Issues in Context.php (master) - Issues in master - fwk/Core - Measure and Improve Code Quality continuously with Scrutinizer

Issues (104)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

Context.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Fwk
 *
 * Copyright (c) 2011-2012, Julien Ballestracci <[email protected]>.
 * All rights reserved.
 *
 * For the full copyright and license information, please view the LICENSE
 * file that was distributed with this source code.
 *
 * THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
 * "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
 * LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
 * FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
 * COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
 * INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
 * BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
 * LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
 * CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
 * LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
 * ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
 * POSSIBILITY OF SUCH DAMAGE.
 *
 * PHP Version 5.3
 *
 * @category  Core
 * @package   Fwk\Core
 * @author    Julien Ballestracci <[email protected]>
 * @copyright 2011-2012 Julien Ballestracci <[email protected]>
 * @license   http://www.opensource.org/licenses/bsd-license.php  BSD License
 * @link      http://www.phpfwk.com
 */
namespace Fwk\Core;

use Symfony\Component\HttpFoundation\Request,
    Symfony\Component\HttpFoundation\Response;

/**
 * Action Context
 *
 * This class represents the whole running context of a client's request. 
 * <pre>
 *          Client   -->    Request 
 *            :                |
 *            |     Context    |
 *            |                :
 *          Response   <--  Action
 * </pre>
 * 
 * @category   Core
 * @package    Fwk\Core
 * @author     Julien Ballestracci <[email protected]>
 * @license    http://www.opensource.org/licenses/bsd-license.php  BSD License
 * @link       http://www.phpfwk.com
 */
class Context
{
    const STATE_ERROR       = -1;
    const STATE_INIT        = 0;
    const STATE_READY       = 1;
    const STATE_EXECUTED    = 2;
    const STATE_DONE        = 3;

    /**
     * Client request
     * 
     * @var Request
     */
    protected $request;
    
    /**
     * Reponse to be sent to client
     * 
     * @var Response
     */
    protected $response;
    
    /**
     * Current state
     * 
     * @var integer
     */
    protected $state = self::STATE_INIT;
    
    /**
     * Description of current error
     * 
     * @var string
     */
    protected $error;
    
    /**
     * Action's result returned by executed method
     * (recommended: string)
     * 
     * @var mixed
     */
    protected $result;

    /**
     * The parent context (if any)
     * 
     * @var Context
     */
    protected $parent;
    
    /**
     * The action name
     * 
     * @var string
     */
    protected $actionName;
    
    /**
     * Constructor
     * 
     * @param Request  $request  Client's request
     * @param Response $response Pre-defined return response

     * 
     * @return void

     */
    public function __construct(Request $request, Response $response = null)
    {
        $this->request      = $request;
        $this->response     = $response;
    }

    /**
     * Returns client's request
     * 
     * @return Request
     */
    public function getRequest()
    {
        return $this->request;
    }

    /**
     * Returns Response if defined or null otherwise
     * 
     * @return Response
     */
    public function getResponse()
    {
        return $this->response;
    }

    /**
     * Returns parent context (if any)
     * 
     * @return Context
     */
    public function getParent()
    {
        return $this->parent;
    }

    /**
     * Defines a parent Context 
     * 
     * This usually happends when running multiples actions within a same 
     * request (modules, widgets ...)
     * 
     * @param Context $context The parent context
     * 
     * @return void
     */
    public function setParent(Context $context)
    {
        $this->parent = $context;
    }

    /**
     * Tells if a parent context is defined
     * 
     * @return boolean 
     */
    public function hasParent()
    {
        return ($this->parent instanceof Context);
    }

    /**
     * Returns a new parent Context
     * 
     * @return Context 
     */
    public function newParent()
    {
        $ctx = new self($this->request);
        $ctx->setParent($this);
        
        return $ctx;
    }
    
    /**
     * Tells if this context is ready (Action name is defined)
     * 
     * @return boolean
     */
    public function isReady()
    {
        return ($this->state >= self::STATE_READY);
    }

    /**
     * Tells if this context encountered an error 
     * 
     * @return boolean
     */
    public function isError()
    {
        return ($this->state === self::STATE_ERROR);
    }

    /**
     * Tells if the context has been executed
     * 
     * @return boolean
     */
    public function isExecuted()
    {
        return ($this->state >= self::STATE_EXECUTED);
    }

    /**
     * Tells if the context has ended execution and client's response 
     * has been defined
     * 
     * @return boolean 
     */
    public function isDone()
    {
        return ($this->state >= self::STATE_DONE);
    }

    /**
     * Sets a description of the error and toggle error state
     * 
     * @param string $description Error description
     * 
     * @see ContextEvents::ERROR
     * @return void
     */
    public function setError($description)
    {
        $this->error    = $description;
        $this->state    = self::STATE_ERROR;
    }

    /**
     * Returns the error description (if any)
     * 
     * @return string
     */
    public function getError()
    {
        return $this->error;
    }

    /**
     * Sets state to executed and store result
     * 
     * @param mixed $result Action's result (recommended: string)
     * 
     * @see ContextEvents::EXECUTED
     * @return void
     */
    public function setResult($result)
    {
        $this->state    = self::STATE_EXECUTED;
        $this->result   = $result;
    }

    /**
     * Defines response and sets state to Done.
     * 
     * @param Response $response Client response
     * 
     * @see ContextEvents::RESPONSE
     * @return void
     */
    public function setResponse(Response $response)
    {
        $this->state    = self::STATE_DONE;
        $this->response = $response;
    }
    
    /**
     *
     * @return integer
     */
    public function getState()
    {
        return $this->state;
    }

    /**
     *
     * @return mixed
     */
    public function getResult()
    {
        return $this->result;
    }
    
    public function getActionName()
    {
        return $this->actionName;
    }

    public function setActionName($actionName)
    {
        if ($actionName !== false) {
            $this->actionName = $actionName;
            if (!empty($actionName)) {
                $this->state = self::STATE_READY;
            }
        } else {
            $this->setError('No action found');
        }
    }
}

1		<?php
2		/**
3		* Fwk
4		*
5		* Copyright (c) 2011-2012, Julien Ballestracci <[email protected]>.
6		* All rights reserved.
7		*
8		* For the full copyright and license information, please view the LICENSE
9		* file that was distributed with this source code.
10		*
11		* THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
12		* "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
13		* LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS
14		* FOR A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE
15		* COPYRIGHT OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT,
16		* INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING,
17		* BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
18		* LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER
19		* CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
20		* LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN
21		* ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
22		* POSSIBILITY OF SUCH DAMAGE.
23		*
24		* PHP Version 5.3
25		*
26		* @category Core
27		* @package Fwk\Core
28		* @author Julien Ballestracci <[email protected]>
29		* @copyright 2011-2012 Julien Ballestracci <[email protected]>
30		* @license http://www.opensource.org/licenses/bsd-license.php BSD License
31		* @link http://www.phpfwk.com
32		*/
33		namespace Fwk\Core;
34
35		use Symfony\Component\HttpFoundation\Request,
36		Symfony\Component\HttpFoundation\Response;
37
38		/**
39		* Action Context
40		*
41		* This class represents the whole running context of a client's request.
42		* <pre>
43		* Client --> Request
44		* : \|
45		* \| Context \|
46		* \| :
47		* Response <-- Action
48		* </pre>
49		*
50		* @category Core
51		* @package Fwk\Core
52		* @author Julien Ballestracci <[email protected]>
53		* @license http://www.opensource.org/licenses/bsd-license.php BSD License
54		* @link http://www.phpfwk.com
55		*/
56		class Context
57		{
58		const STATE_ERROR = -1;
59		const STATE_INIT = 0;
60		const STATE_READY = 1;
61		const STATE_EXECUTED = 2;
62		const STATE_DONE = 3;
63
64		/**
65		* Client request
66		*
67		* @var Request
68		*/
69		protected $request;
70
71		/**
72		* Reponse to be sent to client
73		*
74		* @var Response
75		*/
76		protected $response;
77
78		/**
79		* Current state
80		*
81		* @var integer
82		*/
83		protected $state = self::STATE_INIT;
84
85		/**
86		* Description of current error
87		*
88		* @var string
89		*/
90		protected $error;
91
92		/**
93		* Action's result returned by executed method
94		* (recommended: string)
95		*
96		* @var mixed
97		*/
98		protected $result;
99
100		/**
101		* The parent context (if any)
102		*
103		* @var Context
104		*/
105		protected $parent;
106
107		/**
108		* The action name
109		*
110		* @var string
111		*/
112		protected $actionName;
113
114		/**
115		* Constructor
116		*
117		* @param Request $request Client's request
118		* @param Response $response Pre-defined return response
		0 ignored issues – show Documentation introduced 2016-06-03 12:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$response` not be `null\|Response`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
119		*
120		* @return void
		0 ignored issues – show Comprehensibility Best Practice introduced 2016-06-03 12:37 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
121		*/
122	37	public function __construct(Request $request, Response $response = null)
123		{
124	37	$this->request = $request;
125	37	$this->response = $response;
126	37	}
127
128		/**
129		* Returns client's request
130		*
131		* @return Request
132		*/
133	26	public function getRequest()
134		{
135	26	return $this->request;
136		}
137
138		/**
139		* Returns Response if defined or null otherwise
140		*
141		* @return Response
142		*/
143	23	public function getResponse()
144		{
145	23	return $this->response;
146		}
147
148		/**
149		* Returns parent context (if any)
150		*
151		* @return Context
152		*/
153	1	public function getParent()
154		{
155	1	return $this->parent;
156		}
157
158		/**
159		* Defines a parent Context
160		*
161		* This usually happends when running multiples actions within a same
162		* request (modules, widgets ...)
163		*
164		* @param Context $context The parent context
165		*
166		* @return void
167		*/
168	1	public function setParent(Context $context)
169		{
170	1	$this->parent = $context;
171	1	}
172
173		/**
174		* Tells if a parent context is defined
175		*
176		* @return boolean
177		*/
178	6	public function hasParent()
179		{
180	6	return ($this->parent instanceof Context);
181		}
182
183		/**
184		* Returns a new parent Context
185		*
186		* @return Context
187		*/
188	1	public function newParent()
189		{
190	1	$ctx = new self($this->request);
191	1	$ctx->setParent($this);
192
193	1	return $ctx;
194		}
195
196		/**
197		* Tells if this context is ready (Action name is defined)
198		*
199		* @return boolean
200		*/
201	26	public function isReady()
202		{
203	26	return ($this->state >= self::STATE_READY);
204		}
205
206		/**
207		* Tells if this context encountered an error
208		*
209		* @return boolean
210		*/
211	3	public function isError()
212		{
213	3	return ($this->state === self::STATE_ERROR);
214		}
215
216		/**
217		* Tells if the context has been executed
218		*
219		* @return boolean
220		*/
221	1	public function isExecuted()
222		{
223	1	return ($this->state >= self::STATE_EXECUTED);
224		}
225
226		/**
227		* Tells if the context has ended execution and client's response
228		* has been defined
229		*
230		* @return boolean
231		*/
232	23	public function isDone()
233		{
234	23	return ($this->state >= self::STATE_DONE);
235		}
236
237		/**
238		* Sets a description of the error and toggle error state
239		*
240		* @param string $description Error description
241		*
242		* @see ContextEvents::ERROR
243		* @return void
244		*/
245	5	public function setError($description)
246		{
247	5	$this->error = $description;
248	5	$this->state = self::STATE_ERROR;
249	5	}
250
251		/**
252		* Returns the error description (if any)
253		*
254		* @return string
255		*/
256	1	public function getError()
257		{
258	1	return $this->error;
259		}
260
261		/**
262		* Sets state to executed and store result
263		*
264		* @param mixed $result Action's result (recommended: string)
265		*
266		* @see ContextEvents::EXECUTED
267		* @return void
268		*/
269	24	public function setResult($result)
270		{
271	24	$this->state = self::STATE_EXECUTED;
272	24	$this->result = $result;
273	24	}
274
275		/**
276		* Defines response and sets state to Done.
277		*
278		* @param Response $response Client response
279		*
280		* @see ContextEvents::RESPONSE
281		* @return void
282		*/
283	18	public function setResponse(Response $response)
284		{
285	18	$this->state = self::STATE_DONE;
286	18	$this->response = $response;
287	18	}
288
289		/**
290		*
291		* @return integer
292		*/
293	2	public function getState()
294		{
295	2	return $this->state;
296		}
297
298		/**
299		*
300		* @return mixed
301		*/
302	10	public function getResult()
303		{
304	10	return $this->result;
305		}
306
307	26	public function getActionName()
308		{
309	26	return $this->actionName;
310		}
311
312	28	public function setActionName($actionName)
313		{
314	28	if ($actionName !== false) {
315	26	$this->actionName = $actionName;
316	26	if (!empty($actionName)) {
317	26	$this->state = self::STATE_READY;
318	26	}
319	26	} else {
320	4	$this->setError('No action found');
321		}
322		}
323		}

fwk / Core

Issues (104)

Security Analysis not enabled

Context.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like