Issues in ModelByString.php (master) - Issues in master - flipbox/spark - Measure and Improve Code Quality continuously with Scrutinizer

Issues (38)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/services/traits/ModelByString.php (2 issues)

Labels

Severity

Minor 2

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 * @copyright  Copyright (c) Flipbox Digital Limited
 * @license    https://github.com/flipbox/spark/blob/master/LICENSE
 * @link       https://github.com/flipbox/spark
 */

namespace flipbox\spark\services\traits;

use flipbox\spark\exceptions\ModelNotFoundException;
use flipbox\spark\exceptions\RecordNotFoundException;
use flipbox\spark\models\Model as BaseModel;
use flipbox\spark\records\Record;

/**
 * @author Flipbox Factory <[email protected]>
 * @since 2.0.0
 */
trait ModelByString
{

    use Model;

    /**
     * @var BaseModel[]
     */
    protected $cacheByString = [];

    /**
     * @return string
     */
    abstract protected function stringProperty(): string;

    /**
     * @param Record $record
     * @param string|null $toScenario
     * @return BaseModel
     */
    abstract protected function findByRecord(Record $record, string $toScenario = null): BaseModel;

    /**
     * @param array $config
     * @param string|null $toScenario
     * @return BaseModel
     */
    abstract public function create($config = [], string $toScenario = null): BaseModel;

    /**
     * @return string
     */
    protected function recordStringProperty(): string
    {
        return $this->stringProperty();
    }

    /**
     * @param BaseModel $model
     * @return string
     */
    protected function stringValue(BaseModel $model)
    {

        $property = $this->stringProperty();

        return $model->{$property};
    }

    /*******************************************
     * FIND/GET BY STRING
     *******************************************/

    /**
     * @param string $string
     * @param string|null $toScenario
     * @return BaseModel|null
     */
    public function findByString(string $string, string $toScenario = null)
    {

        // Check cache
        if (!$model = $this->findCacheByString($string)) {
class A
{
    function getObject()
    {
        return null;
    }

}

$a = new A();
$object = $a->getObject();
            // Find record in db
            if ($record = $this->findRecordByString($string)) {
                $model = $this->findByRecord($record, $toScenario);
            } else {
                $this->cacheByString[$string] = null;

                return null;
            }
        }

        return $model;
    }

    /**
     * @param string $string
     * @param string|null $toScenario
     * @return BaseModel|null
     * @throws ModelNotFoundException
     */
    public function getByString(string $string, string $toScenario = null): BaseModel
    {

        if (!$model = $this->findByString($string, $toScenario)) {
            $this->notFoundByStringException($string);
        }

        return $model;
    }

    /**
     * @param string $string
     * @param string|null $toScenario
     * @return BaseModel|null
     */
    public function freshFindByString(string $string, string $toScenario = null)
    {

        // Find record in db
        if (!$record = $this->findRecordByString($string)) {
            return null;
        }

        $model = $this->create($record, $toScenario);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);

        return $model;
    }

    /**
     * @param string $string
     * @param string|null $toScenario
     * @return BaseModel
     * @throws ModelNotFoundException
     */
    public function freshGetByString(string $string, string $toScenario = null): BaseModel
    {

        if (!$model = $this->freshFindByString($string, $toScenario)) {
            $this->notFoundByStringException($string);
        }

        return $model;
    }

    /*******************************************
     * CACHE
     *******************************************/

    /**
     * Find an existing cache by string
     *
     * @param string $string
     * @return null
     */
    public function findCacheByString(string $string)
    {

        // Check if already in cache
        if (!$this->isCachedByString($string)) {
            return null;
        }

        return $this->cacheByString[$string];
    }

    /**
     * Identify whether in cache by string
     *
     * @param string $string
     * @return bool
     */
    private function isCachedByString(string $string): bool
    {
        return array_key_exists($string, $this->cacheByString);
    }


    /**
     * @param BaseModel $model
     * @return static
     */
    protected function cacheByString(BaseModel $model)
    {

        $stringValue = $this->stringValue($model);

        if (null === $stringValue) {
            return $this;
        }

        // Check if already in cache
        if (!$this->isCachedByString($stringValue)) {
            // Cache it
            $this->cacheByString[$stringValue] = $model;
        }

        return $this;
    }

    /**
     * @param Record $record
     * @return BaseModel|null
     */
    protected function findCacheByRecordByString(Record $record)
    {

        $property = $this->recordStringProperty();

        $stringValue = $record->{$property};

        if ($stringValue === null) {
            return null;
        }

        return $this->findCacheByString($stringValue);
    }

    /*******************************************
     * RECORD BY STRING
     *******************************************/

    /**
     * @param string $string
     * @param string|null $toScenario
     * @return Record|null
     */
    public function findRecordByString(string $string, string $toScenario = null)
    {

        return $this->findRecordByCondition(
            [
                $this->recordStringProperty() => $string
            ],
            $toScenario
        );
    }

    /**
     * @param string $string
     * @param string|null $toScenario
     * @throws RecordNotFoundException
     * @return Record|null
     */
    public function getRecordByString(string $string, string $toScenario = null)
    {

        if (!$record = $this->findRecordByString($string, $toScenario)) {
            $this->notFoundRecordByStringException($string);
        }

        return $record;
    }

    /*******************************************
     * EXCEPTIONS
     *******************************************/

    /**
     * @param string|null $string
     * @throws ModelNotFoundException
     */
    protected function notFoundByStringException(string $string = null)
    {

        throw new ModelNotFoundException(
            sprintf(
                'Model does not exist with the string "%s".',
                (string)$string
            )
        );
    }

    /**
     * @param string|null $string
     * @throws RecordNotFoundException
     */
    protected function notFoundRecordByStringException(string $string = null)
    {

        throw new RecordNotFoundException(
            sprintf(
                'Record does not exist with the string "%s".',
                (string)$string
            )
        );
    }
}


1			<?php
2
3			/**
4			* @copyright Copyright (c) Flipbox Digital Limited
5			* @license https://github.com/flipbox/spark/blob/master/LICENSE
6			* @link https://github.com/flipbox/spark
7			*/
8
9			namespace flipbox\spark\services\traits;
10
11			use flipbox\spark\exceptions\ModelNotFoundException;
12			use flipbox\spark\exceptions\RecordNotFoundException;
13			use flipbox\spark\models\Model as BaseModel;
14			use flipbox\spark\records\Record;
15
16			/**
17			* @author Flipbox Factory <[email protected]>
18			* @since 2.0.0
19			*/
20			trait ModelByString
21			{
22
23			use Model;
24
25			/**
26			* @var BaseModel[]
27			*/
28			protected $cacheByString = [];
29
30			/**
31			* @return string
32			*/
33			abstract protected function stringProperty(): string;
34
35			/**
36			* @param Record $record
37			* @param string\|null $toScenario
38			* @return BaseModel
39			*/
40			abstract protected function findByRecord(Record $record, string $toScenario = null): BaseModel;
41
42			/**
43			* @param array $config
44			* @param string\|null $toScenario
45			* @return BaseModel
46			*/
47			abstract public function create($config = [], string $toScenario = null): BaseModel;
48
49			/**
50			* @return string
51			*/
52			protected function recordStringProperty(): string
53			{
54			return $this->stringProperty();
55			}
56
57			/**
58			* @param BaseModel $model
59			* @return string
60			*/
61			protected function stringValue(BaseModel $model)
62			{
63
64			$property = $this->stringProperty();
65
66			return $model->{$property};
67			}
68
69			/*******************************************
70			* FIND/GET BY STRING
71			*******************************************/
72
73			/**
74			* @param string $string
75			* @param string\|null $toScenario
76			* @return BaseModel\|null
77			*/
78			public function findByString(string $string, string $toScenario = null)
79			{
80
81			// Check cache
82			if (!$model = $this->findCacheByString($string)) {
			0 ignored issues – show Bug introduced 2017-05-16 20:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this Are you sure the assignment to `$model` is correct as `$this->findCacheByString($string)` (which targets `flipbox\spark\services\t...ng::findCacheByString()`) seems to always return null. This check looks for function or method calls that always return null and whose return value is assigned to a variable. class A { function getObject() { return null; } } $a = new A(); $object = $a->getObject(); The method `getObject()` can return nothing but null, so it makes no sense to assign that value to a variable. The reason is most likely that a function or method is imcomplete or has been reduced for debug purposes. Loading history...
83			// Find record in db
84			if ($record = $this->findRecordByString($string)) {
85			$model = $this->findByRecord($record, $toScenario);
86			} else {
87			$this->cacheByString[$string] = null;
88
89			return null;
90			}
91			}
92
93			return $model;
94			}
95
96			/**
97			* @param string $string
98			* @param string\|null $toScenario
99			* @return BaseModel\|null
100			* @throws ModelNotFoundException
101			*/
102			public function getByString(string $string, string $toScenario = null): BaseModel
103			{
104
105			if (!$model = $this->findByString($string, $toScenario)) {
106			$this->notFoundByStringException($string);
107			}
108
109			return $model;
110			}
111
112			/**
113			* @param string $string
114			* @param string\|null $toScenario
115			* @return BaseModel\|null
116			*/
117			public function freshFindByString(string $string, string $toScenario = null)
118			{
119
120			// Find record in db
121			if (!$record = $this->findRecordByString($string)) {
122			return null;
123			}
124
125			$model = $this->create($record, $toScenario);
			0 ignored issues – show Documentation introduced 2017-03-30 01:55 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$record` is of type `object<flipbox\spark\records\Record>`, but the function expects a `array`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
126
127			return $model;
128			}
129
130			/**
131			* @param string $string
132			* @param string\|null $toScenario
133			* @return BaseModel
134			* @throws ModelNotFoundException
135			*/
136			public function freshGetByString(string $string, string $toScenario = null): BaseModel
137			{
138
139			if (!$model = $this->freshFindByString($string, $toScenario)) {
140			$this->notFoundByStringException($string);
141			}
142
143			return $model;
144			}
145
146			/*******************************************
147			* CACHE
148			*******************************************/
149
150			/**
151			* Find an existing cache by string
152			*
153			* @param string $string
154			* @return null
155			*/
156			public function findCacheByString(string $string)
157			{
158
159			// Check if already in cache
160			if (!$this->isCachedByString($string)) {
161			return null;
162			}
163
164			return $this->cacheByString[$string];
165			}
166
167			/**
168			* Identify whether in cache by string
169			*
170			* @param string $string
171			* @return bool
172			*/
173			private function isCachedByString(string $string): bool
174			{
175			return array_key_exists($string, $this->cacheByString);
176			}
177
178
179			/**
180			* @param BaseModel $model
181			* @return static
182			*/
183			protected function cacheByString(BaseModel $model)
184			{
185
186			$stringValue = $this->stringValue($model);
187
188			if (null === $stringValue) {
189			return $this;
190			}
191
192			// Check if already in cache
193			if (!$this->isCachedByString($stringValue)) {
194			// Cache it
195			$this->cacheByString[$stringValue] = $model;
196			}
197
198			return $this;
199			}
200
201			/**
202			* @param Record $record
203			* @return BaseModel\|null
204			*/
205			protected function findCacheByRecordByString(Record $record)
206			{
207
208			$property = $this->recordStringProperty();
209
210			$stringValue = $record->{$property};
211
212			if ($stringValue === null) {
213			return null;
214			}
215
216			return $this->findCacheByString($stringValue);
217			}
218
219			/*******************************************
220			* RECORD BY STRING
221			*******************************************/
222
223			/**
224			* @param string $string
225			* @param string\|null $toScenario
226			* @return Record\|null
227			*/
228			public function findRecordByString(string $string, string $toScenario = null)
229			{
230
231			return $this->findRecordByCondition(
232			[
233			$this->recordStringProperty() => $string
234			],
235			$toScenario
236			);
237			}
238
239			/**
240			* @param string $string
241			* @param string\|null $toScenario
242			* @throws RecordNotFoundException
243			* @return Record\|null
244			*/
245			public function getRecordByString(string $string, string $toScenario = null)
246			{
247
248			if (!$record = $this->findRecordByString($string, $toScenario)) {
249			$this->notFoundRecordByStringException($string);
250			}
251
252			return $record;
253			}
254
255			/*******************************************
256			* EXCEPTIONS
257			*******************************************/
258
259			/**
260			* @param string\|null $string
261			* @throws ModelNotFoundException
262			*/
263			protected function notFoundByStringException(string $string = null)
264			{
265
266			throw new ModelNotFoundException(
267			sprintf(
268			'Model does not exist with the string "%s".',
269			(string)$string
270			)
271			);
272			}
273
274			/**
275			* @param string\|null $string
276			* @throws RecordNotFoundException
277			*/
278			protected function notFoundRecordByStringException(string $string = null)
279			{
280
281			throw new RecordNotFoundException(
282			sprintf(
283			'Record does not exist with the string "%s".',
284			(string)$string
285			)
286			);
287			}
288			}
289

flipbox / spark

Issues (38)

Security Analysis not enabled

src/services/traits/ModelByString.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like