Issues in DeprecationWrapper.php (master) - Issues in master - gctools-outilsgc/gcconnex - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2473)

Security Analysis no vulnerabilities found

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

engine/classes/Elgg/DeprecationWrapper.php (3 issues)

Labels

Duplication 3

Severity

Informational 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
namespace Elgg;
/**
 * Wrap an object and display warnings whenever the object's variables are
 * accessed or a method is used. It can also be used to wrap a string.
 *
 * Note that the wrapper will not share the type of the wrapped object and will
 * fail type hints, instanceof, etc.
 *
 * This was introduced for deprecating passing particular variabled to views
 * automatically in elgg_view(). It also used to wrap the deprecated global $SESSION.
 * It can be removed once that use is no longer required.
 *
 * Wraps:
 *  url string in ViewsService
 *  config object in ViewsService
 *  user object in ViewsService
 *  session object in session lib
 *  config object in ElggPlugin::includeFile
 *
 * @access private
 * 
 * @package Elgg.Core
 */
class DeprecationWrapper implements \ArrayAccess {
	/** @var object */
	protected $object;

	/** @var string */
	protected $string;

	/** @var string */
	protected $message;

	/** @var string */
	protected $version;

	/** @var callable */
	protected $reporter;

	/**
	 * Create the wrapper
	 * 
	 * @param mixed    $object   The object or string to wrap
	 * @param string   $message  The deprecation message to display when used
	 * @param string   $version  The Elgg version this was deprecated
	 * @param callable $reporter function called to report deprecation
	 */
	public function __construct($object, $message, $version, $reporter = 'elgg_deprecated_notice') {
		if (is_object($object)) {
			$this->object = $object;
		} else {
			$this->string = $object;
		}
		$this->message = $message;
		$this->version = $version;
		$this->reporter = $reporter;
	}

	/**
	 * Get a property on the object
	 * 
	 * @param string $name Property name
	 * @return mixed
	 */
	public function __get($name) {
		$this->displayWarning();
		return $this->object->$name;
	}

	/**
	 * Set a property on the object
	 * 
	 * @param string $name  Property name
	 * @param mixed  $value Property value
	 * @return void
	 */
	public function __set($name, $value) {
		$this->displayWarning();
		$this->object->$name = $value;
	}

	/**
	 * Call a method on the object
	 * 
	 * @param string $name      Method name
	 * @param array  $arguments Method arguments
	 * @return mixed
	 */
	public function __call($name, $arguments) {
		$this->displayWarning();
		return call_user_func_array(array($this->object, $name), $arguments);
	}

	/**
	 * Get the object as string
	 * 
	 * @return string
	 */
	public function __toString() {
		$this->displayWarning();
		if (isset($this->string)) {
			return $this->string;
		} else {
			return (string) $this->object;
		}
	}

	/**
	 * Display a warning
	 * 
	 * @return void
	 */
	protected function displayWarning() {
		// display 3 levels in the function stack to get back to original use
		// 1 for __get/__call/__toString()
		// 1 for displayWarning()
		// 1 for call_user_func()
		call_user_func($this->reporter, $this->message, $this->version, 3);
	}

	/**
	 * Array access interface
	 *
	 * @see \ArrayAccess::offsetSet()
	 *
	 * @param mixed $key   Name
	 * @param mixed $value Value
	 *
	 * @return void
	 */
	public function offsetSet($key, $value) {
		$this->displayWarning();
		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
			$this->object->$key = $value;
		} else {
			if ($key === null) {
				// Yes this is necessary. Otherwise $key will be interpreted as empty string
				$this->object[] = $value;
			} else {
				$this->object[$key] = $value;
			}
		}
	}

	/**
	 * Array access interface
	 *
	 * @see \ArrayAccess::offsetGet()
	 *
	 * @param mixed $key Name
	 *
	 * @return mixed
	 */
	public function offsetGet($key) {

		$this->displayWarning();
		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
			return $this->object->$key;
		} else {
			return $this->object[$key];
		}
	}

	/**
	 * Array access interface
	 *
	 * @see \ArrayAccess::offsetUnset()
	 *
	 * @param mixed $key Name
	 *
	 * @return void
	 */
	public function offsetUnset($key) {

		$this->displayWarning();
		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
			unset($this->object->$key);
		} else {
			unset($this->object[$key]);
		}
	}

	/**
	 * Array access interface
	 *
	 * @see \ArrayAccess::offsetExists()
	 *
	 * @param mixed $offset Offset
	 *
	 * @return bool
	 */
	public function offsetExists($offset) {

		$this->displayWarning();
		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
			return isset($this->object->$offset);
		} else {
			return array_key_exists($offset, $this->object);
		}
	}
}



1			<?php
2			namespace Elgg;
3			/**
4			* Wrap an object and display warnings whenever the object's variables are
5			* accessed or a method is used. It can also be used to wrap a string.
6			*
7			* Note that the wrapper will not share the type of the wrapped object and will
8			* fail type hints, instanceof, etc.
9			*
10			* This was introduced for deprecating passing particular variabled to views
11			* automatically in elgg_view(). It also used to wrap the deprecated global $SESSION.
12			* It can be removed once that use is no longer required.
13			*
14			* Wraps:
15			* url string in ViewsService
16			* config object in ViewsService
17			* user object in ViewsService
18			* session object in session lib
19			* config object in ElggPlugin::includeFile
20			*
21			* @access private
22			*
23			* @package Elgg.Core
24			*/
25			class DeprecationWrapper implements \ArrayAccess {
26			/** @var object */
27			protected $object;
28
29			/** @var string */
30			protected $string;
31
32			/** @var string */
33			protected $message;
34
35			/** @var string */
36			protected $version;
37
38			/** @var callable */
39			protected $reporter;
40
41			/**
42			* Create the wrapper
43			*
44			* @param mixed $object The object or string to wrap
45			* @param string $message The deprecation message to display when used
46			* @param string $version The Elgg version this was deprecated
47			* @param callable $reporter function called to report deprecation
48			*/
49	9		public function __construct($object, $message, $version, $reporter = 'elgg_deprecated_notice') {
50	9		if (is_object($object)) {
51	8		$this->object = $object;
52	8		} else {
53	6		$this->string = $object;
54			}
55	9		$this->message = $message;
56	9		$this->version = $version;
57	9		$this->reporter = $reporter;
58	9		}
59
60			/**
61			* Get a property on the object
62			*
63			* @param string $name Property name
64			* @return mixed
65			*/
66	1		public function __get($name) {
67	1		$this->displayWarning();
68	1		return $this->object->$name;
69			}
70
71			/**
72			* Set a property on the object
73			*
74			* @param string $name Property name
75			* @param mixed $value Property value
76			* @return void
77			*/
78			public function __set($name, $value) {
79			$this->displayWarning();
80			$this->object->$name = $value;
81			}
82
83			/**
84			* Call a method on the object
85			*
86			* @param string $name Method name
87			* @param array $arguments Method arguments
88			* @return mixed
89			*/
90	1		public function __call($name, $arguments) {
91	1		$this->displayWarning();
92	1		return call_user_func_array(array($this->object, $name), $arguments);
93			}
94
95			/**
96			* Get the object as string
97			*
98			* @return string
99			*/
100	2		public function __toString() {
101	2		$this->displayWarning();
102	2		if (isset($this->string)) {
103	1		return $this->string;
104			} else {
105	1		return (string) $this->object;
106			}
107			}
108
109			/**
110			* Display a warning
111			*
112			* @return void
113			*/
114	4		protected function displayWarning() {
115			// display 3 levels in the function stack to get back to original use
116			// 1 for __get/__call/__toString()
117			// 1 for displayWarning()
118			// 1 for call_user_func()
119	4		call_user_func($this->reporter, $this->message, $this->version, 3);
120	4		}
121
122			/**
123			* Array access interface
124			*
125			* @see \ArrayAccess::offsetSet()
126			*
127			* @param mixed $key Name
128			* @param mixed $value Value
129			*
130			* @return void
131			*/
132	2		public function offsetSet($key, $value) {
133	2		$this->displayWarning();
134	2		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
135	1		$this->object->$key = $value;
136	1		} else {
137	1		if ($key === null) {
138			// Yes this is necessary. Otherwise $key will be interpreted as empty string
139	1		$this->object[] = $value;
140	1		} else {
141	1		$this->object[$key] = $value;
142			}
143			}
144	2		}
145
146			/**
147			* Array access interface
148			*
149			* @see \ArrayAccess::offsetGet()
150			*
151			* @param mixed $key Name
152			*
153			* @return mixed
154			*/
155	2	View Code Duplication	public function offsetGet($key) {
			0 ignored issues – show Duplication introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
156	2		$this->displayWarning();
157	2		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
158	1		return $this->object->$key;
159			} else {
160	1		return $this->object[$key];
161			}
162			}
163
164			/**
165			* Array access interface
166			*
167			* @see \ArrayAccess::offsetUnset()
168			*
169			* @param mixed $key Name
170			*
171			* @return void
172			*/
173	1	View Code Duplication	public function offsetUnset($key) {
			0 ignored issues – show Duplication introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
174	1		$this->displayWarning();
175	1		if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
176			unset($this->object->$key);
177			} else {
178	1		unset($this->object[$key]);
179			}
180	1		}
181
182			/**
183			* Array access interface
184			*
185			* @see \ArrayAccess::offsetExists()
186			*
187			* @param mixed $offset Offset
188			*
189			* @return bool
190			*/
191		View Code Duplication	public function offsetExists($offset) {
			0 ignored issues – show Duplication introduced 2017-09-27 16:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
192			$this->displayWarning();
193			if (is_object($this->object) && !$this->object instanceof \ArrayAccess) {
194			return isset($this->object->$offset);
195			} else {
196			return array_key_exists($offset, $this->object);
197			}
198			}
199			}
200
201

gctools-outilsgc / gcconnex

Issues (2473)

Security Analysis no vulnerabilities found

engine/classes/Elgg/DeprecationWrapper.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like