Issues in Railguns.php (master) - Issues in master - jamesryanbell/cloudflare - Measure and Improve Code Quality continuously with Scrutinizer

Issues (86)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/CloudFlare/Organizations/Railguns.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Cloudflare\Organizations;

use Cloudflare\Api;

/**
 * CloudFlare API wrapper
 *
 * Organization Railgun
 * CloudFlare Railgun for Organizations
 *
 * @author James Bell <[email protected]>
 *
 * @version 1
 */
class Railguns extends Api
{
    /**
     * Create Railgun (permission needed: #organization:edit)
     *
     * @param string $organization_identifier Organization identifier tag
     * @param string $name                    Readable identifier of the railgun
     */
    public function create($organization_identifier, $name)
    {
        $data = [
            'name' => $name,
        ];

        return $this->post('/organizations/'.$organization_identifier.'/railguns', $data);
    }

    /**
     * List Railguns (permission needed: #organization:read)
     * List, search, sort and filter your Railguns
     *
     * @param string      $organization_identifier Organization identifier tag
     * @param int|null    $page                    Page number of paginated results
     * @param int|null    $per_page                Number of items per page
     * @param string|null $direction               Direction to order Railguns (asc, desc)
     */
    public function railguns($organization_identifier, $page = null, $per_page = null, $direction = null)

    {
        $data = [
            'page'      => $page,
            'per_page'  => $per_page,
            'direction' => $direction,
        ];

        return $this->get('/organizations/'.$organization_identifier.'/railguns', $data);
    }

    /**
     * Railgun details (permission needed: #organization:read)
     *
     * @param string $organization_identifier Organization identifier tag
     * @param string $identifier              API item identifier tag
     */
    public function details($organization_identifier, $identifier)
    {
        return $this->get('/organizations/'.$organization_identifier.'/railguns/'.$identifier);
    }

    /**
     * Get zones connected to a Railgun (permission needed: #organization:read)
     * The zones that are currently using this Railgun
     *
     * @param string $organization_identifier Organization identifier tag
     * @param string $identifier              API item identifier tag
     */
    public function zones($organization_identifier, $identifier)
    {
        return $this->get('/organizations/'.$organization_identifier.'/railguns/'.$identifier.'/zones');
    }

    /**
     * Enable or disable a Railgun (permission needed: #organization:edit)
     * Enable or disable a Railgun for all zones connected to it
     *
     * @param string    $organization_identifier Organization identifier tag
     * @param string    $identifier              API item identifier tag
     * @param bool|null $enabled                 Flag to determine if the Railgun is accepting connections
     */
    public function enabled($organization_identifier, $identifier, $enabled = null)
    {
        $data = [
            'enabled' => $enabled,
        ];

        return $this->patch('/organizations/'.$organization_identifier.'/railguns/'.$identifier, $data);
    }

    /**
     * Delete Railgun (permission needed: #organization:edit)
     * Disable and delete a Railgun. This will immediately disable the Railgun for any connected zones
     *
     * @param string $organization_identifier Organization identifier tag
     * @param string $identifier              API item identifier tag
     */
    public function delete_railgun($organization_identifier, $identifier)
    {
        return $this->delete('/organizations/'.$organization_identifier.'/railguns/'.$identifier);
    }
}


1			<?php
2
3			namespace Cloudflare\Organizations;
4
5			use Cloudflare\Api;
6
7			/**
8			* CloudFlare API wrapper
9			*
10			* Organization Railgun
11			* CloudFlare Railgun for Organizations
12			*
13			* @author James Bell <[email protected]>
14			*
15			* @version 1
16			*/
17			class Railguns extends Api
18			{
19			/**
20			* Create Railgun (permission needed: #organization:edit)
21			*
22			* @param string $organization_identifier Organization identifier tag
23			* @param string $name Readable identifier of the railgun
24			*/
25			public function create($organization_identifier, $name)
26			{
27			$data = [
28			'name' => $name,
29			];
30
31			return $this->post('/organizations/'.$organization_identifier.'/railguns', $data);
32			}
33
34			/**
35			* List Railguns (permission needed: #organization:read)
36			* List, search, sort and filter your Railguns
37			*
38			* @param string $organization_identifier Organization identifier tag
39			* @param int\|null $page Page number of paginated results
40			* @param int\|null $per_page Number of items per page
41			* @param string\|null $direction Direction to order Railguns (asc, desc)
42			*/
43			public function railguns($organization_identifier, $page = null, $per_page = null, $direction = null)
			0 ignored issues – show Duplication introduced 2017-08-02 11:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history... Coding Style Best Practice introduced 2017-08-02 11:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this Please use `__construct()` instead of a PHP4-style constructor that is named after the class. Loading history...
44			{
45			$data = [
46			'page' => $page,
47			'per_page' => $per_page,
48			'direction' => $direction,
49			];
50
51			return $this->get('/organizations/'.$organization_identifier.'/railguns', $data);
52			}
53
54			/**
55			* Railgun details (permission needed: #organization:read)
56			*
57			* @param string $organization_identifier Organization identifier tag
58			* @param string $identifier API item identifier tag
59			*/
60			public function details($organization_identifier, $identifier)
61			{
62			return $this->get('/organizations/'.$organization_identifier.'/railguns/'.$identifier);
63			}
64
65			/**
66			* Get zones connected to a Railgun (permission needed: #organization:read)
67			* The zones that are currently using this Railgun
68			*
69			* @param string $organization_identifier Organization identifier tag
70			* @param string $identifier API item identifier tag
71			*/
72			public function zones($organization_identifier, $identifier)
73			{
74			return $this->get('/organizations/'.$organization_identifier.'/railguns/'.$identifier.'/zones');
75			}
76
77			/**
78			* Enable or disable a Railgun (permission needed: #organization:edit)
79			* Enable or disable a Railgun for all zones connected to it
80			*
81			* @param string $organization_identifier Organization identifier tag
82			* @param string $identifier API item identifier tag
83			* @param bool\|null $enabled Flag to determine if the Railgun is accepting connections
84			*/
85			public function enabled($organization_identifier, $identifier, $enabled = null)
86			{
87			$data = [
88			'enabled' => $enabled,
89			];
90
91			return $this->patch('/organizations/'.$organization_identifier.'/railguns/'.$identifier, $data);
92			}
93
94			/**
95			* Delete Railgun (permission needed: #organization:edit)
96			* Disable and delete a Railgun. This will immediately disable the Railgun for any connected zones
97			*
98			* @param string $organization_identifier Organization identifier tag
99			* @param string $identifier API item identifier tag
100			*/
101			public function delete_railgun($organization_identifier, $identifier)
102			{
103			return $this->delete('/organizations/'.$organization_identifier.'/railguns/'.$identifier);
104			}
105			}
106

GitHub Access Token became invalid

Issues (86)

Security Analysis no request data

src/CloudFlare/Organizations/Railguns.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

jamesryanbell / cloudflare

GitHub Access Token became invalid

Issues (86)

Security Analysis no request data

src/CloudFlare/Organizations/Railguns.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like