Issues in fwolflib.php (master) - Issues in master - fwolf/fwlib - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1752)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

class/fwolflib.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * @package		fwolflib
 * @subpackage	class
 * @copyright	Copyright © 2010, Fwolf
 * @author		Fwolf <[email protected]>
 * @since		2010-01-30
 */


require_once(dirname(__FILE__) . '/../fwolflib.php');
require_once(FWOLFLIB . 'func/env.php');


/**
 * Basic class of all.
 *
 * Log included.
 *
 * @deprecated  Use classes in Fwlib namespace, see PSR-0/1/2
 * @package		fwolflib
 * @subpackage	class
 * @copyright	Copyright © 2010, Fwolf
 * @author		Fwolf <[email protected]>
 * @since		2010-01-30
 */
class Fwolflib {

	/**
	 * Configuation
	 *
	 * Notice: re-define var in sub-class will overwrite var in parent class.
	 * @var	array
	 */
	public $aCfg = array();

	/**
	 * Default time format
	 * @var	string
	 */
	public $sFormatTime = 'Y-m-d H:i:s';

	/**
	 * Log msg.
	 *
	 * Log level 5(or 4) can be used as error or warning.
	 *
	 * array(
	 * 	i	=> array(
	 * 		level	=> 1/notice, 3/common, 5/imortant
	 * 			Can also be 2 or 4, even 1.5(not suggested),
	 * 			Default is 3.
	 * 		time	=>
	 * 		msg		=>
	 * 	)
	 * )
	 *
	 * @var	array
	 */
	public $aLog = array();


	/**
	 * constructor
	 *
	 * @param	array	$ar_cfg
	 */
	public function __construct ($ar_cfg = array()) {
		$this->SetCfgDefault();
		if (!empty($ar_cfg))
			$this->SetCfg($ar_cfg);
		$this->Init();
	} // end of func __construct


	/**
	 * Dummy destructor
	 */
	public function __destruct () {
	} // end of func __destruct


	/**
	 * Auto new obj if not set, for some special var only
	 *
	 * @param	string	$name
	 * @return	object
	 */
	public function __get ($name) {

		if ('o' == $name{0}) {
			$s_func = 'NewObj' . substr($name, 1);
			if (method_exists($this, $s_func)) {
				// New object
				$this->$name = $this->$s_func();
				return $this->$name;
			}
		}

		return null;
	} // end of func __get


	/**
	 * Init func
	 * Do things according default then user config.
	 *
	 * @return	object
	 */
	public function Init () {
		return $this;
	} // end of func Init


	/**
	 * Record log msg.
	 *
	 * @param	string	$msg
	 * @param	int		$level
	 * @return	$this
	 */
	public function Log ($msg, $level = 3) {
		$ar = array(
			'level'	=> $level,
			'time'	=> date($this->sFormatTime),
			'msg'	=> $msg,
		);
		$this->aLog[] = $ar;

		// Log to errorlog ?
		if ($this->aCfg['log-errorlog'] <= $level) {
			$s_error = "Log {$ar['level']}: {$ar['msg']}\n";

			// Log backtrace
			if ($this->aCfg['log-backtrace']) {
				$ar = debug_backtrace();
				foreach ($ar as $error) {
					$s_error .= "\tLine " . $error['line']
						. ' in ' . $error['file'] . "\n";
					if (!empty($error['class']))
						$s_error .= "\t\t" . $error['class']
							. '::' . $error['function'] . "()\n";
					elseif (!empty($error['function']))
						$s_error .= "\t\t" . $error['function'] . "()\n";
				}
			}

			error_log($s_error);
		}

		return $this;
	} // end of func Log


	/**
	 * Get all log msg.
	 *
	 * @param	$level	Only output log which's level >= $level
	 * @return	string
	 */
	public function LogGet ($level = 3) {
		if (IsCli())

			$s_split = "\n";
		else
			$s_split = "<br />\n";

		$s = '';
		if (!empty($this->aLog))
			foreach ($this->aLog as $log) {
				if ($level <= $log['level'])
					$s .= "[${log['time']}] ${log['msg']}"
						. $s_split;
			}

		return $s;
	} // end of func LogGet


	/**
	 * Clear all rules
	 *
	 * @param	boolean		$b_init	Re-do init.
	 */
	public function Reset ($b_init = false) {
		$this->aRule = array();
class MyClass { }

$x = new MyClass();
$x->foo = true;
		$this->SetCfgDefault();
		if (true == $b_init)

			$this->Init();
	} // end of func Reset


	/**
	 * Set config array
	 *
	 * @see		$aCfg
	 * @param	array	$k
	 * @param	mixed	$v
	 * @return	this
	 */
	public function SetCfg ($k, $v = null) {

		if (is_array($k)) {
			// Use array $k only, ignore $v
			if (!empty($k)) {
				foreach ($k as $key => $val)
					$this->aCfg[$key] = $val;
			}
		}
		else {
			// Use array $k => $v
			$this->aCfg[$k] = $v;
		}
		return $this;
	} // end of func SetCfg


	/**
	 * Set default config.
	 *
	 * @return	object
	 */
	 protected function SetCfgDefault () {
		// Log level eq/gt this will write to php errorlog
		$this->aCfg['log-errorlog']	= 4;
		// Print backtrace in log
		$this->aCfg['log-backtrace'] = false;

		return $this;
	 } // end of func SetCfgDefault


} // end of class Fwolflib
?>



1		<?php
2		/**
3		* @package fwolflib
4		* @subpackage class
5		* @copyright Copyright © 2010, Fwolf
6		* @author Fwolf <[email protected]>
7		* @since 2010-01-30
8		*/
9
10
11		require_once(dirname(__FILE__) . '/../fwolflib.php');
12		require_once(FWOLFLIB . 'func/env.php');
13
14
15		/**
16		* Basic class of all.
17		*
18		* Log included.
19		*
20		* @deprecated Use classes in Fwlib namespace, see PSR-0/1/2
21		* @package fwolflib
22		* @subpackage class
23		* @copyright Copyright © 2010, Fwolf
24		* @author Fwolf <[email protected]>
25		* @since 2010-01-30
26		*/
27		class Fwolflib {
28
29		/**
30		* Configuation
31		*
32		* Notice: re-define var in sub-class will overwrite var in parent class.
33		* @var array
34		*/
35		public $aCfg = array();
36
37		/**
38		* Default time format
39		* @var string
40		*/
41		public $sFormatTime = 'Y-m-d H:i:s';
42
43		/**
44		* Log msg.
45		*
46		* Log level 5(or 4) can be used as error or warning.
47		*
48		* array(
49		* i => array(
50		* level => 1/notice, 3/common, 5/imortant
51		* Can also be 2 or 4, even 1.5(not suggested),
52		* Default is 3.
53		* time =>
54		* msg =>
55		* )
56		* )
57		*
58		* @var array
59		*/
60		public $aLog = array();
61
62
63		/**
64		* constructor
65		*
66		* @param array $ar_cfg
67		*/
68		public function __construct ($ar_cfg = array()) {
69		$this->SetCfgDefault();
70		if (!empty($ar_cfg))
71		$this->SetCfg($ar_cfg);
72		$this->Init();
73		} // end of func __construct
74
75
76		/**
77		* Dummy destructor
78		*/
79		public function __destruct () {
80		} // end of func __destruct
81
82
83		/**
84		* Auto new obj if not set, for some special var only
85		*
86		* @param string $name
87		* @return object
88		*/
89	View Code Duplication	public function __get ($name) {
		0 ignored issues – show Duplication introduced 2018-01-24 08:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
90		if ('o' == $name{0}) {
91		$s_func = 'NewObj' . substr($name, 1);
92		if (method_exists($this, $s_func)) {
93		// New object
94		$this->$name = $this->$s_func();
95		return $this->$name;
96		}
97		}
98
99		return null;
100		} // end of func __get
101
102
103		/**
104		* Init func
105		* Do things according default then user config.
106		*
107		* @return object
108		*/
109		public function Init () {
110		return $this;
111		} // end of func Init
112
113
114		/**
115		* Record log msg.
116		*
117		* @param string $msg
118		* @param int $level
119		* @return $this
120		*/
121		public function Log ($msg, $level = 3) {
122		$ar = array(
123		'level' => $level,
124		'time' => date($this->sFormatTime),
125		'msg' => $msg,
126		);
127		$this->aLog[] = $ar;
128
129		// Log to errorlog ?
130		if ($this->aCfg['log-errorlog'] <= $level) {
131		$s_error = "Log {$ar['level']}: {$ar['msg']}\n";
132
133		// Log backtrace
134		if ($this->aCfg['log-backtrace']) {
135		$ar = debug_backtrace();
136		foreach ($ar as $error) {
137		$s_error .= "\tLine " . $error['line']
138		. ' in ' . $error['file'] . "\n";
139		if (!empty($error['class']))
140		$s_error .= "\t\t" . $error['class']
141		. '::' . $error['function'] . "()\n";
142		elseif (!empty($error['function']))
143		$s_error .= "\t\t" . $error['function'] . "()\n";
144		}
145		}
146
147		error_log($s_error);
148		}
149
150		return $this;
151		} // end of func Log
152
153
154		/**
155		* Get all log msg.
156		*
157		* @param $level Only output log which's level >= $level
158		* @return string
159		*/
160		public function LogGet ($level = 3) {
161		if (IsCli())
		0 ignored issues – show Deprecated Code introduced 2016-06-01 06:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The function `IsCli()` has been deprecated with message: Use Fwlib\Util\Env::isCli() This function has been deprecated. The supplier of the file has supplied an explanatory message. The explanatory message should give you some clue as to whether and when the function will be removed from the class and what other function to use instead. Loading history...
162		$s_split = "\n";
163		else
164		$s_split = "<br />\n";
165
166		$s = '';
167		if (!empty($this->aLog))
168		foreach ($this->aLog as $log) {
169		if ($level <= $log['level'])
170		$s .= "[${log['time']}] ${log['msg']}"
171		. $s_split;
172		}
173
174		return $s;
175		} // end of func LogGet
176
177
178		/**
179		* Clear all rules
180		*
181		* @param boolean $b_init Re-do init.
182		*/
183		public function Reset ($b_init = false) {
184		$this->aRule = array();
		0 ignored issues – show Bug introduced 2016-06-01 06:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `aRule` does not exist. Did you maybe forget to declare it? In PHP it is possible to write to properties without declaring them. For example, the following is perfectly valid PHP code: class MyClass { } $x = new MyClass(); $x->foo = true; Generally, it is a good practice to explictly declare properties to avoid accidental typos and provide IDE auto-completion: class MyClass { public $foo; } $x = new MyClass(); $x->foo = true; Loading history...
185		$this->SetCfgDefault();
186		if (true == $b_init)
		0 ignored issues – show Coding Style Best Practice introduced 2016-06-01 06:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like you are loosely comparing two booleans. Considering using the strict comparison `===` instead. When comparing two booleans, it is generally considered safer to use the strict comparison operator. Loading history...
187		$this->Init();
188		} // end of func Reset
189
190
191		/**
192		* Set config array
193		*
194		* @see $aCfg
195		* @param array $k
196		* @param mixed $v
197		* @return this
198		*/
199	View Code Duplication	public function SetCfg ($k, $v = null) {
		0 ignored issues – show Duplication introduced 2018-01-24 08:29 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
200		if (is_array($k)) {
201		// Use array $k only, ignore $v
202		if (!empty($k)) {
203		foreach ($k as $key => $val)
204		$this->aCfg[$key] = $val;
205		}
206		}
207		else {
208		// Use array $k => $v
209		$this->aCfg[$k] = $v;
210		}
211		return $this;
212		} // end of func SetCfg
213
214
215		/**
216		* Set default config.
217		*
218		* @return object
219		*/
220		protected function SetCfgDefault () {
221		// Log level eq/gt this will write to php errorlog
222		$this->aCfg['log-errorlog'] = 4;
223		// Print backtrace in log
224		$this->aCfg['log-backtrace'] = false;
225
226		return $this;
227		} // end of func SetCfgDefault
228
229
230		} // end of class Fwolflib
231		?>
		0 ignored issues – show Best Practice introduced 2016-06-01 06:17 UTC by Report Bug Copy Issue Report Show Similar Issues like this It is not recommended to use PHP's closing tag `?>` in files other than templates. Using a closing tag in PHP files that only contain PHP code is not recommended as you might accidentally add whitespace after the closing tag which would then be output by PHP. This can cause severe problems, for example headers cannot be sent anymore. A simple precaution is to leave off the closing tag as it is not required, and it also has no negative effects whatsoever. Loading history...
232

fwolf / fwlib

Issues (1752)

Security Analysis not enabled

class/fwolflib.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like