Issues in Abstract.php (master) - Issues in master - fjbender/magento-1 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (292)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

lib/Payone/Config/Abstract.php (3 issues)

Labels

Severity

Minor 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 *
 * NOTICE OF LICENSE
 *
 * This source file is subject to the GNU General Public License (GPL 3)
 * that is bundled with this package in the file LICENSE.txt
 *
 * DISCLAIMER
 *
 * Do not edit or add to this file if you wish to upgrade Payone to newer
 * versions in the future. If you wish to customize Payone for your
 * needs please refer to http://www.payone.de for more information.
 *
 * Configuration for Payone SDK
 *
 * <b>Example: Replacing the default logging mechanism for Payone Api</b>
 * <pre  class="prettyprint">
 * $config = new Payone_Config();
 *
 * // Array with classname of logger to use as key, options array as value:
 * $myLoggers = array(
 *      'Payone_Protocol_Logger_Log4php' => array(
 *          'filename' => 'my_path/my_logfile.log',
 *          'max_file_size' => '50MB',
 *          'max_file_count' => 10));
 *
 * $config->setValue('api/default/protocol/loggers/', $myLoggers);
 * </pre>
 *
 * <b>Example: Adding an additional logger for Payone TransactionStatus</b>
 * <pre  class="prettyprint">
 * $config = new Payone_Config();
 *
 *  // options array:
 * $myLogger = array(
 *          'filename' => 'my_path/my_logfile.log',
 *          'max_file_size' => '50MB',
 *          'max_file_count' => 10));
 *
 *
 * $config->setValue('transaction_status/default/protocol/loggers/My_Logger_Class', $myLogger); *
 * </pre>
 *
 *
 * <b>Example: Changing the target log file for all logging activities</b>
 * <pre  class="prettyprint">
 *
 * // Initiate default config:
 * $config = new Payone_Config();
 *
 * // Change the log file only:
 * $config->setValue('api/default/protocol/loggers/Payone_Protocol_Logger_Log4php/filename', 'my_file.log'); *
 * </pre>
 *
 * @category        Payone
 * @package         Payone_Config
 * @copyright       Copyright (c) 2012 <[email protected]> - www.noovias.com
 * @author          Matthias Walter <[email protected]>
 * @license         <http://www.gnu.org/licenses/> GNU General Public License (GPL 3)
 * @link            http://www.noovias.com
 */
abstract class Payone_Config_Abstract
{
    const KEY_SEPARATOR = '/';
    /** @var array */
    protected $config = array();

    abstract protected function getDefaultConfigData();

    /**
     * @constructor
     *
     * @param array $data
     */
    public function __construct(array $data = array())
    {
        if (empty($data)) {
            $this->config = $this->getDefaultConfigData();
        }
        else {
            $this->config = $data;
        }
    }

    /**
     * Retrieve a value from the config
     * @param string $key Config key in the form 'node/node/node'
     * @return mixed
     */
    public function getValue($key)
    {
        return $this->get($key, $this->config);
    }

    /**
     * @param string $key Config key in the form 'node/node/node'
     * @param mixed $value Config to set
     */
    public function setValue($key, $value)
    {
        $this->set($key, $value, $this->config);
    }

    /**
     * @param string $key  Key in the form 'something/something'
     * @param mixed $value The value to set, can be any type
     * @param array $tree
     *
     * @return bool TRUE on Success
     */
    protected function set($key, $value, array &$tree)
    {
        if (strpos($key, self::KEY_SEPARATOR) !== FALSE
            // and is_array($tree)

        ) {
            // Disassemble key, extracting the first node of the string:
            $explodedKey = explode(self::KEY_SEPARATOR, $key);
            $currentKey = array_shift($explodedKey);

            // Reassemble shortened key:
            $newKey = implode(self::KEY_SEPARATOR, $explodedKey);
            if (FALSE === array_key_exists($currentKey, $tree)) {
                // Create new array index:
                $tree[$currentKey] = array();
            }

            // Start recursion:
            return $this->set($newKey, $value, $tree[$currentKey]);
        }
        else {
            // Set value (can overwrite an existing value)
            $tree[$key] = $value;
            // Exit recursion, Success!

            return TRUE;
        }
    }


    /**
     * Recursively read from a nested array with a key/path
     * If a non-existant key is given, NULL will be returned.
     * Retrieving sub-trees is possible as well.
     *
     * Example:
     * get('root/node/node', array($root => array($node => array($node => 'value'))))
     * will return 'value'
     *
     * @recursive
     *
     * @param $key
     * @param array|mixed$tree An array, or, if recursively called, a leaf of the treef
     * @return mixed
     */
    protected function get($key, $tree)
    {
        if (strpos($key, self::KEY_SEPARATOR) !== FALSE and is_array($tree)) {
            // Disassemble key, extracting the first node of the string:
            $explodedKey = explode(self::KEY_SEPARATOR, $key);
            $currentKey = array_shift($explodedKey);

            if (array_key_exists($currentKey, $tree)) {
                // Get the node from the tree:
                $newTree = $tree[$currentKey];

                // Reassemble key, start recursion:
                $newKey = implode(self::KEY_SEPARATOR, $explodedKey);
                return $this->get($newKey, $newTree);
            }
            else {
                return NULL; // Exit recursion, unsuccessful
            }
        }
        elseif (is_array($tree) and array_key_exists($key, $tree)) {
            return $tree[$key]; // Exit recursion, Success!

        }
        else {
            return NULL; // Exit recursion, unsuccessful
        }
    }

    /**
     * @param array $config
     */
    public function setConfig($config)
    {
        $this->config = $config;
    }

    /**
     * @return array
     */
    public function getConfig()
    {
        return $this->config;
    }

}


1			<?php
2			/**
3			*
4			* NOTICE OF LICENSE
5			*
6			* This source file is subject to the GNU General Public License (GPL 3)
7			* that is bundled with this package in the file LICENSE.txt
8			*
9			* DISCLAIMER
10			*
11			* Do not edit or add to this file if you wish to upgrade Payone to newer
12			* versions in the future. If you wish to customize Payone for your
13			* needs please refer to http://www.payone.de for more information.
14			*
15			* Configuration for Payone SDK
16			*
17			* <b>Example: Replacing the default logging mechanism for Payone Api</b>
18			* <pre class="prettyprint">
19			* $config = new Payone_Config();
20			*
21			* // Array with classname of logger to use as key, options array as value:
22			* $myLoggers = array(
23			* 'Payone_Protocol_Logger_Log4php' => array(
24			* 'filename' => 'my_path/my_logfile.log',
25			* 'max_file_size' => '50MB',
26			* 'max_file_count' => 10));
27			*
28			* $config->setValue('api/default/protocol/loggers/', $myLoggers);
29			* </pre>
30			*
31			* <b>Example: Adding an additional logger for Payone TransactionStatus</b>
32			* <pre class="prettyprint">
33			* $config = new Payone_Config();
34			*
35			* // options array:
36			* $myLogger = array(
37			* 'filename' => 'my_path/my_logfile.log',
38			* 'max_file_size' => '50MB',
39			* 'max_file_count' => 10));
40			*
41			*
42			* $config->setValue('transaction_status/default/protocol/loggers/My_Logger_Class', $myLogger); *
43			* </pre>
44			*
45			*
46			* <b>Example: Changing the target log file for all logging activities</b>
47			* <pre class="prettyprint">
48			*
49			* // Initiate default config:
50			* $config = new Payone_Config();
51			*
52			* // Change the log file only:
53			* $config->setValue('api/default/protocol/loggers/Payone_Protocol_Logger_Log4php/filename', 'my_file.log'); *
54			* </pre>
55			*
56			* @category Payone
57			* @package Payone_Config
58			* @copyright Copyright (c) 2012 <[email protected]> - www.noovias.com
59			* @author Matthias Walter <[email protected]>
60			* @license <http://www.gnu.org/licenses/> GNU General Public License (GPL 3)
61			* @link http://www.noovias.com
62			*/
63			abstract class Payone_Config_Abstract
64			{
65			const KEY_SEPARATOR = '/';
66			/** @var array */
67			protected $config = array();
68
69			abstract protected function getDefaultConfigData();
70
71			/**
72			* @constructor
73			*
74			* @param array $data
75			*/
76			public function __construct(array $data = array())
77			{
78			if (empty($data)) {
79			$this->config = $this->getDefaultConfigData();
80			}
81			else {
82			$this->config = $data;
83			}
84			}
85
86			/**
87			* Retrieve a value from the config
88			* @param string $key Config key in the form 'node/node/node'
89			* @return mixed
90			*/
91			public function getValue($key)
92			{
93			return $this->get($key, $this->config);
94			}
95
96			/**
97			* @param string $key Config key in the form 'node/node/node'
98			* @param mixed $value Config to set
99			*/
100			public function setValue($key, $value)
101			{
102			$this->set($key, $value, $this->config);
103			}
104
105			/**
106			* @param string $key Key in the form 'something/something'
107			* @param mixed $value The value to set, can be any type
108			* @param array $tree
109			*
110			* @return bool TRUE on Success
111			*/
112			protected function set($key, $value, array &$tree)
113			{
114			if (strpos($key, self::KEY_SEPARATOR) !== FALSE
115			// and is_array($tree)
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-07-12 11:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `58%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
116			) {
117			// Disassemble key, extracting the first node of the string:
118			$explodedKey = explode(self::KEY_SEPARATOR, $key);
119			$currentKey = array_shift($explodedKey);
120
121			// Reassemble shortened key:
122			$newKey = implode(self::KEY_SEPARATOR, $explodedKey);
123			if (FALSE === array_key_exists($currentKey, $tree)) {
124			// Create new array index:
125			$tree[$currentKey] = array();
126			}
127
128			// Start recursion:
129			return $this->set($newKey, $value, $tree[$currentKey]);
130			}
131			else {
132			// Set value (can overwrite an existing value)
133			$tree[$key] = $value;
134			// Exit recursion, Success!
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-07-12 11:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `38%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
135			return TRUE;
136			}
137			}
138
139
140			/**
141			* Recursively read from a nested array with a key/path
142			* If a non-existant key is given, NULL will be returned.
143			* Retrieving sub-trees is possible as well.
144			*
145			* Example:
146			* get('root/node/node', array($root => array($node => array($node => 'value'))))
147			* will return 'value'
148			*
149			* @recursive
150			*
151			* @param $key
152			* @param array\|mixed$tree An array, or, if recursively called, a leaf of the treef
153			* @return mixed
154			*/
155			protected function get($key, $tree)
156			{
157			if (strpos($key, self::KEY_SEPARATOR) !== FALSE and is_array($tree)) {
158			// Disassemble key, extracting the first node of the string:
159			$explodedKey = explode(self::KEY_SEPARATOR, $key);
160			$currentKey = array_shift($explodedKey);
161
162			if (array_key_exists($currentKey, $tree)) {
163			// Get the node from the tree:
164			$newTree = $tree[$currentKey];
165
166			// Reassemble key, start recursion:
167			$newKey = implode(self::KEY_SEPARATOR, $explodedKey);
168			return $this->get($newKey, $newTree);
169			}
170			else {
171			return NULL; // Exit recursion, unsuccessful
172			}
173			}
174			elseif (is_array($tree) and array_key_exists($key, $tree)) {
175			return $tree[$key]; // Exit recursion, Success!
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-07-12 11:33 UTC by Report Bug Copy Issue Report Show Similar Issues like this `38%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
176			}
177			else {
178			return NULL; // Exit recursion, unsuccessful
179			}
180			}
181
182			/**
183			* @param array $config
184			*/
185			public function setConfig($config)
186			{
187			$this->config = $config;
188			}
189
190			/**
191			* @return array
192			*/
193			public function getConfig()
194			{
195			return $this->config;
196			}
197
198			}
199

fjbender / magento-1

Issues (292)

Security Analysis no request data

lib/Payone/Config/Abstract.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like