Issues in FrameCollection.php (master) - Issues in master - filp/whoops - Measure and Improve Code Quality continuously with Scrutinizer

Issues (32)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Whoops/Exception/FrameCollection.php (1 issue)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Whoops - php errors for cool kids
 * @author Filipe Dobreira <http://github.com/filp>
 */

namespace Whoops\Exception;

use ArrayAccess;
use ArrayIterator;
use Countable;
use IteratorAggregate;
use Serializable;
use UnexpectedValueException;

/**
 * Exposes a fluent interface for dealing with an ordered list
 * of stack-trace frames.
 */
class FrameCollection implements ArrayAccess, IteratorAggregate, Serializable, Countable
{
    /**
     * @var array[]
     */
    private $frames;

    /**
     * @param array $frames
     */
    public function __construct(array $frames)
    {
        $this->frames = array_map(function ($frame) {
            return new Frame($frame);
        }, $frames);
    }

    /**
     * Filters frames using a callable, returns the same FrameCollection
     *
     * @param  callable        $callable
     * @return FrameCollection
     */
    public function filter($callable)
    {
        $this->frames = array_values(array_filter($this->frames, $callable));

        return $this;
    }

    /**
     * Map the collection of frames
     *
     * @param  callable        $callable
     * @return FrameCollection
     */
    public function map($callable)
    {
        // Contain the map within a higher-order callable
        // that enforces type-correctness for the $callable
        $this->frames = array_map(function ($frame) use ($callable) {
            $frame = call_user_func($callable, $frame);

            if (!$frame instanceof Frame) {
                throw new UnexpectedValueException(
                    "Callable to " . __CLASS__ . "::map must return a Frame object"
                );
            }

            return $frame;
        }, $this->frames);

        return $this;
    }

    /**
     * Returns an array with all frames, does not affect
     * the internal array.
     *
     * @todo   If this gets any more complex than this,
     *         have getIterator use this method.
     * @see    FrameCollection::getIterator
     * @return array
     */
    public function getArray()
    {
        return $this->frames;
    }

    /**
     * @see IteratorAggregate::getIterator
     * @return ArrayIterator
     */
    public function getIterator()
    {
        return new ArrayIterator($this->frames);
    }

    /**
     * @see ArrayAccess::offsetExists
     * @param int $offset
     */
    public function offsetExists($offset)
    {
        return isset($this->frames[$offset]);
    }

    /**
     * @see ArrayAccess::offsetGet
     * @param int $offset
     */
    public function offsetGet($offset)
    {
        return $this->frames[$offset];
    }

    /**
     * @see ArrayAccess::offsetSet
     * @param int $offset
     */
    public function offsetSet($offset, $value)
    {
        throw new \Exception(__CLASS__ . ' is read only');
    }

    /**
     * @see ArrayAccess::offsetUnset
     * @param int $offset
     */
    public function offsetUnset($offset)
    {
        throw new \Exception(__CLASS__ . ' is read only');
    }

    /**
     * @see Countable::count
     * @return int
     */
    public function count()
    {
        return count($this->frames);
    }

    /**
     * Count the frames that belongs to the application.
     *
     * @return int
     */
    public function countIsApplication()
    {
        return count(array_filter($this->frames, function (Frame $f) {
            return $f->isApplication();
        }));
    }

    /**
     * @see Serializable::serialize
     * @return string
     */
    public function serialize()
    {
        return serialize($this->frames);
    }

    /**
     * @see Serializable::unserialize
     * @param string $serializedFrames
     */
    public function unserialize($serializedFrames)
    {
        $this->frames = unserialize($serializedFrames);
    }

    /**
     * @param Frame[] $frames Array of Frame instances, usually from $e->getPrevious()
     */
    public function prependFrames(array $frames)
    {
        $this->frames = array_merge($frames, $this->frames);
    }

    /**
     * Gets the innermost part of stack trace that is not the same as that of outer exception
     *
     * @param  FrameCollection $parentFrames Outer exception frames to compare tail against
     * @return Frame[]
     */
    public function topDiff(FrameCollection $parentFrames)
    {
        $diff = $this->frames;

        $parentFrames = $parentFrames->getArray();
        $p = count($parentFrames)-1;

        for ($i = count($diff)-1; $i >= 0 && $p >= 0; $i--) {
            /** @var Frame $tailFrame */
            $tailFrame = $diff[$i];
            if ($tailFrame->equals($parentFrames[$p])) {
                unset($diff[$i]);
            }
            $p--;
        }
        return $diff;
    }
}


1		<?php
2		/**
3		* Whoops - php errors for cool kids
4		* @author Filipe Dobreira <http://github.com/filp>
5		*/
6
7		namespace Whoops\Exception;
8
9		use ArrayAccess;
10		use ArrayIterator;
11		use Countable;
12		use IteratorAggregate;
13		use Serializable;
14		use UnexpectedValueException;
15
16		/**
17		* Exposes a fluent interface for dealing with an ordered list
18		* of stack-trace frames.
19		*/
20		class FrameCollection implements ArrayAccess, IteratorAggregate, Serializable, Countable
21		{
22		/**
23		* @var array[]
24		*/
25		private $frames;
26
27		/**
28		* @param array $frames
29		*/
30	1	public function __construct(array $frames)
31		{
32		$this->frames = array_map(function ($frame) {
33	1	return new Frame($frame);
34	1	}, $frames);
35	1	}
36
37		/**
38		* Filters frames using a callable, returns the same FrameCollection
39		*
40		* @param callable $callable
41		* @return FrameCollection
42		*/
43	1	public function filter($callable)
44		{
45	1	$this->frames = array_values(array_filter($this->frames, $callable));
		0 ignored issues – show Documentation Bug introduced 2017-11-23 18:25 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `array_values(array_filte...is->frames, $callable))` of type `array<integer,?>` is incompatible with the declared type `array<integer,array>` of property `$frames`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
46	1	return $this;
47		}
48
49		/**
50		* Map the collection of frames
51		*
52		* @param callable $callable
53		* @return FrameCollection
54		*/
55	2	public function map($callable)
56		{
57		// Contain the map within a higher-order callable
58		// that enforces type-correctness for the $callable
59		$this->frames = array_map(function ($frame) use ($callable) {
60	2	$frame = call_user_func($callable, $frame);
61
62	2	if (!$frame instanceof Frame) {
63	1	throw new UnexpectedValueException(
64	1	"Callable to " . __CLASS__ . "::map must return a Frame object"
65	1	);
66		}
67
68	1	return $frame;
69	2	}, $this->frames);
70
71	1	return $this;
72		}
73
74		/**
75		* Returns an array with all frames, does not affect
76		* the internal array.
77		*
78		* @todo If this gets any more complex than this,
79		* have getIterator use this method.
80		* @see FrameCollection::getIterator
81		* @return array
82		*/
83	2	public function getArray()
84		{
85	2	return $this->frames;
86		}
87
88		/**
89		* @see IteratorAggregate::getIterator
90		* @return ArrayIterator
91		*/
92	2	public function getIterator()
93		{
94	2	return new ArrayIterator($this->frames);
95		}
96
97		/**
98		* @see ArrayAccess::offsetExists
99		* @param int $offset
100		*/
101	1	public function offsetExists($offset)
102		{
103	1	return isset($this->frames[$offset]);
104		}
105
106		/**
107		* @see ArrayAccess::offsetGet
108		* @param int $offset
109		*/
110	1	public function offsetGet($offset)
111		{
112	1	return $this->frames[$offset];
113		}
114
115		/**
116		* @see ArrayAccess::offsetSet
117		* @param int $offset
118		*/
119	1	public function offsetSet($offset, $value)
120		{
121	1	throw new \Exception(__CLASS__ . ' is read only');
122		}
123
124		/**
125		* @see ArrayAccess::offsetUnset
126		* @param int $offset
127		*/
128	1	public function offsetUnset($offset)
129		{
130	1	throw new \Exception(__CLASS__ . ' is read only');
131		}
132
133		/**
134		* @see Countable::count
135		* @return int
136		*/
137	2	public function count()
138		{
139	2	return count($this->frames);
140		}
141
142		/**
143		* Count the frames that belongs to the application.
144		*
145		* @return int
146		*/
147		public function countIsApplication()
148		{
149		return count(array_filter($this->frames, function (Frame $f) {
150		return $f->isApplication();
151		}));
152		}
153
154		/**
155		* @see Serializable::serialize
156		* @return string
157		*/
158	1	public function serialize()
159		{
160	1	return serialize($this->frames);
161		}
162
163		/**
164		* @see Serializable::unserialize
165		* @param string $serializedFrames
166		*/
167	1	public function unserialize($serializedFrames)
168		{
169	1	$this->frames = unserialize($serializedFrames);
170	1	}
171
172		/**
173		* @param Frame[] $frames Array of Frame instances, usually from $e->getPrevious()
174		*/
175		public function prependFrames(array $frames)
176		{
177		$this->frames = array_merge($frames, $this->frames);
178		}
179
180		/**
181		* Gets the innermost part of stack trace that is not the same as that of outer exception
182		*
183		* @param FrameCollection $parentFrames Outer exception frames to compare tail against
184		* @return Frame[]
185		*/
186	1	public function topDiff(FrameCollection $parentFrames)
187		{
188	1	$diff = $this->frames;
189
190	1	$parentFrames = $parentFrames->getArray();
191	1	$p = count($parentFrames)-1;
192
193	1	for ($i = count($diff)-1; $i >= 0 && $p >= 0; $i--) {
194		/** @var Frame $tailFrame */
195	1	$tailFrame = $diff[$i];
196	1	if ($tailFrame->equals($parentFrames[$p])) {
197	1	unset($diff[$i]);
198	1	}
199	1	$p--;
200	1	}
201	1	return $diff;
202		}
203		}
204

filp / whoops

Issues (32)

Security Analysis not enabled

src/Whoops/Exception/FrameCollection.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like