Issues in LoggerUtility.php (master) - Issues in master - iranianpep/botonomous - Measure and Improve Code Quality continuously with Scrutinizer

Issues (5)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Botonomous/utility/LoggerUtility.php (1 issue)

Labels

Severity

Major 1

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Botonomous\utility;

use Botonomous\BotonomousException;
use Monolog\Handler\StreamHandler;
use Monolog\Logger;
use Psr\Log\LoggerInterface;

/**
 * Class LoggerUtility.
 */
class LoggerUtility extends AbstractUtility
{
    const DATE_FORMAT = 'Y-m-d H:i:s';
    const TEMP_FOLDER = 'tmp';

    const DEBUG = 'debug';
    const INFO = 'info';
    const NOTICE = 'notice';
    const WARNING = 'warning';
    const ERROR = 'error';
    const CRITICAL = 'critical';
    const ALERT = 'alert';
    const EMERGENCY = 'emergency';

    const HANDLERS_KEY = 'handlers';

    public static $levels = [
        self::DEBUG,
        self::INFO,
        self::NOTICE,
        self::WARNING,
        self::ERROR,
        self::CRITICAL,
        self::ALERT,
        self::EMERGENCY,
    ];

    private $logger;

    /**
     * LoggerUtility constructor.
     *
     * @param null $config
     *
     * @throws \Exception
     */
    public function __construct($config = null)
    {
        parent::__construct($config);

        try {
            $this->initLogger();
        } catch (\Exception $e) {
            throw $e;
        }
    }

    /**
     * Init the logger.
     *
     * @throws \Exception
     */
    private function initLogger()
    {
        $monologConfig = $this->getMonologConfig();

        if (empty($monologConfig)) {
            throw new BotonomousException('Monolog config is missing');
        }

        $logger = new Logger($monologConfig['channel']);

        foreach (array_keys($monologConfig[self::HANDLERS_KEY]) as $value) {
            $logger = $this->pushMonologHandler($logger, $value);
        }

        $this->setLogger($logger);
    }

    /**
     * @throws \Exception
     *
     * @return mixed
     */
    private function getMonologConfig()
    {
        $loggerConfig = $this->getConfig()->get('logger');

        return !empty($loggerConfig['monolog']) ? $loggerConfig['monolog'] : false;
    }

    /**
     * @param Logger $logger
     * @param string $handlerKey
     *
     * @throws \Exception
     *
     * @return Logger
     */
    private function pushMonologHandler(Logger $logger, string $handlerKey): Logger
    {
        $activeHandlers = [];

        // if there are more $handlerKey, use switch
        if ($handlerKey === 'file') {
            $activeHandlers[] = new StreamHandler($this->getLogFilePath());

        }

        if (!empty($activeHandlers)) {
            foreach ($activeHandlers as $activeHandler) {
                $logger->pushHandler($activeHandler);
            }
        }

        return $logger;
    }

    /**
     * @throws \Exception
     *
     * @return false|string
     */
    public function getLogFilePath()
    {
        $monologConfigFile = $this->getMonologConfigFileName();
        if (empty($monologConfigFile)) {
            return false;
        }

        return $this->getTempDir().DIRECTORY_SEPARATOR.$monologConfigFile;
    }

    /**
     * @throws \Exception
     *
     * @return mixed
     */
    private function getMonologConfigFileName()
    {
        $monologConfig = $this->getMonologConfig();

        if (isset($monologConfig[self::HANDLERS_KEY]['file']['fileName'])) {
            return $monologConfig[self::HANDLERS_KEY]['file']['fileName'];
        }
    }

    /**
     * @return LoggerInterface
     */
    private function getLogger(): LoggerInterface
    {
        return $this->logger;
    }

    /**
     * @param LoggerInterface $logger
     */
    private function setLogger(LoggerInterface $logger)
    {
        $this->logger = $logger;
    }

    /**
     * @param string $function
     * @param string $message
     * @param string $channel
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logChat(string $function, string $message = '', string $channel = ''): bool
    {
        try {
            return $this->logInfo('Log Chat', [
                'function' => $function,
                'message'  => $message,
                'channel'  => $channel,
            ]);
        } catch (\Exception $e) {
            throw new BotonomousException($e->getMessage());
        }
    }

    /**
     * @throws \Exception
     *
     * @return bool
     */
    private function canLog(): bool
    {
        $loggerConfig = $this->getConfig()->get('logger');

        return empty($loggerConfig['enabled']) ? false : true;
    }

    /**
     * @throws \Exception
     *
     * @return string
     */
    public function getTempDir(): string
    {
        return dirname(__DIR__).DIRECTORY_SEPARATOR.self::TEMP_FOLDER;
    }

    /**
     * @param $function
     * @param string $message
     * @param $channel
     *
     * @return string
     */
    public function getLogContent(string $function, string $message, string $channel): string
    {
        return "{$function}|{$message}|{$channel}";
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logDebug(string $message, array $context = []): bool
    {
        return $this->log(self::DEBUG, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logInfo(string $message, array $context = []): bool
    {
        return $this->log(self::INFO, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logNotice(string $message, array $context = []): bool
    {
        return $this->log(self::NOTICE, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logWarning(string $message, array $context = []): bool
    {
        return $this->log(self::WARNING, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logError(string $message, array $context = []): bool
    {
        return $this->log(self::ERROR, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logCritical(string $message, array $context = []): bool
    {
        return $this->log(self::CRITICAL, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logAlert(string $message, array $context = []): bool
    {
        return $this->log(self::ALERT, $message, $context);
    }

    /**
     * @param string $message
     * @param array  $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function logEmergency(string $message, array $context = []): bool
    {
        return $this->log(self::EMERGENCY, $message, $context);
    }

    /**
     * @param string $level
     * @param $message
     * @param array $context
     *
     * @throws \Exception
     *
     * @return bool
     */
    public function log(string $level, string $message, array $context = []): bool
    {
        if ($this->canLog() !== true) {
            return false;
        }

        $logger = $this->getLogger();

        if (!in_array($level, self::$levels)) {
            throw new BotonomousException("'{$level}' is an invalid log level");
        }

        $logger->$level($message, $context);

        return true;
    }
}


1		<?php
2
3		namespace Botonomous\utility;
4
5		use Botonomous\BotonomousException;
6		use Monolog\Handler\StreamHandler;
7		use Monolog\Logger;
8		use Psr\Log\LoggerInterface;
9
10		/**
11		* Class LoggerUtility.
12		*/
13		class LoggerUtility extends AbstractUtility
14		{
15		const DATE_FORMAT = 'Y-m-d H:i:s';
16		const TEMP_FOLDER = 'tmp';
17
18		const DEBUG = 'debug';
19		const INFO = 'info';
20		const NOTICE = 'notice';
21		const WARNING = 'warning';
22		const ERROR = 'error';
23		const CRITICAL = 'critical';
24		const ALERT = 'alert';
25		const EMERGENCY = 'emergency';
26
27		const HANDLERS_KEY = 'handlers';
28
29		public static $levels = [
30		self::DEBUG,
31		self::INFO,
32		self::NOTICE,
33		self::WARNING,
34		self::ERROR,
35		self::CRITICAL,
36		self::ALERT,
37		self::EMERGENCY,
38		];
39
40		private $logger;
41
42		/**
43		* LoggerUtility constructor.
44		*
45		* @param null $config
46		*
47		* @throws \Exception
48		*/
49	23	public function __construct($config = null)
50		{
51	23	parent::__construct($config);
52
53		try {
54	23	$this->initLogger();
55	1	} catch (\Exception $e) {
56	1	throw $e;
57		}
58	22	}
59
60		/**
61		* Init the logger.
62		*
63		* @throws \Exception
64		*/
65	23	private function initLogger()
66		{
67	23	$monologConfig = $this->getMonologConfig();
68
69	23	if (empty($monologConfig)) {
70	1	throw new BotonomousException('Monolog config is missing');
71		}
72
73	22	$logger = new Logger($monologConfig['channel']);
74
75	22	foreach (array_keys($monologConfig[self::HANDLERS_KEY]) as $value) {
76	22	$logger = $this->pushMonologHandler($logger, $value);
77		}
78
79	22	$this->setLogger($logger);
80	22	}
81
82		/**
83		* @throws \Exception
84		*
85		* @return mixed
86		*/
87	23	private function getMonologConfig()
88		{
89	23	$loggerConfig = $this->getConfig()->get('logger');
90
91	23	return !empty($loggerConfig['monolog']) ? $loggerConfig['monolog'] : false;
92		}
93
94		/**
95		* @param Logger $logger
96		* @param string $handlerKey
97		*
98		* @throws \Exception
99		*
100		* @return Logger
101		*/
102	22	private function pushMonologHandler(Logger $logger, string $handlerKey): Logger
103		{
104	22	$activeHandlers = [];
105
106		// if there are more $handlerKey, use switch
107	22	if ($handlerKey === 'file') {
108	22	$activeHandlers[] = new StreamHandler($this->getLogFilePath());
		0 ignored issues – show Security Bug introduced 2017-06-03 08:18 UTC by Report Bug Copy Issue Report Show Similar Issues like this It seems like `$this->getLogFilePath()` targeting `Botonomous\utility\LoggerUtility::getLogFilePath()` can also be of type `false`; however, `Monolog\Handler\StreamHandler::__construct()` does only seem to accept `resource\|string`, did you maybe forget to handle an error condition? Loading history...
109		}
110
111	22	if (!empty($activeHandlers)) {
112	22	foreach ($activeHandlers as $activeHandler) {
113	22	$logger->pushHandler($activeHandler);
114		}
115		}
116
117	22	return $logger;
118		}
119
120		/**
121		* @throws \Exception
122		*
123		* @return false\|string
124		*/
125	22	public function getLogFilePath()
126		{
127	22	$monologConfigFile = $this->getMonologConfigFileName();
128	22	if (empty($monologConfigFile)) {
129		return false;
130		}
131
132	22	return $this->getTempDir().DIRECTORY_SEPARATOR.$monologConfigFile;
133		}
134
135		/**
136		* @throws \Exception
137		*
138		* @return mixed
139		*/
140	22	private function getMonologConfigFileName()
141		{
142	22	$monologConfig = $this->getMonologConfig();
143
144	22	if (isset($monologConfig[self::HANDLERS_KEY]['file']['fileName'])) {
145	22	return $monologConfig[self::HANDLERS_KEY]['file']['fileName'];
146		}
147		}
148
149		/**
150		* @return LoggerInterface
151		*/
152	19	private function getLogger(): LoggerInterface
153		{
154	19	return $this->logger;
155		}
156
157		/**
158		* @param LoggerInterface $logger
159		*/
160	22	private function setLogger(LoggerInterface $logger)
161		{
162	22	$this->logger = $logger;
163	22	}
164
165		/**
166		* @param string $function
167		* @param string $message
168		* @param string $channel
169		*
170		* @throws \Exception
171		*
172		* @return bool
173		*/
174	11	public function logChat(string $function, string $message = '', string $channel = ''): bool
175		{
176		try {
177	11	return $this->logInfo('Log Chat', [
178	11	'function' => $function,
179	11	'message' => $message,
180	11	'channel' => $channel,
181		]);
182		} catch (\Exception $e) {
183		throw new BotonomousException($e->getMessage());
184		}
185		}
186
187		/**
188		* @throws \Exception
189		*
190		* @return bool
191		*/
192	21	private function canLog(): bool
193		{
194	21	$loggerConfig = $this->getConfig()->get('logger');
195
196	21	return empty($loggerConfig['enabled']) ? false : true;
197		}
198
199		/**
200		* @throws \Exception
201		*
202		* @return string
203		*/
204	22	public function getTempDir(): string
205		{
206	22	return dirname(__DIR__).DIRECTORY_SEPARATOR.self::TEMP_FOLDER;
207		}
208
209		/**
210		* @param $function
211		* @param string $message
212		* @param $channel
213		*
214		* @return string
215		*/
216	1	public function getLogContent(string $function, string $message, string $channel): string
217		{
218	1	return "{$function}\|{$message}\|{$channel}";
219		}
220
221		/**
222		* @param string $message
223		* @param array $context
224		*
225		* @throws \Exception
226		*
227		* @return bool
228		*/
229	1	public function logDebug(string $message, array $context = []): bool
230		{
231	1	return $this->log(self::DEBUG, $message, $context);
232		}
233
234		/**
235		* @param string $message
236		* @param array $context
237		*
238		* @throws \Exception
239		*
240		* @return bool
241		*/
242	13	public function logInfo(string $message, array $context = []): bool
243		{
244	13	return $this->log(self::INFO, $message, $context);
245		}
246
247		/**
248		* @param string $message
249		* @param array $context
250		*
251		* @throws \Exception
252		*
253		* @return bool
254		*/
255	1	public function logNotice(string $message, array $context = []): bool
256		{
257	1	return $this->log(self::NOTICE, $message, $context);
258		}
259
260		/**
261		* @param string $message
262		* @param array $context
263		*
264		* @throws \Exception
265		*
266		* @return bool
267		*/
268	1	public function logWarning(string $message, array $context = []): bool
269		{
270	1	return $this->log(self::WARNING, $message, $context);
271		}
272
273		/**
274		* @param string $message
275		* @param array $context
276		*
277		* @throws \Exception
278		*
279		* @return bool
280		*/
281	1	public function logError(string $message, array $context = []): bool
282		{
283	1	return $this->log(self::ERROR, $message, $context);
284		}
285
286		/**
287		* @param string $message
288		* @param array $context
289		*
290		* @throws \Exception
291		*
292		* @return bool
293		*/
294	1	public function logCritical(string $message, array $context = []): bool
295		{
296	1	return $this->log(self::CRITICAL, $message, $context);
297		}
298
299		/**
300		* @param string $message
301		* @param array $context
302		*
303		* @throws \Exception
304		*
305		* @return bool
306		*/
307	1	public function logAlert(string $message, array $context = []): bool
308		{
309	1	return $this->log(self::ALERT, $message, $context);
310		}
311
312		/**
313		* @param string $message
314		* @param array $context
315		*
316		* @throws \Exception
317		*
318		* @return bool
319		*/
320	1	public function logEmergency(string $message, array $context = []): bool
321		{
322	1	return $this->log(self::EMERGENCY, $message, $context);
323		}
324
325		/**
326		* @param string $level
327		* @param $message
328		* @param array $context
329		*
330		* @throws \Exception
331		*
332		* @return bool
333		*/
334	21	public function log(string $level, string $message, array $context = []): bool
335		{
336	21	if ($this->canLog() !== true) {
337	2	return false;
338		}
339
340	19	$logger = $this->getLogger();
341
342	19	if (!in_array($level, self::$levels)) {
343	1	throw new BotonomousException("'{$level}' is an invalid log level");
344		}
345
346	18	$logger->$level($message, $context);
347
348	18	return true;
349		}
350		}
351

iranianpep / botonomous

Issues (5)

Security Analysis no request data

src/Botonomous/utility/LoggerUtility.php (1 issue)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like