Issues in Resolver.php (master) - Issues in master - iamfreee/laracasts-downloader - Measure and Improve Code Quality continuously with Scrutinizer

Issues (2)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

App/Http/Resolver.php (1 issue)

Labels

Severity

Minor 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php
/**
 * Http functions
 */

namespace App\Http;

use App\Downloader;
use App\Exceptions\NoDownloadLinkException;
use App\Exceptions\SubscriptionNotActiveException;
use App\Html\Parser;
use App\Utils\Utils;
use GuzzleHttp\Client;
use GuzzleHttp\Cookie\CookieJar;
use GuzzleHttp\Event\ProgressEvent;
use Ubench;

/**
 * Class Resolver
 * @package App\Http
 */
class Resolver
{
    /**
     * Guzzle client
     * @var Client
     */
    private $client;

    /**
     * Guzzle cookie
     * @var CookieJar
     */
    private $cookie;

    /**
     * Ubench lib
     * @var Ubench
     */
    private $bench;

    /**
     * Retry download on connection fail
     * @var int
     */
    private $retryDownload = false;

    /**
     * Receives dependencies
     *
     * @param Client $client
     * @param Ubench $bench
     * @param bool $retryDownload
     */
    public function __construct(Client $client, Ubench $bench, $retryDownload = false)
    {
        $this->client = $client;
        $this->cookie = new CookieJar();
        $this->bench = $bench;
        $this->retryDownload = $retryDownload;
$answer = 42;

$correct = false;

$correct = (bool) $answer;
    }

    /**
     * Grabs all lessons & series from the website.
     */
    public function getAllLessons()
    {
        $array = [];
        $html = $this->getAllPage();
        Parser::getAllLessons($html, $array);

        while ($nextPage = Parser::hasNextPage($html)) {
            $html = $this->client->get($nextPage, ['verify' => false])->getBody()->getContents();
            Parser::getAllLessons($html, $array);
        }

        Downloader::$currentLessonNumber = count($array['lessons']);

        return $array;
    }

    /**
     * Gets the latest lessons only.
     *
     * @return array
     *
     * @throws \Exception
     */
    public function getLatestLessons()
    {
        $array = [];

        $html = $this->getAllPage();
        Parser::getAllLessons($html, $array);

        return $array;
    }

    /**
     * Gets the html from the all page.
     *
     * @return string
     *
     * @throws \Exception
     */
    private function getAllPage()
    {
        $response = $this->client->get(LARACASTS_ALL_PATH, ['verify' => false]);

        return $response->getBody()->getContents();
    }

    /**
     * Tries to auth.
     *
     * @param $email
     * @param $password
     *
     * @return bool
     * @throws SubscriptionNotActiveException
     */
    public function doAuth($email, $password)
    {
        $response = $this->client->get(LARACASTS_LOGIN_PATH, [
            'cookies' => $this->cookie,
            'verify' => false
        ]);

        $token = Parser::getToken($response->getBody()->getContents());

        $response = $this->client->post(LARACASTS_POST_LOGIN_PATH, [
            'cookies' => $this->cookie,
            'body'    => [
                'email'    => $email,
                'password' => $password,
                '_token'   => $token,
                'remember' => 1,
            ],
            'verify' => false
        ]);

        $html = $response->getBody()->getContents();

        if (strpos($html, "Reactivate") !== FALSE) {
            throw new SubscriptionNotActiveException();
        }

        if(strpos($html, "The email must be a valid email address.") !== FALSE) {
            return false;
        }

        // user doesnt provided an email in the .env
        // laracasts redirects to login page again
        if(strpos($html, 'name="password"') !== FALSE) {
            return false;
        }

        return strpos($html, "verify your credentials.") === FALSE;
    }

    /**
     * Download the episode of the serie.
     *
     * @param $serie
     * @param $episode
     * @return bool
     */
    public function downloadSerieEpisode($serie, $episode)
    {
        $path = LARACASTS_SERIES_PATH . '/' . $serie . '/episodes/' . $episode;
        $episodePage = $this->getPage($path);
        $name = $this->getNameOfEpisode($episodePage, $path);
        $number = sprintf("%02d", $episode);
        $saveTo = BASE_FOLDER . '/' . SERIES_FOLDER . '/' . $serie . '/' . $number . '-' . $name . '.mp4';
        Utils::writeln(sprintf("Download started: %s . . . . Saving on " . SERIES_FOLDER . '/' . $serie . ' folder.',
            $number . ' - ' . $name
        ));

        return $this->downloadLessonFromPath($episodePage, $saveTo);
    }

    /**
     * Downloads the lesson.
     *
     * @param $lesson
     * @return bool
     */
    public function downloadLesson($lesson)
    {
        $path = LARACASTS_LESSONS_PATH . '/' . $lesson;
        $number = sprintf("%04d", Downloader::$totalLocalLessons + Downloader::$currentLessonNumber--);
        $saveTo = BASE_FOLDER . '/' . LESSONS_FOLDER . '/' . $number . '-' . $lesson . '.mp4';

        Utils::writeln(sprintf("Download started: %s . . . . Saving on " . LESSONS_FOLDER . ' folder.',
            $lesson
        ));
        $html = $this->getPage($path);
        return $this->downloadLessonFromPath($html, $saveTo);
    }

    /**
     * Helper function to get html of a page
     * @param $path
     * @return string
     */
    private function getPage($path) {
        return $this->client
            ->get($path, ['cookies' => $this->cookie, 'verify' => false])
            ->getBody()
            ->getContents();
    }

    /**
     * Helper to get the Location header.
     *
     * @param $url
     *
     * @return string
     */
    private function getRedirectUrl($url)
    {
        $response = $this->client->get($url, [
            'cookies'         => $this->cookie,
            'allow_redirects' => FALSE,
            'verify' => false
        ]);

        return $response->getHeader('Location');
    }

    /**
     * Gets the name of the serie episode.
     *
     * @param $html
     *
     * @param $path
     * @return string
     */
    private function getNameOfEpisode($html, $path)
    {
        $name = Parser::getNameOfEpisode($html, $path);

        return Utils::parseEpisodeName($name);
    }

    /**
     * Helper to download the video.
     *
     * @param $html
     * @param $saveTo
     * @return bool
     */
    private function downloadLessonFromPath($html, $saveTo)
    {
        try {
            $downloadUrl = Parser::getDownloadLink($html);
            $viemoUrl = $this->getRedirectUrl($downloadUrl);
            $finalUrl = $this->getRedirectUrl($viemoUrl);
        } catch(NoDownloadLinkException $e) {
            Utils::write(sprintf("Can't download this lesson! :( No download button"));

            try {
                Utils::write(sprintf("Tring to find a Wistia.net video"));
                $Wistia = new Wistia($html,$this->bench);
                $finalUrl = $Wistia->getDownloadUrl();
            } catch(NoDownloadLinkException $e) {
                return false;
            }

        }

        $this->bench->start();

        $retries = 0;
        while (true) {
            try {
                $downloadedBytes = file_exists($saveTo) ? filesize($saveTo) : 0;
                $req = $this->client->createRequest('GET', $finalUrl, [
                    'save_to' => fopen($saveTo, 'a'),
                    'verify' => false,
                    'headers' => [
                        'Range' => 'bytes=' . $downloadedBytes . '-'
                    ]
                ]);

                if (php_sapi_name() == "cli") { //on cli show progress
                    $req->getEmitter()->on('progress', function (ProgressEvent $e) use ($downloadedBytes) {
                        printf("> Total: %d%% Downloaded: %s of %s     \r",
                            Utils::getPercentage($e->downloaded + $downloadedBytes, $e->downloadSize),
                            Utils::formatBytes($e->downloaded + $downloadedBytes),
                            Utils::formatBytes($e->downloadSize));
                    });
                }

                $response = $this->client->send($req); 

                if(strpos($response->getHeader('Content-Type'), 'text/html') !== FALSE) {
                    Utils::writeln(sprintf("Got HTML instead of the video file, the subscription is probably inactive"));
                    throw new SubscriptionNotActiveException();
                } 

                break;  
            } catch (\Exception $e) {
                if (is_a($e, SubscriptionNotActiveException::class) || !$this->retryDownload || ($this->retryDownload && $retries >= 3)) {
                    throw $e;
                }
                ++$retries;
                Utils::writeln(sprintf("Retry download after connection fail!     "));
                continue;
            }
        }

        $this->bench->end();

        Utils::write(sprintf("Elapsed time: %s, Memory: %s         ",
            $this->bench->getTime(),
            $this->bench->getMemoryUsage()
        ));

        return true;
    }
}


1			<?php
2			/**
3			* Http functions
4			*/
5
6			namespace App\Http;
7
8			use App\Downloader;
9			use App\Exceptions\NoDownloadLinkException;
10			use App\Exceptions\SubscriptionNotActiveException;
11			use App\Html\Parser;
12			use App\Utils\Utils;
13			use GuzzleHttp\Client;
14			use GuzzleHttp\Cookie\CookieJar;
15			use GuzzleHttp\Event\ProgressEvent;
16			use Ubench;
17
18			/**
19			* Class Resolver
20			* @package App\Http
21			*/
22			class Resolver
23			{
24			/**
25			* Guzzle client
26			* @var Client
27			*/
28			private $client;
29
30			/**
31			* Guzzle cookie
32			* @var CookieJar
33			*/
34			private $cookie;
35
36			/**
37			* Ubench lib
38			* @var Ubench
39			*/
40			private $bench;
41
42			/**
43			* Retry download on connection fail
44			* @var int
45			*/
46			private $retryDownload = false;
47
48			/**
49			* Receives dependencies
50			*
51			* @param Client $client
52			* @param Ubench $bench
53			* @param bool $retryDownload
54			*/
55			public function __construct(Client $client, Ubench $bench, $retryDownload = false)
56			{
57			$this->client = $client;
58			$this->cookie = new CookieJar();
59			$this->bench = $bench;
60			$this->retryDownload = $retryDownload;
			0 ignored issues – show Documentation Bug introduced 2016-12-03 18:35 UTC by Report Bug Copy Issue Report Show Similar Issues like this The property `$retryDownload` was declared of type `integer`, but `$retryDownload` is of type `boolean`. Maybe add a type cast? This check looks for assignments to scalar types that may be of the wrong type. To ensure the code behaves as expected, it may be a good idea to add an explicit type cast. $answer = 42; $correct = false; $correct = (bool) $answer; Loading history...
61			}
62
63			/**
64			* Grabs all lessons & series from the website.
65			*/
66			public function getAllLessons()
67			{
68			$array = [];
69			$html = $this->getAllPage();
70			Parser::getAllLessons($html, $array);
71
72			while ($nextPage = Parser::hasNextPage($html)) {
73			$html = $this->client->get($nextPage, ['verify' => false])->getBody()->getContents();
74			Parser::getAllLessons($html, $array);
75			}
76
77			Downloader::$currentLessonNumber = count($array['lessons']);
78
79			return $array;
80			}
81
82			/**
83			* Gets the latest lessons only.
84			*
85			* @return array
86			*
87			* @throws \Exception
88			*/
89			public function getLatestLessons()
90			{
91			$array = [];
92
93			$html = $this->getAllPage();
94			Parser::getAllLessons($html, $array);
95
96			return $array;
97			}
98
99			/**
100			* Gets the html from the all page.
101			*
102			* @return string
103			*
104			* @throws \Exception
105			*/
106			private function getAllPage()
107			{
108			$response = $this->client->get(LARACASTS_ALL_PATH, ['verify' => false]);
109
110			return $response->getBody()->getContents();
111			}
112
113			/**
114			* Tries to auth.
115			*
116			* @param $email
117			* @param $password
118			*
119			* @return bool
120			* @throws SubscriptionNotActiveException
121			*/
122			public function doAuth($email, $password)
123			{
124			$response = $this->client->get(LARACASTS_LOGIN_PATH, [
125			'cookies' => $this->cookie,
126			'verify' => false
127			]);
128
129			$token = Parser::getToken($response->getBody()->getContents());
130
131			$response = $this->client->post(LARACASTS_POST_LOGIN_PATH, [
132			'cookies' => $this->cookie,
133			'body' => [
134			'email' => $email,
135			'password' => $password,
136			'_token' => $token,
137			'remember' => 1,
138			],
139			'verify' => false
140			]);
141
142			$html = $response->getBody()->getContents();
143
144			if (strpos($html, "Reactivate") !== FALSE) {
145			throw new SubscriptionNotActiveException();
146			}
147
148			if(strpos($html, "The email must be a valid email address.") !== FALSE) {
149			return false;
150			}
151
152			// user doesnt provided an email in the .env
153			// laracasts redirects to login page again
154			if(strpos($html, 'name="password"') !== FALSE) {
155			return false;
156			}
157
158			return strpos($html, "verify your credentials.") === FALSE;
159			}
160
161			/**
162			* Download the episode of the serie.
163			*
164			* @param $serie
165			* @param $episode
166			* @return bool
167			*/
168			public function downloadSerieEpisode($serie, $episode)
169			{
170			$path = LARACASTS_SERIES_PATH . '/' . $serie . '/episodes/' . $episode;
171			$episodePage = $this->getPage($path);
172			$name = $this->getNameOfEpisode($episodePage, $path);
173			$number = sprintf("%02d", $episode);
174			$saveTo = BASE_FOLDER . '/' . SERIES_FOLDER . '/' . $serie . '/' . $number . '-' . $name . '.mp4';
175			Utils::writeln(sprintf("Download started: %s . . . . Saving on " . SERIES_FOLDER . '/' . $serie . ' folder.',
176			$number . ' - ' . $name
177			));
178
179			return $this->downloadLessonFromPath($episodePage, $saveTo);
180			}
181
182			/**
183			* Downloads the lesson.
184			*
185			* @param $lesson
186			* @return bool
187			*/
188			public function downloadLesson($lesson)
189			{
190			$path = LARACASTS_LESSONS_PATH . '/' . $lesson;
191			$number = sprintf("%04d", Downloader::$totalLocalLessons + Downloader::$currentLessonNumber--);
192			$saveTo = BASE_FOLDER . '/' . LESSONS_FOLDER . '/' . $number . '-' . $lesson . '.mp4';
193
194			Utils::writeln(sprintf("Download started: %s . . . . Saving on " . LESSONS_FOLDER . ' folder.',
195			$lesson
196			));
197			$html = $this->getPage($path);
198			return $this->downloadLessonFromPath($html, $saveTo);
199			}
200
201			/**
202			* Helper function to get html of a page
203			* @param $path
204			* @return string
205			*/
206			private function getPage($path) {
207			return $this->client
208			->get($path, ['cookies' => $this->cookie, 'verify' => false])
209			->getBody()
210			->getContents();
211			}
212
213			/**
214			* Helper to get the Location header.
215			*
216			* @param $url
217			*
218			* @return string
219			*/
220			private function getRedirectUrl($url)
221			{
222			$response = $this->client->get($url, [
223			'cookies' => $this->cookie,
224			'allow_redirects' => FALSE,
225			'verify' => false
226			]);
227
228			return $response->getHeader('Location');
229			}
230
231			/**
232			* Gets the name of the serie episode.
233			*
234			* @param $html
235			*
236			* @param $path
237			* @return string
238			*/
239			private function getNameOfEpisode($html, $path)
240			{
241			$name = Parser::getNameOfEpisode($html, $path);
242
243			return Utils::parseEpisodeName($name);
244			}
245
246			/**
247			* Helper to download the video.
248			*
249			* @param $html
250			* @param $saveTo
251			* @return bool
252			*/
253			private function downloadLessonFromPath($html, $saveTo)
254			{
255			try {
256			$downloadUrl = Parser::getDownloadLink($html);
257			$viemoUrl = $this->getRedirectUrl($downloadUrl);
258			$finalUrl = $this->getRedirectUrl($viemoUrl);
259			} catch(NoDownloadLinkException $e) {
260			Utils::write(sprintf("Can't download this lesson! :( No download button"));
261
262			try {
263			Utils::write(sprintf("Tring to find a Wistia.net video"));
264			$Wistia = new Wistia($html,$this->bench);
265			$finalUrl = $Wistia->getDownloadUrl();
266			} catch(NoDownloadLinkException $e) {
267			return false;
268			}
269
270			}
271
272			$this->bench->start();
273
274			$retries = 0;
275			while (true) {
276			try {
277			$downloadedBytes = file_exists($saveTo) ? filesize($saveTo) : 0;
278			$req = $this->client->createRequest('GET', $finalUrl, [
279			'save_to' => fopen($saveTo, 'a'),
280			'verify' => false,
281			'headers' => [
282			'Range' => 'bytes=' . $downloadedBytes . '-'
283			]
284			]);
285
286			if (php_sapi_name() == "cli") { //on cli show progress
287			$req->getEmitter()->on('progress', function (ProgressEvent $e) use ($downloadedBytes) {
288			printf("> Total: %d%% Downloaded: %s of %s \r",
289			Utils::getPercentage($e->downloaded + $downloadedBytes, $e->downloadSize),
290			Utils::formatBytes($e->downloaded + $downloadedBytes),
291			Utils::formatBytes($e->downloadSize));
292			});
293			}
294
295			$response = $this->client->send($req);
296
297			if(strpos($response->getHeader('Content-Type'), 'text/html') !== FALSE) {
298			Utils::writeln(sprintf("Got HTML instead of the video file, the subscription is probably inactive"));
299			throw new SubscriptionNotActiveException();
300			}
301
302			break;
303			} catch (\Exception $e) {
304			if (is_a($e, SubscriptionNotActiveException::class) \|\| !$this->retryDownload \|\| ($this->retryDownload && $retries >= 3)) {
305			throw $e;
306			}
307			++$retries;
308			Utils::writeln(sprintf("Retry download after connection fail! "));
309			continue;
310			}
311			}
312
313			$this->bench->end();
314
315			Utils::write(sprintf("Elapsed time: %s, Memory: %s ",
316			$this->bench->getTime(),
317			$this->bench->getMemoryUsage()
318			));
319
320			return true;
321			}
322			}
323

iamfreee / laracasts-downloader

Issues (2)

Security Analysis no request data

App/Http/Resolver.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like