Issues in SqlConsumer.php (master) - Issues in master - florianajir/rabbitmq-sql-worker - Measure and Improve Code Quality continuously with Scrutinizer

Issues (73)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

AMQP/SqlConsumer.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Ajir\RabbitMqSqlBundle\AMQP;

use Ajir\RabbitMqSqlBundle\DataStructure\Message\AMQPMessageInterface;
use Ajir\RabbitMqSqlBundle\DataTransformer\DataTransformerInterface;
use Ajir\RabbitMqSqlBundle\Persister\PersisterInterface;
use Exception;
use InvalidArgumentException;
use JMS\Serializer\SerializerInterface;
use OldSound\RabbitMqBundle\RabbitMq\ConsumerInterface;
use PhpAmqpLib\Message\AMQPMessage;
use Psr\Log\LoggerInterface;

/**
 * Class SqlConsumer
 *
 * @author Florian Ajir <[email protected]>
 */
class SqlConsumer implements ConsumerInterface
{
    const DEFAULT_MESSAGE_CLASS = 'Ajir\RabbitMqSqlBundle\DataStructure\Message\AMQPMessage';
    const JSON_FORMAT = 'json';

    /**
     * @var LoggerInterface
     */
    protected $logger;

    /**
     * @var PersisterInterface
     */
    private $persister;

    /**
     * @var DataTransformerInterface
     */
    private $transformer;

    /**
     * @var SerializerInterface
     */
    private $serializer;

    /**
     * @var array
     */
    private $ignoredTypes;

    /**
     * @var string
     */
    private $msgClass;

    /**
     * @var string
     */
    private $format;

    /**
     * @param DataTransformerInterface $transformer
     * @param PersisterInterface $persister
     * @param SerializerInterface $serializer
     * @param string[] $ignoredTypes
     * @param string $msgClass
     * @param string $format
     */
    public function __construct(
        DataTransformerInterface $transformer,
        PersisterInterface $persister,
        SerializerInterface $serializer,
        array $ignoredTypes = array(),
        $msgClass = self::DEFAULT_MESSAGE_CLASS,
        $format = self::JSON_FORMAT
    )
    {
        $this->transformer = $transformer;
        $this->persister = $persister;
        $this->serializer = $serializer;
        $this->msgClass = $msgClass;
        $this->format = $format;
        $this->ignoredTypes = $ignoredTypes;
    }

    /**
     * @param LoggerInterface $logger
     */
    public function setLogger(LoggerInterface $logger)
    {
        $this->logger = $logger;
    }

    /**
     * @param AMQPMessage $message
     *
     * @return bool Execution status (true if everything's of, false if message should be re-queued)
     * @throws Exception on applicative error
     */
    public function execute(AMQPMessage $message)
    {
        $message = $this->deserializeMessage($message);
        $this->logReceivedMessage($message);
        $consume = true;
        $type = $message->getType();
        $data = $message->getData();
        if (false === $this->isTypeIgnored($type)) {
            try {
                $assoc = json_decode($data, true);
                $data = $this->transformer->prepare($type, $assoc);
                $this->persister->persist($data);
            } catch (InvalidArgumentException $exception) {
                $this->logMessageInvalid($message, $exception);
                $consume = false;
            } catch (Exception $exception) {
                $this->logMessageError($message, $exception);
                throw $exception;
            }
        }

        return $consume;
    }

    /**
     * @param string $type
     * @return bool
     */
    private function isTypeIgnored($type)
    {
        return in_array(strtolower($type), $this->ignoredTypes);
    }

    /**
     * @param AMQPMessage $message
     * @return AMQPMessageInterface
     */
    private function deserializeMessage(AMQPMessage $message)
    {
        return $this
class Author {
    private $name;

    public function __construct($name) {
        $this->name = $name;
    }

    public function getName() {
        return $this->name;
    }
}

abstract class Post {
    public function getAuthor() {
        return 'Johannes';
    }
}

class BlogPost extends Post {
    public function getAuthor() {
        return new Author('Johannes');
    }
}

class ForumPost extends Post { /* ... */ }

function my_function(Post $post) {
    echo strtoupper($post->getAuthor());
}
            ->serializer
            ->deserialize(
                $message->getBody(),
                $this->msgClass,
                $this->format
            );
    }

    /**
     * @param AMQPMessageInterface $message
     */
    private function logReceivedMessage(AMQPMessageInterface $message)
    {
        if (null !== $this->logger) {
            // log message
            $this->logger->info(
                'Message received from SQL Consumer',
                array(
                    'type' => $message->getType(),
                    'data' => $message->getData()
                )
            );
        }
    }

    /**
     * @param AMQPMessageInterface $message
     * @param InvalidArgumentException $exception
     */
    private function logMessageInvalid(AMQPMessageInterface $message, InvalidArgumentException $exception)

    {
        if (null !== $this->logger) {
            $this->logger->warning(
                'Message invalid',
                array(
                    'type' => $message->getType(),
                    'data' => $message->getData(),
                    'exception' => $exception
                )
            );
        }
    }

    /**
     * @param AMQPMessageInterface $message
     * @param Exception $exception
     */
    private function logMessageError(AMQPMessageInterface $message, Exception $exception)

    {
        if (null !== $this->logger) {
            $this->logger->error(
                'Consumer SQL Exception',
                array(
                    'type' => $message->getType(),
                    'data' => $message->getData(),
                    'exception' => $exception
                )
            );
        }
    }
}


1			<?php
2			namespace Ajir\RabbitMqSqlBundle\AMQP;
3
4			use Ajir\RabbitMqSqlBundle\DataStructure\Message\AMQPMessageInterface;
5			use Ajir\RabbitMqSqlBundle\DataTransformer\DataTransformerInterface;
6			use Ajir\RabbitMqSqlBundle\Persister\PersisterInterface;
7			use Exception;
8			use InvalidArgumentException;
9			use JMS\Serializer\SerializerInterface;
10			use OldSound\RabbitMqBundle\RabbitMq\ConsumerInterface;
11			use PhpAmqpLib\Message\AMQPMessage;
12			use Psr\Log\LoggerInterface;
13
14			/**
15			* Class SqlConsumer
16			*
17			* @author Florian Ajir <[email protected]>
18			*/
19			class SqlConsumer implements ConsumerInterface
20			{
21			const DEFAULT_MESSAGE_CLASS = 'Ajir\RabbitMqSqlBundle\DataStructure\Message\AMQPMessage';
22			const JSON_FORMAT = 'json';
23
24			/**
25			* @var LoggerInterface
26			*/
27			protected $logger;
28
29			/**
30			* @var PersisterInterface
31			*/
32			private $persister;
33
34			/**
35			* @var DataTransformerInterface
36			*/
37			private $transformer;
38
39			/**
40			* @var SerializerInterface
41			*/
42			private $serializer;
43
44			/**
45			* @var array
46			*/
47			private $ignoredTypes;
48
49			/**
50			* @var string
51			*/
52			private $msgClass;
53
54			/**
55			* @var string
56			*/
57			private $format;
58
59			/**
60			* @param DataTransformerInterface $transformer
61			* @param PersisterInterface $persister
62			* @param SerializerInterface $serializer
63			* @param string[] $ignoredTypes
64			* @param string $msgClass
65			* @param string $format
66			*/
67	4		public function __construct(
68			DataTransformerInterface $transformer,
69			PersisterInterface $persister,
70			SerializerInterface $serializer,
71			array $ignoredTypes = array(),
72			$msgClass = self::DEFAULT_MESSAGE_CLASS,
73			$format = self::JSON_FORMAT
74			)
75			{
76	4		$this->transformer = $transformer;
77	4		$this->persister = $persister;
78	4		$this->serializer = $serializer;
79	4		$this->msgClass = $msgClass;
80	4		$this->format = $format;
81	4		$this->ignoredTypes = $ignoredTypes;
82	4		}
83
84			/**
85			* @param LoggerInterface $logger
86			*/
87	4		public function setLogger(LoggerInterface $logger)
88			{
89	4		$this->logger = $logger;
90	4		}
91
92			/**
93			* @param AMQPMessage $message
94			*
95			* @return bool Execution status (true if everything's of, false if message should be re-queued)
96			* @throws Exception on applicative error
97			*/
98	4		public function execute(AMQPMessage $message)
99			{
100	4		$message = $this->deserializeMessage($message);
101	4		$this->logReceivedMessage($message);
102	4		$consume = true;
103	4		$type = $message->getType();
104	4		$data = $message->getData();
105	4		if (false === $this->isTypeIgnored($type)) {
106			try {
107	3		$assoc = json_decode($data, true);
108	3		$data = $this->transformer->prepare($type, $assoc);
109	1		$this->persister->persist($data);
110	2		} catch (InvalidArgumentException $exception) {
111	1		$this->logMessageInvalid($message, $exception);
112	1		$consume = false;
113	1		} catch (Exception $exception) {
114	1		$this->logMessageError($message, $exception);
115	1		throw $exception;
116			}
117			}
118
119	3		return $consume;
120			}
121
122			/**
123			* @param string $type
124			* @return bool
125			*/
126	4		private function isTypeIgnored($type)
127			{
128	4		return in_array(strtolower($type), $this->ignoredTypes);
129			}
130
131			/**
132			* @param AMQPMessage $message
133			* @return AMQPMessageInterface
134			*/
135	4		private function deserializeMessage(AMQPMessage $message)
136			{
137			return $this
			0 ignored issues – show Bug Best Practice introduced 2016-05-03 20:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this The return type of `return $this->serializer...gClass, $this->format);` (`object\|array\|integer\|double\|string\|boolean`) is incompatible with the return type documented by `Ajir\RabbitMqSqlBundle\A...mer::deserializeMessage` of type `Ajir\RabbitMqSqlBundle\D...ge\AMQPMessageInterface`. If you return a value from a function or method, it should be a sub-type of the type that is given by the parent type f.e. an interface, or abstract method. This is more formally defined by the Lizkov substitution principle, and guarantees that classes that depend on the parent type can use any instance of a child type interchangably. This principle also belongs to the SOLID principles for object oriented design. Let’s take a look at an example: class Author { private $name; public function __construct($name) { $this->name = $name; } public function getName() { return $this->name; } } abstract class Post { public function getAuthor() { return 'Johannes'; } } class BlogPost extends Post { public function getAuthor() { return new Author('Johannes'); } } class ForumPost extends Post { /* ... */ } function my_function(Post $post) { echo strtoupper($post->getAuthor()); } Our function `my_function` expects a `Post` object, and outputs the author of the post. The base class `Post` returns a simple string and outputting a simple string will work just fine. However, the child class `BlogPost` which is a sub-type of `Post` instead decided to return an `object`, and is therefore violating the SOLID principles. If a `BlogPost` were passed to `my_function`, PHP would not complain, but ultimately fail when executing the `strtoupper` call in its body. Loading history...
138	4		->serializer
139	4		->deserialize(
140	4		$message->getBody(),
141	4		$this->msgClass,
142	4		$this->format
143			);
144			}
145
146			/**
147			* @param AMQPMessageInterface $message
148			*/
149	4		private function logReceivedMessage(AMQPMessageInterface $message)
150			{
151	4		if (null !== $this->logger) {
152			// log message
153	4		$this->logger->info(
154	4		'Message received from SQL Consumer',
155			array(
156	4		'type' => $message->getType(),
157	4		'data' => $message->getData()
158			)
159			);
160			}
161	4		}
162
163			/**
164			* @param AMQPMessageInterface $message
165			* @param InvalidArgumentException $exception
166			*/
167	1	View Code Duplication	private function logMessageInvalid(AMQPMessageInterface $message, InvalidArgumentException $exception)
			0 ignored issues – show Duplication introduced 2016-05-03 20:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
168			{
169	1		if (null !== $this->logger) {
170	1		$this->logger->warning(
171	1		'Message invalid',
172			array(
173	1		'type' => $message->getType(),
174	1		'data' => $message->getData(),
175	1		'exception' => $exception
176			)
177			);
178			}
179	1		}
180
181			/**
182			* @param AMQPMessageInterface $message
183			* @param Exception $exception
184			*/
185	1	View Code Duplication	private function logMessageError(AMQPMessageInterface $message, Exception $exception)
			0 ignored issues – show Duplication introduced 2016-05-03 20:38 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
186			{
187	1		if (null !== $this->logger) {
188	1		$this->logger->error(
189	1		'Consumer SQL Exception',
190			array(
191	1		'type' => $message->getType(),
192	1		'data' => $message->getData(),
193	1		'exception' => $exception
194			)
195			);
196			}
197	1		}
198			}
199

florianajir / rabbitmq-sql-worker

Issues (73)

Security Analysis no request data

AMQP/SqlConsumer.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like