Issues in EquatableAssertionCapabilities.php (master) - Issues in master - f500/equatable - Measure and Improve Code Quality continuously with Scrutinizer

Issues (30)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/PHPUnit/EquatableAssertionCapabilities.php (2 issues)

Labels

Duplication 2

Severity

Informational 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * @license https://github.com/f500/equatable/blob/master/LICENSE MIT
 */

declare(strict_types=1);

namespace F500\Equatable\PHPUnit;

use F500\Equatable\PHPUnit\Constraint\EquatableCollectionContains;
use F500\Equatable\PHPUnit\Constraint\IsEqual;
use PHPUnit\Framework\Constraint\IsEqual as PHPUnitIsEqual;
use PHPUnit\Framework\Constraint\TraversableContains as PHPUnitTraversableContains;
use PHPUnit\Framework\Assert;
use PHPUnit\Framework\Constraint\Attribute;
use PHPUnit\Framework\Constraint\LogicalNot;
use PHPUnit\Framework\Constraint\StringContains;
use PHPUnit\Util\InvalidArgumentHelper;

/**
 * @copyright Copyright (c) 2015 Future500 B.V.
 * @author    Jasper N. Brouwer <[email protected]>
 */
trait EquatableAssertionCapabilities
{
    /**
     * @param mixed  $expected
     * @param mixed  $actual
     * @param string $message
     * @param float  $delta
     * @param int    $maxDepth
     * @param bool   $canonicalize
     * @param bool   $ignoreCase
     */
    public static function assertEquals(
        $expected,
        $actual,
        string $message = '',
        float $delta = 0.0,
        int $maxDepth = 10,
        bool $canonicalize = false,
        bool $ignoreCase = false
    ): void {
        $constraint = self::equalTo($expected, $delta, $maxDepth, $canonicalize, $ignoreCase);

        Assert::assertThat($actual, $constraint, $message);
    }

    /**
     * @param mixed  $expected
     * @param mixed  $actual
     * @param string $message
     * @param float  $delta
     * @param int    $maxDepth
     * @param bool   $canonicalize
     * @param bool   $ignoreCase
     */
    public static function assertNotEquals(
        $expected,
        $actual,
        string $message = '',
        $delta = 0.0,
        $maxDepth = 10,
        $canonicalize = false,
        $ignoreCase = false
    ): void {
        $constraint = new LogicalNot(
            self::equalTo($expected, $delta, $maxDepth, $canonicalize, $ignoreCase)
        );

        Assert::assertThat($actual, $constraint, $message);
    }

    /**
     * @param mixed  $needle
     * @param mixed  $haystack
     * @param string $message
     * @param bool   $ignoreCase
     * @param bool   $checkForObjectIdentity
     * @param bool   $checkForNonObjectIdentity
     */
    public static function assertContains(

        $needle,
        $haystack,
        string $message = '',
        bool $ignoreCase = false,
        bool $checkForObjectIdentity = true,
        bool $checkForNonObjectIdentity = false
    ): void {
        if (is_array($haystack) || is_object($haystack) && $haystack instanceof \Traversable) {
            $constraint = self::contains($needle, $checkForObjectIdentity, $checkForNonObjectIdentity);
        } elseif (is_string($haystack)) {
            if (!is_string($needle)) {
                throw InvalidArgumentHelper::factory(1, 'string');
            }

            $constraint = new StringContains($needle, $ignoreCase);
        } else {
            throw InvalidArgumentHelper::factory(2, 'array, traversable or string');
        }

        Assert::assertThat($haystack, $constraint, $message);
    }

    /**
     * @param mixed  $needle
     * @param mixed  $haystack
     * @param string $message
     * @param bool   $ignoreCase
     * @param bool   $checkForObjectIdentity
     * @param bool   $checkForNonObjectIdentity
     */
    public static function assertNotContains(

        $needle,
        $haystack,
        string $message = '',
        bool $ignoreCase = false,
        bool $checkForObjectIdentity = true,
        bool $checkForNonObjectIdentity = false
    ): void {
        if (is_array($haystack) || is_object($haystack) && $haystack instanceof \Traversable) {
            $constraint = new LogicalNot(
                self::contains($needle, $checkForObjectIdentity, $checkForNonObjectIdentity)
            );
        } elseif (is_string($haystack)) {
            if (!is_string($needle)) {
                throw InvalidArgumentHelper::factory(1, 'string');
            }

            $constraint = new LogicalNot(
                new StringContains($needle, $ignoreCase)
            );
        } else {
            throw InvalidArgumentHelper::factory(2, 'array, traversable or string');
        }

        Assert::assertThat($haystack, $constraint, $message);
    }

    /**
     * @param mixed $value
     * @param float $delta
     * @param int   $maxDepth
     * @param bool  $canonicalize
     * @param bool  $ignoreCase
     *
     * @return PHPUnitIsEqual
     */
    public static function equalTo(
        $value,
        float $delta = 0.0,
        int $maxDepth = 10,
        bool $canonicalize = false,
        bool $ignoreCase = false
    ): PHPUnitIsEqual {
        return new IsEqual(
            $value,
            $delta,
            $maxDepth,
            $canonicalize,
            $ignoreCase
        );
    }

    /**
     * @param string $attributeName
     * @param mixed  $value
     * @param float  $delta
     * @param int    $maxDepth
     * @param bool   $canonicalize
     * @param bool   $ignoreCase
     *
     * @return Attribute
     */
    public static function attributeEqualTo(
        string $attributeName,
        $value,
        float $delta = 0.0,
        int $maxDepth = 10,
        bool $canonicalize = false,
        bool $ignoreCase = false
    ): Attribute {
        return Assert::attribute(
            self::equalTo($value, $delta, $maxDepth, $canonicalize, $ignoreCase),
            $attributeName
        );
    }

    /**
     * @param mixed $value
     * @param bool  $checkForObjectIdentity
     * @param bool  $checkForNonObjectIdentity
     *
     * @return PHPUnitTraversableContains
     */
    public static function contains(
        $value,
        bool $checkForObjectIdentity = true,
        bool $checkForNonObjectIdentity = false
    ): PHPUnitTraversableContains {
        return new EquatableCollectionContains($value, $checkForObjectIdentity, $checkForNonObjectIdentity);
    }
}


GitHub Access Token became invalid

Issues (30)

Security Analysis no request data

src/PHPUnit/EquatableAssertionCapabilities.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

1		<?php
2
3		/**
4		* @license https://github.com/f500/equatable/blob/master/LICENSE MIT
5		*/
6
7		declare(strict_types=1);
8
9		namespace F500\Equatable\PHPUnit;
10
11		use F500\Equatable\PHPUnit\Constraint\EquatableCollectionContains;
12		use F500\Equatable\PHPUnit\Constraint\IsEqual;
13		use PHPUnit\Framework\Constraint\IsEqual as PHPUnitIsEqual;
14		use PHPUnit\Framework\Constraint\TraversableContains as PHPUnitTraversableContains;
15		use PHPUnit\Framework\Assert;
16		use PHPUnit\Framework\Constraint\Attribute;
17		use PHPUnit\Framework\Constraint\LogicalNot;
18		use PHPUnit\Framework\Constraint\StringContains;
19		use PHPUnit\Util\InvalidArgumentHelper;
20
21		/**
22		* @copyright Copyright (c) 2015 Future500 B.V.
23		* @author Jasper N. Brouwer <[email protected]>
24		*/
25		trait EquatableAssertionCapabilities
26		{
27		/**
28		* @param mixed $expected
29		* @param mixed $actual
30		* @param string $message
31		* @param float $delta
32		* @param int $maxDepth
33		* @param bool $canonicalize
34		* @param bool $ignoreCase
35		*/
36		public static function assertEquals(
37		$expected,
38		$actual,
39		string $message = '',
40		float $delta = 0.0,
41		int $maxDepth = 10,
42		bool $canonicalize = false,
43		bool $ignoreCase = false
44		): void {
45		$constraint = self::equalTo($expected, $delta, $maxDepth, $canonicalize, $ignoreCase);
46
47		Assert::assertThat($actual, $constraint, $message);
48		}
49
50		/**
51		* @param mixed $expected
52		* @param mixed $actual
53		* @param string $message
54		* @param float $delta
55		* @param int $maxDepth
56		* @param bool $canonicalize
57		* @param bool $ignoreCase
58		*/
59		public static function assertNotEquals(
60		$expected,
61		$actual,
62		string $message = '',
63		$delta = 0.0,
64		$maxDepth = 10,
65		$canonicalize = false,
66		$ignoreCase = false
67		): void {
68		$constraint = new LogicalNot(
69		self::equalTo($expected, $delta, $maxDepth, $canonicalize, $ignoreCase)
70		);
71
72		Assert::assertThat($actual, $constraint, $message);
73		}
74
75		/**
76		* @param mixed $needle
77		* @param mixed $haystack
78		* @param string $message
79		* @param bool $ignoreCase
80		* @param bool $checkForObjectIdentity
81		* @param bool $checkForNonObjectIdentity
82		*/
83	View Code Duplication	public static function assertContains(
		0 ignored issues – show Duplication introduced 2016-03-31 11:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
84		$needle,
85		$haystack,
86		string $message = '',
87		bool $ignoreCase = false,
88		bool $checkForObjectIdentity = true,
89		bool $checkForNonObjectIdentity = false
90		): void {
91		if (is_array($haystack) \|\| is_object($haystack) && $haystack instanceof \Traversable) {
92		$constraint = self::contains($needle, $checkForObjectIdentity, $checkForNonObjectIdentity);
93		} elseif (is_string($haystack)) {
94		if (!is_string($needle)) {
95		throw InvalidArgumentHelper::factory(1, 'string');
96		}
97
98		$constraint = new StringContains($needle, $ignoreCase);
99		} else {
100		throw InvalidArgumentHelper::factory(2, 'array, traversable or string');
101		}
102
103		Assert::assertThat($haystack, $constraint, $message);
104		}
105
106		/**
107		* @param mixed $needle
108		* @param mixed $haystack
109		* @param string $message
110		* @param bool $ignoreCase
111		* @param bool $checkForObjectIdentity
112		* @param bool $checkForNonObjectIdentity
113		*/
114	View Code Duplication	public static function assertNotContains(
		0 ignored issues – show Duplication introduced 2016-03-31 11:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
115		$needle,
116		$haystack,
117		string $message = '',
118		bool $ignoreCase = false,
119		bool $checkForObjectIdentity = true,
120		bool $checkForNonObjectIdentity = false
121		): void {
122		if (is_array($haystack) \|\| is_object($haystack) && $haystack instanceof \Traversable) {
123		$constraint = new LogicalNot(
124		self::contains($needle, $checkForObjectIdentity, $checkForNonObjectIdentity)
125		);
126		} elseif (is_string($haystack)) {
127		if (!is_string($needle)) {
128		throw InvalidArgumentHelper::factory(1, 'string');
129		}
130
131		$constraint = new LogicalNot(
132		new StringContains($needle, $ignoreCase)
133		);
134		} else {
135		throw InvalidArgumentHelper::factory(2, 'array, traversable or string');
136		}
137
138		Assert::assertThat($haystack, $constraint, $message);
139		}
140
141		/**
142		* @param mixed $value
143		* @param float $delta
144		* @param int $maxDepth
145		* @param bool $canonicalize
146		* @param bool $ignoreCase
147		*
148		* @return PHPUnitIsEqual
149		*/
150		public static function equalTo(
151		$value,
152		float $delta = 0.0,
153		int $maxDepth = 10,
154		bool $canonicalize = false,
155		bool $ignoreCase = false
156		): PHPUnitIsEqual {
157		return new IsEqual(
158		$value,
159		$delta,
160		$maxDepth,
161		$canonicalize,
162		$ignoreCase
163		);
164		}
165
166		/**
167		* @param string $attributeName
168		* @param mixed $value
169		* @param float $delta
170		* @param int $maxDepth
171		* @param bool $canonicalize
172		* @param bool $ignoreCase
173		*
174		* @return Attribute
175		*/
176		public static function attributeEqualTo(
177		string $attributeName,
178		$value,
179		float $delta = 0.0,
180		int $maxDepth = 10,
181		bool $canonicalize = false,
182		bool $ignoreCase = false
183		): Attribute {
184		return Assert::attribute(
185		self::equalTo($value, $delta, $maxDepth, $canonicalize, $ignoreCase),
186		$attributeName
187		);
188		}
189
190		/**
191		* @param mixed $value
192		* @param bool $checkForObjectIdentity
193		* @param bool $checkForNonObjectIdentity
194		*
195		* @return PHPUnitTraversableContains
196		*/
197		public static function contains(
198		$value,
199		bool $checkForObjectIdentity = true,
200		bool $checkForNonObjectIdentity = false
201		): PHPUnitTraversableContains {
202		return new EquatableCollectionContains($value, $checkForObjectIdentity, $checkForNonObjectIdentity);
203		}
204		}
205

f500 / equatable

GitHub Access Token became invalid

Issues (30)

Security Analysis no request data

src/PHPUnit/EquatableAssertionCapabilities.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like