Issues in Config.php (master) - Issues in master - gyselroth/micro - Measure and Improve Code Quality continuously with Scrutinizer

Issues (69)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Config.php (3 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
declare(strict_types = 1);

/**
 * Micro
 *
 * @author    Raffael Sahli <[email protected]>
 * @copyright Copyright (c) 2017 gyselroth GmbH (https://gyselroth.com)
 * @license   MIT https://opensource.org/licenses/MIT
 */

namespace Micro;

use \Micro\Config\Exception;
.
|-- OtherDir
|   |-- Bar.php
|   `-- Foo.php
`-- SomeDir
    `-- Foo.php
use \Micro\Config\ConfigInterface;
use \Iterator;
use \ArrayAccess;
use \Countable;
use \InvalidArgumentException;

class Config implements ArrayAccess, Iterator, Countable
{
    /**
     * Store
     *
     * @var array
     */
    protected $_store = [];


    /**
     * Position
     *
     * @var int
     */
    protected $position = 0;


    /**
     * Load config
     *
     * @param   string $config
     * @return  void

     */
    public function __construct(?ConfigInterface $config=null)
    {
        if($config !== null) {
            $this->_store = $config->map()->children();

        }
    }


    /**
     * Inject config adapter
     *
     * @param  ConfigInterface $config
     * @return Config
     */
    public function inject(ConfigInterface $config): Config
    {
        return $this->merge($config->map());
    }


    /**
     * Merge
     *
     * @return Config
     */
    public function merge(Config $from): Config
    {
        foreach($from as $key => $value) {
            if(isset($this->_store[$key]) && $this->_store[$key] instanceof Config) {
                $this->_store[$key]->merge($value);
            } else {
                $this->_store[$key] = $value;
            }
        }

        return $this;
    }


    /**
     * Count
     *
     * @return int
     */
    public function count()
    {
        return count($this->_store);
    }

    /**
     * Count
     *
     * @return int
     */
    public function children()
    {
        return $this->_store;
    }


    /**
     * Get entry
     *
     * @param  string $key
     * @return mixed
     */
    public function __get($key)
    {
        if (isset($this->_store[$key])) {
            return $this->_store[$key];
        } else {
            throw new Exception('requested config key '.$key.' is not available');
        }
    }


    /**
     * Set offset
     *
     * @param  int $offset
     * @param  mixed $value
     * @return void
     */
    public function offsetSet($offset, $value)
    {
        if ($offset === null) {
            $this->_store[] = $value;
        } else {
            $this->_store[$offset] = $value;
        }
    }


    /**
     * Count
     *
     * @param  int $offset
     * @return bool
     */
    public function offsetExists($offset)
    {
        return isset($this->_store[$offset]);
    }


    /**
     * Unset offset
     *
     * @param  int $offset
     * @return void
     */
    public function offsetUnset($offset)
    {
        unset($this->_store[$offset]);
    }


    /**
     * Get value from offset
     *
     * @param  int $offset
     * @return mixed
     */
    public function offsetGet($offset)
    {
        return isset($this->_store[$offset]) ? $this->_store[$offset] : null;
    }

    /**
     * Rewind
     *
     * @return void
     */
    public function rewind()
    {
        reset($this->_store);
    }


    /**
     * Get current
     *
     * @return mixed
     */
    public function current()
    {
        return current($this->_store);
    }


    /**
     * Get key
     *
     * @return int
     */
    public function key()
    {
        return key($this->_store);
    }


    /**
     * Next
     *
     * @return void
     */
    public function next()
    {
        next($this->_store);
    }


    /**
     * Valid
     *
     * @return bool
     */
    public function valid()
    {
        return key($this->_store) !== null;
    }
}


1			<?php
2			declare(strict_types = 1);
3
4			/**
5			* Micro
6			*
7			* @author Raffael Sahli <[email protected]>
8			* @copyright Copyright (c) 2017 gyselroth GmbH (https://gyselroth.com)
9			* @license MIT https://opensource.org/licenses/MIT
10			*/
11
12			namespace Micro;
13
14			use \Micro\Config\Exception;
			0 ignored issues – show Bug introduced 2017-06-21 11:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this This use statement conflicts with another class in this namespace, `Micro\Exception`. Let’s assume that you have a directory layout like this: . \|-- OtherDir \| \|-- Bar.php \| `-- Foo.php `-- SomeDir `-- Foo.php and let’s assume the following content of `Bar.php`: // Bar.php namespace OtherDir; use SomeDir\Foo; // This now conflicts the class OtherDir\Foo If both files `OtherDir/Foo.php` and `SomeDir/Foo.php` are loaded in the same runtime, you will see a PHP error such as the following: PHP Fatal error: Cannot use SomeDir\Foo as Foo because the name is already in use in OtherDir/Foo.php However, as `OtherDir/Foo.php` does not necessarily have to be loaded and the error is only triggered if it is loaded before `OtherDir/Bar.php`, this problem might go unnoticed for a while. In order to prevent this error from surfacing, you must import the namespace with a different alias: // Bar.php namespace OtherDir; use SomeDir\Foo as SomeDirFoo; // There is no conflict anymore. Loading history...
15			use \Micro\Config\ConfigInterface;
16			use \Iterator;
17			use \ArrayAccess;
18			use \Countable;
19			use \InvalidArgumentException;
20
21			class Config implements ArrayAccess, Iterator, Countable
22			{
23			/**
24			* Store
25			*
26			* @var array
27			*/
28			protected $_store = [];
29
30
31			/**
32			* Position
33			*
34			* @var int
35			*/
36			protected $position = 0;
37
38
39			/**
40			* Load config
41			*
42			* @param string $config
43			* @return void
			0 ignored issues – show Comprehensibility Best Practice introduced 2017-06-21 11:15 UTC by Report Bug Copy Issue Report Show Similar Issues like this Adding a `@return` annotation to constructors is generally not recommended as a constructor does not have a meaningful return value. Adding a `@return` annotation to a constructor is not recommended, since a constructor does not have a meaningful return value. Please refer to the PHP core documentation on constructors. Loading history...
44			*/
45			public function __construct(?ConfigInterface $config=null)
46			{
47			if($config !== null) {
48			$this->_store = $config->map()->children();
			0 ignored issues – show Bug introduced 2017-11-03 15:49 UTC by Report Bug Copy Issue Report Show Similar Issues like this The method `map` cannot be called on `$config` (of type `string`). Methods can only be called on objects. This check looks for methods being called on variables that have been inferred to never be objects. Loading history...
49			}
50			}
51
52
53			/**
54			* Inject config adapter
55			*
56			* @param ConfigInterface $config
57			* @return Config
58			*/
59			public function inject(ConfigInterface $config): Config
60			{
61			return $this->merge($config->map());
62			}
63
64
65			/**
66			* Merge
67			*
68			* @return Config
69			*/
70			public function merge(Config $from): Config
71			{
72			foreach($from as $key => $value) {
73			if(isset($this->_store[$key]) && $this->_store[$key] instanceof Config) {
74			$this->_store[$key]->merge($value);
75			} else {
76			$this->_store[$key] = $value;
77			}
78			}
79
80			return $this;
81			}
82
83
84			/**
85			* Count
86			*
87			* @return int
88			*/
89			public function count()
90			{
91			return count($this->_store);
92			}
93
94			/**
95			* Count
96			*
97			* @return int
98			*/
99			public function children()
100			{
101			return $this->_store;
102			}
103
104
105			/**
106			* Get entry
107			*
108			* @param string $key
109			* @return mixed
110			*/
111			public function __get($key)
112			{
113			if (isset($this->_store[$key])) {
114			return $this->_store[$key];
115			} else {
116			throw new Exception('requested config key '.$key.' is not available');
117			}
118			}
119
120
121			/**
122			* Set offset
123			*
124			* @param int $offset
125			* @param mixed $value
126			* @return void
127			*/
128			public function offsetSet($offset, $value)
129			{
130			if ($offset === null) {
131			$this->_store[] = $value;
132			} else {
133			$this->_store[$offset] = $value;
134			}
135			}
136
137
138			/**
139			* Count
140			*
141			* @param int $offset
142			* @return bool
143			*/
144			public function offsetExists($offset)
145			{
146			return isset($this->_store[$offset]);
147			}
148
149
150			/**
151			* Unset offset
152			*
153			* @param int $offset
154			* @return void
155			*/
156			public function offsetUnset($offset)
157			{
158			unset($this->_store[$offset]);
159			}
160
161
162			/**
163			* Get value from offset
164			*
165			* @param int $offset
166			* @return mixed
167			*/
168			public function offsetGet($offset)
169			{
170			return isset($this->_store[$offset]) ? $this->_store[$offset] : null;
171			}
172
173			/**
174			* Rewind
175			*
176			* @return void
177			*/
178			public function rewind()
179			{
180			reset($this->_store);
181			}
182
183
184			/**
185			* Get current
186			*
187			* @return mixed
188			*/
189			public function current()
190			{
191			return current($this->_store);
192			}
193
194
195			/**
196			* Get key
197			*
198			* @return int
199			*/
200			public function key()
201			{
202			return key($this->_store);
203			}
204
205
206			/**
207			* Next
208			*
209			* @return void
210			*/
211			public function next()
212			{
213			next($this->_store);
214			}
215
216
217			/**
218			* Valid
219			*
220			* @return bool
221			*/
222			public function valid()
223			{
224			return key($this->_store) !== null;
225			}
226			}
227

gyselroth / micro

Issues (69)

Security Analysis not enabled

src/Config.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like