Issues in Response.php (master) - Issues in master - igniphp/network - Measure and Improve Code Quality continuously with Scrutinizer

Issues (9)

Security Analysis not enabled

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Http/Response.php (3 issues)

Labels

Severity

Major 3

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php declare(strict_types=1);

namespace Igni\Network\Http;

use DOMDocument;
use Igni\Exception\RuntimeException;
use Igni\Network\Exception\InvalidArgumentException;
use JsonSerializable;
use Psr\Http\Message\ResponseInterface;
use Psr\Http\Message\StreamInterface;
use SimpleXMLElement;
use Zend\Diactoros\MessageTrait;

use function is_array;
use function is_string;
use function json_encode;

/**
 * PSR-7 implementation of ResponseInterface.
 * Utilizes zend/diactoros implementation.
 *
 * @see ResponseInterface
 * @package Igni\Http
 */
class Response implements ResponseInterface
{
    use MessageTrait;

    const HTTP_CONTINUE = 100;
    const HTTP_SWITCHING_PROTOCOLS = 101;
    const HTTP_PROCESSING = 102;
    const HTTP_OK = 200;
    const HTTP_CREATED = 201;
    const HTTP_ACCEPTED = 202;
    const HTTP_NON_AUTHORITATIVE_INFORMATION = 203;
    const HTTP_NO_CONTENT = 204;
    const HTTP_RESET_CONTENT = 205;
    const HTTP_PARTIAL_CONTENT = 206;
    const HTTP_MULTI_STATUS = 207;
    const HTTP_ALREADY_REPORTED = 208;
    const HTTP_IM_USED = 226;
    const HTTP_MULTIPLE_CHOICES = 300;
    const HTTP_MOVED_PERMANENTLY = 301;
    const HTTP_FOUND = 302;
    const HTTP_SEE_OTHER = 303;
    const HTTP_NOT_MODIFIED = 304;
    const HTTP_USE_PROXY = 305;
    const HTTP_RESERVED = 306;
    const HTTP_TEMPORARY_REDIRECT = 307;
    const HTTP_PERMANENTLY_REDIRECT = 308;
    const HTTP_BAD_REQUEST = 400;
    const HTTP_UNAUTHORIZED = 401;
    const HTTP_PAYMENT_REQUIRED = 402;
    const HTTP_FORBIDDEN = 403;
    const HTTP_NOT_FOUND = 404;
    const HTTP_METHOD_NOT_ALLOWED = 405;
    const HTTP_NOT_ACCEPTABLE = 406;
    const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
    const HTTP_REQUEST_TIMEOUT = 408;
    const HTTP_CONFLICT = 409;
    const HTTP_GONE = 410;
    const HTTP_LENGTH_REQUIRED = 411;
    const HTTP_PRECONDITION_FAILED = 412;
    const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
    const HTTP_REQUEST_URI_TOO_LONG = 414;
    const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
    const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
    const HTTP_EXPECTATION_FAILED = 417;
    const HTTP_I_AM_A_TEAPOT = 418;
    const HTTP_MISDIRECTED_REQUEST = 421;
    const HTTP_UNPROCESSABLE_ENTITY = 422;
    const HTTP_LOCKED = 423;
    const HTTP_FAILED_DEPENDENCY = 424;
    const HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL = 425;
    const HTTP_UPGRADE_REQUIRED = 426;
    const HTTP_PRECONDITION_REQUIRED = 428;
    const HTTP_TOO_MANY_REQUESTS = 429;
    const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431;
    const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451;
    const HTTP_INTERNAL_SERVER_ERROR = 500;
    const HTTP_NOT_IMPLEMENTED = 501;
    const HTTP_BAD_GATEWAY = 502;
    const HTTP_SERVICE_UNAVAILABLE = 503;
    const HTTP_GATEWAY_TIMEOUT = 504;
    const HTTP_VERSION_NOT_SUPPORTED = 505;
    const HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL = 506;
    const HTTP_INSUFFICIENT_STORAGE = 507;
    const HTTP_LOOP_DETECTED = 508;
    const HTTP_NOT_EXTENDED = 510;
    const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511;

    /**
     * Map of standard HTTP status code/reason phrases
     *
     * @var array
     */
    private static $phrases = [
        // INFORMATIONAL CODES
        100 => 'Continue',
        101 => 'Switching Protocols',
        102 => 'Processing',
        // SUCCESS CODES
        200 => 'OK',
        201 => 'Created',
        202 => 'Accepted',
        203 => 'Non-Authoritative Information',
        204 => 'No Content',
        205 => 'Reset Content',
        206 => 'Partial Content',
        207 => 'Multi-status',
        208 => 'Already Reported',
        // REDIRECTION CODES
        300 => 'Multiple Choices',
        301 => 'Moved Permanently',
        302 => 'Found',
        303 => 'See Other',
        304 => 'Not Modified',
        305 => 'Use Proxy',
        306 => 'Switch Proxy', // Deprecated
        307 => 'Temporary Redirect',
        // CLIENT ERROR
        400 => 'Bad Request',
        401 => 'Unauthorized',
        402 => 'Payment Required',
        403 => 'Forbidden',
        404 => 'Not Found',
        405 => 'Method Not Allowed',
        406 => 'Not Acceptable',
        407 => 'Proxy Authentication Required',
        408 => 'Request Time-out',
        409 => 'Conflict',
        410 => 'Gone',
        411 => 'Length Required',
        412 => 'Precondition Failed',
        413 => 'Request Entity Too Large',
        414 => 'Request-URI Too Large',
        415 => 'Unsupported Media Property',
        416 => 'Requested range not satisfiable',
        417 => 'Expectation Failed',
        418 => 'I\'m a teapot',
        422 => 'Unprocessable Entity',
        423 => 'Locked',
        424 => 'Failed Dependency',
        425 => 'Unordered Collection',
        426 => 'Upgrade Required',
        428 => 'Precondition Required',
        429 => 'Too Many Requests',
        431 => 'Request Header Fields Too Large',
        // SERVER ERROR
        500 => 'Internal Server Error',
        501 => 'Not Implemented',
        502 => 'Bad Gateway',
        503 => 'Service Unavailable',
        504 => 'Gateway Time-out',
        505 => 'HTTP Version not supported',
        506 => 'Variant Also Negotiates',
        507 => 'Insufficient Storage',
        508 => 'Loop Detected',
        511 => 'Network Authentication Required',
    ];

    /**
     * @var string
     */
    private $reasonPhrase = '';

    /**
     * @var int
     */
    private $statusCode;

    /**
     * @var bool
     */
    private $complete = false;

    /**
     * @param string|resource|StreamInterface $body Stream identifier and/or actual stream resource
     * @param int $status Status code for the response, if any.
     * @param array $headers Headers for the response, if any.
     * @throws \InvalidArgumentException on any invalid element.
     */
    public function __construct($body = '', int $status = self::HTTP_OK, array $headers = [])
    {
        $this->stream = Stream::create($body, 'wb+');

        $this->statusCode = $status;
        $this->reasonPhrase = self::$phrases[$this->statusCode];
        $this->setHeaders($headers);
    }

    /**
     * Writes content to the response body
     *
     * @param string $body
     * @return $this
     */
    public function write(string $body)
    {
        if ($this->complete) {
            throw new RuntimeException('Cannot write to the response, response is already completed.');
        }

        $this->getBody()->write($body);
        return $this;
    }

    /**
     * Ends and closes response.
     *
     * @return $this
     */
    public function end()
    {
        if ($this->complete) {
            return $this;
        }

        $this->complete = true;

        return $this;
    }

    public function isComplete(): bool
    {
        return $this->complete;
    }

    /**
     * {@inheritdoc}
     */
    public function getStatusCode()
    {
        return $this->statusCode;
    }

    /**
     * {@inheritdoc}
     */
    public function getReasonPhrase()
    {
        if (!$this->reasonPhrase && isset(self::$phrases[$this->statusCode])) {
            $this->reasonPhrase = self::$phrases[$this->statusCode];
        }

        return $this->reasonPhrase;
    }

    /**
     * {@inheritdoc}
     */
    public function withStatus($code, $reasonPhrase = '')
    {
        $new = clone $this;
        $new->statusCode = $code;
        $new->reasonPhrase = $reasonPhrase;
        return $new;
    }

    /**
     * Factories response instance from json data.
     *
     * @param array|\JsonSerializable $data
     * @param int $status
     * @param array $headers
     * @return Response
     * @throws InvalidArgumentException
     */
    public static function asJson($data, int $status = self::HTTP_OK, array $headers = [])
    {
        if (! $data instanceof JsonSerializable && !is_array($data)) {

            throw new InvalidArgumentException('Invalid $data provided, method expects array or instance of \JsonSerializable.');
        }

        $headers['Content-Type'] = 'application/json';

        $body = json_encode($data, JSON_HEX_TAG | JSON_HEX_APOS | JSON_HEX_QUOT | JSON_UNESCAPED_SLASHES);
        return new Response($body, $status, $headers);
    }

    /**
     * Factories response instance from text.
     *
     * @param string $text
     * @param int $status
     * @param array $headers
     * @return Response
     */
    public static function asText(string $text, int $status = self::HTTP_OK, array $headers = []): Response
    {
        $headers['Content-Type'] = 'text/plain';
        return new Response($text, $status, $headers);
    }

    /**
     * Factories response from html text.
     *
     * @param string $html
     * @param int $status
     * @param array $headers
     * @return Response
     */
    public static function asHtml(string $html, int $status = self::HTTP_OK, array $headers = [])
    {
        $headers['Content-Type'] = 'text/html';
        return new Response($html, $status, $headers);
    }

    /**
     * Factories xml response.
     *
     * @param SimpleXMLElement|DOMDocument|string $data
     * @param int $status
     * @param array $headers
     * @return Response
     * @throws InvalidArgumentException
     */
    public static function asXml($data, int $status = self::HTTP_OK, array $headers = [])
    {
        if ($data instanceof SimpleXMLElement) {
            $body = $data->asXML();
        } elseif ($data instanceof DOMDocument) {
            $body = $data->saveXML();
        } elseif (is_string($data)) {
            $body = $data;
        } else {
            throw new InvalidArgumentException('Invalid $data provided, method expects valid string or instance of \SimpleXMLElement, \DOMDocument');
        }

        $headers['Content-Type'] = 'text/xml';
        return new Response($body, $status, $headers);
<?php

function getDate($date)
{
    if ($date !== null) {
        return new DateTime($date);
    }

    return false;
}
    }

    /**
     * Factories empty response.
     *
     * @param int $status
     * @param array $headers
     * @return Response
     */
    public static function empty(int $status = self::HTTP_OK, array $headers = [])
    {
        $headers['Content-Type'] = 'text/plain';
        return new Response('', $status, $headers);
    }
}


1		<?php declare(strict_types=1);
2
3		namespace Igni\Network\Http;
4
5		use DOMDocument;
6		use Igni\Exception\RuntimeException;
7		use Igni\Network\Exception\InvalidArgumentException;
8		use JsonSerializable;
9		use Psr\Http\Message\ResponseInterface;
10		use Psr\Http\Message\StreamInterface;
11		use SimpleXMLElement;
12		use Zend\Diactoros\MessageTrait;
13
14		use function is_array;
15		use function is_string;
16		use function json_encode;
17
18		/**
19		* PSR-7 implementation of ResponseInterface.
20		* Utilizes zend/diactoros implementation.
21		*
22		* @see ResponseInterface
23		* @package Igni\Http
24		*/
25		class Response implements ResponseInterface
26		{
27		use MessageTrait;
28
29		const HTTP_CONTINUE = 100;
30		const HTTP_SWITCHING_PROTOCOLS = 101;
31		const HTTP_PROCESSING = 102;
32		const HTTP_OK = 200;
33		const HTTP_CREATED = 201;
34		const HTTP_ACCEPTED = 202;
35		const HTTP_NON_AUTHORITATIVE_INFORMATION = 203;
36		const HTTP_NO_CONTENT = 204;
37		const HTTP_RESET_CONTENT = 205;
38		const HTTP_PARTIAL_CONTENT = 206;
39		const HTTP_MULTI_STATUS = 207;
40		const HTTP_ALREADY_REPORTED = 208;
41		const HTTP_IM_USED = 226;
42		const HTTP_MULTIPLE_CHOICES = 300;
43		const HTTP_MOVED_PERMANENTLY = 301;
44		const HTTP_FOUND = 302;
45		const HTTP_SEE_OTHER = 303;
46		const HTTP_NOT_MODIFIED = 304;
47		const HTTP_USE_PROXY = 305;
48		const HTTP_RESERVED = 306;
49		const HTTP_TEMPORARY_REDIRECT = 307;
50		const HTTP_PERMANENTLY_REDIRECT = 308;
51		const HTTP_BAD_REQUEST = 400;
52		const HTTP_UNAUTHORIZED = 401;
53		const HTTP_PAYMENT_REQUIRED = 402;
54		const HTTP_FORBIDDEN = 403;
55		const HTTP_NOT_FOUND = 404;
56		const HTTP_METHOD_NOT_ALLOWED = 405;
57		const HTTP_NOT_ACCEPTABLE = 406;
58		const HTTP_PROXY_AUTHENTICATION_REQUIRED = 407;
59		const HTTP_REQUEST_TIMEOUT = 408;
60		const HTTP_CONFLICT = 409;
61		const HTTP_GONE = 410;
62		const HTTP_LENGTH_REQUIRED = 411;
63		const HTTP_PRECONDITION_FAILED = 412;
64		const HTTP_REQUEST_ENTITY_TOO_LARGE = 413;
65		const HTTP_REQUEST_URI_TOO_LONG = 414;
66		const HTTP_UNSUPPORTED_MEDIA_TYPE = 415;
67		const HTTP_REQUESTED_RANGE_NOT_SATISFIABLE = 416;
68		const HTTP_EXPECTATION_FAILED = 417;
69		const HTTP_I_AM_A_TEAPOT = 418;
70		const HTTP_MISDIRECTED_REQUEST = 421;
71		const HTTP_UNPROCESSABLE_ENTITY = 422;
72		const HTTP_LOCKED = 423;
73		const HTTP_FAILED_DEPENDENCY = 424;
74		const HTTP_RESERVED_FOR_WEBDAV_ADVANCED_COLLECTIONS_EXPIRED_PROPOSAL = 425;
75		const HTTP_UPGRADE_REQUIRED = 426;
76		const HTTP_PRECONDITION_REQUIRED = 428;
77		const HTTP_TOO_MANY_REQUESTS = 429;
78		const HTTP_REQUEST_HEADER_FIELDS_TOO_LARGE = 431;
79		const HTTP_UNAVAILABLE_FOR_LEGAL_REASONS = 451;
80		const HTTP_INTERNAL_SERVER_ERROR = 500;
81		const HTTP_NOT_IMPLEMENTED = 501;
82		const HTTP_BAD_GATEWAY = 502;
83		const HTTP_SERVICE_UNAVAILABLE = 503;
84		const HTTP_GATEWAY_TIMEOUT = 504;
85		const HTTP_VERSION_NOT_SUPPORTED = 505;
86		const HTTP_VARIANT_ALSO_NEGOTIATES_EXPERIMENTAL = 506;
87		const HTTP_INSUFFICIENT_STORAGE = 507;
88		const HTTP_LOOP_DETECTED = 508;
89		const HTTP_NOT_EXTENDED = 510;
90		const HTTP_NETWORK_AUTHENTICATION_REQUIRED = 511;
91
92		/**
93		* Map of standard HTTP status code/reason phrases
94		*
95		* @var array
96		*/
97		private static $phrases = [
98		// INFORMATIONAL CODES
99		100 => 'Continue',
100		101 => 'Switching Protocols',
101		102 => 'Processing',
102		// SUCCESS CODES
103		200 => 'OK',
104		201 => 'Created',
105		202 => 'Accepted',
106		203 => 'Non-Authoritative Information',
107		204 => 'No Content',
108		205 => 'Reset Content',
109		206 => 'Partial Content',
110		207 => 'Multi-status',
111		208 => 'Already Reported',
112		// REDIRECTION CODES
113		300 => 'Multiple Choices',
114		301 => 'Moved Permanently',
115		302 => 'Found',
116		303 => 'See Other',
117		304 => 'Not Modified',
118		305 => 'Use Proxy',
119		306 => 'Switch Proxy', // Deprecated
120		307 => 'Temporary Redirect',
121		// CLIENT ERROR
122		400 => 'Bad Request',
123		401 => 'Unauthorized',
124		402 => 'Payment Required',
125		403 => 'Forbidden',
126		404 => 'Not Found',
127		405 => 'Method Not Allowed',
128		406 => 'Not Acceptable',
129		407 => 'Proxy Authentication Required',
130		408 => 'Request Time-out',
131		409 => 'Conflict',
132		410 => 'Gone',
133		411 => 'Length Required',
134		412 => 'Precondition Failed',
135		413 => 'Request Entity Too Large',
136		414 => 'Request-URI Too Large',
137		415 => 'Unsupported Media Property',
138		416 => 'Requested range not satisfiable',
139		417 => 'Expectation Failed',
140		418 => 'I\'m a teapot',
141		422 => 'Unprocessable Entity',
142		423 => 'Locked',
143		424 => 'Failed Dependency',
144		425 => 'Unordered Collection',
145		426 => 'Upgrade Required',
146		428 => 'Precondition Required',
147		429 => 'Too Many Requests',
148		431 => 'Request Header Fields Too Large',
149		// SERVER ERROR
150		500 => 'Internal Server Error',
151		501 => 'Not Implemented',
152		502 => 'Bad Gateway',
153		503 => 'Service Unavailable',
154		504 => 'Gateway Time-out',
155		505 => 'HTTP Version not supported',
156		506 => 'Variant Also Negotiates',
157		507 => 'Insufficient Storage',
158		508 => 'Loop Detected',
159		511 => 'Network Authentication Required',
160		];
161
162		/**
163		* @var string
164		*/
165		private $reasonPhrase = '';
166
167		/**
168		* @var int
169		*/
170		private $statusCode;
171
172		/**
173		* @var bool
174		*/
175		private $complete = false;
176
177		/**
178		* @param string\|resource\|StreamInterface $body Stream identifier and/or actual stream resource
179		* @param int $status Status code for the response, if any.
180		* @param array $headers Headers for the response, if any.
181		* @throws \InvalidArgumentException on any invalid element.
182		*/
183	16	public function __construct($body = '', int $status = self::HTTP_OK, array $headers = [])
184		{
185	16	$this->stream = Stream::create($body, 'wb+');
		0 ignored issues – show Documentation Bug introduced 2018-09-13 17:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `\Igni\Network\Http\Stream::create($body, 'wb+')` of type `object<self>` is incompatible with the declared type `object<Psr\Http\Message\StreamInterface>` of property `$stream`. Our type inference engine has found an assignment to a property that is incompatible with the declared type of that property. Either this assignment is in error or the assigned type should be added to the documentation/type hint for that property.. Loading history...
186	16	$this->statusCode = $status;
187	16	$this->reasonPhrase = self::$phrases[$this->statusCode];
188	16	$this->setHeaders($headers);
189	16	}
190
191		/**
192		* Writes content to the response body
193		*
194		* @param string $body
195		* @return $this
196		*/
197	1	public function write(string $body)
198		{
199	1	if ($this->complete) {
200	1	throw new RuntimeException('Cannot write to the response, response is already completed.');
201		}
202
203	1	$this->getBody()->write($body);
204	1	return $this;
205		}
206
207		/**
208		* Ends and closes response.
209		*
210		* @return $this
211		*/
212	1	public function end()
213		{
214	1	if ($this->complete) {
215		return $this;
216		}
217
218	1	$this->complete = true;
219
220	1	return $this;
221		}
222
223	1	public function isComplete(): bool
224		{
225	1	return $this->complete;
226		}
227
228		/**
229		* {@inheritdoc}
230		*/
231	13	public function getStatusCode()
232		{
233	13	return $this->statusCode;
234		}
235
236		/**
237		* {@inheritdoc}
238		*/
239		public function getReasonPhrase()
240		{
241		if (!$this->reasonPhrase && isset(self::$phrases[$this->statusCode])) {
242		$this->reasonPhrase = self::$phrases[$this->statusCode];
243		}
244
245		return $this->reasonPhrase;
246		}
247
248		/**
249		* {@inheritdoc}
250		*/
251	1	public function withStatus($code, $reasonPhrase = '')
252		{
253	1	$new = clone $this;
254	1	$new->statusCode = $code;
255	1	$new->reasonPhrase = $reasonPhrase;
256	1	return $new;
257		}
258
259		/**
260		* Factories response instance from json data.
261		*
262		* @param array\|\JsonSerializable $data
263		* @param int $status
264		* @param array $headers
265		* @return Response
266		* @throws InvalidArgumentException
267		*/
268	4	public static function asJson($data, int $status = self::HTTP_OK, array $headers = [])
269		{
270	4	if (! $data instanceof JsonSerializable && !is_array($data)) {
		0 ignored issues – show Bug introduced 2018-09-13 16:21 UTC by Report Bug Copy Issue Report Show Similar Issues like this The class `JsonSerializable` does not exist. Is this class maybe located in a folder that is not analyzed, or in a newer version of your dependencies than listed in your composer.lock/composer.json? Loading history...
271	1	throw new InvalidArgumentException('Invalid $data provided, method expects array or instance of \JsonSerializable.');
272		}
273
274	3	$headers['Content-Type'] = 'application/json';
275
276	3	$body = json_encode($data, JSON_HEX_TAG \| JSON_HEX_APOS \| JSON_HEX_QUOT \| JSON_UNESCAPED_SLASHES);
277	3	return new Response($body, $status, $headers);
278		}
279
280		/**
281		* Factories response instance from text.
282		*
283		* @param string $text
284		* @param int $status
285		* @param array $headers
286		* @return Response
287		*/
288	4	public static function asText(string $text, int $status = self::HTTP_OK, array $headers = []): Response
289		{
290	4	$headers['Content-Type'] = 'text/plain';
291	4	return new Response($text, $status, $headers);
292		}
293
294		/**
295		* Factories response from html text.
296		*
297		* @param string $html
298		* @param int $status
299		* @param array $headers
300		* @return Response
301		*/
302	1	public static function asHtml(string $html, int $status = self::HTTP_OK, array $headers = [])
303		{
304	1	$headers['Content-Type'] = 'text/html';
305	1	return new Response($html, $status, $headers);
306		}
307
308		/**
309		* Factories xml response.
310		*
311		* @param SimpleXMLElement\|DOMDocument\|string $data
312		* @param int $status
313		* @param array $headers
314		* @return Response
315		* @throws InvalidArgumentException
316		*/
317	4	public static function asXml($data, int $status = self::HTTP_OK, array $headers = [])
318		{
319	4	if ($data instanceof SimpleXMLElement) {
320	1	$body = $data->asXML();
321	3	} elseif ($data instanceof DOMDocument) {
322	1	$body = $data->saveXML();
323	2	} elseif (is_string($data)) {
324	1	$body = $data;
325		} else {
326	1	throw new InvalidArgumentException('Invalid $data provided, method expects valid string or instance of \SimpleXMLElement, \DOMDocument');
327		}
328
329	3	$headers['Content-Type'] = 'text/xml';
330	3	return new Response($body, $status, $headers);
		0 ignored issues – show Security Bug introduced 2018-09-13 17:54 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$body` defined by `$data->asXML()` on line `320` can also be of type `false`; however, `Igni\Network\Http\Response::__construct()` does only seem to accept `string\|resource\|object<P...essage\StreamInterface>`, did you maybe forget to handle an error condition? This check looks for type mismatches where the missing type is `false`. This is usually indicative of an error condtion. Consider the follow example <?php function getDate($date) { if ($date !== null) { return new DateTime($date); } return false; } This function either returns a new `DateTime` object or false, if there was an error. This is a typical pattern in PHP programming to show that an error has occurred without raising an exception. The calling code should check for this returned `false` before passing on the value to another function or method that may not be able to handle a `false`. Loading history...
331		}
332
333		/**
334		* Factories empty response.
335		*
336		* @param int $status
337		* @param array $headers
338		* @return Response
339		*/
340	5	public static function empty(int $status = self::HTTP_OK, array $headers = [])
341		{
342	5	$headers['Content-Type'] = 'text/plain';
343	5	return new Response('', $status, $headers);
344		}
345		}
346

igniphp / network

Issues (9)

Security Analysis not enabled

src/Http/Response.php (3 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like