Issues in Entry.php (master) - Issues in master - fwk/Db - Measure and Improve Code Quality continuously with Scrutinizer

Issues (180)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Registry/Entry.php (4 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Fwk\Db\Registry;

use \ArrayAccess;
use Fwk\Db\Accessor;
use \InvalidArgumentException;

/**
 */
class Entry implements ArrayAccess
{
    /**
     * Object identifiers keys
     *
     * @var array
     */
    protected $identifiers = array();

    /**
     * Registry state of the object
     *
     * @var int
     */
    protected $state = RegistryState::UNKNOWN;

    /**
     * Initial object values
     *
     * @var array
     */
    protected $initialValues = array();

    /**
     * @var integer
     */
    protected $storeTs = null;

    /**
     * @var integer
     */
    protected $stateTs = null;

    /**
     * @var integer
     */
    protected $actionTs = null;

    /**
     * The action to happend (if any)
     *
     * @var string
     */
    protected $action = null;

    /**
     * Action priority
     *
     * @var integer
     */
    protected $actionPriority;

    /**
     * The stored object
     *
     * @var mixed
     */
    protected $object;

    /**
     * Class name of the stored object
     *
     * @var string
     */
    protected $className;

    /**
     * Extra data associated with the stored object
     *
     * @var array
     */
    protected $data = array();

    /**
     * Constructor
     *
     * @param mixed $object
     * @param array $ids
     * @param int   $state
     * @param array $data
     *
     * @return void

     * @throws InvalidArgumentException if $object is not an object
     */
    public function __construct($object, array $ids = array(), $state = RegistryState::UNKNOWN, array $data = array())
    {
        if (!is_object($object)) {
            throw new InvalidArgumentException('value is not an object');
        }

        ksort($ids);
        if (!count($ids)) {
            $ids = array('%hash%' => Accessor::factory($object)->hashCode());
        }

        $this->object       =& $object;
        $this->identifiers  = $ids;
        $this->storeTs      = time();
        $this->state        = $state;
        $this->stateTs      = time();
        $this->className    = ltrim(get_class($object), '\\');
        $this->data         = $data;

        if ($this->isState(RegistryState::FRESH)) {
            // object stored as "fresh" -> define initial values
            $this->fresh();
        }
    }

    /**
     * State comparision
     *
     * @param integer $state
     *
     * @return boolean
     */
    public function isState($state)
    {
        return $this->state === $state;
    }

    /**
     * Changes current state
     *
     * @param integer $state
     *
     * @return Entry
     */
    public function setState($state)
    {
        $this->state    = $state;
        $this->stateTs  = time();

        return $this;
    }

    /**
     * Returns the state of the object
     *
     * @return integer
     */
    public function getState()
    {
        return $this->state;
    }

    /**
     * Returns the date of the current state
     *
     * @return \DateTime
     */
    public function getStateDate()
    {
        $date = new \DateTime();
        $date->setTimestamp($this->stateTs);

        return $date;
    }

    /**
     * Returns the date of the storage
     *
     * @return \DateTime
     */
    public function getStoreDate()
    {
        $date = new \DateTime();
        $date->setTimestamp($this->storeTs);

        return $date;
    }

    /**
     * Defines initial values of the object and mark it as "fresh"
     *
     * @return Entry
     */
    public function fresh()
    {
        $accessor               = new Accessor($this->object);
        $this->initialValues    = $accessor->toArray(array($accessor, 'everythingAsArrayModifier'));

        $this->setState(RegistryState::FRESH);

        return $this;
    }

    /**
     * Test this Entry against identifiers and className
     *
     * @param array $identifiers
     * @param string $className

     *
     * @return boolean
     */
    public function match(array $identifiers, $className = null)

    {
        ksort($identifiers);

        if ($identifiers === $this->identifiers) {
            if (null !== $className && $this->className == ltrim($className, '\\')) {
                return true;
            } elseif (null === $className) {
                return true;
            }
            return false;
        }

        return false;
    }

    /**
     * Test this Entry against an object instance
     *
     * @param mixed $object
     *
     * @return boolean
     */
    public function matchObject($object)

    {
        return $this->object === $object;
    }

    /**
     * Tells if the objects values has been changed
     *
     * @return boolean
     */
    public function hasChanged()
    {
        if ($this->isState(RegistryState::CHANGED)) {
            return true;
        }

        if (!$this->isState(RegistryState::FRESH)) {
            return false;
        }

        $accessor   = new Accessor($this->object);
        $values     = $accessor->toArray(array($accessor, 'everythingAsArrayModifier'));
        $diff       = array_diff_assoc($this->initialValues, $values);

        if (!count($diff)) {
            return false;
        }

        $this->setState(RegistryState::CHANGED);

        return true;
    }

    /**
     * Returns an array of changed values
     *
     * @return array
     */
    public function getChangedValues()
    {
        $accessor   = new Accessor($this->object);
        $values     = $accessor->toArray(array($accessor, 'everythingAsArrayModifier'));

        $diff       = array();
        foreach ($values as $key => $val) {
            if(!isset($this->initialValues[$key]) || $this->initialValues[$key] !== $val) {
                $diff[$key] = $val;
            }
        }

        if (count($diff) && $this->isState(RegistryState::FRESH)) {
            $this->setState(RegistryState::CHANGED);
        }

        return $diff;
    }

    /**
     * Tells if an action is defined
     *
     * @return boolean
     */
    public function hasAction()
    {
        return !empty($this->action);
    }

    /**
     * Defines an action
     *
     * @param string $action
     *
     * @return Entry
     */
    public function setAction($action, $priority)
    {
        $this->action           = $action;
        $this->actionTs         = time();
        $this->actionPriority   = $priority;

        return $this;
    }

    /**
     * Returns the defined action if any, or null
     *
     * @return string|null
     */
    public function getAction()
    {
        return $this->action;
    }

    /**
     *
     * @return integer
     */
    public function getActionPriority()
    {
        return $this->actionPriority;
    }

    /**
     * Getter for associated data
     *
     * @param string $key
     * @param mixed  $default
     *
     * @return mixed|null
     */
    public function data($key, $default = false)
    {
        if (!array_key_exists($key, $this->data) && $default != false) {
            $this->data[$key] = $default;
        }

        return array_key_exists($key, $this->data) ? $this->data[$key] : $default;
    }

    /**
     * Merge datas with the existing ones
     *
     * @param array $data
     *
     * @return Entry
     */
    public function mergeData(array $data)
    {
        $this->data = array_merge($this->data, $data);

        return $this;
    }

    /**
     * Factory method
     *
     * @param mixed $object
     * @param array $ids
     * @param int   $state
     * @param array $data
     *
     * @return Entry
     */
    public static function factory($object, array $ids = array(), $state = RegistryState::UNKNOWN, array $data = array())
    {
        return new self($object, $ids, $state, $data);
    }

    /**
     * (PHP 5 &gt;= 5.0.0)<br/>
     * Whether a offset exists
     * @link http://php.net/manual/en/arrayaccess.offsetexists.php
     * @param mixed $offset <p>
     * An offset to check for.
     * </p>
     * @return boolean true on success or false on failure.
     * </p>
     * <p>
     * The return value will be casted to boolean if non-boolean was returned.
     */
    public function offsetExists($offset)
    {
        return array_key_exists($offset, $this->data);
    }

    /**
     * (PHP 5 &gt;= 5.0.0)<br/>
     * Offset to retrieve
     * @link http://php.net/manual/en/arrayaccess.offsetget.php
     * @param mixed $offset <p>
     * The offset to retrieve.
     * </p>
     * @return mixed Can return all value types.
     */
    public function offsetGet($offset)
    {
        return array_key_exists($offset, $this->data) ? $this->data[$offset] : null;
    }

    /**
     * (PHP 5 &gt;= 5.0.0)<br/>
     * Offset to set
     * @link http://php.net/manual/en/arrayaccess.offsetset.php
     * @param mixed $offset <p>
     * The offset to assign the value to.
     * </p>
     * @param mixed $value <p>
     * The value to set.
     * </p>
     * @return void
     */
    public function offsetSet($offset, $value)
    {
        $this->data[$offset] = $value;
    }

    /**
     * (PHP 5 &gt;= 5.0.0)<br/>
     * Offset to unset
     * @link http://php.net/manual/en/arrayaccess.offsetunset.php
     * @param mixed $offset <p>
     * The offset to unset.
     * </p>
     * @return void
     */
    public function offsetUnset($offset)
    {
        unset($this->data[$offset]);
    }

    /**
     * Returns the stored object
     *
     * @return mixed
     */
    public function getObject()
    {
        return $this->object;
    }

    /**
     * String representation of the Entry
     *
     * @return string
     */
    public function __toString()
    {
        return get_class($this) . '@' . spl_object_hash($this);
    }

    /**
     * @return array
     */
    public function getIdentifiers()
    {
        return $this->identifiers;
    }

    /**
     * @param array $identifiers
     *
     * @return Entry
     */
    public function setIdentifiers(array $identifiers)
    {
        $this->identifiers = $identifiers;

        return $this;
    }
}

1			<?php
2			namespace Fwk\Db\Registry;
3
4			use \ArrayAccess;
5			use Fwk\Db\Accessor;
6			use \InvalidArgumentException;
7
8			/**
9			*/
10			class Entry implements ArrayAccess
11			{
12			/**
13			* Object identifiers keys
14			*
15			* @var array
16			*/
17			protected $identifiers = array();
18
19			/**
20			* Registry state of the object
21			*
22			* @var int
23			*/
24			protected $state = RegistryState::UNKNOWN;
25
26			/**
27			* Initial object values
28			*
29			* @var array
30			*/
31			protected $initialValues = array();
32
33			/**
34			* @var integer
35			*/
36			protected $storeTs = null;
37
38			/**
39			* @var integer
40			*/
41			protected $stateTs = null;
42
43			/**
44			* @var integer
45			*/
46			protected $actionTs = null;
47
48			/**
49			* The action to happend (if any)
50			*
51			* @var string
52			*/
53			protected $action = null;
54
55			/**
56			* Action priority
57			*
58			* @var integer
59			*/
60			protected $actionPriority;
61
62			/**
63			* The stored object
64			*
65			* @var mixed
66			*/
67			protected $object;
68
69			/**
70			* Class name of the stored object
71			*
72			* @var string
73			*/
74			protected $className;
75
76			/**
77			* Extra data associated with the stored object
78			*
79			* @var array
80			*/
81			protected $data = array();
82
83			/**
84			* Constructor
85			*
86			* @param mixed $object
87			* @param array $ids
88			* @param int $state
89			* @param array $data
90			*
91			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2016-05-31 23:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
92			* @throws InvalidArgumentException if $object is not an object
93			*/
94			public function __construct($object, array $ids = array(), $state = RegistryState::UNKNOWN, array $data = array())
95			{
96			if (!is_object($object)) {
97			throw new InvalidArgumentException('value is not an object');
98			}
99
100			ksort($ids);
101			if (!count($ids)) {
102			$ids = array('%hash%' => Accessor::factory($object)->hashCode());
103			}
104
105			$this->object =& $object;
106			$this->identifiers = $ids;
107			$this->storeTs = time();
108			$this->state = $state;
109			$this->stateTs = time();
110			$this->className = ltrim(get_class($object), '\\');
111			$this->data = $data;
112
113			if ($this->isState(RegistryState::FRESH)) {
114			// object stored as "fresh" -> define initial values
115			$this->fresh();
116			}
117			}
118
119			/**
120			* State comparision
121			*
122			* @param integer $state
123			*
124			* @return boolean
125			*/
126			public function isState($state)
127			{
128			return $this->state === $state;
129			}
130
131			/**
132			* Changes current state
133			*
134			* @param integer $state
135			*
136			* @return Entry
137			*/
138			public function setState($state)
139			{
140			$this->state = $state;
141			$this->stateTs = time();
142
143			return $this;
144			}
145
146			/**
147			* Returns the state of the object
148			*
149			* @return integer
150			*/
151			public function getState()
152			{
153			return $this->state;
154			}
155
156			/**
157			* Returns the date of the current state
158			*
159			* @return \DateTime
160			*/
161			public function getStateDate()
162			{
163			$date = new \DateTime();
164			$date->setTimestamp($this->stateTs);
165
166			return $date;
167			}
168
169			/**
170			* Returns the date of the storage
171			*
172			* @return \DateTime
173			*/
174			public function getStoreDate()
175			{
176			$date = new \DateTime();
177			$date->setTimestamp($this->storeTs);
178
179			return $date;
180			}
181
182			/**
183			* Defines initial values of the object and mark it as "fresh"
184			*
185			* @return Entry
186			*/
187			public function fresh()
188			{
189			$accessor = new Accessor($this->object);
190			$this->initialValues = $accessor->toArray(array($accessor, 'everythingAsArrayModifier'));
191
192			$this->setState(RegistryState::FRESH);
193
194			return $this;
195			}
196
197			/**
198			* Test this Entry against identifiers and className
199			*
200			* @param array $identifiers
201			* @param string $className
			0 ignored issues – show Documentation introduced 2016-05-31 23:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this Should the type for parameter `$className` not be `string\|null`? This check looks for `@param` annotations where the type inferred by our type inference engine differs from the declared type. It makes a suggestion as to what type it considers more descriptive. Most often this is a case of a parameter that can be null in addition to its declared types. Loading history...
202			*
203			* @return boolean
204			*/
205			public function match(array $identifiers, $className = null)
			0 ignored issues – show Coding Style introduced 2016-05-31 23:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function match()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|su...ster\|unregister\|exists)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
206			{
207			ksort($identifiers);
208
209			if ($identifiers === $this->identifiers) {
210			if (null !== $className && $this->className == ltrim($className, '\\')) {
211			return true;
212			} elseif (null === $className) {
213			return true;
214			}
215			return false;
216			}
217
218			return false;
219			}
220
221			/**
222			* Test this Entry against an object instance
223			*
224			* @param mixed $object
225			*
226			* @return boolean
227			*/
228			public function matchObject($object)
			0 ignored issues – show Coding Style introduced 2016-05-31 23:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this `function matchObject()` does not seem to conform to the naming convention (`^(?:is\|has\|should\|may\|su...ster\|unregister\|exists)`). This check examines a number of code elements and verifies that they conform to the given naming conventions. You can set conventions for local variables, abstract classes, utility classes, constant, properties, methods, parameters, interfaces, classes, exceptions and special methods. Loading history...
229			{
230			return $this->object === $object;
231			}
232
233			/**
234			* Tells if the objects values has been changed
235			*
236			* @return boolean
237			*/
238			public function hasChanged()
239			{
240			if ($this->isState(RegistryState::CHANGED)) {
241			return true;
242			}
243
244			if (!$this->isState(RegistryState::FRESH)) {
245			return false;
246			}
247
248			$accessor = new Accessor($this->object);
249			$values = $accessor->toArray(array($accessor, 'everythingAsArrayModifier'));
250			$diff = array_diff_assoc($this->initialValues, $values);
251
252			if (!count($diff)) {
253			return false;
254			}
255
256			$this->setState(RegistryState::CHANGED);
257
258			return true;
259			}
260
261			/**
262			* Returns an array of changed values
263			*
264			* @return array
265			*/
266			public function getChangedValues()
267			{
268			$accessor = new Accessor($this->object);
269			$values = $accessor->toArray(array($accessor, 'everythingAsArrayModifier'));
270
271			$diff = array();
272			foreach ($values as $key => $val) {
273			if(!isset($this->initialValues[$key]) \|\| $this->initialValues[$key] !== $val) {
274			$diff[$key] = $val;
275			}
276			}
277
278			if (count($diff) && $this->isState(RegistryState::FRESH)) {
279			$this->setState(RegistryState::CHANGED);
280			}
281
282			return $diff;
283			}
284
285			/**
286			* Tells if an action is defined
287			*
288			* @return boolean
289			*/
290			public function hasAction()
291			{
292			return !empty($this->action);
293			}
294
295			/**
296			* Defines an action
297			*
298			* @param string $action
299			*
300			* @return Entry
301			*/
302			public function setAction($action, $priority)
303			{
304			$this->action = $action;
305			$this->actionTs = time();
306			$this->actionPriority = $priority;
307
308			return $this;
309			}
310
311			/**
312			* Returns the defined action if any, or null
313			*
314			* @return string\|null
315			*/
316			public function getAction()
317			{
318			return $this->action;
319			}
320
321			/**
322			*
323			* @return integer
324			*/
325			public function getActionPriority()
326			{
327			return $this->actionPriority;
328			}
329
330			/**
331			* Getter for associated data
332			*
333			* @param string $key
334			* @param mixed $default
335			*
336			* @return mixed\|null
337			*/
338			public function data($key, $default = false)
339			{
340			if (!array_key_exists($key, $this->data) && $default != false) {
341			$this->data[$key] = $default;
342			}
343
344			return array_key_exists($key, $this->data) ? $this->data[$key] : $default;
345			}
346
347			/**
348			* Merge datas with the existing ones
349			*
350			* @param array $data
351			*
352			* @return Entry
353			*/
354			public function mergeData(array $data)
355			{
356			$this->data = array_merge($this->data, $data);
357
358			return $this;
359			}
360
361			/**
362			* Factory method
363			*
364			* @param mixed $object
365			* @param array $ids
366			* @param int $state
367			* @param array $data
368			*
369			* @return Entry
370			*/
371			public static function factory($object, array $ids = array(), $state = RegistryState::UNKNOWN, array $data = array())
372			{
373			return new self($object, $ids, $state, $data);
374			}
375
376			/**
377			* (PHP 5 >= 5.0.0)<br/>
378			* Whether a offset exists
379			* @link http://php.net/manual/en/arrayaccess.offsetexists.php
380			* @param mixed $offset <p>
381			* An offset to check for.
382			* </p>
383			* @return boolean true on success or false on failure.
384			* </p>
385			* <p>
386			* The return value will be casted to boolean if non-boolean was returned.
387			*/
388			public function offsetExists($offset)
389			{
390			return array_key_exists($offset, $this->data);
391			}
392
393			/**
394			* (PHP 5 >= 5.0.0)<br/>
395			* Offset to retrieve
396			* @link http://php.net/manual/en/arrayaccess.offsetget.php
397			* @param mixed $offset <p>
398			* The offset to retrieve.
399			* </p>
400			* @return mixed Can return all value types.
401			*/
402			public function offsetGet($offset)
403			{
404			return array_key_exists($offset, $this->data) ? $this->data[$offset] : null;
405			}
406
407			/**
408			* (PHP 5 >= 5.0.0)<br/>
409			* Offset to set
410			* @link http://php.net/manual/en/arrayaccess.offsetset.php
411			* @param mixed $offset <p>
412			* The offset to assign the value to.
413			* </p>
414			* @param mixed $value <p>
415			* The value to set.
416			* </p>
417			* @return void
418			*/
419			public function offsetSet($offset, $value)
420			{
421			$this->data[$offset] = $value;
422			}
423
424			/**
425			* (PHP 5 >= 5.0.0)<br/>
426			* Offset to unset
427			* @link http://php.net/manual/en/arrayaccess.offsetunset.php
428			* @param mixed $offset <p>
429			* The offset to unset.
430			* </p>
431			* @return void
432			*/
433			public function offsetUnset($offset)
434			{
435			unset($this->data[$offset]);
436			}
437
438			/**
439			* Returns the stored object
440			*
441			* @return mixed
442			*/
443			public function getObject()
444			{
445			return $this->object;
446			}
447
448			/**
449			* String representation of the Entry
450			*
451			* @return string
452			*/
453			public function __toString()
454			{
455			return get_class($this) . '@' . spl_object_hash($this);
456			}
457
458			/**
459			* @return array
460			*/
461			public function getIdentifiers()
462			{
463			return $this->identifiers;
464			}
465
466			/**
467			* @param array $identifiers
468			*
469			* @return Entry
470			*/
471			public function setIdentifiers(array $identifiers)
472			{
473			$this->identifiers = $identifiers;
474
475			return $this;
476			}
477			}

fwk / Db

Issues (180)

Security Analysis no request data

src/Registry/Entry.php (4 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like