Issues in Zone.php (master) - Issues in master - jamesryanbell/cloudflare - Measure and Improve Code Quality continuously with Scrutinizer

Issues (86)

Security Analysis no request data

Cross-Site Scripting

Cross-Site Scripting enables an attacker to inject code into the response of a web-request that is viewed by other users. It can for example be used to bypass access controls, or even to take over other users' accounts.

File Exposure

File Exposure allows an attacker to gain access to local files that he should not be able to access. These files can for example include database credentials, or other configuration files.

File Manipulation

File Manipulation enables an attacker to write custom data to files. This potentially leads to injection of arbitrary code on the server.

Object Injection

Object Injection enables an attacker to inject an object into PHP code, and can lead to arbitrary code execution, file exposure, or file manipulation attacks.

Code Injection

Code Injection enables an attacker to execute arbitrary code on the server.

Response Splitting

Response Splitting can be used to send arbitrary responses.

File Inclusion

File Inclusion enables an attacker to inject custom files into PHP's file loading mechanism, either explicitly passed to include, or for example via PHP's auto-loading mechanism.

Command Injection

Command Injection enables an attacker to inject a shell command that is execute with the privileges of the web-server. This can be used to expose sensitive data, or gain access of your server.

SQL Injection

SQL Injection enables an attacker to execute arbitrary SQL code on your database server gaining access to user data, or manipulating user data.

XPath Injection

XPath Injection enables an attacker to modify the parts of XML document that are read. If that XML document is for example used for authentication, this can lead to further vulnerabilities similar to SQL Injection.

LDAP Injection

LDAP Injection enables an attacker to inject LDAP statements potentially granting permission to run unauthorized queries, or modify content inside the LDAP tree.

Header Injection

Other Vulnerability

This category comprises other attack vectors such as manipulating the PHP runtime, loading custom extensions, freezing the runtime, or similar.

Regex Injection

Regex Injection enables an attacker to execute arbitrary code in your PHP process.

XML Injection

XML Injection enables an attacker to read files on your local filesystem including configuration files, or can be abused to freeze your web-server process.

Variable Injection

Variable Injection enables an attacker to overwrite program variables with custom data, and can lead to further vulnerabilities.

Unfortunately, the security analysis is currently not available for your project. If you are a non-commercial open-source project, please contact support to gain access.

src/CloudFlare/Zone.php (2 issues)

Labels

Severity

Upgrade to new PHP Analysis Engine

These results are based on our legacy PHP analysis, consider migrating to our new PHP analysis engine instead. Learn more

<?php

namespace Cloudflare;

/**
 * CloudFlare API wrapper
 *
 * Zone
 * A Zone is a domain name along with its subdomains and other identities
 *
 * @author James Bell <[email protected]>
 *
 * @version 1
 */
class Zone extends Api
{
    /**
     * Create a zone (permission needed: #zone:edit)
     *
     * @param string    $name         The domain name
     * @param bool|null $jump_start   Automatically attempt to fetch existing DNS records
     * @param int|null  $organization To create a zone owned by an organization, specify the organization parameter. Organization objects can be found in the User or User's Organizations endpoints. You must pass at least the ID of the organization.
     */
    public function create($name, $jump_start = null, $organization = null)
    {
        $data = [
            'name'         => $name,
            'jump_start'   => $jump_start,
            'organization' => $organization,
        ];

        return $this->post('zones', $data);
    }

    /**
     * Initiate another zone activation check (permission needed: #zone:edit)
     *
     * @param string $identifier API item identifier tag
     */
    public function activation_check($identifier)
    {
        return $this->put('zones/'.$identifier.'/activation_check');
    }

    /**
     * List zones (permission needed: #zone:read)
     * List, search, sort, and filter your zones
     *
     * @param string|null $name      A domain name
     * @param string|null $status    Status of the zone (active, pending, initializing, moved, deleted)
     * @param int|null    $page      Page number of paginated results
     * @param int|null    $per_page  Number of zones per page
     * @param string|null $order     Field to order zones by (name, status, email)
     * @param string|null $direction Direction to order zones (asc, desc)
     * @param string|null $match     Whether to match all search requirements or at least one (any) (any, all)
     */
    public function zones($name = null, $status = null, $page = null, $per_page = null, $order = null, $direction = null, $match = null)

    {
        $data = [
            'name'      => $name,
            'status'    => $status,
            'page'      => $page,
            'per_page'  => $per_page,
            'order'     => $order,
            'direction' => $direction,
            'match'     => $match,
        ];

        return $this->get('zones', $data);
    }

    /**
     * Zone details (permission needed: #zone:read)
     *
     * @param string $zone_identifier API item identifier tag
     */
    public function zone($zone_identifier)

    {
        return $this->get('zones/'.$zone_identifier);
    }

    /**
     * Edit Vanity Name Servers (permission needed: #zone:edit)
     *
     * @param string $zone_identifier     API item identifier tag
     * @param array  $vanity_name_servers An array of domains used for custom name servers. This is only available for Business
     *                                    and Enterprise plans.
     */
    public function edit_vanity_name_servers($zone_identifier, $vanity_name_servers)
    {
        $data = [
            'vanity_name_servers' => $vanity_name_servers,
        ];

        return $this->patch('zones/'.$zone_identifier, $data);
    }

    /**
     * Edit the desired plan for the zone (permission needed: #zone:edit)
     *
     * @param string $zone_identifier API item identifier tag
     * @param object $plan            The desired plan for the zone. Changing this value will create/cancel associated
     *                                subscriptions. To view available plans for this zone, see Zone Plans
     */
    public function edit_plan($zone_identifier, $plan)
    {
        $data = [
            'plan' => $plan,
        ];

        return $this->patch('zones/'.$zone_identifier, $data);
    }

    /**
     * Pause all CloudFlare features (permission needed: #zone:edit)
     * This will pause all features and settings for the zone. DNS will still resolve
     *
     * @param string $zone_identifier API item identifier tag
     */
    public function pause($zone_identifier)
    {
        $data = [
            'paused' => true,
        ];

        return $this->patch('zones/'.$zone_identifier, $data);
    }

    /**
     * Re-enable all CloudFlare features (permission needed: #zone:edit)
     * This will restore all features and settings for the zone
     *
     * @param string $zone_identifier API item identifier tag
     */
    public function unpause($zone_identifier)
    {
        $data = [
            'paused' => false,
        ];

        return $this->patch('zones/'.$zone_identifier, $data);
    }

    /**
     * Delete a zone (permission needed: #zone:edit)
     *
     * @param string $zone_identifier API item identifier tag
     */
    public function delete_zone($zone_identifier)
    {
        return $this->delete('zones/'.$zone_identifier);
    }
}


1			<?php
2
3			namespace Cloudflare;
4
5			/**
6			* CloudFlare API wrapper
7			*
8			* Zone
9			* A Zone is a domain name along with its subdomains and other identities
10			*
11			* @author James Bell <[email protected]>
12			*
13			* @version 1
14			*/
15			class Zone extends Api
16			{
17			/**
18			* Create a zone (permission needed: #zone:edit)
19			*
20			* @param string $name The domain name
21			* @param bool\|null $jump_start Automatically attempt to fetch existing DNS records
22			* @param int\|null $organization To create a zone owned by an organization, specify the organization parameter. Organization objects can be found in the User or User's Organizations endpoints. You must pass at least the ID of the organization.
23			*/
24			public function create($name, $jump_start = null, $organization = null)
25			{
26			$data = [
27			'name' => $name,
28			'jump_start' => $jump_start,
29			'organization' => $organization,
30			];
31
32			return $this->post('zones', $data);
33			}
34
35			/**
36			* Initiate another zone activation check (permission needed: #zone:edit)
37			*
38			* @param string $identifier API item identifier tag
39			*/
40			public function activation_check($identifier)
41			{
42			return $this->put('zones/'.$identifier.'/activation_check');
43			}
44
45			/**
46			* List zones (permission needed: #zone:read)
47			* List, search, sort, and filter your zones
48			*
49			* @param string\|null $name A domain name
50			* @param string\|null $status Status of the zone (active, pending, initializing, moved, deleted)
51			* @param int\|null $page Page number of paginated results
52			* @param int\|null $per_page Number of zones per page
53			* @param string\|null $order Field to order zones by (name, status, email)
54			* @param string\|null $direction Direction to order zones (asc, desc)
55			* @param string\|null $match Whether to match all search requirements or at least one (any) (any, all)
56			*/
57			public function zones($name = null, $status = null, $page = null, $per_page = null, $order = null, $direction = null, $match = null)
			0 ignored issues – show Duplication introduced 2016-07-20 08:16 UTC by Report Bug Copy Issue Report Show Similar Issues like this This method seems to be duplicated in your project. Duplicated code is one of the most pungent code smells. If you need to duplicate the same code in three or more different places, we strongly encourage you to look into extracting the code into a single class or operation. You can also find more detailed suggestions in the “Code” section of your repository. Loading history...
58			{
59			$data = [
60			'name' => $name,
61			'status' => $status,
62			'page' => $page,
63			'per_page' => $per_page,
64			'order' => $order,
65			'direction' => $direction,
66			'match' => $match,
67			];
68
69			return $this->get('zones', $data);
70			}
71
72			/**
73			* Zone details (permission needed: #zone:read)
74			*
75			* @param string $zone_identifier API item identifier tag
76			*/
77			public function zone($zone_identifier)
			0 ignored issues – show Coding Style Best Practice introduced 2017-08-02 11:27 UTC by Report Bug Copy Issue Report Show Similar Issues like this Please use `__construct()` instead of a PHP4-style constructor that is named after the class. Loading history...
78			{
79			return $this->get('zones/'.$zone_identifier);
80			}
81
82			/**
83			* Edit Vanity Name Servers (permission needed: #zone:edit)
84			*
85			* @param string $zone_identifier API item identifier tag
86			* @param array $vanity_name_servers An array of domains used for custom name servers. This is only available for Business
87			* and Enterprise plans.
88			*/
89			public function edit_vanity_name_servers($zone_identifier, $vanity_name_servers)
90			{
91			$data = [
92			'vanity_name_servers' => $vanity_name_servers,
93			];
94
95			return $this->patch('zones/'.$zone_identifier, $data);
96			}
97
98			/**
99			* Edit the desired plan for the zone (permission needed: #zone:edit)
100			*
101			* @param string $zone_identifier API item identifier tag
102			* @param object $plan The desired plan for the zone. Changing this value will create/cancel associated
103			* subscriptions. To view available plans for this zone, see Zone Plans
104			*/
105			public function edit_plan($zone_identifier, $plan)
106			{
107			$data = [
108			'plan' => $plan,
109			];
110
111			return $this->patch('zones/'.$zone_identifier, $data);
112			}
113
114			/**
115			* Pause all CloudFlare features (permission needed: #zone:edit)
116			* This will pause all features and settings for the zone. DNS will still resolve
117			*
118			* @param string $zone_identifier API item identifier tag
119			*/
120			public function pause($zone_identifier)
121			{
122			$data = [
123			'paused' => true,
124			];
125
126			return $this->patch('zones/'.$zone_identifier, $data);
127			}
128
129			/**
130			* Re-enable all CloudFlare features (permission needed: #zone:edit)
131			* This will restore all features and settings for the zone
132			*
133			* @param string $zone_identifier API item identifier tag
134			*/
135			public function unpause($zone_identifier)
136			{
137			$data = [
138			'paused' => false,
139			];
140
141			return $this->patch('zones/'.$zone_identifier, $data);
142			}
143
144			/**
145			* Delete a zone (permission needed: #zone:edit)
146			*
147			* @param string $zone_identifier API item identifier tag
148			*/
149			public function delete_zone($zone_identifier)
150			{
151			return $this->delete('zones/'.$zone_identifier);
152			}
153			}
154

GitHub Access Token became invalid

Issues (86)

Security Analysis no request data

src/CloudFlare/Zone.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

jamesryanbell / cloudflare

GitHub Access Token became invalid

Issues (86)

Security Analysis no request data

src/CloudFlare/Zone.php (2 issues)

Labels

Severity

Introduced By

Upgrade to new PHP Analysis Engine

Duplication Side-by-Side

Filter issues like