Issues in AddressList.php (master) - Issues in master - genkgo/mail - Measure and Improve Code Quality continuously with Scrutinizer

Issues (74)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/AddressList.php (1 issue)

Labels

Documentation 1

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types=1);

namespace Genkgo\Mail;

/**
 * @implements \IteratorAggregate<int, Address>
 */
final class AddressList implements \Countable, \IteratorAggregate
{
    private const PARSE_START = 1;
    
    private const PARSE_QUOTE = 2;

    /**
     * @var array|Address[]
     */
    private $addresses = [];

    /**
     * @param array<int, mixed> $recipients
     */
    public function __construct(array $recipients = [])
    {
        foreach ($recipients as $recipient) {
            if ($recipient instanceof Address === false) {
                throw new \InvalidArgumentException('Recipient must be Address object');
            }

            $this->addresses[] = $recipient;
        }
    }

    /**
     * @param Address $address
     * @return AddressList
     */
    public function withAddress(Address $address): AddressList
    {
        $clone = clone $this;
        $clone->addresses[] = $address;
        return $clone;
    }

    /**
     * @param Address $address
     * @return AddressList
     */
    public function withoutAddress(Address $address): AddressList
    {
        $clone = clone $this;

        foreach ($this->addresses as $key => $mayRemoveAddress) {
            if ($mayRemoveAddress->equals($address)) {
                unset($clone->addresses[$key]);
            }
        }

        return $clone;
    }

    /**
     * @param AddressList $addressList
     * @return AddressList
     */
    public function withList(AddressList $addressList): AddressList
    {
        $clone = clone $this;
        $clone->addresses = \array_merge($this->addresses, $addressList->addresses);
        return $clone;
    }

    /**
     * @return Address
     */
    public function first(): Address
    {
        if (empty($this->addresses)) {
            throw new \OutOfRangeException();
        }

        return \reset($this->addresses);
    }

    /**
     * @return int
     */
    public function count(): int
    {
        return \count($this->addresses);
    }

    /**
     * @return \ArrayIterator<int, Address>

     */
    public function getIterator()
    {
        return new \ArrayIterator($this->addresses);
    }

    /**
     * @return string
     */
    public function __toString(): string
    {
        return \implode(
            ",\r\n ",
            \array_map(
                function (Address $addressAndName) {
                    return (string) $addressAndName;
                },
                $this->addresses
            )
        );
    }

    /**
     * @param string $addressListAsString
     * @return AddressList
     */
    public static function fromString(string $addressListAsString)
    {
        $addressListAsString = \trim($addressListAsString);
        if ($addressListAsString === '') {
            return new self([]);
        }

        $addresses = [];
        $length = \strlen($addressListAsString) - 1;
        $n = -1;
        $state = self::PARSE_START;
        $escapeNext = false;
        $sequence = '';

        while ($n < $length) {
            $n++;

            $char = $addressListAsString[$n];

            $sequence .= $char;

            if ($char === '\\') {
                $escapeNext = true;
                continue;
            }

            if ($escapeNext) {
                $escapeNext = false;
                continue;
            }

            switch ($state) {
                case self::PARSE_QUOTE:
                    if ($char === '"') {
                        $state = self::PARSE_START;
                    }

                    break;
                default:
                    if ($char === '"') {
                        $state = self::PARSE_QUOTE;
                    }

                    if ($char === ',') {
                        $addresses[] = Address::fromString(\substr($sequence, 0, -1));
                        $sequence = '';
                        $state = self::PARSE_START;
                    }
                    break;
            }
        }

        $addresses[] = Address::fromString($sequence);

        return new self($addresses);
    }
}


1		<?php
2		declare(strict_types=1);
3
4		namespace Genkgo\Mail;
5
6		/**
7		* @implements \IteratorAggregate<int, Address>
8		*/
9		final class AddressList implements \Countable, \IteratorAggregate
10		{
11		private const PARSE_START = 1;
12
13		private const PARSE_QUOTE = 2;
14
15		/**
16		* @var array\|Address[]
17		*/
18		private $addresses = [];
19
20		/**
21		* @param array<int, mixed> $recipients
22		*/
23	56	public function __construct(array $recipients = [])
24		{
25	56	foreach ($recipients as $recipient) {
26	54	if ($recipient instanceof Address === false) {
27	1	throw new \InvalidArgumentException('Recipient must be Address object');
28		}
29
30	53	$this->addresses[] = $recipient;
31		}
32	55	}
33
34		/**
35		* @param Address $address
36		* @return AddressList
37		*/
38	2	public function withAddress(Address $address): AddressList
39		{
40	2	$clone = clone $this;
41	2	$clone->addresses[] = $address;
42	2	return $clone;
43		}
44
45		/**
46		* @param Address $address
47		* @return AddressList
48		*/
49	2	public function withoutAddress(Address $address): AddressList
50		{
51	2	$clone = clone $this;
52
53	2	foreach ($this->addresses as $key => $mayRemoveAddress) {
54	2	if ($mayRemoveAddress->equals($address)) {
55	2	unset($clone->addresses[$key]);
56		}
57		}
58
59	2	return $clone;
60		}
61
62		/**
63		* @param AddressList $addressList
64		* @return AddressList
65		*/
66	1	public function withList(AddressList $addressList): AddressList
67		{
68	1	$clone = clone $this;
69	1	$clone->addresses = \array_merge($this->addresses, $addressList->addresses);
70	1	return $clone;
71		}
72
73		/**
74		* @return Address
75		*/
76	11	public function first(): Address
77		{
78	11	if (empty($this->addresses)) {
79	2	throw new \OutOfRangeException();
80		}
81
82	10	return \reset($this->addresses);
83		}
84
85		/**
86		* @return int
87		*/
88	13	public function count(): int
89		{
90	13	return \count($this->addresses);
91		}
92
93		/**
94		* @return \ArrayIterator<int, Address>
		0 ignored issues – show Documentation introduced 2020-03-01 17:14 UTC by Report Bug Copy Issue Report Show Similar Issues like this The doc-type `\ArrayIterator<int,` could not be parsed: Expected "\|" or "end of type", but got "<" at position 14. (view supported doc-types) This check marks PHPDoc comments that could not be parsed by our parser. To see which comment annotations we can parse, please refer to our documentation on supported doc-types. Loading history...
95		*/
96	1	public function getIterator()
97		{
98	1	return new \ArrayIterator($this->addresses);
99		}
100
101		/**
102		* @return string
103		*/
104	34	public function __toString(): string
105		{
106	34	return \implode(
107	34	",\r\n ",
108	34	\array_map(
109		function (Address $addressAndName) {
110	33	return (string) $addressAndName;
111	34	},
112	34	$this->addresses
113		)
114		);
115		}
116
117		/**
118		* @param string $addressListAsString
119		* @return AddressList
120		*/
121	26	public static function fromString(string $addressListAsString)
122		{
123	26	$addressListAsString = \trim($addressListAsString);
124	26	if ($addressListAsString === '') {
125	2	return new self([]);
126		}
127
128	25	$addresses = [];
129	25	$length = \strlen($addressListAsString) - 1;
130	25	$n = -1;
131	25	$state = self::PARSE_START;
132	25	$escapeNext = false;
133	25	$sequence = '';
134
135	25	while ($n < $length) {
136	25	$n++;
137
138	25	$char = $addressListAsString[$n];
139
140	25	$sequence .= $char;
141
142	25	if ($char === '\\') {
143	3	$escapeNext = true;
144	3	continue;
145		}
146
147	25	if ($escapeNext) {
148	3	$escapeNext = false;
149	3	continue;
150		}
151
152		switch ($state) {
153	25	case self::PARSE_QUOTE:
154	9	if ($char === '"') {
155	8	$state = self::PARSE_START;
156		}
157
158	9	break;
159		default:
160	25	if ($char === '"') {
161	9	$state = self::PARSE_QUOTE;
162		}
163
164	25	if ($char === ',') {
165	6	$addresses[] = Address::fromString(\substr($sequence, 0, -1));
166	6	$sequence = '';
167	6	$state = self::PARSE_START;
168		}
169	25	break;
170		}
171		}
172
173	25	$addresses[] = Address::fromString($sequence);
174
175	24	return new self($addresses);
176		}
177		}
178

genkgo / mail

Issues (74)

Security Analysis no request data

src/AddressList.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like