Issues in master - eserozvataf/scabbia2-yaml - Measure and Improve Code Quality continuously with Scrutinizer

Issues (37)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Yaml/Escaper.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Scabbia2 Yaml Component
 * https://github.com/eserozvataf/scabbia2
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * @link        https://github.com/eserozvataf/scabbia2-yaml for the canonical source repository
 * @copyright   2010-2016 Eser Ozvataf. (http://eser.ozvataf.com/)
 * @license     http://www.apache.org/licenses/LICENSE-2.0 - Apache License, Version 2.0
 *
 * -------------------------
 * Portions of this code are from Symfony YAML Component under the MIT license.
 *
 * (c) Fabien Potencier <[email protected]>
 *
 * For the full copyright and license information, please view the LICENSE-MIT
 * file that was distributed with this source code.
 *
 * Modifications made:
 * - Scabbia Framework code styles applied.
 * - All dump methods are moved under Dumper class.
 * - Redundant classes removed.
 * - Namespace changed.
 * - Tests ported to Scabbia2.
 * - Encoding checks removed.
 */

namespace Scabbia\Yaml;

/**
 * Escaper encapsulates escaping rules for single and double-quoted
 * YAML strings
 *
 * @package     Scabbia\Yaml
 * @author      Matthew Lewinski <[email protected]>
 * @author      Eser Ozvataf <[email protected]>
 * @since       2.0.0
 *
 * @internal
 */
class Escaper
{
    /** @type string REGEX_CHARACTER_TO_ESCAPE Characters that would cause a dumped string to require double quoting */
    const REGEX_CHARACTER_TO_ESCAPE = "[\\x00-\\x1f]|\xc2\x85|\xc2\xa0|\xe2\x80\xa8|\xe2\x80\xa9";
    /** @type string REGEX_ESCAPED_CHARACTER Regex fragment that matches an escaped char in a double quoted string */
    const REGEX_ESCAPED_CHARACTER =
        "\\\\(x[0-9a-fA-F]{2}|u[0-9a-fA-F]{4}|U[0-9a-fA-F]{8}|.)";


    /**
     * @type array $escapees Mapping arrays for escaping a double quoted string. The backslash is first to ensure
     * proper escaping because str_replace operates iteratively on the input arrays. This ordering of the characters
     * avoids the use of strtr, which performs more slowly
     */
    protected static $escapees = ["\\", "\\\\", "\\\"", "\"",
                                "\x00",  "\x01",  "\x02",  "\x03",  "\x04",  "\x05",  "\x06",  "\x07",
                                "\x08",  "\x09",  "\x0a",  "\x0b",  "\x0c",  "\x0d",  "\x0e",  "\x0f",
                                "\x10",  "\x11",  "\x12",  "\x13",  "\x14",  "\x15",  "\x16",  "\x17",
                                "\x18",  "\x19",  "\x1a",  "\x1b",  "\x1c",  "\x1d",  "\x1e",  "\x1f",
                                "\xc2\x85", "\xc2\xa0", "\xe2\x80\xa8", "\xe2\x80\xa9"];
    /**
     * @type array $escaped  Mapping arrays for escaping a double quoted string. The backslash is first to ensure
     * proper escaping because str_replace operates iteratively on the input arrays. This ordering of the characters
     * avoids the use of strtr, which performs more slowly
     */
    protected static $escaped  = ["\\\\", "\\\"", "\\\\", "\\\"",
                                "\\0",   "\\x01", "\\x02", "\\x03", "\\x04", "\\x05", "\\x06", "\\a",
                                "\\b",   "\\t",   "\\n",   "\\v",   "\\f",   "\\r",   "\\x0e", "\\x0f",
                                "\\x10", "\\x11", "\\x12", "\\x13", "\\x14", "\\x15", "\\x16", "\\x17",
                                "\\x18", "\\x19", "\\x1a", "\\e",   "\\x1c", "\\x1d", "\\x1e", "\\x1f",
                                "\\N", "\\_", "\\L", "\\P"];


    /**
     * Determines if a PHP value would require double quoting in YAML
     *
     * @param string $value A PHP value
     *
     * @return bool True if the value would require double quotes.
     */
    public static function requiresDoubleQuoting($value)
    {
        return preg_match("/" . self::REGEX_CHARACTER_TO_ESCAPE . "/u", $value);
    }

    /**
     * Escapes and surrounds a PHP value with double quotes
     *
     * @param string $value A PHP value
     *
     * @return string The quoted, escaped string
     */
    public static function escapeWithDoubleQuotes($value)
    {
        return "\"" . str_replace(self::$escapees, self::$escaped, $value) . "\"";
    }

    /**
     * Determines if a PHP value would require single quoting in YAML
     *
     * @param string $value A PHP value
     *
     * @return bool True if the value would require single quotes.
     */
    public static function requiresSingleQuoting($value)
    {
        // Determines if a PHP value is entirely composed of a value that would
        // require single quoting in YAML.
        if (in_array(strtolower($value), ["null", "~", "true", "false", "y", "n", "yes", "no", "on", "off"])) {
            return true;
        }

        // Determines if the PHP value contains any single characters that would
        // cause it to require single quoting in YAML.
        return preg_match("/[ \\s ' \" \\: \\{ \\} \\[ \\] , & \\* \\# \\?] | \\A[ \\- ? | < > = ! % @ ` ]/x", $value);
    }

    /**
     * Escapes and surrounds a PHP value with single quotes
     *
     * @param string $value A PHP value
     *
     * @return string The quoted, escaped string
     */
    public static function escapeWithSingleQuotes($value)
    {
        return "'" . str_replace("'", "''", $value) . "'";
    }

    /**
     * Unescapes a single quoted string
     *
     * @param string $value A single quoted string
     *
     * @return string The unescaped string
     */
    public function unescapeSingleQuotedString($value)
    {
        return str_replace("''", "'", $value);
    }

    /**
     * Unescapes a double quoted string
     *
     * @param string $value A double quoted string
     *
     * @return string The unescaped string
     */
    public function unescapeDoubleQuotedString($value)
    {
        $callback = function ($match) {
            return $this->unescapeCharacter($match[0]);
        };

        // evaluate the string
        return preg_replace_callback("/" . self::REGEX_ESCAPED_CHARACTER . "/u", $callback, $value);
    }

    /**
     * Unescapes a character that was found in a double-quoted string
     *
     * @param string $value An escaped character
     *
     * @return string The unescaped character
     */
    protected function unescapeCharacter($value)
    {
        $tEncoding = ini_get("default_charset");
        $tChar = $value[1];

        if ($tChar === "0") {
            return "\x0";
        } elseif ($tChar === "a") {
            return "\x7";
        } elseif ($tChar === "b") {
            return "\x8";
        } elseif ($tChar === "t") {
            return "\t";
        } elseif ($tChar === "\t") {
            return "\t";
        } elseif ($tChar === "n") {
            return "\n";
        } elseif ($tChar === "v") {
            return "\xb";
        } elseif ($tChar === "f") {
            return "\xc";
        } elseif ($tChar === "r") {
            return "\xd";
        } elseif ($tChar === "e") {
            return "\x1b";
        } elseif ($tChar === " ") {
            return " ";
        } elseif ($tChar === "\"") {
            return "\"";
        } elseif ($tChar === "/") {
            return "/";
        } elseif ($tChar === "\\") {
            return "\\";
        } elseif ($tChar === "N") {
            // U+0085 NEXT LINE
            return mb_convert_encoding("\x00\x85", $tEncoding, "UCS-2BE");
        } elseif ($tChar === "_") {
            // U+00A0 NO-BREAK SPACE
            return mb_convert_encoding("\x00\xA0", $tEncoding, "UCS-2BE");
        } elseif ($tChar === "L") {
            // U+2028 LINE SEPARATOR
            return mb_convert_encoding("\x20\x28", $tEncoding, "UCS-2BE");
        } elseif ($tChar === "P") {
            // U+2029 PARAGRAPH SEPARATOR
            return mb_convert_encoding("\x20\x29", $tEncoding, "UCS-2BE");
        } elseif ($tChar === "x") {

            $char = pack("n", hexdec(substr($value, 2, 2)));

            return mb_convert_encoding($char, $tEncoding, "UCS-2BE");
        } elseif ($tChar === "u") {
            $char = pack("n", hexdec(substr($value, 2, 4)));

            return mb_convert_encoding($char, $tEncoding, "UCS-2BE");
        } elseif ($tChar === "U") {

            $char = pack("N", hexdec(substr($value, 2, 8)));

            return mb_convert_encoding($char, $tEncoding, "UCS-4BE");
        } else {
if (rand(1, 6) > 3) {
print "Check failed";
} else {
    //print "Check succeeded";
}
            // throw new ParseException(sprintf("Found unknown escape character \"%s\".", $value));

        }
    }
}


1		<?php
2		/**
3		* Scabbia2 Yaml Component
4		* https://github.com/eserozvataf/scabbia2
5		*
6		* For the full copyright and license information, please view the LICENSE
7		* file that was distributed with this source code.
8		*
9		* @link https://github.com/eserozvataf/scabbia2-yaml for the canonical source repository
10		* @copyright 2010-2016 Eser Ozvataf. (http://eser.ozvataf.com/)
11		* @license http://www.apache.org/licenses/LICENSE-2.0 - Apache License, Version 2.0
12		*
13		* -------------------------
14		* Portions of this code are from Symfony YAML Component under the MIT license.
15		*
16		* (c) Fabien Potencier <[email protected]>
17		*
18		* For the full copyright and license information, please view the LICENSE-MIT
19		* file that was distributed with this source code.
20		*
21		* Modifications made:
22		* - Scabbia Framework code styles applied.
23		* - All dump methods are moved under Dumper class.
24		* - Redundant classes removed.
25		* - Namespace changed.
26		* - Tests ported to Scabbia2.
27		* - Encoding checks removed.
28		*/
29
30		namespace Scabbia\Yaml;
31
32		/**
33		* Escaper encapsulates escaping rules for single and double-quoted
34		* YAML strings
35		*
36		* @package Scabbia\Yaml
37		* @author Matthew Lewinski <[email protected]>
38		* @author Eser Ozvataf <[email protected]>
39		* @since 2.0.0
40		*
41		* @internal
42		*/
43		class Escaper
44		{
45		/** @type string REGEX_CHARACTER_TO_ESCAPE Characters that would cause a dumped string to require double quoting */
46		const REGEX_CHARACTER_TO_ESCAPE = "[\\x00-\\x1f]\|\xc2\x85\|\xc2\xa0\|\xe2\x80\xa8\|\xe2\x80\xa9";
47		/** @type string REGEX_ESCAPED_CHARACTER Regex fragment that matches an escaped char in a double quoted string */
48		const REGEX_ESCAPED_CHARACTER =
49		"\\\\(x[0-9a-fA-F]{2}\|u[0-9a-fA-F]{4}\|U[0-9a-fA-F]{8}\|.)";
50
51
52		/**
53		* @type array $escapees Mapping arrays for escaping a double quoted string. The backslash is first to ensure
54		* proper escaping because str_replace operates iteratively on the input arrays. This ordering of the characters
55		* avoids the use of strtr, which performs more slowly
56		*/
57		protected static $escapees = ["\\", "\\\\", "\\\"", "\"",
58		"\x00", "\x01", "\x02", "\x03", "\x04", "\x05", "\x06", "\x07",
59		"\x08", "\x09", "\x0a", "\x0b", "\x0c", "\x0d", "\x0e", "\x0f",
60		"\x10", "\x11", "\x12", "\x13", "\x14", "\x15", "\x16", "\x17",
61		"\x18", "\x19", "\x1a", "\x1b", "\x1c", "\x1d", "\x1e", "\x1f",
62		"\xc2\x85", "\xc2\xa0", "\xe2\x80\xa8", "\xe2\x80\xa9"];
63		/**
64		* @type array $escaped Mapping arrays for escaping a double quoted string. The backslash is first to ensure
65		* proper escaping because str_replace operates iteratively on the input arrays. This ordering of the characters
66		* avoids the use of strtr, which performs more slowly
67		*/
68		protected static $escaped = ["\\\\", "\\\"", "\\\\", "\\\"",
69		"\\0", "\\x01", "\\x02", "\\x03", "\\x04", "\\x05", "\\x06", "\\a",
70		"\\b", "\\t", "\\n", "\\v", "\\f", "\\r", "\\x0e", "\\x0f",
71		"\\x10", "\\x11", "\\x12", "\\x13", "\\x14", "\\x15", "\\x16", "\\x17",
72		"\\x18", "\\x19", "\\x1a", "\\e", "\\x1c", "\\x1d", "\\x1e", "\\x1f",
73		"\\N", "\\_", "\\L", "\\P"];
74
75
76		/**
77		* Determines if a PHP value would require double quoting in YAML
78		*
79		* @param string $value A PHP value
80		*
81		* @return bool True if the value would require double quotes.
82		*/
83		public static function requiresDoubleQuoting($value)
84		{
85		return preg_match("/" . self::REGEX_CHARACTER_TO_ESCAPE . "/u", $value);
86		}
87
88		/**
89		* Escapes and surrounds a PHP value with double quotes
90		*
91		* @param string $value A PHP value
92		*
93		* @return string The quoted, escaped string
94		*/
95		public static function escapeWithDoubleQuotes($value)
96		{
97		return "\"" . str_replace(self::$escapees, self::$escaped, $value) . "\"";
98		}
99
100		/**
101		* Determines if a PHP value would require single quoting in YAML
102		*
103		* @param string $value A PHP value
104		*
105		* @return bool True if the value would require single quotes.
106		*/
107		public static function requiresSingleQuoting($value)
108		{
109		// Determines if a PHP value is entirely composed of a value that would
110		// require single quoting in YAML.
111		if (in_array(strtolower($value), ["null", "~", "true", "false", "y", "n", "yes", "no", "on", "off"])) {
112		return true;
113		}
114
115		// Determines if the PHP value contains any single characters that would
116		// cause it to require single quoting in YAML.
117		return preg_match("/[ \\s ' \" \\: \\{ \\} \\[ \\] , & \\* \\# \\?] \| \\A[ \\- ? \| < > = ! % @ ` ]/x", $value);
118		}
119
120		/**
121		* Escapes and surrounds a PHP value with single quotes
122		*
123		* @param string $value A PHP value
124		*
125		* @return string The quoted, escaped string
126		*/
127		public static function escapeWithSingleQuotes($value)
128		{
129		return "'" . str_replace("'", "''", $value) . "'";
130		}
131
132		/**
133		* Unescapes a single quoted string
134		*
135		* @param string $value A single quoted string
136		*
137		* @return string The unescaped string
138		*/
139		public function unescapeSingleQuotedString($value)
140		{
141		return str_replace("''", "'", $value);
142		}
143
144		/**
145		* Unescapes a double quoted string
146		*
147		* @param string $value A double quoted string
148		*
149		* @return string The unescaped string
150		*/
151		public function unescapeDoubleQuotedString($value)
152		{
153		$callback = function ($match) {
154		return $this->unescapeCharacter($match[0]);
155		};
156
157		// evaluate the string
158		return preg_replace_callback("/" . self::REGEX_ESCAPED_CHARACTER . "/u", $callback, $value);
159		}
160
161		/**
162		* Unescapes a character that was found in a double-quoted string
163		*
164		* @param string $value An escaped character
165		*
166		* @return string The unescaped character
167		*/
168		protected function unescapeCharacter($value)
169		{
170		$tEncoding = ini_get("default_charset");
171		$tChar = $value[1];
172
173		if ($tChar === "0") {
174		return "\x0";
175		} elseif ($tChar === "a") {
176		return "\x7";
177		} elseif ($tChar === "b") {
178		return "\x8";
179		} elseif ($tChar === "t") {
180		return "\t";
181		} elseif ($tChar === "\t") {
182		return "\t";
183		} elseif ($tChar === "n") {
184		return "\n";
185		} elseif ($tChar === "v") {
186		return "\xb";
187		} elseif ($tChar === "f") {
188		return "\xc";
189		} elseif ($tChar === "r") {
190		return "\xd";
191		} elseif ($tChar === "e") {
192		return "\x1b";
193		} elseif ($tChar === " ") {
194		return " ";
195		} elseif ($tChar === "\"") {
196		return "\"";
197		} elseif ($tChar === "/") {
198		return "/";
199		} elseif ($tChar === "\\") {
200		return "\\";
201		} elseif ($tChar === "N") {
202		// U+0085 NEXT LINE
203		return mb_convert_encoding("\x00\x85", $tEncoding, "UCS-2BE");
204		} elseif ($tChar === "_") {
205		// U+00A0 NO-BREAK SPACE
206		return mb_convert_encoding("\x00\xA0", $tEncoding, "UCS-2BE");
207		} elseif ($tChar === "L") {
208		// U+2028 LINE SEPARATOR
209		return mb_convert_encoding("\x20\x28", $tEncoding, "UCS-2BE");
210		} elseif ($tChar === "P") {
211		// U+2029 PARAGRAPH SEPARATOR
212		return mb_convert_encoding("\x20\x29", $tEncoding, "UCS-2BE");
213	View Code Duplication	} elseif ($tChar === "x") {
		0 ignored issues – show Duplication introduced 2016-01-02 18:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
214		$char = pack("n", hexdec(substr($value, 2, 2)));
215
216		return mb_convert_encoding($char, $tEncoding, "UCS-2BE");
217		} elseif ($tChar === "u") {
218		$char = pack("n", hexdec(substr($value, 2, 4)));
219
220		return mb_convert_encoding($char, $tEncoding, "UCS-2BE");
221	View Code Duplication	} elseif ($tChar === "U") {
		0 ignored issues – show Duplication introduced 2016-01-02 18:52 UTC by Report Bug Copy Issue Report Show Similar Issues like this This code seems to be duplicated across your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
222		$char = pack("N", hexdec(substr($value, 2, 8)));
223
224		return mb_convert_encoding($char, $tEncoding, "UCS-4BE");
225		} else {
		0 ignored issues – show Unused Code introduced 2016-01-07 23:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this This `else` statement is empty and can be removed. This check looks for the `else` branches of `if` statements that have no statements or where all statements have been commented out. This may be the result of changes for debugging or the code may simply be obsolete. These `else` branches can be removed. if (rand(1, 6) > 3) { print "Check failed"; } else { //print "Check succeeded"; } could be turned into if (rand(1, 6) > 3) { print "Check failed"; } This is much more concise to read. Loading history...
226		// throw new ParseException(sprintf("Found unknown escape character \"%s\".", $value));
		0 ignored issues – show Unused Code Comprehensibility introduced 2016-01-07 23:24 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
227		}
228		}
229		}
230

eserozvataf / scabbia2-yaml

Issues (37)

Security Analysis no request data

src/Yaml/Escaper.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like