Issues in Emojify.php (master) - Issues in master - irazasyed/telegram-bot-sdk - Measure and Improve Code Quality continuously with Scrutinizer

Issues (19)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/Helpers/Emojify.php (5 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Telegram\Bot\Helpers;

use Telegram\Bot\Exceptions\TelegramEmojiMapFileNotFoundException;

class Emojify
{
    /**
     * @var Emojify The reference to *Singleton* instance of this class
     */
    private static $instance;

    /**
     * The path to the file containing the emoji map.
     *
     * @var string
     */
    const DEFAULT_EMOJI_MAP_FILE = '/../Storage/emoji.json';

    /**
     * The path to the file containing the emoji map.
     *
     * @var string
     */
    protected $emojiMapFile;

    /**
     * The array mapping words to emoji.
     *
     * @var array
     */
    protected $emojiMap;

    /**
     * The array mapping emoji back to words.
     *
     * @var array
     */
    protected $wordMap;

    /**
     * Protected Emojify constructor to prevent creating a new instance of the
     * *Singleton* via the `new` operator from outside of this class.
     *
     * @throws TelegramEmojiMapFileNotFoundException
     */
    protected function __construct()
    {
        $this->setupEmojiMaps();
    }

    /**
     * Returns the *Singleton* instance of this class.
     *
     * @return Emojify The *Singleton* instance.
     */
    public static function getInstance()
    {
        if (null === static::$instance) {
class YourClass
{
    private static $someVariable;

    public static function getSomeVariable()
    {
        return static::$someVariable;
    }
}
            static::$instance = new static();
class YourClass
{
    private static $someVariable;

    public static function getSomeVariable()
    {
        return static::$someVariable;
    }
}
        }

        return static::$instance;
class YourClass
{
    private static $someVariable;

    public static function getSomeVariable()
    {
        return static::$someVariable;
    }
}
    }

    /**
     * Set File Path to Emoji Map File.
     *
     * @param string $emojiMapFile
     *
     * @return Emojify
     */
    public function setEmojiMapFile($emojiMapFile)
    {
        $this->emojiMapFile = $emojiMapFile;
        $this->setupEmojiMaps();

        return $this;
    }

    /**
     * Translate Word to Emoji
     *
     * @param $text
     *
     * @return mixed
     */
    public function toEmoji($text)
    {
        return $this->replace($text, $this->emojiMap);
    }

    /**
     * Alias of toEmoji()
     *
     * @param $text
     *
     * @return mixed
     */
    public static function text($text)
    {
        return self::getInstance()->toEmoji($text);
    }

    /**
     * Translate Emoji to Word
     *
     * @param $text
     *
     * @return mixed
     */
    public function toWord($text)
    {
        return $this->replace($text, $this->wordMap, true);
    }

    /**
     * Alias of toWord()
     *
     * @param $text
     *
     * @return mixed
     */
    public static function translate($text)
    {
        return self::getInstance()->toWord($text);
    }

    /**
     * Replace
     *
     * @param        $line
     * @param        $replace
     * @param bool   $toWord
     * @param string $delimiter
     *
     * @return mixed
     */
    protected function replace($line, $replace, $toWord = false, $delimiter = ':')
    {
        if ($toWord) {
            return $this->emojiToWordReplace($line, $replace, $delimiter);
        }

        return $this->wordToEmojiReplace($line, $replace, $delimiter);
    }

    /**
     * Finds words enclosed by the delimiter and converts them to the
     * appropriate emoji character.
     *
     * @param $line
     * @param $replace
     * @param $delimiter
     *
     * @return mixed
     */
    protected function wordToEmojiReplace($line, $replace, $delimiter)

    {
        foreach ($replace as $key => $value) {
            $line = str_replace($delimiter.$key.$delimiter, $value, $line);
        }

        return $line;
    }

    /**
     * Finds emojis and replaces them with text enclosed by the delimiter
     *
     * @param $line
     * @param $replace
     * @param $delimiter
     *
     * @return mixed
     */
    protected function emojiToWordReplace($line, $replace, $delimiter)

    {
        foreach ($replace as $key => $value) {
            $line = str_replace($key, $delimiter.$value.$delimiter, $line);
        }

        return $line;
    }

    /**
     * Get Emoji Map Array.
     *
     * @return array
     * @throws TelegramEmojiMapFileNotFoundException
     */
    protected function getEmojiMap()
    {
        if (!isset($this->emojiMapFile)) {
            $this->emojiMapFile = realpath(__DIR__.self::DEFAULT_EMOJI_MAP_FILE);
        }

        if (!file_exists($this->emojiMapFile)) {
            throw new TelegramEmojiMapFileNotFoundException();
        }

        return json_decode(file_get_contents($this->emojiMapFile), true);
    }

    /**
     * Setup Emoji Maps.
     *
     * @throws TelegramEmojiMapFileNotFoundException
     */
    protected function setupEmojiMaps()
    {
        $this->emojiMap = $this->getEmojiMap();
        $this->wordMap = array_flip($this->emojiMap);
    }

    /**
     * Private clone method to prevent cloning of the instance of the
     * *Singleton* instance.
     *
     * @return void
     */
    private function __clone()
    {
    }

    /**
     * Private unserialize method to prevent unserializing of the *Singleton*
     * instance.
     *
     * @return void
     */
    private function __wakeup()
    {
    }
}


1			<?php
2
3			namespace Telegram\Bot\Helpers;
4
5			use Telegram\Bot\Exceptions\TelegramEmojiMapFileNotFoundException;
6
7			class Emojify
8			{
9			/**
10			* @var Emojify The reference to Singleton instance of this class
11			*/
12			private static $instance;
13
14			/**
15			* The path to the file containing the emoji map.
16			*
17			* @var string
18			*/
19			const DEFAULT_EMOJI_MAP_FILE = '/../Storage/emoji.json';
20
21			/**
22			* The path to the file containing the emoji map.
23			*
24			* @var string
25			*/
26			protected $emojiMapFile;
27
28			/**
29			* The array mapping words to emoji.
30			*
31			* @var array
32			*/
33			protected $emojiMap;
34
35			/**
36			* The array mapping emoji back to words.
37			*
38			* @var array
39			*/
40			protected $wordMap;
41
42			/**
43			* Protected Emojify constructor to prevent creating a new instance of the
44			* Singleton via the `new` operator from outside of this class.
45			*
46			* @throws TelegramEmojiMapFileNotFoundException
47			*/
48	12		protected function __construct()
49			{
50	12		$this->setupEmojiMaps();
51	12		}
52
53			/**
54			* Returns the Singleton instance of this class.
55			*
56			* @return Emojify The Singleton instance.
57			*/
58	12		public static function getInstance()
59			{
60	12		if (null === static::$instance) {
			0 ignored issues – show Bug introduced 2016-04-17 06:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Since `$instance` is declared private, accessing it with `static` will lead to errors in possible sub-classes; consider using `self`, or increasing the visibility of `$instance` to at least protected. Let’s assume you have a class which uses late-static binding: class YourClass { private static $someVariable; public static function getSomeVariable() { return static::$someVariable; } } The code above will run fine in your PHP runtime. However, if you now create a sub-class and call the `getSomeVariable()` on that sub-class, you will receive a runtime error: class YourSubClass extends YourClass { } YourSubClass::getSomeVariable(); // Will cause an access error. In the case above, it makes sense to update `SomeClass` to use `self` instead: class SomeClass { private static $someVariable; public static function getSomeVariable() { return self::$someVariable; // self works fine with private. } } Loading history...
61	12		static::$instance = new static();
			0 ignored issues – show Bug introduced 2016-04-17 06:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Since `$instance` is declared private, accessing it with `static` will lead to errors in possible sub-classes; consider using `self`, or increasing the visibility of `$instance` to at least protected. Let’s assume you have a class which uses late-static binding: class YourClass { private static $someVariable; public static function getSomeVariable() { return static::$someVariable; } } The code above will run fine in your PHP runtime. However, if you now create a sub-class and call the `getSomeVariable()` on that sub-class, you will receive a runtime error: class YourSubClass extends YourClass { } YourSubClass::getSomeVariable(); // Will cause an access error. In the case above, it makes sense to update `SomeClass` to use `self` instead: class SomeClass { private static $someVariable; public static function getSomeVariable() { return self::$someVariable; // self works fine with private. } } Loading history...
62	12		}
63
64	12		return static::$instance;
			0 ignored issues – show Bug introduced 2016-04-17 06:20 UTC by Report Bug Copy Issue Report Show Similar Issues like this Since `$instance` is declared private, accessing it with `static` will lead to errors in possible sub-classes; consider using `self`, or increasing the visibility of `$instance` to at least protected. Let’s assume you have a class which uses late-static binding: class YourClass { private static $someVariable; public static function getSomeVariable() { return static::$someVariable; } } The code above will run fine in your PHP runtime. However, if you now create a sub-class and call the `getSomeVariable()` on that sub-class, you will receive a runtime error: class YourSubClass extends YourClass { } YourSubClass::getSomeVariable(); // Will cause an access error. In the case above, it makes sense to update `SomeClass` to use `self` instead: class SomeClass { private static $someVariable; public static function getSomeVariable() { return self::$someVariable; // self works fine with private. } } Loading history...
65			}
66
67			/**
68			* Set File Path to Emoji Map File.
69			*
70			* @param string $emojiMapFile
71			*
72			* @return Emojify
73			*/
74	2		public function setEmojiMapFile($emojiMapFile)
75			{
76	2		$this->emojiMapFile = $emojiMapFile;
77	2		$this->setupEmojiMaps();
78
79			return $this;
80			}
81
82			/**
83			* Translate Word to Emoji
84			*
85			* @param $text
86			*
87			* @return mixed
88			*/
89	4		public function toEmoji($text)
90			{
91	4		return $this->replace($text, $this->emojiMap);
92			}
93
94			/**
95			* Alias of toEmoji()
96			*
97			* @param $text
98			*
99			* @return mixed
100			*/
101	4		public static function text($text)
102			{
103	4		return self::getInstance()->toEmoji($text);
104			}
105
106			/**
107			* Translate Emoji to Word
108			*
109			* @param $text
110			*
111			* @return mixed
112			*/
113	4		public function toWord($text)
114			{
115	4		return $this->replace($text, $this->wordMap, true);
116			}
117
118			/**
119			* Alias of toWord()
120			*
121			* @param $text
122			*
123			* @return mixed
124			*/
125	4		public static function translate($text)
126			{
127	4		return self::getInstance()->toWord($text);
128			}
129
130			/**
131			* Replace
132			*
133			* @param $line
134			* @param $replace
135			* @param bool $toWord
136			* @param string $delimiter
137			*
138			* @return mixed
139			*/
140	8		protected function replace($line, $replace, $toWord = false, $delimiter = ':')
141			{
142	8		if ($toWord) {
143	4		return $this->emojiToWordReplace($line, $replace, $delimiter);
144			}
145
146	4		return $this->wordToEmojiReplace($line, $replace, $delimiter);
147			}
148
149			/**
150			* Finds words enclosed by the delimiter and converts them to the
151			* appropriate emoji character.
152			*
153			* @param $line
154			* @param $replace
155			* @param $delimiter
156			*
157			* @return mixed
158			*/
159	4	View Code Duplication	protected function wordToEmojiReplace($line, $replace, $delimiter)
			0 ignored issues – show Duplication introduced 2017-09-13 21:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
160			{
161	4		foreach ($replace as $key => $value) {
162	4		$line = str_replace($delimiter.$key.$delimiter, $value, $line);
163	4		}
164
165	4		return $line;
166			}
167
168			/**
169			* Finds emojis and replaces them with text enclosed by the delimiter
170			*
171			* @param $line
172			* @param $replace
173			* @param $delimiter
174			*
175			* @return mixed
176			*/
177	4	View Code Duplication	protected function emojiToWordReplace($line, $replace, $delimiter)
			0 ignored issues – show Duplication introduced 2017-09-13 21:45 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
178			{
179	4		foreach ($replace as $key => $value) {
180	4		$line = str_replace($key, $delimiter.$value.$delimiter, $line);
181	4		}
182
183	4		return $line;
184			}
185
186			/**
187			* Get Emoji Map Array.
188			*
189			* @return array
190			* @throws TelegramEmojiMapFileNotFoundException
191			*/
192	12		protected function getEmojiMap()
193			{
194	12		if (!isset($this->emojiMapFile)) {
195	12		$this->emojiMapFile = realpath(__DIR__.self::DEFAULT_EMOJI_MAP_FILE);
196	12		}
197
198	12		if (!file_exists($this->emojiMapFile)) {
199	2		throw new TelegramEmojiMapFileNotFoundException();
200			}
201
202	12		return json_decode(file_get_contents($this->emojiMapFile), true);
203			}
204
205			/**
206			* Setup Emoji Maps.
207			*
208			* @throws TelegramEmojiMapFileNotFoundException
209			*/
210	12		protected function setupEmojiMaps()
211			{
212	12		$this->emojiMap = $this->getEmojiMap();
213	12		$this->wordMap = array_flip($this->emojiMap);
214	12		}
215
216			/**
217			* Private clone method to prevent cloning of the instance of the
218			* Singleton instance.
219			*
220			* @return void
221			*/
222			private function __clone()
223			{
224			}
225
226			/**
227			* Private unserialize method to prevent unserializing of the Singleton
228			* instance.
229			*
230			* @return void
231			*/
232			private function __wakeup()
233			{
234			}
235			}
236

irazasyed / telegram-bot-sdk

Issues (19)

Security Analysis no request data

src/Helpers/Emojify.php (5 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like