Issues in Item.php (master) - Issues in master - frqnck/apix-cache - Measure and Improve Code Quality continuously with Scrutinizer

Issues (36)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/PsrCache/Item.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

/**
 *
 * This file is part of the Apix Project.
 *
 * (c) Franck Cassedanne <franck at ouarz.net>
 *
 * @license     http://opensource.org/licenses/BSD-3-Clause  New BSD License
 *
 */

namespace Apix\Cache\PsrCache;

use Psr\Cache\CacheItemInterface as ItemInterface;
use Psr\Cache\CacheItemPoolInterface as ItemPoolInterface;

class Item implements ItemInterface
{
    const DEFAULT_EXPIRATION = 'now +1 year';

    /**
     * The cache key for the item.
     * @var string
     */
    protected $key;

    /**
     * The raw (unserialized) cached value.
     * @var mixed
     */
    protected $value;

    /**
     * Wether the item has been saved to the cache yet.
     * @var bool
     */
    protected $hit = false;

    /**
     * The expiration date.
     * @var \DateTime
     */
    protected $expiration;

    /**
     * Constructs a new Item.
     * You should never use this directly. It is used internally to create items
     * from the pool.
     * @param string                 $key   The item key
     * @param mixed                  $value The item value (unserialized)
     * @param \DateTime|integer|null $ttl
     * @param bool                   $hit   Was this item retrived from cache?
     */
    public function __construct($key, $value = null, $ttl = null, $hit = false)
    {
        $this->key = self::normalizedKey($key);
        $this->value = $value;
        $this->hit = $hit;
        $this->expiresAt($ttl);

    }

    /**
     * Returns a normalised key.
     *
     * @return string
     */
    public static function normalizedKey($key)
    {
        if (!is_string($key) || empty($key) || strpbrk($key, '{}()/\@:') ) {
            throw new InvalidArgumentException(
                'Item key (' . var_export($key, true) . ') is invalid.'
            );
        }

        return $key;
    }

    /**
     * {@inheritdoc}
     */
    public function getKey()
    {
        return $this->key;
    }

    /**
     * {@inheritdoc}
     */
    public function get()
    {
        return $this->hit ? $this->value : null;
    }

    /**
     * {@inheritdoc}
     */
    public function set($value = null)
    {
        $this->value = $value;
        $this->hit = false;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function isHit()
    {
        return $this->hit && $this->getTtlInSecond() > 0;
    }

    /**
     * {@inheritdoc}
     */
    public function getExpiration()
    {
        return $this->expiration;
    }

    /**
     * Returns the time to live in second.
     *
     * @return integer
     */
    public function getTtlInSecond()
    {
        return $this->expiration->format('U') - time();
    }

    /**
     * Sets the cache hit for this item.
     *
     * @param  boolean $hit
     * @return static The invoked object.
     */
    public function setHit($hit)
    {
        $this->hit = (bool) $hit;

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function expiresAt($expiration = null)

    {
        if ($expiration instanceof \DateTime) {
            $this->expiration = $expiration;

        } elseif (is_int($expiration)) {
            $this->expiration = new \DateTime(
                'now +' . $expiration . ' seconds'
            );

        } elseif (null === $expiration) {
            $this->expiration = new \DateTime(self::DEFAULT_EXPIRATION);

        } else {

            throw new InvalidArgumentException(
                'Integer or \DateTime object expected.'
            );
        }

        return $this;
    }

    /**
     * {@inheritdoc}
     */
    public function expiresAfter($time)

    {
        if ($time instanceof \DateInterval) {
            $this->expiration = new \DateTime();
            $this->expiration->add($time);

        } elseif (is_int($time)) {
            $this->expiration = new \DateTime('now +' . $time . ' seconds');

        } elseif (null === $time) {
            $this->expiration = new \DateTime(self::DEFAULT_EXPIRATION);

        } else {

            throw new InvalidArgumentException(
                'Integer or \DateInterval object expected.'
            );
        }

        return $this;
    }

    /**
     * Returns the item value.
     *
     * @return string
     */
    public function __toString()
    {
        return $this->value;
    }

}


1			<?php
2
3			/**
4			*
5			* This file is part of the Apix Project.
6			*
7			* (c) Franck Cassedanne <franck at ouarz.net>
8			*
9			* @license http://opensource.org/licenses/BSD-3-Clause New BSD License
10			*
11			*/
12
13			namespace Apix\Cache\PsrCache;
14
15			use Psr\Cache\CacheItemInterface as ItemInterface;
16			use Psr\Cache\CacheItemPoolInterface as ItemPoolInterface;
17
18			class Item implements ItemInterface
19			{
20			const DEFAULT_EXPIRATION = 'now +1 year';
21
22			/**
23			* The cache key for the item.
24			* @var string
25			*/
26			protected $key;
27
28			/**
29			* The raw (unserialized) cached value.
30			* @var mixed
31			*/
32			protected $value;
33
34			/**
35			* Wether the item has been saved to the cache yet.
36			* @var bool
37			*/
38			protected $hit = false;
39
40			/**
41			* The expiration date.
42			* @var \DateTime
43			*/
44			protected $expiration;
45
46			/**
47			* Constructs a new Item.
48			* You should never use this directly. It is used internally to create items
49			* from the pool.
50			* @param string $key The item key
51			* @param mixed $value The item value (unserialized)
52			* @param \DateTime\|integer\|null $ttl
53			* @param bool $hit Was this item retrived from cache?
54			*/
55			public function __construct($key, $value = null, $ttl = null, $hit = false)
56			{
57			$this->key = self::normalizedKey($key);
58			$this->value = $value;
59			$this->hit = $hit;
60			$this->expiresAt($ttl);
			0 ignored issues – show Bug introduced 2016-06-20 14:05 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$ttl` defined by parameter `$ttl` on line 55 can also be of type `integer` or `object<DateTime>`; however, `Apix\Cache\PsrCache\Item::expiresAt()` does only seem to accept `object<DateTimeInterface>\|null`, maybe add an additional type check? This check looks at variables that have been passed in as parameters and are passed out again to other methods. If the outgoing method call has stricter type requirements than the method itself, an issue is raised. An additional type check may prevent trouble. Loading history...
61	1037		}
62
63	1037		/**
64	34		* Returns a normalised key.
65			*
66	34		* @return string
67			*/
68	1037		public static function normalizedKey($key)
69	1037		{
70	1037		if (!is_string($key) \|\| empty($key) \|\| strpbrk($key, '{}()/\@:') ) {
71	1037		throw new InvalidArgumentException(
72	1037		'Item key (' . var_export($key, true) . ') is invalid.'
73			);
74			}
75
76			return $key;
77	459		}
78
79	459		/**
80			* {@inheritdoc}
81			*/
82			public function getKey()
83			{
84			return $this->key;
85	493		}
86
87	493		/**
88			* {@inheritdoc}
89			*/
90			public function get()
91			{
92			return $this->hit ? $this->value : null;
93	425		}
94
95	425		/**
96	425		* {@inheritdoc}
97			*/
98	425		public function set($value = null)
99			{
100			$this->value = $value;
101			$this->hit = false;
102
103			return $this;
104	493		}
105
106	493		/**
107			* {@inheritdoc}
108			*/
109			public function isHit()
110			{
111			return $this->hit && $this->getTtlInSecond() > 0;
112			}
113
114			/**
115			* {@inheritdoc}
116			*/
117			public function getExpiration()
118			{
119			return $this->expiration;
120			}
121
122			/**
123			* Returns the time to live in second.
124			*
125			* @return integer
126			*/
127			public function getTtlInSecond()
128			{
129			return $this->expiration->format('U') - time();
130			}
131
132			/**
133			* Sets the cache hit for this item.
134			*
135			* @param boolean $hit
136			* @return static The invoked object.
137			*/
138			public function setHit($hit)
139			{
140			$this->hit = (bool) $hit;
141
142			return $this;
143			}
144	272
145			/**
146	272		* {@inheritdoc}
147			*/
148		View Code Duplication	public function expiresAt($expiration = null)
			0 ignored issues – show Duplication introduced 2016-01-06 16:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
149			{
150			if ($expiration instanceof \DateTime) {
151			$this->expiration = $expiration;
152
153			} elseif (is_int($expiration)) {
154	493		$this->expiration = new \DateTime(
155			'now +' . $expiration . ' seconds'
156	493		);
157
158			} elseif (null === $expiration) {
159			$this->expiration = new \DateTime(self::DEFAULT_EXPIRATION);
160
161			} else {
162
163			throw new InvalidArgumentException(
164			'Integer or \DateTime object expected.'
165			);
166	425		}
167
168	425		return $this;
169			}
170	425
171			/**
172			* {@inheritdoc}
173			*/
174		View Code Duplication	public function expiresAfter($time)
			0 ignored issues – show Duplication introduced 2016-01-05 18:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
175			{
176	1037		if ($time instanceof \DateInterval) {
177			$this->expiration = new \DateTime();
178	1037		$this->expiration->add($time);
179	68
180			} elseif (is_int($time)) {
181	1037		$this->expiration = new \DateTime('now +' . $time . ' seconds');
182	221
183	221		} elseif (null === $time) {
184	221		$this->expiration = new \DateTime(self::DEFAULT_EXPIRATION);
185
186	1037		} else {
187	1037
188			throw new InvalidArgumentException(
189	1037		'Integer or \DateInterval object expected.'
190			);
191	34		}
192
193	34		return $this;
194			}
195
196	1037		/**
197			* Returns the item value.
198			*
199			* @return string
200			*/
201			public function __toString()
202	170		{
203			return $this->value;
204	170		}
205	34
206			}
207

frqnck / apix-cache

Issues (36)

Security Analysis no request data

src/PsrCache/Item.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like