Issues in RoutingConfigHandler.class.php (master) - Issues in master - horros/agavi2 - Measure and Improve Code Quality continuously with Scrutinizer

Issues (1131)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/config/RoutingConfigHandler.class.php (6 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

// +---------------------------------------------------------------------------+
// | This file is part of the Agavi package.                                   |
// | Copyright (c) 2005-2011 the Agavi Project.                                |
// |                                                                           |
// | For the full copyright and license information, please view the LICENSE   |
// | file that was distributed with this source code. You can also view the    |
// | LICENSE file online at http://www.agavi.org/LICENSE.txt                   |
// |   vi: set noexpandtab:                                                    |
// |   Local Variables:                                                        |
// |   indent-tabs-mode: t                                                     |
// |   End:                                                                    |
// +---------------------------------------------------------------------------+

namespace Agavi\Config;

use Agavi\Config\Util\Dom\XmlConfigDomElement;
use Agavi\Config\Util\Dom\XmlConfigDomNode;
use Agavi\Core\Context;
use Agavi\Config\XmlConfigHandler;
use Agavi\Config\Util\Dom\XmlConfigDomDocument;
use Agavi\Routing\Routing;
use Agavi\Util\Toolkit;

/**
 * RoutingConfigHandler allows you to specify a list of routes that will
 * be matched against any given string.
 *
 * @package    agavi
 * @subpackage config
 *
 * @author     Dominik del Bondio <[email protected]>
 * @author     David Zülke <[email protected]>
 * @copyright  Authors
 * @copyright  The Agavi Project
 *
 * @since      0.11.0
 *
 * @version    $Id$
 */
class RoutingConfigHandler extends XmlConfigHandler
{
    const XML_NAMESPACE = 'http://agavi.org/agavi/config/parts/routing/1.1';
    
    /**
     * @var        array Stores the generated names of unnamed routes.
     */
    protected $unnamedRoutes = array();
    
    /**
     * Execute this configuration handler.
     *
     * @param      XmlConfigDomDocument $document The document to parse.
     *
     * @return     string Data to be written to a cache file.
     *
     * @throws     <b>UnreadableException</b> If a requested configuration
     *                                             file does not exist or is not
     *                                             readable.
     * @throws     <b>ParseException</b> If a requested configuration file is
     *                                        improperly formatted.
     *
     * @author     Dominik del Bondio <[email protected]>
     * @author     David Zülke <[email protected]>
     * @since      0.11.0
     */
    public function execute(XmlConfigDomDocument $document)
    {
        // set up our default namespace
        $document->setDefaultNamespace(self::XML_NAMESPACE, 'routing');
        
        $routing = Context::getInstance($this->context)->getRouting();

        // reset the stored route names
        $this->unnamedRoutes = array();

        // clear the routing
        $routing->importRoutes(array());
        
        foreach ($document->getConfigurationElements() as $cfg) {
            if ($cfg->has('routes')) {
                $this->parseRoutes($routing, $cfg->get('routes'));
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
            }
        }

        // we cannot do this:
        // $code = '$this->importRoutes(unserialize(' . var_export(serialize($routing->exportRoutes()), true) . '));';

        // return $this->generate($code, $document->documentURI);

        // because var_export() incorrectly escapes null-byte sequences as \000, which results in a corrupted string, and unserialize() doesn't like corrupted strings
        // this was fixed in PHP 5.2.6, but we're compatible with 5.2.0+
        // see http://bugs.php.net/bug.php?id=37262 and http://bugs.php.net/bug.php?id=42272
        
        return serialize($routing->exportRoutes());
    }

    /**
     * Takes a nested array of AgaviConfigValueHolder containing the routing
     * information and creates the routes in the given routing.
     *
     * @param      Routing               $routing The routing instance to create the routes in.
     * @param      XmlConfigDomElement[] $routes  The "routes" node (element or node list)
     * @param      string                $parent  The name of the parent route (if any).
     *
     * @author     Dominik del Bondio <[email protected]>
     * @since      0.11.0
     */
    protected function parseRoutes(Routing $routing, $routes, $parent = null)
    {
        foreach ($routes as $route) {
            $pattern = Toolkit::expandDirectives($route->getAttribute('pattern'));
            $opts = array();
            if ($route->hasAttribute('imply')) {
                $opts['imply']              = Toolkit::literalize($route->getAttribute('imply'));
            }
            if ($route->hasAttribute('cut')) {
                $opts['cut']                    = Toolkit::literalize($route->getAttribute('cut'));
            }
            if ($route->hasAttribute('stop')) {
                $opts['stop']                   = Toolkit::literalize($route->getAttribute('stop'));
            }
            if ($route->hasAttribute('name')) {
                $opts['name']                   = Toolkit::expandDirectives($route->getAttribute('name'));
            }
            if ($route->hasAttribute('source')) {
                $opts['source']             = Toolkit::expandDirectives($route->getAttribute('source'));
            }
            if ($route->hasAttribute('constraint')) {
                $opts['constraint']     = array_map('trim', explode(' ', trim(Toolkit::expandDirectives($route->getAttribute('constraint')))));
            }
            // values which will be set when the route matched
            if ($route->hasAttribute('controller')) {
                $opts['controller']             = Toolkit::expandDirectives($route->getAttribute('controller'));
            }
            if ($route->hasAttribute('locale')) {
                $opts['locale']             = Toolkit::expandDirectives($route->getAttribute('locale'));
            }
            if ($route->hasAttribute('method')) {
                $opts['method']             = Toolkit::expandDirectives($route->getAttribute('method'));
            }
            if ($route->hasAttribute('module')) {
                $opts['module']             = Toolkit::expandDirectives($route->getAttribute('module'));
            }
            if ($route->hasAttribute('output_type')) {
                $opts['output_type']    = Toolkit::expandDirectives($route->getAttribute('output_type'));
            }

            if ($route->has('ignores')) {
                /** @var XmlConfigDomElement $ignore */
                foreach ($route->get('ignores') as $ignore) {
                    $opts['ignores'][] = $ignore->getValue();
                }
            }

            if ($route->has('defaults')) {
                /** @var XmlConfigDomElement $default */
                foreach ($route->get('defaults') as $default) {
                    $opts['defaults'][$default->getAttribute('for')] = $default->getValue();
                }
            }

            if ($route->has('callbacks')) {
                $opts['callbacks'] = array();
                /** @var XmlConfigDomElement $callback */
                foreach ($route->get('callbacks') as $callback) {
                    $opts['callbacks'][] = array(
                        'class' => $callback->getAttribute('class'),
                        'parameters' => $callback->getAgaviParameters(),
                    );
                }
            }

            $opts['parameters'] = $route->getAgaviParameters();

            if (isset($opts['name']) && $parent) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                // don't overwrite $parent since it's used later
                $parentName = $parent;
                if ($opts['name'][0] == '.') {
                    while ($parentName && isset($this->unnamedRoutes[$parentName])) {
                        $parentRoute = $routing->getRoute($parentName);
                        $parentName = $parentRoute['opt']['parent'];
                    }
                    $opts['name'] = $parentName . $opts['name'];
                }
            }

            if (isset($opts['controller']) && $parent) {
''   == false // true
''   == null  // true
'ab' == false // false
'ab' == null  // false

// It is often better to use strict comparison
'' === false // false
'' === null  // false
                if ($opts['controller'][0] == '.') {
                    $parentRoute = $routing->getRoute($parent);
                    // unwind all empty 'controller' attributes of the parent(s)
                    while ($parentRoute && empty($parentRoute['opt']['controller'])) {
                        $parentRoute = $routing->getRoute($parentRoute['opt']['parent']);
                    }
                    if (!empty($parentRoute['opt']['controller'])) {
                        $opts['controller'] = $parentRoute['opt']['controller'] . $opts['controller'];
                    }
                }
            }

            $name = $routing->addRoute($pattern, $opts, $parent);
            if (!isset($opts['name']) || $opts['name'] !== $name) {
                $this->unnamedRoutes[$name] = true;
            }
            if ($route->has('routes')) {
                $this->parseRoutes($routing, $route->get('routes'), $name);
function acceptsInteger($int) { }

$x = '123'; // string "123"

// Instead of
acceptsInteger($x);

// we recommend to use
acceptsInteger((integer) $x);
            }
        }
    }
}


1			<?php
2
3			// +---------------------------------------------------------------------------+
4			// \| This file is part of the Agavi package. \|
5			// \| Copyright (c) 2005-2011 the Agavi Project. \|
6			// \| \|
7			// \| For the full copyright and license information, please view the LICENSE \|
8			// \| file that was distributed with this source code. You can also view the \|
9			// \| LICENSE file online at http://www.agavi.org/LICENSE.txt \|
10			// \| vi: set noexpandtab: \|
11			// \| Local Variables: \|
12			// \| indent-tabs-mode: t \|
13			// \| End: \|
14			// +---------------------------------------------------------------------------+
15
16			namespace Agavi\Config;
17
18			use Agavi\Config\Util\Dom\XmlConfigDomElement;
19			use Agavi\Config\Util\Dom\XmlConfigDomNode;
20			use Agavi\Core\Context;
21			use Agavi\Config\XmlConfigHandler;
22			use Agavi\Config\Util\Dom\XmlConfigDomDocument;
23			use Agavi\Routing\Routing;
24			use Agavi\Util\Toolkit;
25
26			/**
27			* RoutingConfigHandler allows you to specify a list of routes that will
28			* be matched against any given string.
29			*
30			* @package agavi
31			* @subpackage config
32			*
33			* @author Dominik del Bondio <[email protected]>
34			* @author David Zülke <[email protected]>
35			* @copyright Authors
36			* @copyright The Agavi Project
37			*
38			* @since 0.11.0
39			*
40			* @version $Id$
41			*/
42			class RoutingConfigHandler extends XmlConfigHandler
43			{
44			const XML_NAMESPACE = 'http://agavi.org/agavi/config/parts/routing/1.1';
45
46			/**
47			* @var array Stores the generated names of unnamed routes.
48			*/
49			protected $unnamedRoutes = array();
50
51			/**
52			* Execute this configuration handler.
53			*
54			* @param XmlConfigDomDocument $document The document to parse.
55			*
56			* @return string Data to be written to a cache file.
57			*
58			* @throws <b>UnreadableException</b> If a requested configuration
59			* file does not exist or is not
60			* readable.
61			* @throws <b>ParseException</b> If a requested configuration file is
62			* improperly formatted.
63			*
64			* @author Dominik del Bondio <[email protected]>
65			* @author David Zülke <[email protected]>
66			* @since 0.11.0
67			*/
68			public function execute(XmlConfigDomDocument $document)
69			{
70			// set up our default namespace
71			$document->setDefaultNamespace(self::XML_NAMESPACE, 'routing');
72
73			$routing = Context::getInstance($this->context)->getRouting();
74
75			// reset the stored route names
76			$this->unnamedRoutes = array();
77
78			// clear the routing
79			$routing->importRoutes(array());
80
81			foreach ($document->getConfigurationElements() as $cfg) {
82			if ($cfg->has('routes')) {
83			$this->parseRoutes($routing, $cfg->get('routes'));
			0 ignored issues – show Documentation introduced 2016-11-27 20:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$cfg->get('routes')` is of type `object<DOMNodeList>`, but the function expects a `array<integer,object<Aga...m\XmlConfigDomElement>>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
84			}
85			}
86
87			// we cannot do this:
88			// $code = '$this->importRoutes(unserialize(' . var_export(serialize($routing->exportRoutes()), true) . '));';
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-11-27 20:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this `50%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
89			// return $this->generate($code, $document->documentURI);
			0 ignored issues – show Unused Code Comprehensibility introduced 2016-11-27 20:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this `67%` of this comment could be valid code. Did you maybe forget this after debugging? Sometimes obsolete code just ends up commented out instead of removed. In this case it is better to remove the code once you have checked you do not need it. The code might also have been commented out for debugging purposes. In this case it is vital that someone uncomments it again or your project may behave in very unexpected ways in production. This check looks for comments that seem to be mostly valid code and reports them. Loading history...
90			// because var_export() incorrectly escapes null-byte sequences as \000, which results in a corrupted string, and unserialize() doesn't like corrupted strings
91			// this was fixed in PHP 5.2.6, but we're compatible with 5.2.0+
92			// see http://bugs.php.net/bug.php?id=37262 and http://bugs.php.net/bug.php?id=42272
93
94			return serialize($routing->exportRoutes());
95			}
96
97			/**
98			* Takes a nested array of AgaviConfigValueHolder containing the routing
99			* information and creates the routes in the given routing.
100			*
101			* @param Routing $routing The routing instance to create the routes in.
102			* @param XmlConfigDomElement[] $routes The "routes" node (element or node list)
103			* @param string $parent The name of the parent route (if any).
104			*
105			* @author Dominik del Bondio <[email protected]>
106			* @since 0.11.0
107			*/
108			protected function parseRoutes(Routing $routing, $routes, $parent = null)
109			{
110			foreach ($routes as $route) {
111			$pattern = Toolkit::expandDirectives($route->getAttribute('pattern'));
112			$opts = array();
113			if ($route->hasAttribute('imply')) {
114			$opts['imply'] = Toolkit::literalize($route->getAttribute('imply'));
115			}
116			if ($route->hasAttribute('cut')) {
117			$opts['cut'] = Toolkit::literalize($route->getAttribute('cut'));
118			}
119			if ($route->hasAttribute('stop')) {
120			$opts['stop'] = Toolkit::literalize($route->getAttribute('stop'));
121			}
122			if ($route->hasAttribute('name')) {
123			$opts['name'] = Toolkit::expandDirectives($route->getAttribute('name'));
124			}
125			if ($route->hasAttribute('source')) {
126			$opts['source'] = Toolkit::expandDirectives($route->getAttribute('source'));
127			}
128			if ($route->hasAttribute('constraint')) {
129			$opts['constraint'] = array_map('trim', explode(' ', trim(Toolkit::expandDirectives($route->getAttribute('constraint')))));
130			}
131			// values which will be set when the route matched
132			if ($route->hasAttribute('controller')) {
133			$opts['controller'] = Toolkit::expandDirectives($route->getAttribute('controller'));
134			}
135			if ($route->hasAttribute('locale')) {
136			$opts['locale'] = Toolkit::expandDirectives($route->getAttribute('locale'));
137			}
138			if ($route->hasAttribute('method')) {
139			$opts['method'] = Toolkit::expandDirectives($route->getAttribute('method'));
140			}
141			if ($route->hasAttribute('module')) {
142			$opts['module'] = Toolkit::expandDirectives($route->getAttribute('module'));
143			}
144			if ($route->hasAttribute('output_type')) {
145			$opts['output_type'] = Toolkit::expandDirectives($route->getAttribute('output_type'));
146			}
147
148			if ($route->has('ignores')) {
149			/** @var XmlConfigDomElement $ignore */
150			foreach ($route->get('ignores') as $ignore) {
151			$opts['ignores'][] = $ignore->getValue();
152			}
153			}
154
155			if ($route->has('defaults')) {
156			/** @var XmlConfigDomElement $default */
157			foreach ($route->get('defaults') as $default) {
158			$opts['defaults'][$default->getAttribute('for')] = $default->getValue();
159			}
160			}
161
162			if ($route->has('callbacks')) {
163			$opts['callbacks'] = array();
164			/** @var XmlConfigDomElement $callback */
165			foreach ($route->get('callbacks') as $callback) {
166			$opts['callbacks'][] = array(
167			'class' => $callback->getAttribute('class'),
168			'parameters' => $callback->getAgaviParameters(),
169			);
170			}
171			}
172
173			$opts['parameters'] = $route->getAgaviParameters();
174
175			if (isset($opts['name']) && $parent) {
			0 ignored issues – show Bug Best Practice introduced 2016-11-27 20:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$parent` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
176			// don't overwrite $parent since it's used later
177			$parentName = $parent;
178			if ($opts['name'][0] == '.') {
179			while ($parentName && isset($this->unnamedRoutes[$parentName])) {
180			$parentRoute = $routing->getRoute($parentName);
181			$parentName = $parentRoute['opt']['parent'];
182			}
183			$opts['name'] = $parentName . $opts['name'];
184			}
185			}
186
187			if (isset($opts['controller']) && $parent) {
			0 ignored issues – show Bug Best Practice introduced 2016-11-27 20:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this The expression `$parent` of type `string\|null` is loosely compared to `true`; this is ambiguous if the string can be empty. You might want to explicitly use `!== null` instead. In PHP, under loose comparison (like `==`, or `!=`, or `switch` conditions), values of different types might be equal. For `string` values, the empty string `''` is a special case, in particular the following results might be unexpected: '' == false // true '' == null // true 'ab' == false // false 'ab' == null // false // It is often better to use strict comparison '' === false // false '' === null // false Loading history...
188			if ($opts['controller'][0] == '.') {
189			$parentRoute = $routing->getRoute($parent);
190			// unwind all empty 'controller' attributes of the parent(s)
191			while ($parentRoute && empty($parentRoute['opt']['controller'])) {
192			$parentRoute = $routing->getRoute($parentRoute['opt']['parent']);
193			}
194			if (!empty($parentRoute['opt']['controller'])) {
195			$opts['controller'] = $parentRoute['opt']['controller'] . $opts['controller'];
196			}
197			}
198			}
199
200			$name = $routing->addRoute($pattern, $opts, $parent);
201			if (!isset($opts['name']) \|\| $opts['name'] !== $name) {
202			$this->unnamedRoutes[$name] = true;
203			}
204			if ($route->has('routes')) {
205			$this->parseRoutes($routing, $route->get('routes'), $name);
			0 ignored issues – show Documentation introduced 2016-11-27 20:51 UTC by Report Bug Copy Issue Report Show Similar Issues like this `$route->get('routes')` is of type `object<DOMNodeList>`, but the function expects a `array<integer,object<Aga...m\XmlConfigDomElement>>`. It seems like the type of the argument is not accepted by the function/method which you are calling. In some cases, in particular if PHP’s automatic type-juggling kicks in this might be fine. In other cases, however this might be a bug. We suggest to add an explicit type cast like in the following example: function acceptsInteger($int) { } $x = '123'; // string "123" // Instead of acceptsInteger($x); // we recommend to use acceptsInteger((integer) $x); Loading history...
206			}
207			}
208			}
209			}
210

horros / agavi2

Issues (1131)

Security Analysis not enabled

src/config/RoutingConfigHandler.class.php (6 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like